Guest

Cisco Content Services Gateway

Release Notes for Cisco Content Services Gateway - 2nd Generation Release 4.0 Cisco IOS Release 12.4(24)MD7

  • Viewing Options

  • PDF (603.3 KB)
  • Feedback
Release Notes for Cisco Content Services Gateway - 2nd Generation Release 4.0 Cisco IOS Release 12.4(24)MD7

Table Of Contents

Release Notes for Cisco
Content Services Gateway -
2nd Generation Release 4.0
Cisco IOS Release 12.4(24)MD7

Introduction

Features

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD7

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD6

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD5

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD4

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD3

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD2

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD1

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD

System Requirements

Memory Requirements

Hardware Supported

Software Requirements

Determining the Software Version

Prerequisites and Restrictions

Caveats for Cisco IOS Release 12.4(24)MD7

CSG2 Software for Cisco IOS Release 12.4(24)MD7 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD7 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD7 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD7 - Closed Caveats

Cisco Product Security Incident Response Team (PSIRT) - Closed Caveats

Caveats for Cisco IOS Release 12.4(24)MD6

CSG2 Software for Cisco IOS Release 12.4(24)MD6 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD6 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD6 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD6 - Closed Caveats

Caveats for Cisco IOS Release 12.4(24)MD5

CSG2 Software for Cisco IOS Release 12.4(24)MD5 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD5 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD5 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD5 - Closed Caveats

Cisco Product Security Incident Response Team (PSIRT) - Closed Caveats

Caveats for Cisco IOS Release 12.4(24)MD4

CSG2 Software for Cisco IOS Release 12.4(24)MD4 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD4 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD4 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD4 - Closed Caveats

Cisco Product Security Incident Response Team (PSIRT) - Closed Caveats

Caveats for Cisco IOS Release 12.4(24)MD3

CSG2 Software for Cisco IOS Release 12.4(24)MD3 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD3 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD3 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD3 - Closed Caveats

Caveats for Cisco IOS Release 12.4(24)MD2

CSG2 Software for Cisco IOS Release 12.4(24)MD2 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD2 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD2 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD2 - Closed Caveats

Cisco Product Security Incident Response Team (PSIRT) - Closed Caveats

Caveats for Cisco IOS Release 12.4(24)MD1

CSG2 Software for Cisco IOS Release 12.4(24)MD1 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD1 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD1 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD1 - Closed Caveats

Cisco Product Security Incident Response Team (PSIRT) - Closed Caveats

Caveats for Cisco IOS Release 12.4(24)MD

CSG2 Software for Cisco IOS Release 12.4(24)MD - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD - Closed Caveats

Documentation and Technical Assistance

Related Documentation

CSG2 Documentation

Release-Specific Documents

Platform-Specific Documents

Cisco IOS Software Documentation Set

Obtaining Documentation and Submitting a Service Request


Release Notes for Cisco
Content Services Gateway -
2nd Generation Release 4.0
Cisco IOS Release 12.4(24)MD7


First Published: September 29, 2011
Last Updated: April 8, 2013
Current Release: Cisco IOS Release 12.4(24)MD7
OL-19293-01

This publication describes the requirements, dependencies, and caveats for the Cisco Content Services Gateway - 2nd Generation, more commonly known as the Content Services Gateway 2 or CSG2. These release notes are updated for every maintenance release.

Use these release notes with the Cross-Platform Release Notes for Cisco IOS Release 12.4, located on Cisco.com.

Caveats

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only select severity 3 caveats are included in the caveats document.

All caveats in Cisco IOS Release 12.4 and Cisco IOS Release 12.4 T are also in Cisco IOS Release 12.4(24)MD7.

For a list of the software caveats that affect the CSG2 or Cisco SAMI software for Cisco IOS Release 12.4(24)MD7, see the "Caveats for Cisco IOS Release 12.4(24)MD7" section.

For information on caveats in Cisco IOS Release 12.4, see Caveats for Cisco IOS Release 12.4, located on Cisco.com.

For information on caveats in Cisco IOS Release 12.4 T, see Caveats for Cisco IOS Release 12.4T, located on Cisco.com and the Documentation CD-ROM.

Using the Bug Navigator II

If you have an account with Cisco.com, you can use Bug Navigator II to find the most current list of caveats of any severity for any software release. To reach Bug Navigator II, log in to Cisco.com and click Software Center: Cisco IOS Software: Cisco Bugtool Navigator II.

This publication includes the following information:

Introduction

Features

System Requirements

Prerequisites and Restrictions

Caveats for Cisco IOS Release 12.4(24)MD7

CSG2 Software for Cisco IOS Release 12.4(24)MD7 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD7 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD7 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD7 - Closed Caveats

Cisco Product Security Incident Response Team (PSIRT) - Closed Caveats

Caveats for Cisco IOS Release 12.4(24)MD6

CSG2 Software for Cisco IOS Release 12.4(24)MD6 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD6 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD6 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD6 - Closed Caveats

Caveats for Cisco IOS Release 12.4(24)MD5

CSG2 Software for Cisco IOS Release 12.4(24)MD5 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD5 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD5 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD5 - Closed Caveats

Cisco Product Security Incident Response Team (PSIRT) - Closed Caveats

Caveats for Cisco IOS Release 12.4(24)MD4

CSG2 Software for Cisco IOS Release 12.4(24)MD4 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD4 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD4 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD4 - Closed Caveats

Cisco Product Security Incident Response Team (PSIRT) - Closed Caveats

Caveats for Cisco IOS Release 12.4(24)MD3

CSG2 Software for Cisco IOS Release 12.4(24)MD3 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD3 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD3 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD3 - Closed Caveats

Caveats for Cisco IOS Release 12.4(24)MD2

CSG2 Software for Cisco IOS Release 12.4(24)MD2 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD2 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD2 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD2 - Closed Caveats

Cisco Product Security Incident Response Team (PSIRT) - Closed Caveats

Caveats for Cisco IOS Release 12.4(24)MD1

CSG2 Software for Cisco IOS Release 12.4(24)MD1 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD1 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD1 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD1 - Closed Caveats

Cisco Product Security Incident Response Team (PSIRT) - Closed Caveats

Caveats for Cisco IOS Release 12.4(24)MD

CSG2 Software for Cisco IOS Release 12.4(24)MD - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD - Closed Caveats

Documentation and Technical Assistance

Introduction

The CSG2 is an application that runs on the Cisco Service and Application Module for IP (SAMI), a high-speed processing module. The CSG2 provides content-aware billing, service control, traffic analysis, and data mining in a highly scalable, fault-tolerant package. The CSG2 provides the software required by mobile wireless operating companies and other billing, applications, and service customers.

The CSG2 runs on the Cisco SAMI, a new-generation high performance service module for the Cisco 7600 series router platforms. The CSG2 is typically located at the edge of a network in an Internet service provider (ISP) point of presence (POP), or Regional Data Center.

Features

This section lists the CSG2 features and the CSG2 release in which the feature was introduced. For full descriptions of all of these features, see the Cisco Content Services Gateway - 2nd Generation Release 4 Installation and Configuration Guide.

To see the software part numbers associated with each CSG2 release; the Supervisor hardware required by each CSG2 release; the minimum Cisco IOS release required for new features in each CSG2 release; and the minimum IOS level supported by each CSG2 release, see the "Software Requirements" section.

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD7

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD6

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD5

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD4

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD3

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD2

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD1

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD7

The CSG2 Release 4 software for Cisco IOS Release 12.4(24)MD7 supports the entire feature set listed in the "CSG2 Features Supported for Cisco IOS Release 12.4(24)MD6" section.

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD6

The CSG2 Release 4 software for Cisco IOS Release 12.4(24)MD6 supports the entire feature set listed in the "CSG2 Features Supported for Cisco IOS Release 12.4(24)MD5" section.

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD5

The CSG2 Release 4 software for Cisco IOS Release 12.4(24)MD5 supports the entire feature set listed in the "CSG2 Features Supported for Cisco IOS Release 12.4(24)MD4" section.

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD4

The CSG2 Release 4 software for Cisco IOS Release 12.4(24)MD4 supports the entire feature set listed in the "CSG2 Features Supported for Cisco IOS Release 12.4(24)MD3" section.

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD3

The CSG2 Release 4 software for Cisco IOS Release 12.4(24)MD3 supports the entire feature set listed in the "CSG2 Features Supported for Cisco IOS Release 12.4(24)MD2" section.

In addition, the CSG2 software for Cisco IOS Release 12.4(24)MD3 supports the following new feature:

Enhanced CCA Failure Reporting

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD2

The CSG2 Release 4 software for Cisco IOS Release 12.4(24)MD2 supports the entire feature set listed in the "CSG2 Features Supported for Cisco IOS Release 12.4(24)MD1" section.

