Guest

Cisco MWR 1900 Mobile Wireless Routers

Release Notes for Cisco MWR 1941-DC Mobile Wireless Edge Router for Cisco IOS Release 12.2(15)MC2l

  • Viewing Options

  • PDF (379.4 KB)
  • Feedback
Release Notes for Cisco MWR 1941-DC Mobile Wireless Edge Router for Cisco IOS Release 12.2(15)MC2l

Table Of Contents

Release Notes for Cisco MWR 1941-DC Mobile Wireless Edge Router for Cisco IOS Release 12.2(15)MC2l

Contents

Introduction

System Configuration Requirements

Memory Recommendations

Determining the Software Version

Upgrading to a New Software Release

Upgrading to a New ROM Monitor Version

New and Changed Information

New Features in the Cisco IOS Release 12.2(15)MC2l

New Features in the Cisco IOS Release 12.2(15)MC2h

Support for 6 T1/E1 Interfaces per/MWR

Support for 1800 CIDs per/MWR

Support for Enhanced Link Noise Monitoring (LNM)

New Features in the Cisco IOS Release 12.2(15)MC2g

New Features in the Cisco IOS Release 12.2(15)MC2f

New Features in the Cisco IOS Release 12.2(15)MC2e

New Features in the Cisco IOS Release 12.2(15)MC2b

New Features in the Cisco IOS Release 12.2(15)MC2a

New Features in the Cisco IOS Release 12.2(15)MC2

New Features in the Cisco IOS Release 12.2(15)MC1

Ignoring the IP ID in RTP/UDP Header Compression

Configuring ACFC and PFC Handling During PPP Negotiation

Configuring the cUDP Flow Expiration Timeout Duration

Limitations, Restrictions, and Important Notes

Caveats in Cisco IOS Release 12.2(15)MC2l

Open Caveats

Resolved Caveats

Caveats in Cisco IOS Release 12.2(15)MC2h

Open Caveats

Resolved Caveats

Caveats in Cisco IOS Release 12.2(15)MC2g

Resolved Caveats

Caveats in Cisco IOS Release 12.2(15)MC2f

Open Caveats

Resolved Caveats

Caveats in Cisco IOS Release 12.2(15)MC2e

Open Caveats

Resolved Caveats

Caveats in Cisco IOS Release 12.2(15)MC2b

Open Caveats

Resolved Caveats

Caveats in Cisco IOS Release 12.2(15)MC2a

Open Caveats

Resolved Caveats

Unreproducible Caveat

Troubleshooting

Documentation Updates

Configuring RTP/UDP Compression

The show ip rtp header-compression Command

Configuring T1 Interfaces

Configuring Redundancy

Related Documentation

Platform-Specific Documents

Obtaining Documentation, Obtaining Support, and Security Guidelines


Release Notes for Cisco MWR 1941-DC Mobile Wireless Edge Router for Cisco IOS Release 12.2(15)MC2l


March 26, 2008

Cisco IOS Release 12.2(15)MC2l

OL-13984-21

These release notes are for the Cisco MWR 1941-DC Mobile Wireless Edge Router for Cisco IOS Release 12.2(15)MC2l. These release notes are updated as needed to describe new features, memory requirements, hardware support, software platform deferrals, and changes to the microcode and related documents.

For a list of the software caveats that apply to Cisco IOS Release 12.2(15)MC2l, see the "Caveats in Cisco IOS Release 12.2(15)MC2l" section. To review the release notes for Cisco IOS Release 12.2, go to www.cisco.com. Click the Support tab and select Select a Product from the drop-down menu. Under Select a category, click Routers. Under Select a product, click Cisco MWR 1900 Mobile Wireless Routers. Under General Information, click Release Notes. Under Cisco MWR 1941-DC Mobile Wireless Edge Router, select the particular release notes you want to review.

Contents

This document contains the following sections:

Introduction

System Configuration Requirements

New and Changed Information

Limitations, Restrictions, and Important Notes

Caveats in Cisco IOS Release 12.2(15)MC2l

Caveats in Cisco IOS Release 12.2(15)MC2h

Caveats in Cisco IOS Release 12.2(15)MC2g

Caveats in Cisco IOS Release 12.2(15)MC2f

Caveats in Cisco IOS Release 12.2(15)MC2e

Caveats in Cisco IOS Release 12.2(15)MC2b

Caveats in Cisco IOS Release 12.2(15)MC2a

Troubleshooting

Documentation Updates

Related Documentation

Obtaining Documentation, Obtaining Support, and Security Guidelines

Introduction

The Cisco MWR 1941-DC Mobile Wireless Edge Router running Cisco IOS Release 12.2(15) MC2h software is a networking platform optimized for use in mobile wireless networks. It extends IP connectivity to the cell site and Base Transceiver Station (BTS), and through a Fast Ethernet interface to the BTS, provides bandwidth-efficient IP transport of voice and data bearer traffic, as well as maintenance, control, and signalling traffic, over the leased line backhaul network between the BTS and leased line termination and aggregation node via compression (cRTP/cUDP) and packet multiplexing (PPPMux and MLPPP). It supports a limited set of interfaces and protocols, but offers high performance at a low cost while meeting the critical requirements for deployment in cell sites, including small size, extended operating temperature range, high availability, and DC input power flexibility.

System Configuration Requirements

When implemented in a Cisco IP Radio Access Network (IP-RAN) solution, the Cisco MWR 1941-DC router requires the following system configuration:

Cisco IOS 12.2(8) MC2 or a later Cisco IOS Release 12.2 MC software (excluding Cisco IOS Release 12.2(15)MC1a and Cisco IOS Release 12.2(15)MC2b).

Network Time Protocol (NTP)

Network Time Protocol must be configured. The Cisco MWR 1941-DC router uses NTP to maintain a clocking source for the proper time stamping of system messages and log files.

Redundancy

When not using the Cisco MWR 1941-DC router in a redundant configuration, the standalone option must be configured from redundancy mode.

When using the Cisco MWR 1941-DC router in a redundant configuration:

Keepalives under the FE must be set to 1.

Extended Availability Drop and Insert (EADI) capabilities must be disabled on the router (using the disable-eadi global configuration command) to avoid a double-termination situation upon router reboot. If the MWR 1941-DC is not being used in a redundant configuration and EADI is specifically required, you can re-enable EADI using the no disable-eadi global configuration command.

When attaching the MWR 1941-DC to a device that uses spanning tree, portfast must be configured on the device to avoid problems with HSRP at startup.

Cisco Express Forwarding (CEF)

You cannot disable CEF on the MWR 1941-DC. Commands such as no ip cef will display an error message "%Cannot disable CEF on this platform." Some commands, such as no ip route-cache cef, will not return an error message, however, CEF will not be disabled regardless of whether or not an error message is displayed.

Hot Standby Router Protocol (HSRP)

In case of a tie in priority, HSRP uses the IP address to determine the active router. Therefore, you should ensure that the order of the IP addresses of the E1/T1 interfaces of the active router corresponds to the order of the IP addresses of the E1/T1 interfaces of the standby router.

