Release Notes for Cisco uBR7100 Series for Cisco IOS Release 12.3 BC

Table Of Contents

Release Notes for Cisco uBR7100 Series for Cisco IOS Release 12.3 BC

Contents

Introduction

Overview of Cisco Universal Broadband Routers

Cisco uBR7100 Series Universal Broadband Routers

Cisco uBR7111 and Cisco uBR7111E Universal Broadband Routers

Cisco uBR7114 and Cisco uBR7114E Universal Broadband Routers

Universal Broadband Router Overview

Early Deployment Releases

System Requirements

Memory Recommendations

Supported Hardware

Port Adapter Cards

Determining Your Software Release

Upgrading to a New Software Release

DOCSIS System Interoperability on the Cisco uBR7100 Series CMTS

DOCSIS 1.0 Baseline Privacy

Cable Modem Interoperability

DOCSIS 1.0 and 1.0+ Extensions

DOCSIS 1.1 Extensions

Feature Support

New and Changed Information

New Hardware Features in Cisco IOS Release 12.3(21a)BC9

New Software Features in Cisco IOS Release 12.3(21a)BC9

New Hardware Features in Cisco IOS Release 12.3(23)BC6

New Software Features in Cisco IOS Release 12.3(23)BC5

New Hardware Features in Cisco IOS Release 12.3(23)BC5

New Software Features in Cisco IOS Release 12.3(23)BC5

New Hardware Features in Cisco IOS Release 12.3(23)BC4

New Software Features in Cisco IOS Release 12.3(23)BC4

New Hardware Features in Cisco IOS Release 12.3(21a)BC8

New Software Features in Cisco IOS Release 12.3(21a)BC8

New Hardware Features in Cisco IOS Release 12.3(23)BC3

New Software Features in Cisco IOS Release 12.3(23)BC3

New Hardware Features in Cisco IOS Release 12.3(23)BC2

New Software Features in Cisco IOS Release 12.3(23)BC2

Subscriber Traffic Management Version 1.2

New Hardware Features in Cisco IOS Release 12.3(21a)BC7

New Software Features in Cisco IOS Release 12.3(21a)BC7

New Hardware Features in Cisco IOS Release 12.3(23)BC1

New Software Features in Cisco IOS Release 12.3(23)BC1

New Hardware Features in Cisco IOS Release 12.3(21a)BC6

New Software Features in Cisco IOS Release 12.3(21a)BC6

New Hardware Features in Cisco IOS Release 12.3(21a)BC5

New Software Features in Cisco IOS Release 12.3(21a)BC5

New Hardware Features in Cisco IOS Release 12.3(23)BC

DOCSIS Timing & Control Card (DTCC)

New Software Features in Cisco IOS Release 12.3(23)BC

New Hardware Features in Cisco IOS Release 12.3(21a)BC4

New Software Features in Cisco IOS Release 12.3(21a)BC4

New Hardware Features in Cisco IOS Release 12.3(21a)BC3

New Software Features in Cisco IOS Release 12.3(21a)BC3

New Hardware Features in Cisco IOS Release 12.3(21a)BC2

New Software Features in Cisco IOS Release 12.3(21a)BC2

New Hardware Features in Cisco IOS Release 12.3(21a)BC1

New Software Features in Cisco IOS Release 12.3(21a)BC1

New Hardware Features in Cisco IOS Release 12.3(21)BC

New Software Features in Cisco IOS Release 12.3(21)BC

Automatic Virtual Interface Bundles

Cable DHCP Enhancements

Per Downstream Static Multicast

SAMIS Source Address Management

New Hardware Features in Cisco IOS Release 12.3(17b)BC9

New Software Features in Cisco IOS Release 12.3(17b)BC9

New Hardware Features in Cisco IOS Release 12.3(17b)BC8

New Software Features in Cisco IOS Release 12.3(17b)BC8

New Hardware Features in Cisco IOS Release 12.3(17b)BC7

New Software Features in Cisco IOS Release 12.3(17b)BC7

New Hardware Features in Cisco IOS Release 12.3(17b)BC6

New Software Features in Cisco IOS Release 12.3(17b)BC6

New Hardware Features in Cisco IOS Release 12.3(17b)BC5

New Software Features in Cisco IOS Release 12.3(17b)BC5

New Hardware Features in Cisco IOS Release 12.3(17b)BC4

New Software Features in Cisco IOS Release 12.3(17b)BC4

Downstream Load Balancing Distribution with Upstream Load Balancing

New Hardware Features in Cisco IOS Release 12.3(17b)BC3

New Software Features in Cisco IOS Release 12.3(17b)BC3

New Hardware Features in Cisco IOS Release 12.3(17a)BC2

New Software Features in Cisco IOS Release 12.3(17a)BC2

Advanced-Mode DOCSIS Set-Top Gateway Issue 1.2

DOCSIS1.0 TOS Overwrite

New Hardware Features in Cisco IOS Release 12.3(17a)BC1

New Software Features in Cisco IOS Release 12.3(17a)BC1

New Hardware Features in Cisco IOS Release 12.3(17a)BC

New Software Features in Cisco IOS Release 12.3(17a)BC

Cable Monitor Enhancements

Configurable Leasequery Server

Dynamic Channel Change (DCC) for Load balancing

DOCSIS 2.0 SAMIS ECR Data Set

DSX Messages and Synchronized PHS Information

High Availability Support for Encrypted IP Multicast

IPv6 over L2VPN

Management Information Base (MIB) Changes and Enhancements

Pre-equalization Control for Cable Modems

show cable modem Command Changes

New Hardware Features in Cisco IOS Release 12.3(13a)BC6

New Software Features in Cisco IOS Release 12.3(13a)BC6

New Hardware Features in Cisco IOS Release 12.3(13a)BC5

New Software Features in Cisco IOS Release 12.3(13a)BC5

New Hardware Features in Cisco IOS Release 12.3(13a)BC4

New Software Features in Cisco IOS Release 12.3(13a)BC4

New Hardware Features in Cisco IOS Release 12.3(13a)BC3

New Software Features in Cisco IOS Release 12.3(13a)BC3

New Hardware Features in Cisco IOS Release 12.3(13a)BC2

New Software Features in Cisco IOS Release 12.3(13a)BC2

New Hardware Features in Cisco IOS Release 12.3(13a)BC1

New Software Features in Cisco IOS Release 12.3(13a)BC1

New Hardware Features in Cisco IOS Release 12.3(13a)BC

New Software Features in Cisco IOS Release 12.3(13a)BC

Access List Support for COPS Intercept

DOCSIS 1.0 Concatenation Override

Enhanced Rate Bandwidth Allocation (ERBA) Support for DOCSIS 1.0 Cable Modems

MLPPP Support

Service Independent Intercept (SII) Support on the Cisco uBR7100 CMTS

Optional Upstream Scheduler Modes

New Hardware Features in Cisco IOS Release 12.3(9a)BC8

New Software Features in Cisco IOS Release 12.3(9a)BC8

New Hardware Features in Cisco IOS Release 12.3(9a)BC7

New Software Features in Cisco IOS Release 12.3(9a)BC7

New Hardware Features in Cisco IOS Release 12.3(9a)BC6

New Software Features in Cisco IOS Release 12.3(9a)BC6

New Hardware Features in Cisco IOS Release 12.3(9a)BC5

New Software Features in Cisco IOS Release 12.3(9a)BC5

New Hardware Features in Cisco IOS Release 12.3(9a)BC4

New Software Features in Cisco IOS Release 12.3(9a)BC4

New Hardware Features in Cisco IOS Release 12.3(9a)BC3

New Software Features in Cisco IOS Release 12.3(9a)BC3

New Hardware Features in Cisco IOS Release 12.3(9a)BC2

New Software Features in Cisco IOS Release 12.3(9a)BC2

New Hardware Features in Cisco IOS Release 12.3(9a)BC1

New Software Features in Cisco IOS Release 12.3(9a)BC1

New Hardware Features in Cisco IOS Release 12.3(9a)BC

New Software Features for Cisco IOS Release 12.3(9a)BC

Cable ARP Filter Enhancement

Cisco Broadband Troubleshooter 3.2

Cisco IOS Release 12.3(9a)BC Command-Line Interface (CLI) Enhancements

DOCSIS Set-Top Gateway Issue 1.0

MIBs Changes and Updates in Cisco IOS Release 12.3(9a)BC

Subscriber Traffic Management (STM) Version 1.1

Important Notes

How to Upgrade to Cisco IOS Release 12.3(21)BC

Symptoms of Corrupted NVRAM

Conditions of Corrupted NVRAM

New Command Information for Cisco IOS Release 12.3(21)BC3

controller modular-cable

clear cable modem reset

hw-module shutdown

show cable modem summary

New and Changed Command Reference for Cisco IOS Release 12.3(9a)BC

cable source-verify

show cable tech-support

show controllers cable

show tech-support

Caveats

Open Caveats for Release 12.3(21a)BC9.

Resolved Caveats for Release 12.3(21a)BC9

Open Caveats for Release 12.3(23)BC8

Resolved Caveats for Release 12.3(23)BC8

Open Caveats for Release 12.3(23)BC6

Resolved Caveats for Release 12.3(23)BC6

Open Caveats for Release 12.3(23)BC5

Resolved Caveats for Release 12.3(23)BC5

Open Caveats for Release 12.3(23)BC4

Resolved Caveats for Release 12.3(23)BC4

Open Caveats for Release 12.3(21a)BC8

Resolved Caveats for Release 12.3(21a)BC8

Open Caveats for Release 12.3(23)BC3

Resolved Caveats for Release 12.3(23)BC3

Open Caveats for Release 12.3(23)BC2

Resolved Caveats for Release 12.3(23)BC2

Open Caveats for Release 12.3(21a)BC7

Resolved Caveats for Release 12.3(21a)BC7

Open Caveats for Release 12.3(23)BC1

Resolved Caveats for Release 12.3(23)BC1

Open Caveats for Release 12.3(21a)BC6

Resolved Caveats for Release 12.3(21a)BC6

Open Caveats for Release 12.3(21a)BC5

Resolved Caveats for Release 12.3(21a)BC5

Open Caveats for Release 12.3(23)BC

Resolved Caveats for Release 12.3(23)BC

Open Caveats for Release 12.3(21a)BC4

Resolved Caveats for Release 12.3(21a)BC4

Open Caveats for Release 12.3(21a)BC3

Resolved Caveats for Release 12.3(21a)BC3

Open Caveats for Release 12.3(21a)BC2

Resolved Caveats for Release 12.3(21a)BC2

Open Caveats for Release 12.3(21a)BC1

Resolved Caveats for Release 12.3(21a)BC1

Open Caveats for Release 12.3(21)BC

Resolved Caveats for Release 12.3(21)BC

Open Caveats for Release 12.3(17b)BC9

Resolved Caveats for Release 12.3(17b)BC9

Open Caveats for Release 12.3(17b)BC8

Resolved Caveats for Release 12.3(17b)BC8

Open Caveats for Release 12.3(17b)BC7

Resolved Caveats for Release 12.3(17b)BC7

Open Caveats for Release 12.3(17b)BC6

Resolved Caveats for Release 12.3(17b)BC6

Open Caveats for Release 12.3(17b)BC5

Resolved Caveats for Release 12.3(17b)BC5

Open Caveats for Release 12.3(17b)BC4

Resolved Caveats for Release 12.3(17b)BC4

Open Caveats for Release 12.3(17b)BC3

Resolved Caveats for Release 12.3(17b)BC3

Open Caveats for Release 12.3(17a)BC2

Resolved Caveats for Release 12.3(17a)BC2

Open Caveats for Release 12.3(17a)BC1

Resolved Caveats for Release 12.3(17a)BC1

Open Caveats for Release 12.3(17a)BC

Resolved Caveats for Release 12.3(17a)BC

Open Caveats for Release 12.3(13a)BC6

Resolved Caveats for Release 12.3(13a)BC6

Open Caveats for Release 12.3(13a)BC5

Resolved Caveats for Release 12.3(13a)BC5

Open Caveats for Release 12.3(13a)BC4

Resolved Caveats for Release 12.3(13a)BC4

Open Caveats for Release 12.3(13a)BC3

Resolved Caveats for Release 12.3(13a)BC3

Open Caveats for Release 12.3(13a)BC2

Resolved Caveats for Release 12.3(13a)BC2

Open Caveats for Release 12.3(13a)BC1

Resolved Caveats for Release 12.3(13a)BC1

Open Caveats for Release 12.3(13a)BC

Resolved Caveats for Release 12.3(13a)BC

Open Caveats for Release 12.3(9a)BC8

Resolved Caveats for Release 12.3(9a)BC8

Open Caveats for Release 12.3(9a)BC7

Resolved Caveats for Release 12.3(9a)BC7

Open Caveats for Release 12.3(9a)BC6

Resolved Caveats for Release 12.3(9a)BC6

Open Caveats for Release 12.3(9a)BC5

Resolved Caveats for Release 12.3(9a)BC5

Open Caveats for Release 12.3(9a)BC4

Resolved Caveats for Release 12.3(9a)BC4

Open Caveats for Release 12.3(9a)BC3

Resolved Caveats for Release 12.3(9a)BC3

Open Caveats for Release 12.3(9a)BC2

Resolved Caveats for Release 12.3(9a)BC2

Open Caveats for Release 12.3(9a)BC1

Resolved Caveats for Release 12.3(9a)BC1

Open Caveats for Release 12.3(9a)BC

Resolved Caveats for Release 12.3(9a)BC

Related Documentation

Release-Specific Documents

Platform-Specific Documents

Feature Modules

Cisco Feature Navigator

Cisco IOS Software Documentation Set

Documentation Modules

Release 12.3 Documentation Set

Obtaining Documentation, Obtaining Support, and Security Guidelines

Release Notes for Cisco uBR7100 Series for Cisco IOS Release 12.3 BC

Revised: September 23, 2009, OL-16010-07

The release notes for Cisco IOS Release 12.3BC for the Cisco uBR7100 series universal broadband routers describe the enhancements and caveats for all releases in the cable-specific, early deployment, 12.3BC release trains. Some of the most recent releases in 12.3BC include 12.3(17b)BCx-, 12.3(21a)BCx-, and 12.3(23)BCx-based releases.

These release notes are updated with each release in the train. This update adds information for Cisco IOS Release 12.3(23)BC5. For a list of the updated caveats that apply to each release, see the "Caveats" section and also the Caveats for Cisco IOS Release 12.3 T. Use these release notes in conjunction with the cross-platform Release Notes for Cisco IOS Release 12.3 T located on Cisco.com and the Documentation CD-ROM.

Cisco recommends that you view the field notices for this release to see if your software or hardware platforms are affected. If you have an account on Cisco.com, you can find field notices at http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html. If you do not have a Cisco.com login account, you can find field notices at http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html.

Contents

These release notes describe the following topics:

•Introduction

•Early Deployment Releases

•System Requirements

•Feature Support

•New and Changed Information

•Important Notes

•Caveats

•Related Documentation

•Obtaining Documentation, Obtaining Support, and Security Guidelines

Introduction

For information on new features and the Cisco IOS documentation set supported by Cisco IOS Release 12.3(23)BC5, see the "New and Changed Information" section and the "Related Documentation" section.

Overview of Cisco Universal Broadband Routers

The Cisco uBR7100 series universal broadband routers—the Cisco uBR7111, Cisco uBR7111E, Cisco uBR7114, and Cisco uBR7114E—are based on the Data-over-Cable Service Interface Specification (DOCSIS) standards and designed to be installed at small cable operators and multiple dwelling unit (MDU) operators to enable them to offer services such as e-mail, high-speed Internet access, voice, and digital video over a bidirectional cable television and IP backbone network. The universal broadband routers function as the cable modem termination system (CMTS) for subscriber-end devices such as Cisco uBR905, Cisco uBR924, and Cisco uBR925 cable access routers, and other DOCSIS-compliant cable modems (CMs) and set-top boxes (STBs).

Both the Cisco uBR7100 series and Cisco uBR7200 series universal broadband routers allow two-way transmission of digital data and Voice over IP (VoIP) traffic over a hybrid fiber-coaxial (HFC) network. The Cisco uBR7100 series routers support IP routing with a wide variety of protocols and WAN interfaces selections.

Cisco IOS Release 12.3(23)BC5 supports the Cisco uBR7111, Cisco uBR7111E, Cisco uBR7114, and Cisco uBR7114E universal broadband routers.

Cisco uBR7100 Series Universal Broadband Routers

The Cisco uBR7100 series routers provide a fixed set of WAN and LAN interfaces with a combination of fixed and modular interfaces, allowing both flexibility and simplicity in configuration. Each Cisco uBR7100 series router includes one modular single-width port adapter, one integrated cable interface with an internal upconverter, and two integrated Fast Ethernet ports. The cable interface is based on the Cisco uBR-MC14C cable interface line card and is not field-replaceable.

The Cisco uBR7100 series routers support IP routing through the following optional WAN and LAN port adapters: Ethernet, Fast Ethernet, serial, High-Speed Serial Interface (HSSI), Packet over SONET (POS) OC-3c, and Asynchronous Transfer Mode (ATM) media. For more information, see Table 4.

Depending on the model, the Cisco uBR7100 series routers support the following two standards:

•Data Over Cable Service Interface Specifications (DOCSIS), which supports the 6 MHz North American channel plans using the ITU J.83 Annex B RF standard. The downstream uses a 6 MHz channel width in the 85 to 860 MHz frequency range, and the upstream supports the 5 to 42 MHz frequency range.

•European Data Over Cable Service Interface Specifications (EuroDOCSIS), which supports the 8 MHz Phase Alternating Line (PAL) and Systeme Electronique Couleur Avec Memoire (SECAM) channel plans using the ITU J.112 Annex A RF standard. The downstream uses an 8 MHz channel width in the 85 to 860 MHz frequency range, and the upstream supports multiple channel widths in the 5 to 65 MHz frequency range.

The Cisco uBR7100 series offers the following models:

•The Cisco uBR7111 and Cisco uBR7111E universal broadband routers provide a cable interface with one downstream port and one upstream port. The downstream port can be output either as an RF signal through the integrated upconverter or as an IF signal for processing by an external upconverter. The Cisco uBR7111 router supports DOCSIS cable plants, and the Cisco uBR7111E supports EuroDOCSIS cable plants.

•The Cisco uBR7114 and Cisco uBR7114E universal broadband routers provide a cable interface with one downstream port and four upstream ports. The downstream port can be output either as an RF signal through the integrated upconverter or as an IF signal for processing by an external upconverter. The Cisco uBR7114 router supports DOCSIS cable plants, and the Cisco uBR7114E supports EuroDOCSIS cable plants.

Cisco uBR7111 and Cisco uBR7111E Universal Broadband Routers

The Cisco uBR7111 and Cisco uBR7111E provide the following major hardware features:

•Integrated network processing engine

•1 upstream cable modem interface

•1 downstream cable modem interface

•2 Fast Ethernet ports

•1 port adapter slot

•1 service adapter slot

•1 AC power supply

•1 Personal Computer Memory Card International Association (PCMCIA) slot that allows for software upgrades through the use of Flash memory cards

Cisco uBR7114 and Cisco uBR7114E Universal Broadband Routers

The Cisco uBR7114 and Cisco uBR7114E provide the following major hardware features:

•Integrated network processing engine

•1 downstream cable modem interface

•4 upstream cable modem interfaces

•2 Fast Ethernet ports

•1 port adapter slot

•1 service adapter slot

•1 AC power supply

•1 Personal Computer Memory Card International Association (PCMCIA) slot that allows for software upgrades through the use of Flash memory cards

Universal Broadband Router Overview

Table 1 provides a quick overview of the major hardware features of the two universal broadband routers.

Table 1 Universal Broadband Router Overview

Supported Hardware

Cisco uBR7111, Cisco uBR7111E

Cisco uBR7114, Cisco uBR7114E

Upstream Cable Modem Interfaces

1

4

Downstream Cable Modem Interfaces

1

1

Fast Ethernet Ports

2

2

Port Adapter Slots

1

1

Service Adapter Slots

1

1

Power Supplies

1

1

PCMCIA Slots

1

1

Early Deployment Releases

These release notes describe the Cisco uBR7100 series universal broadband routers for Cisco IOS Release 12.3(23)BC5. Feature support is cumulative from release to release, unless otherwise noted.

Table 2 lists any features supported by the Cisco uBR7100 Series routers in Cisco IOS Release 12.3 BC. For complete feature information, refer to these additional resources on Cisco.com:

•Cisco uBR7100 Series Universal Broadband Router Release Notes on Cisco.com:

http://www.cisco.com/en/US/products/hw/cable/ps2211/prod_release_notes_list.html.

•Cisco uBR7100 Series Universal Broadband Router Software Configuration Guide

http://www.cisco.com/en/US/docs/cable/cmts/ubr7100/configuration/guide/scg7100.html.

•Cisco Broadband Cable Command Reference Guide

http://www.cisco.com/en/US/docs/ios/cable/command/reference/cbl_book.html.

Table 2 Early Deployment (ED) Releases for the Cisco uBR7100 Series Routers

ED Release

Additional Software Features¹ and MIBs²

Additional Hardware Features

Hardware
Availability

Cisco IOS Release 12.3(21a)BC9

None

None

Now

Cisco IOS Release 12.3(23)BC6

None

None

Now

Cisco IOS Release 12.3(23)BC5

None

None

Now

Cisco IOS Release 12.3(23)BC4

None

None

Now

Cisco IOS Release 12.3(21a)BC8

None

None

Now

Cisco IOS Release 12.3(23)BC3

None

None

Now

Cisco IOS Release 12.3(23)BC2

Subscriber Traffic Management Version 1.2

None

Now

Cisco IOS Release 12.3(21a)BC7

None

None

Now

Cisco IOS Release 12.3(23)BC1

None

None

Now

Cisco IOS Release 12.3(21a)BC6

None

None

Now

Cisco IOS Release 12.3(21a)BC5

None

None

Now

Cisco IOS Release 12.3(23)BC

None

None

Now

Cisco IOS Release 12.3(21a)BC4

None

None

Now

Cisco IOS Release 12.3(21a)BC3

None

None

Now

Cisco IOS Release 12.3(21a)BC2

None

None

Now

Cisco IOS Release 12.3(21a)BC1

None

None

Now

Cisco IOS Release 12.3(21)BC

•Automatic Virtual Interface Bundles

•Cable DHCP Enhancements

•Per Downstream Static Multicast

•SAMIS Source Address Management

None

Now

Cisco IOS Release 12.3(17b)BC9

None

None

Now

Cisco IOS Release 12.3(17b)BC8

None

None

Now

Cisco IOS Release 12.3(17b)BC7

None

None

Now

Cisco IOS Release 12.3(17b)BC6

None

None

Now

Cisco IOS Release 12.3(17b)BC5

None

None

Now

Cisco IOS Release 12.3(17b)BC4

•Downstream Load Balancing Distribution with Upstream Load Balancing

None

Now

Cisco IOS Release 12.3(17b)BC3

None

None

Now

Cisco IOS Release 12.3(17a)BC2

•Advanced-Mode DOCSIS Set-Top Gateway Issue 1.2

•DOCSIS1.0 TOS Overwrite

None

Now

Cisco IOS Release 12.3(17a)BC1

None

None

Now

Cisco IOS Release 12.3(17a)BC

•Cable Monitor Enhancements

•Configurable Leasequery Server

•Dynamic Channel Change (DCC) for Load balancing

•DOCSIS 2.0 SAMIS ECR Data Set

•DSX Messages and Synchronized PHS Information

•High Availability Support for Encrypted IP Multicast

•IPv6 over L2VPN

•Management Information Base (MIB) Changes and Enhancements

•Pre-equalization Control for Cable Modems

None

Now

Cisco IOS Release 12.3(13a)BC6

None

None

Now

Cisco IOS Release 12.3(13a)BC5

None

None

Now

Cisco IOS Release 12.3(13a)BC4

None

None

Now

Cisco IOS Release 12.3(13a)BC3

None

None

Now

Cisco IOS Release 12.3(13a)BC2

None

None

Now

Cisco IOS Release 12.3(13a)BC1

None

None

Now

Cisco IOS Release 12.3(13a)BC

•DOCSIS 1.0 Concatenation Override

•Enhanced Rate Bandwidth Allocation (ERBA) Support for DOCSIS 1.0 Cable Modems

•MLPPP Support

•Service Independent Intercept (SII) Support on the Cisco uBR7100 CMTS

•Optional Upstream Scheduler Modes

None

Now

Cisco IOS Release 12.3(9a)BC8

None

None

Now

Cisco IOS Release 12.3(9a)BC7

None

None

Now

Cisco IOS Release 12.3(9a)BC6

None

None

Now

Cisco IOS Release 12.3(9a)BC5

None

None

Now

Cisco IOS Release 12.3(9a)BC4

None

None

Now

Cisco IOS Release 12.3(9a)BC3

None

None

Now

Cisco IOS Release 12.3(9a)BC2

None

None

Now

Cisco IOS Release 12.3(9a)BC1

None

None

Now

Cisco IOS Release 12.3(9a)BC

•Cisco Broadband Troubleshooter 3.2

•Cisco IOS Release 12.3(9a)BC Command-Line Interface (CLI) Enhancements

•DOCSIS Set-Top Gateway Issue 1.0

•MIBs Changes and Updates in Cisco IOS Release 12.3(9a)BC

•Subscriber Traffic Management (STM) Version 1.1

•None

Now

¹Only major features are listed.

²MIB = Management Information Base

Cisco IOS Release 12.3(23)BC5

None

None

Now

System Requirements

This section describes the system requirements for Cisco IOS Release 12.3(23)BC5 and includes the following sections:

•Memory Recommendations

•Supported Hardware

•Determining Your Software Release

•Upgrading to a New Software Release

Memory Recommendations

Table 3 displays the memory recommendations of the Cisco IOS feature sets for the Cisco uBR7100 series universal broadband routers for Cisco IOS Release 12.3 BC. Cisco uBR7100 series routers are available with a 16-MB or 20-MB Type II PCMCIA Flash memory card.

Table 3 Memory Recommendations for the Cisco uBR7100 Series Routers,
Cisco IOS Release 12.3 BC Feature Sets

Feature Set

Software Image

Recommended
Flash Memory

Recommended
DRAM Memory

Runs
From

Two-Way Data/VoIP Images

DOCSIS Two-Way

ubr7100-p-mz

16 MB Flash

128 MB DRAM

RAM

DOCSIS Two-Way IP Plus

ubr7100-is-mz

16 MB Flash

128 MB DRAM

RAM

DOCSIS Two-Way with BPI

ubr7100-k8p-mz

16 MB Flash

128 MB DRAM

RAM

DOCSIS Two-Way IP Plus with BPI

ubr7100-ik8s-mz

16 MB Flash

128 MB DRAM

RAM

Boot Image

UBR7100 Boot Image

ubr7100-boot-mz

None

None

—

The image subset legend for Table 3 is as follows:

•i = IP routing, MPLS-VPN support, and non cable interface bridging, including Network Address Translation (NAT)

•k8 = DOCSIS Baseline Privacy and MPLS-VPN support

•p = IP routing with Intermediate System-to-Intermediate System (IS-IS) and Border Gateway Protocol (BGP); MPLS-VPN support; no NAT

•s = "Plus" features: NAT and Inter-Switch Link (ISL)

Note All images support all of the hardware listed in the "Supported Hardware" section, unless otherwise indicated.

Supported Hardware

This section describes the hardware supported by the Cisco uBR7100 Universal Broadband Router in Cisco IOS Release 12.3(21a)BC and 12.3(23)BC releases.

For detailed descriptions of the new hardware features, see the "New and Changed Information" section.

The following models of the Cisco uBR7100 series routers are supported in Cisco IOS 12.3BC software releases.

•Cisco uBR7111

•Cisco uBR7114

•Cisco uBR7111E

•Cisco uBR7114E

Port Adapter Cards

Table 4 lists and describes the port adapters supported by Cisco uBR7100 series routers in Cisco IOS Release 12.3(23)BC5.

Note Table 4 identifies some port adapters for the Cisco uBR7100 series routers that are in an end-of-life (EOL) stage. See the following product bulletin for more details on these EOL port adapters:
http://www.cisco.com/en/US/products/hw/cable/ps2217/prod_eol_notices_list.html

.

Table 4 Cisco uBR7200 Series Port Adapter Releases

WAN Technology

Product Number and Description

Introduced in Release¹

End-of-Life

Ethernet

PA-4E—4-port Ethernet 10BASE-T port adapter

12.2(4)XF1

No

PA-8E—8-port Ethernet 10BASE-T port adapter

12.2(4)XF1

Yes

Fast Ethernet

PA-FE-TX—1-port 100BASE-TX Fast Ethernet port adapter

12.2(4)XF1

No

PA-FE-FX—1-port 100BASE-FX Fast Ethernet port adapter

12.2(4)XF1

No

PA-2FE-TX—2-port 100BASE-TX Fast Ethernet port adapter

12.2(4)XF1

No

PA-2FE-FX—2-port 100BASE-FX Fast Ethernet port adapter

12.2(4)XF1

No

Serial

PA-E3—1-port high-speed serial E3 interface port adapter

12.2(4)XF1

No

PA-T3—1-port T3 serial interface port adapter

12.2(4)XF1

No

PA-T3+—1-port T3 serial interface port adapter enhanced

12.2(4)BC1

No

PA-2E3—2-port high-speed serial E3 interface port adapter

12.2(4)XF1

No

PA-2T3—2-port T3 serial interface port adapter

12.2(4)XF1

No

PA-2T3+—2-port T3 serial interface port adapter enhanced

12.2(4)BC1

No

PA-4T+—4-port synchronous serial port adapter

12.2(4)XF1

No

PA-4E1G-75—4-port unbalanced (75-ohm) E1-G.703/G.704 synchronous serial port adapter

12.2(4)XF1

No

PA-4E1G-120—4-port balanced (120-ohm) E1-G.703/G.704 synchronous serial port adapter

12.2(4)XF1

No

PA-8T-232—8-port EIA/TIA-232 synchronous serial port adapter

12.2(4)XF1

Yes

PA-8T-V35—8-port V.35 synchronous serial port adapter

12.2(4)XF1

No

PA-8T-X21—8-port X.21 synchronous serial port adapter

12.2(4)XF1

Yes

PA-MC-2T1—2-port multichannel DS1 Integrated Services Digital Network (ISDN) Primary Rate Interface (PRI) single-wide port adapter

12.2(4)XF1

Yes

PA-MC-4T1—4-port multichannel DS1 ISDN PRI single-wide port adapter

12.2(4)XF1

No

HSSI

PA-H—1-port HSSI port adapter

12.2(4)XF1

Yes

PA-2H—2-port HSSI port adapter

12.2(4)XF1

No

ATM

PA-A3-E3—1-port E3 ATM, PCI-based, single-width port adapter, that uses an E3 interface with a coaxial cable BNC connector

12.2(8)BC1

No

PA-A3-OC3MM—1-port OC-3c ATM, PCI-based multimode port adapter

12.2(4)XF1

No

PA-A3-OC3SMI—1-port OC-3c ATM, PCI-based single-mode intermediate reach port adapter

12.2(4)XF1

Yes

PA-A3-OC3SML—1-port OC-3c ATM, PCI-based single-mode long reach port adapter

12.2(4)XF1

No

PA-A3-8T1/IMA—ATM inverse multiplexer over ATM port adapter with 8 T1 ports

12.2(4)XF1

No

Packet over SONET

PA-POS-OC3SMI—1-port OC3 single-mode, intermediate reach port adapter

12.2(4)XF1

No

¹The number in this column indicates the Cisco IOS release in which the interface was introduced in this train.

Determining Your Software Release

To determine the version of Cisco IOS software running on the Cisco uBR7100 series universal broadband router, log in to the router and enter the show version EXEC command:
Router> show version
Cisco Internetwork Operating System Software 
IOS (tm) 12.3 BC Software (ubr7100-k8p-mz), Version 12.3(23)BC, RELEASE SOFTWARE
Upgrading to a New Software Release

For general information about upgrading to a new software release, see Cisco IOS Upgrade Ordering Instructions located at the following location on Cisco.com:

http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/957_pp.htm

DOCSIS System Interoperability on the Cisco uBR7100 Series CMTS

This section describes the operation of primary interoperability features in the Cisco uBR7100 series router. For additional DOCSIS information, refer to the following document on Cisco.com:

•DOCSIS 1.1 for the Cisco CMTS

http://www.cisco.com/en/US/docs/cable/cmts/feature/guide/ufg_docs.html.

DOCSIS 1.0 Baseline Privacy

DOCSIS baseline privacy interface (BPI) gives subscribers data privacy across the RF network, encrypting traffic flows between the cable modem termination system (CMTS) and cable modem. BPI ensures that a cable modem, uniquely identified by its Media Access Control (MAC) address, can obtain keying material for services only it is authorized to access.

To enable BPI, choose software at both the CMTS and cable modem that support this mode of operation. Select a Cisco IOS image that supports BPI. BPI must be enabled using the DOCSIS configuration file.

The cable modem must also support BPI. Cable modems must have factory-installed RSA private/public key pairs to support internal algorithms to generate key pairs prior to first BPI establishment.

Note RSA stands for Rivest, Shamir, and Adelman, inventors of a public-key cryptographic system.

Cable Modem Interoperability

•The Cisco uBR7100 series router supports DOCSIS-based two-way interoperability for cable modems that support basic Internet access, VoIP, or Virtual Private Networks (VPNs).

•EuroDOCSIS cable modems or set-top boxes (STBs) with integrated EuroDOCSIS CMs using Cisco uBR-MC16E cable interface line cards and Cisco IOS Release 12.2(4)BC1 or higher. EuroDOCSIS operation support includes 8-MHz Phase Alternating Line (PAL) or Systeme Electronique Couleur Avec Memoire (SECAM) channel plans.

Note Cisco IOS Release 12.3(21a)BC3 does not support telco-return cable modems or STBs.

Configuring the CMTS Cable Interface When in Routing Mode

If you have configured a Cisco cable modem (CM) for routing mode and are also using the cable-modem dhcp-proxy nat command on the cable modem, you must configure the corresponding cable interface on the Cisco uBR7100 series router with the cable dhcp-giaddr policy command. Otherwise, the cable interface could flap and the CM could go offline unpredictably.

DOCSIS 1.0 and 1.0+ Extensions

Earlier releases of Cisco IOS software for the Cisco uBR7100 series router provide support for the original DOCSIS 1.0 standard, featuring basic best-effort data traffic and Internet access over the coaxial cable network. The DOCSIS 1.0+ extensions provides Quality of Service (QoS) enhancements for real-time traffic, such as voice calls, in anticipation of full DOCSIS 1.1 support.

Note All DOCSIS 1.0 extensions are activated only when a cable modem or Cisco uBR924 that supports these extensions solicits services using dynamic MAC messages or the feature set. If the cable modems in your network are pure DOCSIS 1.0-based, they receive regular DOCSIS 1.0 treatment from the Cisco CMTS.

DOCSIS 1.1 Extensions

The DOCSIS 1.1 specification provides the following functional enhancements over DOCSIS 1.0 coaxial cable networks:

•Enhanced Quality of Service (QoS) gives priority for real-time traffic such as voice and video.

–The DOCSIS 1.0 QoS model (a Service IDs (SID) associated with a QoS profile) has been replaced with a Service Flow ID (SFID). This allows greater flexibility in assigning QoS parameters to different types of traffic and in responding to changing bandwidth conditions.

–Multiple service flows per cable modem supported in either direction due to packet classifiers.

–Support for multiple service flows per cable modem allows a single cable modem to support a combination of data, voice, and video traffic.

–Greater granularity is available in QoS per cable modem (in either direction), using unidirectional service flows.

–Dynamic MAC messages are supported to create, modify, and tear down QoS service flows dynamically when requested by a DOCSIS 1.1 cable modem.

•Several QoS models are supported for the upstream.

–Best effort-Data traffic is sent on a non-guaranteed best-effort basis.

–Committed Information Rate (CIR) supports the guaranteed minimum bandwidth for data traffic.

–Unsolicited Grants (UGS) support constant bit rate (CBR) traffic, such as voice, that is characterized by fixed size packets at fixed intervals.

–Real Time Polling (rtPS) supports Real Time service flows, such as video, that produce unicast, variable size packets at fixed intervals.

–Unsolicited Grants with Activity Detection (USG-AD) support the combination of UGS and rtPS, to accommodate real time traffic that might have periods of inactivity (such as voice using silence suppression). The service flow uses UGS fixed grants while active, but switches to rtPS polling during periods of inactivity to avoid wasting unused bandwidth.

•Enhanced time-slot scheduling mechanisms support guaranteed delay/jitter sensitive traffic on the shared multiple access upstream link.

•Payload Header Suppression (PHS) conserves link-layer bandwidth by suppressing unnecessary packet headers on both upstream and downstream traffic flows.

•Layer 2 fragmentation on the upstream prevents large data packets from affecting real-time traffic, such as voice and video. Large data packets are fragmented and then transmitted in the timeslots that are available between the timeslots used for the real-time traffic.

•Concatenation allows a cable modem to send multiple MAC frames in the same timeslot, as opposed to making an individual grant request for each frame. This avoids wasting upstream bandwidth when sending a number of very small packets, such as TCP acknowledgement packets.

•DOCSIS 1.1 cable modems can coexist with DOCSIS 1.0 and 1.0+ cable modems in the same network—the Cisco uBR7100 series router provides the levels of service that are appropriate for each cable modem.

DOCSIS 1.1 Quality of Service

The DOCSIS 1.1 QoS framework is based on the following objects:

•Service class: A collection of settings maintained by the CMTS that provide a specific QoS service tier to a cable modem that has been assigned a service flow within a particular service class.

•Service flow: a unidirectional sequence of packets receiving a service class on the DOCSIS link.

•Packet classifier: A set of packet header fields used to classify packets onto a service flow to which the classifier belongs.

•PHS rule: A set of packet header fields that are suppressed by the sending entity before transmitting on the link, and are restored by receiving entity after receiving a header-suppressed frame transmission. Payload Header Suppression increases the bandwidth efficiency by removing repeated packet headers before transmission.

In DOCSIS 1.1, the basic unit of QoS is the service flow, which is a unidirectional sequence of packets transported across the RF interface between the cable modem and CMTS. A service flow is characterized by a set of QoS parameters such as latency, jitter, and throughput assurances.

Every cable modem establishes a primary service flow in both the upstream and downstream directions. The primary flows maintain connectivity between the cable modem and CMTS at all times.

In addition, a DOCSIS 1.1 cable modem can establish multiple secondary service flows. The secondary service flows can either be permanently created (they persist until the cable modem is reset or powered off) or they can be created dynamically to meet the needs of the on demand traffic being transmitted.

Each service flow has a set of QoS attributes associated with it. These QoS attributes define a particular class of service and determine characteristics such as the maximum bandwidth for the service flow and the priority of its traffic. The class of service attributes can be inherited from a preconfigured CMTS local service class (class-based flows), or they can be individually specified at the time of the creation of the service flow.

Each service flow has multiple packet classifiers associated with it, which determine the type of application traffic allowed to be sent on that service flow. Each service flow can also have a Payload Header Suppression (PHS) rule associated with it to determine which portion of the packet header will be suppressed when packets are transmitted on the flow.

Feature Support

Cisco IOS software is packaged in feature sets that consist of software images that support specific platforms. The feature sets available for a specific platform depend on which Cisco IOS software images are included in a release. Each feature set contains a specific set of Cisco IOS features.

Caution Cisco IOS images with strong encryption (including, but not limited to 168-bit (3DES) data encryption feature sets) are subject to U.S. government export controls and have limited distribution. Strong encryption images to be installed outside the United States are likely to require an export license. Customer orders may be denied or subject to delay because of U.S. government regulations. When applicable, the purchaser/user must obtain local import and use authorizations for all encryption strengths. Please contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com.

The feature set tables have been removed from the Cisco IOS Release 12.3 release notes to improve the usability of the release notes documentation. The feature-to-image mapping that was provided by the feature set tables is available through Cisco Feature Navigator.

Cisco Feature Navigator is a web-based tool that enables you to determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or by feature set (software image). Under the release section, you can compare Cisco IOS software releases side by side to display both the features unique to each software release and the features that the releases have in common.

To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:

http://www.cisco.com.com/web/siteassets/account/index.html

Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:

http://www.cisco.com/go/fn

For frequently asked questions about Cisco Feature Navigator, see the FAQs at the following URL:

http://www.cisco.com/support/FeatureNav/FNFAQ.html

Determining Which Software Images (Feature Sets) Support a Specific Feature

To determine which software images (feature sets) in Cisco IOS Release 12.3 support a specific feature, go to the Cisco Feature Navigator home page, enter your Cisco.com login, and perform the following steps:

Step 1 From the Cisco Feature Navigator home page, click Feature.

Step 2 To find a feature, use either "Search by full or partial feature name" or "Browse features in alphabetical order." Either a list of features that match the search criteria or a list of features that begin with the number or letter selected from the ordered list will be displayed in the text box on the left side of the web page.

Step 3 Select a feature from the left text box, and click the Add button to add a feature to the Selected Features text box on the right side of the web page.

Note To learn more about a feature in the list, click the Description button below the left box.

Repeat this step to add additional features. A maximum of 20 features can be chosen for a single search.

Step 4 Click Continue when you are finished selecting features.

Step 5 From the Major Release drop-down menu, choose 12.3.

Step 6 From the Release drop-down menu, choose the appropriate maintenance release.

Step 7 From the Platform Family drop-down menu, select the appropriate hardware platform. The "Your selections are supported by the following:" table will list all the software images (feature sets) that support the feature(s) that you selected.

Determining Which Features Are Supported in a Specific Software Image (Feature Set)

To determine which features are supported in a specific software image (feature set) in Cisco IOS Release 12.3, go to the Cisco Feature Navigator home page, enter your Cisco.com login, and perform the following steps:

Step 1 From the Cisco Feature Navigator home page, click Compare/Release.

Step 2 In the "Find the features in a specific Cisco IOS release, using one of the following methods:" box, choose 12.3 from the Cisco IOS Major Release drop-down menu.

Step 3 Click Continue.

Step 4 From the Release drop-down menu, choose the appropriate maintenance release.

Step 5 From the Platform Family drop-down menu, choose the appropriate hardware platform.

Step 6 From the Feature Set drop-down menu, choose the appropriate feature set. The "Your selections are supported by the following:" table will list all the features that are supported by the feature set (software image) that you selected.

New and Changed Information

The following sections list the new hardware and software features supported by the Cisco uBR7100 series routers for Cisco IOS Release 12.3(23)BC5.

New Hardware Features in Cisco IOS Release 12.3(21a)BC9

There are no new hardware features supported in Cisco IOS Release 12.3(21a)BC9.

New Software Features in Cisco IOS Release 12.3(21a)BC9

There are no new software features supported in Cisco IOS Release 12.3(21a)BC9.

New Hardware Features in Cisco IOS Release 12.3(23)BC6

There are no new hardware features supported in Cisco IOS Release 12.3(23)BC6.