In addition, the CSG2 software for Cisco IOS Release 12.4(24)MD2 supports the following new features:

Configurable REGEX Memory

Configurable URL Map Normalization

Reuse of Idle RADIUS Proxy Ports

RTSP Teardown Reply Delay

Support for Preloaded Headers and Header Groups for Header Insertion

User Session Continuation After PCRF Timeout

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD1

The CSG2 Release 4 software for Cisco IOS Release 12.4(24)MD1 supports the entire feature set listed in the "CSG2 Features Supported for Cisco IOS Release 12.4(24)MD" section.

In addition, the CSG2 software for Cisco IOS Release 12.4(24)MD1 supports the following new features:

CISCO-CONTENT-SERVICES-MIB (updated)

Display of User Table Entry Creation Time

Support for the Cisco eGGSN for Cisco GGSN Release 10.0 and the Single IP Feature

Support for Preloaded Domain Groups and QoS Profiles

Wireless TCP (WTCP) Support for HTTP Header Insertion

CSG2 Features Supported for Cisco IOS Release 12.4(24)MD

The CSG2 Release 4 software for Cisco IOS Release 12.4(24)MD supports the entire feature set for the CSG2 Release 3.5 software for Cisco IOS Release 12.4(22)MDA1.

In addition, the CSG2 software for Cisco IOS Release 12.4(24)MD supports the following new features:

Activity-Based Time Billing

Billing Plan User Counts

Content Access Control

Dynamic Redirection

Support for eG-CDRs with the Cisco GGSN Release 9.2

Final Unit Indication with Redirect

Header Insertion

Wireless TCP for header insertion is not supported.

Layer 7 Domain Name System (DNS) Inspection

MIB Support for CISCO-ISCSI-MIB

MIB support for new features is not included in this image.

The CISCO-CONTENT-SERVICES_MIB is not updated for this release of the CSG2.

Per-Subscriber Volume and Time Thresholds

Support for up to 1024 RADIUS Proxies

Support for up to 2048 RADIUS Endpoints

Support for up to 32,768 Service Rules

User Logoff Notifications

System Requirements

This section describes the following memory and software requirements for CSG2:

Memory Requirements

Hardware Supported

Software Requirements

Determining the Software Version

For hardware requirements, such as power supply and environmental requirements, as well as hardware installation instructions, see the Service and Application Module for IP User Guide.

Memory Requirements

The CSG2 memory is not configurable.

The Cisco SAMI is available with a default 1 GB memory or an optional 2-GB memory.

Hardware Supported

Use of the CSG2 requires one of the following Cisco 7600 Series Routers and Supervisor Engines, and a module with ports to connect server and client networks:

Cisco 7600 Series Supervisor Engine 720 with a Multilayer Switch Feature Card 3 (WS-SUP720) running Cisco IOS Release 12.4(33)SRB1 or later

Cisco 7600 Series Supervisor Engine 720 with a Multilayer Switch Feature Card 3 and Policy Feature Card 3B (WS-SUP720-3B) running Cisco IOS Release 12.4(33)SRB1 or later

Cisco 7600 Series Supervisor Engine 720 with a Multilayer Switch Feature Card 3 and Policy Feature Card 3BXL (WS-SUP720-3BXL) running Cisco IOS Release 12.2(33)SRB1 or later

Cisco 7600 Series Supervisor Engine 32 with a Multilayer Switch Feature Card (WS-SUP32-GE-3B) running Cisco IOS Release 12.2(33)SRC or later and LCP ROMMON Version 12.2[121] or later on the Cisco SAMI

Cisco 7600 Series Supervisor Engine 32 with a Multilayer Switch Feature Card and 10 Gigabit Ethernet Uplinks (WS-SUP32-10GE-3B) running Cisco IOS Release 12.4(33)SRC or later and LCP ROMMON Version 12.2[121] or later on the Cisco SAMI

Cisco 7600 Series Route Switch Processor 720 with Distributed Forwarding Card 3C (RSP720-3C-GE) running Cisco IOS Release 12.4(33)SRC or later

Cisco 7600 Series Route Switch Processor 720 with Distributed Forwarding Card 3CXL (RSP720-3CXL-GE) running Cisco IOS Release 12.2(33)SRC or later

Software Requirements

When referring to this section, keep the following considerations in mind:

Do not use the Supervisor Hardware Supported column to infer supervisor hardware support. Consult the Cisco IOS Upgrade Planner to determine which IOS releases support the desired supervisor hardware.

Each feature set is limited to those features that can be configured at the Minimum Cisco IOS Level Supported.

The following table lists the CSG2 and Cisco SAMI module part numbers and associated information for each CSG2 release:

CSG2 Release
CSG2 and Cisco SAMI Module Part Numbers
Supervisor Hardware Supported
Supervisor Software Minimum Cisco IOS Release Required for New Features
Supervisor Software Minimum Cisco IOS Level Supported

12.4(24)MD7
12.4(24)MD6
12.4(24)MD5
12.4(24)MD4
12.4(24)MD3
12.4(24)MD2
12.4(24)MD1
12.4(24)MD

Cisco SAMI Module Part Numbers:

WS-SVC-SAMI-BB-K9
WS-SVC-SAMI-BB-K9=
MEM-SAMI-6P-2GB

CSG2 Software License Part Numbers:

SSAC40K9-12424MD
SSAC40K9-12424MD=

CSG2 Software Subscriber License Part Numbers:

FL-SC-10K-SUB
FL-SC-100K-SUB

CSG2 Software Upgrade License Part Numbers:

FL-SC-R35R4-K9-UP

CSG2 Software and Cisco SAMI Module Bundle Part Numbers:

SAMI-CSG2-R2AS-K9=

WS-SUP720
WS-SUP720-3B
WS-SUP720-3BXL

12.2(33)SRB1

12.2(33)SRB1

WS-SUP32-GE-3B
WS-SUP32-10GE-3B

12.2(33)SRC

12.2(33)SRC

RSP720-3C-GE
RSP720-3CXL-GE

12.2(33)SRC

12.2(33)SRC


Determining the Software Version

To determine the version of Cisco IOS software that is currently running on your Cisco network device, log in to the CSG2 or Supervisor Engine and enter the show version EXEC command.

To show CSG2 versions, log in to the Supervisor Engine and enter the show module command in privileged EXEC mode.

To provide meaningful problem determination information, log in to the CSG2 or Supervisor Engine and enter the show tech-support command in privileged EXEC mode.

Prerequisites and Restrictions

For the latest prerequisites and restrictions for the CSG2, see the "Overview" chapter of the Cisco Content Services Gateway - 2nd Generation Release 4 Installation and Configuration Guide.

Caveats for Cisco IOS Release 12.4(24)MD7

This section lists and describes all caveats, both Open and Closed, that affect the CSG2 or Cisco SAMI software for Cisco IOS Release 12.4(24)MD7.

CSG2 Software for Cisco IOS Release 12.4(24)MD7 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD7 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD7 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD7 - Closed Caveats

Cisco Product Security Incident Response Team (PSIRT) - Closed Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD7 - Open Caveats

The following list identifies Open caveats in the CSG2 software for Cisco IOS Release 12.4(24)MD7:

CSCty02688—CSG2: Improper session synchronization during upgrade

When performing an in-service upgrade and synchronizing sessions from the active CSG2 Release 4, or any earlier release, to the standby CSG2 Release 5, or any later release, the synchronization might not complete correctly. The standby CSG2 is synchronized with an unexpectedly huge number of IP bytes uploaded and downloaded for all sessions. When the standby CSG2 becomes active, it reports this huge number of uploaded and downloaded IP bytes to the BMA, causing all sessions to be overcharged.

Workaround: Do not perform an in-service upgrade from CSG2 Release 4, or any earlier release, to CSG2 Release 5, or any later release.

CSG2 Software for Cisco IOS Release 12.4(24)MD7 - Closed Caveats

The following list identifies Closed caveats in the CSG2 software for Cisco IOS Release 12.4(24)MD7:

CSCts47723—CSG2 sends wrong usage count in CCR-F when CCA-U timeout or failure occur

If a CCA-U timeout/failure occurs on the CSG2, the CSG2 might send the wrong usage count in the CCR-F. The CSG2 continues to count the usage even after the CCA-U timeout/failure occurs.

CSCtt08817—RTSP protocol statistics report a 0 value

When control-url is configured for a content, the output for the show ip csg stats protocol command displays 0 for the RTSP protocol.

CSCtu31661—New CLI to stop counting if CCR-U failed

The CSG2 stops counting usage if the CCR-U fails. This CDETS introduces the ip csg ccr-u-fail stop-count command, which enables the CSG2 to continue to count usage in the event of a CCR-U failure.