Memory Recommendations

Table 1 Memory Recommendations for the Cisco MWR 1941-DC Mobile Wireless Edge Router

Platform
Software Image
Flash
Memory Recommended
DRAM
Memory Recommended
Runs From

Cisco MWR 1941-DC router

mwr1900-i-mz

32 MB Flash

128 MB DRAM

RAM


Determining the Software Version

To determine the version of Cisco IOS software running on your Cisco MWR 1941-DC router, log in to the Cisco MWR 1941-DC and enter the show version EXEC command:

router> show version
     Cisco Internetwork Operating System Software 
     IOS (tm) 1900 Software (MWR1900-I-MZ), Version 12.2(15)MC2a, EARLY DEPLOYMENT RELEASE 
     SOFTWARE (fc1)

Upgrading to a New Software Release

For general information about upgrading to a new software release, refer to Software Installation and Upgrade Procedures located at the following URL:

http://www.cisco.com/en/US/products/hw/routers/tsd_products_support_category_home.html

Upgrading to a New ROM Monitor Version

The Cisco MWR 1941-DC router ROM Monitor (ROMMON) consists of two modules:

A resident module that is not changed during the upgrade procedure.

An upgradable module that is updated during the upgrade procedure. This is the only module that you will download from Cisco.com.


Note Before performing this procedure, you must download the new ROMMON image from Cisco.com. The download procedure is the same as downloading Cisco IOS software images.



Note In the event of a power outage, the ROM monitor download will not be successful.



Note Command output is similar to the following.


To upgrade the ROMMON version on your Cisco MWR 1941-DC router, complete these steps from EXEC mode:


Step 1 Copy the new ROMMON image from a TFTP server to slot0.

Step 2 Verify that the new image has been copied:

Router#dir slot0: 
  Directory of slot0:/
  3 -rw- 871 Mar 01 1993 00:05:02 MWR1900-3-default.cfg
  4 -rw- 610704 Mar 01 1993 00:10:30 MWR1900_RM2.srec.122-8r.MC3

Step 3 Upgrade the current configuration by entering the upgrade rom-monitor command as shown in the following example:

Router# upgrade rom-monitor file slot0:MWR1900_RM2.srec.122-8r.MC3
This command will reload the router. Continue? [yes/no]:y

Step 4 Press Enter to continue. The router begins downloading the ROMMON image. The router automatically reboots.

ROMMON image upgrade in progress
Erasing boot flash
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
Programming boot flash pppp

Now Reloading
System Bootstrap, Version 12.2(20010915:181836) DEVELOPMENT SOFTWARE
Copyright (c) 1994-2001 by cisco Systems, Inc.

 Running new upgrade for first time

System Bootstrap, Version 12.2(8r)MC3, RELEASE SOFTWARE (fc1)
TAC Support:http://www.cisco.com/tac
Copyright (c) 2002 by cisco Systems, Inc.
mwr1900 processor with 131072 Kbytes of main memory
Main memory is configured to 64 bit mode with parity disabled

Upgrade ROMMON initialized
rommon 1 > 


New and Changed Information

The following sections list the new hardware and software features supported by the Cisco MWR 1941-DC router for Cisco IOS Release 12.2(15)MC software.

New Features in the Cisco IOS Release 12.2(15)MC2l

No features are introduced in Cisco IOS Release 12.2(15)MC2l.

New Features in the Cisco IOS Release 12.2(15)MC2h

The following features were introduced in Cisco IOS Release 12.2(15)MC2h:

Support for 6 T1/E1 interfaces per/MWR

Support for 1800 Context IDs (CIDs) per/MWR

Support for enhanced Link Noise Monitoring (LNM)

Support for 6 T1/E1 Interfaces per/MWR

The new MWRs support up to 6 T1/E1 interfaces on the platform. These interfaces are configured by IOS software as controller t1 0/4 and controller t1 0/5 for the T1 interface, and as controller e1 0/4 and controller e1 e1 0/5 for the E1 interface. In effect, the multilink interface can now be configured with 6 T1 or 6 E1 interfaces under it. Also, the number of serial interfaces can increase depending upon how the T1/E1 interfaces are split up by the configuration. All controller specific commands are applicable to the new T1/E1 interfaces

Support for 1800 CIDs per/MWR

With Cisco IOS Release 12.2(15)MC2h, the maximum number of connections is increased to 1800 for the interface configuration command ip rtp compression-connections. This command is also used to specify the total number of Real-Time Transport Protocol (RTP) header compression connections that can exist on an interface. The default is 16 CID connections.

Command
Purpose

Router(config-if)# ip rtp compression-connections number

Number of RTP header compression connections the cache supports in the range of 3 to 1800.


To restore the default value, use the no form of this command.

Support for Enhanced Link Noise Monitoring (LNM)

With Cisco IOS Release 12.2(15)MC2h, LNM algorithm support has been changed or updated. There is no longer support for the existing or previous LNM algorithm. The enhanced LNM algorithm is now supported by default. However, the existing or previous LNM CLI is still used to set the threshold and duration values.

The averaging algorithm is responsible for maintaining the simple moving average of link quality Bit Error Rate (BER), Line Code Violation/Path Code Violation (LCV/PCV) values as and when noise samples arrive. The noise is calculated as a simple moving average for the duration configured. The average noise at any time represents the noise average for the last configured duration in seconds. It is recalculated each second as the noise samples arrive each second. Basically, it's a sliding window of noise averages for the last duration in seconds.

The Benefits of this new algorithm are the following:

Improves CDMA backhaul link robustness by detecting noisy spans and removing them out of service 100 percent of the time and restoring them back 100 percent of the time when the link quality reaches an acceptable value.

Improves CDMA Link Noise Monitoring Capability through intelligent threshold setting by using the averaging algorithm and providing better detection at a wide range of Bit Error Rate levels.

100 percent detection at the Threshold which the customer sets to.

Alerts the customer 100 per cent of the time about the quality of the spans.

Removes the degraded span effectively and having only acceptable spans in service.

New Features in the Cisco IOS Release 12.2(15)MC2g

No features are introduced in Cisco IOS Release 12.2(15)MC2g.

New Features in the Cisco IOS Release 12.2(15)MC2f

No features are introduced in Cisco IOS Release 12.2(15)MC2f.

New Features in the Cisco IOS Release 12.2(15)MC2e

No features are introduced in Cisco IOS Release 12.2(15)MC2e.

New Features in the Cisco IOS Release 12.2(15)MC2b

No features are introduced in Cisco IOS Release 12.2(15)MC2b.

New Features in the Cisco IOS Release 12.2(15)MC2a

No features are introduced in Cisco IOS Release 12.2(15)MC2a.

New Features in the Cisco IOS Release 12.2(15)MC2

No features are introduced in Cisco IOS Release 12.2(15)MC2.

New Features in the Cisco IOS Release 12.2(15)MC1

The following features were introduced in Cisco IOS Release 12.2(15)MC1:

Ignoring the IP ID in RTP/UDP Header Compression

Configuring ACFC and PFC Handling During PPP Negotiation

Configuring the cUDP Flow Expiration Timeout Duration

For information on new features in previous Cisco IOS Release 12.2MC software releases, see the platform release notes:

http://www.cisco.com/univercd/cc/td/doc/product/wireless/ipran/1_0/relnotes/index.htm

Ignoring the IP ID in RTP/UDP Header Compression

With Cisco IOS Release 12.2(8)MC2c, IP ID checking was suppressed in RTP/UDP header compression. With Cisco IOS Release 12.2(15)MC1, a new option has been added to the ip rtp header-compression interface configuration command that allows you to enable or suppress this checking. The default is to suppress.

To suppress IP ID checking, issue the following command while in interface configuration mode:

Command
Purpose

Router(config-if)# ip rtp header-compression ignore-id

Suppresses the IP ID checking in RTP/UDP header compression.