New Software Features in Cisco IOS Release 12.3(23)BC5

There are no new software features supported in Cisco IOS Release 12.3(23)BC5.

New Hardware Features in Cisco IOS Release 12.3(23)BC5

There are no new hardware features supported in Cisco IOS Release 12.3(23)BC5.

New Software Features in Cisco IOS Release 12.3(23)BC5

There are no new software features supported in Cisco IOS Release 12.3(23)BC5.

New Hardware Features in Cisco IOS Release 12.3(23)BC4

There are no new hardware features supported in Cisco IOS Release 12.3(23)BC4.

New Software Features in Cisco IOS Release 12.3(23)BC4

There are no new software features supported in Cisco IOS Release 12.3(23)BC4.

New Hardware Features in Cisco IOS Release 12.3(21a)BC8

There are no new hardware features supported in Cisco IOS Release 12.3(21a)BC8.

New Software Features in Cisco IOS Release 12.3(21a)BC8

There are no new software features supported in Cisco IOS Release 12.3(21a)BC8.

New Hardware Features in Cisco IOS Release 12.3(23)BC3

There are no new hardware features supported in Cisco IOS Release 12.3(23)BC3.

New Software Features in Cisco IOS Release 12.3(23)BC3

There are no new software features supported in Cisco IOS Release 12.3(23)BC3.

New Hardware Features in Cisco IOS Release 12.3(23)BC2

There are no new hardware features supported in Cisco IOS Release 12.3(23)BC2.

New Software Features in Cisco IOS Release 12.3(23)BC2

The following software feature is new in Cisco IOS Release 12.3(23)BC2.

Subscriber Traffic Management Version 1.2

The STM feature enables service providers to identify and control subscribers who exceed the maximum bandwidth allowed under their registered quality of service (QoS) profiles. STM works as a low CPU alternative to Network-Based Application Recognition (NBAR) and access control lists (ACLs), however, using STM does not mean that NBAR and ACLs have to be turned off; STM can be applied along with NBAR and ACLs. STM also works in conjunction with the Cisco Broadband Troubleshooter to support additional network management and troubleshooting functions in the Cisco CMTS.

The STM Version 1.2 feature is enhanced in Cisco IOS Release 12.3(23)BC2 with the following support on the Cisco uBR7246VXR and Cisco uBR10012 Universal Broadband Routers:

•Support was added for the Cisco Wideband SPA (Cisco uBR10012 router only).

•Support for suspension of the cable modem (CM) penalty period at a certain time of day.

•Support for weekday and weekend traffic monitoring.

•Support of up to 40 total enforce rules.

•Support for service providers to change subscriber service classes for a particular modem using the cable modem service-class-name command.

Addition of the following SNMP objects to the CISCO-CABLE-QOS-MONITOR-MIB:

•ccqmCmtsEnfRulePenaltyEndTime

•ccqmCmtsEnfRuleWkndOff

•ccqmCmtsEnfRuleWkndMonDuration

•ccqmCmtsEnfRuleWkndAvgRate

•ccqmCmtsEnfRuleWkndSampleRate

•ccqmCmtsEnfRuleWkndFirstPeakTime

•ccqmCmtsEnfRuleWkndFirstDuration

•ccqmCmtsEnfRuleWkndFirstAvgRate

•ccqmCmtsEnfRuleWkndSecondPeakTime

•ccqmCmtsEnfRuleWkndSecondDuration

•ccqmCmtsEnfRuleWkndSecondAvgRate

•ccqmCmtsEnfRuleWkndOffPeakDuration

•ccqmCmtsEnfRuleWkndOffPeakAvgRate

•ccqmCmtsEnfRuleWkndAutoEnforce

The following commands are new or modified:

•cable modem service-class-name

•penalty-period

•show cable qos enforce-rule verbose

•weekend duration

•weekend off

•weekend peak-time1

For detailed information about this feature, see the Subscriber Traffic Management on the Cisco CMTS Routers document at:

http://www.cisco.com/en/US/docs/ios/cable/configuration/guide/cmts_sbsbr_tfmgt.html

New Hardware Features in Cisco IOS Release 12.3(21a)BC7

There are no new hardware features supported in Cisco IOS Release 12.3(21a)BC7.

New Software Features in Cisco IOS Release 12.3(21a)BC7

There are no new software features supported in Cisco IOS Release 12.3(21a)BC7.

New Hardware Features in Cisco IOS Release 12.3(23)BC1

There are no new hardware features supported in Cisco IOS Release 12.3(23)BC1.

New Software Features in Cisco IOS Release 12.3(23)BC1

There are no new software features supported in Cisco IOS Release 12.3(23)BC1.

New Hardware Features in Cisco IOS Release 12.3(21a)BC6

There are no new hardware features supported in Cisco IOS Release 12.3(21a)BC6.

New Software Features in Cisco IOS Release 12.3(21a)BC6

There are no new software features supported in Cisco IOS Release 12.3(21a)BC6.

New Hardware Features in Cisco IOS Release 12.3(21a)BC5

There are no new hardware features supported in Cisco IOS Release 12.3(21a)BC5.

New Software Features in Cisco IOS Release 12.3(21a)BC5

There are no new software features supported in Cisco IOS Release 12.3(21a)BC5.

New Hardware Features in Cisco IOS Release 12.3(23)BC

The following hardware feature is new in Cisco IOS Release 12.3(23)BC:

DOCSIS Timing & Control Card (DTCC)

On the Cisco uBR10012 universal broadband router, the DOCSIS Timing & Control Card (DTCC) acts as a secondary processor that performs the following functions:

•In the default DTI mode, a 10.24 MHz clock and 32-bit DOCSIS timestamp are generated by the DTI Server, propagated to DTI client using DTI protocol, and distributed by DTI client to each cable interface line card.

•Allows software to independently power off any or all cable interface line cards.

•Drives the LCD panel used to display system configuration and status information.

•Monitors the supply power usage of the chassis.

•Two RJ-45 cables with the DTI server, which, in turn, can generate the clock using its own oscillator or external timing reference inputs such as GPS or network clock.

When two DTCC cards are installed, they are configured as active (primary) and backup (redundant). If the DTCC card in the first slot is working at system power-up, it automatically becomes the active card and the DTCC card in the second slot becomes the backup card. The DTCC cards monitor each other's priority information, so that if the active card fails, the active card role is transferred to the redundant backup card without loss of data.

Each DTCC card contains two RJ-45 connectors labeled Primary and Secondary, on the front panel. See Xref_Colorparanum[FC_FigureCap,FCW_FigureCapW] on page *. These connectors are for a primary and secondary (redundant) Stratum 3 external clock reference source that is traceable to a Stratum 1 clock source. The external reference source allows the Cisco uBR10012 router's reference clock to be synchronized to the Stratum 1 clock source, providing a free-running DOCSIS-quality clock reference and time stamp to the cable interface line cards.

If present, the primary DTI link is used. If it is lost, the secondary DTI link (if present) on the active DTCC card is used. If the active DTCC card stops functioning, control is transferred to the backup DTCC card, which then uses its primary and secondary clock reference sources. If neither card has a valid clock reference source, In DTI mode, all M-CMTS elements should have common timing source. The internal clock of DTI client cannot be used to provide DOCSIS clock and timestamp. High availability strategies (active/backup card, active/backup ports) should be used to prevent loss of common timing source.

New Software Features in Cisco IOS Release 12.3(23)BC

There are no new software features supported in Cisco IOS Release 12.3(23)BC.

New Hardware Features in Cisco IOS Release 12.3(21a)BC4

There are no new hardware features supported in Cisco IOS Release 12.3(21a)BC4.

New Software Features in Cisco IOS Release 12.3(21a)BC4

There are no new software features supported in Cisco IOS Release 12.3(21a)BC4.

New Hardware Features in Cisco IOS Release 12.3(21a)BC3

There are no new hardware features supported in Cisco IOS Release 12.3(21a)BC3.

New Software Features in Cisco IOS Release 12.3(21a)BC3

There are no new software features supported in Cisco IOS Release 12.3(21a)BC3.

New Hardware Features in Cisco IOS Release 12.3(21a)BC2

There are no new hardware features supported in Cisco IOS Release 12.3(21a)BC2.

New Software Features in Cisco IOS Release 12.3(21a)BC2

There are no new software features supported in Cisco IOS Release 12.3(21a)BC2.

New Hardware Features in Cisco IOS Release 12.3(21a)BC1

There are no new hardware features supported in Cisco IOS Release 12.3(21a)BC1.

New Software Features in Cisco IOS Release 12.3(21a)BC1

There are no new software features supported in Cisco IOS Release 12.3(21a)BC1.

New Hardware Features in Cisco IOS Release 12.3(21)BC

There are no new hardware features supported in Cisco IOS Release 12.3(21)BC.

New Software Features in Cisco IOS Release 12.3(21)BC

The following software features are new in Cisco IOS Release 12.3(21)BC:

Automatic Virtual Interface Bundles

All cable bundles are now automatically converted and configured to be in a virtual bundle, and standalone cable interfaces must be manually configured to be in a virtual bundle to operate properly.

Previously, new virtual interface bundles and bundle members required reconfiguration, and there could also be standalone interfaces not part of a bundle at all.

The following guidelines describe the automatic virtual interface bundling:

•The former rules for bundle master are applicable to the new virtual bundle interface.

•The former rules for bundle slaves are applicable to the new virtual bundle members.

•All cable bundles are automatically converted and configured to be in a virtual bundle after loading the software image.

•The virtual bundle interface accumulates the counters from members; counters on member links are not cleared when they are added to the bundle. If a bundle-only counter is desired, clear the bundle counter on the members before loading the image.

•A maximum of 40 virtual interface bundles are supported, with the numeric range from 1 to 255.

•The virtual bundle interface remains configured unless specifically deleted, even if all members in the bundle are deleted.

•This feature supports subinterfaces on the virtual bundle interface.

•Bundle-aware configurations are supported on the virtual bundle interface.

•Bundle-unaware configurations are supported on each bundle member.

•If the bundle interface existed in earlier Cisco IOS releases, the earlier cable configurations re-appear after upgrade.

For more information, see the "Cable Interface Bundling and Virtual Interface Bundling for the Cisco CMTS" chapter in the Cisco CMTS Feature Guide.

Cable DHCP Enhancements

When using an external DHCP server, the Cisco CMTS supports a number of options that can enhance operation of the cable network in certain applications.

Dynamic Cable Helper Address Selection

The cable helper-address command has been expanded to further specify where to forward DHCP packets based on origin: from a cable modem, MTA, STB, or other cable devices:

cable helper-address address [ cable-modem | host | mta | stb ]

This enables load-balancing of DHCP requests from cable modems and CPE devices by specifying different DHCP servers according to the cable interface or subinterface. You can also specify separate servers for cable modems and CPE devices.

When the mta or stb option is used, you must also use the cable dhcp-parse option-optnum command to parse the DHCP options.

If you specify only one option, the other types of devices (cable modem, host, mta, or stb) will not be able to connect with a DHCP server. You must specify each desired option in a separate command.

You may specify more than one helper address on each cable interface by repeating the command. You can specify more than 16 helper addresses, but the Cisco IOS software uses only the first 16 valid addresses.

If you do not specify an option, the helper-address will support all cable devices, and the associated DHCP server will accept DHCP packets from all cable device classes.

Cable Node Location Reporting

The DHCP Relay Agent can now be used to identify cloned modems or gather geographical information for E911 and other applications. Using the cable dhcp-insert command, users configure the CMTS to insert downstream, upstream, or hostname descriptors into DHCP packets:

cable dhcp-insert {downstream-description | hostname | upstream-description}

A DHCP server can then utilize such information to detect cloned modems or extract geographical information. Multiple types of strings can be configured as long as the maximum relay information option size is not exceeded.

Multiple types of descriptor strings can be configured as long as the maximum relay information option size is not exceeded.

show cable modem docsis device-class

The show cable modem docsis device-class command is now supported.

For more information on these enhancements and related commands, see the Cisco Broadband Cable Command Reference Guide and the "DHCP, ToD, and TFTP Services for the Cisco Cable Modem Termination System" chapter in the Cisco CMTS Feature Guide.

Per Downstream Static Multicast

The IOS IGMP Static-Group feature was first introduced back in Release 11.2, while the Source Specific Multicast (SSM) extension was added in Release 12.0(6)T. This allows network administrators to configure the router to be a statically connected member of the specified group on the interface. All multicast traffic destined to that particular group will be forwarded out on that configured interface.

Beginning in Cisco IOS Release 12.3(21)B, the Cisco uBR10012 universal broadband router supports the Per Downstream Static Multicast feature. This feature provides several multicast enhancements and makes it possible to control the replication of static IP multicast streams within a cable bundle using the cable igmp static-group command on the physical cable downstream interface.

For additional information, refer to the following documents on Cisco.com:

Advanced-mode DOCSIS Set-Top Gateway 1.1 for the Cisco CMTS

http://www.cisco.com/en/US/docs/cable/cmts/feature/ubradsg.html.

SAMIS Source Address Management

Cisco IOS Release 12.3(21)BC introduces Subscriber Account Management Interface Specification (SAMIS) enhancements which will provide the ability to set the source of the usage based billing packets originated by the router using the cable metering command. This enables the ip address to be set as the source of the loopback interface, similar to what is done for telnet or ftp (ip ftp source-interfacelo0).

For additional information about Subscriber Account Management Interface Specification (SAMIS), refer to the following document on Cisco.com:

http://www.cisco.com/en/US/docs/cable/cmts/feature/ubrsamis.html.

New Hardware Features in Cisco IOS Release 12.3(17b)BC9

There are no new hardware features supported in Cisco IOS Release 12.317b)BC9.

New Software Features in Cisco IOS Release 12.3(17b)BC9

There are no new software features supported in Cisco IOS Release 12.3(17b)BC9.

New Hardware Features in Cisco IOS Release 12.3(17b)BC8

There are no new hardware features supported in Cisco IOS Release 12.3(17b)BC8.

New Software Features in Cisco IOS Release 12.3(17b)BC8

There are no new software features supported in Cisco IOS Release 12.3(17b)BC8.

New Hardware Features in Cisco IOS Release 12.3(17b)BC7

There are no new hardware features supported in Cisco IOS Release 12.3(17b)BC7.

New Software Features in Cisco IOS Release 12.3(17b)BC7

There are no new software features supported in Cisco IOS Release 12.3(17b)BC7.

New Hardware Features in Cisco IOS Release 12.3(17b)BC6

There are no new hardware features supported in Cisco IOS Release 12.3(17b)BC6.

New Software Features in Cisco IOS Release 12.3(17b)BC6

There are no new software features supported in Cisco IOS Release 12.3(17b)BC6.

New Hardware Features in Cisco IOS Release 12.3(17b)BC5

There are no new hardware features supported in Cisco IOS Release 12.3(17b)BC5.

New Software Features in Cisco IOS Release 12.3(17b)BC5

There are no new software features supported in Cisco IOS Release 12.3(17b)BC5.

New Hardware Features in Cisco IOS Release 12.3(17b)BC4

There are no new hardware features supported in Cisco IOS Release 12.3(17b)BC4.

New Software Features in Cisco IOS Release 12.3(17b)BC4

Cisco IOS Release 12.3(17b)BC4 introduces the following new features or enhancements:

Downstream Load Balancing Distribution with Upstream Load Balancing

Cisco IOS Release 12.3(17b)BC4 introduces further enhancements to downstream load balancing, resulting in equalized upstream load balancing group members. This enhancement synchronizes the pending statistic between different cable interface line cards in the load balancing group.

This enhancement performs downstream load balancing that accounts for loads on upstream channels in the same upstream load balancing group, rather than on the basis of the entire downstream channel load. Prior Cisco IOS releases may not have distributed cable modems evenly over individual upstream channels, nor in a way that accounted for downstream and upstream segment loads that account for one another.

This enhancement applies when downstream load balancing occurs on a headend system with separate upstream load balancing segments; the upstream segments are spread over multiple downstreams segments. This enhancement provides an alternative downstream load balancing scheme that accounts and makes use of per-upstream loads rather than total downstream loads.

For additional information about Load Balancing on the Cisco CMTS, refer to the following documents on Cisco.com:

•Load Balancing and Dynamic Channel Change on the Cisco CMTS

http://www.cisco.com/en/US/docs/cable/cmts/troubleshooting_batch9/cmtslbg.html.

•Cisco Broadband Cable Command Reference Guide

http://www.cisco.com/en/US/docs/ios/cable/command/reference/cbl_book.html.

New Hardware Features in Cisco IOS Release 12.3(17b)BC3

There are no new hardware features supported in Cisco IOS Release 12.3(17b)BC3.

New Software Features in Cisco IOS Release 12.3(17b)BC3

There are no new software features supported in Cisco IOS Release 12.3(17b)BC3.

New Hardware Features in Cisco IOS Release 12.3(17a)BC2

There are no new hardware features supported in Cisco IOS Release 12.3(17a)BC2.

New Software Features in Cisco IOS Release 12.3(17a)BC2

Cisco IOS Release 12.3(17a)BC2 introduces the following enhancements:

Advanced-Mode DOCSIS Set-Top Gateway Issue 1.2

Cisco IOS Release 12.3(17a)BC2 introduces support for advanced-mode DOCSIS Set-Top Gateway (DSG) Issue 1.2. DSG Issue 1.2 introduces support for the latest DOCSIS Set-Top specification from CableLabs™:

•DOCSIS Set-top Gateway (DSG) Interface Specification, CM-SP-DSG-I05-050812

Advanced-mode DSG 1.2 is a powerful tool in support of latest industry innovations. Advanced-mode DSG 1.2 offers substantial support for enhanced DOCSIS implementation in the Broadband Cable environment. The set-top box dynamically learns the overall environment from the Cisco Cable Modem Termination System (CMTS), to include MAC address, traffic management rules, and classifiers.

For additional information about this feature, refer to the following document on Cisco.com:

•Advanced-mode DOCSIS Set-Top Gateway 1.2 for the Cisco CMTS

http://www.cisco.com/en/US/docs/cable/cmts/feature/ubrdsg12.html.

For additional information about the DOCS-DSG-IF-MIB, feature, refer to the following document on Cisco.com:

•Cisco CMTS Universal Broadband Router MIB Specifications Guide, Cisco IOS Release 12.3(17a)BC2

http://www.cisco.com/en/US/products/hw/cable/ps2209/prod_technical_reference_list.html

DOCSIS1.0 TOS Overwrite

Currently, ToS overwrite requires the creation of static cable QoS profiles, which are then assigned to the ToS fields. This implementation works well if only a few different service types are offered. However, scalability issues arise when large numbers of service types are presented; each requiring a static QoS profile in order to perform ToS overwrite.

The Default DOCSIS 1.0 ToS Overwrite feature eliminates the need to create multiple QoS profiles in order to perform type-of-service (ToS) overwrite by automatically bounding all DOCSIS 1.0 Cable Modem (CM) created profiles to a default ToS overwrite.

New Hardware Features in Cisco IOS Release 12.3(17a)BC1

There are no new hardware features supported in Cisco IOS Release 12.3(17a)BC1:

New Software Features in Cisco IOS Release 12.3(17a)BC1

There are no new software features supported in Cisco IOS Release 12.3(17a)BC1.

New Hardware Features in Cisco IOS Release 12.3(17a)BC

There are no new hardware features supported in Cisco IOS Release 12.3(17a)BC.

New Software Features in Cisco IOS Release 12.3(17a)BC

The Cisco IOS Release 12.3(17a)BC is the third major feature release in the Cisco IOS 12.3 BC release train. This release introduces the following new features or enhancements:

•Cable Monitor Enhancements

•Configurable Leasequery Server

•Dynamic Channel Change (DCC) for Load balancing

•DOCSIS 2.0 SAMIS ECR Data Set

•DSX Messages and Synchronized PHS Information

•High Availability Support for Encrypted IP Multicast

•IPv6 over L2VPN

•Management Information Base (MIB) Changes and Enhancements

•Pre-equalization Control for Cable Modems

•show cable modem Command Changes

Cable Monitor Enhancements

Cisco IOS Release 12.3(17a)BC introduces the following enhancements to the cable monitor feature:

•Access Control Lists are now supported on the Cisco uBR-MC5X20U/D and Cisco uBR-MC28U cable interface line cards

•Unconditional downstream sniffing now enables downstream packets to be monitored, either for MAC or data packets. This enhancement supports both DOCSIS and Ethernet packet encapsulation.

For additional information about this enhancements to the cable monitor feature, refer to the following documents on Cisco.com:

•Cable Monitor and Intercept Features on the Cisco CMTS

http://www.cisco.com/en/US/docs/cable/cmts/feature/guide/ufg_cmon.html.

Configurable Leasequery Server

Previously, lease query requests could only be sent to the DHCP server. Beginning with Cisco IOS Release 12.3(17a)BC, an alternate server may be configured to receive the requests.

There are a few restrictions:

•Lease queries are sent to the DHCP server unless an alternate server is configured.

•Only one alternate server may be configured.

•Users are responsible for the synchronization of the DHCP server and configured alternate server.

•If the configured alternate server fails, lease query requests will not be diverted back to the DHCP server.

Regardless of which server is configured (DHCP or alternate), unknown IP addresses that are found in packets for customer premises equipment (CPE) devices that use the cable modems on the cable interface are verified. The DHCP server or configured alternate server returns a DHCP ACK message with the MAC address of the CPE device that has been assigned this IP address, if any.

To configure the Cisco CMTS router to send DHCP LEASEQUERY requests to an alternate server, use the cable source-verify dhcp server ipaddress and no cable arp commands. (To configure the DHCP server instead, use the cable source-verify dhcp and no cable arp commands.)

For additional information about this feature, refer to the following documents on Cisco.com:

•Filtering Cable DHCP Lease Queries on Cisco CMTS Routers

http://www.cisco.com/en/US/docs/cable/cmts/feature/cblsrcvy.html.

Dynamic Channel Change (DCC) for Load balancing

Cisco IOS Release 12.3(17a)BC introduces Dynamic Channel Change (DCC) and DCC for Load Balancing on the Cisco CMTS.

DCC in DOCSIS 1.1 dynamically changes cable modem upstream or downstream channels without forcing a cable modem to go offline, and without re-registration after the change. DCC supports four different types of initialization, instead of one, as in earlier DOCSIS support.

DCC and DCC for load balancing is supported on the Cisco uBR7246VXR router and the Cisco uBR10012 router with distributed cable interface line cards, including the Cisco MC28U and the Cisco MC5X20S/U/H.

•Load Balancing techniques allow for moving cable modems with DCC by using configurable initialization techniques.

•DCC allows line card channel changes across separate downstream channels in the same cable interface line card, with the DCC initialization techniques ranging from 0 to 4.

•DCC transfers cable modem state information from the originating downstream channel to the target downstream channel, and maintains synchronization of the cable modem information between the cable interface line card and the Network Processing Engine (NPE) or Route Processor (RP).

•When the target channel is in ATDMA mode, only DOCSIS 2.0-capable modems can be successfully load balanced. (Only DOCSIS 2.0-capable modems can operate on an ATDMA-only upstream channel.) Cisco recommends identical channel configurations in a load balancing group.

Dynamic Channel Change for Load Balancing entails the following new or enhanced commands in Cisco IOS Release 12.3(17a)BC, and later releases:

Global Configuration Commands

•cable load-balance group group-num dcc-init-technique <0-4>

•cable load-balance group group-num policy { pcmm | ugs }

•cable load-balance group group-num threshold {load | pcmm | stability | ugs} <1-100>

•cable load-balance group group-num threshold load <1-100> {minimum}

•cable load-balance group group-num threshold load <1-100> {enforce}

Testing Command

•test cable dcc mac-addr {slot/port | slot/subslot/port} target-us-channel-id ranging-technique

For configuration, command reference, testing, and examples for DCC on the Cisco CMTS, refer to the following documents on Cisco.com:

•Load Balancing and Dynamic Channel Change (DCC) on the Cisco CMTS

http://www.cisco.com/en/US/docs/cable/cmts/troubleshooting_batch9/cmtslbg.html.

•Cisco Broadband Cable Command Reference Guide

http://www.cisco.com/en/US/docs/ios/cable/command/reference/cbl_book.html.

DOCSIS 2.0 SAMIS ECR Data Set

The Usage-Based Billing feature for the Cisco Cable Modem Termination System (CMTS) provides subscriber account and billing information in the Subscriber Account Management Interface Specification (SAMIS) format. The SAMIS format is specified by the Data-over-Cable Service Interface Specifications (DOCSIS) Operations Support System Interface (OSSI) specification.

Release 12.2 SB provides enhancements to the OSSI specifications, and billing reports (billing record format), added support to the CISCO-CABLE-METERING-MIB, which contains objects that provide subscriber account and billing information in the Subscriber Account Management Interface Specification (SAMIS) format, added support for DCC and DCC for Load balancing and Downstream LLQ.

For additional information, refer to the following document on Cisco.com:

•Usage-Based Billing for the Cisco CMTS

http://www.cisco.com/en/US/docs/cable/cmts/feature/ubrsamis.html.

DSX Messages and Synchronized PHS Information

Cisco IOS Release 12.3(17a)BC introduces support for PHS rules in a High Availability environment. In this release, and later releases, PHS rules synchronize and are supported during a switchover event of these types:

•Route Processor Redundancy Plus (RPR+), with Active and Standby Performance Routing Engines (PREs) on Cisco uBR10012 universal broadband routers.

•HCCP N+1 Redundancy, with Working and Protect cable interface line cards

For additional information about these enhancements, and related High Availability features, refer to the following documents on Cisco.com:

•N+1 Redundancy for the Cisco Cable Modem Termination System

http://www.cisco.com/en/US/docs/cable/cmts/feature/guide/uFGnpls1.html.

High Availability Support for Encrypted IP Multicast

Cisco IOS Release 12.3(17a)BC introduces support for IP Multicast streams during switchover events in a High Availability environment. This feature is supported for Route Processor Redundancy Plus (RPR+), N+1 Redundancy, and encrypted BPI+ streams.

For additional information about IP Multicast and High Availability, refer to these documents on Cisco.com:

•Cisco CMTS Universal Broadband Router MIB Specifications Guide

http://www.cisco.com/en/US/products/hw/cable/ps2217/prod_technical_reference_list.html.

•Dynamic Shared Secret for the Cisco CMTS

http://www.cisco.com/en/US/docs/cable/cmts/feature/ubrdmic.html.

•IP Multicast in Cable Networks, White Paper

http://www.cisco.com/en/US/tech/tk828/technologies_case_study0900aecd802e2ce2.shtml

•N+1 Redundancy for the Cisco Cable Modem Termination System

http://www.cisco.com/en/US/docs/cable/cmts/feature/guide/uFGnpls1.html.

IPv6 over L2VPN

Beginning with Cisco IOS Release 12.3(17a)BC, the Cisco uBR7246VXR router now supports IPv6 using Layer 2 VPNs based on SID to 802.1q mapping. The Cisco uBR7246VXR router already supported Transparent LAN service with Layer 2 VPNs in Cisco IOS Release 12.3(13a)BC and later releases. As more Internet users switch to IPv6, the Cisco IPv6 protocol support helps enable the transition. IPv6 fixes a number of limitations in IPv4, such as limited numbers of available IPv4 addresses in addition to improved routing and network autoconfiguration. This feature allows customers to introduce IPv6 into their network with minimal operational impact.

For additional information about this feature, refer to the following documents on Cisco.com:

•IPv6 Documentation: overview, technology, design and configuration information

http://www.cisco.com/en/US/tech/tk872/tsd_technology_support_protocol_home.html

Management Information Base (MIB) Changes and Enhancements

MIB enhancements in Cisco IOS Release 12.3(17a)BC provide enhanced management features that enable the Cisco uBR 7200 Series router and the Cisco uBR10012 router to be managed through the Simple Network Management Protocol (SNMP). These enhanced management features allow you to:

• Use SNMP set and get requests to access information in Cisco CMTS universal broadband routers.

• Reduce the amount of time and system resources required to perform functions such as inventory management.

• A standards-based technology (SNMP) for monitoring faults and performance on the router.

• Support for SNMP versions (SNMPv1, SNMPv2c, and SNMPv3).

• Notification of faults, alarms, and conditions that can affect services.

For additional information about these MIB changes, refer to the following document on Cisco.com:

•Cisco CMTS Universal Broadband Router MIB Specifications Guide

http://www.cisco.com/en/US/products/hw/cable/ps2217/prod_technical_reference_list.html

Pre-equalization Control for Cable Modems

Cisco IOS Release 12.3(17a)BC introduces pre-equalization control for cable modems on a per-modem basis. This feature enhances support for pre-equalization control on an interface basis with the Organizational Unique Identifier (OUI), which is also supported.

When pre-equalization is enabled on an upstream interface, this feature allows you to disable pre-equalization adjustment selectively, for a specific cable modem or a group of cable modems. This feature prevents cable modems from flapping when processing pre-equalization requests sent from the Cisco CMTS.

Restrictions

This feature observes the following restrictions in Cisco IOS Release 12.3(17a)BC:

•For pre-equalization to be supported on a per-modem basis, the cable modem must send verification of pre-equalization after it registers with the Cisco CMTS.

•The option of excluding the OUI is a global configuration. For the cable modem on which OUI is excluded, the excluded OUI is disabled for all interfaces. This method uses a list of OUI values, recording which modems are sent and not sent pre-equalization.

•To remove this exclusion, use the no cable pre-equa exclude {modem|oui} form.

cable pre-equalization exclude

To exclude a cable modem from pre-equalization during registration with the Cisco CMTS, use the cable pre-equalization exclude command in global configuration mode. Exclusion is supported for a specified cable modem, or for a specified OUI value for the entire interface. To remove exclusion for the specified cable modem or interface, use the no form of this command. Removing this configuration returns the cable modem or interface to normal pre-equalization processes during cable modem registration.

cable pre-equalization exclude {oui | modem} mac-addr

no cable pre-equalization exclude {oui | modem} mac-addr

Syntax Description

oui

Organizational Unique identifier for the interface specified. Using this keyword excludes the specified OUI during cable modem registration for the associated interface.

modem

Cable Modem identifier for the cable modem specified. Using this keyword excludes the cable modem.

mac-addr

Identifier for the OUI or cable modem to be excluded.

Command Default

Pre-equalization is enabled by default on the Cisco router, and for cable modems that have a valid and operational DOCSIS configuration file. When enabled, pre-equalization sends ranging messages for the respective cable modems. When disabled with the new exclude command, pre-equalization is excluded for the respective cable modems.

Command Modes

Global configuration mode

Command History

Release

Modification

12.3(17a)BC

This command was introduced to the Cisco uBR10012 router and the Cisco uBR7246VXR router.

Usage Guidelines

The pre-equalization exclusion feature should be configured for the running configuration of the Network Processing Engine (NPE), the Performance Routing Engine (PRE), and the line card console.

Examples

The following example configures pre-equalization to be excluded for the specified cable modem. Pre-equalization data is not sent for the corresponding cable modem:
Router(config)# cable pre-equalization exclude modem mac-addr
The following example configures pre-equalization to be excluded for the specified OUI value of the entire interface. Pre-equalization data is not sent for the corresponding OUI value of the entire interface:
Router(config)# cable pre-equalization exclude oui mac-addr
The following series of commands configures pre-equalization on the Cisco uBR7246VXR router with MC28U cable interface line cards. On the Network Processing Engine (NPE) console, configure and verify with the following commands.
Router# conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# cable pre-equalization exclude oui 00.09.24
Router(config)# end
Router#show run
02:58:10: %SYS-5-CONFIG_I: Configured from console by consolen
Router# show running-config | inc oui
cable pre-equalization exclude oui 00.09.24
On the line card console for the same Cisco uBR7246VXR router, verify the configuration with the following command:
Router# show running-config | inc oui
cable pre-equalization exclude oui 00.09.24
After either of these exclusion methods for pre-equalization are configured, you can verify that all ranging messages do not include pre-equalization data. Use the following debug commands in global configuration mode:

•debug cable range

•debug cable interface cx/x/x mac-addr

Verify the ranging message for the non-excluded cable modems include pre-equalization data, and for the excluded cable modems, the ranging messages do not include such data.

The following example removes pre-equalization exclusion for the specified OUI and interface. This results in the cable modem or OUI to return to normal pre-equalization functions. Ranging messages resume sending pre-equalization data.
Router(config)# no cable pre-equalization exclude { oui | modem } mac-addr
Removal of this feature can be verified with the following debug command:

•debug cable interface cx/x/x mac-ad—Verifies the ranging message for all non-excl modems include pre-eq data, and for the excluded modems ranging messages do not include pre-eq data.

For additional information about this feature, refer to the following documents on Cisco.com:

•Cisco Broadband Cable Command Reference Guide

http://www.cisco.com/en/US/docs/ios/cable/command/reference/cbl_book.html

show cable modem Command Changes

Cisco IOS Release 12.3(17a)BC introduces changes for two versions of the show cable modem command.

•show cable modem mac summary

The information displayed with this command is revised. The DOCSIS 2.0 column in the Quality of Service (QoS) Provision Mode field has been removed, as this field is not applicable to QoS provisioning in DOCSIS 2.0.

Command Output in Cisco IOS Release 12.3(17a)BC and Later Releases
Router# show cable modem mac summary 
                            Cable Modem Summary
                            -------------------
                         Mac Version                 QoS Provision Mode
Interface       Total   DOC2.0  DOC1.1  DOC1.0   Reg/Online   DOC1.1  DOC1.0
Cable5/1/0/U0   10      0       2       8        10           0       10
Command Output in Cisco IOS Release 12.3(13a)BC and Earlier Releases
Router# show cable modem mac summary
                            Cable Modem Summary
                            -------------------
                         Mac Version                 QoS Provision Mode
Interface       Total   DOC2.0  DOC1.1  DOC1.0   Reg/Online   DOC2.0  DOC1.1  DOC1.0
Cable8/0/0/U0   8       0       5       3        5            0       5       0
•show cable modem phy

The information displayed with this command is revised. The MicroReflec column (MicroReflections) has been removed, and the DOCSIS Prov (DOCSIS Provider) column has been added in its place. This new column contains DOCSIS version information.

Command Output in Cisco IOS Release 12.3(17a)BC and Later Releases
Router# show cable modem phy 
MAC Address    I/F         Sid  USPwr  USSNR  Timing  DSPwr  DSSNR  Mode  DOCSIS
                                (dBmV) (dB)   Offset  (dBmV) (dB)         Prov 
0003.e350.9a3f C5/1/0/U0   1    0.00   30.23  2811    0.00   -----  tdma  1.0
0050.734e.c1a1 C5/1/0/U0   2    0.00   30.47  2811    0.00   -----  tdma  1.0
0007.0e01.1749 C5/1/0/U0   3    0.00   30.65  2808    0.00   -----  tdma  1.0
0007.0e00.90dd C5/1/0/U0   4    0.00   30.66  2806    0.00   -----  tdma  1.0
0003.e350.9ad3 C5/1/0/U0   5    0.00   30.47  2810    0.00   -----  tdma  1.0
0003.e38f.f4e5 C5/1/0/U0   6    0.00   30.36  2813    0.00   -----  tdma  1.0
0003.e350.9b97 C5/1/0/U0   7    0.00   30.44  2812    0.00   -----  tdma  1.0
0003.e350.9bed C5/1/0/U0   8    0.00   30.16  2814    0.00   -----  tdma  1.0
0003.e308.455d C5/1/0/U0   9    0.00   30.79  2811    0.00   -----  tdma  1.0
0003.6bd6.bfaf C5/1/0/U0   10   0.00   30.40  2813    0.00   -----  tdma  1.0
Command Output in Cisco IOS Release 12.3(13a)BC and Earlier Releases
Router# show cable modem phy
MAC Address    I/F         Sid  USPwr  USSNR  Timing MicroReflec DSPwr  DSSNR  Mode
                                (dBmV)  (dB)   Offset (dBc)      (dBmV)   (dB)     
0008.0e06.7b14 C8/0/0/U0   1    0.00   30.36  1938   0            0.00  -----  tdma 
0050.f112.5977 C8/0/0/U0   2    0.00   30.36  1695   0            0.00  -----  tdma 
0090.837b.b0b9 C8/0/0/U0   3    0.00   30.64  1187   0            0.00  -----  tdma 
0007.0e03.6e99 C8/0/0/U0   5    0.00   30.36  2747   0            0.00  -----  tdma 
0007.0e04.5091 C8/0/0/U0   6    0.00   30.94  2746   0            0.00  -----  tdma 
0006.5314.81d9 C8/0/0/U0   7    0.00   30.36  2745   0            0.00  -----  tdma 
0003.6b1b.ee63 C8/0/0/U0   8    0.00   31.26  2745   0            0.00  -----  tdma 
0030.eb15.84e7 C8/0/0/U0   12   0.00   30.36  1157   0            0.00  -----  tdma 
For additional information about either of these commands, refer to the following document on Cisco.com

•Cisco Broadband Cable Command Reference Guide

http://www.cisco.com/en/US/docs/ios/cable/command/reference/cbl_book.html.

New Hardware Features in Cisco IOS Release 12.3(13a)BC6

There are no new hardware features supported in Cisco IOS Release 12.3(13a)BC6.

New Software Features in Cisco IOS Release 12.3(13a)BC6

There are no new software features supported in Cisco IOS Release 12.3(13a)BC6.

New Hardware Features in Cisco IOS Release 12.3(13a)BC5

There are no new hardware features supported in Cisco IOS Release 12.3(13a)BC5.

New Software Features in Cisco IOS Release 12.3(13a)BC5

There are no new software features supported in Cisco IOS Release 12.3(13a)BC5.

New Hardware Features in Cisco IOS Release 12.3(13a)BC4

There are no new hardware features supported in Cisco IOS Release 12.3(13a)BC4.

New Software Features in Cisco IOS Release 12.3(13a)BC4

There are no new software features supported in Cisco IOS Release 12.3(13a)BC4.

New Hardware Features in Cisco IOS Release 12.3(13a)BC3

There are no new hardware features supported in Cisco IOS Release 12.3(13a)BC3.

New Software Features in Cisco IOS Release 12.3(13a)BC3

There are no new software features supported in Cisco IOS Release 12.3(13a)BC3.

New Hardware Features in Cisco IOS Release 12.3(13a)BC2

There are no new hardware features supported in Cisco IOS Release 12.3(13a)BC2.

New Software Features in Cisco IOS Release 12.3(13a)BC2

There are no new software features supported in Cisco IOS Release 12.3(13a)BC2.

New Hardware Features in Cisco IOS Release 12.3(13a)BC1

There are no new hardware features supported in Cisco IOS Release 12.3(13a)BC1.

New Software Features in Cisco IOS Release 12.3(13a)BC1

There are no new software features supported in Cisco IOS Release 12.3(13a)BC1.

New Hardware Features in Cisco IOS Release 12.3(13a)BC

There are no new hardware features supported in Cisco IOS Release 12.3(13a)BC for the Cisco uBR7100 series router.

New Software Features in Cisco IOS Release 12.3(13a)BC

This section describes the following new software features and CLI command changes for Cisco IOS Release 12.3(13)BC and the Cisco uBR7100 series router:

•Access List Support for COPS Intercept

•DOCSIS 1.0 Concatenation Override

•Enhanced Rate Bandwidth Allocation (ERBA) Support for DOCSIS 1.0 Cable Modems

•MLPPP Support

•Service Independent Intercept (SII) Support on the Cisco uBR7100 CMTS

•Optional Upstream Scheduler Modes

Access List Support for COPS Intercept

Cisco IOS Release 12.3(13a)BC introduces enhanced command-line interface for the Common Open Policy Service (COPS) feature.

To configure access control lists (ACLs) for inbound connections to all COPS listener applications on the Cisco CMTS, user the cops listeners access-list command in global configuration mode. To remove this setting from the Cisco CMTS, us the no form of this command.

cops listeners access-list {acl-num | acl-name}

no cops listeners access-list {acl-num | acl-name}

Syntax Description

acl-num

Alphanumeric identifier of up to 30 characters, beginning with a letter that identifies the ACL to apply to the current interface.

acl-name

Numeric identifier that identifies the access list to apply to the current interface. For standard access lists, the valid range is 1 to 99; for extended access lists, the valid range is 100 to 199.

Additional Information

Refer also the Service Independent Intercept (SII) feature in this document. For additional information, refer to the following documents on Cisco.com:

•COPS Engine Operation on the Cisco CMTS

http://www.cisco.com/en/US/docs/ios/cable/configuration/guide/cmts_cops_eng_op_ps2209_TSD_Products_Configuration_Guide_Chapter.html

•Configuring COPS for RSVP, Cisco IOS Versions 12.2 and 12.3

http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfcops_ps1835_TSD_Products_Configuration_Guide_Chapter.html.

•Cable Monitor and Intercept Features for the Cisco CMTS

http://www.cisco.com/en/US/docs/cable/cmts/feature/guide/ufg_cmon.html.

•PacketCable and PacketCable Multimedia on the Cisco CMTS

http://www.cisco.com/en/US/docs/cable/cmts/feature/guide/ufg_pkcb.html.

•Cisco PacketCable Primer White Paper

http://www.cisco.com/en/US/netsol/ns341/ns121/ns342/ns343/networking_solutions_white_paper09186a0080179138.shtml

DOCSIS 1.0 Concatenation Override

Cisco IOS release 12.3(13a)BC introduces support for the DOCSIS 1.0 concatenation override feature on the Cisco uBR10012 router. This feature provides the ability to disable concatenation on DOCSIS 1.0 cable modems, even in circumstances where concatenation is otherwise supported for the upstream channel.

DOCSIS 1.0 concatenation allows the cable modem to make a single-time slice request for multiple packets, and to send all packets in a single large burst on the upstream. Concatenation was introduced in the upstream receive driver in the previous Cisco IOS releases that supported DOCSIS 1.0 +. Per-SID counters were later added in Cisco IOS Release 12.1(4)CX for debugging concatenation activity.

In some circumstances, overriding concatenation on DOCSIS 1.0 cable modems may be preferable, and Cisco IOS Release 12.3(13a)BC supports either option.

Note Even when DOCSIS 1.0 concatenation is disabled with this feature, concatenation remains enabled for cable modems that are compliant with DOCSIS 1.1 or DOCSIS 2.0.

To enable DOCSIS 1.0 concatenation override with Cisco IOS Release 12.3(13a)BC and later releases, use the new docsis10 keyword with the previously supported cable upstream <n> concatenation command in privileged EXEC mode:

cable upstream <n> concatenation docsis10

Syntax Description

n

Specifies the upstream port number. Valid values start with 0 for the first upstream port on the cable interface line card.

Examples

The following example illustrates DOCSIS 1.0 concatenation override on the Cisco uBR10012 router:
Router# no cable upstream 0 concatenation docsis10
In this example, DOCSIS 1.0 cable modems are updated with REG-RSP so that they are not permitted to use concatenation.