CSCtu53660—CSG2- Diameter error- Dia Transport: TCP port unavailable

In the Gx interface, the TCP port to the PCRF server might become unavailable.

The TCP connection on the Gx interface between the CSG2 and the PCRF is not coming up. The issue is encountered after the PCRF connection goes down and comes up multiple times. This causes the local port leak to accumulate, and the local port becomes unavailable to establish the TCP connection.

CSCtw68505—User's billing is unknown

Some subscribers associated with a secondary PDP are not assigned a billing plan, because the 3GPP charging ID (as part of the RADIUS attributes) is missing in the user's Profile Request that is sent to the quota server.

CSCtx04022—CSG2 not assigning policy when SSH over port 80

If the CSG2 is configured to parse the HTTP protocol in a content, and a prepaid user sends non-HTTP data that matches the content (for example, SSH over port 80), the CSG2 passes the traffic without sending a Segmentation and Reassembly (SAR) to the quota server.

CSCty49899—Standby PCEF sends Create Session Request to PCRF after reload

When a user is deleted on the active CSG2, the standby CSG2 also sends a CCR-F. That causes the "pcrf failure" counter to increment, as the Diameter connection is not established on the standby CSG2.

CSCub27714—User sessions stuck in CSG2 cause delayed Service Stop to go in sticky User Table

The CSG2 might send a Service Stop message to the quota server that was not associated with the user. This can occur even if Quota Server Reassignment is disabled.

For this problem to occur, all of the following conditions must be met:

A prepaid user must exist in the system.

The quota must expire and 0 quota must be received in the Service Reauth Response.

The reauthorization delay must be around 1200 seconds.

The CSG2 must block the traffic and clear some of the sessions.

The CSG2 must receive a RADIUS Accounting Stop message for the user (user logout) before the content idle timer expires.

A few established sessions must get stuck in the CSG2 and not cleared after the RADIUS Accounting Stop message.

The CSG2 must send out the Service Stop after the sessions are cleared by the content idle timer.

This results in the creation of a sticky user while sending the Service Stop, as the affinity is already cleared. While creating the sticky user, the CSG2 might assign a different quota server and forward the service stop to that quota server.

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD7 - Open Caveats

There are no Open caveats in the Cisco SAMI software that impact the CSG2 software for Cisco IOS Release 12.4(24)MD7.

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD7 - Closed Caveats

There are no Closed caveats in the Cisco SAMI software that impact the CSG2 software for Cisco IOS Release 12.4(24)MD7.

Cisco Product Security Incident Response Team (PSIRT) - Closed Caveats

The following list identifies Cisco PSIRT closed caveats that impact Cisco IOS Release 12.4(24)MD7:

CSCtg47129

The Cisco IOS Software implementation of the virtual routing and forwarding (VRF) aware network address translation (NAT) feature contains a vulnerability when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-nat

Note: The March 27, 2013, Cisco IOS Software Security Advisory bundled publication includes seven Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2013 bundled publication.

Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar13.html

CSCtn76183

The Cisco IOS Software Network Address Translation (NAT) feature contains two denial of service (DoS) vulnerabilities in the translation of IP packets.

The vulnerabilities are caused when packets in transit on the vulnerable device require translation.

Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-nat

Caveats for Cisco IOS Release 12.4(24)MD6

This section lists and describes all caveats, both Open and Closed, that affect the CSG2 or Cisco SAMI software for Cisco IOS Release 12.4(24)MD6.

CSG2 Software for Cisco IOS Release 12.4(24)MD6 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD6 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD6 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD6 - Closed Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD6 - Open Caveats

The following list identifies Open caveats in the CSG2 software for Cisco IOS Release 12.4(24)MD6:

CSCts47723—CSG2 sends wrong usage count in CCR-F when CCA-U timeout or failure occur

If a CCA-U timeout/failure occurs on the CSG2, the CSG2 might send the wrong usage count in the CCR-F. The CSG2 continues to count the usage even after the CCA-U timeout/failure occurs.

Workaround: None.

CSCty02688—CSG2: Improper session synchronization during upgrade

When performing an in-service upgrade and synchronizing sessions from the active CSG2 Release 4, or any earlier release, to the standby CSG2 Release 5, or any later release, the synchronization might not complete correctly. The standby CSG2 is synchronized with an unexpectedly huge number of IP bytes uploaded and downloaded for all sessions. When the standby CSG2 becomes active, it reports this huge number of uploaded and downloaded IP bytes to the BMA, causing all sessions to be overcharged.

Workaround: Do not perform an in-service upgrade from CSG2 Release 4, or any earlier release, to CSG2 Release 5, or any later release.

CSG2 Software for Cisco IOS Release 12.4(24)MD6 - Closed Caveats

The following list identifies Closed caveats in the CSG2 software for Cisco IOS Release 12.4(24)MD6:

CSCtn80399—The CSG2 must include the default bearer's accounting session id in the PoD

The CSG is sending the dedicated bearer session ID in Packet of Disconnect (PoD) requests to clear users instead of the default bearer ID.

CSCtq60404—The CSG2 reloads when creating and deleting Gx users with traffic

The CSG2 might reload when creating and deleting tens of thousands of Gx users with traffic. The CSG2 must be under heavy load, creating and deleting 100,000 to 180,000 users and processing 10 sessions per user.

CSCtq60705—The CSG2 fails to parse egcdr_correlator_id correctly in RADIUS messages

When eG-CDRs are configured for use between the eGGSN/PGW and the CSG2, the eGGSN/PGW might reject GTP messages from the CSG2, with the following message:

%CSG-3-GTP_REJECT: GTP received

CSCtq83846—Possible leak due to an out-of-order mid-flow SYN with the ACK bit set

The CSG2 might experience a memory leak due to an out-of-order mid-flow SYN with the ACK bit set. To detect the leak, examine the Pct Used value in the Application column in the CSG Buffer Management Stats section of the output of the show ip csg stats command.

CSCtq94337—eGGSN- Packets are stuck in the quota server queue

In an eGGSN configuration, packets might become stuck in the quota server queue.

CSCtr08631—The CSG2 is reporting negative usage to the BMA after a failover

After a failover, the Service Usage reported as quadrans in an intermediate or final BMA CDR is less than that reported in a prior intermediate CDR.

For this problem to occur, all of the following conditions must be met:

Intermediate CDRs must be configured for type OTHER or NBAR.

A CSG2 failover must have occurred after an intermediate CDR has been generated for one or more long-lived Layer 4 sessions.

CSCtr69315—The CSG2 is delaying CCRs

The CSG2 might not send a CCR to the PCRF immediately after receiving accounting messages from the PGW. Therefore the CCR timeout occurs before the CCA is received, even though the CCA is received immediately. The retransmit CCR is sent to the next PCRF in the configuration. The CCA received for the retransmit CCR has 5012 - error in CCA Result code AVP.

A burst of 20 to 40 CCRs is sent to the PCRF, then no messages for almost two minutes.

CSCtr88344—RAR received before CCA-I is dropped; further RARs after CCA-I handled

When the PCRF places the CCA-I and the RAR in the same packet, the RAR message and all subsequent RAR messages are ignored. Since no RAA is returned for the first RAR, all subsequent RARs are also rejected.

CSCts13678—Charging ID missing in Service Stop message when Gx enabled

When a subscriber is Gx-enabled, and the user is deleted, the CSG2 sends a Service Stop message to the quota server, but the CSG2 does not include the RADIUS attribute Charging ID in the message.

CSCts08568—Ability to tweak the TCP MSS for indirectly connected network

If the Diameter TCP peer is on a different subnet than the CSG2 diameter peer, the TCP MSS cannot be tuned for the indirectly connected network for the Diameter application. This occurs for either a Gx or a Gy implementation on the CSG2. By default, a value of 536 bytes is chosen for the TCP MSS, and the ip tcp mss 1460 global configuration command does not increase the MTU to 1460.

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD6 - Open Caveats

The following list identifies Open caveats in the Cisco SAMI software that impact the CSG2 software for Cisco IOS Release 12.4(24)MD6.

CSCtk35711—CSG2 takes 5 minutes to detect iSCSI failure due to network outage

The CSG2 might take up to five minutes to detect an iSCSI failure resulting from a network outage.

For this problem to occur, all of the following conditions must be met:

The session timeout must be set to 50 seconds or greater.

The interface that the CSG2 uses to communicate with the iSCSI target must be down.

Workaround: Enter the following commands to enable the CSG2 to detect the failure after the session times out.

ip tcp mss 1460
ip tcp path-mtu-discovery

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD6 - Closed Caveats

The following list identifies the Closed caveats in the Cisco SAMI software that impact the CSG2 software for Cisco IOS Release 12.4(24)MD6:

CSCsj81608—The show cdp command fails

The show cdp entry * command output is empty.