To restore IP ID checking, use the no form of this command.

This new feature is identified by CSCdz75957.

Configuring ACFC and PFC Handling During PPP Negotiation

With Cisco IOS 12.2(15)MC1, ACFC and PFC handling during PPP negotiation can be configured.

Configuring ACFC Handling During PPP Negotiation

Use the following commands beginning in global configuration mode to configure ACFC handling during PPP negotiation:

 
Command
Purpose

Step 1 

Router(config)# interface type slot/port


Configures an interface type and enters interface configuration mode.

Step 2 

Router(config-if)# shutdown

Shuts down the interface.

Step 3 

Router(config-if)# ppp acfc remote {apply | reject | ignore}

Configures how the router handles the ACFC option in configuration requests received from a remote peer.

apply—ACFC options are accepted and ACFC may be performed on frames sent to the remote peer.

reject—ACFC options are explicitly ignored.

ignore—ACFC options are accepted, but ACFC is not performed on frames sent to the remote peer.

Step 4 

Router(config-if)# ppp acfc local {request | forbid}


Configures how the router handles ACFC in its outbound configuration requests.

request—The ACFC option is included in outbound configuration requests.

forbid—The ACFC option is not sent in outbound configuration requests, and requests from a remote peer to add the ACFC option are not accepted.

Step 5 

Router(config-if)# no shutdown 

Reenables the interface.

Configuring PFC Handling During PPP Negotiation

Use the following commands beginning in global configuration mode to configure PFC handling during PPP negotiation:

 
Command
Purpose

Step 1 

Router(config)# interface type slot/port


Configures an interface type and enters interface configuration mode.

Step 2 

Router(config-if)# shutdown

Shuts down the interface.

Step 3 

Router(config-if)# ppp pfc remote {apply | reject | ignore}

Configures how the router handles the PFC option in configuration requests received from a remote peer.

apply—PFC options are accepted and PFC may be performed on frames sent to the remote peer.

reject—PFC options are explicitly ignored.

ignore—PFC options are accepted, but PFC is not performed on frames sent to the remote peer.

Step 4 

Router(config-if)# ppp pfc local {request | forbid}


Configures how the router handles PFC in its outbound configuration requests.

request—The PFC option is included in outbound configuration requests.

forbid—The PFC option is not sent in outbound configuration requests, and requests from a remote peer to add the PFC option are not accepted.

Step 5 

Router(config-if)# no shutdown 

Reenables the interface.

To restore the default, use the no forms of these commands.


Note For complete details of the ACFC and PFC Handling During PPP Negotiation feature, see the ACFC and PFC Handling During PPP Negotiation feature module:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122b/122b_15/12b_acf.htm


Configuring the cUDP Flow Expiration Timeout Duration

To minimize traffic flow corruption, cUDP flows now expire after an expiration timeout duration during which no packets are passed. When this duration of inactivity occurs on a flow at the compressor, the compressor sends a full header upon receiving a packet for that flow, or, if no new packet are received for that flow, makes the CID for the flow available for new use. When a packet is received at the decompressor after the duration of inactivity, the packet is dropped and a context state message is sent to the compressor requesting a flow refresh.

The default expiration timeout is 5 seconds. The recommended value is 8 seconds.


Caution Failure of performance/latency scripts could occur if the expiration timeout duration is not changed to the recommended 8 seconds.

To configure the cUDP flow expiration timeout duration, issue the following command while in multilink interface configuration mode:

Command
Purpose

Router(config-if)# ppp iphc max-time seconds

Specifies the duration of inactivity, in seconds, that when exceeded causes the cUDP flow to expire. The recommended value is 8.


To restore the default, use the no form of this command.

This new feature is identified by CSCeb44623.

Limitations, Restrictions, and Important Notes


Caution The Cisco MWR 1941-DC router does not support online insertion and removal (OIR) of WAN interface cards. Any attempt to perform OIR on a card in a powered up router might cause damage to the card.


Caution Removing the compact flash from the Cisco MWR 1941-DC router during a read/write operation might corrupt the contents of the compact flash, rendering it useless. To recover from an accidental removal of or corruption to the compact flash, a maintenance spare with the appropriate bootable Cisco IOS software image might be needed.

Unsupported Cisco IOS Software Features

The Cisco MWR 1941-DC router requires a special version of Cisco IOS software. Not all Cisco IOS software features can be used with the Cisco MWR 1941-DC router as the core routing is handled by the network processor. The following standard Cisco IOS software features are not supported on the Cisco MWR 1900 router:

Security Access Control Lists

MPLS

802.1Q VLANs

Frame Relay (FR)

MLP LFI

ATM

Upgrading the VWIC-2MFT-T1-DIR Microcode

When upgrading the image on your Cisco MWR 1941-DC router, power cycle the router or perform a microcode reload on the VWIC-2MFT-T1-DIR to ensure that the firmware for the VWIC-2MFT-T1-DIR is updated during the upgrade.

Disabling PPP Multiplexing

To fully disable PPP multiplexing (PPPMux), issue the no ppp mux command on the T1 interfaces of the routers at both ends of the T1 link. If PPP multiplexing remains configured on one side of the link, that side will offer to receive PPP multiplexed packets.

MLP LFI Support

MLP LFI is not supported by the Cisco MWR 1941-DC router. Therefore, MLP LFI must be disabled on peer devices connecting to the Cisco MWR 1941-DC router T1 MLP connections.

ACFC and PFC Support on PPP Interfaces

If upgrading to Cisco IOS Release 12.2(8)MC2c or later for the ACFC and PFC support on PPP interfaces, ensure that you upgrade the MGX-RPM-1FE-CP backcard image first. After doing so, immediately upgrade all MWR 1941-DC routers connected to the MGX-RPM-1FE-CP back card.

Caveats in Cisco IOS Release 12.2(15)MC2l

The following sections list and describe the open and closed caveats for the Cisco MWR 1941-DC router running Cisco IOS Release 12.2(15)MC2l. Only severity 1 through 3 caveats are included.

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.

Caveats in Cisco IOS Releases 12.2 and 12.2 T are also in Cisco IOS Release 12.2(15)MC2l. For information on caveats in Cisco IOS Release 12.2, see Caveats for Cisco IOS Release 12.2. For information on caveats in Cisco IOS Release 12.2 T, see Caveats for Cisco IOS Release 12.2 T. These two documents list severity 1 and 2 caveats and are located on CCO and the Documentation DVD.


Note If you have an account with Cisco.com, you can use the Big Toolkit to find caveats of any severity for any release. To reach the Bug Toolkit, log in to Cisco.com and click Support > Tools & Resources > Bug Toolkit. Another option is to go directly to:
http://www.cisco.com/en/US/support/tsd_most_requested_tools.html


Open Caveats

There are no known open caveats in Cisco IOS Release 12.2(15)MC2l.

Resolved Caveats

This section lists the caveats that are resolved in Cisco IOS Release 12.2(15)MC2l.

CSCee08584

Description: Cisco Internetwork Operating System (IOS®) Software release trains 12.1YD, 12.2T, 12.3, and 12.3T when configured for the Cisco IOS Telephony Service (ITS), Cisco CallManager Express (CME), or Survivable Remote Site Telephony (SRST) may contain a vulnerability in processing certain malformed control protocol messages. A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS). This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml.

Workaround: Cisco has made free software upgrades available to address this vulnerability for all affected customers.There are workarounds available to mitigate the effects of the vulnerability (please refer to the advisory).