For additional information about this command, refer to the following document on Cisco.com:

•Cisco Broadband Cable Command Reference Guide

http://www.cisco.com/en/US/docs/ios/cable/command/reference/cbl_book.html

Enhanced Rate Bandwidth Allocation (ERBA) Support for DOCSIS 1.0 Cable Modems

Cisco IOS Release 12.3(13a)BC introduces Enhanced Rate Bandwidth Allocation (ERBA) support for DOCSIS 1.0 cable modems and the Cisco uBR7100 router. ERBA allows DOCSIS1.0 modems to burst their temporary transmission rate up to the full line rate for short durations of time. This capability provides higher bandwidth for instantaneous bandwidth requests, such as those in Internet downloads, without having to make changes to existing service levels in the QoS Profile.

This feature enables MSOs to set the DOCSIS 1.0 cable modems burst transmissions, with mapping to overriding DOCSIS 1.1 QoS profile parameters on the Cisco CMTS. DOCSIS 1.0 cable modems require DOCSIS 1.0 parameters when registering to a matching QoS profile. This feature enables maximum downstream line rates, and the ERBA setting applies to all cable modems that register to the corresponding QoS profile.

Note QoS definitions must previously exist on the Cisco CMTS headend to support this feature.

DOCSIS 1.0 cable modems require DOCSIS 1.0 parameters when registering to a matching QoS profile. This feature enables the maximum downstream burst to be set in global configuration mode. The max-ds-burst setting applies to all cable modems that register to the corresponding QoS profile.

ERBA for DOCSIS 1.0 cable modems is supported with these new or enhanced commands or keywords in Cisco IOS Release 12.3(13a)BC:

•cable qos pro max-ds-burst burst-size

•show cable qos profile n [verbose]

To define ERBA on the downstream for DOCSIS 1.0 cable modems, use the cable qos promax-ds-burst command in global configuration mode. To remove this ERBA setting from the QoS profile, use the no form of this command.

cable qos pro max-ds-burst burst-size
no cable qos pro max-ds-burst
Syntax Description

burst-size

The QoS profile's downstream burst size in bytes.

To display ERBA settings as applied to DOCSIS 1.0 cable modems and QoS profiles on the Cisco CMTS, use the show cable qos profile command in Privileged EXEC mode.

The following example of the cable qos profile command in global configuration mode illustrates changes to the cable qos profile command. Fields relating to the ERBA feature are shown in bold for illustration:
Router(config)# cable qos pro 10 ?
  grant-interval       Grant interval
  grant-size           Grant size
  guaranteed-upstream  Guaranteed Upstream
  max-burst            Max Upstream Tx Burst
  max-ds-burst        Max Downstream Tx burst (cisco specific) 
  max-downstream       Max Downstream
  max-upstream         Max Upstream
  name                 QoS Profile name string (cisco specific) 
  priority             Priority
  privacy              Cable Baseline Privacy Enable
tos-overwrite        Overwrite TOS byte by setting mask bits to value 
The following example of the show cable qos profile command illustrates that the maximum downstream burst has been defined, and is a management-created QoS profile:
Router# show cable qos pro
ID  Prio Max       Guarantee Max        Max   TOS  TOS   Create  B     IP prec.
         upstream  upstream  downstream tx    mask value by      priv  rate
         bandwidth bandwidth bandwidth  burst                    enab  enab
1   0    0         0         0          0     0xFF 0x0   cmts(r) no    no
2   0    64000     0         1000000    0     0xFF 0x0   cmts(r) no    no
3   7    31200     31200     0          0     0xFF 0x0   cmts    yes   no
4   7    87200     87200     0          0     0xFF 0x0   cmts    yes   no
6   1    90000     0         90000      1522  0xFF 0x0   mgmt    yes   no
10  1    90000     0         90000      1522  0x1  0xA0  mgmt    no    no
50  0    0         0         96000      0     0xFF 0x0   mgmt    no    no
51  0    0         0         97000      0     0xFF 0x0   mgmt    no    no
The following example illustrates the maximum downstream burst size in sample QoS profile 10 with the show cable qos prof verbose command in privileged EXEC mode:
Router# show cable qos pro 10 ver
Profile Index                           10
Name
Upstream Traffic Priority               1
Upstream Maximum Rate (bps)             90000
Upstream Guaranteed Rate (bps)          0
Unsolicited Grant Size (bytes)          0
Unsolicited Grant Interval (usecs)      0
Upstream Maximum Transmit Burst (bytes) 1522
Downstreamam Maximum Transmit Burst (bytes) 100000
IP Type of Service Overwrite Mask       0x1
IP Type of Service Overwrite Value      0xA0
Downstream Maximum Rate (bps)           90000
Created By                              mgmt
Baseline Privacy Enabled                no
Usage Guidelines

If a cable modem registers with a QoS profile that matches one of the existing QoS profiles on the Cisco CMTS, then the maximum downstream burst size, as defined for that profile, is used instead of the default DOCSIS QoS profile of 1522.

For example, a DOCSIS 1.0 configuration that matches QoS profile 10 in the previous examples would be as follows:
03 (Net Access Control)         = 1
04 (Class of Service Encodings Block)
   S01 (Class ID)               = 1
   S02 (Maximum DS rate)        = 90000
   S03 (Maximum US rate)        = 90000
   S06 (US burst)               = 1522
   S04 (US Channel Priority)    = 1
   S07 (Privacy Enable)         = 0
The maximum downstream burst size (as well as the ToS overwrite values) are not explicitly defined in the QoS configuration file because they are not defined in DOCSIS. However, because all other parameters are a perfect match to profile 10 in this example, then any cable modem that registers with these QoS parameters has a maximum downstream burst of 100000 bytes applied to it.

For further illustration, consider a scenario in which packets are set in lengths of 1000 bytes at 100 packets per second (pps). Therefore, the total rate is a multiplied total of 1000, 100, and 8, or 800kbps.

To change these settings, two or more traffic profiles are defined, with differing downstream QoS settings as desired. Table 5 provides two examples of such QoS profiles for illustration:

Table 5 Sample QoS Profiles with Differing ERBA (Maximum Downstream) Settings

QoS Profile Setting

QoS Profile 101

QoS Profile 102

Maximum Downstream Transmit Burst (bytes)

max-burst 4000

max-burst 4000

Maximum Downstream Burst (bps)

max-ds-burst 20000

max-ds-burst 5000

Maximum Downstream Bandwidth

max-downstream 100

max-downstream 100

In this scenario, both QoS profiles are identical except for the max-ds-burst size, which is set to 5000 in QoS profile 101 and 5000 in QoS profile 102.

Optimal Settings for DOCSIS 1.0 Downstream Powerburst

DOCSIS allows the setting different token bucket parameters for each service flow, including the token bucket burst size. When burst sizes are closer to 0, QoS is enforced in a stricter manner, allowing a more predictable sharing of network resources, and as a result easier network planning.

When burst sizes are larger, individual flows can transmit information faster (lower latency), although the latency variance can be larger as well.

For individual flows, a larger burst size is likely to be better. As long as the system is not congested, a large burst size reduces the chances of two flows transmitting at the same time, because each burst is likely to take less time to transmit. However, as channel bandwidth consumption increases, it is probably that large burst traffic would exceed the thresholds of buffer depths, and latency is longer than with well shaped traffic.

For additional information about the cable qos profile command and configuring QoS profiles, refer to the following documents on Cisco.com:

•Cisco Broadband Cable Command Reference Guide:

http://www.cisco.com/en/US/docs/ios/cable/command/reference/cbl_book.html.

•Configuring DOCSIS 1.1 on the Cisco CMTS

http://www.cisco.com/en/US/docs/cable/cmts/feature/guide/ufg_docs.html.

MLPPP Support

The Cisco IOS Multilink Point-to-Point Protocol (MLPPP) feature is now supported for selected line cards and port adapters on the Cisco uBR7100 series, which share the same MLPPP code as the Cisco uBR7200 series. There is no new hardware or software for MLPPP in this release.

Note MLPPP combines one or more physical interfaces into a virtual "bundle" interface. The bandwidth of the bundle interface is equal to the sum of the component links' bandwidth. This allows service providers to make the step from T1 and E1 lines to affordable T3 and E3 speeds.

MLPPP is configured not on a cable interface, but on the T1/E1 link.

Line cards and Port Adapters Supporting MLPPP on the Cisco uBR7100 Series

Table 6 lists the line cards and port adapters on the Cisco uBR7100 series, in conjunction with the applicable network processing engine (NPE), that are supported for MLPPP at the time Cisco IOS Release 12.3(13a)BC was released.

Table 6 Line cards and Port Adapters Supporting MLPPP on the Cisco uBR7100 Series for Cisco IOS Release 12.3(13a)BC

Model

NPE

Line card

Port Adapter

Cisco uBR7114

N/A

N/A

PA-4E1G/120, PA-4T+, PA-MC-4T1

Service Independent Intercept (SII) Support on the Cisco uBR7100 CMTS

Cisco CMTS supports the Communications Assistance for Law Enforcement Act (CALEA) for voice and data. Cisco IOS Release 12.3(13a)BC introduces support for Service Independent Intercept (SII) on the Cisco uBR7100 CMTS. Cisco SII provides a more robust level of the lawful intercept (LI) options offered in the Packet Intercept feature. Cisco SII is the next level of support for judicially authorized electronic intercept, to include dial access, mobile wireless, tunneled traffic, and Resilient Transport Protocol (RTP) for voice and data traffic on the Cisco CMTS. SII on the Cisco CMTS includes these functions:

•Packet intercept on specified or unspecified interfaces or ports, including port lists

•Packet intercept on virtual interface bundles

•Corresponding SNMP MIB enhancements for each of these functions, as intercept requests are initiated by a mediation device (MD) using SNMPv3

Note No new CLI commands are provided for this feature in Cisco IOS Release 12.3(13a)BC.

Cisco IOS Release 12.3(13a)BC enables full Multiple Service Operator (MSO) compliance with SII and LI regulations. Service providers worldwide are legally required to allow government agencies to conduct surveillance on the service provider's traditional telephony equipment. The objective of the SII feature is to enable service providers with New World networks that legally allow government agencies to conduct electronic network surveillance.

Lawful Intercept (LI) describes the process and judicial authority by which law enforcement agencies conduct electronic surveillance of circuit and packet-mode communications. LI is authorized by judicial or administrative order and implemented for either voice or data traffic on the Cisco CMTS. Table 7 lists the differences between packet intercept and SII features.L

Table 7 Differences Between Packet Intercept and Service Independent Intercept Features

Feature

Packet Intercept

Service Independent Intercept

Interface Type

Cable

Any

IP Masks

255.255.255.255 or 0.0.0.0

Any

L4 Ports

Any single port or 0-65535

Any port range

Protocol

UDP

Any

TOS/DSCP

Not supported

Supported

Additional Information

For additional information, refer to the following documents:

•Cable Monitor and Intercept Features for the Cisco CMTS

http://www.cisco.com/en/US/docs/cable/cmts/feature/guide/ufg_cmon.html.

•PacketCable on the Cisco CMTS

http://www.cisco.com/en/US/docs/cable/cmts/feature/guide/ufg_pkcb.html.

•Cisco PacketCable Primer White Paper

http://www.cisco.com/en/US/netsol/ns341/ns121/ns342/ns343/networking_solutions_white_paper09186a0080179138.shtml

Optional Upstream Scheduler Modes

With this feature, the user is able to select either Unsolicited Grant Services (UGS) or Real Time Polling Service (rtPS) scheduling types, as well as packet-based or TDM-based scheduling. Low latency queueing (LLQ) emulates a packet-mode-like operation over the Time Division Multiplex (TDM) infrastructure of DOCSIS. As such, the feature provides the typical tradeoff between packets and TDM: with LLQ, the user has more flexibility in defining service parameters for UGS or rtPS, but with no guarantee (other than statistical distribution) regarding parameters such as delay and jitter.

Restrictions

•To ensure proper operation, Call Admission Control (CAC) must be enabled. When the Low Latency Queueing (LLQ) option is enabled, it is possible for the upstream path to be filled with so many calls that it becomes unusable, making voice quality unacceptable. CAC must be used to limit the number of calls to ensure acceptable voice quality, as well as to ensure traffic other than voice traffic.

•Even if CAC is not enabled, the default (DOCSIS) scheduling mode blocks traffic after a certain number of calls.

•Unsolicited Grant Services with Activity Detection (UGS-AD) and Non Real Time Polling Service (nrtPS) are not supported.

New and Changed Commands

cable upstream n scheduling type

Use this new command to turn the various scheduling modes on or off, where n specifies the upstream port.
Router(config-if)# [no] cable upstream n scheduling type [ugs | rtps] mode [llq | docsis]
For additional information about scheduler enhancements on the Cisco CMTS, refer to the following documents on Cisco.com:

•Cisco CMTS Feature Guide — Configuring Upstream Scheduler Modes on the Cisco CMTS

http://www.cisco.com/en/US/docs/cable/cmts/feature/guide/ufg_schd.html.

•DOCSIS 1.1 for the Cisco CMTS

http://www.cisco.com/en/US/docs/cable/cmts/feature/guide/ufg_docs.html.

New Hardware Features in Cisco IOS Release 12.3(9a)BC8

There are no new hardware features supported in Cisco IOS Release 12.3(9a)BC8.

New Software Features in Cisco IOS Release 12.3(9a)BC8

There are no new software features supported in Cisco IOS Release 12.3(9a)BC8.

New Hardware Features in Cisco IOS Release 12.3(9a)BC7

There are no new hardware features supported in Cisco IOS Release 12.3(9a)BC7.

New Software Features in Cisco IOS Release 12.3(9a)BC7

There are no new software features supported in Cisco IOS Release 12.3(9a)BC7.

New Hardware Features in Cisco IOS Release 12.3(9a)BC6

There are no new hardware features supported in Cisco IOS Release 12.3(9a)BC6.

New Software Features in Cisco IOS Release 12.3(9a)BC6

There are no new software features supported in Cisco IOS Release 12.3(9a)BC6.

New Hardware Features in Cisco IOS Release 12.3(9a)BC5

There are no new hardware features supported in Cisco IOS Release 12.3(9a)BC5.

New Software Features in Cisco IOS Release 12.3(9a)BC5

There are no new software features supported in Cisco IOS Release 12.3(9a)BC5.

New Hardware Features in Cisco IOS Release 12.3(9a)BC4

There are no new hardware features supported in Cisco IOS Release 12.3(9a)BC4.

New Software Features in Cisco IOS Release 12.3(9a)BC4

There are no new software features supported in Cisco IOS Release 12.3(9a)BC4.

New Hardware Features in Cisco IOS Release 12.3(9a)BC3

There are no new hardware features supported in Cisco IOS Release 12.3(9a)BC3.

New Software Features in Cisco IOS Release 12.3(9a)BC3

There are no new software features supported in Cisco IOS Release 12.3(9a)BC3.

New Hardware Features in Cisco IOS Release 12.3(9a)BC2

There are no new hardware features supported in Cisco IOS Release 12.3(9a)BC2.

New Software Features in Cisco IOS Release 12.3(9a)BC2

There are no new software features supported in Cisco IOS Release 12.3(9a)BC2.

New Hardware Features in Cisco IOS Release 12.3(9a)BC1

There are no new hardware features supported in Cisco IOS Release 12.3(9a)BC1.

New Software Features in Cisco IOS Release 12.3(9a)BC1

There are no new software features supported in Cisco IOS Release 12.3(9a)BC1.

New Hardware Features in Cisco IOS Release 12.3(9a)BC

There are no new hardware features in Cisco IOS Release 12.3(9a)BC.

New Software Features for Cisco IOS Release 12.3(9a)BC

This section describes the following new software features and CLI command changes for Cisco IOS Release 12.3(9a)BC and the Cisco uBR7100 series router:

•Cable ARP Filter Enhancement

•Cisco Broadband Troubleshooter 3.2

•Cisco IOS Release 12.3(9a)BC Command-Line Interface (CLI) Enhancements

•DOCSIS Set-Top Gateway Issue 1.0

•MIBs Changes and Updates in Cisco IOS Release 12.3(9a)BC

•Subscriber Traffic Management (STM) Version 1.1

Cable ARP Filter Enhancement

The cable arp filter command, introduced with Cisco IOS Release 12.2(15)BC2b, enables service providers to filter ARP request and reply packets. This prevents a large volume of such packets from interfering with the other traffic on the cable network.

Cisco IOS Release 12.3(9a)BC introduces enhanced command syntax for the cable arp filter command, where number and window-size values are optional for reply-accept and request-send settings.

To control the number of Address Resolution Protocol (ARP) packets that are allowable for each Service ID (SID) on a cable interface, use the cable arp command in cable interface configuration mode. To stop the filtering of ARP broadcasts for cable modems, use the no form of this command.

cable arp filter {reply-accept number window-size | request-send number window-size}
no cable arp filter {reply-accept | request-send}
default cable arp filter {reply-accept | request-send}
Syntax Description

reply-accept number window-size

Configures the cable interface to accept only the specified number of ARP reply packets every window-size seconds for each active Service ID (SID) on that interface. The cable interface drops ARP reply packets for a SID that would exceed this number.

•number = (Optional) Number of ARP reply packets that is allowed for each SID within the window time period. The allowable range is 0 to 20 packets, with a default of four packets. If number is 0, the cable interface drops all ARP reply packets. If not specified, this value uses default.

•window-size = (Optional) Size of the window time period, in seconds, in which to monitor ARP replies. The valid range is one to five seconds, with a default of two seconds.

request-send number window-size

Configures the cable interface to send only the specified number of ARP request packets every window-size seconds for each active SID on that interface. The cable interface drops ARP requests for a SID that would exceed this number.

•number = (Optional) Number of ARP request packets that is allowed for each SID within the window time period. The allowable range is 0 to 20 packets, with a default of 4 packets. If number is 0, the cable interface does not send any ARP request packets.

•window-size = (Optional) Size of the window time period, in seconds, in which to monitor ARP requests. The valid range is 1 to 5 seconds, with a default of 2 seconds.

Cisco IOS Release 12.3(9a)BC also removes a prior caveat with HCCP Protect interfaces. Previously, in the event of a revert-back HCCP N+1 switchover, manual removal of cable arp filter reply and cable arp filter request configurations may have been required afterward on Protect interfaces.

For more information about ARP Filtering, refer to the following document on Cisco.com:

•Cable ARP Filtering

http://www.cisco.com/en/US/docs/cable/cmts/feature/guide/ufg_docs.html.

Cisco Broadband Troubleshooter 3.2

Cisco IOS Release 12.3(9a)BC introduces support for the Cisco Broadband Troubleshooter (CBT) Version 3.2 on the Cisco uBR7100 series universal broadband router, with newly supported interoperability for the following additional software features:

•Subscriber Traffic Management (STM) Version 1.1

Multiple Service Operators (MSOs) provide a variety of services such as TV, video on demand, data, and voice telephony to subscribers. Network Administrators and radio frequency (RF) technicians need specialized tools to resolve RF problems in the MSO's cable plant. Cisco Broadband Troubleshooter 3.2 (CBT 3.2) is a simple, easy-to-use tool designed to accurately recognize and resolve such issues.

The user can select up to three different cable modems (CMs) under the same CMTS or three different upstreams under the same CMTS. In addition, CBT 3.2 introduces the ability to display upstreams and cable modems combined (mixed) on the same trace window for monitoring and for playback.

Note CBT 3.2 resolves the former CBT 3.1 caveat CSCee03388. With CBT 3.1, trace windows did not support the mixing of upstreams or cable modems.

For additional information about CBT 3.2, spectrum management and STM 1.1, refer to the following documents on Cisco.com:

•Release Notes for Cisco Broadband Troubleshooter Release 3.2

http://www.cisco.com/en/US/products/sw/netmgtsw/ps530/prod_release_notes_list.html.

•Spectrum Management for the Cisco CMTS

http://www.cisco.com/univercd/cc/td/doc/product/cable/cab_rout/cmtsfg/ufg_spec.html.

•Subscriber Traffic Management for the Cisco CMTS

http://www.cisco.com/en/US/docs/cable/cmts/feature/ubsubmon.html.

Cisco IOS Release 12.3(9a)BC Command-Line Interface (CLI) Enhancements

Cisco IOS Release 12.3(9a)BC introduces or enhances the following CLI commands for the Cisco uBR7100 series router:

•cable source-verify

•show cable tech-support

•show controllers cable

•show tech-support

For additional information about these command changes, refer to these resources:

•"Obtaining Documentation, Obtaining Support, and Security Guidelines" section

•Cisco Broadband Cable Command Reference Guide

http://www.cisco.com/en/US/docs/ios/cable/command/reference/cbl_book.html.

DOCSIS Set-Top Gateway Issue 1.0

Cisco IOS Release 12.3(9a)BC introduces support for DOCSIS Set-Top Gateway (DSG) Issue 1.0 on the Cisco uBR7100 series universal broadband router. The DOCSIS Set-Top Gateway (DSG) feature allows the Cisco CMTS to provide a class of cable services known as out-of-band (OOB) messaging to set-top boxes (STBs) over existing DOCSIS networks. This allows MSOs and other service providers to combine both DOCSIS and STB operations over one, open, vendor-independent network, without any change to the existing network or cable modems.

DSG is a CableLabs® specification that allows the Cisco CMTS to provide a class of cable services known as out-of-band (OOB) messaging to set-top boxes (STBs) over existing Data-over-Cable Service Interface Specifications (DOCSIS) cable networks. DSG 1.0 allows cable Multi-System Operators (MSOs) and other service providers to combine both DOCSIS and STB operations over a single, open and vendor-independent network without requiring any changes to the existing DOCSIS network infrastructure.

At the time of this Cisco publication, the CableLabs® DOCSIS DSG specification is in the current status of "Issued" as characterized by stability, rigorous review in industry and cross-vendor interoperability.

For additional information about configuring and using DSG 1.0 on the Cisco uBR7100 Series routers, refer to the following document on Cisco.com:

•DOCSIS Set-Top Gateway for the Cisco CMTS

http://www.cisco.com/en/US/products/hw/cable/ps2217/products_feature_guides_list.html

MIBs Changes and Updates in Cisco IOS Release 12.3(9a)BC

Cisco IOS Release 12.3(9a)BC adds the following new MIB support for the Cisco uBR7100 series routers.

•CISCO-CABLE-METERING-MIB

•CISCO-CABLE-QOS-MONITOR MIB

•CISCO-ENHANCED-MEMPOOL-MIB

•CISCO-PROCESS-MIB

•CISCO-CABLE-SPECTRUM-MIB

•DOCS-QOS-MIB

For additional information about Cisco Broadband Cable MIBs for the Cisco CMTS, refer to the following resources on Cisco.com:

•Cisco CMTS Universal Broadband Router MIB Specifications Guide

http://www.cisco.com/en/US/docs/ios/cable/command/reference/cbl_book.html.

•SNMP Object Navigator

http://www.cisco.com/pcgi-bin/Support/Mibbrowser/unity.pl

CISCO-CABLE-METERING-MIB

Cisco IOS Release 12.3(9)BC introduces support for the CISCO-CABLE-METERING-MIB on the Cisco uBR7100 series universal broadband routers. The CISCO-CABLE-METERING-MIB contains objects that provide subscriber account and billing information in the Subscriber Account Management Interface Specification (SAMIS) format. This format is specified by the Data-over-Cable Service Interface Specifications (DOCSIS) Operations Support System Interface (OSSI) specification.

The MODULE-IDENTITY for the CISCO-CABLE-METERING-MIB is ciscoCableMeteringMIB, and its top-level OID is 1.3.6.1.4.1.9.9.424 (iso.org.dod.internet.private.enterprises.cisco.ciscoMgmt.ciscoCableMeteringMIB).

This MIB has the following constraints:

•The packet counters displayed by CLI commands are reset to zero whenever the Cisco CMTS router is rebooted.

•The packet counters displayed by SNMP commands are retained across router resets.

•These counters are 64-bit values and could rollover to zero during periods of heavy usage.

For additional SAMIS information, refer to the following resources:

•Usage Based Billing for the Cisco CMTS

http://www.cisco.com/en/US/docs/cable/cmts/feature/ubrsamis.html.

CISCO-CABLE-QOS-MONITOR MIB

Cisco IOS Release 12.3(9a)BC introduces additional features for the CISCO-CABLE-QOS-MONITOR MIB, including the following:

•Clarified the descriptions of a number of objects.

•Added a number of objects in the ccqmCmtsEnforceRuleTable to support DOCSIS 1.1 and DOCSIS 2.0 cable modems and to support peak and off-peak monitoring.

•Added the ccqmCmtsIfBwUtilTable to provide thresholds for downstream/upstream bandwidth utilization.

•Deprecated and removed ccqmCmtsEnfRuleByteCount.

CISCO-ENHANCED-MEMPOOL-MIB

Cisco IOS Release 12.3(9)BC introduces support for the CISCO-CABLE-SPECTRUM-MIB on the Cisco uBR7100 series universal broadband routers. The CISCO-ENHANCED-MEMPOOL-MIB enables you to monitor CPU and memory utilization for "intelligent" line cards and broadband processing engines on the Cisco uBR7100 series routers.

CISCO-PROCESS-MIB

Cisco IOS Release 12.3(9)BC introduces support for the CISCO-PROCESS-MIB on the Cisco uBR7100 series universal broadband routers. The CISCO-PROCESS-MIB enables you to monitor CPU and memory utilization for RF cards, cable interface line cards and broadband processing engines on the Cisco uBR7100 series routers.

CISCO-CABLE-SPECTRUM-MIB

Cisco IOS Release 12.3(9)BC introduces support for the CISCO-CABLE-SPECTRUM-MIB on the Cisco uBR7100 series universal broadband routers, with these additional MIB object enhancements:

•ccsFlapListMaxSize and ccsFlapListCurrentSize SNMP objects provide additional description for cable flap lists.

•Added the ccsCmFlapTable to replace the ccsFlapTable. The new object uses downstream, upstream and Mac as indices to replace the ccsFlapTable object.

•The enhanced ccsSNRRequestTable object provides a table of SNR requests with modified description.

•Added the ccsUpSpecMgmtUpperBoundFreq object to assist with spectrum management on the Cisco CMTS.

•Added the ccsCompliance5 object.

•Added ccsCmFlapResetNow to reset the flap list for a particular cable modem.

•Updated the descriptions for ccsFlapListMaxSize, ccsFlapListCurrentSize, and ccsSNRRequestTable.

The following objects are also now deprecated:

•ccsFlapPowerAdjustThreshold

•ccsFlapMissThreshold

•ccsFlapResetAll

•ccsFlapClearAll

•ccsFlapLastClearTime

The maximum number of entries in the flap-list was changed from a maximum of 8191 for the entire router, to the following:

•8191 entries for each Broadband Processing Engine (BPE) cable interface, such as the Cisco uBR-MC16U/X, Cisco uBR-MC28U/X, and Cisco uBR-MC5X20S/U.

•8191 maximum flap-list entries for all non-BPE cable interfaces, such as the Cisco uBR-MC16C, Cisco uBR-MC16S, and Cisco uBR-MC28C.

Two objects are now used to track the flap list size:

•ccsFlapListMaxSize—Reflects the flap list size, as configured by the cable flap-list size command.

•ccsFlapListCurrentSize—Reflects the current size of the flap list for each MAC domain (downstream).

DOCS-IF-MIB

The DOCS-IF-MIB (released as RFC2670) has been updated to conform to version 5 of the DOCSIS 2.0 RF MIB Specification (draft-ietf-ipcdn-docs-rfmibv2-05.txt). This MIB was upgraded to version 5 in December 2002. Support for OSS-N-03068 and OSS2-N-03087 was added in August 2003.

DOCS-QOS-MIB

Cisco IOS Release 12.3(9)BC introduces additional MIB object enhancements for the DOCS-QOS-MIB on the Cisco uBR7100 series universal broadband routers:

•Updated with the DOCSIS operations support system interface (OSSI) v2.0-N-04.0139-2.

•The default values of docsQosPktClassIpSourceMask and docsQosPktClassIpDestMask objects are set to 0xFFFFFFFF.

Subscriber Traffic Management (STM) Version 1.1

Cisco IOS Release 12.3(9a)BC introduces support for Subscriber Traffic Management (STM) through Version 1.1 on the Cisco uBR7100 series universal broadband routers. STM 1.1 supports DOCSIS 1.1-compliant cable modems.

The STM feature enables service providers to identify and control subscribers who exceed the maximum bandwidth allowed under their registered quality of service (QoS) profiles. STM 1.1 works with Network-Based Application Recognition (NBAR) and Access control lists (ACLs) to ensure full network performance to other network subscribers that abide by their service agreements. STM 1.1 also works in conjunction with the Cisco Broadband Troubleshooter 3.2 to support additional network management and troubleshooting functions in the Cisco CMTS.

STM 1.1 extends earlier STM functions to monitor a subscriber's traffic on DOCSIS 1.1 primary service flows and supports these additional features:

•Cisco Broadband Troubleshooter (CBT) 3.2 supports STM 1.1.

•DOCSIS 1.0-compliant and DOCSIS 1.1-compliant cable modem are supported.

•Monitoring and application of traffic management policies are applied on a service-flow basis.

•Monitoring window duration increased from seven to 30 days.

For additional information about STM 1.1 and Cisco CBT 3.2, refer to the following documents on Cisco.com:

•Subscriber Traffic Management for the Cisco CMTS

http://www.cisco.com/en/US/docs/cable/cmts/feature/ubsubmon.html

•Release Notes for Cisco Broadband Troubleshooter Release 3.2

http://www.cisco.com/en/US/products/sw/netmgtsw/ps530/prod_release_notes_list.html

Important Notes

The following sections contain important notes about Cisco IOS Release 12.3(23)BC5 that apply to Cisco uBR7100 series universal broadband routers.

How to Upgrade to Cisco IOS Release 12.3(21)BC

In circumstances in which non-volatile memory (NVRAM) becomes corrupted on the Cisco CMTS, configurations and feature behavior may become corrupted or lost, looping behavior in NVRAM may result, and additional measures to resolve corrupted NVRAM and lost configurations would be required.

This issue can be generated by upgrading to later Cisco IOS releases from prior Cisco IOS releases that do not contain resolution to a specific and known issue. This issue is not limited to Cisco IOS releases installed on the Cisco universal broadband routers.

Symptoms of Corrupted NVRAM

This issue is displayed with the following symptoms in the case of the Cisco CMTS:

•A router may display the following error message:

–NV: Invalid Pointer value(6357F3CC) in private configuration structure

This error message is displayed either when the router boots, or when you enter one of the following commands:

•write memory

•copy running-config startup-config

•copy file

•nvram:startup-config

Conditions of Corrupted NVRAM

This symptom is observed under the following conditions:

•The Cisco router runs one of the following Cisco IOS Releases, as the outgoing image to be upgraded:

–Interim Cisco IOS Release 12.3(19.7)

–Interim Cisco IOS Release 12.4(6.5)

–Interim Cisco IOS Release 12.4(6.5)T

–Certain later releases

When upgrading to Cisco IOS Release 12.3(21)BC, the following upgrade procedure prevents corruption to NVRAM, retains configurations made in earlier releases, and successfully installs Cisco IOS Release 12.3(21)BC images. This procedure is subject to the feature restrictions and prerequisites of Cisco IOS Release 12.3(21)BC, described in these release notes.

Prerequisites

Cisco strongly recommends that you back up your configuration files prior to performing this upgrade, or any upgrade.

SUMMARY STEPS

Perform these steps to upgrade to Cisco IOS 12.3(21)BC, after TFTP file transfer operations are complete.

1. enable

2. configure terminal

3. erase /all nvram:

4. write memory

5. copy file

6. reload

DETAILED STEPS

Command or Action

Purpose

Step 1

enable
Example:

Router> enable

Enables privileged EXEC mode.

•Enter your password if prompted.

Step 2

configure terminal
Example:

Router# configure terminal

Enters global configuration mode.

Step 3

erase /all nvram:
or

erase nvram:
or

write erase
Example:

Router# erase /all nvram:

The first command option for this step erases the entire NVRAM.

Either of the final two command options erase only the configuration files in NVRAM.

Step 4

write memory
Example:

Router# write memory

(Optional) Copies the running configuration to startup configuration.

Step 5

copy file
Example:

Router# copy ubr10k-k8p6-mz

This general step copies a saved configuration, if different from the running configuration, to the startup configuration.

•file—Cisco IOS image file for Cisco IOS Release 12.3(21)BC

Step 6

reload
Example:

Router# reload

Boots the router with the latest Cisco IOS release image.

New Command Information for Cisco IOS Release 12.3(21)BC3

Cisco IOS Release 12.3(21)BC introduces support and modifications to the following commands for Cisco Cable Modem Termination System (CMTS) universal broadband routers.

Refer to the following sections for more information:

•controller modular-cable

•clear cable modem reset

•hw-module shutdown

•show cable modem summary

controller modular-cable

To enter controller configuration mode to configure the Cisco 1-Gbps Wideband SPA controller, use the controller modular-cable command in global configuration mode.

controller modular-cable slot/subslot/bay
Syntax Description

slot

The slot where the Wideband SIP resides. On the Cisco uBR10012 router, slots 1 and 3 can be used for the Wideband SIP.

subslot

The subslot where the Wideband SIP resides. On the Cisco uBR10012 router, subslot 0 is always specified.

bay

The bay in the Wideband SIP where the Wideband SPA is located. Valid values are 0 (upper bay) and 1 (lower bay).

Defaults

No Wideband SPA controller is configured.

Command Modes

Global configuration mode.

Command History

Release

Modification

12.3(21)BC

This command was introduced on the Cisco uBR10012 universal broadband router.

Usage Guidelines

This command indicates where the Wideband SPA that will be configured is located and enters controller configuration mode.

Examples

The following example shows how to enter controller configuration mode for the Wideband SPA in slot 1, subslot 0, and bay 0.
Router# configure terminal 
Router(config)# controller modular-cable 1/0/0
Router(config-controller)# 
Router# 
Related Commands

Command

Description

annex modulation

Sets the annex and modulation for the Wideband SPA.

ip-address

Sets the IP address of the Wideband SPA's FPGA

rf-channel

Configures an RF channel on a Wideband SPA.

rf-channel cable downstream channel-id

Assigns a downstream channel ID to an RF channel.

cable rf-channel

Associates an RF channel on a Wideband SPA with a wideband channel.

modular-host subslot

Specifies the modular-host line card for Wideband protocol operations.

clear cable modem reset

To remove one or more CMs from the Station Maintenance List and reset them, use the clear cable modem reset command in privileged EXEC mode.

clear cable modem {mac-addr | ip-addr | [cable slot/port] {all | oui string | reject} } reset
clear cable modem {mac-addr | ip-addr | [cable slot/subslot/port] {all | oui string | reject | wideband registered-traditional-docsis} } reset
Syntax Description

mac-addr

Specifies the 48-bit hardware address (MAC address) of an individual CM, or of any CPE devices or hosts behind that CM.

ip-addr

Specifies the IP address of an individual CM, or of any CPE devices or hosts behind that CM.

cable slot/port

(Optional) Identifies the a interface and downstream port on the Cisco uBR7100 series and Cisco uBR7200 series routers.

On the Cisco uBR7100 series router, the only valid value is 1/0. On the Cisco uBR7200 series router, slot can range from 3 to 6, and port can be 0 or 1, depending on the cable interface.

cable slot/subslot/port

(Optional) Identifies a cable interface on the Cisco uBR10012 router. The following are the valid values:

•slot = 5 to 8

•subslot = 0 or 1

•port = 0 to 4 (depending on the cable interface)

all

Removes all the CMs from the Station Maintenance List. (This option is valid only on the Release 12.1 EC train.)

oui string

Removes and resets all CMs that match the specified Organization Unique Identifier (OUI). The string parameter can be either the three byte hexadecimal string (such as 00.00.0C) or a vendor name that has been defined using the cable modem vendor command.

reject

Removes and resets all CMs that are currently in one of the reject states (see the description of these states in the show cable modem command).

wideband registered-traditional-docsis

If you specify wideband, removes and resets all wideband CMs. If you specify wideband registered-traditional-docsis, removes and resets all wideband CMs that are registered as traditional DOCSIS modems.

Defaults

No default behavior or values

Command Modes

Privileged EXEC

Command History

Release

Modification

12.1(2) EC

This command was introduced.

12.2(4)BC1

Support was added to the Release 12.2 BC train.

12.2(11)BC2

Support was added for the oui and reject options.

12.2(11)BC3

The all option was removed from the Release 12.2 BC train, and replaced with the interface option.

12.2(15)BC1

The cable interface was made an optional keyword for this command.

12.3(21)BC

Support was added for the wideband and registered-traditional-docsis keywords.

Usage Guidelines

This command instructs the Cisco CMTS to stop sending DOCSIS station maintenance messages to one or more CMs, which effectively terminates the link to those CMs. A CM responds to this by resetting itself. Depending on when the CM received the last station maintenance message, it can take up to 30 seconds before the CM detects the missing station maintenance messages and resets itself.

In some circumstances, the customer premises equipment (CPE) devices behind a CM stops receiving traffic after the CM is reset. This is because the CMTS still has the CPE device listed in its address tables, but the CM does not after being reset, so the traffic passes through the CMTS but is dropped by the CM. To resolve this situation, the CPE device should simply send some type of traffic to the CM, such as a ping packet. (You can also resolve this situation by using the clear arp-cache command on the Cisco CMTS router to clear the router's address table, but this is not recommended, because it temporarily interrupts all traffic on the router.)

Note The clear cable modem all reset command can result in the CPU utilization temporarily reaching 100 percent for a couple of minutes, as the CPU processes the command for all CMs. The CPU utilization will return to normal within a couple of minutes.

Caution The clear cable modem all reset command should normally be used only on a test or lab network. If used on a large network, it could impact service for a significant period of time, as it would force all CMs to simultaneously reset and reregister with the Cisco CMTS.

Tip You can also specify the MAC address or IP address for a CPE device or host, and the Cisco CMTS resets the CM that is associated with that CPE device in its internal database.

Examples

The following example shows how to reset the CM at 172.23.45.67:
Router# clear cable modem 172.23.45.67 reset
Router#
The following example shows how to reset all CMs that have a OUI that has been defined as having the vendor name of Cisco using the cable modem vendor command:
Router# clear cable modem oui Cisco reset
Router#
The following example shows how to reset all CMs that are currently in one of the reject states:
Router# clear cable modem reject reset
Router#
The following example shows how to reset all wideband CMs that are registered as traditional DOCSIS modems.:
Router# clear cable modem wideband registered-traditional-docsis reset
MAC Address    IP Address      I/F       MAC            Prim  BG  DSID  MD-DS-SG
                                         State          Sid   ID
0018.6852.825c 80.18.0.9       C5/0/0/U0 online         1     0   256   N/A
0018.6852.8286 80.18.0.10      C5/0/0/U0 online         2     0   264   N/A
0016.92fb.55be 80.18.0.7       C5/0/0/U0 online         3     0   288   N/A
0016.92f0.9104 80.18.0.5       C5/0/0/U0 online         4     0   280   N/A
0016.92fb.55c0 80.18.0.6       C5/0/0/U0 online         5     0   272   N/A
Router#

Related Commands

Command

Description

clear cable flap-list

Resets the flap-list table for a specific CM or for all CMs.

clear cable modem counters

Resets the flapping counters of a CM to zero.

clear cable modem delete

Removes one or more CMs from the internal address and routing tables.

clear cable modem lock

Resets the lock on one or more CMs.

clear cable modem offline

Removes all offline CMs from the internal address and routing tables, or clears all flap list counters for offline CMs.

show cable modem

Displays the current status for one or more CMs.

hw-module shutdown

To shut down a particular Performance Routing Engine (PRE1) module, line card, Wideband SIP or Wideband SPA, use the hw-module shutdown command in global configuration mode. To activate a specific PRE1, line card, Wideband SIP or Wideband SPA, use the no form of this command.

hw-module {main-cpu | pre {A|B} | sec-cpu | slot slot-number | subslot slot/subslot |
bay slot/subslot/bay} shutdown [unpowered]
no hw-module {main-cpu | pre {A|B} | sec-cpu | slot slot-number | subslot slot/subslot |
bay slot/subslot/bay} shutdown
Syntax Description

main-cpu

Shuts down the PRE1 module that is currently acting as the active PRE1 module.

pre {A|B}

Shuts down the PRE1 module that is physically in either PRE slot A (left slot) or PRE slot B (right slot).

sec-cpu

Shuts down the PRE1 module that is currently acting as the standby PRE1 module.

slot slot-number

Shuts down the line cards that are physically present in the specified slot-number (valid range is 1 to 8).

subslot slot/subslot

Shuts down the line card or SIP that is physically present in the slot with the specified slot and subslot numbers. The following are the valid values:

•slot = 1 to 8

•subslot = 0 or 1

bay slot/subslot/bay

Shuts down the SPA in the location specified by the slot/subslot/bay argument. The following are the valid values:

•slot = 1 to 3

•subslot = 0 or 1 (0 is always specified)

•bay = 0 (upper bay) or 1 (lower bay)

unpowered

Used with the Wideband SPA, shuts down the SPA and its interfaces, and leaves them in an administratively down state without power.

Defaults

No default behavior or values

Command Modes

Global configuration

Command History

Release

Modification

12.2(4)XF

This command was introduced for the Cisco uBR10012 router.

12.3(21)BC

Support was added for the Cisco Wideband SIP and Cisco 1-Gbps Wideband SPA.

Usage Guidelines

The hw-module shutdown command shuts down a particular Performance Routing Engine (PRE1) module, line card, Wideband SIP or Wideband SPA. To activate a specific PRE1, line card, Wideband SIP, or Wideband SPA, use the no form of this command.

Caution Shutting down the active PRE1 module will trigger a switchover, so that the standby PRE1 module becomes the active PRE1 module.

Examples

The following example shows the standby PRE1 module being shut down:
Router(config)# hw-module sec-cpu shutdown 
Router(config)#
The following example shows the active PRE1 module being shut down (which will trigger a switchover to the standby PRE1 module):
Router(config)# hw-module main-cpu shutdown 
Router(config)# 
The following example shows the PRE1 module in PRE1 slot B being shut down:
Router(config)# hw-module pre B shutdown 
Router(config)# 
Note The hw-module pre B shutdown command shuts down the PRE1 module that is physically present in slot B, regardless of whether the module is the active or standby PRE1 module.