CSCsy84312—Not able to write the core file in the redundant Cisco SAMI during the process watchdog timeout

In a redundant implementation, the Cisco SAMI application is not able to write to the core file when forced to crash with the process watchdog timeout option.

CSCtk12410—Crash in a standby processor causes an RF-induced self-reload of active

When two Cisco SAMIs are configured as an active and standby pair, any unexpected reload of one of the processors in the standby SAMI can cause the active SAMI to reload because of an RF-induced self-reload.

This condition can occur if the HSRP priority of the standby SAMI is greater than the priority of the active SAMI, either because of explicit configuration or based on the IP address of the active and standby SAMIs.

CSCtq39561— HSRP/RF running while writing debuginfo causes delayed switchover

A delayed switchover can occur in an active-standby pair of Cisco SAMIs. That is, when the active SAMI goes down, the standby SAMI might not become active for several minutes.

CSCtr32221—Decrease time-interval of PPC to IXP health-monitoring messages

In an active-standby Cisco SAMI pair, if the standby SAMI has a higher HSRP priority than the active SAMI, the active SAMI might reload when the IXP on the standby SAMI fails.

Caveats for Cisco IOS Release 12.4(24)MD5

This section lists and describes all caveats, both Open and Closed, that affect the CSG2 or Cisco SAMI software for Cisco IOS Release 12.4(24)MD5.

CSG2 Software for Cisco IOS Release 12.4(24)MD5 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD5 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD5 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD5 - Closed Caveats

Cisco Product Security Incident Response Team (PSIRT) - Closed Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD5 - Open Caveats

The following list identifies Open caveats in the CSG2 software for Cisco IOS Release 12.4(24)MD5:

CSCtn80399—The CSG2 must include the default bearer's accounting session id in the PoD

The CSG is sending the dedicated bearer session ID in Packet of Disconnect (PoD) requests to clear users instead of the default bearer ID.

Workaround: None.

CSCtq60705—The CSG2 fails to parse egcdr_correlator_id correctly in RADIUS messages

When eG-CDRs are configured for use between the eGGSN/PGW and the CSG2, the eGGSN/PGW might reject GTP messages from the CSG2, with the following message:

%CSG-3-GTP_REJECT: GTP received

Workaround: None.

CSG2 Software for Cisco IOS Release 12.4(24)MD5 - Closed Caveats

The following list identifies Closed caveats in the CSG2 software for Cisco IOS Release 12.4(24)MD5:

CSCtb17999—Tracebacks on DPR from server, client closes TCP before sending DPA

When the PCRF (Policy and Charging Rules Function) sends a Diameter DPR (Disconnect Peer Request) followed by a TCP FIN to the CSG2 that is acting as the PCEF (Policy Charging Enforcement Function), the CSG2 first sends a TCP FIN-ACK and then tries to send a Diameter DPA (Disconnect Peer Answer) back to the PCRF. However, the DPA is not delivered because the TCP connection has been closed, and tracebacks are seen on the CSG2/PCEF. The CSG2/PCEF should instead send the DPA message first and then follow up the TCP connection termination by sending the FIN-ACK.

CSCtn15950—Configuration rollback fails while taking a content out-of-service

Rolling back the CSG2 configuration might fail while taking a content out-of-service.

CSCtn62963—Support HTTPS URL redirection

Modify the CSG2 to support HTTPS URL redirection.

CSCtn86043—QoS parameters to QCI mapping is incorrect for REL99 QoS

The mapping of Quality of Service (QoS) parameters to QoS Class Identifier (QCI) is incorrect for Release 99 QoS.

CSCtq46748—Standby CSG2 might reload when processing an HA update message

The standby CSG2 might reload.

For this problem to occur, all of the following conditions must be met:

The CSG2 must be operating as a standby device in a high availability (HA) configuration.

Many RADIUS attributes (10 or so) must be configured for reporting in the Packet of Disconnect (PoD).

The system must be under stress, such as would occur when processing a bulk HA state update soon after bootup.

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD5 - Open Caveats

The following list identifies Open caveats in the Cisco SAMI software that impact the CSG2 software for Cisco IOS Release 12.4(24)MD5.

CSCsj81608—The show cdp command fails

The show cdp entry * command output is empty.

Workaround: None.

CSCtk35711—CSG2 takes 5 minutes to detect iSCSI failure due to network outage

The CSG2 might take up to five minutes to detect an iSCSI failure resulting from a network outage.

For this problem to occur, all of the following conditions must be met:

The session timeout must be set to 50 seconds or greater.

The interface that the CSG2 uses to communicate with the iSCSI target must be down.

Workaround: Enter the following commands to enable the CSG2 to detect the failure after the session times out.

ip tcp mss 1460
ip tcp path-mtu-discovery

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD5 - Closed Caveats

The following list identifies the Closed caveats in the Cisco SAMI software that impact the CSG2 software for Cisco IOS Release 12.4(24)MD5:

CSCsr37333—Run SysMgr with eFence to detect memory errors

Sometimes the SysMgr process crashes without any reason. The crash occurs due to memory corruptions that are generated during the boot. Those corruptions might not appear for a period of time, until the process hits the corrupted area and then fails. The fix eliminated the memory corruptions that occurred during the boot.

CSCtc60025—Implement heartbeat mechanism between LCP and PPCs

When any of the Cisco SAMI daughter cards has a sudden hardware failure during run time, such as a reset circuitry failure, the control processor fails to detect the failure and assumes that the system is UP. The Supervisor Engine continues to show the Cisco SAMI status as OK. The standby unit remains unaware of the active failure, and fails to switch over until the keepalive timeout occurs. This results in total outage for minutes until the standby takes over.

The hardware/software watchdogs also fail to act under these conditions.

CSCtd17963—Unexpected exception while debuginfo collected due to IXP Health-Monitoring failure leading to crash

During a Health-Monitoring failure in the Cisco SAMI, each processor writes more than one debuginfo file. Some of the debuginfo files are incomplete and there will be crashinfo written in the name of debuginfo.

CSCtl90606—Traffic is passed to and from the GGSN SAMI even if the SVCLCs have been removed

Traffic leaks between the Cisco SAMI and the Supervisor Engine even if the service line cards (SVCLCs) have been removed.

CSCtn95286—SAMI: Summit registers workaround for FRU power failure

At high traffic loads, the Cisco SAMI might reload as a result of a failure of power convertor 0x5.

%OIR-SP-6-PWRFAILURE: Module 2 is being disabled due to power convertor failure 0x5
%C6KPWR-SP-4-DISABLED: power to module in slot 2 set off (FRU-power failed)

CSCto72922—SAMI IXP not dropping packets larger than maximum supported packet size

Packets larger than 3072 bytes, which is the maximum supported packet size for the Cisco SAMI, are being forwarded to the Cisco SAMI PowerPCs (PPCs), resulting in the following error message:

%ETSEC-1-ERROR_INT_CAUSE IEVENT_BABR

Cisco Product Security Incident Response Team (PSIRT) - Closed Caveats

The following list identifies Cisco PSIRT closed caveats that impact Cisco IOS Release 12.4(24)MD5:

CSCtj41194

Cisco IOS Software contains a vulnerability in the IP version 6 (IPv6) protocol stack implementation that could allow an unauthenticated, remote attacker to cause a reload of an affected device that has IPv6 enabled. The vulnerability may be triggered when the device processes a malformed IPv6 packet.

Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipv6.shtml.

Caveats for Cisco IOS Release 12.4(24)MD4

This section lists and describes all caveats, both Open and Closed, that affect the CSG2 or Cisco SAMI software for Cisco IOS Release 12.4(24)MD4.

CSG2 Software for Cisco IOS Release 12.4(24)MD4 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD4 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD4 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD4 - Closed Caveats

Cisco Product Security Incident Response Team (PSIRT) - Closed Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD4 - Open Caveats

There are no Open caveats in the CSG2 software for Cisco IOS Release 12.4(24)MD4.

CSG2 Software for Cisco IOS Release 12.4(24)MD4 - Closed Caveats

The following list identifies Closed caveats in the CSG2 software for Cisco IOS Release 12.4(24)MD4:

CSCtl48268—CSG2: Diameter protocol error can cause memory corruption and crash

The CSG2 might crash as a result of a memory corruption or accessing an invalid address. The logs from the crashinfo show that the PCRF sent Diameter protocol errors.

CSCtl59093—CSG2 R5 crash during content inservice

When activating a content using the inservice command, the CSG2 might generate CPUHOG and CPUYIELD error messages.

For this problem to occur, all of the following conditions must be met:

A large number of match patterns must be configured.

