Guest

Cisco IOS Software Releases 12.3 Special and Early Deployments

Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW

  • Viewing Options

  • PDF (399.0 KB)
  • Feedback
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW

Table Of Contents

Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW

Contents

Introduction

Multi-processor WAN Application Module

Service Selection Gateway

System Requirements

Hardware

Software

Memory

Determining the Software Version

Upgrading to a New Software Release

Features

Hardware Features

Software Features

Cisco IOS Feature Sets

Performance

External Interfaces

IP Address Management

Reliability/Availability

RADIUS Load Balancer

Firewall Load Balancer

System Modules

Configuration Options

Installation and Configuration Notes

Limitations, Restrictions, and Important Notes

Caveats

Caveats in Cisco IOS Release 12.3(1a)BW

Cisco MWAM Caveats for Cisco IOS Release 12.3(1a)BW

MIBs

Related Documentation

Release-Specific Documents

Platform-Specific Documents

Feature Modules

Cisco IOS Software Documentation Set

Documentation Modules

Release 12.3 Documentation Set

Obtaining Documentation

World Wide Web

Ordering Documentation

Documentation Feedback

Obtaining Technical Assistance

Cisco.com

Technical Assistance Center

Cisco TAC Web Site

Cisco TAC Escalation Center

Service Selection Gateway

System Requirements

Hardware


Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW


June 16, 2003

Product Numbers:

SC-SVC-SS10—Cisco MWAM Series Service Selection Gateway - Mobile Wireless

SC-SVC-SSP-10=—Service Selection Gateway with Prepaid license

SC-SVC-SSD-10=—Service Selection Gateway Layer 2 Tunneling Protocol dial out license

These release notes include important information and caveats for Cisco SSG-MWAM Release 1.1, which provides the Service Selection Gateway (SSG) feature on the Multi-processor WAN Application Module (MWAM) using Cisco IOS Release 12.3(1a)BW.

Cisco IOS Release 12.3(1a)BW is a special release required for Cisco SSG-MWAM Release 1.1 on the Catalyst 6500/Cisco 7600 series platforms.

Caveats for Cisco IOS Releases 12.3 can be found on CCO at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123relnt/xprn123/123mcavs.htm

Contents

This release note includes the following topics:

Introduction

System Requirements

Features

Configuration Options

Installation and Configuration Notes

Limitations, Restrictions, and Important Notes

Caveats

MIBs

Related Documentation

Obtaining Documentation

Obtaining Technical Assistance

Introduction

Cisco SSG-MWAM Release 1.1 implements the SSG on the Multi-processor WAN Application Module (MWAM). Cisco SSG-MWAM Release 1.1 increases session density and enhances interoperability with other products based on the Catalyst 6500/Cisco 7600 series platform.

Multi-processor WAN Application Module

The MWAM provides three processor complexes with dual processors used in two of the complexes and a single processor used in the remaining processor complex. This architecture provides five SSGs (see Figure 1) on one module. In addition, each Catalyst 6500/Cisco 7600 chassis can be populated with multiple MWAMs to enable a large number of subscribers to access network services under SSG control.

Figure 1 MWAM Architecture

The MWAM does not provide external ports but is connected to the switch fabric in the Catalyst 6500/Cisco 7600 chassis. An internal Gigabit Ethernet port provides an interface between each processor complex and the Supervisor module. Virtual Local Area Networks (VLANs) direct traffic from external ports via the Supervisor module to each SSG instance.

The MWAM provides an interface to the IOS image on the Supervisor module. The Supervisor module software enables a single session to be established to each SSG on the MWAM(s) in the chassis. Each session is used for configuring, monitoring, and troubleshooting the SSG. For information on establishing sessions to SSG instances on the MWAM, refer to the Cisco Multi-Processor WAN Application Module Installation and Configuration Notes:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/cfgnotes/mwam_icn.htm

The software image that provides the SSG feature is downloaded through the Supervisor module and distributed to each processor complex on the MWAM(s). The same image is installed on all the processors in the MWAM.


Note In this release, each SSG on the MWAM must be configured individually.


Service Selection Gateway

The SSG is a Cisco IOS software feature module that enables service providers to create new revenue-generating opportunities by offering on-demand services. The SSG provides Remote Authentication Dial-in User Service (RADIUS) authentication and accounting for user-interactive policy routing to different IP destinations. This improves flexibility and convenience for subscribers, including the ability to log on to multiple services simultaneously, and enables service providers to bill subscribers based on connection time and services used, rather than charging a flat rate.