CSCee41508

Description: An IOS device may crash when configured for RSVP and a certain malformed Resource ReSerVation Protocol (RSVP) packet is processed.

Workaround: If RSVP is required, no workaround exists.If RSVP is not required, disabling RSVP on all interfaces removes any exposure to this issue.

RSVP can be disabled using the "no ip rsvp bandwidth" interface configuration command. The "show ip rsvp" EXEC command can be used on an IOS device to determine if RSVP functionality has been enabled. The "show ip rsvp interface" EXEC command may be used to identify the specific interfaces on which RSVP has been enabled.

CSCef48336

Description: A vulnerability exists in the processing of an OSPF packet that can be exploited to cause the reload of a system. Since OSPF needs to process unicast packets as well as multicast packets, this vulnerability can be exploited remotely. It is also possible for an attacker to target multiple systems on the local segment at one time.

Using OSPF Authentication can be used to mitigate the effects of this vulnerability. Using OSPF Authentication is a highly recommended security best practice. A Cisco device receiving a malformed OSPF packet will reset and may take several minutes to become fully functional. This vulnerability may be exploited repeatedly resulting in an extended DOS attack.

Workarounds: Using OSPF Authentication -

OSPF authentication may be used as a workaround. OSPF packets without a valid key will not be processed. MD5 authentication is highly recommended, due to inherent weaknesses in plain text authentication. With plain text authentication, the authentication key will be sent unencrypted over the network, which can allow an attacker on a local network segment to capture the key by sniffing packets. Refer to http://www.cisco.com/warp/public/104/25.shtml for more information about OSPF authentication.

Infrastructure Access Control Lists -

Although it is often difficult to block traffic transiting your network, it is possible to identify traffic which should never be allowed to target your infrastructure devices and block that traffic at the border of your network. Infrastructure ACLs are considered a network security best practice and should be considered as a long-term addition to good network security, as well as a workaround for this specific vulnerability. The white paper "Protecting Your Core: Infrastructure Protection Access Control Lists" presents guidelines and recommended deployment techniques for infrastructure protection ACLs, located at the following URL: http://www.cisco.com/warp/public/707/iacl.html.

CSCek37177

Description: The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service condition. This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the Cisco IOS device will not trigger this vulnerability.

Workaround: Cisco has made free software available to address this vulnerability for affected customers.There are workarounds available to mitigate the effects of the vulnerability. The advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml.

CSCin95836

Description: A Cisco IOS device configured for NHRP may restart.

Workaround: None.

CSCsc60249

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCse05736

Description: A router that is running RCP can be reloaded by a specific packet. This is seen under the following conditions:

The router must have RCP enabled.

The packet must come from the source address of the designated system configured to send RCP packets to the router.

The packet must have a specific data content.

Workaround: Put access lists on the edge of your network blocking RCP packets to prevent spoofed RSH packets. Use another protocol such as SCP. Use VTY ACLs.

CSCse68138

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCse85200

Description: Specifically crafted CDP packets can cause a router to allocate and keep extra memory. Exploitation of this behavior by sending multiple specifically crafted CDP packets could cause memory allocation problems on the router. Since CDP is a layer-2 protocol, this issue can only be triggered by systems that are residing on the same network segment.

Workaround: Disable on interfaces where CDP is not necessary.

CSCsf28840

Description: A vulnerability exists in the Data-link Switching (DLSw) feature in Cisco IOS where an invalid value in a DLSw message could result in a reload of the DLSw device. Successful exploitation of this vulnerability requires that an attacker be able to establish a DLSw connection to the device.

Workarounds: There are workarounds available for this vulnerability, as posted in the following advisory:

http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml

CSCsg40567

Description: On a Cisco router that has the <ip http secure server> command enabled, malformed SSL packets may cause a router to leak multiple memory blocks.

Workaround: Disable the <ip http secure server> command.

CSCsg70355

Description: The Cisco IOS configuration command "clock summer-time <zone> recurring <date>" uses United States standards for daylight savings time rules by default. The Energy Policy Act of 2005 (H.R.6.ENR), Section 110, changes the start date from the first Sunday of April to the second Sunday of March. It changes the end date from the last Sunday of October to the first Sunday of November.

Workaround: A workaround is possible by using the <clock summer-time> configuration command to manually configure the proper start date and end date for daylight savings time. After the summer-time period for calendar year 2007 is over, one can; for example, configure: clock summer-time PDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 (This example is for the US/Pacific time zone.)

Not a Workaround: Using NTP is not a workaround to this problem. NTP does not carry any information about timezones or summertime.

CSCsi01470

A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.

Caveats in Cisco IOS Release 12.2(15)MC2h

The following sections list and describe the open and closed caveats for the Cisco MWR 1941-DC router running Cisco IOS Release 12.2(15)MC2h. Only severity 1 through 3 caveats are included.

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.

Caveats in Cisco IOS Releases 12.2 and 12.2 T are also in Cisco IOS Release 12.2(15)MC2h. For information on caveats in Cisco IOS Release 12.2, see Caveats for Cisco IOS Release 12.2. For information on caveats in Cisco IOS Release 12.2 T, see Caveats for Cisco IOS Release 12.2 T. These two documents list severity 1 and 2 caveats and are located on CCO and the Documentation DVD.


Note If you have an account with Cisco.com, you can use the Big Toolkit to find caveats of any severity for any release. To reach the Bug Toolkit, log in to Cisco.com and click Support > Tools & Resources > Bug Toolkit. Another option is to go directly to:
http://www.cisco.com/en/US/support/tsd_most_requested_tools.html


Open Caveats

This section lists the open caveats in Cisco IOS Release 12.2(15)MC2h.

CSCse79757

Description: This caveat addresses the issue of trap loss during an MWR failover when T1/E1 relays on the active MWR are opened before multilink goes down. This issue was addressed originally in wireless_mc and later in v122_15_mc2 throttle, both through CSCea73056. The CSCea73056 fix involves forcing a multilink shutdown just when the relays open on the active MWR during failover, and bringing it back up very soon. This allowed just enough time for routing to converge and queued SNMP traps to pass through the active multilink.

But this fix was found to have other side effects causing loss of network connectivity and traffic outage. It was present in MC2e but had to be backed out in MC2f as a result of traffic outage during re-insertion of a GLI card. This was done through CSCsd25168 with the problem and reasons for backing out explained in detail. While the issue of trap loss is seen inconsistently, this fix always causes loss of traffic.

As a result, an effort is underway to address the trap loss issue by using a solution that does not involve bringing down multilink. The issue is being reproduced on an MC2g image and analyzed accordingly.

Workaround: There is currently no workaround.

CSCse79846

Description: The 10 SES results for error value less than 832 PCV in the E1 controller with error rate as 6e-5(120) and with lcv and pcv configuration set as follows:

Link noise monitor settings:

warning set lcv threshold: 400 pcv threshold: 271 duration: 10

clear lcv threshold: 400 pcv threshold: 271 duration: 10

remove set lcv threshold: 400 pcv threshold: 271 duration: 10

clear lcv threshold: 400 pcv threshold: 271 duration: 10

For E1-CRC signals, a Severely Errored Second is a second with either 832 or more Path Code Violation error events or one or more OOF defects.

Workaround: There is currently no workaround.

Resolved Caveats

This section lists the caveats that are resolved in Cisco Release 12.2(15)MC2h.