A large number of the match patterns must be double-wildcard match patterns.

The CSG2 regular expression (regex) memory must be configured at or near the maximum setting.

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD4 - Open Caveats

The following list identifies Open caveats in the Cisco SAMI software that impact the CSG2 software for Cisco IOS Release 12.4(24)MD4.

CSCsj81608—The show cdp command fails

The show cdp entry * command output is empty.

Workaround: None.

CSCtk35711—CSG2 takes 5 minutes to detect iSCSI failure due to network outage

The CSG2 might take up to five minutes to detect an iSCSI failure resulting from a network outage.

For this problem to occur, all of the following conditions must be met:

The session timeout must be set to 50 seconds or greater.

The interface that the CSG2 uses to communicate with the iSCSI target must be down.

Workaround: Enter the following commands to enable the CSG2 to detect the failure after the session times out.

ip tcp mss 1460
ip tcp path-mtu-discovery

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD4 - Closed Caveats

The following list identifies the Closed caveats in the Cisco SAMI software that impact the CSG2 software for Cisco IOS Release 12.4(24)MD4:

CSCtj86047—Unable to disassociate iSCSI profile from the CSG2

The iSCSI configuration on the CSG2 cannot be modified. The following error is logged:

%Cannot modify in use target profile, first dissociate profile TEST from application

CSCtk98031—Target name not included in iSCSI login message

After modifying the iSCSI configuration, the iSCSI login fails.

The Cisco SAMI debug shows the following error message:

iSCSI ERROR: login error status class 2, status details 7

The server log shows the following error message:

Initiator did not specify target name in LOGIN request

Cisco Product Security Incident Response Team (PSIRT) - Closed Caveats

The following list identifies Cisco PSIRT closed caveats that impact Cisco IOS Release 12.4(24)MD4:

CSCtd10712

The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols:

NetMeeting Directory (Lightweight Directory Access Protocol, LDAP)

Session Initiation Protocol (Multiple vulnerabilities)

H.323 protocol

All the vulnerabilities described in this document are caused by packets in transit on the affected devices when those packets require application layer translation.

Cisco has released free software updates that address these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml.

Caveats for Cisco IOS Release 12.4(24)MD3

This section lists and describes all caveats, both Open and Closed, that affect the CSG2 or Cisco SAMI software for Cisco IOS Release 12.4(24)MD3.

CSG2 Software for Cisco IOS Release 12.4(24)MD3 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD3 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD3 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD3 - Closed Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD3 - Open Caveats

There are no Open caveats in the CSG2 software for Cisco IOS Release 12.4(24)MD3.

CSG2 Software for Cisco IOS Release 12.4(24)MD3 - Closed Caveats

The following list identifies Closed caveats in the CSG2 software for Cisco IOS Release 12.4(24)MD3:

CSCsh25384—CP crash in csg_gtp_queue_and_send when running simple_redund

If a failover occurs and the no ip csg bma or no ip csg quota-server command is issued, the CSG2 might crash.

CSCti07167—SIP Invite method with map attributes matches wrong policy

A SIP Invite method with attribute maps always matches the default policy instead of the expected policy.

CSCti18302—CSG2 software forced reload after configuring no ip csg bma activate

The CSG2 software forced a reload after a configuration change.

For this problem to occur, all of the following conditions must be met:

The active BMA queues must be full with 20,000 elements waiting to be acknowledged.

The no ip csg bma activate 4 command must be configured.

The ip csg bma activate 4 sticky 60 must be configured.

CSCti35812—Reload triggered when parsing POP3 packet

When the CSG2 is performing Layer 7 parsing of POP3 or SMTP e-mail traffic, and an e-mail packet is received with a crafted malformed, header, a watchdog might trigger a reload of the CSG2.

CSCtj04285—Slow clearing of the quota server queues in the CSG2

During high traffic conditions the CSG2 clears the quota server queue too slowly.

CSCtj09087—CSG2: Cannot preload a content that conflicts with CLI content

If the CSG2 tries to preload a content definition with IP filter parameters that match a content that has already been configured with CLI, the CSG2 does not allow the preloaded content to be brought inservice. The following message is displayed:

SAMI 9/3: CSG-3-PRELOAD ERR: Cannot bring content IP_ANY_PRELOAD inservice, it duplicates content IP_ANY_CLI

CSCtj19341—CSG2: Crash in free_all_lists

Under high Gx user load, the CSG2 might crash.

CSCtj25636—CCR-I resent to the backup before the original CCR-I is sent

When Diameter does not receive a response to a Diameter request from the PCRF within the configured timeout interval, the primary Diameter peer sends a CCR-I shortly after the backup has sent out the same CCR-I with the retransmit flag set.

CSCtj73069—CSG2: Usage statistics are not replicated to redundant side during failover

The session usage statistics are not replicated to the standby CSG2.

CSCtj84347—CSG2: Relative URL matching fails due to bad host name in recomposed URL

If an HTTP.request-method: spans multiple TCP segments, with the host HTTP header field in the first TCP segment, relative URL matching might fail.

CSCtj98606—CSG2 R5: Preloaded Service-Rating-Group not applied on CSG2 services

A preloaded service rating plan (AVP 131162) from the PCRF might not install correctly on CSG2 services.

CSCtj99945—CSG2: Improper quota server load balancing

The assignment of user entries to quota servers for load-balancing might be askew. For example, if 100 user entries were created with two active quota servers configured, the expected behavior is that each quota server would be assigned about 50 user entries. However, the number of user entries assigned to each quota server might actually be asymmetric and inconsistent.

CSCtk13449—Simultaneous crashes on active/standby at dllobj_lite_add

A simultaneous reset might occur of two CSG2s operating in redundant mode.

CSCtk13992—CSG2 out of IDs: %IDMGR-3-INVALID_ID: bad id in id_get (Out of IDs!)

In an eGGSN deployment with Gx-enabled users, the CSG2 might stop processing certain requests, such as Gx (Diameter requests), causing subscriber outages. The CSG2 might also fail to log in remotely over SSH, generating the following message:

SAMI 4/3: %IDMGR-3-INVALID_ID: bad id in id_get (Out of IDs!) (id: 0x0)

CSCtk36462—Severe memory leak due to SNMP SMALL CHUNK - k_ccsProtocolStatsEntry_get

A severe memory leak might occur on the CSG2 when SNMP polling the following OIDs:

CISCO-CONTENT-SERVICES-MIB

ccsProtocolStatsEntry - 1.3.6.1.4.1.9.9.597.1.2.6.1
ccsBillingPlanStatsEntry - 1.3.6.1.4.1.9.9.597.1.2.7.1

CISCO-MOBILE-POLICY-CHARGING-CONTROL-MIB

cmpccPCRFMethodListStatsTableEntry - 1.3.6.1.4.1.9.9.690.1.2.2.1
cmpccProfileConfigTableEntry - 1.3.6.1.4.1.9.9.690.1.1.1.1

CSCtk62797—CSG2: HA update flag for Gx being set incorrectly

While updating packet filters in Gx, the HA update flag is being set incorrectly after the check to send HA update.

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD3 - Open Caveats

The following list identifies Open caveats in the Cisco SAMI software that impact the CSG2 software for Cisco IOS Release 12.4(24)MD3.

CSCtk35711—CSG2 takes 5 minutes to detect iSCSI failure due to network outage

The CSG2 might take up to five minutes to detect an iSCSI failure resulting from a network outage.

For this problem to occur, all of the following conditions must be met:

The session timeout must be set to 50 seconds or greater.

The interface that the CSG2 uses to communicate with the iSCSI target must be down.

Workaround: Enter the following commands to enable the CSG2 to detect the failure after the session times out.

ip tcp mss 1460
ip tcp path-mtu-discovery

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD3 - Closed Caveats

The following list identifies the Closed caveats in the Cisco SAMI software that impact the CSG2 software for Cisco IOS Release 12.4(24)MD3:

CSCtf55436—iSCSI session to EMC not reestablished after interface comes up

When an iSCSI connection with EMC on the GGSN drops due to a session timeout, and the user tries to log in again, the iSCSI session might not be reestablished.

CSCtf71296—iSCSI state is set incorrectly after session timeout

The iSCSI state in the show ip iscsi session command output displays as "Free" when the connection to the iSCSI target is brought down asynchronously.

CSCti10016—Huge amount of disk size loss after format

When formatting a disk that is 32 GB or larger, the show command displays only 4 GB free on the device.

Caveats for Cisco IOS Release 12.4(24)MD2

This section lists and describes all caveats, both Open and Closed, that affect the CSG2 or Cisco SAMI software for Cisco IOS Release 12.4(24)MD2.