Traffic from the mobile user is addressed to an SSG on the MWAM. The request for access is forwarded to the Authentication, Authorization, and Accounting (AAA) server, and the user is authenticated and authorized to access the services defined in a user profile. Then data traffic is exchanged between the user and servers in the service network. Each network is defined with its own VLAN, and all SSGs on the MWAM access the same VLANs to receive and send data.

For more information about the features available in the SSG, refer to the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123limit/index.htm

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/wan_vcg.htm#1000988

http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guides_list.html

System Requirements

This section describes system requirements for SSG-MWAM Release 1.1.

Hardware

The SSG-MWAM Release 1.1 requires the following hardware components:

Catalyst 6500/Cisco 7600 series platform

Supervisor Engine 2 module with MSFC 2 daughter card

MWAM

A Hardware-Software Compatibility Matrix is available on CCO for users with CCO login accounts. This matrix allows users to search for supported hardware components by entering a Cisco platform and IOS Release. The Hardware-Software Compatibility Matrix tool is available at the following URL:

http://www.cisco.com/cgi-bin/front.x/Support/HWSWmatrix/hwswmatrix.cgi

Software

The SSG-MWAM Release 1.1 requires the following software components:

Cisco IOS 12.2(14)ZA2 release (or higher) on the Supervisor module

MWAM software, which includes:

MWAM platform software

Cisco IOS 12.3(1a)BW release

Cisco IOS Release 12.3(1a)BW is a special release that is developed on Cisco IOS Release 12.3 B train and provides new SSG features (see Software Features section).

Cisco IOS Release 12.3(1a)BW supports the same features that are in previous Cisco IOS Release 12.3 releases, with the addition of MWAM platform support.

Memory

The MWAM provides two complexes that are equipped with 1 GB memory shared between two processors (512 MB each). The remaining processor complex, the one with only one processor, is equipped with 512 MB memory. The total memory capacity for the MWAM is 2.5 GB.

The MWAM memory cannot be configured.

Determining the Software Version

To determine the version of Cisco IOS software running on your MWAM, log in to the router on one of the MWAM processors and enter the show version EXEC command:

Router# show version
Cisco Internetwork Operating System Software 
IOS (tm) MWAM Software (MWAM-G4JS-M), Version 12.3(1a)BW, EARLY DEPLOYMENT RELEASE 
SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac 
Copyright (c) 1986-2002 by cisco Systems, Inc. 

Upgrading to a New Software Release

For information on upgrading to a new software release, see the product bulletin Cisco IOS Software Upgrade Ordering Instructions located at:

http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/957_pp.htm

Upgrading IOS Image on MWAM

For information on upgrading SSG images on the MWAM, refer to the Cisco Multi-Processor WAN Application Module Installation and Configuration Notes:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/cfgnotes/mwam_icn.htm


Note The image download process loads the IOS image onto the three processor complexes on the MWAM.


Upgrading ROMMON Software

The SSG-MWAM R1.1 with Cisco IOS Release 12.3(1a)BW requires a ROMMON software upgrade. To perform the ROMMON software upgrade, use the procedure provided in the Cisco Multi-Processor WAN Application Module Installation and Configuration Notes.

Features

This section describes the features associated with the SSG-MWAM Release 1.1.

Hardware Features

The MWAM is built on a base card-to-daughter card configuration (Figure 1). It provides three SiByte (700MHz) processor complexes. Two of the processor complexes enable dual processors while the third processor complex enables only one processor because of the memory configuration.

Each SiByte complex has a 1 Gigabit Ethernet (GE) interface to the switch fabric. This connection appears as a GE interface from the Supervisor module.

The MWAM connects to the Catalyst 6500/Cisco 7600 bus for data and control traffic.

Software Features

The SSG-MWAM Release 1.1 introduces the following SSG features on the MWAM platform:

Transparent AutoLogon

SSG Enhancements

TCP Redirect Exclusion List

For more information about these features, refer to the following URL:

http://www.cisco.com/univercd//cc/td/doc/product/software/ios123/123newft/123limit/1231abw

The full description of SSG features is included in the release documentation (in the Service Selection Gateway chapter):

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/wan_vcg.htm

Cisco IOS Feature Sets

The Cisco IOS software is packaged in feature sets consisting of software images—depending on the platform. Each feature set contains a specific set of Cisco IOS features.

Cisco IOS Release 12.3(1a)BW supports the same feature sets as Cisco Release 12.3 B, with the addition of the SSG that is optimized for the MWAM on the Catalyst 6500/Cisco 7600 series platforms.