The following example shows how to deactivate and verify deactivation for the Cisco Wideband SPA located in slot 1, subslot 0, bay 0. In the output of the show hw-module bay oir command, notice the "admin down" in the Operational Status field.
Router# configure terminal
Router(config)# hw-module bay 1/0/0 shutdown unpowered
%SPAWBCMTS-4-SFP_MISSING: Wideband-Cable 1/0/0, 1000BASE-SX SFP missing from port 0
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:1, changed state to down
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:2, changed state to down
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:3, changed state to down
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:4, changed state to down
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:5, changed state to down
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:6, changed state to down
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:7, changed state to down
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:8, changed state to down
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:9, changed state to down
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:10, changed state to down
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:11, changed state to down
...
Router# show hw-module bay 1/0/0 oir
Module         Model              Operational Status
-------------- ------------------ -------------------------
bay 1/0/0      SPA-24XDS-SFP      admin down
The following example shows how to activate and verify activation for the Cisco Wideband SPA located in slot 1, subslot 0, bay 0. In the output of the show hw-module bay oir command, notice the "ok" in the Operational Status field.
Router# configure terminal
Router(config)# no hw-module bay 1/0/0 shutdown
%SPAWBCMTS-4-SFP_OK: Wideband-Cable 1/0/0, 1000BASE-SX SFP inserted in port 0
%SPAWBCMTS-4-SFP_LINK_OK: Wideband-Cable 1/0/0, port 0 link changed state to up
%SNMP-5-LINK_UP: LinkUp:Interface Wideband-Cable1/0/0:0 changed state to up
%LINK-3-UPDOWN: Interface Cable1/0/0:0, changed state to up
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:1, changed state to up
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:2, changed state to up
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:3, changed state to up
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:4, changed state to up
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:5, changed state to up
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:6, changed state to up
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:7, changed state to up
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:8, changed state to up
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:9, changed state to up
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:10, changed state to up
%LINK-3-UPDOWN: Interface Wideband-Cable1/0/0:11, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Wideband-Cable1/0/0:0, changed state to up
...
Router# show hw-module bay 1/0/0 oir
Module         Model              Operational Status
-------------- ------------------ -------------------------
bay 1/0/0      SPA-24XDS-SFP      ok
Related Commands

Command

Description

hw-module reset

Resets a PRE1 module or line card.

hw-module reload

Reloads the software in and restarts a Cisco 1-Gbps Wideband SPA.

redundancy force-failover main-cpu

Forces a manual switchover between the active and standby PRE1 modules.

show cable modem summary

To display a summary of CMs on one or more cable interfaces, use the show cable modem command in privileged EXEC mode.

show cable modem summary [total]
show cable modem summary interface1 [interface2] total
show cable modem summary interface1 [interface2] upstream port1 port2 total
show cable modem cable slot/port [upstream port] summary
show cable modem cable slot/subslot/port [upstream port] summary
Syntax Description

total

(Optional) Displays a footer line showing the totals for each column.

interface1

(Optional) Cable interface to be summarized. The interface1 parameter can take the following forms:

•cable slot/port—On the Cisco uBR7100 series router, the only valid value is 1/0. On the Cisco uBR7200 series router, slot can range from 3 to 6, and port can be 0 or 1, depending on the cable interface.

•cable slot/subslot/port—On the Cisco uBR10012 router, slot can range from 5 to 8, subslot can be either 0 or 1, and port can range from 0 to 4 (depending on the interface).

interface2

(Optional) Second cable interface, specifying a range of cable interfaces to be summarized. The interface2 parameter has the same form as interface1.

Note When specifying a range of cable interfaces, interface1 must be the lower-numbered interface and interface2 must be the higher-numbered interface.

upstream port1 port2

(Optional) Specifies a range of upstream ports on the cable interfaces to be summarized. The port1 and port2 parameters can start at 0, and port2 must be a higher-numbered port than port1.

upstream port

(Optional) Specifies a specific upstream port to be summarized. This option can be specified only when summarizing a single cable interface.

Command Modes

Privileged EXEC

Command History

Release

Modification

11.3XA

This command was introduced.

12.1(4)CX and 12.2(4)BC1

Support was added for the Cisco uBR10012 router.

12.1(6)EC

The total option was supported for the Cisco uBR7100 series and Cisco uBR7200 series routers.

12.1(11b)EC

The upstream Description field was added to the show cable modem summary display in Cisco IOS Release 12.1 EC.

12.2(8)BC1

The total option was supported for the Cisco uBR10012 universal broadband router.

12.2(15)BC2

The upstream Description field was added to the show cable modem summary display in Cisco IOS Release 12.2 BC.

12.3(21)BC

Support was added for wideband modem output.

Usage Guidelines

This command displays a summary of CMs for a single cable interface or upstream, or for a range of cable interfaces or upstreams. The following possible combinations are possible for this command:

•show cable modem summary total—Displays a summary and a total for all CMs on the chassis.

•show cable modem summary cable x/0 total—Displays a summary of CMs on a specified card.

•show cable modem summary cable x/0 upstream port1 port2 total—Displays a summary of CMs on the specified card and specified range of ports. The port1 value must be less than the port2 value.

•show cable modem summary cable x/0 cable y/0 total—Displays a summary of CMs on the specified range of cards.

•show cable modem summary cable x/0 cable y/0 upstream port1 port2 total—Displays a summary of CMs on the specified range of ports on the specified range of cards.

Examples

The following example shows typical output for the default form of the show cable modem summary command on a Cisco uBR7200 series router:
Router# show cable modem summary 
Interface     Total      Active      Registered   Description 
              Modems     Modems      Modems
Cable3/0/U0   165         141         141         Line 32/1
Cable3/0/U1   209         172         170         Line 32/2
Cable3/0/U2   262         207         203         Line 32/3
Cable3/0/U3   256         194         188         Line 32/4
Cable5/0/U0   746         714         711         Line 41/1
Cable6/0/U0   806         764         759         Line 42/2
Router# 
Note The Description field appears in Cisco IOS Release 12.1(11b)EC, 12.2(15)BC2, and later releases, and shows the string configured for the upstream using the cable upstream description command.

The following example shows typical output for the show cable modem summary command with the total option on a Cisco uBR7200 series router:
Router# show cable modem summary total 
Interface     Total      Active      Registered   Description 
              Modems     Modems      Modems
Cable5/0/U0     746        714         711        Node1 
Cable6/0/U1     806        764         759        Node3
Total:         1552       1478        1470
Router# 
The following example shows sample output for the show cable modem summary command with the total option for a Cisco uBR10012 router:
Router# show cable modem summary total
Interface                       Cable Modem                    Description
            Total Reg   Unreg Offline Wideband initRC initD initIO initO
C5/0/0/U0   84    84    0     0       84       0      0     0      0     
C5/0/0/U1   84    84    0     0       84       0      0     0      0     
C5/0/0/U2   83    83    0     0       83       0      0     0      0     
C5/0/0/U3   83    83    0     0       83       0      0     0      0     
<<output omitted>>
Total:      8020  8020  0     0       8016     0      0     0      0 
Router# 
The following example shows sample output for the show cable modem summary total command for a range of interfaces on the Cisco uBR10012 router:
Router# show cable modem summary c5/1/1 c5/1/2 total
Interface                       Cable Modem                    Description
            Total Reg   Unreg Offline Wideband initRC initD initIO initO
C5/1/1/U0   84    84    0     0       84       0      0     0      0     
C5/1/1/U1   84    84    0     0       83       0      0     0      0     
C5/1/1/U2   83    83    0     0       83       0      0     0      0     
C5/1/1/U3   83    83    0     0       83       0      0     0      0     
C5/1/2/U0   84    84    0     0       84       0      0     0      0     
C5/1/2/U1   84    84    0     0       84       0      0     0      0     
C5/1/2/U2   83    83    0     0       83       0      0     0      0     
C5/1/2/U3   83    83    0     0       83       0      0     0      0     
Total:      668   668   0     0       667      0      0     0      0     
Router# 
The following example shows sample output for the show cable modem summary total command for a range of interfaces and upstreams on the Cisco uBR10012 router:
Router# show cable modem summary c5/1/1 c5/1/2 upstream 0 1 total
Interface                       Cable Modem                    Description
            Total Reg   Unreg Offline Wideband initRC initD initIO initO
C5/1/1/U0   84    84    0     0       84       0      0     0      0     
C5/1/1/U1   84    84    0     0       83       0      0     0      0     
C5/1/2/U0   84    84    0     0       84       0      0     0      0     
C5/1/2/U1   84    84    0     0       84       0      0     0      0     
Total:      336   336   0     0       335      0      0     0      0     
Router# 
Note When displaying a summary for a range of ports or cable interfaces, the first port or cable interface (for example, u0 or c4/0) must be lower-numbered than the second port or interface (for example, u6 or c6/0). If you specify the higher-numbered port or interface first, the display shows no CMs connected.

Table 8 describes the fields shown in the show cable modem summary displays:

Table 8 Descriptions for the show cable modem summary Fields

Field

Description

Interface

The cable interface line card providing the upstream for the CMs.

Total Modems or Total

Total number of CMs, registered, unregistered, and offline for this interface.

Registered Modems or Reg

Total number of CMs that have registered and are online on this interface. This number might be different from the Total Modems number if some modems are offline or not fully registered.

Unregistered Modems

Total number of CMs that are either offline and not currently communicating with the CMTS, or attempting to come online but are not yet registered.

Offline

Total number of CMs that were online or attempted to register but are no longer communicating with the CMTS.

Wideband

CM is registered as a wideband CM.

init(rc)

MAC state of CM is init(rc).

init(d)

MAC state of CM is init(d).

init(io)

MAC state of CM is init(io).

init(o)

MAC state of CM is init(o).

Description

Description entered for this upstream using the cable upstream description command.

Note For information on MAC states, see the show cable modem command.

Tip In Cisco IOS Release 12.1(12)EC, Release 12.2(8)BC1, and later releases, you can add a timestamp to show commands using the exec prompt timestamp command in line configuration mode.

Related Commands

Command

Description

show cable modem

Displays information for the registered and unregistered CMs.

show cable modem access-group

Displays the access groups for the CMs on a particular cable interface.

show cable modem calls

Displays voice call information for a particular CM, identified either by its IP address or MAC address.

show cable modem connectivity

Displays connectivity statistics for one or more CMs.

show cable modem counters

Displays downstream and upstream traffic counters for one or more CMs.

show cable modem cpe

Displays the CPE devices accessing the cable interface through a particular CM.

show cable modem offline

Displays a list of the CMs that are marked as offline with the Cisco CMTS.

show cable modem registered

Displays a list of the CMs that are marked as registered with the Cisco CMTS.

show cable modem remote-query

Displays information collected by the remote-query feature.

show cable modem unregistered

Displays a list of the CMs that are marked as unregistered with the Cisco CMTS.

show cable modem vendor

Displays the vendor name or Organizational Unique Identifier (OUI) for the CMs on each cable interface.

show interface cable modem

Displays information about the CMs connected to a particular cable interface.

show interface cable sid

Displays cable interface information.

show cable modem wideband

Displays information for a wideband CMs.

New and Changed Command Reference for Cisco IOS Release 12.3(9a)BC

Cisco IOS Release 12.3(9a)BC introduces or enhances the following Cisco IOS commands for the Cisco uBR7100 series universal broadband routers:

•cable source-verify

•show cable tech-support

•show controllers cable

•show tech-support

cable source-verify

To enable verification of IP addresses or service IDs (SIDs) for CMs and CPE devices on the upstream, use the cable source-verify command in global configuration, cable interface configuration or subinterface configuration modes. To disable verification, use the no form of this command.

Cable Interface and Subinterface Configuration Modes

cable source-verify [dhcp | leasetimer value | leasequery-filter upstream query-num interval]
no cable source-verify
Global Configuration Mode

cable source-verify leasequery-filter downstream query-num interval
no cable source-verify
Syntax Description

dhcp

(Optional) Specifies that queries will be sent to verify unknown source IP addresses in upstream data packets.

Note Do not enable the local DHCP server on the Cisco CMTS and configure local DHCP address pools, using the ip dhcp pool command, when using this option, because this prevents DHCP address validation.

leasetimer value

(Optional) Specifies the time, in minutes, for how often the router should check its internal CPE database for IP addresses whose lease times have expired. The valid range for value is 1 to 240 minutes, with a default of 60 minutes.

Note The leasetimer option takes effect only when the dhcp option is also used on an interface. Also, this option is supported only on the master interface and cannot be configured on subinterfaces. Configuring it for a master interface automatically applies it to all subinterfaces.

leasequery-filter upstream query-num interval

(Optional) Enables upstream lease queries to be defined on a per-SID basis to reduce the chance of Denial of Service attacks.

•query-num—

•interval—

leasequery-filter downstream query-num interval

(Optional) Enables downstream lease queries to be defined on a per-SID basis to reduce the chance of Denial of Service attacks.

•query-num—

•interval—

Defaults

Disabled. When the dhcp option is specified, the leasetimer option is set by default to 60 minutes.

Command Modes

Global configuration, Cable interface configuration or subinterface configuration

Note Configuring the cable source-verify command on the master interface of a bundle will configure it for all of the slave interfaces in the bundle as well.

Command History

Release

Modification

11.3 XA

This command was introduced.

12.0(7)T

The dhcp keyword was added.

12.0(10)SC, 12.1(2)EC

Support was added for these trains.

12.1(3a)EC

Subinterface support was added.

12.1(13)EC, 12.2(11)BC1

The leasetimer keyword was added.

12.2(15)BC1

The verification of CPE devices was changed when using the dhcp keyword.

12.2(15)BC2

Support for verifying CMs and CPE devices that are on a different subnet than the cable interface was enhanced to use Reverse Path Forwarding (RFP).

12.3(9a)BC

In order to protect the Cisco CMTS from denial of service attacks, Cisco IOS Release 12.3(9a)BC adds the option of using a per SID basis for deriving lease queries from CPE devices. This release also introduces a global rate limit for lease queries initiated by downstream traffic. These enhancements reduce the CPU utilization of DHCP Receive and ISR processes when the Cisco CMTS is configured with the cable source-verify dhcp and no cable arp commands.

For additional information about this and other commands, refer to the following document on Cisco.com:

•Cisco Broadband Cable Command Reference Guide

http://www.cisco.com/en/US/docs/ios/cable/command/reference/cbl_book.html.

show cable tech-support

Cisco IOS Release 12.3(9a)BC introduces changes to the output of the show cable tech-support command. This change allows users with large numbers of online cable modems to collect the necessary information without consuming the console session for a long period of time.

To display general information about the router when reporting a problem, use the show cable tech-support command in privileged EXEC mode.

show cable tech-support
Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Privileged EXEC.

Command History

Release

Modification

11.2

This command was introduced.

12.1(1a)T1

This command was modified to include information about the cable clock card.

12.2(15)BC2

This command added several show pxf commands to the display on the Cisco uBR10012 router.

12.3(9a)BC

The command was modified to allow users with large numbers of online cable modems to collect the necessary information without consuming the console session for a long period of time.

Examples

The following example illustrates the cable modem and interface information for the Cisco uBR7100 series router on which Cisco IOS Release 12.3(9a)BC is installed.
Router# show cable tech-support
----------------------------------- Slot 1/0 -----------------------------------
------------------ show cable modem Cable1/0 ------------------
MAC Address    IP Address      I/F       MAC         Prim RxPwr  Timing  Num BPI
                                         State       Sid  (dB)   Offset  CPE Enb
------------------ show cable modem Cable1/0 connectivity ------------------
Prim  1st time    Times  %online     Online time            Offline time
Sid   online      Online          min     avg     max     min     avg     max
------------------ show interface Cable1/0 sid ------------------
Sid  Prim  MAC Address    IP Address      Type Age      Admin   Sched  Sfid
                                                        State   Type
------------------ show interface Cable1/0 sid counter ------------------
Sid  Req-polls  BW-reqs    Grants     Packets    Frag       Concatpkts
     issued     received   issued     received   complete   received
------------------ show interface Cable1/0 sid association ------------------
Sid  Prim Online     IP Address      MAC Address    Interface     VRF Name
------------------ show interface Cable1/0 modem 0 ------------------
SID   Priv bits  Type      State       IP address      method    MAC address
For additional information about this and other commands, refer to the following document on Cisco.com:

•Cisco Broadband Cable Command Reference Guide

http://www.cisco.com/en/US/docs/ios/cable/command/reference/cbl_book.html.

show controllers cable

To display information about the interface controllers for a cable interface on the Cisco CMTS router, use the show controllers cable command in user EXEC or privileged EXEC mode.

show controllers cable {slot/port | slot/subslot/port} [downstream | upstream [port] | [mem-stat] [memory] [proc-cpu]]
Cisco IOS Release 12.3(9a)BC adds the tech-support keyword to the show controllers cable command. This change allows users with large numbers of online cable modems to collect the necessary line card information without consuming the console session for a long period of time.

Additional and related improvements are also available for the show tech-support command.

Syntax Description

slot/port

Identifies the cable interface and downstream port on the Cisco uBR7100 series and Cisco uBR7200 series routers.

On the Cisco uBR7100 series router, the only valid value is 1/0. On the Cisco uBR7200 series router, slot can range from 3 to 6, and port can be 0 or 1, depending on the cable interface.

slot/subslot/port

Identifies the cable interface on the Cisco uBR10012 router. The following are the valid values:

•slot = 5 to 8

•subslot = 0 or 1

•port = 0 to 4 (depending on the cable interface)

downstream

(Optional) Displays downstream interface status.

upstream

(Optional) Displays upstream interface status.

port

(Optional) Specifies the desired upstream port. Valid values start with 0 for the first upstream port on the cable interface line card.

mem-stat

(Optional) Displays the output from the show memory statistics command to display a summary of memory statistics for a Broadband Processing Engine (BPE) cable interface line card.

memory

(Optional) Displays the output from the show memory command to display a summary of memory statistics, including the memory as it is allocated per process, for a Broadband Processing Engine (BPE) cable interface line card.

proc-cpu

(Optional) Displays the output from the show processes cpu command to display the processor status for a Broadband Processing Engine (BPE) cable interface line card.

tech-support

(Optional, privileged EXEC mode only) Displays the output from the show tech-support command for a Broadband Processing Engine (BPE) cable interface line card.

Defaults

No default behavior or values.

Command Modes

User EXEC, Privileged EXEC.

Command History

Release

Modification

11.3 NA

This command was introduced.

12.0(2)XC

This command was modified to show a number of additional fields.

12.1(5)EC1

Support was added for the Cisco uBR7100 series router, including information about the Cisco uBR7100 series integrated upconverter.

12.2(1)XF1

Support was added for the Cisco uBR10012 router.

12.0(16)SC2, 12.1(10)EC1, 12.2(4)BC1b

The algorithm for calculating the SNR value was enhanced for a more accurate value.

12.2(15)CX

Support was added for the Cisco uBR-MC28U/X cable interface line card, including the display of the number of packets dropped because they were for a Service Flow ID (SFID) of 0.

12.2(15)BC2b

The mem-stat, memory, and proc-cpu options were added to obtain processor information from the onboard processor on Broadband Processing Engine (BPE) cable interface line cards, such as the Cisco uBR-MC16U/X, Cisco uBR-MC28U/X, and Cisco uBR-MC5X20S/U cards.

12.3(9a)BC

The tech-support option was added in order to improve command behavior. Additional information required during technical support is also available with alternate commands such as show tech-support and show cable tech-support. This enhanced command is supported on the Cisco uBR10012, Cisco uBR7246VXR and Cisco uBR7100 Series universal broadband routers.

Usage Guidelines

The mem-stat, memory, and proc-cpu keywords execute the related command on the processor that runs on added to obtain the relevant information from the onboard processor on Broadband Processing Engine (BPE) cable interface line cards, such as the Cisco uBR-MC16U/X, Cisco uBR-MC28U/X, and Cisco uBR-MC5X20S/U cards. This allows you to obtain information that is specific for that particular cable interface card, as opposed to having to run these commands on the entire router.

Note The mem-stat, memory, and proc-cpu options are not available for cable interface line cards that do not contain an onboard processor (for example, the Cisco uBR-MC16C cable interface line card).

Examples

The following is sample output for the downstream connection for cable interface 1/0 on a Cisco uBR7100 series router:
Router# show controllers c1/0 downstream
 Cable1/0 Downstream is up
  Frequency not set, Channel Width 6 MHz, 64-QAM, Symbol Rate 5.056941 Msps
  FEC ITU-T J.83 Annex B, R/S Interleave I=32, J=4
  Downstream channel ID: 0
  Dynamic Services Stats:
  DSA: 0  REQs  0 RSPs  0 ACKs
  0 Successful DSAs  0 DSA Failures
  DSC: 0  REQs  0 RSPs  0 ACKs
  0 Successful DSCs  0 DSC Failures
  DSD:  0 REQs  0 RSPs
  0 Successful DSDs  0 DSD Failures
  DCC: 0  REQs  0 RSPs  0 ACKs
  0 Successful DCCs  0 DCC Failures
Table 9 describes the fields displayed by the show controllers cable downstream command.
Table 9 show controllers cable downstream Field Descriptions
Field

Description
Cable
Slot number/port number indicating the location of the Cisco cable interface line card.
Downstream is up
Indicates that the RF downstream interface is enabled.
Frequency
Transmission frequency of the RF downstream. (This information may not match the current transmission frequency, which is external on CMTS platforms that use an external upconverter.)
Channel Width
Indicates the width of the RF downstream channel.
QAM
Indicates the modulation scheme.
Symbol Rate
Indicates the transmission rate (in number of symbols per second).
FEC ITU-T
Indicates the Motion Picture Experts Group (MPEG) framing standard.
R/S Interleave I/J
Indicates Reed Solomon framing based on ITU S.83-B.
Examples

The following example illustrates the information from the show controllers cable command for slot 1 on port 0 on a Cisco uBR7100 series router on which Cisco IOS Release 12.3(9a)BC is installed.
Router# show controllers c1/0
The following example illustrates memory statistics for the specified slot/port on the Cisco uBR7100 router:
Router# show controllers c1/0 mem-stat
                Head    Total(b)     Used(b)     Free(b)   Lowest(b)  Largest(b)
Processor   60F3FB40   185337024     8644376   176692648   176557288   176638828
      I/O    C000000    67108864     6679384    60429480    60429480    60405696
The following example illustrates upstream information for the specified slot/port on the Cisco uBR7100 series router:
Router# show controllers c1/0 upstream
 Cable1/0 Upstream 0 is up
  Frequency 25.008 MHz, Channel Width 1.600 MHz, QPSK Symbol Rate 1.280 Msps
  Spectrum Group is overridden
  SNR - Unknown - no modems online.
  Nominal Input Power Level 0 dBmV, Tx Timing Offset 0
  Ranging Backoff automatic (Start 0, End 3)
  Ranging Insertion Interval automatic (60 ms)
  Tx Backoff Start 3, Tx Backoff End 5
  Modulation Profile Group 1
  Concatenation is enabled
  Fragmentation is enabled
  part_id=0x3137, rev_id=0x03, rev2_id=0xFF
  nb_agc_thr=0x0000, nb_agc_nom=0x0000
  Range Load Reg Size=0x58
  Request Load Reg Size=0x0E
  Minislot Size in number of Timebase Ticks is = 4
  Minislot Size in Symbols = 32
  Bandwidth Requests = 0x0
  Piggyback Requests = 0x0
  Invalid BW Requests= 0x0
  Minislots Requested= 0x0
  Minislots Granted  = 0x0
  Minislot Size in Bytes = 8
  Map Advance (Dynamic) : 2180 usecs
  UCD Count = 320676
  DES Ctrl Reg#0 = C000C043, Reg#1 = 0
The following example illustrates CPU processes for the specified slot/port on the Cisco uBR7100 series router:
Router# show controllers c1/0 proc-cpu
CPU utilization for five seconds: 1%/1%; one minute: 1%; five minutes: 1%
 PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY Process
   1           4         1       4000  0.00%  0.00%  0.00%   0 Chunk Manager
   2           0    128036          0  0.00%  0.00%  0.00%   0 Load Meter
   3         248       395        627  0.00%  0.00%  0.00%   0 CR10K IPC MSG Pr
   4      428012    384113       1114  0.07%  0.07%  0.07%   0 CR10K NonBlk Xmt
   5       43392     65009        667  0.00%  0.00%  0.00%   0 Check heaps
   6           8       561         14  0.00%  0.00%  0.00%   0 Pool Manager
   7           0         1          0  0.00%  0.00%  0.00%   0 AAA_SERVER_DEADT
   8           0         2          0  0.00%  0.00%  0.00%   0 Timers
   9           0         2          0  0.00%  0.00%  0.00%   0 AAA high-capacit
  10           0     10680          0  0.00%  0.00%  0.00%   0 ARP Input
  11           0         1          0  0.00%  0.00%  0.00%   0 Entity MIB API
  12           0         2          0  0.00%  0.00%  0.00%   0 Serial Backgroun
The following example illustrates memory processor information for the specified slot/subslot/port on the Cisco uBR7100 series router:
Router# show controllers c1/0 memory
                Head    Total(b)     Used(b)     Free(b)   Lowest(b)  Largest(b)
Processor   60F3FB40   185337024     8644376   176692648   176557288   176638828
      I/O    C000000    67108864     6679384    60429480    60429480    60405696
          Processor memory
 Address      Bytes     Prev     Next Ref     PrevF    NextF Alloc PC  what
60F3FB40 0000020004 00000000 60F4498C 001  -------- -------- 60113308  Managed Chunk Queue 
Elements
60F4498C 0000001504 60F3FB40 60F44F94 001  -------- -------- 60126F88  List Elements
60F44F94 0000005004 60F4498C 60F46348 001  -------- -------- 60126FCC  List Headers
60F46348 0000000048 60F44F94 60F463A0 001  -------- -------- 6055D4E4  *Init*
60F463A0 0000000028 60F46348 60F463E4 001  -------- -------- 604C12B4  *Init*
60F463E4 0000000048 60F463A0 60F4643C 001  -------- -------- 6055D4E4  *Init*
60F4643C 0000000200 60F463E4 60F4652C 001  -------- -------- 6014BE28  *Init*
60F4652C 0000004260 60F4643C 60F475F8 001  -------- -------- 60065A2C  TTY data
60F475F8 0000002004 60F4652C 60F47DF4 001  -------- -------- 60069164  TTY Input Buf
For additional information about this and other commands, refer to the following document on Cisco.com:

•Cisco Broadband Cable Command Reference Guide (update posted at FCS)

http://www.cisco.com/en/US/docs/ios/cable/command/reference/cbl_book.html.

show tech-support

Cisco IOS Release 12.3(9a)BC shortens the output of the show tech-support command. This change allows users with large numbers of online cable modems to collect information without consuming the console session for a long period of time.

To display general information about the Cisco CMTS router when reporting a problem to Cisco technical support, use the show tech-support command in privileged EXEC mode.

show tech-support [page] [password] [cef | ipc | ipmulticast | isis | mpls | ospf | rsvp]

Note The show tech-support command automatically displays the output of a number of different show commands. The exact output depends on the platform, configuration, and type of protocols being used.

Note The show tech-support includes most of the information shown in the show cable tech-support command.

Syntax Description

page

(Optional) Causes the output to display a page of information at a time. Use the Return key to display the next line of output or use the space bar to display the next page of information. If not used, the output scrolls (that is, does not stop for page breaks).

password

(Optional) Leaves passwords and other security information in the output. If not used, passwords and other security-sensitive information in the output are replaced with the label "<removed>" (this is the default).

cef

(Optional) Displays information about the Cisco Express Forwarding (CEF) protocol configuration and status.

ipc

(Optional) Displays information about interprocess communications on the Cisco router.

ipmulticast

(Optional) Displays information about the IP multicast configuration and status.

isis

(Optional) Displays information about the Connectionless Network Service (CLNS) and Intermediate System-to-Intermediate System (IS-IS) routing protocol configuration and status.

Note IS-IS support is provided only on CMTS platforms running Cisco IOS images that have a "-p-" as part of the image name.

mpls

(Optional) Displays information about Multiprotocol Label Switching (MPLS) on the Cisco router, which instructs the routers and the switches in the network on where to forward the packets based on preestablished IP routing information.

ospf

(Optional) Displays information about the Open Shortest Path First (OSPF) routing algorithm and status on the Cisco router.

rsvp

(Optional) Displays information about the IP Resource Reservation Protocol (RSVP) configuration and status.

For additional information about this and other commands, refer to the following document on Cisco.com:

•Cisco Broadband Cable Command Reference Guide

http://www.cisco.com/en/US/docs/ios/cable/command/reference/cbl_book.html.

Caveats

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only selected severity 3 caveats are included in the caveats document.

Caveat numbers and brief descriptions for each Cisco IOS Release 12.3(17b)BCx-, 12.3(21a)BCx-, and 12.3(23)BCx-based releases are listed in this section.

Cisco IOS Release 12.3M is the parent release train for Cisco IOS Release 12.3(23)BC5. Unless otherwise noted, Cisco IOS Release 12.3(23)BC5 maintains support for the changes and caveat resolutions introduced in earlier releases of Cisco IOS Release 12.3M.

If you have an account on Cisco.com, you can use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com and click Technical Support: Tools & Utilities: Software BUG TOOLKIT (under Configuration Tools). Another option is to enter the following URL in your web browser or go to http://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl

Open Caveats for Release 12.3(21a)BC9.

There are no open caveats for Cisco IOS Release 12.3(21a)BC9.

Resolved Caveats for Release 12.3(21a)BC9

Table 10 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco 12.3(21a)BC9 release.

Table 10 Resolved Caveats for Cisco IOS Release 12.3(21a)BC9

DDTS ID Number

Description

CSCsh97579

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding.

Cisco has released free software updates that address this vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml.

CSCsq31776

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding. Cisco has released free software updates that address this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml.

CSCsv04836

Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system.

In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities.

Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml.

CSCsx70889

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding.

Cisco has released free software updates that address this vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml.

CSCsy15227

Cisco IOS Software configured with Authentication Proxy for HTTP(S), Web Authentication or the consent feature, contains a vulnerability that may allow an unauthenticated session to bypass the authentication proxy server or bypass the consent webpage.

There are no workarounds that mitigate this vulnerability.

This advisory is posted at the following link:

http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml

Open Caveats for Release 12.3(23)BC8

There are no open caveats for Cisco IOS Release 12.3(23)BC8.

Resolved Caveats for Release 12.3(23)BC8

Table 12 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco 12.3(23)BC8 release.

Table 11 Resolved Caveats for Cisco IOS Release 12.3(23)BC8

DDTS ID Number

Description

CSCsh97579

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding.

Cisco has released free software updates that address this vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml.

CSCsq31776

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding. Cisco has released free software updates that address this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml.

CSCsy15227

Cisco IOS Software configured with Authentication Proxy for HTTP(S), Web Authentication or the consent feature, contains a vulnerability that may allow an unauthenticated session to bypass the authentication proxy server or bypass the consent webpage.

There are no workarounds that mitigate this vulnerability.

This advisory is posted at the following link:

http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml

Open Caveats for Release 12.3(23)BC6

There are no open caveats for Cisco IOS Release 12.3(23)BC6.

Resolved Caveats for Release 12.3(23)BC6

Table 12 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco 12.3(23)BC6 release.

Table 12 Resolved Caveats for Cisco IOS Release 12.3(23)BC6

DDTS ID Number

Description

CSCsv04836

Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system.

In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities.

Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml.

Open Caveats for Release 12.3(23)BC5

Table 13 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco 12.3(23)BC5 release.

Table 13 Open Caveats for Cisco IOS Release 12.3(23)BC5

DDTS ID Number

Description

CSCsu44606

Symptom: Duplicate traps are generated when configuring SNMP traps for cable billing operations.

Workaround: There is no workaround.

CSCsu74681

Symptom: The show cable load-balance command displays details of the wideband cable interfaces (upstream and downstream) twice in the command output.

Condition: This issue is observed in a wideband cable setup with 3.0 DOCSIS cable modems and non-DOCSIS 3.0 cable modems.

Workaround: You can keep track of the aggregate statistics for the interface manually.

CSCsu65409

Symptom: Cable modems are penalized at random for a few seconds into the maintenance window, much before they exceed the traffic limits.

Condition: This occurs in CMTS environments using Subscriber Traffic Management (STM).

Workaround: There is no workaround.

Resolved Caveats for Release 12.3(23)BC5

Table 14 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco 12.3(23)BC5 release.

Table 14 Resolved Caveats for Cisco IOS Release 12.3(23)BC5

DDTS ID Number

Description

CSCsg81770

Symptom: A subinterface with ifIndex=62 does not show up in ifMIB output.

Condition: This occurs during router configuration. If the ifIndex value=62 is assigned to a subinterface (non hardware interface descriptor block (HWIDB)), then the subinterface may not show up in the ifMIB output.

Workaround: Enabling snmp ifindex persist on the router such that ifIndex=62 is assigned to a HWIDB, or configuring the router's interfaces in an order such that ifIndex=62 is assigned to a HWIDB. The router remains in this state until a reload.

CSCsu77134

Symptom: Service class name field is empty in SAMIS records for deleted PCMM flow. SNMP MIB docsQosServiceFlowLogServiceClassName is also empty for these flows.

Workaround: There is no workaround.

Open Caveats for Release 12.3(23)BC4

Table 15 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco 12.3(23)BC4 release.

Table 15 Open Caveats for Cisco IOS Release 12.3(23)BC4

DDTS ID Number

Description

CSCsi43840

Symptom: In the Cisco uBR7246VXR, the Cisco uBR-MC28U line card resets and the crash file is not generated in the bootflash.

Condition: This occurs on a Cisco uBR7246VXR router with multiple Cisco uBR-MC28U line cards and first detected on router is running Cisco IOS release 12.3(17b)BC4 and exists in routers running later Cisco IOS releases.

Workaround: There is no workaround.

CSCsl50455

Symptom: A customer premises equipment (CPE) is deleted from the cable modem termination systems (CMTS) database, and the network connectivity is lost.

Condition: This happens in an MPLS-VPN setup, where cable modem (CM) and CPE are in different virtual private network (VPN) routing/forwarding instances (VRF) and source verification with lease query is enabled.

If a legitimate CPE is removed from the CMTS database, and an upstream packet is initiated from CPE, a lease query is generated by the CMTS and sent to the dynamic host configuration protocol (DHCP) server. The lease query response is received from the DHCP server but, the CMTS fails to add the CPE into the database. As a result, the CPE loses its network connectivity.

Workaround: The CPE has to go through the DHCP cycle again. The CPE is added to the CMTS database and network connectivity at the CPE is restored.

CSCsk97436

Symptom: Spurious memory access traceback is observed.

Condition: This is observed after changing the cable bundle command on a cable interface with a cable bundle that has ip vrf forwarding command configured.

Workaround: Disable multicast on the cable bundle interface.

Resolved Caveats for Release 12.3(23)BC4

There are no resolved caveats for Cisco IOS Release 12.3(23)BC4.

Open Caveats for Release 12.3(21a)BC8

Table 16 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco 12.3(21a)BC8 release.

Table 16 Open Caveats for Cisco IOS Release 12.3(21a)BC8

DDTS ID Number

Description

CSCsi43840

Symptom: In the Cisco uBR7246VXR router, the Cisco uBR-MC28U line card resets and the crash file is not generated in the bootflash.

Condition: This occurs on a Cisco uBR7246VXR router with multiple Cisco uBR-MC28U line cards. This was first detected in a router running Cisco IOS release 12.3(17b)BC4 and later found in routers running later Cisco IOS releases.

Workaround: There is no workaround.

Resolved Caveats for Release 12.3(21a)BC8

Table 17 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco 12.3(21a)BC8 release.

Table 17 Resolved Caveats for Cisco IOS Release 12.3(21a)BC8

DDTS ID Number

Description

CSCso63914

Symptom: The Cisco uBR-MC28U cards are not sending SNMP cable modem on/off traps messages.

Condition: This issue only happens on Cisco uBR-MC28U cable cards and routers configured with bundle subinterface.

Workaround: Use bundle interface rather than subinterface.

CSCsk00618

Symptom: The cable interfaces are in shutdown state.

Condition: This occurs during booting. This issue was first detected in routers running Cisco IOS release 12.3(21a)BC7 and later found in routers running later Cisco IOS releases.

Workaround: There is no workaround.

CSCsl87023

Symptom: Different values of upstream center frequency are seen in the output for show running-config and show controllers commands. The 16 KHz resolution configured on the new line card is not correct.

Condition: This occurs when fixed upstream center frequency is configured.

Workaround: This error is cosmetic and has no effect on the behavior of the line card.

CSCsg91306

Symptom: The access server may reload due to software forced crash, causing memory corruption in the processor memory pool of the router.

Condition: This occurs when SIP and VoIP protocols are configured on the router and the erroneous header field exists in the SIP message.

Workaround: There is no workaround.

CSCso48916

Symptom: The Cisco uBR-MC28U cable interface line card reloads after every software upgrade.

Condition: This occurs during an upgrade.

Workaround: There is no workaround.

CSCsi05373

Symptom: A Cisco uBR7246VXR router may unexpectedly reload due to bus error (Signal = 10, Code = 0x10) and spurious accesses may be observed.

Condition: This issue may occur under the following conditions:

•The router is running Cisco IOS Release 12.3(21)BC. This issue also exists in routers running later Cisco IOS releases

•The cable modems used were exclusively "Scientific Atlanta EPC2203" and have issue to get grant from the router

Workaround: Do not ping or telnet to the modem while a phone call is crossing it.

CSCek52673

Symptom: A router reloads after receiving a malformed UDP packet.

Condition: Dynamic Host Configuration Protocol (DHCP) is enabled on the router.

Workaround: There is no workaround.

CSCsq05487

Symptom: DHCPDISCOVER message received from the client to the cable modem termination systems (CMTS) relay agent fails to reach the CMTS, and the Dynamic Host Configuration Protocol (DHCP) server. As a result, the cable modem fail to complete DHCP, and fails to get online.

Condition: Another router exists between the CMTS relay agent and server.

Workaround: Configure ip proxy-arp on the network interface of the router that faces the CMTS.

CSCso35102

Symptom: Cable modems may not go online on certain upstream interfaces on routers running Cisco IOS Release 12.3(21a)BC6. The modems do not reach the init(rc) state as well.

Condition: The issue is was first detected in routers running Cisco IOS Release 12.3(21a)BC6 and later found in routers running later Cisco IOS releases.

Workaround: Use the shut/no shut command to fix the issue.

CSCsg81770

Symptom: A subinterface with ifIndex=62 does not show up in ifMIB output.

Condition: This occurs during router configuration. If the ifIndex value=62 is assigned to a subinterface (non hardware interface descriptor block (HWIDB)), then the subinterface may not show up in the ifMIB output.

Workaround: Enabling snmp ifindex persist on the router such that ifIndex=62 is assigned to a HWIDB, or configuring the router's interfaces in an order such that ifIndex=62 is assigned to a HWIDB. The router remains in this state until a reload.

CSCsm77199

Symptom: If the HTTP secure server is configured on the switch, the error message "%DATACORRUPTION-1-DATAINCONSISTENCY: copy error" is displayed with tracebacks. This happens after the initialization of the supervisor.

Condition: This occurs when ip http server command is configured.

Workaround: Execute the no ip http server command. The switch functionality is not affected by this error message. The problem is cosmetic.

CSCsj46707

Symptom: Normal operation of the router is suspended during bootup.

Condition: This occurs as a result of a race condition caused by the order of operations in console_init(). The router hangs and gives traceback.

Workaround: There is no workaround.

CSCsq37824

Symptom: Memory overflow risk may occur with string overflow.

Condition: This occurs during source code analysis.

Workaround: There is no workaround.

CSCsh69471

Symptom: AAA accounting requests are being sent with empty user name. The user name is not displayed in the output of show command or the show accounting commands for the affected accounting traffic.

Condition: This occurs when commands are executed from a remote host using remote shell.

Workaround: There is no workaround.

CSCsk42759

Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS that can be exploited remotely to trigger a memory leak or to cause a reload of the Cisco IOS device.

Cisco has released free software updates that address these vulnerabilities. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities addressed in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to provide voice over IP services.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml.

CSCsg91306

Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS that can be exploited remotely to trigger a memory leak or to cause a reload of the Cisco IOS device.

Cisco has released free software updates that address these vulnerabilities. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities addressed in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to provide voice over IP services.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml.

Open Caveats for Release 12.3(23)BC3

Table 18 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco 12.3(23)BC3 release.

Table 18 Open Caveats for Cisco IOS 12.3(23)BC 3 release

DDTS ID Number

Description

CSCsi43840

Symptom: In the Cisco uBR7246VXR, the Cisco uBR-MC28U line card resets and the crash file is not generated in the bootflash.

Condition: This occurs on a Cisco uBR7246VXR router with multiple Cisco uBR-MC28U line cards and router is running Cisco IOS release 12.3(17b)BC4.

Workaround: There is no workaround.

CSCsl50455

Symptom: A customer premises equipment (CPE) is deleted from the cable modem termination systems (CMTS) database, and the network connectivity is lost.

Condition: This happens in an MPLS-VPN setup, where cable modem (CM) and CPE are in different virtual private network (VPN) routing/forwarding instances (VRF) and source verification with lease query is enabled.

If a legitimate CPE is removed from the CMTS database, and an upstream packet is initiated from CPE, a lease query is generated by the CMTS and sent to the dynamic host configuration protocol (DHCP) server. The lease query response is received from the DHCP server but, the CMTS fails to add the CPE into the database. As a result, the CPE loses its network connectivity.

Workaround: The CPE has to go through the DHCP cycle again. The CPE is added to the CMTS database and network connectivity at the CPE is restored.

CSCsk97436

Symptom: Spurious memory access traceback is observed.

Condition: This is observed after changing the cable bundle command on a cable interface with a cable bundle that has ip vrf forwarding command configured.

Workaround: Disable multicast on the cable bundle interface.

Resolved Caveats for Release 12.3(23)BC3

Table 19 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco 12.3(23)BC3 release.

Table 19 Resolved Caveats for Cisco IOS 12.3(23)BC3 release

DDTS ID Number

Description

CSCso63914

Symptom: The Cisco uBR-MC28U cards are not sending SNMP cable modem on/off traps messages.

Condition: This issue only happens on Cisco uBR-MC28U cable cards and routers configured with bundle subinterface.

Workaround: Use bundle interface rather than subinterface.

CSCsl87023

Symptom: Different values of upstream center frequency are seen in while executing show running-config and show controllers commands. The 16 KHz resolution configured on the new linecard is not correct.

Condition: This occurs when fixed upstream center frequency is configured.

Workaround: This error is cosmetic and does not affect the behaviour of the line card.

CSCsm77199

Symptom: If the HTTP secure server is configured on the switch, the error message "%DATACORRUPTION-1-DATAINCONSISTENCY: copy error" is displayed with tracebacks. This happens after the initialization of the supervisor.

Condition: This occurs when ip http server command is configured.

Workaround: Execute the no ip http server command. The switch functionality is not affected by this error message. The problem is cosmetic.

CSCsq37824

Symptom: Memory overflow risk may occur with string overflow.

Condition: This occurs during source code analysis.

Workaround: There is no workaround for this.

Open Caveats for Release 12.3(23)BC2

There are no open caveats for the Cisco IOS 12.3(23)BC2 release.

Resolved Caveats for Release 12.3(23)BC2

Table 20 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(23)BC2 release.

Table 20 Resolved Caveats for Cisco IOS Release 12.3(23)BC2

DDTS ID Number

Description

CSCso81854

Multiple Cisco products are vulnerable to DNS cache poisoning attacks due to their use of insufficiently randomized DNS transaction IDs and UDP source ports in the DNS queries that they produce, which may allow an attacker to more easily forge DNS answers that can poison DNS caches.

To exploit this vulnerability an attacker must be able to cause a vulnerable DNS server to perform recursive DNS queries. Therefore, DNS servers that are only authoritative, or servers where recursion is not allowed, are not affected.