CSCec29309

Description: When an FE cable is re-inserted into an MWR running with Cisco IOS 12.3(3), instead of a linkUp display, an incorrect linkdown trap type ('2', down) is generated, and an up telltale locIfReason value is displayed.

Workaround: There is currently no workaround.

CSCsd76804

Description: The MWR-1900 does not load rmon commands on reload. The following errors occur on boot.

Alarm creation failure

Alarm creation failureboot: cannot determine first file name on device "flash:"

After performing a copy tftp start and reloading the device, rmon commands related to HSRP are marked as invalid and are not placed in the running config. The two commands are:

rmon alarm 2 cHsrpGrpEntry.15.1.1 180 absolute rising-threshold 6 3 falling-threshold 5 4 owner cisco

rmon alarm 3 cHsrpGrpEntry.15.2.2 180 absolute rising-threshold 6 3 falling-threshold 5 4 owner cisco

Workaround: The commands can be entered manually into the running configuration without a problem, After performing copy tftp start, do a wr mem to load commands properly on boot.

CSCee45312

Description: Remote Authentication Dial In User Service (RADIUS) authentication on a device that is running certain versions of Cisco Internetworking Operating System (IOS) and configured with a fallback method to none can be bypassed. Systems that are configured for other authentication methods or that are not configured with a fallback method to none are not affected. Only the systems that are running certain versions of Cisco IOS are affected. Not all configurations using RADIUS and none are vulnerable to this issue. Some configurations using RADIUS, none and an additional method are not affected.

Workaround: Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability. For more details see the following URL:

http://www.cisco.com/warp/public/707/cisco-sa-20050629-aaa.shtml

CSCsb11124

Description: The Cisco IOS Stack Group Bidding Protocol (SGBP) feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability.

Workaround: Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability. Cisco has published a Security Advisory on this issue; it is available at the following URL:

http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml

CSCsc64976

Description: A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically generated output, such as the output from a show buffers command, will be passed to the browser requesting the page. This HTML code could be interpreted by the client browser and potentially execute malicious commands against the device or other possible cross-site scripting attacks. Successful exploitation of this vulnerability requires that a user browse a page containing dynamic content in which HTML commands have been injected.

Workaround: Cisco will be making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability. This advisory is posted at the following URL:

http://www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml

CSCse08786

Description: This DDTS changes how IOS handles packets destined to the router or switch.

When sending ip packet with option 0x89 (strict source route) or 0x83 (loss source route) follow some invalid data, IOS throws out some error messages and trackback. The messages and trackback pop up every 60 seconds as long as the malformed packet is sent to the router.

Workaround: See the following URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Caveats in Cisco IOS Release 12.2(15)MC2g

The following sections list and describe the open and closed caveats for the Cisco MWR 1941-DC router running Cisco IOS Release 12.2(15)MC2g. Only severity 1 through 3 caveats are included.

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.

Caveats in Cisco IOS Releases 12.2 and 12.2 T are also in Cisco IOS Release 12.2(15)MC2g. For information on caveats in Cisco IOS Release 12.2, see Caveats for Cisco IOS Release 12.2. For information on caveats in Cisco IOS Release 12.2 T, see Caveats for Cisco IOS Release 12.2 T. These two documents list severity 1 and 2 caveats and are located on CCO and the Documentation DVD.


Note If you have an account with Cisco.com, you can use the Big Toolkit to find caveats of any severity for any release. To reach the Bug Toolkit, log in to Cisco.com and click Support > Tools & Resources > Bug Toolkit. Another option is to go directly to:
http://www.cisco.com/en/US/support/tsd_most_requested_tools.html



Note Open Caveats


There are no known open caveats in Cisco IOS Release 12.2(15)MC2g.

Resolved Caveats

This section lists the caveats that are resolved in Cisco Release 12.2(15)MC2g.

CSCdz37497

Description: Multicast packets are dropped by IOS until context is re-established.

This occurs during multicast on one flow at a rate of 100pps or more.

Workaround: Reduce the PPPMux subframe size on the RPM to a size smaller than a compressed multicast packet so that the multicast packets are not PPPMux'd.

CSCsd87054 (Duplicate of CSCdz37497)

Description: An RPM router running Cisco software release122-15.MC2e may drop multicast packets across a multilink interface if the ppp mux is configured on that interface.

Workaround: Reduce the PPPMux subframe size on the RPM to a size smaller than a compressed multicast packet so that the multicast packets are not PPPMux'd

Caveats in Cisco IOS Release 12.2(15)MC2f

The following sections list and describe the open and closed caveats for the Cisco MWR 1941-DC router running Cisco IOS Release 12.2(15)MC2f. Only severity 1 through 3 caveats are included.

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.

Caveats in Cisco IOS Releases 12.2 and 12.2 T are also in Cisco IOS Release 12.2(15)MC2f. For information on caveats in Cisco IOS Release 12.2, see Caveats for Cisco IOS Release 12.2. For information on caveats in Cisco IOS Release 12.2 T, see Caveats for Cisco IOS Release 12.2 T. These two documents list severity 1 and 2 caveats and are located on CCO and the Documentation DVD.


Note If you have an account with Cisco.com, you can use the Big Toolkit to find caveats of any severity for any release. To reach the Bug Toolkit, log in to Cisco.com and click Support > Tools & Resources > Bug Toolkit. Another option is to go directly to:
http://www.cisco.com/en/US/support/tsd_most_requested_tools.html


Open Caveats

This section lists the caveats that are open in Cisco Release 12.2(15)MC2f.

CSCea73056

Description: The MWFM or any other NMS system does not get important SNMP traps generated during failover. Up to 50% of the traps are lost.

During failover the Cisco MWR 1900 router software opens the T1/E1 relays on an active router without taking down the Multilink interface first. The Cisco MWR 1900 routing software keeps sending packets into the disconnected interface for the next few seconds until the interface Multilink goes down. Traps are sent and lost. Traps generated after the link is declared down are kept in the SNMP queue waiting to be routing in order to get restored.

Workaround: There is currently no workaround.

Resolved Caveats

This section lists the caveats that are resolved in Cisco Release 12.2(15)MC2f.

CSCsd25168

Description: The insertion of a GLI card to one of the Fast Ethernet (FE) ports of the Cisco MWR1900 router could cause the Multilink PPP interface to flap leading to a traffic outage for few seconds. A Hot Standby Routing Protocol (HSRP) swap over will also happen.

The Cisco MWR1900 routers are configured for HSRP redundancy and a GLI card insertion on the active Cisco MWR1900 router would cause the mlppp interface to go DOWN and come UP and would eventually cause the active Cisco MWR1900 router to become standby, and the standby router would then become the active router.

Workaround: There is no workaround to avoid the Multilink PPP interface from going down. However, to avoid HSRP swap over, the standby <number> preempt delay <seconds> commands can be configured. A value of 3 seconds is recommended.

Caveats in Cisco IOS Release 12.2(15)MC2e

The following sections list and describe the open and closed caveats for the Cisco MWR 1941-DC router running Cisco IOS Release 12.2(15)MC2e. Only severity 1 through 3 caveats are included.

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.

Caveats in Cisco IOS Releases 12.2 and 12.2 T are also in Cisco IOS Release 12.2(15)MC2e. For information on caveats in Cisco IOS Release 12.2, see Caveats for Cisco IOS Release 12.2. For information on caveats in Cisco IOS Release 12.2 T, see Caveats for Cisco IOS Release 12.2 T. These two documents list severity 1 and 2 caveats and are located on CCO and the Documentation DVD.