Caution Cisco IOS images with strong encryption (including, but not limited to 168-bit (3DES) data encryption feature sets) are subject to United States government export controls and have limited distribution. Strong encryption images to be installed outside the United States are likely to require an export license. Customer orders may be denied or subject to delay due to United States government regulations. When applicable, purchaser/user must obtain local import and use authorizations for all encryption strengths. Please contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com.

Performance

Each SSG instance on the MWAM is an individual router. Because the MWAM supports five SSGs, it provides five times the session density (i.e., number of user sessions) of the NPE 400 7200/7400 platform. In addition, the MWAM processors provide twice the throughput of processors used in the NPE 400 7200/7400 platform. Overall, the MWAM improves SSG throughput by 5-10 times that of the NPE 400 7200/7400 platform.

External Interfaces

External physical interfaces provided by the supported platforms are not visible to the SSG software. This is an important advantage of the MWAM implementation when compared to the Cisco 7200/7400 platform. The MWAM implementation protects the SSG from interface and link failures. As long as the platform provides redundant links to other system components (e.g., GGSN, AAA servers), the SSG configuration is not affected and its operation is maintained.

IP Address Management

The IP address management for the SSG on the MWAM is the same as the Cisco 7200/7400 platform with one exception: virtual subinterfaces (VLANs) are required for uplink, downlink, and network management paths.

Each SSG on the MWAM is configured with its own IP addresses including addresses for user traffic, RADIUS client function, and network management.

Reliability/Availability

This section provides analysis of reliability/availability of the SSG on the MWAM in the Catalyst 6500/Cisco 7600 chassis in context with other Cisco features. The following features are considered:

SSG on MWAM

Five SSGs on each MWAM

Multiple MWAM cards installed in one chassis

RLB on Supervisor module

Distributes traffic load among SSGs

Provides SSG switchover

FWLB on Supervisor module or CSM—Provides the return traffic path through the same SSG that forwarded the service request

The Server Load Balancing (SLB) function can be implemented in the Supervisor module to provide RADIUS Load Balancing (RLB) across the SSGs on one or multiple MWAMs. The Content Switching Module (CSM) can be used to provide Firewall Load Balancing (FWLB).


Note While the RLB and FWLB features are not part of the SSG-MWAM Release 1.1, they are described here to demonstrate their use in mobile wireless solutions that include MWAM-based SSGs.


RADIUS Load Balancer

The RLB feature is implemented in the Supervisor module. The RLB feature provides one virtual IP address for all users accessing services and keeps the list of real IP addresses of all SSGs. The RLB feature distributes the upstream traffic between SSGs by using the load-balancing mechanism. It keeps the information about SSG assignment for each user session. When the RLB detects an SSG failure, it directs traffic to another available SSG.

Firewall Load Balancer

The FWLB feature ensures that the downstream traffic from the network server to the user is sent to the same SSG that handled the upstream traffic. The FWLB feature tracks all upstream traffic from an SSG to a network server and links the SSG address with the user session. This information is used when the downstream traffic from the server is received. The FWLB feature determines which SSG is handling the user traffic.

The FWLB feature can be implemented in the CSM in the same chassis or in the Supervisor module in different chassis.

System Modules

Each system module in the configuration provides its own degree of reliability/availability.

Supervisor Module

Two redundant Supervisor modules can be equipped in the same chassis using the Route Processor Redundancy Plus (RPR+) protocol and the RLB. However, the RLB does not provide stateful failover in this configuration (i.e., user sessions are lost).

If equipping redundant Supervisor modules in two chassis, the RLB can be configured with Hot Standby Router Protocol (HSRP) between the two RLBs to provide stateful failover (i.e., user sessions are maintained).

When configuring the Supervisor module for the FWLB feature, it must be equipped on a different chassis than the one providing the RLB feature. If two chassis are used, the FWLB feature can be configured with HSRP and provide stateful failover.

MWAM

One or more MWAMs can be equipped using stateless failover (provided by the RLB feature) between SSGs. In a stateless failover, when user sessions are lost, the user must re-authenticate, but service access is not denied.

CSM

Two redundant CSMs can be equipped. The FWLB feature is configured with HSRP to provide stateful failover. No user sessions or data packets are lost.

Other Modules

Other service modules can be installed in the same Catalyst 6500/Cisco 7600 chassis that contains the MWAM. For example, to provide advanced content billing, install the Content Services Gateway (CSG).