Cisco has released free software updates that address these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml.

This security advisory is being published simultaneously with announcements from other affected organizations.

CSCsm50944

A high CPU value is observed when many host IP addresses of modems are registered with static IP addresses. This is observed when some subinterfaces are configured using cable source-verify command and other subinterfaces in the same bundle are configured using cable source-verify dhcp command.

Workaround: Use cable source-verify dhcp command on both the subinterfaces. As for the static IP addresses, reserve these addresses in the DHCP server.

CSCsg35077

A device that is running Cisco IOS software may crash during processing of an Internet Key Exchange (IKE) message.

Workaround: Customers that do not require IPsec functionality on their devices can use the no crypto isakmp enable command in global configuration mode to disable the processing of IKE messages and eliminate device exposure.

If IPsec is configured, this bug may be mitigated by applying access control lists that limit the hosts or IP networks that are allowed to establish IPsec sessions with affected devices. This assumes that IPsec peers are known. This workaround may not be feasible for remote access VPN gateways where the source IP addresses of VPN clients are not known in advance. ISAKMP uses port UDP/500 and can also use UDP/848 (the GDOI port) when GDOI is in use.

CSCsi95211

The Tunnel maximum transmission unit (MTU) value is reset to 1514 bytes.

This occurs when the ip mtu value that is configured on a tunnel interface is greater than 1514 bytes and an IP address is subsequently assigned to the Tunnel interface.

Workaround: Re-configuring the ip mtu value after the IP address has been configured restores the ip mtu value.

CSCsj85065

A Cisco IOS device may crash while processing an SSL packet. This can happen during the termination of an SSL-based session. The offending packet is not malformed and is normally received as part of the packet exchange.

Cisco has released free software updates that address this vulnerability.

Aside from disabling affected services, there are no available workarounds to mitigate an exploit of this vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml.

Open Caveats for Release 12.3(21a)BC7

There are no open caveats for the Cisco IOS 12.3(21a)BC7 release.

Resolved Caveats for Release 12.3(21a)BC7

Table 21 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(21a)BC7 release.

Table 21 Resolved Caveats for Cisco IOS Release 12.3(21a)BC7

DDTS ID Number

Description

CSCsm50944

A high CPU value is observed when many host IP addresses of modems are registered with static IP addresses. This is observed when some subinterfaces are configured using cable source-verify command and other subinterfaces in the same bundle are configured using cable source-verify dhcp command.

Workaround: Use cable source-verify dhcp command on both the subinterfaces. As for the static IP addresses, reserve these addresses in the DHCP server.

CSCsl82266

Loop occurs between uBR and CNR during leasequery. At the loop condition, you can see several leasequeries per second and after a while, the loop ends automatically.

This issue occurs on following conditions:

•source-verify dhcp is enabled.

•CNR failover setup (Redundant CNR).

•The target IP of the leasequery loop should be a CPE which is connected to currently offline CM and ARP entry for the CPE aged out.

There are no known workarounds.

CSCsk74962

Router is experiencing spurious memory access while running the show buffer assigned dump command.

This issue does not cause any operational problems.

There are no known workarounds.

CSCsl73391

CMTS sysUpTime parameter remains unchanged in IPDR document for all records thus making it unreliable for stop records. Similarly, IPDRcreationTime parameters are the same for interim records and are set to the data collection start time for the IPDR document. These may cause certain accounting issues.

This issue occurs when Subscriber Account Management Interface Specification (SAMIS) feature is used.

Workaround: Poll the DOCS-QOS-MIB object directly.

CSCsl61201

CMTS generates duplicate IPDR records for same service identifier (SID). This creates accounting issues for usage-based billing of cable modems.

This issue occurs on uBR10k and uBR7k platforms running Cisco IOS Release 12.3(17b)BC4 when Subscriber Account Management Interface Specification (SAMIS) feature is used.

CSCsj85065

A Cisco IOS device may crash while processing an SSL packet. This can happen during the termination of an SSL-based session. The offending packet is not malformed and is normally received as part of the packet exchange.

Cisco has released free software updates that address this vulnerability.

Aside from disabling affected services, there are no available workarounds to mitigate an exploit of this vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml.

Open Caveats for Release 12.3(23)BC1

Table 22 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(23)BC1 release.

Table 22 Open Caveats for Cisco IOS Release 12.3(23)BC1

DDTS ID Number

Description

CSCsm50944

A high CPU value is observed when many host IP addresses of modems are registered with static IP addresses. This is observed when some subinterfaces are configured using cable source-verify command and other subinterfaces in the same bundle are configured using cable source-verify dhcp command.

Workaround: Use cable source-verify dhcp command on both the subinterfaces. As for the static IP addresses, reserve these addresses in the DHCP server.

Resolved Caveats for Release 12.3(23)BC1

Table 23 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(23)BC1 release.

Table 23 Resolved Caveats for Cisco IOS Release 12.3(23)BC1

DDTS ID Number

Description

CSCsl73391

CMTS sysUpTime parameter remains unchanged in IPDR document for all records thus making it unreliable for stop records. Similarly, IPDRcreationTime parameters are the same for interim records and are set to the data collection start time for the IPDR document. These may cause certain accounting issues.

This issue occurs when Subscriber Account Management Interface Specification (SAMIS) feature is used.

Workaround: Poll the DOCS-QOS-MIB object directly.

CSCsl61201

CMTS generates duplicate IPDR records for same service identifier (SID). This creates accounting issues for usage-based billing of cable modems.

This issue occurs on uBR10k and uBR7k platforms running Cisco IOS Release 12.3(17b)BC4 when Subscriber Account Management Interface Specification (SAMIS) feature is used.

CSCsd71318

Cisco 2800 series router crashes when the connection to the URL filter server is reset, either due to network congestion or during a warm/cold reload.

This issue occurs with external Websense or N2H2 server.

Workaround: There are no known workarounds for cold/warm reload. For crash due to network congestion or WAN reset, remove the condition that causes the connection to the URL filter to flap.

CSCsk74962

Router is experiencing spurious memory access while running the show buffer assigned dump command.

This issue does not cause any operational problems.

There are no known workarounds.

CSCsh69471

AAA accounting requests are being sent with empty user name. This issue occurs while using the show command to see the executor of the show accounting commands for the affected accounting traffic.

Workaround: No workaround is required as it is only a display issue.

CSCsl32567

When executing show aaa attribute protocol radius command, the router running Cisco IOS may crash or display junk characters.

There are no known workarounds.

CSCsl82266

Loop occurs between uBR and CNR during leasequery. At the loop condition, you can see several leasequeries per second and after a while, the loop ends automatically.

This issue occurs on following conditions:

•source-verify dhcp is enabled.

•CNR failover setup (Redundant CNR).

•The target IP of the leasequery loop should be a CPE which is connected to currently offline CM and ARP entry for the CPE aged out.

There are no known workarounds.

CSCsk70446

Traceback observed while using long URLs to configure a device using the Cisco IOS HTTP web parser.

This issue occurs while trying to configure commands that have a single keyword or parameter greater than N characters in length, where N is:

•50 for Cisco IOS Release 12.0 and above

•128 for Cisco IOS Release 12.2 and above

•256 for Cisco IOS Release 12.2(25) and above

Workaround: Avoid using the Cisco IOS HTTP web parser for commands with long keywords or arguments.

CSCsh29217

Cisco 10000, uBR10012 and uBR7200 series devices use a User Datagram Protocol (UDP) based Inter-Process Communication (IPC) channel that is externally reachable. An attacker could exploit this vulnerability to cause a denial of service (DoS) condition on affected devices. No other platforms are affected.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-ipc.shtml.

Open Caveats for Release 12.3(21a)BC6

Table 24 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(21a)BC6 release.

Table 24 Open Caveats for Cisco IOS Release 12.3(21a)BC6

DDTS ID Number

Description

CSCsl73391

CMTS sysUpTime parameter remains unchanged in IPDR document for all records thus making it unreliable for stop records. Similarly, IPDRcreationTime parameters are the same for interim records and are set to the data collection start time for the IPDR document. These may cause certain accounting issues.

This issue occurs when Subscriber Account Management Interface Specification (SAMIS) feature is used.

Workaround: Poll the DOCS-QOS-MIB object directly.

CSCsl61201

CMTS generates duplicate IPDR records for same service identifier (SID). This creates accounting issues for usage-based billing of cable modems.

This issue occurs on uBR10k and uBR7k platforms running Cisco IOS Release 12.3(17b)BC4 when Subscriber Account Management Interface Specification (SAMIS) feature is used.

CSCsi46184

IOS crashes, when you remove a PCMCIA card that is in use.

Workaround: Do NOT remove the flash card when it is in use.

CSCsk59791

A Cisco router running Cisco IOS Release 12.3(17a)BC2 may have all CM connected on the cable interface go offline.

Workaround: Restart the interface using the shutdown and no shutdown commands.

Resolved Caveats for Release 12.3(21a)BC6

There are no resolved caveats for the Cisco IOS 12.3(21a)BC6 release.

Open Caveats for Release 12.3(21a)BC5

Table 25 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(21a)BC5 release.

Table 25 Open Caveats for Cisco IOS Release 12.3(21a)BC5

DDTS ID Number

Description

CSCsl73391

CMTS sysUpTime parameter remains unchanged in IPDR document for all records thus making it unreliable for stop records. Similarly, IPDRcreationTime parameters are the same for interim records and are set to the data collection start time for the IPDR document. These may cause certain accounting issues.

This issue occurs when Subscriber Account Management Interface Specification (SAMIS) feature is used.

Workaround: Poll the DOCS-QOS-MIB object directly.

CSCsl61201

CMTS generates duplicate IPDR records for same service identifier (SID). This creates accounting issues for usage-based billing of cable modems.

This issue occurs on uBR10k and uBR7k platforms running Cisco IOS Release 12.3(17b)BC4 when Subscriber Account Management Interface Specification (SAMIS) feature is used.

CSCsi46184

IOS crashes, when you remove a PCMCIA card that is in use.

Workaround: Do NOT remove the flash card when it is in use.

CSCsk59791

A Cisco router running Cisco IOS Release 12.3(17a)BC2 may have all CM connected on the cable interface go offline.

Workaround: Restart the interface using the shutdown and no shutdown commands.

Resolved Caveats for Release 12.3(21a)BC5

Table 26 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(21a)BC5 release.

Table 26 Resolved Caveats for Cisco IOS Release 12.3(21a)BC5

DDTS ID Number

Description

CSCsl32567

When executing show aaa attribute protocol radius command, the router running Cisco IOS may crash or display junk characters.

There are no known workarounds.

CSCsk70446

Traceback observed while using long URLs to configure a device using the Cisco IOS HTTP web parser.

This issue occurs while trying to configure commands that have a single keyword or parameter greater than N characters in length, where N is:

•50 for Cisco IOS Release 12.0 and above

•128 for Cisco IOS Release 12.2 and above

•256 for Cisco IOS Release 12.2(25) and above

Workaround: Avoid using the Cisco IOS HTTP web parser for commands with long keywords or arguments.

Open Caveats for Release 12.3(23)BC

Table 27 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(23)BC release.
Table 27 Open Caveats for Cisco IOS Release 12.3(23)BC
DDTS ID Number

Description

CSCsi43840

A 28u Card resets with no unexpected reloads file being generated in bootflash.

This may occur on a router with multiple 28u cards and running 123-17b.BC4.

There are no known workarounds.

CSCsi59988

Downstream prioritization on cable interfaces during cable interface congestion is not working when the default downstream token bucket rate-limiting with shaping scheme is in use.

Workaround: Make use of token bucket limiting without shaping.

CSCsj14143

ifHCOutOctets and ifHCInOctets values retrieved from the IF-MIB are not correct.

There are no known workarounds.

CSCsj81080

Two Cisco uBR7246VXR routers with NPE-G1s both show negative input queue values on the cable interface. The two routers are passing traffic. The bundled virtual interfaces on the devices have a non-decreasing positive input queue.

Workaround: The negative input queue values issue is cosmetic; the interface still passes traffic. The continuously growing input queue on the bundled interface can be cleared by reloading the device.

CSCsk10579

A slow leak may occur on a UBR7200 in the CMTS MAC Parser process.

There are no known workarounds.

CSCsk59791

A Cisco router running Cisco IOS Release 12.3(17a)BC2 may have all CM connected on the cable interface go offline.

Workaround: Use the shut/no shut cable interface.

CSCsk60162

Voice assigned to an Unsolicited Grant Services (UGS) flow is not seen on the sniffer, intercepted packet.

This issue occurs sporadically on an MC28X card.

Workaround: Execute a shut/no shut of the cable interface.

CSCsk97436

After changing the cable bundle <x> command on a cable interface with a cable bundle that has ip vrf forwarding configured, a spurious memory access traceback was observed.

There are no known workarounds.

CSCsl49015

After replacing the MC16 card, they cannot see the interface values return through SNMP.

All the cable interfaces that was involved in hot-swapping had this issue. CU swapped the following:

MC16 to new MC16

MC16 to new MC28

This is different to the bug CSCsc07829 as only the upstream and downstream port indexes for a certain cable interface are not getting registered.

Workaround: Rebooting the device resolved the issue.
CSCsl50133
A uBR7200 will reload with following:
No crashinfo
No tracebacks
Last reload reason: Unknown reason
Last reset from watchdog reset
There are no known workarounds.
CSCsk86886

A Cisco router running IOS version 123(17b)BC8 may reload unexpectedly.

There are no known workarounds.
Resolved Caveats for Release 12.3(23)BC

Table 28 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(23)BC release.
Table 28 Resolved Caveats for Cisco IOS Release 12.3(23)BC
DDTS ID Number

Description

CSCek76143

DOCSIS dynamic state queue can be corrupted and cause a CMTS RP or LC unexpected reload in cmts_get_dyn_transc_state. This is a suspected cause of unexpected reloads in CSCek70406.

This issue occurs with dynamic service flows created in packetcable or non-packetcable environment.

There are no known workarounds.

CSCsd26691

When tdma-atdma docsis mode is configured on the interface, the current reserved value shown on admission control CLI is incorrect.

This issue is observed whenever tdma-atdma is configured.

There are no known workarounds.

CSCsd65958

Packets per second is far greater than bytes per second on some of the line card interfaces, which should not be possible.

This issue occurs when the layer 2 traffic contains broadcast traffic.

There are no known workarounds.

CSCsg46637

When an invalid DSX (DSA, DSD, or DSC) message is received, only a vague message is printed out.

There are no known workarounds.

CSCsh04686

With X25 over TCP (XOT) enabled on a router or catalyst switch, malformed traffic sent to TCP port 1998 will cause the device to reload. This was first observed in IOS 12.2(31)SB2.

Workarounds: Use IPSEC or other tunneling mechanisms to protect XOT traffic. Also, apply ACLs on affected devices so that traffic is only accepted from trusted tunnel endpoints.

CSCsh41532

PCMM volume-based-usage exceeded should send up a gate-report-state but this is not working as expected.

The volume-based-usage counter is supposed to be reset when a modification is made to it on an existing gate. This should send gate-report-state after the new value has been reached. The counter seems to be retaining the original value in a test case.

There are no known workarounds.

CSCsh68970

Samis tries to use bpe address as source address, which result in connection failure.

Neither cable metering source-interface configured, nor loopback interface available; moreover, the bpe address is the highest ip address among the interfaces.

Workaround: Set up the source interface via CLI cable metering source-interface.
CSCsi44396
The maximum number of virtual bundle interfaces that can be created on a CMTS is 40. While trying to create the 41st virtual bundle interface via the CLI command, the following error message is displayed:
Vegas-VXR(config)#int bundle 41
Exceeding maximum number of virtual bundle interfaces allowed: 40                       
^
% Invalid input detected at '^' marker.
Vegas-VXR(config)#
However, by using the following procedure, the CMTS allowed 41 Virtual Bundle Interfaces. The expected result is the CMTS should not allow the 41st virtual bundle interface to be created.

1. Create virtual interface bundle 254 and then assign bundle254 to cable interface 3/0 and 3/1

2. Issue the following command hw-module slot 3 shutdown powered (This powers down the card)

3. Delete virtual interface bundle 254 (no interface bundle 254)

4. Create virtual interface bundle 1-40

5. Bring up the card that was shutdown in step 2 with no hw-module slot 3 shutdown powered

6. You will now see 41 interface bundles.

There are no known workarounds.
CSCsi68543
TLS is working OK right after is configured originally. If TLS is deconfigured and then reactivated again, the corresponding Ethernet interface is not set to promiscuous mode

Before the configuration changes:
show run
cable l2-vpn-service dot1q
cable dot1q-vc-map <#>.<#>.<#> Ethernet<#> <#>
show controllers
Ethernet<#>
<..>
mac_adfilter_cfg = 0x0000000000000E29
Promiscuous mode ON
After the TLS configuration was reapplied:
show run
cable l2-vpn-service dot1q
cable dot1q-vc-map <#>.<#>.<#> Ethernet<#> <#>
show controllers
Ethernet<#>
<..>
mac_adfilter_cfg = 0x0000000000000E28
Promiscuous mode OFF
This issue occurs with TLS configuration.

Workaround: Do not disable TLS once it is enabled.
CSCsl34893

ARP table entries are incorrect for a CPE. This can result in CPE traffic being sent to the wrong modem.

The ARP table issue occurs for CPEs that move from one modem to another or when one CPE goes away and the IP address is allocated to another CPE by the DHCP server.

There are no known workarounds.

CSCsh29217

Cisco 10000, uBR10012 and uBR7200 series devices use a User Datagram Protocol (UDP) based Inter-Process Communication (IPC) channel that is externally reachable. An attacker could exploit this vulnerability to cause a denial of service (DoS) condition on affected devices. No other platforms are affected.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-ipc.shtml.
Open Caveats for Release 12.3(21a)BC4

Table 29 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(21a)BC4 release.
Table 29 Open Caveats for Cisco IOS Release 12.3(21a)BC4
DDTS ID Number

Description

CSCsd26691

When tdma-atdma docsis mode is configured on the interface, the current reserved value shown on admission control CLI is incorrect.

This issue is observed whenever tdma-atdma is configured.

There are no known workarounds.

CSCsg46637

When an invalid DSX (DSA, DSD, or DSC) message is received, only a vague message is printed out.

There are no known workarounds.

CSCsh41532

PCMM volume-based-usage exceeded should send up a gate-report-state but this is not working as expected.

The volume-based-usage counter is supposed to be reset when a modification is made to it on an existing gate. This should send gate-report-state after the new value has been reached. The counter seems to be retaining the original value in a test case.

There are no known workarounds.

CSCsh68970

Samis tries to use bpe address as source address, which result in connection failure.

Neither cable metering source-interface configured, nor loopback interface available; moreover, the bpe address is the highest ip address among the interfaces.

Workaround: Set up the source interface via CLI cable metering source-interface.

CSCsi43840

A 28u Card resets with no unexpected reloads file being generated in bootflash.

This may occur on a router with multiple 28u cards and running 123-17b.BC4.

There are no known workarounds.
CSCsi44396
The maximum number of virtual bundle interfaces that can be created on a CMTS is 40. While trying to create the 41st virtual bundle interface via the CLI command, the following error message is displayed:
Vegas-VXR(config)#int bundle 41
Exceeding maximum number of virtual bundle interfaces allowed: 40                       
^
% Invalid input detected at '^' marker.
Vegas-VXR(config)#
However, by using the following procedure, the CMTS allowed 41 Virtual Bundle Interfaces. The expected result is the CMTS should not allow the 41st virtual bundle interface to be created.

1. Create virtual interface bundle 254 and then assign bundle254 to cable interface 3/0 and 3/1

2. Issue the following command hw-module slot 3 shutdown powered (This powers down the card)

3. Delete virtual interface bundle 254 (no interface bundle 254)

4. Create virtual interface bundle 1-40

5. Bring up the card that was shutdown in step 2 with no hw-module slot 3 shutdown powered

6. You will now see 41 interface bundles.

There are no known workarounds.
CSCsi59988

Downstream prioritization on cable interfaces during cable interface congestion is not working when the default downstream token bucket rate-limiting with shaping scheme is in use.

Workaround: Make use of token bucket limiting without shaping.
CSCsi68543
TLS is working OK right after is configured originally. If TLS is deconfigured and then reactivated again, the corresponding Ethernet interface is not set to promiscuous mode

Before the configuration changes:
show run
cable l2-vpn-service dot1q
cable dot1q-vc-map <#>.<#>.<#> Ethernet<#> <#>
show controllers
Ethernet<#>
<..>
mac_adfilter_cfg = 0x0000000000000E29
Promiscuous mode ON
After the TLS configuration was reapplied:
show run
cable l2-vpn-service dot1q
cable dot1q-vc-map <#>.<#>.<#> Ethernet<#> <#>
show controllers
Ethernet<#>
<..>
mac_adfilter_cfg = 0x0000000000000E28
Promiscuous mode OFF
This issue occurs with TLS configuration.

Workaround: Do not disable TLS once it is enabled.
CSCsi83966
Multiple tracebacks are observed:
313861: Apr 10 07:16:06.784 UTC: %REQGRP-3-SYSCALL: System call for 
command 72 (slot4/0) : Could not send blocked IPC message (Cause: 
timeout)
-Traceback= 6069F510 606B35B0 60C5A09C 60C5B7E0 60C58980 61005A70 
610093CC 60FF9910 6101FE0C 60916AC4 60916AA8
314045: Apr 10 08:16:39.940 UTC: %REQGRP-3-SYSCALL: System call for 
command 42 (slot4/0) : Could not send blocked IPC message (Cause: 
timeout)
-Traceback= 6069F510 606AC4A8 606AEED4 60C898A0 60C89B34 60C5AD40 
60C5B188 60C5B834 60C58980 61005A70 610093CC 60FF9910 6101FE0C 60916AC4 
60916AA8
313868: Apr 10 07:18:35.833 UTC: %REQGRP-3-SYSCALL: System call for 
command 47 (slot4/0) : Could not send blocked IPC message (Cause: 
timeout)
-Traceback= 6069F510 606B3D0C 606B4930 6069D1EC 6053BEC4 60886370 
60897D40 60916AC4 60916AA8
This issue occurs on a Cisco uBR7246VXR router with an MC28U card. BPI and VPN are not configured. No crashinfo is seen on PRE or line card.

Workaround: Reset affected line card with hardware module stop/start.
CSCsj81080

Two Cisco uBR7246VXR routers with NPE-G1s both show negative input queue values on the cable interface. The two routers are passing traffic. The bundled virtual interfaces on the devices have a non-decreasing positive input queue.

Workaround: The negative input queue values issue is cosmetic; the interface still passes traffic. The continuously growing input queue on the bundled interface can be cleared by reloading the device.

CSCsk10579

A slow leak may occur on a UBR7200 in the CMTS MAC Parser process.

There are no known workarounds.

CSCsk17493

A slow memory leak exists in Request di and SNMP ENGINE.

This issue occurs on a router running Cisco IOS Release 12.3(17b)BC4 and the Simple Network Management Protocol (SNMP).

There are no known workarounds.

CSCsk43650

SNMPwalk of docsIfCmtsCmStatusValue does not show results for all the available modems. The deviation can be identified by comparing the results from the command line interface with those from the SNMPwalk.

There are no known workarounds.

CSCsk49540

A line card memory allocation failure is causing a system slowdown. The show cable modem, show run, and show tech commands all experience noticeable performance slowdowns.

This issue occurs because a cable line card is running out of memory; Pool Manager Free shows as 0, and holdong shows a large value.

There are no known workarounds.

CSCsk59791

A Cisco router running Cisco IOS Release 12.3(17a)BC2 may have all CM connected on the cable interface go offline.

Workaround: Use the shut/no shut cable interface.

CSCsk60162

Voice assigned to an Unsolicited Grant Services (UGS) flow is not seen on the sniffer, intercepted packet.

This issue occurs sporadically on an MC28X card.

Workaround: Execute a shut/no shut of the cable interface.

CSCsk86886

A Cisco router running IOS version 123(17b)BC8 may reload unexpectedly.

There are no known workarounds.
Resolved Caveats for Release 12.3(21a)BC4

Table 30 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(21a)BC4 release.
Table 30 Resolved Caveats for Cisco IOS Release 12.3(21a)BC4
DDTS ID Number

Description

CSCsa79984

When using the line subcommand login, it may be possible for a vty to get into a state where the user will not be able to log in to the IOS router. The user will be presented with password followed immediately by "Bad passwords".

The line in this state can be seen with the exec command show line <line number>. In the "Status" line, if "Ctrl-c Enabled" appears, then you may see this problem on that line.

Workaround: To clear this condition follow these sequence of steps.

1. First remove the login from the line.

2. Telnet into the router on the line which is in this state.

3. From enable mode, run the command setup. When prompted with "Continue with configuration dialog", type no.

4. Add the login back to the vty line.

CSCsd65958

Packets per second is far greater than bytes per second on some of the line card interfaces, which should not be possible.

This issue occurs when the layer 2 traffic contains broadcast traffic.

There are no known workarounds.
CSCsg39295
Password information may be displayed in a Syslog message as follows:
%SYS-5-CONFIG_I: Configured from 
scp://userid:password@10.1.1.1/config.txt by console
This issue occurs when using SNMP to modify a configuration by means of the CISCO-CONFIG-COPY-MIB, selection of ConfigCopyProtocol of SCP or FTP may result in the password being exposed in a syslog message.

Workaround: When using SNMP to modify a configuration by means of the CISCO-CONFIG-COPY-MIB, use the ConfigCopyProtocol of RCP to avoid

exposure of the password.
CSCsg58537

The CLI show cable modem <mac/ip> cnr output does not have snr/cnr values. The output shows "-----" instead of snr/cnr, even though traffic is passed through modem.

This issue occurs in when spectrum-group is not configured on Cisco IOS Release 12.3(13a)BC or later.

Workaround: Use show cable modem <mac/ip> phy command to monitor the snr value.

CSCsi91974

With STM1.0, the cable modem can be set in penalty even during Offpeak periods.

This issue occurs on a Cisco router running Cisco IOS Release 12.3(17b)BC5. This issue is not seen in Cisco IOS Release 12.3(13)BC.

There are no known workarounds.

CSCsj14143

ifHCOutOctets and ifHCInOctets values retrieved from the IF-MIB are not correct.

There are no known workarounds.

CSCsj43368

IP connectivity issues or observed when running Baseline Privacy Interface (BPI).

This issue occurs when running Cisco IOS Release 12.3(21a)BC1 using an MC16U card.

Workaround: Downgrade to Cisco IOS Release 12.3(13a)BC6.
CSCsj66692
Data corruption copy error tracebacks are seen on the console or output from the show logging command:
%DATACORRUPTION-1-DATAINCONSISTENCY: copy error,  -PC= 0x41224EFC,  -
Traceback= 0x4153A7D0 0x4155BA0C 0x4157FAF0 0x41224EFC 0x41DDC0A8 
0x41DDC198 
0x41DC6D84 0x41DF3B0C 0x41DC506C 0x41DCE5A4 0x41D91AF8 0x41D90F88 
0x41D9BEFC 
0x41D9C0C0 0x41DAEA68 
Refer to CSCsj44081 for more information.

There are no known workarounds.
CSCsj74381
A UBR that uses 127.x.x.x prefixes for internal management will include these prefixes in its LDP/TDP address and label mapping messages. Peering routers that have a fix for CSCdx08804 or CSCdx88897 will display error messages such as the following:
%TAGCON-3-TDPID: peer 192.168.254.253:0, TDP Id/Addr mapping problem 
(rcvd invalid address in TDP
address PIE, ignored)
%TAGCON-3-TDPID: peer 192.168.254.253:0, TDP Id/Addr mapping problem 
(rcvd TDP address PIE, bind failed)
%TIB-3-REMOTETAG: 127.3.0.0/255.255.0.0, peer 192.168.254.253:0; tag 1; 
add tag failure
The error messages are harmless. They indicate that the peer has advertised invalid host/network IP addresses, and the receiving router has accordingly ignored the associated advertisements.

There are no known workarounds.
CSCsk10639

CMTS router received an ARP packet with zero mac-addr for source. CMTS asked IOS software not to create an ARP entry. IOS software still goes ahead and creates an ARP entry with zero mac-addr.

This issue occurs when a virus attack has been mounted on the CMTS.

There are no known workarounds.

CSCsk19693

When cable source-verify dhcp is configured on the bundle interface and a static IP is assigned to a CPE behind a cable modem, the CMTS fails to send a dhcp lease-query and the CPE is able to get network access

Workaround: Move layer 3 configuration from a bundle interface to a subinterface. For example, remove ip address, dhcp, and cable source-verify configuration from "interface bundle 1" to "interface bundle 1.1".

CSCsk27453

The show cable modem vendor summary total clc command does not display any totals.

There are no known workarounds.

CSCsk85060

Replicated packets for LI so that when configured by the cable intercept CLI command, it will not always have the same number of bytes included in the MAC header.

This issue occurs when Mediation Devices and collection functions at law enforcement cannot decode replicated packets when packet replication is done using the cable intercept command. Depending upon the VoIP call, different numbers of bytes are included in the MAC header portion.

There are no known workarounds.
Open Caveats for Release 12.3(21a)BC3

Table 31 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(21a)BC3 release.
Table 31 Open Caveats for Cisco IOS Release 12.3(21a)BC3
DDTS ID Number

Description

CSCeh33888

A Cisco router may reload with Last reset from the watchdog reset.

This issue may occur when the router has an NPE-G1 processor board and is running Cisco IOS 12.3(9a)BC.

There are no known workarounds.

CSCek70406

MC28U line cards can unexpectedly reload in cmts_get_dyn_transc_state.

This issue occurs when dynamic service flows are created in packetcable or non-packetcable environment.

There are no known workarounds.

CSCek76143

DOCSIS dynamic state queue can be corrupted and cause a CMTS RP or LC unexpected reload in cmts_get_dyn_transc_state. This is a suspected cause of unexpected reloads in CSCek70406.

This issue occurs with dynamic service flows created in packetcable or non-packetcable environment.

There are no known workarounds.

CSCsd26691

When tdma-atdma docsis mode is configured on the interface, the current reserved value shown on admission control CLI is incorrect.

This issue is observed whenever tdma-atdma is configured.

There are no known workarounds.

CSCsg13683

Dynamic Service Change (DSC) refresh messages cause out-of-order downstream (DS) voice packets.

There are no known workarounds.

CSCsg46637

When an invalid DSX (DSA, DSD, or DSC) message is received, only a vague message is printed out.

There are no known workarounds.

CSCsg58537

The CLI show cable modem <mac/ip> cnr output does not have snr/cnr values. The output shows "-----" instead of snr/cnr, even though traffic is passed through modem.

This issue occurs in when spectrum-group is not configured on Cisco IOS Release 12.3(13a)BC or later.

Workaround: Use show cable modem <mac/ip> phy command to monitor the snr value.

CSCsh41532

PCMM volume-based-usage exceeded should send up a gate-report-state but this is not working as expected.

The volume-based-usage counter is supposed to be reset when a modification is made to it on an existing gate. This should send gate-report-state after the new value has been reached. The counter seems to be retaining the original value in a test case.

There are no known workarounds.

CSCsh68970

Samis tries to use bpe address as source address, which result in connection failure.

Neither cable metering source-interface configured, nor loopback interface available; moreover, the bpe address is the highest ip address among the interfaces.

Workaround: Set up the source interface via CLI cable metering source-interface.
CSCsi44396
The maximum number of virtual bundle interfaces that can be created on a CMTS is 40. While trying to create the 41st virtual bundle interface via the CLI command, the following error message is displayed:
Vegas-VXR(config)#int bundle 41
Exceeding maximum number of virtual bundle interfaces allowed: 40                       
^
% Invalid input detected at '^' marker.
Vegas-VXR(config)#
However, by using the following procedure, the CMTS allowed 41 Virtual Bundle Interfaces. The expected result is the CMTS should not allow the 41st virtual bundle interface to be created.

1. Create virtual interface bundle 254 and then assign bundle254 to cable interface 3/0 and 3/1

2. Issue the following command hw-module slot 3 shutdown powered (This powers down the card)

3. Delete virtual interface bundle 254 (no interface bundle 254)

4. Create virtual interface bundle 1-40

5. Bring up the card that was shutdown in step 2 with no hw-module slot 3 shutdown powered

6. You will now see 41 interface bundles.

There are no known workarounds.
CSCsi59988

Downstream prioritization on cable interfaces during cable interface congestion is not working when the default downstream token bucket rate-limiting with shaping scheme is in use.

Workaround: Make use of token bucket limiting without shaping.
CSCsi68543
TLS is working OK right after is configured originally. If TLS is deconfigured and then reactivated again, the corresponding Ethernet interface is not set to promiscuous mode

Before the configuration changes:
show run
cable l2-vpn-service dot1q
cable dot1q-vc-map <#>.<#>.<#> Ethernet<#> <#>
show controllers
Ethernet<#>
<..>
mac_adfilter_cfg = 0x0000000000000E29
Promiscuous mode ON
After the TLS configuration was reapplied:
show run
cable l2-vpn-service dot1q
cable dot1q-vc-map <#>.<#>.<#> Ethernet<#> <#>
show controllers
Ethernet<#>
<..>
mac_adfilter_cfg = 0x0000000000000E28
Promiscuous mode OFF
This issue occurs with TLS configuration.

Workaround: Do not disable TLS once it is enabled.
CSCsi78768
Modems that are online may not be able to be polled through the CLI show cable modem.

The following message may be seen:
System called for common <xx>; slot <x/y>, could not send blocked IPC 
message
%REQGRP-3-SYSCALL: System call for command <xx> (slotx/y)
: Could not send blocked IPC message (Cause: timeout)
-Traceback= <values omitted>
If the CMTS tries to reload the router through the CLI, a message will indicate that it cannot reload because it is updating the startup configuration:
CMTS1#reload
Proceed with reload? [confirm]
The startup configuration is currently being updated. Try again.
This issue has been observed on 12.3(17b)BC4 & 12.3(21)BC.

Workaround: Reload the CMTS on sight.
CSCsi83966
Multiple tracebacks are observed:
313861: Apr 10 07:16:06.784 UTC: %REQGRP-3-SYSCALL: System call for 
command 72 (slot4/0) : Could not send blocked IPC message (Cause: 
timeout)
-Traceback= 6069F510 606B35B0 60C5A09C 60C5B7E0 60C58980 61005A70 
610093CC 60FF9910 6101FE0C 60916AC4 60916AA8
314045: Apr 10 08:16:39.940 UTC: %REQGRP-3-SYSCALL: System call for 
command 42 (slot4/0) : Could not send blocked IPC message (Cause: 
timeout)
-Traceback= 6069F510 606AC4A8 606AEED4 60C898A0 60C89B34 60C5AD40 
60C5B188 60C5B834 60C58980 61005A70 610093CC 60FF9910 6101FE0C 60916AC4 
60916AA8
313868: Apr 10 07:18:35.833 UTC: %REQGRP-3-SYSCALL: System call for 
command 47 (slot4/0) : Could not send blocked IPC message (Cause: 
timeout)
-Traceback= 6069F510 606B3D0C 606B4930 6069D1EC 6053BEC4 60886370 
60897D40 60916AC4 60916AA8
This issue occurs on a router with MC28U card. BPI and VPN are not configured. No crashinfo is seen on PRE or line card.

Workaround: Reset affected line card with hardware module stop/start.
CSCsi91974

With STM1.0, the CM can be set in penalty even during Offpeak period.

This issue occurs on a router running 12.3(17b)BC5. This issue is not seen in 12.3(13)BC.

There are no known workarounds.

CSCsj43368

IP connectivity issues or observed when running BPI.

This issue occurs when running Cisco IOS Release 12.3(21a)BC1 using MC16U.

Workaround: Downgrade to Cisco IOS Release 12.3(13a)BC6.
CSCsj56573
A Cisco uBR7246VXR (UBR7200-NPE-G1) with disk2:ubr7200-ik9su2-mz.123-17b.BC4.bin Crashed with the following:
IOS (tm) 7200 Software (UBR7200-IK9SU2-M), Version 12.3(17b)BC4, 
RELEASE
SOFTWARE (fc1)
074243: Jul  1 03:41:27.042 UTC: %SYS-3-OVERRUN: Block overrun at
634F8418 (red zone 00000000)
-Traceback= 6092C0D4 6092CCE4 6092E554 6092E7A4
074244: Jul  1 03:41:27.042 UTC: %SYS-6-MTRACE: mallocfree: addr, pc
 669319D4,60939814 669319D4,30000052 669319D4,60939D80 
669319D4,60939814
 669319D4,30000052 669319D4,60939D80 6693232C,60AD5728 
66932708,60000638
074245: Jul  1 03:41:27.042 UTC: %SYS-6-MTRACE: mallocfree: addr, pc
 669326A0,60AD5720 669327FC,600005BE 66932708,5000003C 
669327A8,60FFA024
 6693293C,6000051E 669327FC,50000062 669328E8,60FFA024 
66934CD0,60000288
074246: Jul  1 03:41:27.042 UTC: %SYS-6-BLKINFO: Corrupted redzone blk
634F8418, words 131072, alloc 604FC9D4, InUse, dealloc 0, rfc
nt 1
-Traceback= 60922818 6092C0E8 6092CCE4 6092E554 6092E7A4
074247: Jul  1 03:41:27.042 UTC: %SYS-6-MEMDUMP: 0x634F8418: 0xAB1234CD
0xFFFFFFFE 0x0 0x61A5B1C0
074248: Jul  1 03:41:27.042 UTC: %SYS-6-MEMDUMP: 0x634F8428: 0x604FC9D4
0x63538440 0x634B8400 0x80020000
074249: Jul  1 03:41:27.042 UTC: %SYS-6-MEMDUMP: 0x634F8438: 0x1 0x0 
0x0
0x0
%Software-forced reload
03:41:27 UTC Sun Jul 1 2007: Breakpoint exception, CPU signal 23, PC =
0x6094872C
--------------------------------------------------------------------
   Possible software fault. Upon reccurence,  please collect
   crashinfo, "show tech" and contact Cisco Technical Support.
--------------------------------------------------------------------
PC Value for redzone is: cmts_bundle_mcast_init(0x604fc998)+0x3c
This issue occurs under the following conditions:
cisco uBR7246VXR (UBR7200-NPE-G1) with
ubr7200-ik9su2-mz.123-17b.BC4.bin
CRASH : 
074243: Jul  1 03:41:27.042 UTC: %SYS-3-OVERRUN: Block overrun at
634F8418 (red zone 00000000)
-Traceback= 6092C0D4 6092CCE4 6092E554 6092E7A4
There are no known workarounds.
CSCsj74381
A UBR that uses 127.x.x.x prefixes for internal management will include these prefixes in its LDP/TDP address and label mapping messages. Peering routers that have a fix for CSCdx08804 or CSCdx88897 will display error messages such as the following:
%TAGCON-3-TDPID: peer 192.168.254.253:0, TDP Id/Addr mapping problem 
(rcvd invalid address in TDP
address PIE, ignored)
%TAGCON-3-TDPID: peer 192.168.254.253:0, TDP Id/Addr mapping problem 
(rcvd TDP address PIE, bind failed)
%TIB-3-REMOTETAG: 127.3.0.0/255.255.0.0, peer 192.168.254.253:0; tag 1; 
add tag failure
The error messages are harmless. They indicate that the peer has advertised invalid host/network IP addresses, and the receiving router has accordingly ignored the associated advertisements.

There are no known workarounds.
Resolved Caveats for Release 12.3(21a)BC3

Table 32 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(21a)BC3 release.
Table 32 Resolved Caveats for Cisco IOS Release 12.3(21a)BC3
DDTS ID Number

Description

CSCed95187

RST packets may contain a non-randomized identification value on the IP header.

This issue is observed on a Cisco platform that receives a TCP SYN packet on a non-listening port.

There are no known workarounds.

CSCeh48684

Identification field is always 0 in the tacacs+ packet with SYN flag. The tacacs packet goes from a cat6509 through a FW to the AAA server. The FW construes this as a Fragment Overlap Attack and drops additional new connections.

There are no known workarounds.

CSCsb79076

%SYS-3-TIMERNEG errors and tracebacks are observed while making MGCP RSVP calls on a analog (RGW) setups.

This is observed in 12.4(3.9)T1 IOS version.

There are no known workarounds.

CSCsh92986

The latency for the RSH command could increase when they are flowing through an FWSM module.

The following issue was observed on an FWSM that is running 2.2 software: (1) The long delay was triggered by using either Cisco IOS Release 12.3(13a)BC1 or (2) Release 12.3(17a)BC1 on routers toward which those RSH commands were sent.

Workaround: Either bypass the FWSM module or downgrade to Cisco IOS Release 12.3(9a)BC3, which is not affected by this extra delay issue.

CSCsi69173

A certain sequence of upstream connector commands appears to be able to put an upstream channel in a state where it will not come "up" until the cable line card or CMTS is reset.

Workaround: Always ensure that before any manipulation of cable upstream connector commands takes place, that any involved connectors are totally disassociated from upstream channels before configurations changes occur.

CSCsi70106

In some circumstances the "Curr Resv" / Current Reservation counter for Best Effort traffic does not decrease when modems with a reservation are moved away from an upstream channel by dynamic load balancing.

There are no known workarounds.
CSCsi78162
A router that has the SNASwitch feature enabled may generate several of the following messages along with tracebacks:
%DATACORRUPTION-1-DATAINCONSISTENCY: copy of xx bytes should be xx 
bytes
This issue is observed on a Cisco router that runs a Cisco IOS software image that contains the fix for caveat CSCsh87705. A list of the affected releases can be found at: http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsh87705.

Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.

There are no known workarounds.
CSCsj05744

System crash when the piggy back, fragmentation, multi grants and rate limit are enabled on the upstream.

Workaround: As the test piggy back and multi grants are only be enabled by the test command, and those commands are not documented in the user documents, keep them not be used in the field.

CSCsj06951

Traceback is seen on the terminal.

This issue is seen when configuring user-locale and generating a CNF file under telephony-service.

There are no known workarounds.

CSCsj13380

Data corruption messages may be displayed, and show isdn active may show incorrect information for calling number on outgoing calls.

This problem is inconsistent, and shows up most frequently with the isdn test call command.

There are no known workarounds.
CSCsj16292
Following an upgrade to 12.2(18)SXF9, the following message may be displayed:
%DATACORRUPTION-1-DATAINCONSISTENCY: copy error
-Traceback= 
This message may appear as a result of SNMP polling of PAgP variables, but does not appear to be service impacting.

There are no known workarounds.
CSCsj18014

A caller ID may be received with extra characters.

This issue is observed when caller ID is enabled on both routers and when the station ID and station name are configured on the FXS side.

There are no known workarounds.
CSCsj26808
When trying to snmpwalk docsIfCmtsCmStatusMacAddress, the device does not get the MAC address associated with the node.