Note If you have an account with Cisco.com, you can use the Big Toolkit to find caveats of any severity for any release. To reach the Bug Toolkit, log in to Cisco.com and click Support > Tools & Resources > Bug Toolkit. Another option is to go directly to:
http://www.cisco.com/en/US/support/tsd_most_requested_tools.html


Open Caveats

This section lists the caveats that are open in Cisco Release 12.2(15)MC2e.

CSCeg37106

Description: Frame slips were observed on port 0/1 if the T1 cable on port 0/0 was disconnected.

This situation occurs when the T1 cable connected to the first VWIC port (either port 0/0 or port 0/2) is pulled out from either the MWR side or the FRSM/MPSM side, and frame slips are seen on the remaining port in the same controller.

Workaround: Connect and disconnect the T1 cable according to following sequence:

1. Connect port 0/0 first and then port 0/1.

2. Disconnect port 0/1 first and then port 0/0

3. Perform the same procedure to ports 0/2 and 0/3.

Resolved Caveats

This section lists the caveats that are resolved in Release 12.2(15)MC2e.

CSCea73056

Description: Mobile Wireless Fault Mediator (MWFM) or any other Network Management System (NMS) does not receive important Simple Network Management Protocol (SNMP) traps generated during failover. Up to 50% of the traps are lost.

During failover, the MWR 1900 routing software opens T1/E1 relays on the active router without taking down the Multilink interface first. The MWR 1900 routing software keeps sending packets into the disconnected interface for the next few seconds until the Multilink interface goes down. Traps are sent and lost. Traps generated after the link is declared down are kept in the SNMP queue waiting for the routing to become restored.

Workaround: There is currently no workaround.

CSCec20844

Description: If a virtual access interface is created and that interface is assigned to a multilink group interface by the application of the ppp multilink group group-number interface configuration command, then when the interface goes down, the configuration is not properly removed when the virtual access interface is recycled for reuse.

Perhaps the most visible effect of this symptom, is that if the virtual access interface negotiates to use multilink during a future session (a different use of the virtual access interface than the one when the interface was first created), the interface does not join the designated multilink group interface. Instead, a separate virtual access interface is created for the bundle. This behavior may lead to additional problems since the multilink bundle interface that is created probably does not have the desired configuration that is required for the connection.

This symptom is observed on all Cisco platforms that are running Cisco IOS Release 12.2(5) and later.

Workaround: There is currently no workaround.

CSCec46798

Description: A router may reload with a bus error when the Point-to-Point protocol (PPP) sessions are disconnected.

This symptom is observed on a Cisco router that is running an interim release of Cisco IOS Release 12.3(4). The symptom occurs on PPP sessions that are not directly associated with an interface or a subinterface (for example, PPP over ATM [PPPoATM] or Layer 2 Tunneling Protocol [L2TP]). Earlier releases of Cisco IOS software do not display this symptom.

Workaround: There is currently no workaround.

CSCec58486

Description: A Cisco 7200 router may unexpectedly reload. This problem occurs when the router attempts to correct a single bit error in memory (DRAM parity). The symptoms are similar to CSCdu00306 however CSCdu00306 may not correct every situation where this may occur.

This symptom is specific to Network Processing Engine (NPE-400).

Workaround: There is currently no workaround.

CSCed27956 (duplicate of CSCed38527)

Description: A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or Secure Shell [SSH] session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.

All Cisco products which contain TCP stack are susceptible to this vulnerability.

More details can be found in the security advisory which is posted at:

http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml

and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.

A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml

CSCed40933

Description: Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) attack from crafted IPv6 packets when the device has been configured to process IPv6 traffic. This vulnerability requires multiple crafted packets to be sent to the device which may result in a reload upon successful exploitation.

More details can be found in the security advisory which is posted at:

http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml

CSCed78149 (triplicate of CSCef6059 and CSCef61610)

Description: A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

a. Attacks that use ICMP "hard" error messages.

b. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks.

c. Attacks that use ICMP "source quench" messages.

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

More details can be found in the security advisory which is posted at:

http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.

More details can be found in the security advisory which is posted at:

http://www.cpni.gov.uk/Products/advisories.aspx

CSCef36231

Description: A Hot Standby Routing Protocol (HSRP) tracking configuration is not accepted when you re-enter the configuration after you first delete it.

This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2S or Release 12.3T.

Workaround: Configure interface tracking by entering the track 100 interface e2/3 line-protocol command. Then, set the HSRP group to track the tracking object number by entering the standby 1 track 100 command.

CSCef46191

Description: A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected.

All other device services will operate normally.

User initiated specially crafted TCP connection to a telnet or reverse telnet port results in blocking further telnet sessions. Whereas, services such as packet forwarding, routing protocols and all other communication to and through the device remains unaffected.

More details can be found in the security advisory which is posted at:

http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml

CSCef67682

Description: Reception of certain IPv6 fragments with carefully crafted illegal contents may cause a router running Cisco IOS to reload if it has IPv6 configured. This applies to all versions of Cisco IOS that include support for IPv6.

The system may be protected by installing appropriate access lists to filter all IPv6 fragments destined for the system. For example:

interface Ethernet0/0
    ipv6 traffic-filter nofragments in
  !
  ipv6 access-list nofragments
    deny ipv6 any <my address1> undetermined-transport
    deny ipv6 any <my address2> fragments
    permit ipv6 any any

This must be applied across all interfaces, and must be applied to all IPv6 addresses which the system recognizes as its own.

This will effectively disable reassembly of all IPv6 fragments. Some networks may rely on IPv6 fragmentation, so careful consideration should be given before applying this workaround.We would recommend for customers to upgrade to the fixed IOS release. All IOS releases listed in IPv6 Routing Header Vulnerability Advisory at

http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml contain fixes for this issue.

CSCef68324

Description: Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) attack and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.

Cisco has made free software available to address this vulnerability for all affected customers.

More details can be found in the security advisory which is posted at:

http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml

CSCeg60667

Description: In an active router, the relays are closed and the revertive interface should be in the ADMINDOWN state. However, when the interface is brought up, the command standby use-interface loopback 102 revertive is re-issued. This is causing an issue with Hot Standby Routing Protocol (HSRP) as the difference of HSRP priorities between the active and standby routers is no longer 5 but 10. As a result, a router swap will not occur when a single interface goes down.

This situation occurs when re-configuring the redundancy command which brings up revertive int lo102.

Workaround: Manually shut the interface down if it is re-configured.

CSCeg76600

Description: When the no shutdown command is configured on a Multilink interface, some links that are members of the multilink bundle may fail to renegotiate the PPP Link Control Protocol (LCP) and thus fail to activate the bundle.

This symptom occurs very rarely, and is usually associated with several multilink member links and the use of the shutdown and no shutdown commands in rapid succession on the Multilink interface.

Workaround: Configure shutdown on the Multilink interface, wait a few moments, then configure no shutdown.

CSCeh13489

Description: A router may reset its Border Gateway Protocol (BGP) session.

This symptom is observed when a Cisco router that peers with other routers receives an Autonomous System (AS) path with a length that is equal to or greater than 255.

Workaround: Configure the bgp maxas limit command in such a way that the maximum length of the AS path is a value below 255. When the router receives an update with an excessive AS path value, the prefix is rejected and the event is recorded in the log.

CSCeh33220

Description: When an FE cable is pulled out of a Cisco MWR 1900 Mobile Wireless Edge Router, a LINK DOWN Trap is generated. When the cable is inserted back in, the LINK DOWN Trap is generated again, instead of the LINK UP Trap.