Configuration Options

The SSG-MWAM Release 1.1 can be implemented in a redundant configuration using one or two chassis with the RLB feature providing the failover mechanism. The MWAM supports the Supervisor module RPR+ feature. This feature enables the MWAM to continue to operate after the active Supervisor fails and the secondary Supervisor takes over.

One Chassis Configuration

The following components are used in a typical one-chassis configuration:

Multiple MWAMs in the chassis, each module with five SSGs

Redundant Supervisor modules (Sup2) running RPR+

RLB feature on the Supervisor module to distribute load and provide failover for SSGs

Redundant FWLBs on CSMs running CSRP

Figure 2 shows an example of the one-chassis configuration.

Figure 2 Basic Configuration—One Chassis

Failure scenarios for the one-chassis configuration include the following:

Failed SSG or MWAM—User sessions are lost, but the traffic is redirected to active SSGs and users can reactivate their sessions

Failed Supervisor module—User sessions are lost because the active RLB does not synchronize its state with its backup

Failed FWLB—Stateful failover maintains user sessions

Two Chassis Configuration

For deployments requiring high reliability/availability, multiple MWAMs in two chassis can be used. The two-chassis configuration uses the following components:

Two Supervisor modules in each chassis, configured for RLB

Multiple SSGs on multiple MWAMs

One FWLB/CSM on each chassis

Redundancy practices:

HSRP between RLBs

CSRP between FWLBs

RPR+ between Supervisor modules in each chassis

RLB failover for SSGs between modules in the same chassis or in two chassis

Figure 3 shows this configuration.

Figure 3 High Availability Configuration—Two-chassis Solution

Failure scenarios for the two-chassis configuration include the following:

If one SSG fails, the RLB feature provides failover to another SSG; all sessions on the failed SSG are lost and users must log in again.


Note The end user may be required to reset the user application.


Failure of the Supervisor on the active chassis causes:

Supervisor switchover to the standby Supervisor (using RPR+) in the same chassis

MWAMs remain active

RLB switchover to the standby RLB (using HSRP) in the second chassis

All user sessions on MWAMs remain active

Failure of active FWLB causes stateful failover to the standby FWLB, maintaining user sessions

Installation and Configuration Notes

For information on installing the MWAM, configuring it through the Command Line Interface (CLI), and loading or upgrading IOS images on the MWAM, refer to the Cisco Multi-Processor WAN Application Module Installation and Configuration Notes:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/cfgnotes/mwam_icn.htm

Limitations, Restrictions, and Important Notes

When working with the MWAM, observe the following limitations, restrictions, and important notes:

Only five instances of the Cisco IOS image 12.3(1a)BW can be loaded onto the MWAM.

The same Cisco IOS image is loaded onto all processor complexes on the MWAM.

Session console is provided by TCP connection from the Supervisor module (no direct console).

Available memory for bootflash for saving crash information files is 500 KB.

Only five files can be stored in the bootflash file system.

If one processor in a processor complex fails, the second processor also fails, and both processors must be reset.

Cisco IOS image 12.3(1a)BW contains a feature that is not fully functional unless you upgrade the Supervisor image to 12.2(14)ZA4. This new feature will provide two configuration modes, local mode and Supervisor mode.

The Supervisor mode provides storage of MWAM configurations on the Supervisor bootflash. However, if the Supervisor is using an earlier image than 12.2(14)ZA4 and the MWAM is operating in Supervisor mode, you will encounter the following error messages during copy/write operations:

On the MWAM console:

Writing bootflash:SLOT6PC4.cfg % Connection refused by remote host
Writing bootflash:SLOT6PC4.cfg % Connection refused by remote host
Writing bootflash:SLOT6PC4.cfg % Connection refused by remote host
Writing bootflash:SLOT6PC4.cfg % Connection refused by remote host
% All writes to supervisor failed.

On the Supervisor console:

1w0d:%RCMD-4-RSHPORTATTEMPT:Attempted to connect to RSHELL from 127.0.0.64
1w0d:%RCMD-4-RSHPORTATTEMPT:Attempted to connect to RSHELL from 127.0.0.64
1w0d:%RCMD-4-RSHPORTATTEMPT:Attempted to connect to RSHELL from 127.0.0.64
1w0d:%RCMD-4-RSHPORTATTEMPT:Attempted to connect to RSHELL from 127.0.0.64

To verify that that the MWAM is in the Supervisor mode, establish a session to the MWAM processor and enter the following commands:

mwam-6-4> enable
mwam-6-4# show mwam config-mode 
mwam config-mode supervisor

To recover from this condition, enter the following command:

mwam-6-4# mwam config-mode local
Building configuration...
[OK]
Successfully changed mode:mwam config-mode local

Note Issuing the mwam config-mode local command writes the running-config to the startup-config in the NVRAM.