The port the node is on is:
UBR 1 card 5
Downstream 0
Upstream 0, 1, & 2
This issue occurs during normal customer use.
Root cause of the issue is the erratic "total active devices" of 
Cable5/0.
------------------ show interface Cable5/0 downstream 
------------------
Cable5/0: Downstream is up
     3810767406 packets output, 2447284803 bytes, 3584 discarded
     0 output errors
     -594 total active devices, 311 active modems      <=========== The 
negative devices counter will make the snmp code skip all entries on 
C5/0.
        Total downstream bandwidth: 42884 Kbps
        Total downstream reserved/reservable bandwidth: 1177/38595 Kbps
        Estimated usable bandwidth: 37500 Kbps
        Worst case latency for low latency queue: 0 usecs
        Current Upper limit for worst case latency: 0 usecs
        Ranging lists counts
     Maintainence list 310, max 312
     Continous list 1, max 10
     Pending list 0, max 3
There are no known workarounds.
CSCsj43430

DS PHS suppression does not occur on the router.

There are no known workarounds.
Open Caveats for Release 12.3(21a)BC2

Table 33 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(21a)BC2 release.
Table 33 Open Caveats for Cisco IOS Release 12.3(21a)BC2
DDTS ID Number

Description

CSCeh33888

A Cisco router may reload with Last reset from the watchdog reset.

This issue may occur when the router has a NPE-G1 processor board and is running Cisco IOS 12.3(9a)BC.

There are no known workarounds.

CSCek70406

MC28U line cards can unexpectedly reload in cmts_get_dyn_transc_state.

This issue occurs when dynamic service flows are created in packetcable or non-packetcable environment.

There are no known workarounds.

CSCek76143

DOCSIS dynamic state queue can be corrupted and cause a CMTS RP or LC unexpected reload in cmts_get_dyn_transc_state. This is a suspected cause of unexpected reloads in CSCek70406.

This issue occurs with dynamic service flows created in packetcable or non-packetcable environment.

There are no known workarounds.

CSCsd26691

When tdma-atdma docsis mode is configured on the interface, the current reserved value shown on admission control CLI is incorrect.

This issue is observed whenever tdma-atdma is configured.

There are no known workarounds.

CSCsg46637

When an invalid DSX (DSA, DSD, or DSC) message is received, only a vague message is printed out.

There are no known workarounds.

CSCsh41532

PCMM volume-based-usage exceeded should send up a gate-report-state but this is not working as expected.

The volume-based-usage counter is supposed to be reset when a modification is made to it on an existing gate. This should send gate-report-state after the new value has been reached. The counter seems to be retaining the original value in a test case.

There are no known workarounds.

CSCsh68970

Samis tries to use bpe address as source address, which result in connection failure.

Neither cable metering source-interface configured, nor loopback interface available; moreover, the bpe address is the highest ip address among the interfaces.

Workaround: Set up the source interface via CLI cable metering source-interface.

CSCsi06219

Modems with UGS flows are moved after a while, even though the default of no move in 123(17)BC was not changed.

There are no known workarounds.

CSCsi43840

A 28u Card resets with no unexpected reloads file being generated in bootflash.

This may occur on a router with multiple 28u cards and running 123-17b.BC4.

There are no known workarounds.
CSCsi44396
The maximum number of virtual bundle interfaces that can be created on a CMTS is 40. While trying to create the 41st virtual bundle interface via the CLI command, the following error message is displayed:
Vegas-VXR(config)#int bundle 41
Exceeding maximum number of virtual bundle interfaces allowed: 40                       
^
% Invalid input detected at '^' marker.
Vegas-VXR(config)#
However, by using the following procedure, the CMTS allowed 41 Virtual Bundle Interfaces. The expected result is the CMTS should not allow the 41st virtual bundle interface to be created.

1. Create virtual interface bundle 254 and then assign bundle254 to cable interface 3/0 and 3/1

2. Issue the following command hw-module slot 3 shutdown powered (This powers down the card)

3. Delete virtual interface bundle 254 (no interface bundle 254)

4. Create virtual interface bundle 1-40

5. Bring up the card that was shutdown in step 2 with no hw-module slot 3 shutdown powered

6. You will now see 41 interface bundles.

There are no known workarounds.
CSCsi48575

A mc28u card unexpected reload is related to the pointer in the IOS related to arp filters.

This issue occurs on a router running 12.3(17b)BC4 with 28u cards.

There are no known workarounds.

CSCsi59988

Downstream prioritization on cable interfaces during cable interface congestion is not working when the default downstream token bucket rate-limiting with shaping scheme is in use.

Workaround: Make use of token bucket limiting without shaping.
CSCsi68543
TLS is working OK right after is configured originally. If TLS is deconfigured and then reactivated again, the corresponding Ethernet interface is not set to promiscuous mode

Before the configuration changes:
show run
cable l2-vpn-service dot1q
cable dot1q-vc-map <#>.<#>.<#> Ethernet<#> <#>
show controllers
Ethernet<#>
<..>
mac_adfilter_cfg = 0x0000000000000E29
Promiscuous mode ON
After the TLS configuration was reapplied:
show run
cable l2-vpn-service dot1q
cable dot1q-vc-map <#>.<#>.<#> Ethernet<#> <#>
show controllers
Ethernet<#>
<..>
mac_adfilter_cfg = 0x0000000000000E28
Promiscuous mode OFF
This issue occurs with TLS configuration.

Workaround: Do not disable TLS once it is enabled.
CSCsi69173

A certain sequence of upstream connector commands appears to be able to put an upstream channel in a state where it will not come "up" until the cable line card or CMTS is reset.

Workaround: Always ensure that before any manipulation of cable upstream connector commands takes place, that any involved connectors are totally disassociated from upstream channels before configurations changes occur.
CSCsi78768
Modems that are online may not be able to be polled through the CLI show cable modem.

The following message may be seen:
System called for common <xx>; slot <x/y>, could not send blocked IPC 
message
%REQGRP-3-SYSCALL: System call for command <xx> (slotx/y)
: Could not send blocked IPC message (Cause: timeout)
-Traceback= <values omitted>
If the CMTS tries to reload the router through the CLI, a message will indicate that it cannot reload because it is updating the startup configuration:
CMTS1#reload
Proceed with reload? [confirm]
The startup configuration is currently being updated. Try again.
This issue has been observed on 12.3(17b)BC4 & 12.3(21)BC.

Workaround: Reload the CMTS on sight.
CSCsi83966
Multiple tracebacks are observed:
313861: Apr 10 07:16:06.784 UTC: %REQGRP-3-SYSCALL: System call for 
command 72 (slot4/0) : Could not send blocked IPC message (Cause: 
timeout)
-Traceback= 6069F510 606B35B0 60C5A09C 60C5B7E0 60C58980 61005A70 
610093CC 60FF9910 6101FE0C 60916AC4 60916AA8
314045: Apr 10 08:16:39.940 UTC: %REQGRP-3-SYSCALL: System call for 
command 42 (slot4/0) : Could not send blocked IPC message (Cause: 
timeout)
-Traceback= 6069F510 606AC4A8 606AEED4 60C898A0 60C89B34 60C5AD40 
60C5B188 60C5B834 60C58980 61005A70 610093CC 60FF9910 6101FE0C 60916AC4 
60916AA8
313868: Apr 10 07:18:35.833 UTC: %REQGRP-3-SYSCALL: System call for 
command 47 (slot4/0) : Could not send blocked IPC message (Cause: 
timeout)
-Traceback= 6069F510 606B3D0C 606B4930 6069D1EC 6053BEC4 60886370 
60897D40 60916AC4 60916AA8
This issue occurs on a router with MC28U card. BPI and VPN are not configured. No crashinfo is seen on PRE or line card.

Workaround: Reset affected line card with hardware module stop/start.
CSCsi91974

With STM1.0, the CM can be set in penalty even during Offpeak period.

This issue occurs on a router running 12.3(17b)BC5. This issue is not seen in 12.3(13)BC.

There are no known workarounds.

CSCsi96501

Objects from docsQosParamSetEntry are causing loop when polling the table with snmpwalk. The RESPONSE to a GET-NEXT gives a lower index.

This issue has been seen for the objects docsQosParamSetServiceClassName and docsQosParamSetMaxTrafficRate

This has been seen on a router running Cisco IOS Software version 12.3(21)BC

There are no known workarounds.
Resolved Caveats for Release 12.3(21a)BC2

Table 34 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(21a)BC2 release.

Table 34 Resolved Caveats for Cisco IOS Release 12.3(21a)BC2

DDTS ID Number

Description

CSCeg62070

Tracebacks or unexpected reloads are seen during a HTTP transactions with long URLs.

The unexpected reload is seen when the length of any token in the URL of the request is excessively long.

Workaround: Disable HTTP server using the no ip http server command.

CSCsd81407

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

•Session Initiation Protocol (SIP)

•Media Gateway Control Protocol (MGCP)

•Signaling protocols H.323, H.254

•Real-time Transport Protocol (RTP)

•Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCse56501

A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.

Cisco is providing fixed software to address this issue. There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml.

CSCsf08998

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

•Session Initiation Protocol (SIP)

•Media Gateway Control Protocol (MGCP)

•Signaling protocols H.323, H.254

•Real-time Transport Protocol (RTP)

•Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCsg40567

Malformed SSL packets may cause a router to leak multiple memory blocks.

This issue is observed on a Cisco router that has the ip http secure server command enabled.

Workaround: Disable the ip http secure server command.

CSCsh14796

Under the DOCSIS1.1 or DOCSISI 2.0 model, the CMTS cannot trigger the CM to re-send SA-MAP/TEK request unless the CM is reset or the CPE re-starts the multicast session by IGMP-leave and IGMP-join again.

There are no known workarounds.

CSCsh59672

Cable filter groups are not correctly updated in the MC28U cable line card if changes are made in the command line interface (CLI).

Specific test cases concerned the IP TOS filtering capabilities:

•Cable filter group 2 is initially configured to block IP TOS 0x40.

•The cable filter is then changed to filter based on IP TOS 0x20.

•Show cable filter group command from CLI indicates that the changed has been made.

•Same command on the MC28U indicates that is was not changed. The original value of 0x40 remains.

•To complicate matters more, the filter group work correctly in Cisco IOS Release 12.3(17b)BC4 despite the discrepancy between CLI and CLC. However, in the upcoming Cisco IOS Release 12.3(21)BC release, they do not. The filter behaves based on the CLC configuration, which never updates unless the cable modem termination system (CMTS) is rebooted after a configuration change is made.

There are no known workarounds.

CSCsi01470

A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.

CSCsi01961

A slow leak may occur on a router in the CMTS MAC Parser process.

There are no known workarounds.

CSCsi17390

Certain Cable commands are unavailable underneath the cable interface:

no cable arp

no cable proxy

cable arp filters

cable dhcp-giaddr policy/primary

The IOS will not print out that the commands have been removed or a unsupported after bootup. The commands will just be missing.

This issue occurs on a uBR7100 running 12.3(21)BC.

Workaround: Configuring sub-interfaces will allow you to configure:

no cable arp

no cable proxy

cable dhcp-giaddr policy/primary

Cable bundle interface- virtual interfaces are not supported.

CSCsi32107

During normal operations, a bus error forced reload occurs due to SNMP activity on the router.

There are no known workarounds.

CSCsi33899

The CMTS unexpected reloads when snmp set the cdxCmtsCmQosProfile.

This issue occurs when setting the cdxCmtsCmQosProfile with boundary value 16383.

Workaround: Do not set the cdxCmtsCmQosProfile with value bigger than 255.

CSCsi41855

The router unexpected reloads when 28U card OIR/test reloads while polling ccsFlapEntry.

This issue occurs when the OIR/LC unexpected reloads.

There are no known workarounds.

CSCsi74305

GigE promiscuous mode reset.

This issue is seen when removing and re-adding a TLS configuration.

There are no known workarounds.

Open Caveats for Release 12.3(21a)BC1

Table 35 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(21a)BC1 release.

Table 35 Open Caveats for Cisco IOS Release 12.3(21a)BC1

DDTS ID Number

Description

CSCeh33888

A Cisco router may reload with Last reset from the watchdog reset.

This issue may occur when the router has a NPE-G1 processor board and is running Cisco IOS 12.3(9a)BC.

There are no known workarounds.

CSCej89390

On a CMTS platform with MC28U/MC16U cable line cards, if a CLC interface has bundle slave configured, and the interface bundle slave is brought in/out of bundle slave cfg, CMTS features like "cable source-verify dhcp" and "cable arp" will not work properly.

There are no known workarounds.

CSCek70406

MC28U line cards can unexpectedly reload in cmts_get_dyn_transc_state.

This issue occurs when dynamic service flows are created in packetcable or non-packetcable environment.

There are no known workarounds.

CSCsd26691

When tdma-atdma docsis mode is configured on the interface, the current reserved value shown on admission control CLI is incorrect.

This issue is observed whenever tdma-atdma is configured.

There are no known workarounds.

CSCsd92405

A router crashes when receiving multiple malformed Transparent LAN Service (TLS) and/or Secure Socket Layer (SSL) 3 finished messages. A valid user name and password are not required for the crash to occur.

This issue occurs when a router has an Hypertext Transport Protocol (HTTP) secure server enabled and has an open, unprotected HTTP port.

Workaround: There are no known workarounds. You can minimize the chances of the condition occurring by permitting only legitimate hosts to access HTTP on the router.

CSCse11646

Spurious memory access are produced when monitoring MAC packets with the DSG configuration.

There are no known workarounds.

CSCsg46637

When an invalid DSX (DSA, DSD, or DSC) message is received, only a vague message is printed out.

There are no known workarounds.

CSCsh14796

Under the DOCSIS1.1 or DOCSISI 2.0 model, the CMTS cannot trigger the CM to res-end SA-MAP/TEK request unless the CM is reset or the CPE re-starts the multicast session by IGMP-leave and IGMP-join again.

There are no known workarounds.

CSCsh41532

PCMM volume-based-usage exceeded should send up a gate-report-state but this is not working as expected.

The volume-based-usage counter is supposed to be reset when a modification is made to it on an existing gate. This should send gate-report-state after the new value has been reached. The counter seems to be retaining the original value in a test case.

There are no known workarounds.

CSCsh59672

Cable filter groups are not correctly updated in the MC28U cable line card if changes are made in the command line interface (CLI).

Specific test cases concerned the IP TOS filtering capabilities:

•Cable filter group 2 is initially configured to block IP TOS 0x40.

•The cable filter is then changed to filter based on IP TOS 0x20.

•Show cable filter group command from CLI indicates that the changed has been made.

•Same command on the MC28U indicates that is was not changed. The original value of 0x40 remains.

•To complicate matters more, the filter group work correctly in Cisco IOS Release 12.3(17b)BC4 despite the discrepancy between CLI and CLC. However, in the upcoming Cisco IOS Release 12.3(21)BC release, they do not. The filter behaves based on the CLC configuration, which never updates unless the cable modem termination system (CMTS) is rebooted after a configuration change is made.

There are no known workarounds.

CSCsh68970

Samis tries to use bpe address as source address, which result in connection failure.

Neither cable metering source-interface configured, nor loopback interface available; moreover, the bpe address is the highest ip address among the interfaces.

Workaround: Set up the source interface via CLI cable metering source-interface.

CSCsh70337

When upgrading from 12.3(13a)BC4 to 12.3(17b)BC5, the tunnel group and tunnel numbers are not preserved and are re-numbered starting from 1.

This issue occurs when upgrading from 12.3(13a)BC4 to 12.3(17b)BC5.

Workaround: Renumber the tunnel numbers.

CSCsh95155

Deleting snmp private RW from 10K still allows RF Switch to Toggle.

This issue occurs when using the RF switch for line card high availability, and the private RW string is removed from the CMTS.

Workaround: Do not delete/remove the private rw snmp string from the CMTS, or be sure to configure the same RW string on the RF Switch(s) and 10K. The HCCP/SNMP string can be changed on the 10K with 12.3(13) code and >.

CSCsi01961

A slow leak may occur on a router in the CMTS MAC Parser process.

There are no known workarounds.

CSCsi05373

A Cisco router may unexpectedly reload due to bus error (Signal = 10, Code = 0x10) and spurious accesses may be observed.

This issue may occur under the following conditions:

•The UBR is running Cisco IOS Release 12.3(21)BC

•The Modems used were exclusively "Scientific Atlanta EPC2203" and have issue to get grant from the UBR

Workaround: Do not ping or telnet to the modem while a phone call is crossing it.

CSCsi06219

Modems with UGS flows are moved after a while, even though the default of no move in 123(17)BC was not changed.

There are no known workarounds.

Resolved Caveats for Release 12.3(21a)BC1

Table 36 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(21a)BC1 release.
Table 36 Resolved Caveats for Cisco IOS Release 12.3(21a)BC1
DDTS ID Number

Description

CSCek70834

CMTS Cable Line Card (CLC) can unexpectedly reload due to a dangling pointer reference in SID database of the CMTS on CLC. In particular, it has been seen on a 520 CLC in a ubr10000 CMTS chassis.

No HA or multicast needs to be configured on the CMTS to see this issue.

There are no known workarounds.

CSCsd30267

The Authentication, Authorization, and Accounting (AAA) per user process is holding memory, and the router is running out of memory.

This issue occurs on a Cisco uBR7114E router running Cisco IOS Release 12.3(13a)BC2 with PPP over Ethernet (PPPOE) dialing and dynamic access control lists (ACLs).

There are no known workarounds

CSCsd85587

A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid user name or password).

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

The vulnerable cryptographic library is used in the following Cisco products:

Cisco IOS, documented as Cisco bug ID CSCsd85587

Cisco IOS XR, documented as Cisco bug ID CSCsg41084

Cisco PIX and ASA Security Appliances, documented as Cisco bug ID CSCse91999

Cisco Unified CallManager, documented as Cisco bug ID CSCsg44348

Cisco Firewall Service Module (FWSM)

This vulnerability is also being tracked by CERT/CC as VU#754281.

Cisco has made free software available to address this vulnerability for affected customers. There are no workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.

Note Another related advisory is posted together with this Advisory. It also describes vulnerabilities related to cryptography that affect Cisco IOS. A combined software table for Cisco IOS only is available at http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml and can be used to choose a software release which fixes all security vulnerabilities published as of May 22, 2007. The related advisory is published at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.

CSCse05736

A router running RCP can be reloaded by a specific packet.

This issue is seen under the following conditions:

•The router must have RCP enabled.

•The packet must come from the source address of the designated system configured to send RCP packets to the router.

•The packet must have a specific data content.

Workaround: Put access lists on the edge of your network blocking RCP packets to prevent spoofed RSH packets. Use another protocol such as SCP. Use VTY ACLs.

CSCsg48884

When Subscriber Account Management Interface Specification (SAMIS) cable metering is configured for streaming every 15 minutes, the Cisco uBR router streams twice within a 15 minutes period.

This issue occurs in Cisco OS Release 12.3(17a)BC2.

There are no known workarounds.
CSCsh11476
The Cisco uBR7100 series router crashes with the following the watchdog timeout message:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = CMTS 
METERING EXPORT Process. 
The issue occurs after a Subscriber Account Management Interface Specification (SAMIS) outage. When the SAMIS server is down, the Cisco uBR router is supposed to hold a file in flash and then send one update when the server is back online. However, when the server came back online, the router crashed when reading/writing a file to flash.

There are no known workarounds.
CSCsh30009
A Cisco Router running an IOS version that has contains the bug fix for CSCsg21394 may fail to resolve Canonical Names (CNAME) DNS queries.
Router#ping http://www.google.com                                                                                    
Translating "http://www.google.com"...domain server (x.x.x.x)       
Translating "http://www.google.com"...domain server (x.x.x.x)                          
Domain: Using source interface FastEthernet4             
Domain: query for http://www.google.com type 1 to x.x.x.x    
DOM: dom2cache: hostname is http://www.google.com, RR type=5, class=1, 
ttl=0, n=8  
DOM: Answer hostname doesn't match query hostnameReply received empty 
Domain: query for http://www.google.com.domain.com type 1 to 
x.x.x.xReply received no such name  
Domain: Using source interface FastEthernet4                
Domain: query for h
There are no known workarounds.
CSCsh73925

A Cisco CMTS may lose ip connectivity to CM/CPE devices after removing a secondary IP address on a cable or bundle interface.

Removing a secondary ip address causes all ARP entries (associated with primary ip address and remaining secondary ip addresses) on that bundle interface to be deleted. Until the ARP table is rebuilt there could be loss of ip connectivity.

Workaround: Ensure that secondary IP addresses are removed during a maintenance window.

Another potential workaround would be to segment the CMTS into smaller cable interface bundle groups or to use separate subinterfaces so that a lower number of modems and CPE ARP entries are linked to each subinterface.

CSCsh86171

Source verification does not work for packets received on MC28U line cards on routers running 12.3(21)BC image.

If source verification is enabled on the bundle interface including the MC28C line card, using cable source-verify ..., the packets are not source verified.

There are no known workarounds.

CSCsj85065

A Cisco IOS device may crash while processing an SSL packet. This can happen during the termination of an SSL-based session. The offending packet is not malformed and is normally received as part of the packet exchange.

Cisco has released free software updates that address this vulnerability.

Aside from disabling affected services, there are no available workarounds to mitigate an exploit of this vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml.
Open Caveats for Release 12.3(21)BC

Table 37 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(21)BC release.
Table 37 Open Caveats for Cisco IOS Release 12.3(21)BC
DDTS ID Number

Description

CSCeh33888

A Cisco router may reload with Last reset from the watchdog reset.

This issue may occur when the router has a NPE-G1 processor board and is running Cisco IOS 12.3(9a)BC.

There are no known workarounds.

CSCej89390

On a CMTS platform with MC28U/MC16U cable line cards, if a CLC interface has bundle slave configured, and the interface bundle slave is brought in/out of bundle slave cfg, CMTS features like "cable source-verify dhcp" and "cable arp" will not work properly.

There are no known workarounds.

CSCsd26691

When tdma-atdma docsis mode is configured on the interface, the current reserved value shown on admission control CLI is incorrect.

This issue is observed whenever tdma-atdma is configured.

There are no known workarounds.

CSCse11646

Spurious memory access are produced when monitoring MAC packets with the DSG configuration.

There are no known workarounds.
CSCse33368
A reloaded router reloaded may display the following message:
Last reset from watchdog nmi
System was restarted by watchdog timer expired
7200 Software (UBR7200-IK9S-M), Experimental Version 
12.3(20051018:202204) [kishoreg-cassatt-bc7 111]
Compiled Mon 31-Oct-05 23:27 by kishoreg
Image text-base: 0x60008E3C, data-base: 0x6172E00
There are no known workarounds.
CSCsg46637

When an invalid DSX (DSA, DSD, or DSC) message is received, only a vague message is printed out.

There are no known workarounds.

CSCsg84570

The CMTS (UBR) may unexpectedly reload.

This issue occurs when the "interface bundleX" is used in configuration mode.

There are no known workarounds.

CSCsg84837

When IPX packets are sent to cable upstream, the ifInUnknownPkts for upstream remains at 0.

There are no known workarounds.

CSCsh14796

Under the DOCSIS1.1 or DOCSISI 2.0 model, the CMTS cannot trigger the CM to resend SA-MAP/TEK request unless the CM is reset or the CPE re-starts the multicast session by IGMP-leave and IGMP-join again.

There are no known workarounds.

CSCsh40987

Under certain conditions, a router with an NPE-G1 may unexpectedly reload with a software forced reload after memory corruptions.

There are no known workarounds.
Resolved Caveats for Release 12.3(21)BC

Table 38 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(21)BC release.
Table 38 Resolved Caveats for Cisco IOS Release 12.3(21)BC
DDTS ID Number

Description

CSCed62867

After a CMTS reload, a BAD/WRONG BCM3138 FFT error message is logged.

This issue occurs with Spectrum management configuration on MC28U card.

Workaround: FFT data collection is working after the error is logged, so no manual workaround is required.

CSCej87157

If only DS BW is saturated while there is s still US BW available, e911 calls will be rejected.

Workaround: Stop running applications manually to free up DS BW. and turn off automatic DS BW for preemption to occur.

CSCek43268

A QoS profile being used by a CM is able to be deleted.

There are no known workarounds.

CSCek43887

When src-ip of a cfr is edited, the tunnel stats does reset and retain the stats of the previous flow.

There are no known workarounds.

CSCsb27648

Multiple Qos_reserve Qos_commit are seen on radius packet while intercepting packet in packetcable.

The CMTS needs to be configure for packetcable and an Gate_set needs to be receive.

There are no known workarounds.

CSCsc27292

Integrated Customer Premise Equipment (CPE) inside of certain brands of Cable Modem and Set Top Box units are unable to acquire an IP address via a Cisco uBR CMTS.

The issue tends to occur when cable interface bundling is configured. The issue occurs in 12.3(13a)BC IOS but not in earlier IOS releases.

Workaround: Revert to an earlier release of IOS for the Cisco uBR CMTS or un-configure cable interface bundling.

CSCsc63687

When service flows are generated for multicast traffic through the use of the cable and bundle interface command cable match address n a Cisco uBR series CMTS, the docsQosMIBObjects SNMP objects do not report details of the multicast service flows.

Workaround: Revert to the use of the IOS Command Line Interface to gather statistics on multicast service flows.

CSCsc86355

When CPEs are joining and leaving multicast groups on a bundle interface at a very fast rate, and the show interface bundle x multicast command is issued, it is possible that an alignment error or a bus error reload may occur.

There are no known workarounds.

CSCsd30319

Modems get stuck in the init(o) state following an OIR operation if the replacement card type is not identical to the original card.

This issue is related to virtual interface bundling and only occurs on interfaces that are members of a cable bundle.

Workaround: Reboot the router.

CSCsd39821

The VID data in entPhysicalHardwareRev MIB displays the wrong value if the data field in EEPROM is missing.

This issue will affect the Entity MIB in all software releases if the VID data field is not programmed.

There are no known workarounds.

CSCsd39843

The MIBs entPhysicalSoftwareRev and entPhysicalMfgName for the UBR7200-I/O-2FE/E controller card displays the wrong data.

This issue will affect the Entity MIB for the uBR7200 software releases.

There are no known workarounds.

CSCsd40636

The show ip vrf ? command does not display the WORD option. The show inventory raw ? command does not display options.

There are no known workarounds.

CSCsd59963

The IP ToS/DSCP byte is always set to 0x00 for PacketCable CALEA replicated packets, even when the original packets have a higher value.

There are no known workarounds.

CSCsd80421

The cdxBWQueueTable and cdxBWQueueEntry MIB variables should be able to return information about all upstream bandwidth request queues on a cisco uBR series CMTS. however, only information about the Committed Information Rate (CIR) and the non-existe are shown.

There are no known workarounds.

CSCse06619

When changing a bundle member from one bundle to another, the service class information is not there in show cable dsg tunnel <no> statistics CLI.

There are no known workarounds.

CSCse56676

Some of the traps may be sent to SNMP management stations, even when those traps are not configured to be sent to those stations.

This issue can occur to any trap sent out, even when it is not associated with snmp host.

There are no known workarounds.
CSCse77050
On a cisco uBR series CMTS, the defaults for the cable upstream <us-channel> admission-control <percentage> command have changed from enforcing over subscription, to 100% of the available upstream bandwidth, to not enforcing any over subscription level.

In addition, if the command cable upstream <us-channel> admission-control 100 is configured, the command will not be properly saved and will not be maintained after a CMTS reload.

Workaround: If upstream channel over subscription enforcement for minimum reserved rate services is desired at 100% of upstream bandwidth, then the workaround is to manually configure a slightly different value.

For example:
cable upstream <us-channel> admission-control 99
CSCse95886
A duplicate of the following error message is seen:
This service class has not been configured yet.
This issue occurs when the "no cable admission-control us-bandwidth service-class <name>" CLE is used when is no service class existing by name <name>.

There are no known workarounds.
CSCsf04754

Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.

The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities.

Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to these vulnerabilities.

This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml

CSCek57932

Cisco uBR10012 series devices automatically enable Simple Network Management Protocol (SNMP) read/write access to the device if configured for linecard redundancy. This can be exploited by an attacker to gain complete control of the device. Only Cisco uBR10012 series devices that are configured for linecard redundancy are affected.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is posted at

http://www.cisco.com/warp/public/707/cisco-sa-20080924-ubr.shtml.
Open Caveats for Release 12.3(17b)BC9

Table 39 lists only severity 1 and 2 caveats and select severity 3 caveats for Cisco IOS Release 12.3(17b)BC9.
Table 39 Open Caveats for Cisco IOS Release 12.3(17b)BC9
DDTS ID Number

Description

CSCed62867

After a CMTS reload, a BAD/WRONG BCM3138 FFT error message is logged.

This issue occurs with Spectrum management configuration on MC28U card.

Workaround: FFT data collection is working after the error is logged, so no manual workaround is required.

CSCej87157

All e911 calls are rejected if downstream (DS) bandwidth is saturated, even though upstream (US) bandwidth is still available.

Workaround: Stop running applications manually to free up DS bandwidth; no automatic DS bandwidth preemption occurs.

CSCek43268

You can now delete a quality of service (QoS) profile that is being used by a cable modem.

CSCek43887

When the src-ip field of a Confirmation to Receive (CFR) is edited, the tunnel statistics do not get reset and retain the statistics of the previous flow.

There are no known workarounds.

CSCek70406

MC28U line cards can unexpectedly reload in cmts_get_dyn_transc_state.

This issue occurs when dynamic service flows are created in packetcable or non-packetcable environment.

There are no known workarounds.

CSCsb27648

Multiple Qos_reserve Qos_commits occur on a RADIUS packet while intercepting packets in PacketCable.

This issue occurs when the cable modem termination system (CMTS) is configured for PacketCable and the Gate_set needs to be received.

There are no known workarounds.

CSCsc63687

On a Cisco uBR series cable modem termination system (CMTS), when service flows are generated for multicast traffic through the use of the cable and bundle interface cable match address command, the docsQosMIBObjects Simple Network Management Protocol (SNMP) objects do not report details of the multicast service flows.

Workaround: Revert to the use of the Cisco IOS Command Line Interface to gather statistics on multicast service flows.

CSCsc86355

When customer premises equipment (CPE) devices are joining and leaving multicast groups on a bundle interface at a very fast rate, and the show interface bundle x multicast command is issued, an alignment error or a bus error reload occurs.

There are no known workarounds.

CSCsd39821

The VID data in the entPhysicalHardwareRev MIB displays the wrong value if the data field in EEPROM is missing.

This issue affects the Entity MIB in all Cisco uBR7100 software releases if the VID data field is not programmed.

There are no known workarounds.

CSCsd39843

The entPhysicalSoftwareRev and entPhysicalMfgName MIBs for the Cisco uBR7100-I/O-2FE/E controller card display the wrong data.

This issue affects the Entity MIB for the Cisco uBR7100 software releases

There are no known workarounds.

CSCsd40636

The show ip vrf ? command does not display the WORD option, and the show inventory raw ? does not display options at all.

There are no known workarounds.

CSCsd80421

The cdxBWQueueTable and cdxBWQueueEntry MIB variables should return information about all upstream bandwidth request queues on a Cisco uBR series cable modem termination system (CMTS). However, only information about the Committed Information Rate (CIR) and the existent Tiered Best Effort (TBE) queue is available.

There are no known workarounds.

CSCsd84554

The not in service quality of service (QoS) profile can be enforced to the modem using the cdxCmtsCmQosProfile MIB, but the not in service QoS profile cannot be enforced to the modem using the CLI.

There are no known workarounds.

CSCse06619

When changing a bundle member from one bundle to another, the service class information is not displayed in the show cable dsg tunnel no statistics command.

There are no known workarounds.

CSCse14247

The cable quality of service (QoS) profile that is created using the cdxCmtsCmQosProfile MIB can be modified or deleted when the profile is active and in use by modems.

There are no known workarounds.

CSCse77050

On a Cisco uBR series cable modem termination system (CMTS), the defaults for the cable upstream us-channel admission-control percentage command have changed from enforcing over subscription to 100% of the available upstream bandwidth, to not enforcing any over subscription level. In addition, if the cable upstream us-channel admission-control 100 command is configured, the command is not properly saved and is not maintained after a CMTS reload.

Workaround: If upstream channel over subscription enforcement for minimum reserved rate services is desired at 100% of upstream bandwidth, then manually configure a slightly different value. For example: cable upstream us-channel admission-control 99.
CSCse95886
When you use the no cable admission-control us-bandwidth service-class name command to disable Admission Control upstream bandwidth for a non-existing service class, duplicate error messages are generated stating:
This service class has not been configured yet.
There are no known workarounds.
CSCsg13683

Dynamic Service Change (DSC) refresh messages cause out-of-order downstream (DS) voice packets.

There are no known workarounds.

CSCsh59672

Cable filter groups are not correctly updated in the MC28U cable line card if changes are made in the command line interface (CLI).

Specific test cases concerned the IP TOS filtering capabilities:

•Cable filter group 2 is initially configured to block IP TOS 0x40.

•The cable filter is then changed to filter based on IP TOS 0x20.

•Show cable filter group command from CLI indicates that the changed has been made.

•Same command on the MC28U indicates that is was not changed. The original value of 0x40 remains.

•To complicate matters more, the filter group work correctly in Cisco IOS Release 12.3(17b)BC4 despite the discrepancy between CLI and CLC. However, in the upcoming Cisco IOS Release 12.3(21)BC release, they do not. The filter behaves based on the CLC configuration, which never updates unless the cable modem termination system (CMTS) is rebooted after a configuration change is made.

There are no known workarounds.
CSCsi83966
Multiple tracebacks are observed:
313861: Apr 10 07:16:06.784 UTC: %REQGRP-3-SYSCALL: System call for 
command 72 (slot4/0) : Could not send blocked IPC message (Cause: 
timeout)
-Traceback= 6069F510 606B35B0 60C5A09C 60C5B7E0 60C58980 61005A70 
610093CC 60FF9910 6101FE0C 60916AC4 60916AA8
314045: Apr 10 08:16:39.940 UTC: %REQGRP-3-SYSCALL: System call for 
command 42 (slot4/0) : Could not send blocked IPC message (Cause: 
timeout)
-Traceback= 6069F510 606AC4A8 606AEED4 60C898A0 60C89B34 60C5AD40 
60C5B188 60C5B834 60C58980 61005A70 610093CC 60FF9910 6101FE0C 60916AC4 
60916AA8
313868: Apr 10 07:18:35.833 UTC: %REQGRP-3-SYSCALL: System call for 
command 47 (slot4/0) : Could not send blocked IPC message (Cause: 
timeout)
-Traceback= 6069F510 606B3D0C 606B4930 6069D1EC 6053BEC4 60886370 
60897D40 60916AC4 60916AA8
This issue occurs on a Cisco uBR7246VXR router with an MC28U card. BPI and VPN are not configured. No crashinfo is seen on PRE or line card.

Workaround: Reset affected line card with hardware module stop/start.
CSCsj26808
When trying to snmpwalk docsIfCmtsCmStatusMacAddress, the device does not get the MAC address associated with the node.

The port the node is on is:
UBR 1 card 5
Downstream 0
Upstream 0, 1, & 2
This issue occurs during normal customer use.
Root cause of the issue is the erratic "total active devices" of 
Cable5/0.
------------------ show interface Cable5/0 downstream 
------------------
Cable5/0: Downstream is up
     3810767406 packets output, 2447284803 bytes, 3584 discarded
     0 output errors
     -594 total active devices, 311 active modems      <=========== The 
negtive devices counter will make the snmp code skip all entries on 
C5/0.
        Total downstream bandwidth: 42884 Kbps
        Total downstream reserved/reservable bandwidth: 1177/38595 Kbps
        Estimated usable bandwidth: 37500 Kbps
        Worst case latency for low latency queue: 0 usecs
        Current Upper limit for worst case latency: 0 usecs
        Ranging lists counts
     Maintainence list 310, max 312
     Continous list 1, max 10
     Pending list 0, max 3
There are no known workarounds.
CSCsj81080

Two Cisco uBR7246VXR routers with NPE-G1s both show negative input queue values on the cable interface. The two routers are passing traffic. The bundled virtual interfaces on the devices have a non-decreasing positive input queue.

Workaround: The negative input queue values issue is cosmetic; the interface still passes traffic. The continuously growing input queue on the bundled interface can be cleared by reloading the device.
CSCsj93719
A Cisco uBR7246VXR router with an NPE-G1 reboots. The system returns to ROM with the following error:
Software forced crash, PC 0x6094918C 
The crash occurs because the red zone is overwritten in the I/O memory pool.

There are no known workarounds.
CSCsk17493

A slow memory leak exists in Request di and SNMP ENGINE.

This issue occurs on a router running Cisco IOS Release 12.3(17b)BC4 and the Simple Network Management Protocol (SNMP).

There are no known workarounds.

CSCsk49540

A line card memory allocation failure is causing a system slowdown. The show cable modem, show run, and show tech commands all experience noticeable performance slowdowns.

This issue occurs because a cable line card is running out of memory; Pool Manager Free shows as 0, and holdong shows a large value.

There are no known workarounds.

CSCsk60162

Voice assigned to an Unsolicited Grant Services (UGS) flow is not seen on the sniffer, intercepted packet.

This issue occurs sporadically on an MC28X card.

Workaround: Execute a shut/no shut of the cable interface.
Resolved Caveats for Release 12.3(17b)BC9

Table 40 lists only severity 1 and 2 caveats and select severity 3 caveats for Cisco IOS Release 12.3(17b)BC9.
Table 40 Resolved Caveats for Cisco IOS Release 12.3(17b)BC9
DDTS ID Number

Description

CSCed95187

RST packets may contain a non-randomized identification value on the IP header.

This issue is observed on a Cisco platform that receives a TCP SYN packet on a non-listening port.

There are no known workarounds.

CSCeh48684

Identification field is always 0 in the tacacs+ packet with SYN flag. The tacacs packet goes from a cat6509 through a FW to the AAA server. The FW construes this as a Fragment Overlap Attack and drops additional new connections.

There are no known workarounds.

CSCsh92986

The latency for the RSH command could increase when they are flowing through an FWSM module.

The following issue was observed on an FWSM that is running 2.2 software: (1) The long delay was triggered by using either Cisco IOS Release 12.3(13a)BC1 or (2) Cisco IOS Release 12.3(17a)BC1 on routers toward which those RSH commands were sent.

Workaround: Either bypass the FWSM module or downgrade to Cisco IOS Release 12.3(9a)BC3, which is not affected by this extra delay issue.

CSCsi91974

With STM1.0, the cable modem can be set in penalty even during Offpeak periods.

This issue occurs on a Cisco router running Cisco IOS Release 12.3(17b)BC5. This issue is not seen in Cisco IOS Release 12.3(13)BC.

There are no known workarounds.
CSCsj16292
Following an upgrade to Cisco IOS Release 12.2(18)SXF9, the following message may be displayed:
%DATACORRUPTION-1-DATAINCONSISTENCY: copy error
-Traceback= 
This message may appear as a result of Simple Network Management Protocol (SNMP) polling of PAgP variables, but does not appear to be service impacting.

There are no known workarounds.
CSCsj18014

A caller ID may be received with extra characters.

This issue is observed when caller ID is enabled on both routers and when the station ID and station name are configured on the FXS side.

There are no known workarounds.

CSCsj43368

IP connectivity issues or observed when running Baseline Privacy Interface (BPI).

This issue occurs when running Cisco IOS Release 12.3(21a)BC1 using an MC16U card.

Workaround: Downgrade to Cisco IOS Release 12.3(13a)BC6.

CSCsj52927

DATACORRUPTION-1-DATAINCONSISTENCY messages appear in the show log output when the router comes up.

There are no known workarounds.
Open Caveats for Release 12.3(17b)BC8

Table 41 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(17b)BC8 release.
Table 41 Open Caveats for Cisco OS Release 12.3(17b)BC8
DDTS ID Number

Description
CSCed62867
After a cable modem termination system (CMTS) reload, the following error message is logged:
BAD/WRONG BCM3138 FFT 
This issue occurs when there is a spectrum management configuration on an MC28U card.

Workaround: No manual workaround is required; Fast Fourier Transform (FFT) data collection continues working after the error is logged.
CSCeh33888

A Cisco uBR7100 series router reloads with the last reset from the watchdog reset.

This issue occurs on a router that has an NPE-G1 processor board and is running Cisco IOS Release 12.3(9a)BC.

There are no known workarounds.

CSCej87157

All e911 calls are rejected if downstream (DS) bandwidth is saturated, even though upstream (US) bandwidth is still available.

Workaround: Stop running applications manually to free up DS bandwidth; no automatic DS bandwidth preemption occurs.

CSCek43268

You can now delete a quality of service (QoS) profile that is being used by a cable modem.

CSCek43887

When the src-ip field of a Confirmation to Receive (CFR) is edited, the tunnel statistics do not get reset and retain the statistics of the previous flow.

There are no known workarounds.

CSCek70406

MC28U line cards can unexpectedly reload in cmts_get_dyn_transc_state.

This issue occurs when dynamic service flows are created in packetcable or non-packetcable environment.

There are no known workarounds.

CSCsb27648

Multiple Qos_reserve Qos_commits occur on a RADIUS packet while intercepting packets in PacketCable.

This issue occurs when the cable modem termination system (CMTS) is configured for PacketCable and the Gate_set needs to be received.

There are no known workarounds.

CSCsc63687

On a Cisco uBR series cable modem termination system (CMTS), when service flows are generated for multicast traffic through the use of the cable and bundle interface cable match address command, the docsQosMIBObjects Simple Network Management Protocol (SNMP) objects do not report details of the multicast service flows.

Workaround: Revert to the use of the Cisco IOS Command Line Interface to gather statistics on multicast service flows.

CSCsc86355

When customer premises equipment (CPE) devices are joining and leaving multicast groups on a bundle interface at a very fast rate, and the show interface bundle x multicast command is issued, an alignment error or a bus error reload occurs.

There are no known workarounds.

CSCsd39821

The VID data in the entPhysicalHardwareRev MIB displays the wrong value if the data field in EEPROM is missing.

This issue affects the Entity MIB in all Cisco uBR7100 software releases if the VID data field is not programmed.

There are no known workarounds.

CSCsd39843

The entPhysicalSoftwareRev and entPhysicalMfgName MIBs for the Cisco uBR7100-I/O-2FE/E controller card display the wrong data.

This issue affects the Entity MIB for the Cisco uBR7100 software releases

There are no known workarounds.

CSCsd40636

The show ip vrf ? command does not display the WORD option, and the show inventory raw ? does not display options at all.

There are no known workarounds.

CSCsd80421

The cdxBWQueueTable and cdxBWQueueEntry MIB variables should return information about all upstream bandwidth request queues on a Cisco uBR series cable modem termination system (CMTS). However, only information about the Committed Information Rate (CIR) and the existent Tiered Best Effort (TBE) queue is available.

There are no known workarounds.

CSCsd84554

The not in service quality of service (QoS) profile can be enforced to the modem using the cdxCmtsCmQosProfile MIB, but the not in service QoS profile cannot be enforced to the modem using the CLI.

There are no known workarounds.

CSCse06619

When changing a bundle member from one bundle to another, the service class information is not displayed in the show cable dsg tunnel no statistics command.