This symptom occurs when the FE cable is pulled out and re-inserted in the Cisco MWR 1900 Mobile Wireless Edge Router.

Workaround: There is currently no workaround.

CSCeh54591

Description: The MWR controllers are down when the `detect v54 channel-group' is configured.

This symptom occurs when you Boot both redundancy MWRs at the same time. Some of the controllers can go down in the active MWR.

Workaround: Reload the active MWR to cause a failover. All the controllers will come up after the standby router becomes the active router.

CSCei61732

Description: Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.

Cisco has made free software available that includes the additional integrity checks for affected customers.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.

CSCei76358

Description: Through normal software maintenance processes, Cisco is removing deprecated functionality from the OS boot routine. These changes have no impact on system operation or feature availability.

CSCei77821

Description: Array indexing on toaster address queue may go out of array boundary. This may cause a crash or exhibit unexpected behavior.

Workaround: There is currently no workaround.

CSCsb17120

Description: When you send traffic through a link, after a few seconds the packets of traffic that are sent through the link are not incrementing, even though the Chars Out display clearly shows the packets are incrementing.

Workaround: There is currently no workaround.

Caveats in Cisco IOS Release 12.2(15)MC2b

The following sections list and describe the open and closed caveats for the Cisco MWR 1941-DC router running Cisco IOS Release 12.2(15)MC2b. Only severity 1 through 3 caveats are included.

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.

Caveats in Cisco IOS Releases 12.2 and 12.2 T are also in Cisco IOS Release 12.2(15)MC2b. For information on caveats in Cisco IOS Release 12.2, see Caveats for Cisco IOS Release 12.2. For information on caveats in Cisco IOS Release 12.2 T, see Caveats for Cisco IOS Release 12.2 T. These two documents list severity 1 and 2 caveats and are located on CCO and the Documentation DVD.


Note If you have an account with Cisco.com, you can use the Big Toolkit to find caveats of any severity for any release. To reach the Bug Toolkit, log in to Cisco.com and click Support > Tools & Resources > Bug Toolkit. Another option is to go directly to:
http://www.cisco.com/en/US/support/tsd_most_requested_tools.html


Open Caveats

There are no known open caveats in Cisco IOS Release 12.2(15)MC2b.

Resolved Caveats

This section lists the caveats that are resolved in Release 12.2(15)MC2b.

CSCeb86268

Description: An adjacent T1 link keeps having CRC input errors if the peer router has its T1 link shut. The serial interface on the router in question would keep resetting.

This problem only occurs on the GT96K serial interface when the peer router has its adjacent T1 link shut. This problem is observed in Cisco IOS 12.2T and 12.3.

Workaround: Shut down the T1 link on the router in question.

CSCec86420

Description: Cisco routers running Cisco IOS supporting Multi Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS) attacks on the MPLS disabled interfaces.

This vulnerability is only present in Cisco IOS release trains based on 12.1T, 12.2, 12.2T, 12.3 and 12.3T. Releases based on 12.1 mainline, 12.1E and all releases prior to 12.1 are not vulnerable.

This bug is a complementary fix to CSCeb56909 which addresses this vulnerability.

More details can be found in the security advisory which is posted at:

http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml

CSCee75683

Description: When a standby router is reloaded, it takes over as the active router.

This occurs more often when the IP address of the standby router is higher than the active router. Pre-emption occurs on reload.

Workaround: Unconfigure pre-emption when reloading the standby router if this additional swap over is considered an inconvenience and the outage is not considered acceptable.

CSCsa81379

Description: NetFlow Feature Acceleration CLI.

NetFlow Feature Acceleration has been deprecated and removed from Cisco IOS. The global command ip flow-cache feature-accelerate will no longer be recognized in any IOS configuration.

If your router configuration does not currently contain the command ip flow-cache feature-accelerate, this change does not affect you.

This removal does not require an upgrade of your existing installation.

The removal of NetFlow Feature Acceleration does not affect any other aspects of Netflow operation, for example Access-list processing. The features are separate and distinct.

Cisco Express Forwarding (CEF) supersedes the deprecated NetFlow Feature Acceleration.

Additionally, the following MIB objects and OIDs have been deprecated and removed from the netflow mib (CISCO-NETFLOW-MIB):

cnfFeatureAcceleration 1.3.6.1.4.1.9.9.99999.1.3

cnfFeatureAccelerationEnable 1.3.6.1.4.1.9.9.99999.1.3.1

cnfFeatureAvailableSlot 1.3.6.1.4.1.9.9.99999.1.3.2

cnfFeatureActiveSlot 1.3.6.1.4.1.9.9.99999.1.3.3

cnfFeatureTable 1.3.6.1.4.1.9.9.99999.1.3.4

cnfFeatureEntry 1.3.6.1.4.1.9.9.99999.1.3.4.1

cnfFeatureType 1.3.6.1.4.1.9.9.99999.1.3.4.1.1

cnfFeatureSlot 1.3.6.1.4.1.9.9.99999.1.3.4.1.2

cnfFeatureActive 1.3.6.1.4.1.9.9.99999.1.3.4.1.3

cnfFeatureAttaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.4

cnfFeatureDetaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.5

cnfFeatureConfigChanges 1.3.6.1.4.1.9.9.99999.1.3.4.1.6

Caveats in Cisco IOS Release 12.2(15)MC2a

The following sections list and describe the open and closed caveats for the Cisco MWR 1941-DC router running Cisco IOS Release 12.2(15)MC2a. Only severity 1 through 3 caveats are included.

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.

Caveats in Cisco IOS Releases 12.2 and 12.2 T are also in Cisco IOS Release 12.2(15)MC2a. For information on caveats in Cisco IOS Release 12.2, see Caveats for Cisco IOS Release 12.2. For information on caveats in Cisco IOS Release 12.2 T, see Caveats for Cisco IOS Release 12.2 T. These two documents list severity 1 and 2 caveats and are located on CCO and the Documentation DVD.


Note If you have an account with Cisco.com, you can use the Big Toolkit to find caveats of any severity for any release. To reach the Bug Toolkit, log in to Cisco.com and click Support > Tools & Resources > Bug Toolkit. Another option is to go directly to:
http://www.cisco.com/en/US/support/tsd_most_requested_tools.html


Open Caveats

The caveats listed in this section are open in Cisco IOS Release 12.2(15)MC2a.

CSCdz37497

Description: When PPPMux and cUDP are configured, during periods of sustained multicast traffic at a rate of 100 pps or more causes a periodic "out-of-sequence" condition in the MWR 1941-DC IOS decompression.

Workaround: Reduce the rate of multicast traffic.

CSCea73056

Description: During a failover, the MWR 1941-DC router software opens T1/E1 relays on the active router without taking down the multilink interface first. Packets are sent to the disconnected interface for the next several second until the multilink interface is declared down. This condition causes the network management system to not receive SNMP traps generated during the failover.

Workaround: There is currently no workaround.

CSCea85262

Description: When shutting down a multilink interface, the virtual access (VA) interface associated with the multilink interface flaps.

Workaround: Shut down the subinterface associated with the multilink group.

Resolved Caveats

This section lists the caveats that are resolved in Release 12.2(15)MC2a.

CSCdz32659

Description: Memory allocation failure (MALLOCFAIL) messages no longer occur for Cisco Discovery Protocol (CDP) processes.