If you are equipping a new module for the first time and the Supervisor module has not been upgraded to 12.2(14)ZA4, use mwam config-mode local to write the configuration for the first time on each processor. Once the processor is in local mode, additional configuration changes can be written through the IOS CLI. If an attempt to copy or write the configuration fails, use show mwam config-mode to check the configuration mode. If the processor is in Supervisor mode, use mwam config-mode local to write the running-config and return to local mode.

The new feature is documented in the MWAM Installation and Configuration Note:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/cfgnotes/mwam_icn.htm

Caveats

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.

Caveats for Cisco IOS Releases 12.3 can be found on CCO at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123relnt/xprn123/123mcavs.htm


Note If you have an account with CCO, you can use Bug Navigator II to find caveats of any severity for any release. You can reach Bug Navigator II on CCO at Software Center: Cisco IOS Software: Cisco Bug Toolkit: Cisco Bugtool Navigator II, or at http://www.cisco.com/support/bugtools.


Caveats for 12.2(14)ZA2 (and higher)

For a list of caveats for 12.2(14)ZA2 (and higher), see the release notes at the following URL:

http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/prod_release_note09186a0080145494.html

Caveats in Cisco IOS Release 12.3(1a)BW

CSCea28131

A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.

Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.

The following is a list of caveats that are open in the Cisco IOS Release 12.3(1a)BW:

CSCec12911

Description: If the connection to the LNS fails because of LNS rebooting or redundant LNS failover, the SSG sends L2TP Hello packets to tear down the control connection and re-establish the tunnel to the redundant LNS. This action requires approximately 110 seconds to complete. During this time, excessive L2TP Hello packets are sent to the LNS.

Workaround: There is no workaround.

CSCin52503

Description: The high byte count in the SSG accounting records for connections can be wrong when there more than 4 GB are accounted for a connection within the interim accounting interval. This happens when the SSG accounting feature is enabled.

Workaround: Use a shorter interim accounting interval to ensure that traffic from or to a service for a single host does not exceed 4 GB in that period.

CSCin52887

Description: During L2TP tunnel service activation for an SSG user, the last character in the user name is not sent in the L2TP AVP. This condition does not affect the authentication for tunnel services.

Workaround: There is no workaround.

CSCin54109

Description: A router with the SSG RADIUS proxy feature enabled may reload when a RADIUS proxy user attempts to log in.

Workaround: Ensure that the correct realm VSA is present in the response.

CSCea78894

Description: The final packets (identified by FIN-Flag) of a TCP session through an L2TP tunnel are not routed through the tunnel. Instead, they are routed normally without NAT. This condition occurs only when there is a default route (0.0.0.0;0.0.0.0).

Workaround: Configure the default route in the service profile as follows:

R128.0.0.0;128.0.0.0 
R64.0.0.0;192.0.0.0 
R32.0.0.0;224.0.0.0 
R16.0.0.0;240.0.0.0 
R8.0.0.0;248.0.0.0 
R4.0.0.0;252.0.0.0 
R2.0.0.0;254.0.0.0 
R1.0.0.0;255.0.0.0 

CSCeb60723

Description: In RADIUS proxy mode, the SSG is not forwarding the authentication and authorization RADIUS retry packets from the NAS to the AAA server. Instead, the SSG is sending retries on behalf of the NAS. This behavior can create some inconsistencies in the subscriber active/inactive state among the NAS, SSG, and AAA server. In the RADIUS proxy mode, the SSG should forward RADIUS retry packets from the NAS and proxy the response from the AAA server back to the NAS.

Workaround: Make the NAS time (RADIUS timeout*Retry) greater than the SSG time (RADIUS timeout*Retry).

CSCec12923

Description: The SSG supports only the broadcasting of host and service accounting packets to multiple AAA servers based on the configuration. However, in RADIUS proxy mode, the SSG is not sending the accounting packets from the NAS to multiple AAA servers.

Workaround: There is no workaround.

CSCin45858

Description: The SSG does not forward user traffic to services for certain networks. Upstream packets from the user toward the service are dropped. The following error message is displayed if debug ssg data is enabled:

SSG-DATA: CEF-UPST: Unable to find adjacency. Punt (FastEthernet0/0 : 
10.0.1.1->10.1.1.1)
SSG-DATA: PROC-UPST : IDB is NULL. Drop (FastEthernet0/0 : 10.0.1.1->10.1.1.1)

This happens when the destination address falls into a service network of 0.0.0.0 with a non-zero netmask.