There are no known workarounds.

CSCse14247

The cable quality of service (QoS) profile that is created using the cdxCmtsCmQosProfile MIB can be modified or deleted when the profile is active and in use by modems.

There are no known workarounds.

CSCse77050

On a Cisco uBR series cable modem termination system (CMTS), the defaults for the cable upstream us-channel admission-control percentage command have changed from enforcing over subscription to 100% of the available upstream bandwidth, to not enforcing any over subscription level. In addition, if the cable upstream us-channel admission-control 100 command is configured, the command is not properly saved and is not maintained after a CMTS reload.

Workaround: If upstream channel over subscription enforcement for minimum reserved rate services is desired at 100% of upstream bandwidth, then manually configure a slightly different value. For example: cable upstream us-channel admission-control 99.
CSCse95886
When you use the no cable admission-control us-bandwidth service-class name command to disable Admission Control upstream bandwidth for a non-existing service class, duplicate error messages are generated stating:
This service class has not been configured yet.
There are no known workarounds.
CSCsh59672

Cable filter groups are not correctly updated in the MC28U cable line card if changes are made in the command line interface (CLI).

Specific test cases concerned the IP TOS filtering capabilities:

•Cable filter group 2 is initially configured to block IP TOS 0x40.

•The cable filter is then changed to filter based on IP TOS 0x20.

•Show cable filter group command from CLI indicates that the changed has been made.

•Same command on the MC28U indicates that is was not changed. The original value of 0x40 remains.

•To complicate matters more, the filter group work correctly in Cisco IOS Release 12.3(17b)BC4 despite the discrepancy between CLI and CLC. However, in the upcoming Cisco IOS Release 12.3(21)BC release, they do not. The filter behaves based on the CLC configuration, which never updates unless the cable modem termination system (CMTS) is rebooted after a configuration change is made.

There are no known workarounds.

CSCsi06219

Modems with UGS flows are moved after a while, even though the default of no move in 123(17)BC was not changed.

There are no known workarounds.

CSCsi48575

A mc28u card unexpected reload is related to the pointer in the IOS related to arp filters.

This issue occurs on a router running 12.3(17b)BC4 with 28u cards.

There are no known workarounds.
CSCsi83966
Multiple tracebacks are observed:
313861: Apr 10 07:16:06.784 UTC: %REQGRP-3-SYSCALL: System call for 
command 72 (slot4/0) : Could not send blocked IPC message (Cause: 
timeout)
-Traceback= 6069F510 606B35B0 60C5A09C 60C5B7E0 60C58980 61005A70 
610093CC 60FF9910 6101FE0C 60916AC4 60916AA8
314045: Apr 10 08:16:39.940 UTC: %REQGRP-3-SYSCALL: System call for 
command 42 (slot4/0) : Could not send blocked IPC message (Cause: 
timeout)
-Traceback= 6069F510 606AC4A8 606AEED4 60C898A0 60C89B34 60C5AD40 
60C5B188 60C5B834 60C58980 61005A70 610093CC 60FF9910 6101FE0C 60916AC4 
60916AA8
313868: Apr 10 07:18:35.833 UTC: %REQGRP-3-SYSCALL: System call for 
command 47 (slot4/0) : Could not send blocked IPC message (Cause: 
timeout)
-Traceback= 6069F510 606B3D0C 606B4930 6069D1EC 6053BEC4 60886370 
60897D40 60916AC4 60916AA8
This issue occurs on a router with an MC28U card. BPI and VPN are not configured. No crashinfo is seen on PRE or line card.

Workaround: Reset affected line card with hardware module stop/start.
CSCsi91974

With STM1.0, the CM can be set in penalty even during Offpeak period.

This issue occurs on a router running 12.3(17b)BC5. This issue is not seen in 12.3(13)BC.

There are no known workarounds.
CSCsj26808
When trying to snmpwalk docsIfCmtsCmStatusMacAddress, the device does not get the MAC address associated with the node.

The port the node is on is:
UBR 1 card 5
Downstream 0
Upstream 0, 1, & 2
This issue occurs during normal customer use.
Root cause of the issue is the erratic "total active devices" of 
Cable5/0.
------------------ show interface Cable5/0 downstream 
------------------
Cable5/0: Downstream is up
     3810767406 packets output, 2447284803 bytes, 3584 discarded
     0 output errors
     -594 total active devices, 311 active modems      <=========== The 
negtive devices counter will make the snmp code skip all entries on 
C5/0.
        Total downstream bandwidth: 42884 Kbps
        Total downstream reserved/reservable bandwidth: 1177/38595 Kbps
        Estimated usable bandwidth: 37500 Kbps
        Worst case latency for low latency queue: 0 usecs
        Current Upper limit for worst case latency: 0 usecs
        Ranging lists counts
     Maintainence list 310, max 312
     Continous list 1, max 10
     Pending list 0, max 3
There are no known workarounds.
Resolved Caveats for Release 12.3(17b)BC8

Table 42 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(17b)BC8 release.

Table 42 Resolved Caveats for Cisco OS Release 12.3(17b)BC8

DDTS ID Number

Description

CSCeg62070

Tracebacks or unexpected reloads are seen during a HTTP transactions with long URLs.

The unexpected reload is seen when the length of any token in the URL of the request is excessively long.

Workaround: Disable HTTP server using the no ip http server command.

CSCek76143

DOCSIS dynamic state queue can be corrupted and cause a CMTS RP or LC unexpected reload in cmts_get_dyn_transc_state. This is a suspected cause of unexpected reloads in CSCek70406.

This issue occurs with dynamic service flows created in packetcable or non-packetcable environment.

There are no known workarounds.

CSCsb79076

%SYS-3-TIMERNEG errors and tracebacks are observed while making MGCP RSVP calls on a analog (RGW) setups.

This is observed in 12.4(3.9)T1 IOS version.

There are no known workarounds.

CSCsd59963

The IP ToS/DSCP byte is always set to 0x00 for PacketCable CALEA replicated packets, even when original packets have a higher value.

There are no known workarounds.

CSCse56501

A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.

Cisco is providing fixed software to address this issue. There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml.

CSCsg40567

Malformed SSL packets may cause a router to leak multiple memory blocks.

This issue is observed on a Cisco router that has the ip http secure server command enabled.

Workaround: Disable the ip http secure server command.

CSCsi01470

A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.

CSCsi01961

A slow leak may occur on a router in the CMTS MAC Parser process.

There are no known workarounds.

CSCsi32107

During normal operations, a bus error forced reload occurs due to SNMP activity on the router.

There are no known workarounds.

CSCsi33899

The CMTS unexpected reloads when snmp set the cdxCmtsCmQosProfile.

This issue occurs when setting the cdxCmtsCmQosProfile with boundary value 16383.

Workaround: Do not set the cdxCmtsCmQosProfile with value bigger than 255.

CSCsi41855

The router unexpected reloads when 28U card OIR/test reloads while polling ccsFlapEntry.

This issue occurs when the OIR/LC unexpected reloads.

There are no known workarounds.

CSCek57932

Cisco uBR10012 series devices automatically enable Simple Network Management Protocol (SNMP) read/write access to the device if configured for linecard redundancy. This can be exploited by an attacker to gain complete control of the device. Only Cisco uBR10012 series devices that are configured for linecard redundancy are affected.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is posted at

http://www.cisco.com/warp/public/707/cisco-sa-20080924-ubr.shtml.

Open Caveats for Release 12.3(17b)BC7

Table 43 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(17b)BC7 release.

Table 43 Open Caveats for Cisco OS Release 12.3(17b)BC7

DDTS ID Number

Description

CSCek70406

MC28U line cards can unexpectedly reload in cmts_get_dyn_transc_state.

This issue occurs when dynamic service flows are created in packetcable or non-packetcable environment.

There are no known workarounds.

CSCsd26691

When tmda-atmda docsis mode is configured on the interface, the current reserved value shown on the admission control command is incorrect.

This issue occurs whenever tdma-atdma mode is configured.

There are no known workarounds.

CSCse11646

Spurious memory access occurs when monitoring MAC packets with the DOCSIS Set-Top Gateway (DSG) configuration.

There are no known workarounds.

CSCsg46637

When an invalid DSX (Dynamic Service Addition (DSA), Dynamic Service Deletion (DSD), or Dynamic Service Change (DSC) message is received, only a vague message is printed out.

There are no known workarounds.

CSCsh14796

Under the DOCSIS1.1 or DOCSISI 2.0 model, the CMTS cannot trigger the CM to re-send SA-MAP/TEK request unless the CM is reset or the CPE re-starts the multicast session by IGMP-leave and IGMP-join again.

There are no known workarounds.

CSCsh59672

Cable filter groups are not correctly updated in the MC28U cable line card if changes are made in the command line interface (CLI).

Specific test cases concerned the IP TOS filtering capabilities:

•Cable filter group 2 is initially configured to block IP TOS 0x40.

•The cable filter is then changed to filter based on IP TOS 0x20.

•Show cable filter group command from CLI indicates that the changed has been made.

•Same command on the MC28U indicates that is was not changed. The original value of 0x40 remains.

•To complicate matters more, the filter group work correctly in Cisco IOS Release 12.3(17b)BC4 despite the discrepancy between CLI and CLC. However, in the upcoming Cisco IOS Release 12.3(21)BC release, they do not. The filter behaves based on the CLC configuration, which never updates unless the cable modem termination system (CMTS) is rebooted after a configuration change is made.

There are no known workarounds.

CSCsh68970

Samis tries to use bpe address as source address, which result in connection failure.

Neither cable metering source-interface configured, nor loopback interface available; moreover, the bpe address is the highest ip address among the interfaces.

Workaround: Set up the source interface via CLI cable metering source-interface.

CSCsh70337

When upgrading from 12.3(13a)BC4 to 12.3(17b)BC5, the tunnel group and tunnel numbers are not preserved and are re-numbered starting from 1.

This issue occurs when upgrading from 12.3(13a)BC4 to 12.3(17b)BC5.

Workaround: Renumber the tunnel numbers.

CSCsh86171

Source verification does not work for packets received on MC28U line cards on routers running 12.3(21)BC image.

If source verification is enabled on the bundle interface including the MC28C line card, using cable source-verify ..., the packets are not source verified.

There are no known workarounds.

CSCsi06219

Modems with UGS flows are moved after a while, even though the default of no move in 123(17)BC was not changed.

There are no known workarounds.

CSCsi32107

During normal operations, a bus error forced reload occurs due to SNMP activity on the router.

There are no known workarounds.

Resolved Caveats for Release 12.3(17b)BC7

Table 44 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(17b)BC7 release.

Table 44 Resolved Caveats for Cisco OS Release 12.3(17b)BC7

DDTS ID Number

Description

CSCsd81407

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

•Session Initiation Protocol (SIP)

•Media Gateway Control Protocol (MGCP)

•Signaling protocols H.323, H.254

•Real-time Transport Protocol (RTP)

•Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Open Caveats for Release 12.3(17b)BC6

Table 45 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(17b)BC6 release.

Table 45 Open Caveats for Cisco OS Release 12.3(17b)BC6

DDTS ID Number

Description

CSCek70406

MC28U line cards can unexpectedly reload in cmts_get_dyn_transc_state.

This issue occurs when dynamic service flows are created in packetcable or non-packetcable environment.

There are no known workarounds.

CSCsd26691

When tmda-atmda docsis mode is configured on the interface, the current reserved value shown on the admission control command is incorrect.

This issue occurs whenever tdma-atdma mode is configured.

There are no known workarounds.

CSCse11646

Spurious memory access occurs when monitoring MAC packets with the DOCSIS Set-Top Gateway (DSG) configuration.

There are no known workarounds.

CSCsg46637

When an invalid DSX (Dynamic Service Addition (DSA), Dynamic Service Deletion (DSD), or Dynamic Service Change (DSC) message is received, only a vague message is printed out.

There are no known workarounds.

CSCsh14796

Under the DOCSIS1.1 or DOCSISI 2.0 model, the CMTS cannot trigger the CM to re-send SA-MAP/TEK request unless the CM is reset or the CPE re-starts the multicast session by IGMP-leave and IGMP-join again.

There are no known workarounds.

CSCsh59672

Cable filter groups are not correctly updated in the MC28U CLC if changes are made in the CLI.

Specific test cases concerned the IP TOS filtering capabilities:

•Cable filter group 2 is initially configured to block IP TOS 0x40.

•The cable filter is then changed to filter based on IP TOS 0x20.

•Show cable filter group command from CLI indicates that the changed has been made.

•Same command on the MC28U indicates that is was not changed. The original value of 0x40 remains.

•5) To complicate matters more, the filter group work correctly in 12.3(17b)BC4 despite the discrepancy between CLI and CLC. However, in the upcoming 12.3(21)BC release, they do not. The filter behaves based on the CLC config, which never updates unless the CMTS is rebooted after config change is made.

There are no known workarounds.

CSCsh68970

Samis tries to use bpe address as source address, which result in connection failure.

Neither cable metering source-interface configured, nor loopback interface available; moreover, the bpe address is the highest ip address among the interfaces.

Workaround: Set up the source interface via CLI cable metering source-interface.

CSCsh70337

When upgrading from 12.3(13a)BC4 to 12.3(17b)BC5, the tunnel group and tunnel numbers are not preserved and are re-numbered starting from 1.

This issue occurs when upgrading from 12.3(13a)BC4 to 12.3(17b)BC5.

Workaround: Renumber the tunnel numbers.

CSCsh86171

Source verification does not work for packets received on MC28U line cards on routers running 12.3(21)BC image.

If source verification is enabled on the bundle interface including the MC28C line card, using cable source-verify ..., the packets are not source verified.

There are no known workarounds.

CSCsi06219

Modems with UGS flows are moved after a while, even though the default of no move in 123(17)BC was not changed.

There are no known workarounds.

CSCsi32107

During normal operations, a bus error forced reload occurs due to SNMP activity on the router.

There are no known workarounds.

Resolved Caveats for Release 12.3(17b)BC6

Table 46 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(17b)BC6 release.
Table 46 Resolved Caveats for Cisco OS Release 12.3(17b)BC6
DDTS ID Number

Description

CSCek70834

CMTS Cable Line Card (CLC) can unexpectedly reload due to a dangling pointer reference in SID database of the CMTS on CLC. In particular, it has been seen on a 520 CLC in a ubr10000 CMTS chassis.

No HA or multicast needs to be configured on the CMTS to see this issue.

There are no known workarounds.

CSCsd30267

The Authentication, Authorization, and Accounting (AAA) per user process is holding memory, and the router is running out of memory.

This issue occurs on a Cisco uBR7114E router running Cisco IOS Release 12.3(13a)BC2 with PPP over Ethernet (PPPOE) dialing and dynamic access control lists (ACLs).

There are no known workarounds.

CSCsd85587

A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid user name or password).

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

The vulnerable cryptographic library is used in the following Cisco products:

Cisco IOS, documented as Cisco bug ID CSCsd85587

Cisco IOS XR, documented as Cisco bug ID CSCsg41084

Cisco PIX and ASA Security Appliances, documented as Cisco bug ID CSCse91999

Cisco Unified CallManager, documented as Cisco bug ID CSCsg44348

Cisco Firewall Service Module (FWSM)

This vulnerability is also being tracked by CERT/CC as VU#754281.

Cisco has made free software available to address this vulnerability for affected customers. There are no workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.

Note Another related advisory is posted together with this Advisory. It also describes vulnerabilities related to cryptography that affect Cisco IOS. A combined software table for Cisco IOS only is available at http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml and can be used to choose a software release which fixes all security vulnerabilities published as of May 22, 2007. The related advisory is published at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.
CSCse04560
A tftp client trying to transfer a file from a Cisco IOS device configured as a tftp server and which is denied by an ACL receives a different result depending if the file is being offered for download or not. This may allow a third party to enumerate which files are available for download.

The tftp-server command is configured on the device and an ACL restricting access to the file in question has been applied as in this example:
tftp-server flash: filename1 access-list-number
access-list access-list-number 
permit 192.168.1.0 0.0.0.255
access-list access-list-number 
deny any
Workaround: The following workarounds can be applied:

1. Interface ACL

Configure and attach an access list to every router interface active and configured for IP packet processing. Once the tftp server in Cisco IOS is enabled and listening by default on all interfaces enabled for IP processing, the access list would need to deny traffic to each and every IP address assigned to any active router interface.

2. Control Plane Policing

Configure and apply a CoPP policy.

Note: CoPP is only available on certain platforms and Cisco IOS releases. Additional information on the configuration and use of the CoPP feature can be found at the following URL:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_white_paper09186a0080211f39.shtml

3. Infrastructure ACLs (iACL)

Although often difficult to block traffic transiting your network, identifying traffic which should never be allowed to target your infrastructure devices and block that traffic at the border of your network is possible. Infrastructure ACLs are considered a network security best practice and should be considered as a long-term addition to good network security as well as a workaround for this specific vulnerability. The white paper entitled "Protecting Your Core: Infrastructure Protection Access Control Lists" presents guidelines and recommended deployment techniques for iACLs:

http://www.cisco.com/warp/public/707/iacl.html

4. Configuring Receive Access Lists (rACLs)

For distributed platforms, rACLs may be an option starting in Cisco IOS Release 12.0(21)S2 for the Cisco 12000 series GSR and Cisco IOS Release 12.0(24)S for the Cisco 7500 series. The receive access lists protect the device from harmful traffic before the traffic can impact the route processor. Receive path ACLs are considered a network security best practice, and should be considered as a long-term addition to good network security, as well as a workaround for this specific vulnerability. The CPU load is distributed to the line card processors and helps mitigate load on the main route processor. The white paper entitled "GSR: Receive Access Control Lists" will help identify and allow legitimate traffic to your device and deny all unwanted packets:

http://www.cisco.com/warp/public/707/racl.html
CSCse05736

A router running RCP can be reloaded by a specific packet.

This issue is seen under the following conditions:

•The router must have RCP enabled.

•The packet must come from the source address of the designated system configured to send RCP packets to the router.

•The packet must have a specific data content.

Workaround: Put access lists on the edge of your network blocking RCP packets to prevent spoofed RSH packets. Use another protocol such as SCP. Use VTY ACLs.

CSCse56676

Some traps are sent to Simple Network Management Protocol (SNMP) management stations even when those traps are not configured to be sent to those stations.

There are no known workarounds.

CSCsg48884

When Subscriber Account Management Interface Specification (SAMIS) cable metering is configured for streaming every 15 minutes, the Cisco uBR router streams twice within a 15 minutes period.

This issue occurs in Cisco OS Release 12.3(17a)BC2.

There are no known workarounds.
CSCsh11476
The Cisco uBR7100 series router crashes with the following the watchdog timeout message:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = CMTS 
METERING EXPORT Process. 
The issue occurs after a Subscriber Account Management Interface Specification (SAMIS) outage. When the SAMIS server is down, the Cisco uBR router is supposed to hold a file in flash and then send one update when the server is back online. However, when the server came back online, the router crashed when reading/writing a file to flash.

There are no known workarounds.
CSCsh73925

A Cisco CMTS may lose ip connectivity to CM/CPE devices after removing a secondary IP address on a cable or bundle interface.

Removing a secondary ip address causes all ARP entries (associated with primary ip address and remaining secondary ip addresses) on that bundle interface to be deleted. Until the ARP table is rebuilt there could be loss of ip connectivity.

Workaround: Ensure that secondary IP addresses are removed during a maintenance window.

Another potential workaround would be to segment the CMTS into smaller cable interface bundle groups or to use separate subinterfaces so that a lower number of modems and CPE ARP entries are linked to each subinterface.

CSCsd95616

Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml.

CSCsh29217

Cisco 10000, uBR10012 and uBR7200 series devices use a User Datagram Protocol (UDP) based Inter-Process Communication (IPC) channel that is externally reachable. An attacker could exploit this vulnerability to cause a denial of service (DoS) condition on affected devices. No other platforms are affected.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-ipc.shtml.
Open Caveats for Release 12.3(17b)BC5

Table 47 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(17b)BC5 release.
Table 47 Open Caveats for Cisco OS Release 12.3(17b)BC5
DDTS ID Number

Description
CSCed62867
After a cable modem termination system (CMTS) reload, the following error message is logged:
BAD/WRONG BCM3138 FFT 
This issue occurs when there is a spectrum management configuration on an MC28U card.

Workaround: No manual workaround is required; Fast Fourier Transform (FFT) data collection continues working after the error is logged.
CSCeh33888

A Cisco uBR7100 series router reloads with the last reset from the watchdog reset.

This issue occurs on a router that has an NPE-G1 processor board and is running Cisco IOS Release 12.3(9a)BC.

There are no known workarounds.

CSCej87157

All e911 calls are rejected if downstream (DS) bandwidth is saturated, even though upstream (US) bandwidth is still available.

Workaround: Stop running applications manually to free up DS bandwidth; no automatic DS bandwidth preemption occurs.

CSCej89390

On a Cisco uBR cable modem termination system (CMTS) platform with MC28U/MC16U cable line cards, if a CLC interface has a bundle slave configured on it and the interface bundle slave is brought in/out of the bundle slave configuration, CMTS features such as cable source-verify dhcp and cable arp, do not work properly.

There are no known workarounds.

CSCek38944

Support for the CISCO-DOCS-QOS_EXT-MIB has been removed from the Cisco uBR7100 platform.

CSCek43268

You can now delete a quality of service (QoS) profile that is being used by a cable modem.

CSCek43887

When the src-ip field of a Confirmation to Receive (CFR) is edited, the tunnel statistics do not get reset and retain the statistics of the previous flow.

There are no known workarounds.

CSCsb27648

Multiple Qos_reserve Qos_commits occur on a RADIUS packet while intercepting packets in PacketCable.

This issue occurs when the cable modem termination system (CMTS) is configured for PacketCable and the Gate_set needs to be received.

There are no known workarounds.

CSCsc63687

On a Cisco uBR series cable modem termination system (CMTS), when service flows are generated for multicast traffic through the use of the cable and bundle interface cable match address command, the docsQosMIBObjects Simple Network Management Protocol (SNMP) objects do not report details of the multicast service flows.

Workaround: Revert to the use of the Cisco IOS Command Line Interface to gather statistics on multicast service flows.

CSCsc86355

When customer premises equipment (CPE) devices are joining and leaving multicast groups on a bundle interface at a very fast rate, and the show interface bundle x multicast command is issued, an alignment error or a bus error reload occurs.

There are no known workarounds.

CSCsd26691

When tmda-atmda docsis mode is configured on the interface, the current reserved value shown on the admission control command is incorrect.

This issue occurs whenever tdma-atdma mode is configured.

There are no known workarounds.

CSCsd30267

The Authentication, Authorization, and Accounting (AAA) per user process is holding memory, and the router is running out of memory.

This issue occurs on a Cisco uBR7114E router running Cisco IOS Release 12.3(13a)BC2 with PPP over Ethernet (PPPOE) dialing and dynamic access control lists (ACLs).

There are no known workarounds.

CSCsd39821

The VID data in the entPhysicalHardwareRev MIB displays the wrong value if the data field in EEPROM is missing.

This issue affects the Entity MIB in all Cisco uBR7100 software releases if the VID data field is not programmed.

There are no known workarounds.

CSCsd39843

The entPhysicalSoftwareRev and entPhysicalMfgName MIBs for the Cisco uBR7100-I/O-2FE/E controller card display the wrong data.

This issue affects the Entity MIB for the Cisco uBR7100 software releases

There are no known workarounds.

CSCsd40636

The show ip vrf ? command does not display the WORD option, and the show inventory raw ? does not display options at all.

There are no known workarounds.

CSCsd59963

The IP ToS/DSCP byte is always set to 0x00 for PacketCable CALEA replicated packets, even when original packets have a higher value.

There are no known workarounds.

CSCsd80421

The cdxBWQueueTable and cdxBWQueueEntry MIB variables should return information about all upstream bandwidth request queues on a Cisco uBR series cable modem termination system (CMTS). However, only information about the Committed Information Rate (CIR) and the existent Tiered Best Effort (TBE) queue is available.

There are no known workarounds.

CSCsd84554

The not in service quality of service (QoS) profile can be enforced to the modem using the cdxCmtsCmQosProfile MIB, but the not in service QoS profile cannot be enforced to the modem using the CLI.

There are no known workarounds.

CSCse06619

When changing a bundle member from one bundle to another, the service class information is not displayed in the show cable dsg tunnel no statistics command.

There are no known workarounds.

CSCse11646

Spurious memory access occurs when monitoring MAC packets with the DOCSIS Set-Top Gateway (DSG) configuration.

There are no known workarounds.

CSCse14247

The cable quality of service (QoS) profile that is created using the cdxCmtsCmQosProfile MIB can be modified or deleted when the profile is active and in use by modems.

There are no known workarounds.

CSCse33368

The router reloads and comes back up with following message:

This service class has not been configured yet.

Decoded information appears as etext for all the values, which points to possible corrupted crash information.

There are no known workarounds

CSCse56676

Some traps are sent to Simple Network Management Protocol (SNMP) management stations even when those traps are not configured to be sent to those stations.

There are no known workarounds.

CSCse77050

On a Cisco uBR series cable modem termination system (CMTS), the defaults for the cable upstream us-channel admission-control percentage command have changed from enforcing over subscription to 100% of the available upstream bandwidth, to not enforcing any over subscription level. In addition, if the cable upstream us-channel admission-control 100 command is configured, the command is not properly saved and is not maintained after a CMTS reload.

Workaround: If upstream channel over subscription enforcement for minimum reserved rate services is desired at 100% of upstream bandwidth, then manually configure a slightly different value. For example: cable upstream us-channel admission-control 99.
CSCse95886
When you use the no cable admission-control us-bandwidth service-class name command to disable Admission Control upstream bandwidth for a non-existing service class, duplicate error messages are generated stating:
This service class has not been configured yet.
There are no known workarounds.
CSCsg13683

Dynamic Service Change (DSC) refresh messages cause out-of-order downstream (DS) voice packets.

There are no known workarounds.

CSCsg15473

The bandwidth reservation level numbers that are reported by the show interface cable x/y mac-scheduler command output are inconsistent across traffic types.

There are no known workarounds.

CSCsg46637

When an invalid DSX (Dynamic Service Addition (DSA), Dynamic Service Deletion (DSD), or Dynamic Service Change (DSC)) message is received, only a vague message is printed out.

There are no known workarounds.

CSCsg48884

When Subscriber Account Management Interface Specification (SAMIS) cable metering is configured for streaming every 15 minutes, the Cisco uBR router streams twice within a 15 minutes period.

This issue occurs in Cisco OS Release 12.3(17a)BC2.

There are no known workarounds.

CSCsg84570

When interface bundle X is entered in configuration mode, the cable modem termination system (CMTS) crashes.

There are no known workarounds.

CSCsg84837

When Internetwork Packet Exchange (IPX) packets are sent to cable upstream, the ifInUnknownPkts for upstream counter value remains "0. "

There are no known workarounds.
CSCsh11476
The Cisco uBR7100 series router crashes with the following the watchdog timeout message:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = CMTS 
METERING EXPORT Process. 
The issue occurs after a Subscriber Account Management Interface Specification (SAMIS) outage. When the SAMIS server is down, the Cisco uBR router is supposed to hold a file in flash and then send one update when the server is back online. However, when the server came back online, the router crashed when reading/writing a file to flash.

There are no known workarounds.
CSCsh32153

A Cisco uBR7100 series router experiences a memory leak in either the Simple Network Management Protocol (SNMP) on the NPE400 or NPE-G1 engine, or on the Mc28x line card in the CR10k Request di process. Both leaks appear to be identical.

Workaround: Reload the NPE and line card.
CSCsh40987
A Cisco uBR7100 series router with NPE-G1 crashes with a software-forced crash after memory corruptions. A log entry similar to the following is reported:
Nov 24 11:08:57.204: validblock_diagnose, code = 10  
Nov 24 11:08:57.204: current memory block, bp = 0x64346C38, memory pool 
type is Processor  
Nov 24 11:08:57.204: data check, ptr = 0x64346C60  
Nov 24 11:08:57.204: next memory block, bp = 0x64347064, memory pool 
type is Processor  
Nov 24 11:08:57.204: data check, ptr = 0x6434708C  
Nov 24 11:08:57.204: previous memory block, bp = 0x64346BF4, memory 
pool type is Processor 
.....
There are no known workarounds.
Resolved Caveats for Release 12.3(17b)BC5

Table 48 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(17b)BC5 release.
Table 48 Resolved Caveats for Cisco OS Release 12.3(17b)BC5
DDTS ID Number

Description
CSCeh09964
A Performance Routing Engine (PRE) crashes after the following error message:
OVERLAPIP_CM 
There are no known workarounds.
CSCsb12598

Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

Cisco IOS is affected by the following vulnerabilities:

Processing ClientHello messages, documented as Cisco bug ID CSCsb12598

Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304

Processing Finished messages, documented as Cisco bug ID CSCsd92405

Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.

Note Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.

A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.

CSCsb40304

Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

Cisco IOS is affected by the following vulnerabilities:

Processing ClientHello messages, documented as Cisco bug ID CSCsb12598

Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304

Processing Finished messages, documented as Cisco bug ID CSCsd92405

Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.

Note Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.

A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.

CSCsd92405

Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

Cisco IOS is affected by the following vulnerabilities:

Processing ClientHello messages, documented as Cisco bug ID CSCsb12598

Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304

Processing Finished messages, documented as Cisco bug ID CSCsd92405

Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.

Note Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.

A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
CSCek66392
A Performance Routing Engine (PRE) crashes after the following error message:
OVERLAPIP_CM 
There are no known workarounds.
CSCsc53225

If the connection between a PacketCable Call Management Server (CMS) and the cable modem termination system (CMTS) is not completely established, and the CMS does not correctly terminate the session by sending a Transmission Control Protocol FIN packet, the connection will still show up as a COPS server in the show cops server command output. This server entry is not removed unless the clear tcp tcb command is entered to remove the TCP connection.

There are no known workarounds.

CSCsc72722

Transmission Control Protocol (TCP) connections that are opened through a Cisco IOS Firewall (Context-Based Access Control (CBAC)) do not timeout.

This issue occurs when the Cisco IOS Firewall (CBAC) is enabled because the TCP idle timer for a session can be reset even by TCP packets that fail TCP inspection and are subsequently dropped. This situation can lead to the TCP session not timing out.

There are no known workarounds.

CSCsc95014

A Cisco router makes alignment corrections as depicted in the show align EXEC command output.

This issue occurs on a Cisco uBR7100 router running Cisco IOS Release 12.2(15)BC2i.

There are no known workarounds

CSCsd92405

A router crashes when receiving multiple malformed Transparent LAN Service (TLS) and/or Secure Socket Layer (SSL) 3 finished messages. A valid username and password are not required for the crash to occur.

This issue occurs when a router has an Hypertext Transport Protocol (HTTP) secure server enabled and has an open, unprotected HTTP port.

Workaround: There are no known workarounds. You can minimize the chances of the condition occurring by permitting only legitimate hosts to access HTTP on the router.

CSCse78507

Packets are delayed at the cable interface if rate-limiting is used.

Workaround: Remove the cable downstream rate-limit token-bucket shaping max-delay command.

CSCsf07847

Specifically crafted Cisco Discovery Protocol (CDP) packets can cause a router to allocate and keep extra memory. Exploitation of this behavior by sending multiple specifically crafted CDP packets could cause memory allocation problems on the router. Since CDP is a layer-2 protocol, this issue can only be triggered by systems that are residing on the same network segment.

This issue can occur when the CDP packet header length is lesser than predefined header length(4 bytes).

Workaround: Disable CDP on interfaces where it is not necessary.

CSCsg16908

Multiple vulnerabilities exist in the Cisco IOS File Transfer Protocol (FTP) Server feature. These vulnerabilities include Denial of Service, improper verification of user credentials and the ability to read or write any file in the device's file system, including the device's saved configuration, which may include passwords or other sensitive information.

The Cisco IOS FTP Server is an optional service that is disabled by default. Devices that are not specifically configured to enable the Cisco IOS FTP Server service are unaffected by these vulnerabilities.

This vulnerability does not apply to the Cisco IOS FTP Client feature.

This advisory is posted at

http://www.cisco.com/warp/public/707/cisco-sa-20070509-iosftp.shtml.

CSCsg17896

On a Cisco uBR7100 series cable modem termination system (CMTS), when downstream load balancing between the MC28U and legacy MC16C/MC28C line cards occurs, load balancing can take a very long time to successfully move modems between the two types of interfaces.

There are no known workarounds.

CSCsg21480

A Cisco uBR7100 series router running Cisco IOS Release 12.3(9a)BC6 crashes due to a divide-by-zero exception. In addition, some spurious access is recorded.

This issue occurs on a router configured for the Simple Network Management Protocol (SNMP).

Workaround: Turn off the SNMP server.

CSCsg58428

If Baseline Privacy Interface (BPI) is enabled and the test cable dcc command is issued with init technique 1-4, the cable modem (CM) cannot be moved in the same upstream. The CM still shows online(pt) on the cable modem termination system (CMTS), but the CM is not pingable at all.

Note that if BPI is disabled, or if init technique 0 is used, the CM remains pingable. The problem also does not occur if the CM is moved to another upstream (US) other than the current one.

Workaround: Disable BPI, use init tech 0, or move the CM to another US than the current one.

CSCsg67542

The new lb_us_across_ds policy uses the DS LB group method to compare the upstream (US) load across the downstream (DS) and pick the target DS. The criteria to select the target DS and US are different. The US LB group method should be used to search for a target interface.

CSCsg70355

Starting in calendar year 2007, daylight savings summer-time rules may cause Cisco IOS to generate timestamps (such as in syslog messages) that are off by one hour.

The issue occurs because the Cisco IOS clock summer-time zone recurring configuration command uses the United States standards for daylight savings time rules by default. The Energy Policy Act of 2005 (H.R.6.ENR), Section 110 changes the start date from the first Sunday of April to the second Sunday of March. It changes the end date from the last Sunday of October to the first Sunday of November.

Workaround: Use the clock summer- time configuration command to manually configure the proper start date and end date for daylight savings time.

Note that using Network Time Protocol (NTP) is not a workaround to this problem. NTP does not carry any information about time zones or summertime.

CSCsg70555

When frequency stacking and pre-equalization are enabled on the stack upstreams, certain mod profile settings can cause modems to get stuck in the init() state.

This issue occurs because the stack upstreams have different settings, especially different mod profiles, and leads to incorrect programming of the PHY chip device.

Workaround: Use the same modulation profile on the frequency stacked upstreams.

CSCsg80513

Traceback occurs on the changing bundle associated with the cable interface.

There are no known workarounds.

CSCsg83603

The downstream frequency on internal upconverter based line cards cannot be set to a fine enough granularity for Harmonically Related Carrier (HRC)/ Incrementally Related Carrier (IRC) channel plans.

All cable modem termination system (CMTS) line cards with internal upconverters (MC520, MC28u, MC16u) must support HRC channel plans. These plans require the ability to set offset frequencies to a resolution of at least 25 kHz or better. We need to restore the 12.5 kHz resolution on our internal line cards to allow customers who have HRC channel plans to bring cable modems online.

Workaround: Select a frequency as close to the HRC channel as possible and most modems should lock. If the modem does not lock, then use an IF based line card to an external upconverter that supports HRC/IRC channel frequencies.

CSCsg91843

The cable modem is not load balanced on the last upstream.

This issue occurs because the downstream (DS) load balancing is following a different card (policy us-groups-across-ds).

Workaround: Enter the test cable DCC command to move the modem
Open Caveats for Release 12.3(17b)BC4

Table 49 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(17b)BC4 release.
Table 49 Open Caveats for Cisco IOS Release 12.3(17b)BC4
DDTS ID Number

Description
CSCed62867
After a cable modem termination system (CMTS) reload, the following error message is logged:
BAD/WRONG BCM3138 FFT 
This issue occurs when there is a spectrum management configuration on an MC28U card.

Workaround: No manual workaround is required; Fast Fourier Transform (FFT) data collection continues working after the error is logged.
CSCeh33888

A Cisco router reloads with the last reset from a watchdog reset.

This issue occurs on a router that is running Cisco IOS Release 12.3(9a)BC.

There are no known workarounds.

CSCej87157

All e911 calls are rejected if downstream (DS) bandwidth is saturated, even though upstream (US) bandwidth is still available.

Workaround: Stop running applications manually to free up DS bandwidth; no automatic DS bandwidth preemption occurs.

CSCej89390

On a Cisco uBR cable modem termination system (CMTS) platform with MC28U/MC16U cable line cards, if a CLC interface has a bundle slave configured on it and the interface bundle slave is brought in/out of the bundle slave configuration, CMTS features such as cable source-verify dhcp and cable arp, do not work properly.

There are no known workarounds.

CSCek43268

You can now delete a quality of service (QoS) profile that is being used by a cable modem.

CSCek43887

When the src-ip field of a Confirmation to Receive (CFR) is edited, the tunnel statistics do not get reset and retain the statistics of the previous flow.

There are no known workarounds.

CSCsa53610

The router fails to come up in Route Processor Redundancy (RPR) mode.

This issue is caused by the fix for CSCef64718, which moved the time point of posting PEER_COMM loss at switchover.

There are no known workarounds.
CSCsa63516
The following traceback occurs during a test run, which includes maximum concurrent active voice calls on all upstreams with data traffic injected from the customer premises equipment (CPE) behind the cable modem:
SLOT 3/0: Feb 14 10:11:00.114 EST: %SCHED-3-STUCKMTMR: Sleep with 
expired managed timer 62C7942C, time 0x31FB2BFC (00:00:00 ago). 
-Process= "Dynamic Services Timer Process", ipl= 4, pid= 37 
-Traceback= 60327044 6032749C 60447AE4
The traceback occurs only when the offered load (voice + data) exceeds the maximum bandwidth available on the upstreams.

There are no known workarounds.
CSCsb27648

Multiple Qos_reserve Qos_commits occur on a RADIUS packet while intercepting packets in PacketCable.

This issue occurs when the cable modem termination system (CMTS) is configured for PacketCable and the Gate_set needs to be received.

There are no known workarounds.

CSCsc27292

Integrated customer premises equipment (CPE) inside of certain brands of cable modems and set-top box units are unable to acquire an IP address using the Cisco uBR cable modem termination system (CMTS).

The issue occurs when cable interface bundling is configured on Cisco IOS Release 12.3(13a)BC, but not in earlier Cisco IOS releases.

Workaround: Revert to an earlier release of Cisco IOS for the Cisco uBR CMTS, or un-configure cable interface bundling.

CSCsc63687

On a Cisco uBR series cable modem termination system (CMTS), when service flows are generated for multicast traffic through the use of the cable and bundle interface cable match address command, the docsQosMIBObjects Simple Network Management Protocol (SNMP) objects do not report details of the multicast service flows.

Workaround: Revert to the use of the Cisco IOS Command Line Interface to gather statistics on multicast service flows.

CSCsc86355

When customer premises equipment (CPE) devices are joining and leaving multicast groups on a bundle interface at a very fast rate, and the show interface bundle x multicast command is issued, an alignment error or a bus error reload occurs.

There are no known workarounds.

CSCsc95014

A Cisco router makes alignment corrections as depicted in the show align EXEC command output.

This issue occurs on a Cisco uBR7100 router running Cisco IOS Release 12.2(15)BC2i.

There are no known workarounds.

CSCsd26691

When tmda-atmda docsis mode is configured on the interface, the current reserved value shown on the admission control command is incorrect.

This issue occurs whenever tdma-atdma mode is configured.

There are no known workarounds.

CSCsd30267

The Authentication, Authorization, and Accounting (AAA) per user process is holding memory, and the router is running out of memory.

This issue occurs on a Cisco uBR7114E router running Cisco IOS Release 12.3(13a)BC2 with PPP over Ethernet (PPPOE) dialing and dynamic access control lists (ACLs).

There are no known workarounds.

CSCsd30319

Modems get stuck in the init(o) state following an online insertion and removal (OIR) operation if the replacement card type is not identical to the original card.

This issue is related to virtual interface bundling, and only occurs on interfaces that are members of a cable bundle.

Workaround: Reboot the router.

CSCsd39821

The VID data in entPhysicalHardwareRev MIB displays the wrong value if the data field in EEPROM is missing.

This issue affects the Entity MIB in all Cisco uBR7100 software releases if the VID data field is not programmed.

There are no known workarounds.

CSCsd39843

The entPhysicalSoftwareRev and entPhysicalMfgName MIBs for the Cisco uBR7100-I/O-2FE/E controller card display the wrong data.

This issue affects the Entity MIB for the Cisco uBR7100 software releases

There are no known workarounds.

CSCsd40636

The show ip vrf ? command does not display the WORD option, and the show inventory raw ? does not display options at all.

There are no known workarounds.

CSCsd59963

The IP ToS/DSCP byte is always set to 0x00 for PacketCable CALEA replicated packets, even when original packets have a higher value.

There are no known workarounds.

CSCsd80421

The cdxBWQueueTable and cdxBWQueueEntry MIB variables should return information about all upstream bandwidth request queues on a Cisco uBR series cable modem termination system (CMTS). However, only information about the Committed Information Rate (CIR) and the existent Tiered Best Effort (TBE) queue is available.

There are no known workarounds.

CSCsd84554

The not in service quality of service (QoS) profile can be enforced to the modem using the cdxCmtsCmQosProfile MIB, but the not in service QoS profile cannot be enforced to the modem using the CLI.

There are no known workarounds.

CSCse06619

When changing a bundle member from one bundle to another, the service class information is not displayed in the show cable dsg tunnel no statistics command.

There are no known workarounds.

CSCse11646

Spurious memory access occurs when monitoring MAC packets with the DOCSIS Set-Top Gateway (DSG) configuration.

There are no known workarounds.

CSCse14247

The cable quality of service (QoS) profile that is created using the cdxCmtsCmQosProfile MIB can be modified or deleted when the profile is active and in use by modems.

There are no known workarounds.

CSCse33368

The router reloads and comes back up with following message:

This service class has not been configured yet.

Decoded information appears as etext for all the values, which points to possible corrupted crash information.

There are no known workarounds.

CSCse77050

On a Cisco uBR series cable modem termination system (CMTS), the defaults for the cable upstream us-channel admission-control percentage command have changed from enforcing over subscription to 100% of the available upstream bandwidth, to not enforcing any over subscription level. In addition, if the cable upstream us-channel admission-control 100 command is configured, the command is not properly saved and is not maintained after a CMTS reload.

Workaround: If upstream channel over subscription enforcement for minimum reserved rate services is desired at 100% of upstream bandwidth, then manually configure a slightly different value. For example: cable upstream us-channel admission-control 99.

CSCse78507

Packets are delayed at the cable interface if rate-limiting is used.

Workaround: Remove the cable downstream rate-limit token-bucket shaping max-delay command.
CSCse95886
When you use the no cable admission-control us-bandwidth service-class name command to disable Admission Control upstream bandwidth for a non-existing service class, duplicate error messages are generated stating:
This service class has not been configured yet.
There are no known workarounds.
CSCse96237

The build image with the fix for CSCse80641 causes the ubr7100-p-mz image build to fail.