CSG2 Software for Cisco IOS Release 12.4(24)MD2 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD2 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD2 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD2 - Closed Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD2 - Open Caveats

The following list identifies Open caveats in the CSG2 software for Cisco IOS Release 12.4(24)MD2:

CSCti07167—SIP Invite method with map attributes matches wrong policy

A SIP Invite method with attribute maps always matches the default policy instead of the expected policy.

Workaround: None.

CSCti18302—CSG2 software forced reload after configuring no ip csg bma activate

The CSG2 software forced a reload after a configuration change.

For this problem to occur, all of the following conditions must be met:

The active BMA queues must be full with 20,000 elements waiting to be acknowledged.

The no ip csg bma activate 4 command must be configured.

The ip csg bma activate 4 sticky 60 must be configured.

Workaround: Wait for the BMA queues to drain prior to making configuration changes, or make the changes during a maintenance window.

CSG2 Software for Cisco IOS Release 12.4(24)MD2 - Closed Caveats

The following list identifies Closed caveats in the CSG2 software for Cisco IOS Release 12.4(24)MD2:

CSCtf33305—CSG2: 150 Cisco-Flow-Description AVPs in a Gx rule freeze the card

When many Cisco-Flow-Description AVPs or Flow-Description AVPs are embedded within one Gx charging rule, the CSG2 might be unable to install the complete rule, the CSG2 console might become unresponsive, and the CSG2 CP CPU utilization might approach 100%.

CSCtg33015—Memory leak on standby CSG2 processors 4-8

A memory leak is observed on the standby CSG2 in a redundant CSG2 pair. The leak is seen only on processors 4-8 of the standby CSG2.

Comparing simultaneous show tech commands from the active and standby CSG2s, the show fastblk output of the show tech command on processors 4 through 8 of the standby CSG2 show a significantly higher memory consumption than the active CSG2. The memory consumption of the standby CSG2 also increases steadily over time.

The exact circumstances that cause this memory leak are unknown, but it is likely related to per-user or per-service QoS.

CSCtg68095—Match attribute a & m for SIP INVITE messages is not working

The match attribute m command for a SIP INVITE message does not work.

CSCtg70982—The secret RADIUS key specified with the ip csg radius endpoint command changes after each write memory operation

The secret RADIUS key for the endpoint that is displayed in the show run output changes as write memory operations are performed.

CSCtg90246—The PoD IP address is not assigned if the sticky user was created before the gateway sends the RADIUS Accounting Start message

If a user is created as a sticky user before the gateway sends the RADIUS Accounting Start message, the CSG2 fails to send the PoD or CoA for the user.

CSCtg98342—The CSG2 freezes for a few seconds after RADIUS Accounting ON/OFF messages

When RADIUS Accounting Off and RADIUS Accounting On messages are sent from the GGSN to the CSG2, the CSG2 freezes for several seconds.

CSCth06554—R5: CSG2 RADIUS attribute leaks memory which results in crash

The CSG2 Traffic Processors (TPs) might leak processor memory that belongs to fastblocks earmarked for the storage RADIUS attributes.

For this problem to occur, all of the following conditions must be met:

RADIUS attributes must be configured under a user class using the ip csg user class command.

A RADIUS Accounting Start message must be received for a subscriber.

Some or all of the RADIUS attributes in the message must match those configured under a user class.

A subsequent RADIUS Accounting Start or RAIDIUS Accounting Interim message must be received for the same subscriber.

The list of matching RADIUS attributes in the new message, and the value of each matching attribute, must be identical to those received in the first RADIUS Accounting Start message.

CSCth07062—R5: DATACORRUPTION after going from standby to active

With two CSG2 running replication, the following data corruption might be seen:

AMI 2/3: May 29 16:38:42.634: %DATACORRUPTION-1-DATAINCONSISTENCY: Attempt to memcpy 201 bytes should have been 64 bytes, -PC= 0x4415E7F8z, -Traceback= 0x446AA270z 0x453B3C64z 0x4415E7F8z 0x4416A0A0z 0x4416BCECz 0x44071F68z 0x4407295Cz 0x4407350Cz 0x443481ACz 0x443483B8z 0x44234ED4z 0x442375A4z 0x4547E26Cz 0x44207160z 0x44207160z 0x4547E328z

CSCth09467—CSG2: The Accounting session ID is not used for RADIUS correlation

The accounting session ID is not used for RADIUS correlation to stop the user. The output of the show user command does not show the user's Correlator attribute. The CP leaks fastblk memory allocated for the RADIUS Correlator attribute.

For this problem to occur, all of the following conditions must be met:

The ip csg radius correlation command must be configured.

The RADIUS Accounting Start message must have Cisco VSA subattributes, but not "user_session_correlator=", so that the Acct-Session-Id (RADIUS attribute 44) is used for correlation.

CSCth13275—CSG2 is printing content out of service in progress although inservice

When a CSG2 content is inservice with a large number of sessions, and the inservice command is entered again, the CSG2 incorrectly displays the following message:

SAMI 1/3: 000113: Jun 3 00:33:02: %CSG-4-CFG_ERROR:
% Cannot bring content INT-IC-HTTP1 inservice, content out of service in progress -Process= "CSG BGCFG", ipl= 1, pid= 156

CSCth21954—PCRF sending 30 rules per user causes crash

When using eGGSN and large numbers of Gx/RADIUS attributes, the CSG2 can crash when sending the CoA.

CSCth23631—FTP CDR Error: NewLine char in UserName, FileString and FTPCommand TLVs

The CDRs for Layer 7 FTP parsing include a NewLine character (0d 0a) after UserName, FileString, and FTPCommand TLVs.

CSCth43275—CSG2 R5 Gx Preload: Service not updated when billing basis is changed

When attempting to update an existing preloaded service with a change to basis seconds connect, the service might fail to preload.

CSCth45928—CSG2 R5 Gx Preload: CSG2 clears before disabling global mining

If you send a Preload AVP configured with clear DNS table and mining disabled, and mining is currently enabled on the CSG2, the Preload command fails.

CSCth56243—Traceback when showing user with many flow descriptions in rules

In a CSG2 Gx environment in which there are more than 20 flow descriptions as part of a single Gx rule, the show ip csg users detail command might show a traceback and truncate the output.

CSCth61006—CSG2: %IPC-0-CFG_DOWNLOAD_ERROR seen upon reboot

After a reload, the CSG2 might log an IPC-0-CFG_DOWNLOAD_ERROR message, and the CSG2 might block user traffic. This problem can occur if more than 16 ip csg user profile or ip csg select commands are configured.

CSCti06218—Spurious memory access when sending fixed-format CDR

When the ip csg records format fixed command is configured to send fixed-format CDRs, a spurious memory access error might occur.

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD2 - Open Caveats

There are no Open caveats in the Cisco SAMI software that impact the CSG2 software for Cisco IOS Release 12.4(24)MD2.

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD2 - Closed Caveats

The following list identifies the Closed caveats in the Cisco SAMI software that impact the CSG2 software for Cisco IOS Release 12.4(24)MD2:

CSCtg50821—Crashed in crashdump

When the CSG2 crashes, the crash information file might be empty, or it might contain files with little or no content.

Cisco Product Security Incident Response Team (PSIRT) - Closed Caveats

The following list identifies Cisco PSIRT closed caveats that impact Cisco IOS Release 12.4(24)MD2:

CSCta20040

Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled.

Cisco has released free software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtml.

Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier:

http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml

Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html

Cisco Unified Communications Manager (CUCM) is affected by the vulnerabilities described in this advisory. The following Cisco Security Advisory has been published to disclose the vulnerabilities that affect the Cisco Unified Communications Manager at the following location:

http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml

CSCtc73759

The H.323 implementation in Cisco IOS Software contains two vulnerabilities that may be exploited remotely to cause a denial of service (DoS) condition on a device that is running a vulnerable version of Cisco IOS Software.

Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities other than disabling H.323 on the vulnerable device.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-h323.shtml.

Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier:

http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml

Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html

CSCte14603

A vulnerability in the Internet Group Management Protocol (IGMP) version 3 implementation of Cisco IOS Software and Cisco IOS XE Software allows a remote unauthenticated attacker to cause a reload of an affected device. Repeated attempts to exploit this vulnerability could result in a sustained denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-igmp.shtml.

Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier:

http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml

Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html

CSCtf17624

The Cisco IOS Software Network Address Translation functionality contains three denial of service (DoS) vulnerabilities. The first vulnerability is in the translation of Session Initiation Protocol (SIP) packets, the second vulnerability in the translation of H.323 packets and the third vulnerability is in the translation of H.225.0 call signaling for H.323 packets.

Cisco has released free software updates that address these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml.

Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier:

http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml

Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html

CSCtf91428

The Cisco IOS Software Network Address Translation functionality contains three denial of service (DoS) vulnerabilities. The first vulnerability is in the translation of Session Initiation Protocol (SIP) packets, the second vulnerability in the translation of H.323 packets and the third vulnerability is in the translation of H.225.0 call signaling for H.323 packets.

Cisco has released free software updates that address these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml.

Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier:

http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml

Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html

CSCth17178

A service policy bypass vulnerability exists in the Cisco Content Services Gateway—Second Generation (CSG2) which runs on the Cisco Service Application Module for IP (SAMI). This vulnerability could allow in certain configurations:

Customers to access sites that would normally match a billing policy to be accessed without being charged to the end customer.

Customers to access sites that would normally be denied based on configured restriction policies.

Additionally Cisco IOS Software Release 12.4(24)MD1 on the CSG2 contains two vulnerabilities that can be exploited remotely, via an unauthenticated attacker resulting in a denial of service of traffic through the CSG2. Both these vulnerabilities require only a single content service to be active on the CSG2 and are exploited via crafted TCP packets. A three way hand-shake is not required to exploit either of these vulnerabilities.

No workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110126-csg2.shtml

CSCth41891

A service policy bypass vulnerability exists in the Cisco Content Services Gateway—Second Generation (CSG2) which runs on the Cisco Service Application Module for IP (SAMI). This vulnerability could allow in certain configurations:

Customers to access sites that would normally match a billing policy to be accessed without being charged to the end customer.

Customers to access sites that would normally be denied based on configured restriction policies.

Additionally Cisco IOS Software Release 12.4(24)MD1 on the CSG2 contains two vulnerabilities that can be exploited remotely, via an unauthenticated attacker resulting in a denial of service of traffic through the CSG2. Both these vulnerabilities require only a single content service to be active on the CSG2 and are exploited via crafted TCP packets. A three way hand-shake is not required to exploit either of these vulnerabilities.

No workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110126-csg2.shtml

CSCtk35917

A service policy bypass vulnerability exists in the Cisco Content Services Gateway—Second Generation (CSG2) which runs on the Cisco Service Application Module for IP (SAMI). This vulnerability could allow in certain configurations:

Customers to access sites that would normally match a billing policy to be accessed without being charged to the end customer.

Customers to access sites that would normally be denied based on configured restriction policies.

Additionally Cisco IOS Software Release 12.4(24)MD1 on the CSG2 contains two vulnerabilities that can be exploited remotely, via an unauthenticated attacker resulting in a denial of service of traffic through the CSG2. Both these vulnerabilities require only a single content service to be active on the CSG2 and are exploited via crafted TCP packets. A three way hand-shake is not required to exploit either of these vulnerabilities.

No workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110126-csg2.shtml

Caveats for Cisco IOS Release 12.4(24)MD1

This section lists and describes all caveats, both Open and Closed, that affect the CSG2 or Cisco SAMI software for Cisco IOS Release 12.4(24)MD1.

CSG2 Software for Cisco IOS Release 12.4(24)MD1 - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD1 - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD1 - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD1 - Closed Caveats

Cisco Product Security Incident Response Team (PSIRT) - Closed Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD1 - Open Caveats

There are no Open caveats in the CSG2 software for Cisco IOS Release 12.4(24)MD1.

CSG2 Software for Cisco IOS Release 12.4(24)MD1 - Closed Caveats

The following list identifies Closed caveats in the CSG2 software for Cisco IOS Release 12.4(24)MD1:

CSCte17561—CSG2 R4: L7 DNS not flagging certain sessions as being "unparseable"

If a DNS transaction contains a packet with a DNS payload that exceeds the maximum parse length, the CSG2 might reset the session, causing the transaction to fail.

CSCte79276—CSG2 CCR-I prepaid-request-number not zero

The CSG2 occasionally sends a CCR-I message with a CC-Request-Number AVP that is not set to zero. Some PCRF implementation expect a zero value; those PCRFs reject or ignore the non-zero CCR-I from the CSG2, resulting in a subscriber connection failure.

CSCte81938—Spurious accesses

One or more spurious accesses might be seen on the CSG2 TPs. The following error messages are generated:

SAMI 7/5: %ALIGN-3-SPURIOUS: Spurious memory access made at 0x4512C1C8 reading 0x3C
SAMI 7/5: %ALIGN-3-TRACE: -Traceback= 0x4512C1C8 0x4512DC4C 0x4512F540 0x450E5700 0x450E60BC 0x44514F04 0x44515110 0x44F95098

For this problem to occur, the following conditions must all be true:

There must be one or more HTTP sessions parsed at layer 7 (that is, sessions that match a CSG2 content configured with parse protocol http.

The CSG2 must be configured as part of a High Availability (HA) redundancy pair.

An HA switchover must occur, causing the standby CSG2 to become the active CSG2.

The HTTP sessions must survive the switchover. That is, the first packet for the session must arrive well before the switchover, and the last packet for the session must arrive well after the switchover.

The data for the HTTP sessions must arrive as IP fragments on the new active CSG2.

CSCte97026—RADIUS AVPs of some subscribers missing from CDRs

If a subscriber is created and replicated from an active CSG2 R3.0 to a standby CSG2 R3.5, the RADIUS AVPs for that subscriber might not be included in its CDRs.

CSCtf00838—The aaa group server diameter command causes the configuration to not propagate to TPs

If you add the aaa group server diameter command to an existing large CSG2 configuration, the configuration might not propagate to the TPs after a reboot.

CSCtf11077—CSG2 crashing after snmpwalk -v2c -c private ip 1.3.6.1.4.1.9 command

If the snmpwalk -v2c -c private ip 1.3.6.1.4.1.9 command is executed on the CISCO-IF-EXTENSION-MIB, or on tables in the MIB, the CSG32 might crash with the following debug log:

11:05:19 UTC Fri Feb 19 2010: Unexpected exception to CPU: vector 1400, PC = 0x45414000, LR = 0x441AFD80
-Traceback= 0x45414000z 0x441AFD80z 0x441B04A0z 0x4542E428z 0x4485CACCz 0x4542F348z 0x44879E14z 0x44879FA0z 0x44F50DE8z 0x44F5630Cz 0x44F44444z 0x44F73454z 0x452B13A4z 0x452B4A84z

CSCtf31387—SNMP query resulting in tracebacks

While performing SNMP queries, the following tracebacks might be logged:

AMI 8/3: Feb 26 22:07:22.299: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
SAMI 8/3: Feb 26 22:37:57.415: %ALIGN-3-SPURIOUS: Spurious memory access made at 0x440E6450z reading 0x0
SAMI 8/3: Feb 26 22:37:57.415: %ALIGN-3-TRACE: -Traceback= 0x440E6450z 0x4418DEE0z 0x4418E4ACz 0x44F50E98z 0x44F563BCz 0x44F444F4z 0x44F73504z 0x452B1464z
SAMI 8/3: Feb 26 22:37:57.415: %ALIGN-3-TRACE: -Traceback= 0x440E77ECz 0x4418DEF8z 0x4418E4ACz 0x44F50E98z 0x44F563BCz 0x44F444F4z 0x44F73504z 0x452B1464z

CSCtf36840—Buffer overrun during attribute parsing of SIP packet

The CSG2 might crash when parsing SIP headers longer than 256 characters.

CSCtf51779—CSG2 fails to bring content in service due to REGEX error

The CSG2 might fail to bring a content in service due to the following REGEX error:

REGEX: regexp length <n>, bigger than allowed maximum length 128

CSCtf55741—The CSG2 might not return recently-granted quota in a quota return

After an upgrade to CSG2 Release 3.5, the CSG2 might use more quota than is allowed.

CSCtg00838—CSG2 reload at rgx_is_epsilon

While parsing an HTTP header, the Cisco SAMI might reload.

CSCtg01115—L4Flow "NetworkInit" flag not set correctly in intermediate UDP stat CDR

For a network-initiated UDP flow that is part of an RTSP session, the L4Flow "Network Initiated" flag is set correctly in the final "UDP Stats" CDR, but not in any "Intermediate UDP Stats" CDRs. In the "Intermediate UDP Stats" CDR, the flag is always set to zero, even if the flow is network-initiated.

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD1 - Open Caveats

There are no Open caveats in the Cisco SAMI software that impact the CSG2 software for Cisco IOS Release 12.4(24)MD1.

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD1 - Closed Caveats

The following list identifies the Closed caveats in the Cisco SAMI software that impact the CSG2 software for Cisco IOS Release 12.4(24)MD1:

CSCsz42882—File systems not cleaned up when iSCSI link goes down

With iSCSI link flaps, stale file systems remain in the system. Once the stale file descriptors reach the maximum supported limit, new file systems cannot be created and the iSCSI link fails to come up.