Workaround: Replace the service network to ensure that at least one bit matches the destination address.

CSCin52726

Description: The SSG does not send the called-station-id in all RADIUS packets sent to the remote AAA server. The remote AAA server must be specified by the "S" attribute included in the service profile.

Workaround: There is no workaround.

Cisco MWAM Caveats for Cisco IOS Release 12.3(1a)BW

The following is a list of Cisco MWAM caveats that are open for Cisco IOS Release 12.3(1a)BW:

CSCeb01237

Description: Unable to display the name of the MWAM image from the Supervisor console.

Workaround: Use the show version command to view the IOS image from the MWAM processor.

CSCeb38142

Description: MWAM VLAN interfaces stop responding when the Cisco 7609 router is rebooted. Ping packets sent from the Supervisor to the MWAM fail.

Workaround: Reset the MWAM from the Supervisor using the hw-module module slot reset command.

CSCeb39264

Description: Cannot copy a file to the bootflash of MWAM CPU with an existing name.

An attempt to copy a file to the bootflash:partition of an MWAM processor with a destination filename that already exists on this partition will fail. A copy cannot be made to a file that already exists. The following error message is displayed:

%Error opening bootflash:/running-config (File exists)

Workaround: Delete the file before attempting to overwrite an existing file.

CSCeb59614

Description: MWAM traffic shaping does not function with MWAM Gigabit Ethernet interfaces. Traffic shaping configurations on MWAM gig0/0 interface has no effect. The driver for MWAM gig0/0 interface does not support traffic shaping.

Workaround: There is currently no known workaround.

CSCeb01522

Description: When an MWAM is removed from a slot, the MWAM configuration files remain with the MWAM. A replacement MWAM in the same slot must then be fully reconfigured. Also, when an MWAM is moved from one slot to another, the configuration files move with the MWAM instead of being associated with the original slot.

Workaround: Follow the steps provided below:

a. Whenever you perform the copy running-config startup-config or write memory operation from an MWAM console, always use the copy startup-config tftp://server_name/file_name to copy the MWAM configuration file to an external server. Perform this operation for each MWAM processor.

b. Before moving the MWAM, issue the write erase command at the console of each MWAM image.

c. After installing the MWAM in its new slot, issue the following commands at the consoles of each MWAM processor:

copy tftp://server_name/file_name running-config
copy running-config startup-config 


Note If a TFTP server is unavailable, any bootflash device (slot0: or disk0:) on the Supervisor module can store the MWAM configuration files. This alternative requires configuring the Supervisor for RCP only (not TFTP). It also requires creating empty (i.e., dummy) configuration files on the Supervisor module. The MWAM configuration files are addressed to the Supervisor module using the address:128.0.0.x where x is the Supervisor slot (e.g., 128.0.0.1). The bootflash then becomes the preferred device. Use the file naming convention SLOTxPCy.cfg, where x is the MWAM slot and y is the MWAM processor number. This convention facilitates migration to a future MWAM feature that resolves this problem.


CSCeb48018

Description: When traffic is being received at 100% CPU, MWAM processors reload.

Workaround: Reduce the CPU from 100% to 90%.

CSCeb58650

Description: When multiple MWAMs are reset at the same time using the hw-module module slot_number reset command, on rare occasions the MWAM will fail to boot (remain in a PwrDown state) and the following message will display on the Supervisor console:

SP: oir_disable_notice: slot12: lcp failed to go online

Workaround: If this condition should occur, bring the MWAM back to an operational state by issuing the hw-module module slot_number reset command.

CSCin51015

Description: SNMP query for CISCO-FLASH-MIB does not populate values. The fields of the CISCO-FLASH-MIB are currently not populated for the flash devices dedicated to each of the processors of the MWAM. When the CISCO-FLASH-MIB of a MWAM processor is queried, the fields of this MIB will incorrectly appear as if there is no flash device for this processor.

Workaround: There is currently no known workaround.

CSCin51016

Description: SNMP query for variable chassisType(1.3.6.1.4.1.9.3.6.1) returns -1 for MWAM module.

Workaround: There is currently no known workaround.

CSCin56742

Description: Issuing the copy running-config startup-config command from the MWAM console fails to write the configuration to the standby Supervisor module.