CSCec16481

A Cisco device running Internetwork Operating System (IOS) and enabled for the Open Shortest Path First (OSPF) Protocol is vulnerable to a Denial of Service (DoS) attack from a malformed OSPF packet. The OSPF protocol is not enabled by default.

The vulnerability is only present in IOS release trains based on 12.0S, 12.2, and 12.3. Releases based on 12.0, 12.1 mainlines and all IOS images prior to 12.0 are not affected. Refer to the Security Advisory for a complete list of affected release trains.

Further details and the workarounds to mitigate the effects are explained in the Security Advisory which is available at the following URL:

http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml.

CSCec25430

Description: A Cisco device reloads on receipt of a corrupt CDP packet.

CSCec55704

Description: The carrier delay detects interface flaps and closes a serial interface even though the carrier delay timer was not exceeded.

CSCec85345

Description: On occasion, when an MWR 1941-DC router relay closes, syslog messages report the relay as opening.

CSCed23981

Description: When a PPP multiplexed ICMP echo request is sent to an MWR 1900 series router, the MWR 1941-DC router corrupts the ICMP data payload when de-multiplexing the ICMP packets.

CSCed40563

Description: Problems with the CDP protocol have been resolved.

CSCin67568

Description: A Cisco device experiences a memory leak in the CDP process. The device sending CDP packets sends a hostname that is 256 or more characters. There are no problems with a hostname of 255 or fewer characters.

Unreproducible Caveat

The caveat listed in this section has not been reproduced during testing. In the unlikely event you experience the problem described in this section, contact Cisco customer service.

CSCdz48133

Description: Periods of sustained mixed traffic (UDP multicast, IP, and TCP) might cause the MWR 1941-DC router to crash.

Troubleshooting

Collecting Data for Router Issues

To collect data for reporting router issues, issue the following command:

show tech-support—Displays general information about the router when it reports a problem.

Collecting Data for Redundancy Issues

To collect data for redundancy-related issues, issue the following commands while in EXEC mode:

show cdp neighbors—Displays detailed information about neighboring devices discovered using Cisco Discovery Protocol (CDP).

show controllers—Displays information that is specific to the hardware.

show ip interface—Displays the usability status of interfaces configured for IP.

show redundancy—Displays current or historical status and related information on redundant Dial Shelf Controllers (DSCs).

show standby—Displays Hot Standby Router Protocol (HSRP) information.

show standby brief—Displays Hot Standby Router Protocol (HSRP) information; specifically, with the brief keyword specified, a single line of output summarizing each standby group.

Collecting Data for ROMmon Issues

To collect data for ROMmon issues, issue the following command while in EXEC mode:

showmon— Displays currently selected ROM monitor.

Collecting Data for Router Rebooting to ROMmon

If a router reboot to ROMmon occurs, issue the dir device ID command where device ID is slot0:, and look for the router processor or network processor exception file (crashinfo* or pxf_crashinfo* respectively). Once you have located one of these files, you can email the file along with a description of the problem to your Cisco representative.

Documentation Updates

The following sections describe updates to the published documentation for the Cisco MWR 1941-DC router. The heading in this section corresponds with the applicable section title in the documentation.

Configuring RTP/UDP Compression

The maximum number of RTP header compression connections per MLP bundle is documented as 600 when in fact, up to 1000 connections are supported on an interface. This change also applies to the ip rtp header-compression command description.

The show ip rtp header-compression Command

The detail keyword is not supported in the show ip rtp header-compression command. Therefore, output does not display for the detail keyword if it is specified in command.

Configuring T1 Interfaces

Some configuration modes shown in the procedure for configuring T1 interfaces in the "Configuring T1 Interfaces" of the Cisco MWR 1900 Software Configuration Guide are incorrect. The correct command modes are as follows:


Step 1 Specify the controller that you want to configure. For information about interface numbering, see the Understanding Interface Numbering section.

Router(config)# controller t1 slot/port 

Step 2 Specify the framing type.

Router(config-controller)# framing esf

Step 3 Specify the line code format.

Router(config-controller)# linecode b8zs 

Step 4 Specify the channel group and time slots to be mapped. For the VWIC interfaces, you can configure two channel-groups (0 and 1) on the first T1 port or you can configure one channel-group (0 or 1) on each T1 port. Once you configure a channel group, the serial interface is automatically created.


Note The default speed of the channel group is 56. To get full DS0/DS1 bandwidth, you must configure a speed of 64.


Router(config-controller)# channel-group 0 timeslots 1-24 speed 64 

Step 5 Configure the cable length.

Router(config-controller)# cablelength feet

Note Although you can specify a cable length from 0 to 450 feet, the hardware only recognizes two ranges: 0 to 49 and 50 to 450. For example, entering 35 feet uses the 0 to 49 range. If you later change the cable length to 40 feet, there is no change because 40 is within the 0 to 49 range. However, if you change the cable length to 50, the 50 to 450 range is used. The actual number you enter is stored in the configuration file.


Step 6 Exit controller configuration mode.

Router(config-controller)# exit 

Step 7 Configure the serial interface. Specify the T1 slot (always 0), port number, and channel group.

Router(config)# interface serial slot/port:0 

Step 8 Assign an IP address and subnet mask to the interface. If the interface is a member of a Multilink bundle (MLPPP), then skip this step.

Router(config-if)# ip address ip_address subnet_mask 

Step 9 Before you can enable RTP header compression, you must have configured a serial line that uses PPP encapsulation. Enter the following command to configure PPP encapsulation.

Router(config-if)# encapsulation ppp 

Step 10 Set the carrier delay for the serial interface.

Router(config-if)# carrier-delay number 

Step 11 Return to Step 1 to configure the second port on the VWIC and the ports on any additional VWICs.

Step 12 Exit to global configuration mode.

Router(config-if)# exit 


Configuring Redundancy

Before configuring redundant MWR 1941-DC routers as described in the "Configuring T1 Interfaces" section of the Cisco MWR 1900 Software Configuration Guide, ensure that you disable EADI capabilities on the router by issuing the disable-eadi global configuration command as follows:

Router(config)# disable-eadi 

Related Documentation

The following sections describe the documentation available for the Cisco MWR 1941-DC router. These documents consist of hardware and software installation guides, Cisco IOS configuration guides and command references, system error messages, and other documents.

Documentation is available as printed manuals or electronic documents.

Platform-Specific Documents

These documents are available for the Cisco MWR 1941-DC router on Cisco.com and the Documentation DVD:

Cisco MWR 1941-DC Mobile Wireless Edge Router

Cisco MWR 1941-DC Hardware Installation Guide

Cisco MWR 1900 Software Configuration Guide

Cisco MWR 1941-DC Rack Mounting Instructions

Cisco MWR 1941-DC Regulatory Compliance and Safety Information

VWIC-2MFT-T1-DIR, VWIC-2MFT-E1-DIR Installation Instructions

MGX-RPM-1FE-CP Back Card Installation and Configuration Note

On Cisco.com at:

Technical Support and Documentation: Documentation: Routers: Cisco MWR 1900 Mobile Wireless Routers: Install and Upgrade Guides: Cisco 1900 Mobile Wireless Routers

then, under the menu title Cisco 1941-DC Mobile Wireless Edge Router, choose the type document.

On the Documentation DVD at:

Cisco Product Documentation: Fixed and Mobile Wireless Solution: Mobile Wireless Products: Cisco Radio Access Network Products: Cisco Mobile Wireless IP RAN:

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html