CSCte71467—GGSN crashes when connecting to ISCSI target

When connecting to a Linux target, the iSCSI session fails to come up and the GGSN crashes.

CSCtf16844—An unexpected exception occurs at the iscsi_handle_write_event when unconfiguring iSCSI

When an iSCSI session is in the Failed state and you try to unconfigure the target, a fatal error might occur.

CSCtb83004—Input queue drops increment every 7-10 seconds on G0/0 with minimal traffic

When Layer 2 packets reach the home agents, the show interface GigabitEthernet 0/0 input queue drops increments with minimal traffic.

Cisco Product Security Incident Response Team (PSIRT) - Closed Caveats

The following list identifies Cisco PSIRT closed caveats that impact Cisco IOS Release 12.4(24)MD1:

CSCsy09250

Skinny Client Control Protocol (SCCP) crafted messages may cause a Cisco IOS device that is configured with the Network Address Translation (NAT) SCCP Fragmentation Support feature to reload.

Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-sccp.shtml.

CSCsz45567

A device running Cisco IOS Software, Cisco IOS XE Software, or Cisco IOS XR Software is vulnerable to a remote denial of service condition if it is configured for Multiprotocol Label Switching (MPLS) and has support for Label Distribution Protocol (LDP).

A crafted LDP UDP packet can cause an affected device running Cisco IOS Software or Cisco IOS XE Software to reload. On devices running affected versions of Cisco IOS XR Software, such packets can cause the device to restart the mpls_ldp process.

A system is vulnerable if configured with either LDP or Tag Distribution Protocol (TDP).

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available.

This advisory is posted at:

http://www.cisco.com/warp/public/707/cisco-sa-20100324-ldp.shtml

CSCsz48614

Devices running Cisco IOS Software and configured for Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) operation are affected by two denial of service vulnerabilities that may result in a device reload if successfully exploited. The vulnerabilities are triggered when the Cisco IOS device processes specific, malformed Skinny Call Control Protocol (SCCP) messages.

Cisco has released free software updates that address these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-cucme.shtml.

CSCsz48680

Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. Remote code execution may also be possible.

Cisco has released free software updates that address these vulnerabilities. For devices that must run SIP there are no workarounds; however, mitigations are available to limit exposure of the vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-sip.shtml.

CSCsz49741

Devices running Cisco IOS Software and configured for Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) operation are affected by two denial of service vulnerabilities that may result in a device reload if successfully exploited. The vulnerabilities are triggered when the Cisco IOS device processes specific, malformed Skinny Call Control Protocol (SCCP) messages.

Cisco has released free software updates that address these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-cucme.shtml.

CSCsz75186

Cisco IOS Software is affected by a denial of service vulnerability that may allow a remote unauthenticated attacker to cause an affected device to reload or hang. The vulnerability may be triggered by a TCP segment containing crafted TCP options that is received during the TCP session establishment phase. In addition to specific, crafted TCP options, the device must have a special configuration to be affected by this vulnerability.

Cisco has released free software updates that address this vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-tcp.shtml.

CSCsz89904

Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. Remote code execution may also be possible.

Cisco has released free software updates that address these vulnerabilities. For devices that must run SIP there are no workarounds; however, mitigations are available to limit exposure of the vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-sip.shtml.

CSCta19962

The H.323 implementation in Cisco IOS Software contains two vulnerabilities that may be exploited remotely to cause a denial of service (DoS) condition on a device that is running a vulnerable version of Cisco IOS Software.

Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities other than disabling H.323 on the vulnerable device if H.323 is not required.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-h323.shtml.

CSCtb93855

The H.323 implementation in Cisco IOS Software contains two vulnerabilities that may be exploited remotely to cause a denial of service (DoS) condition on a device that is running a vulnerable version of Cisco IOS Software.

Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities other than disabling H.323 on the vulnerable device if H.323 is not required.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-h323.shtml.

Caveats for Cisco IOS Release 12.4(24)MD

This section lists and describes all caveats, both Open and Closed, that affect the CSG2 or Cisco SAMI software for Cisco IOS Release 12.4(24)MD.

CSG2 Software for Cisco IOS Release 12.4(24)MD - Open Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD - Closed Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD - Open Caveats

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD - Closed Caveats

CSG2 Software for Cisco IOS Release 12.4(24)MD - Open Caveats

There are no Open caveats in the CSG2 software for Cisco IOS Release 12.4(24)MD.

CSG2 Software for Cisco IOS Release 12.4(24)MD - Closed Caveats

The following list identifies Closed caveats in the CSG2 software for Cisco IOS Release 12.4(24)MD:

CSCta44366—iSCSI connection not getting initiated from CSG2

If the CSG2 is rebooted and the configuration does not begin with any of the ip csg commands, then after the reboot the iSCSI connection from the CSG2 is not initiated, even if the ip csg iscsi profile command is configured.

CSCtb04085—CSG 2 traceback - Bad refcount

The CSG2 might generate the following error message when it tries to send an HTTP redirect packet:

%SYS-2-BADSHARE: Bad refcount <function name>

CSCtb70452—CSG2: Continue TLV correlator might not be unique

If the CSG2 generates a Continue CDR because the data does not fit in a single IP packet, and the correlator value in the Continue TLV is not unique for the CSG2, the BMA or quota server might associate data from the Continue CDR with an incorrect BMA or quota server record.

CSCtc76186—TCP sessions not closed to the server side

When two TCP peers close a session, RFC 793 provides that each peer must send its own FIN/ACK and then ACK the peer's FIN/ACK. However, the CSG2 closes the session before the final exchanges of ACKs:

Instead of forwarding the last ACK from the client to the server, the CSG2 sends an RST to the client.

Instead of forwarding the last ACK from the server to the client, the CSG2 discards it.

If that continues for a while, the server side might run out of sockets.

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD - Open Caveats

There are no Open caveats in the Cisco SAMI software that impact the CSG2 software for Cisco IOS Release 12.4(24)MD.

Cisco SAMI Software for Cisco IOS Release 12.4(24)MD - Closed Caveats

The following list identifies the Closed caveats in the Cisco SAMI software that impact the CSG2 software for Cisco IOS Release 12.4(24)MD:

CSCsj81608—The show cdp command fails

The show cdp entry * command output is empty.

Documentation and Technical Assistance

This section contains the following information:

Related Documentation

Obtaining Documentation and Submitting a Service Request

Related Documentation

Use these release notes with these documents:

CSG2 Documentation

Release-Specific Documents

Platform-Specific Documents

Cisco IOS Software Documentation Set

CSG2 Documentation

For more detailed installation and configuration information, see the following publication:

Cisco Content Services Gateway - 2nd Generation Release 4 Installation and Configuration Guide

Release-Specific Documents

The following documents are specific to Cisco IOS Release 12.4 and are located at Cisco.com:

Cisco IOS Release 12.4 Mainline Release Notes

Documentation > Cisco IOS Software > Cisco IOS Software Releases 12.4 Mainline > Release Notes

Cisco IOS Release 12.4 T Release Notes

Documentation > Cisco IOS Software > Cisco IOS Software Releases 12.4 T > Release Notes


Note If you have an account with Cisco.com, you can use Bug Navigator II to find caveats of any severity for any release. You can reach Bug Navigator II on Cisco.com at http://www.cisco.com/support/bugtools.


Product bulletins, field notices, and other release-specific documents on Cisco.com at:

Documentation > Cisco IOS Software > Cisco IOS Software Releases 12.4 Mainline

Platform-Specific Documents

These documents are available for the Cisco 7600 series router platform on Cisco.com and the Documentation CD-ROM:

Cisco Service and Application Module for IP User Guide

Diameter Credit Control Application feature guide

Cisco 7600 series routers documentation:

Cisco 7600 Series Cisco IOS Software Configuration Guide

Cisco 7600 Series Cisco IOS Command Reference

Release Notes for Cisco IOS Release 12.2SR for the Cisco 7600 Series Routers

Cisco IOS Software Documentation Set

The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents that are shipped with your order in electronic form on the Documentation CD-ROM, unless you specifically ordered the printed versions.

Documentation Modules

Each module in the Cisco IOS documentation set consists of two books: a configuration guide and a corresponding command reference guide. Chapters in a configuration guide describe protocols, configuration tasks, Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference guide list command syntax information. Use each configuration guide with its corresponding command reference. The Cisco IOS documentation modules are available on Cisco.com at:

Documentation > Cisco IOS Software > Cisco IOS Software Releases 12.4 Mainline > Command References

Documentation > Cisco IOS Software > Cisco IOS Software Releases 12.4 Mainline > Command References > Configuration Guides


Note To view a list of MIBs supported by Cisco, by product, go to: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml


Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.