Workaround: Two workarounds are available:

a. Issue the mwam bootflash access command from the Supervisor console. If a switch-over occurs or if you reload the standby Supervisor module, you must re-issue the mwam bootflash access command.

b. Generate the startup-config file, copy it (TFTP) to a location for editing, and add the line mwam bootflash access. Then copy the file back to startup-config and reload the Supervisor modules. This action enables mwam bootflash access on reloading. However, if you copy the running-config to startup-config on the Supervisor, you remove this configuration and must repeat this workaround.

CSCec36798

Description: When a chassis is reloaded and contains multiple MWAMs that are running in the Supervisor configuration mode (i.e., MWAM configurations stored on the Supervisor bootflash), some of MWAM processors may not receive their configurations from the Supervisor bootflash.

Workaround: Two workarounds are available:

a. Reset the MWAM from the Supervisor console and verify the configuration on each processor. If a processor is found to have no configuration file, reload only that processor.

b. Use local configuration mode on the MWAM instead of the Supervisor configuration mode.

MIBs

No new or modified MIBs are supported by the SSG-MWAM Release 1.1 feature.

To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

Related Documentation

Except for feature modules, documentation is available as printed manuals or electronic documents. Feature modules are available online on CCO and the Documentation CD-ROM.

Use these release notes with these documents:

Release-Specific Documents

Platform-Specific Documents

Feature Modules

Cisco IOS Software Documentation Set

Release-Specific Documents

The following documents are specific to Release 12.3 and are located on CCO and the Documentation CD-ROM:

Release Notes for Cisco IOS Release 12.2(14)ZA3 on the Catalyst 6500 Series and Cisco 7600 Series Supervisor Engine and MSFC

Cross-Platform Release Notes for Cisco IOS Release 12.3

On CCO at:

Technical Documents: Cisco IOS Software Configuration: Cisco IOS Release 12.3: Release Notes: Cross-Platform Release Notes

Caveats for Cisco IOS Release 12.2 T

See Caveats for Cisco IOS Release 12.2 and Caveats for Cisco IOS Release 12.2T, which contain caveats applicable to all platforms for all maintenance releases of Release 12.2 and Release 12.2 T.

On CCO at:

Technical Documents: Cisco IOS Software Configuration: Cisco IOS Release 12.2: Caveats

On the Documentation CD-ROM at:

Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.2: Caveats


Note If you have an account with CCO, you can use Bug Navigator II to find caveats of any severity for any release. You can reach Bug Navigator II on CCO at Software Center: Cisco IOS Software: Cisco Bug Toolkit: Cisco Bugtool Navigator II, or at http://www.cisco.com/support/bugtools.


Product bulletins, field notices, and other release-specific documents on CCO at:

Technical Documents

Platform-Specific Documents

These documents are available for the Catalyst 6500/Cisco 7600 series platforms on Cisco.com and the Documentation CD-ROM:

Cisco Multi-Processor WAN Application Module Installation and Configuration Notes

Catalyst 6500 Series Switch Documentation:

Catalyst 6500 Series Switch Module Installation Guide

Catalyst 6500 Series Switch Installation Guide

Multi-processor WAN Application Module Installation and Configuration Note

Cisco 7600 Series Routers Documentation:

Cisco 7600 Series Internet Router Installation Guide

Cisco 7600 Series Internet Router Module Installation Guide

Cisco 7609 Internet Router Installation Guide

Catalyst 6500 Series Switch Documentation is available at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/index.htm

Cisco 7600 Series Routers Documentation is available at the following URL:

http://www.cisco.com/en/US/products/hw/routers/ps368/prod_technical_documentation.html

Feature Modules

Feature modules describe new features and are updates to the Cisco IOS documentation set. A feature module consists of a brief overview of the feature, benefits, configuration tasks, and a command reference. As updates, the feature modules are available online only. Feature module information is incorporated in the next printing of the Cisco IOS documentation set.

For more information about SSG, see the following documents:

Transparent AutoLogon

SSG Enhancements

TCP Redirect Enhancements

Cisco IOS Wide-Area Networking Configuration Guide, Release 12.3 (chapter on Service Selection Gateway)

Cisco IOS Software Documentation Set

The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents that are shipped with your order in electronic form on the Documentation CD-ROM, unless you specifically ordered the printed versions.

Documentation Modules

Each module in the Cisco IOS documentation set consists of two books: a configuration guide and a corresponding command reference. Chapters in a configuration guide describe protocols, configuration tasks, Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference.

On CCO and the Documentation CD-ROM, two master hot-linked documents provide information for the Cisco IOS software documentation set.

On CCO at:

Technical Documents: Cisco IOS Software Configuration: Cisco IOS Release 12.3: Configuration Guides and Command References

Release 12.3 Documentation Set

You can find the most current Cisco IOS documentation on CCO and the Documentation CD-ROM. These electronic documents may contain updates and modifications made after the hard-copy documents were printed.

On CCO at:

Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.3


Note Cisco Management Information Base (MIB) User Quick Reference is no longer published. If you have an account with CCO, you can find the current list of MIBs supported by Cisco. To reach the Cisco Network Management Toolkit, go to CCO, press Login: Technical Support: Software Center: Network Mgmt Software: Cisco Network Management Toolkit: Cisco MIBs.


Obtaining Documentation

These sections explain how to obtain documentation from Cisco Systems.

World Wide Web

You can access the most current Cisco documentation on the World Wide Web at this URL:

http://www.cisco.com

Translated documentation is available at this URL:

http://www.cisco.com/public/countries_languages.shtml

Ordering Documentation

You can order Cisco documentation in these ways:

Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Networking Products MarketPlace:

http://www.cisco.com/cgi-bin/order/order_root.pl

Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store:

http://www.cisco.com/go/subscription

Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, U.S.A.) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).

Documentation Feedback

You can submit comments electronically on Cisco.com. In the Cisco Documentation home page, click the Fax or Email option in the "Leave Feedback" section at the bottom of the page.

You can e-mail your comments to bug-doc@cisco.com.

You can submit your comments by mail by using the response card behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain online documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site.

Cisco.com

Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.

Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you with these tasks:

Streamline business processes and improve productivity

Resolve technical issues with online support

Download and test software packages

Order Cisco learning materials and merchandise

Register for online skill assessment, training, and certification programs

If you want to obtain customized information and service, you can self-register on Cisco.com. To access Cisco.com, go to this URL:

http://www.cisco.com

Technical Assistance Center

The Cisco Technical Assistance Center (TAC) is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two levels of support are available: the Cisco TAC Web Site and the Cisco TAC Escalation Center.

Cisco TAC inquiries are categorized according to the urgency of the issue:

Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration.

Priority level 3 (P3)—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.

Priority level 2 (P2)—Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available.

Priority level 1 (P1)—Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available.

The Cisco TAC resource that you choose is based on the priority of the problem and the conditions of service contracts, when applicable.

Cisco TAC Web Site

You can use the Cisco TAC Web Site to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to this URL:

http://www.cisco.com/tac

All customers, partners, and resellers who have a valid Cisco service contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to this URL to register:

http://www.cisco.com/register/

If you are a Cisco.com registered user, and you cannot resolve your technical issues by using the Cisco TAC Web Site, you can open a case online by using the TAC Case Open tool at this URL:

http://www.cisco.com/tac/caseopen

If you have Internet access, we recommend that you open P3 and P4 cases through the Cisco TAC Web Site.

Cisco TAC Escalation Center

The Cisco TAC Escalation Center addresses priority level 1 or priority level 2 issues. These classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer automatically opens a case.

To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to this URL:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled: for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). When you call the center, please have available your service agreement number and your product serial number.


Note In this release, each SSG on the MWAM must be configured individually.


Service Selection Gateway

The SSG is a Cisco IOS software feature module that enables service providers to create new revenue-generating opportunities by offering on-demand services. The SSG provides Remote Authentication Dial-in User Service (RADIUS) authentication and accounting for user-interactive policy routing to different IP destinations. This improves flexibility and convenience for subscribers, including the ability to log on to multiple services simultaneously, and enables service providers to bill subscribers based on connection time and services used, rather than charging a flat rate.

Traffic from the mobile user is addressed to an SSG on the MWAM. The request for access is forwarded to the Authentication, Authorization, and Accounting (AAA) server, and the user is authenticated and authorized to access the services defined in a user profile. Then data traffic is exchanged between the user and servers in the service network. Each network is defined with its own VLAN, and all SSGs on the MWAM access the same VLANs to receive and send data.

For more information about the features available in the SSG, refer to the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/wan_vcg.htm#1000988

http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guides_list.html

System Requirements

This section describes system requirements for SSG-MWAM Release 1.1.

Hardware

The SSG-MWAM Release 1.1 requires the following hardware components:

Catalyst 6500/Cisco 7600 series platform

Supervisor module with MSFC 2 daughter card

MWAM

A Hardware-Software Compatibility Matrix is available on CCO for users with CCO login accounts. This matrix allows users to search for supported hardware components by entering a Cisco platform and IOS Release. The Hardware-Software Compatibility Matrix tool is available at the following URL:

http://www.cisco.com/cgi-bin/front.x/Support/HWSWmatrix/hwswmatrix.cgi