There are no known workarounds.

CSCsf31427

The Call Forward No Answer (CFNA) feature does not work on Cisco uBR7100 series routers after the CSCsb27648 fix is added.

There are no known workarounds.

CSCsg13683

Dynamic Service Change (DSC) refresh messages cause out-of-order downstream (DS) voice packets.

There are no known workarounds.

CSCsg15473

The bandwidth reservation level numbers that are reported by the show interface cable x/y mac-scheduler command output are inconsistent across traffic types.

There are no known workarounds.

CSCsg17896

On a Cisco uBR7100 series cable modem termination system (CMTS), when downstream load balancing between the MC28U and legacy MC16C/MC28C line cards occurs, load balancing can take a very long time to successfully move modems between the two types of interfaces.

There are no known workarounds.

CSCsg21480

A Cisco uBR7100 series router running Cisco IOS Release 12.3(9a)BC6 crashes due to a divide-by-zero exception. In addition, some spurious access is recorded.

This issue occurs on a router configured for the Simple Network Management Protocol (SNMP).

Workaround: Turn off the SNMP server.
Resolved Caveats for Release 12.3(17b)BC4

Table 50 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(17b)BC4 release.

Table 50 Resolved Caveats for Cisco OS Release 12.3(17b)BC4

DDTS ID Number

Description

CSCsg34910

Support was added to allow load balancing to even out upstream (US) load balancing (LB) group members.

Open Caveats for Release 12.3(17b)BC3

Table 51 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(17b)BC3 release.
Table 51 Open Caveats for Cisco IOS Release 12.3(17b)BC3
DDTS ID Number

Description
CSCed62867
After a cable modem termination system (CMTS) reload, the following error message is logged:
BAD/WRONG BCM3138 FFT 
This issue occurs when there is a spectrum management configuration on an MC28U card.

Workaround: No manual workaround is required; Fast Fourier Transform (FFT) data collection continues working after the error is logged.
CSCeh33888

A Cisco router reloads with the last reset from a watchdog reset.

This issue occurs on a router that is running Cisco IOS Release 12.3(9a)BC.

There are no known workarounds.

CSCej87157

All e911 calls are rejected if downstream (DS) bandwidth is saturated, even though upstream (US) bandwidth is still available.

Workaround: Stop running applications manually to free up DS bandwidth; no automatic DS bandwidth preemption occurs.

CSCej89390

On a Cisco uBR cable modem termination system (CMTS) platform with MC28U/MC16U cable line cards, if a CLC interface has a bundle slave configured on it and the interface bundle slave is brought in/out of the bundle slave configuration, CMTS features, such as cable source-verify dhcp and cable arp, do not work properly.

There are no known workarounds.

CSCek43268

You can now delete a quality of service (QoS) profile that is being used by a cable modem.

CSCek43887

When the src-ip field of a Confirmation to Receive (CFR) is edited, the tunnel statistics do not get reset and retain the statistics of the previous flow.

There are no known workarounds.

CSCsa53610

The router fails to come up in Route Processor Redundancy (RPR) mode.

This issue is caused by the fix for CSCef64718, which moved the time point of posting PEER_COMM loss at switchover.

There are no known workarounds.
CSCsa63516
The following traceback occurs during a test run, which includes maximum concurrent active voice calls on all upstreams with data traffic injected from the customer premises equipment (CPE) behind the cable modem:
SLOT 3/0: Feb 14 10:11:00.114 EST: %SCHED-3-STUCKMTMR: Sleep with 
expired managed timer 62C7942C, time 0x31FB2BFC (00:00:00 ago). 
-Process= "Dynamic Services Timer Process", ipl= 4, pid= 37 
-Traceback= 60327044 6032749C 60447AE4
The traceback occurs only when the offered load (voice + data) exceeds the maximum bandwidth available on the upstreams.

There are no known workarounds.
CSCsb27648

Multiple Qos_reserve Qos_commits appear on a RADIUS packet when intercepting packets in PacketCable.

This issue occurs when the cable modem termination system (CMTS) is configured for PacketCable and the Gate_set needs to be received.

There are no known workarounds.

CSCsc27292

Integrated customer premises equipment (CPE) inside of certain brands of cable modems and set-top box units are unable to acquire an IP address using the Cisco uBR cable modem termination system (CMTS).

The issue occurs when cable interface bundling is configured on Cisco IOS Release 12.3(13a)BC, but not in earlier Cisco IOS releases.

Workaround: Revert to an earlier release of Cisco IOS for the Cisco uBR CMTS, or un-configure cable interface bundling.

CSCsc63687

On a Cisco uBR series cable modem termination system (CMTS), when service flows are generated for multicast traffic through the use of the cable and bundle interface cable match address command, the docsQosMIBObjects Simple Network Management Protocol (SNMP) objects do not report details of the multicast service flows.

Workaround: Revert to the use of the Cisco IOS Command Line Interface to gather statistics on multicast service flows.

CSCsc86355

When customer premises equipment (CPE) devices are joining and leaving multicast groups on a bundle interface at a very fast rate, and the show interface bundle x multicast command is issued, an alignment error or a bus error reload occurs.

There are no known workarounds.

CSCsc95014

A Cisco router makes alignment corrections as depicted in the show align EXEC command output.

This issue occurs on a Cisco uBR7100 router running Cisco IOS Release 12.2(15)BC2i.

There are no known workarounds.

CSCsd26691

When tmda-atmda docsis mode is configured on the interface, the current reserved value shown on the admission control command is incorrect.

This issue occurs whenever tdma-atdma mode is configured.

There are no known workarounds.

CSCsd30267

The Authentication, Authorization, and Accounting (AAA) per user process is holding memory, and the router is running out of memory.

This issue occurs on a Cisco uBR7114E router running Cisco IOS Release 12.3(13a)BC2 with PPP over Ethernet (PPPOE) dialing and dynamic access control lists (ACLs).

There are no known workarounds.

CSCsd30319

Modems get stuck in the init(o) state following an online insertion and removal (OIR) operation if the replacement card type is not identical to the original card.

This issue is related to virtual interface bundling, and only occurs on interfaces that are members of a cable bundle.

Workaround: Reboot the router.

CSCsd39821

The VID data in entPhysicalHardwareRev MIB displays the wrong value if the data field in EEPROM is missing.

This issue affects the Entity MIB in all Cisco uBR7100 software releases if the VID data field is not programmed.

There are no known workarounds.

CSCsd39843

The entPhysicalSoftwareRev and entPhysicalMfgName MIBs for the Cisco uBR7100-I/O-2FE/E controller card display the wrong data.

This issue affects the Entity MIB for the Cisco uBR7100 software releases

There are no known workarounds.

CSCsd40636

The show ip vrf ? command does not display the WORD option, and the show inventory raw ? does not display options at all.

There are no known workarounds.

CSCsd59963

The IP ToS/DSCP byte is always set to 0x00 for PacketCable CALEA replicated packets, even when original packets have a higher value.

There are no known workarounds.

CSCsd80421

The cdxBWQueueTable and cdxBWQueueEntry MIB variables should return information about all upstream bandwidth request queues on a Cisco uBR series cable modem termination system (CMTS). However, only information about the Committed Information Rate (CIR) and the existent Tiered Best Effort (TBE) queue is available.

There are no known workarounds.

CSCsd84554

The not in service quality of service (QoS) profile can be enforced to the modem using the cdxCmtsCmQosProfile MIB, but the not in service QoS profile cannot be enforced to the modem using the CLI.

There are no known workarounds.

CSCse06619

When changing a bundle member from one bundle to another, the service class information is not displayed in the show cable dsg tunnel no statistics command.

There are no known workarounds.

CSCse11646

Spurious memory access occurs when monitoring MAC packets with the DOCSIS Set-Top Gateway (DSG) configuration.

There are no known workarounds.

CSCse14247

The cable quality of service (QoS) profile that is created using the cdxCmtsCmQosProfile MIB can be modified or deleted when the profile is active and in use by modems.

There are no known workarounds.

CSCse33368

The router reloads and comes back up with following message:

Last reset from watchdog nmi System was restarted by watchdog timer expired

Decoded information appears as etext for all the values, which points to possible corrupted crash information.

There are no known workarounds.

CSCse77050

On a Cisco uBR series cable modem termination system (CMTS), the defaults for the cable upstream us-channel admission-control percentage command have changed from enforcing over subscription to 100% of the available upstream bandwidth, to not enforcing any over subscription level. In addition, if the cable upstream us-channel admission-control 100 command is configured, the command is not properly saved and is not maintained after a CMTS reload.

Workaround: If upstream channel over subscription enforcement for minimum reserved rate services is desired at 100% of upstream bandwidth, then manually configure a slightly different value. For example: cable upstream us-channel admission-control 99.

CSCse78507

Packets are delayed at the cable interface if rate-limiting is used.

Workaround: Remove the cable downstream rate-limit token-bucket shaping max-delay command.
CSCse95886
When you use the no cable admission-control us-bandwidth service-class name command to disable Admission Control upstream bandwidth for a non-existing service class, duplicate error messages are generated stating:
This service class has not been configured yet.
There are no known workarounds.
CSCse96237

The build image with the fix for CSCse80641 causes the ubr7100-p-mz image build to fail.

There are no known workarounds.

CSCsf31427

The Call Forward No Answer (CFNA) feature does not work on Cisco uBR7100 series routers after the CSCsb27648 fix is added.

There are no known workarounds.

CSCsg13683

Dynamic Service Change (DSC) refresh messages cause out-of-order downstream (DS) voice packets.

There are no known workarounds.

CSCsg15473

The bandwidth reservation level numbers that are reported by the show interface cable x/y mac-scheduler command output are inconsistent across traffic types.

There are no known workarounds.

CSCsg17896

On a Cisco uBR7100VXR series cable modem termination system (CMTS), when downstream load balancing between the MC28U and legacy MC16C/MC28C line cards occurs, load balancing can take a very long time to successfully move modems between the two types of interfaces.

There are no known workarounds.

CSCsg21480

A Cisco uBR7100 series router running Cisco IOS Release 12.3(9a)BC6 crashes due to a divide-by-zero exception. In addition, some spurious access is recorded.

This issue occurs on a router configured for the Simple Network Management Protocol (SNMP).

Workaround: Turn off the SNMP server.
Resolved Caveats for Release 12.3(17b)BC3

Table 52 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(17b)BC3 release.
Table 52 Resolved Caveats for Cisco IOS Release 12.3(17b)BC3
DDTS ID Number

Description

CSCeb54486

A router running Cisco IOS Release 12.2(11)BC3, PRE A crashes due to a bus error, but the active Performance Routing Engine (PRE) doesn't switchover to PRE B.

This issue occurs when the show snmp sessions command is executed.

Workaround: Do not execute the show snmp sessions command.
CSCee27341
The router experiences a software-forced crash (memory corruption in snmp) after executing the following command:
no snmp-server host xx.xx.xx.xx public
There are no known workarounds other than not using the no snmp-server host command.
CSCei93982

The router crashes unexpectedly because of Network Address Translation (NAT) source and destination port handling.

This issue occurs when NAT is enabled and an application uses two well-known ports: one for the source, and the other for destination. The outgoing translation is created, but on the return trip, because NAT is using the previous source port as the destination, NAT may use the incorrect algorithm. For example, if a Point-to-Point Tunneling Protocol (PPTP) session is initiated to the well-known port 1723 from source port 21 for the File Transfer Protocol (FTP), then the outgoing packet will create an FTP translation (because source information is examined in the outgoing direction). When the packet is returned, the source information is examined again to determine its packet type. In this case, because the source port is 1723, NAT assumes this is a PPTP packet and attempts to perform PPTP NAT operations on the data structure that NAT built for an FTP packet. This condition can lead to a router crash.

There are no known workarounds.

CSCek26492

Symptoms: A router may crash if it receives a packet with a specific crafted IP option as detailed in Cisco Security Advisory: Crafted IP Option Vulnerability:

http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml

Conditions: This DDTS resolves a symptom of CSCec71950. Cisco IOS with this specific DDTS are not at risk of crash if CSCec71950 has been resolved in the software.

Workaround: Cisco IOS versions with the fix for CSCec71950 are not at risk for this issue and no workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory: Crafted IP Option Vulnerability for workaround information:

http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml

CSCek41538

Traceback occurs at the cable modem termination system (CMTS) when Network Address Translation (NAT) is configured and DOCSIS Set-Top Gateway (DSG) traffic is sent in upstream (US) and downstream (DS) directions.

There are no known workarounds.

CSCsb24406

With Cisco IOS Release 12.3(13)BC, a MAC address-based cable monitor does not show packets from service identifiers (SIDs) other than the primary.

This functionality no longer works on legacy line cards.

There are no known workarounds.

CSCsc19010

A Gate-Set is sent to the cable modem termination system (CMTS), but no response is received.

This issue occurs when modifying a Gate.

There are no known workarounds.

CSCsc36824

A Cisco router reloads unexpectedly due to a bus error exception. The crashinfo shows a translational bridging (TLB) (load or instruction fetch) exception.

This issue occurs with Network Address Translation (NAT) H.323 slow start calls.

Workaround: The unexpected reload does not occur when using H.323 FastStart.

CSCsc60249

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

•Session Initiation Protocol (SIP)

•Media Gateway Control Protocol (MGCP)

•Signaling protocols H.323, H.254

•Real-time Transport Protocol (RTP)

•Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
CSCsc69945
Cable modems that are connected to an MC28U style line card on a Cisco uBR7100 cable modem termination system (CMTS) become stuck in the init(d) state after a line card recovers from an unexpected reset.

The state appears in the show cable modem command. In addition, an error message similar to the following appears as the line card comes back online:
%PARSER-4-BADCFG: Unexpected end of configuration file.
The issue occurs only when multicast quality of service (QoS) service flows, as configured by the cable interface cable match address command, have been activated.

Workaround: Manually shut/no shut any affected cable interfaces.
CSCsc78813

While using Network Address Translation (NAT) in an overlapping network configuration, the IP address inside a Domain Name System (DNS) reply payload from the name server is not translated at the NAT router.

This issue occurs on a Cisco router that runs Cisco IOS Release 12.3(18) and that has the nat outside source command enabled. The condition can also occur in Cisco IOS Release 12.4 or Cisco IOS Release 12.4T.

There are no known workarounds.
CSCsd10009
When the debug cable privacy command is enabled, the Cisco uBR series cable modem termination system (CMTS) generates an error message similar to the following, followed by a traceback:
SLOT 5/0: Jan 18 22:12:33.320: %SCHED-2-EDISMSCRIT: Critical/high 
priority process CMTS MAC Parser may not dismiss. 
-Process= "CMTS MAC Parser", ipl= 0, pid= 43
This issue stops Baseline Privacy Interface Plus (BPI+) enabled cable modems from negotiating BPI+ encryption with the CMTS.

This issue occurs when debug is enabled and a cable modem running BPI+ tries to come online.

Workaround: Disable the debug with the no debug cable privacy command. Use an alternative debug command that produces similar, but more verbose output, the debug cable bpiatp command.
CSCsd23426

Cable modems using non-real time polling service flows with a 300ms polling interval are not allowed to register with the cable modem termination system (CMTS).

Workaround: Use a polling interval that is not 300ms; for example, 250ms has been tested and works.

CSCsd29733

Some downstream service flows experience rate limit delayed packets. These flows should not be delaying packets.

This issue usually occurs with voice calls using codex that send a higher traffic rate of around 100pps. Downstream calls for these flows may see rate limit delayed packets and rate limit dropped packets. In some cases, this degrades voice quality.

There are no known workarounds.

CSCsd58381

Processing a specially crafted IPv6 Type 0 Routing header can crash a device running Cisco IOS software. This vulnerability does not affect IPv6 Type 2 Routing header which is used in mobile IPv6. IPv6 is not enabled by default in Cisco IOS.

Cisco has made free software available to address this vulnerability for affected customers.

There are workarounds available to mitigate the effects of the vulnerability. The workaround depends on if Mobile IPv6 is used and what version on Cisco IOS is being currently used.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml

CSCsd67935

When a Dynamic Host Configuration Protocol (DHCP) BOOTREQUEST is received from customer premises equipment (CPE) that has a PPP over Ethernet (PPPoE) session open with the Cisco uBR router, the PPPoE session will be terminated once the reply is GLEANed.

Workaround: Perform the following steps:

1. Configure a static IP address on the CPE.

2. Prevent the DHCP BOOTREQUEST at the CPE.

3. If DHCP scripting is possible, prevent the reply to the CPE from the server.

CSCsd85177

Randomly, the signal-to-noise ratio (SNR) cosmetically decreases -10 dB with MC-28u and 16u/x cards.

Workaround: Turn off ingress-noise cancellation, and then immediately turn it back on again. SNR returns to normal levels.
CSCsd92344
A Cisco uBR series cable modem termination system (CMTS) generates error messages similar to the following:
%SYS-3-CPUHOG: Task is running for (2008)msecs, more than (2000)msecs 
(699/198),process = DHCPD Receive.
This message is followed by another error message similar to the following and a software-forced reload:
%UBR7100-4-FAILED_DS_SID_LOOKUP: Failed to find host in DS on int  with 
SID # 4271, IP = 10.99.82.19, MAC = 0004.1af1.c34a
This issue occurs when the cable or virtual bundle interface configuration cable source-verify dhcp command is configured, and is triggered by end hosts that have duplicate or spoofed Ethernet MAC addresses.

Workaround: Remove the dhcp portion of the cable source-verify dhcp command, and use the cable source-verify command only.
CSCse05642

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

•Session Initiation Protocol (SIP)

•Media Gateway Control Protocol (MGCP)

•Signaling protocols H.323, H.254

•Real-time Transport Protocol (RTP)

•Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCse05680

Cable modem termination system (CMTS) read-only quality of service (QoS) profiles are deleted.

This issue occurs in platforms without distributed line cards.

There are no known workarounds.

CSCse30830

After a Simple Network Management Protocol (SNMP) request on the cable modem termination system (CMTS), there is steady packet loss on the upstream path (form the modem to the voice gateway.) Even though the SNMP requests are stopped and SNMP lines are removed (using config mode) from the running configuration, the packet loss status remains until a reload of CMTS occurs.

Workaround: Perform a CMTS reload.

CSCse37931

The cable source verify leasequery-filter does not work with virtual bundling.

There are no known workarounds.

CSCse68138

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

•Session Initiation Protocol (SIP)

•Media Gateway Control Protocol (MGCP)

•Signaling protocols H.323, H.254

•Real-time Transport Protocol (RTP)

•Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCse70718

On a Cisco uBR series cable modem termination system (CMTS), cable modems on an MC28U series cable line card are unable to progress past the init(d) state on certain upstream ports.

The issue occurs after an MC28U cable line card has undergone online insertion and removal (OIR), or after the MC28U line card is unexpectedly reset. The issue occurs only when upstream connector sharing is configured. Cable modems on the numerically lowest upstream channel to share a connector can be stuck in the init(d) state.

Workaround: Reconfigure the connector sharing configuration command on affected upstreams after the line card OIR.

CSCsf04754

Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.

The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities.

Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to these vulnerabilities.

This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
CSCsf18236
With frequency stacking configured (upstreams sharing the same connector), modems fail to register on the adjacent frequency-stacking upstream. If the load-balance feature is also configured, modems have symptoms of being stuck in the init(rc) state.

Workaround:

1. Unconfigure frequency stacking, and set the connector to its default setting of:
no cable upstream 0 connector 0 shared 
no cable upstream 1 connector 0 shared 
cable upstream 0 connector 0 
cable upstream 1 connector 1 
2. Restore the frequency configuration to:
cable upstream 0 connector 0 shared 
cable upstream 1 connector 0 shared
CSCsf28321

On a Cisco uBR series cable modem termination system (CMTS), when both upstream and downstream cable modem load balancing is configured, modems can be prevented from being load balanced from one downstream to another.

The issue occurs when downstreams within a common downstream load balancing group contain many upstream load balancing groups.

Workaround: The current downstream load balancing implementation operates as follows:

A modem will only be load balanced from a source downstream and upstream to a target downstream if the following conditions are met:

•The target downstream (DS) is in the same DS load balancing (LB) group as the source downstream AND

•The target downstream has less modems connected than the source downstream AND

•There is an active upstream channel on the target in the same upstream (US) LB group as the source upstream AND that target upstream has the least number of modems connected as compared to other potential target upstreams.
CSCsg00622
Even though the fan tray is pulled out from the chassis, the output displays:
Fan x is believed to be working
This message displays regardless of the fan tray condition.

There are no known workarounds.
Open Caveats for Release 12.3(17a)BC2

Table 53 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(17a)BC2 release.
Table 53 Open Caveats for Cisco IOS Release 12.3(17a)BC2
DDTS ID Number

Description

CSCeb54486

A router that is running Cisco IOS Release 12.2(11)BC3 PRE A crashes due to a bus error, but the active Performance Routing Engine (PRE) does not switchover to PRE B.

Workaround: Do not execute the show snmp sessions command.
CSCee27341
The router experiences a software-forced crash (memory corruption in snmp) after executing the following command:
no snmp-server host xx.xx.xx.xx public 
There are no known workarounds other than not using the no snmp-server host command.
CSCeh33888

A Cisco router reloads with the last reset from a watchdog reset.

This issue occurs on a router that is running Cisco IOS Release 12.3(9a)BC.

There are no known workarounds.

CSCej87157

All e911 calls are rejected if downstream (DS) bandwidth (BW) is saturated, even though the upstream bandwidth is still available.

Workaround: Stop running applications manually to free up DS bandwidth; no automatic DS bandwidth preemption occurs.

CSCej89390

On a Cisco uBR cable modem termination system (CMTS) platform with MC28U/MC16U cable line cards, if a CLC interface has a bundle slave configured on it and the interface bundle slave is brought in/out of the bundle slave configuration, CMTS features, such as cable source-verify dhcp and cable arp, do not work properly.

There are no known workarounds.

CSCek41538

Traceback occurs at the cable modem termination system (CMTS) when Network Address Translation (NAT) is configured and DOCSIS Set-Top Gateway (DSG) traffic is sent in upstream (US) and downstream (DS) directions.

There are no known workarounds.

CSCek43268

You can now delete a quality of service (QoS) profile that is being used by a cable modem.

CSCek43887

When the src-ip field of a Confirmation to Receive (CFR) is edited, the tunnel statistics do not get reset and retain the statistics of the previous flow.

There are no known workarounds.
CSCsa63516
The following traceback occurs during a test run, which includes maximum concurrent active voice calls on all upstreams with data traffic injected from the customer premises equipment (CPE) behind the cable modem:
SLOT 3/0: Feb 14 10:11:00.114 EST: %SCHED-3-STUCKMTMR: Sleep with 
expired managed timer 62C7942C, time 0x31FB2BFC (00:00:00 ago). 
-Process= "Dynamic Services Timer Process", ipl= 4, pid= 37 
-Traceback= 60327044 6032749C 60447AE4
The traceback occurs only when the offered load (voice + data) exceeds the maximum bandwidth available on the upstreams.

There are no known workarounds.
CSCsb24406

With Cisco IOS Release 12.3(13a)BC, a MAC address-based cable monitor does not show packets from service identifiers (SIDs) other than the primary. This functionality no longer works on legacy line cards.

There are no known workarounds.

CSCsb27203

With no Best Effort (BE) traffic, Unsolicited Grant Services (UGS) traffic encroaches upstream (US) bandwidth exclusively reserved for BE data.

Workaround: Configure Admission Control (AC) exclusively for UGS traffic.

CSCsb27648

Multiple Qos_reserve Qos_commits appear on a RADIUS packet when intercepting packets in PacketCable.

This issue occurs when the cable modem termination system (CMTS) is configured for PacketCable and the Gate_set needs to be received.

There are no known workarounds.

CSCsc01244

As the number of reserved Non Real Time Polling Service (nrtPS) service flows increases on an upstream, the number of possible Voice over IP (VoIP) calls on that upstream decreases. A direct correlation between the number of reserved nrtPS flows and the number of possible VoIP calls is observed.

This issue occurs on a Cisco uBRr7100 series router running Cisco IOS Release 12.3(9a)BC2 with DOCSIS 1.1 VoIP calls and an nrtPS polling interval of 250ms.

Workarounds: Enable the Low Latency Queueing scheduler for nrtPS and/or service flows with the cable interface command: cable upstream upstream-number scheduling type [nrtps | rtps | ugs] mode llq. This scheduler mode is available in Cisco IOS Release 12.3(13a)BC and later.

CSCsc19010

A Gate-Set is sent to the cable modem termination system (CMTS), but no response is received.

This issue only occurs when modifying a Gate.

There are no known workarounds.

CSCsc63687

On a Cisco uBR series cable modem termination system (CMTS), when service flows are generated for multicast traffic through the use of the cable and bundle interface cable match address command, the docsQosMIBObjects Simple Network Management Protocol (SNMP) objects do not report details of the multicast service flows.

Workaround: Revert to the use of the Cisco IOS Command Line Interface to gather statistics on multicast service flows.
CSCsc69945
Cable modems connected to an MC28U style line card on a Cisco uBR7100 cable modem termination system (CMTS) become stuck in the init(d) state after a line card recovers from an unexpected reset.

The state appears in the show cable modem command. In addition, an error message similar to the following appears as the line card comes back online:
%PARSER-4-BADCFG: Unexpected end of configuration file.
The issue occurs only when multicast quality of service (QoS) service flows, as configured by the cable interface command cable match address, have been activated.

Workaround: Manually shut/no shut any affected cable interfaces.
CSCsc86355

When customer premises equipment (CPE) devices are joining and leaving multicast groups on a bundle interface at a very fast rate, and the show interface bundle x multicast command is issued, an alignment error or a bus error reload occurs.

There are no known workarounds.

CSCsc95014

A Cisco router makes alignment corrections as depicted in the show align EXEC command output.

This issue occurs on a Cisco uBR7100 router running Cisco IOS Release 12.2(15)BC2i.

There are no known workarounds.
CSCsd10009
When the debug cable privacy command is enabled, a Cisco uBR series cable modem termination system (CMTS) generates an error messages similar to the following, followed by a traceback:
SLOT 5/0: Jan 18 22:12:33.320: %SCHED-2-EDISMSCRIT: Critical/high 
priority process CMTS MAC Parser may not dismiss. 
-Process= "CMTS MAC Parser", ipl= 0, pid= 43
This issue stops Baseline Privacy Interface Plus (BPI+) enabled cable modems from negotiating BPI+ encryption with the CMTS.

The issue occurs when debug is enabled and a cable modem running BPI+ tries to come online.

Workaround: Disable the debug with the no debug cable privacy command. Use an alternative debug that produces similar, but more verbose output, the debug cable bpiatp command.
CSCsd22278

Call Admission Control does not take effect if it is applied while there are active PacketCable calls running.

This issue occurs when there are bulk PacketCable calls running on the cable modem termination system (CMTS) before you configure Call Admission Control.

Workaround: Do not configure Call Admission Control while there are bulk calls running.

CSCsd26691

When tmda-atmda docsis mode is configured on the interface, the current reserved value shown on the admission control command is incorrect.

This issue occurs when tdma-atdma mode is configured.

There are no known workarounds.

CSCsd30267

The Authentication, Authorization, and Accounting (AAA) per user process is holding memory, and the router is running out of memory.

This issue occurs on a Cisco uBR7114E router running Cisco IOS Release 12.3(13a)BC2 with PPP over Ethernet (PPPOE) dialing and dynamic access control lists (ACLs).

There are no known workarounds.

CSCsd39821

The VID data in the entPhysicalHardwareRev MIB displays the wrong value if the data field in EEPROM is missing.

This issue affects the Entity MIB in all Cisco uBR7100 software releases if the VID data field is not programmed.

There are no known workarounds.

CSCsd39843

The entPhysicalSoftwareRev and entPhysicalMfgName MIBs for the Cisco uBR7100-I/O-2FE/E controller card display the wrong data.

This issue affects the Entity MIB for the Cisco uBR7100 software releases.

There are no known workarounds.

CSCsd40636

The show ip vrf ? command does not display the WORD option, and the show inventory raw ? does not display options at all.

There are no known workarounds.

CSCsd59963

The IP ToS/DSCP byte is always set to 0x00 for PacketCable CALEA replicated packets, even when original packets have a higher value.

There are no known workarounds.

CSCsd64243

A Cisco uBR7114 router crashes due to red zone overrun - memory corruption.

There are no known workarounds.

CSCsd67935

When a Dynamic Host Configuration Protocol (DHCP) BOOTREQUEST is received from customer premises equipment (CPE) that has a PPP over Ethernet (PPPoE) session open with the Cisco uBR router, the PPPoE session is terminated once the reply is GLEANed.

Workaround: Perform the following steps:

1. Configure a static IP address on the CPE.

2. Prevent the DHCP BOOTREQUEST at the CPE.

3. If DHCP scripting is possible, prevent the reply to the CPE from the server.

CSCsd75421

A router crashes because of a software forced reload - Unexpected exception, CPU signal 23. The error SYS-6-BLKINFO: Corrupted redzone precedes the crash.

There are no known workarounds.

CSCsd80421

The cdxBWQueueTable and cdxBWQueueEntry MIB variables should return information about all upstream bandwidth request queues on a Cisco uBR series cable modem termination system (CMTS). However, only information about the Committed Information Rate (CIR) and the existent Tiered Best Effort (TBE) queue is available.

There are no known workarounds.

CSCsd84554

The not in service quality of service (QoS) profile can be enforced to the modem using the cdxCmtsCmQosProfile MIB, but the not in service QoS profile cannot be enforced to the modem using the CLI.

There are no known workarounds.

CSCsd85177

Randomly, signal-to-noise ration (SNR) cosmetically decreases -10 dB with MC-28u and 16u/x cards.

Workaround: Turn off ingress-noise cancellation, and then immediately turn it back on again. SNR returns to normal levels.
CSCsd92344
A Cisco uBR series cable modem termination system (CMTS) generates error messages similar to the following:
%SYS-3-CPUHOG: Task is running for (2008)msecs, more than (2000)msecs 
(699/198),process = DHCPD Receive.
This message is followed by another error message similar to the following and a software-forced reload:
%UBR7100-4-FAILED_DS_SID_LOOKUP: Failed to find host in DS on int  with 
SID # 4271, IP = 10.99.82.19, MAC = 0004.1af1.c34a
This issue occur s when the cable or virtual bundle interface configuration command cable source-verify dhcp is configured, and is triggered by end hosts that have duplicate or spoofed Ethernet MAC addresses.

Workaround: Remove the dhcp portion of the cable source-verify dhcp command and use the cable source-verify command only.
CSCse05680

Cable modem termination system (CMTS) read-only quality of service (QoS) profiles are being deleted.

This issue occurs in platforms without distributed line cards.

There are no known workarounds.

CSCse06619

When changing a bundle member from one bundle to another, the service class information is not displayed in the show cable dsg tunnel no statistics command.

There are no known workarounds.

CSCse11646

Spurious memory access occurs when monitoring MAC packets with the DOCSIS Set-Top Gateway (DSG) configuration.

There are no known workarounds.

CSCse14247

The cable quality of service (QoS) profile created using the cdxCmtsCmQosProfile MIB can be modified or deleted when the profile is active and in use by modems.

There are no known workarounds.

CSCse30830

After a Simple Network Management Protocol (SNMP) request on the cable modem termination system (CMTS), there is steady packet loss on the upstream (modem-to-voice gateway) path. Even though the SNMP requests are stopped and the SNMP lines are removed (using config mode) from the running configuration, the packet loss status remains until a reload of CMTS occurs.

Workaround: Perform a CMTS reload.

CSCse32100

Performance measurements run as best effort traffic (the only traffic in the setup) in short sessions (of 60 seconds long each) report that sometimes the upstream (US) throughput is lower than expected. The performance hits do not seem to follow any particular pattern, but are accompanied by a rapid increase of drops in the MAC scheduler. When the performance is as expected, the drops in the MAC scheduler do not increase.

There are no known workarounds.

CSCse33368

The router reloads and comes back up with following message:

Last reset from watchdog nmi System was restarted by watchdog timer expired

Decoded information appears as etext for all the values, which points to possible corrupted crash information.

There are no known workarounds.

CSCse37931

The cable source verify leasequery-filter does not working with bundling.

There are no known workarounds.

CSCse53584

The show cable calls command is missing from the IOS documentation.

There are no known workarounds.

CSCse56861

A Cisco uBR series router displays the following error message after the cable source-verify dhcp command has been configured:

%ALIGN-3-SPURIOUS: Spurious memory access made at [...]

There are no known workarounds.

CSCse60253

When a cable filter group is configured to block traffic to a cable modem (CM), Media Terminal Adapter (MTA), or customer premises equipment (CPE), the traffic towards devices on an MC16C line card do not get blocked by the cable modem termination system (CMTS).

Workaround: If you move the devices to the MC28U line card, the feature works.

CSCse68483

Unusual characters (parser issued) are generated on the terminal output (console or Telnet session).

This issue occurs only when the cable modem termination system (CMTS) is configured with the Baseline Privacy Interface (BPI) and the debug cable privacy command is enabled on a non-Cisco cable modem.

Workaround: Turn off the debug, disconnect the session, and re-connect.

CSCse70718

On a Cisco uBR series cable modem termination system (CMTS), cable modems on an MC28U series cable line card are unable to progress past the init(d) state on certain upstream ports.

The issue occurs after an MC28U cable line card has undergone online insertion and removal (OIR), or after the MC28U line card is unexpectedly reset. The issue also occurs only when upstream connector sharing is configured. Cable modems on the numerically lowest upstream channel to share a connector can get stuck in the init(d) state.

Workaround: Reconfigure the connector sharing configuration command on affected upstreams after the line card OIR.
CSCse74143
The following error message can lead to a cable modem termination system (CMTS) software crash due to memory corruption:
Jul 10 19:30:09.830: %SYS-2-LINKED: Bad enqueue of 643D0780 in queue 
6321038C  
-Process= "CMTS SID mgmt task", ipl= 3, pid= 47  
-Traceback= 60893900 604BD1C4 6053358C 604D894C 60617EB8 608576BC 
608576A0  
Jul 10 19:30:40.721: %SYS-2-NOTQ: unqueue didn't find 64400518 in queue 
63325B14  
-Process= "CMTS SID mgmt task", ipl= 3, pid= 47 
-Traceback= 60893B08 604BD104 604D74DC 6061818C 608576BC 608576A0  
Jul 10 19:30:46.253: %SYS-2-NOTQ: unqueue didn't find 643D0780 in queue 
6321038C  
-Process= "CMTS SID mgmt task", ipl= 3, pid= 47 
-Traceback= 60893B08 604BD104 604D74DC 6061818C 608576BC 608576A0 
Jul 10 19:30:53.001: %SYS-2-LINKED: Bad enqueue of 643D0780 in queue 
6321038C  
-Process= "CMTS SID mgmt task", ipl= 3, pid= 47 
-Traceback= 60893900 604BD1C4 6053358C 604D894C 60617EB8 608576BC 
608576A0
There are no known workarounds.
CSCse77050

On a Cisco uBR series cable modem termination system (CMTS), the defaults for the cable upstream us-channel admission-control percentage command have changed from enforcing over subscription to 100% of the available upstream bandwidth to not enforcing any over subscription level. In addition, if the cable upstream us-channel admission-control 100 command is configured, the command will not be properly saved and will not be maintained after a CMTS reload.

Workaround: If upstream channel over subscription enforcement for minimum reserved rate services is desired at 100% of upstream bandwidth, then manually configure a slightly different value. For example: cable upstream us-channel admission-control 99.

CSCse78507

Packets are delayed at the cable interface if rate-limiting is used.

Workaround: Remove the cable downstream rate-limit token-bucket shaping max-delay command.
Resolved Caveats for Release 12.3(17a)BC2

Table 54 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(17a)BC2 release.

Table 54 Resolved Caveats for Cisco IOS Release 12.3(17a)BC2

DDTS ID Number

Description

CSCek37177

The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service condition.

This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the Cisco IOS device will not trigger this vulnerability.

Cisco has made free software available to address this vulnerability for affected customers.

This issue is documented as Cisco bug ID CSCek37177.

There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml

CSCek48821

Modems do not come online with the MC28U card.

There are no known workarounds.

CSCsc27292

Integrated customer premises equipment (CPE) inside of certain brands of cable modems and set-top box units are unable to acquire an IP address using the Cisco uBR cable modem termination system (CMTS).

The issue occurs when cable interface bundling is configured on Cisco IOS Release 12.3(13a)BC, but not in earlier Cisco IOS releases.

Workaround: Revert to an earlier release of Cisco IOS for the Cisco uBR CMTS, or un-configure cable interface bundling.

CSCsd30319

Modems get stuck in the init(o) state following an online insertion and removal (OIR) operation if the replacement card type is not identical to the original card.

This issue is related to virtual interface bundling, and only occurs on interfaces that are members of a cable bundle.

Workaround: Reboot the router.

CSCsd41688

The MC28U and MC16U line cards experience an Inter-Process Communication online insertion and removal (IPCOIR) timeout and reload without writing a crashinfo file in bootflash. An %IPCOIR-3-TIMEOUT message is displayed on the Network Processing Engine (NPE) console and the line card is reloaded approximately 5 minutes later.

To check for the presence of a crashinfo file connect to the line card, enter the if-con command, and then enter the show bootflash all command. If the line card is experiencing this problem, the command does not list a crashinfo file with a timestamp corresponding to the reload.

This problem does not normally reoccur on the same card.

There are no known workarounds.

CSCse22002

The billing record format has been changed despite the IP Detail Record (IPDR) specification not supporting that new format as of May 2006.

The image tries to complies with the latest 2.0 spec based on OSSIv2.0-N-04.0173-7 ECR, http://www.cablelabs.com/cablemodem/downloads/specs/CM-SP-OSSIv2.0-I09-050812.pdf, which states: " This Element is defined as compliant with [IPDR/BSR] specification but [IPDR/SP] still does not define those types, therefore CPE Info MUST NOT be supported until [IPDR/SP] defines Array and Structs types."

Workaround: Customers must support the new schema, DOCSIS-3.5.1-A.0.xsd.

Open Caveats for Release 12.3(17a)BC1

Table 55 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(17a)BC1 release.
Table 55 Open Caveats for Cisco IOS Release 12.3(17a)BC1
DDTS ID Number

Description

CSCeh33888

A Cisco uBR7100 router reloads with the last reset from a watchdog reset.

This issue occurs on a router that is running Cisco IOS Release 12.3(9a)BC.

There are no known workarounds.

CSCei25309

The cable monitor & MC16C card does not operate correctly. Initial ranging is no longer captured, or the station main map message is not output when specifying the service identifier (SID) option and map-grant.

There are no known workarounds.

CSCej87157

All e911 calls are rejected if downstream (DS) bandwidth (BW) is saturated, even though upstream bandwidth is still available.

Workaround: Stop running applications manually to free up DS bandwidth; no automatic DS bandwidth preemption occurs.

CSCej89390

On a Cisco uBR cable modem termination system (CMTS) platform with MC28U/MC16U cable line cards, if a CLC interface has a bundle slave configured on it and the interface bundle slave is brought in/out of the bundle slave configuration, CMTS features, such as cable source-verify dhcp and cable arp, do not work properly.

There are no known workarounds.
CSCek4107
In Cisco IOS releases for the Cisco uBR7100 router in which CSCed17434 is fixed, the functionality of the cable source-verify dhcp command has changed.

Before CSCed17434, the command would try to validate IP source addresses from systems behind routers connected to the DOCSIS network. After CSCed17434, the command no longer performs this validation. Instead, if the source address of a packet is recognized as not being directly connected to the DOCSIS network, the router will simply omit source address checking and accept/forward the packet. If debugging is enabled, it emits a message similar to the following:
src address 1.2.3.4 on subnet different from interface Cable3/0, no 
checking
Note that this message is the only debug generated and is independent of whether the IP source address of the offending packet is actually a spoofed address (not reachable via the cable interface), or whether it is an IP address reachable via some CPE-side router connected to this interface.

Workaround: To enable source address checking for a non-directly connect source-IP address in Cisco IOS releases for the Cisco uBR7100 router in which CSCed17434 is fixed, enable the following commands:
Interface: 
! Global 
cable source-verify [dhcp] 
ip cef 
! On each cable interface IP CEF based RPF check: 
interface Cable 3/0 
ip verify unicast source reachable-via rx
Note If you need address security on your DOCSIS network, enable the interface level IP Cisco Express Forwarding (CEF) based Reverse Path Forwarding (RPF) checking whether or not you want to support subscribers with routers.

Limitations: Note that even with the above described workaround, there is no validation whether packets with a non-directly connected source-IP address are received via the appropriate cable modem.

For example, if an attacking subscriber A knows that a particular IP address prefix A/M is connected via a router at another subscriber's site connected to the same downstream, then subscriber A can spoof packets with that source's IP addresses and neither the cable source-verify command, nor the ip verify unicast source reachable-via rx command will be able to inhibit this attack.

Unicast Forwarding Information Base (FIB) RPF checking is supported by the ip verify unicast source command. To provide protection against this case, a Cisco IOS release needs to provide support for CSCek41068.
CSCsa63516
The following traceback occurs during a test run, which includes maximum concurrent active voice calls on all upstreams with data traffic injected from the customer premises equipment (CPE) behind the cable modem:
SLOT 3/0: Feb 14 10:11:00.114 EST: %SCHED-3-STUCKMTMR: Sleep with 
expired managed timer 62C7942C, time 0x31FB2BFC (00:00:00 ago). 
-Process= "Dynamic Services Timer Process", ipl= 4, pid= 37 
-Traceback= 60327044 6032749C 60447AE4
The traceback occurs only when the offered load (voice + data) exceeds the maximum bandwidth available on the upstreams.

There are no known workarounds.
CSCsb24406

With Cisco IOS Release 12.3(13a)BC, a MAC address based cable monitor does not show packets from service identifiers (SIDs) other than the primary. This functionality no longer works on legacy line cards.

There are no known workarounds.

CSCsb27203

With no Best Effort (BE) traffic, Unsolicited Grant Services (UGS) traffic encroaches upstream (US) bandwidth exclusively reserved for BE data.

Workaround: Configure Admission Control (AC) exclusively for UGS traffic.

CSCsb27648

Multiple Qos_reserve Qos_commits appear on a RADIUS packet when intercepting packets in PacketCable.

This issue occurs when the cable modem termination system (CMTS) is configured for PacketCable and the Gate_set needs to be received.

There are no known workarounds.
CSCsb30270
A Cisco uBR7100 series router with MC28U style line cards has an internal 127.x.x.x network that is used for inter line card communication.

This network is errantly advertised by IP routing protocols when the redistribute connected [subnets] command is specified under the routing protocol's configuration paragraph.

Workaround: Configure a route-map that prevents the accidental redistribution of 127.x.x.x network numbers into routing protocols. For example, the following configuration commands achieve this goal for an Open Shortest Path First (OSPF) process with a process ID of 1:
access-list 10 permit 127.0.0.0 0.255.255.255 
! 
route-map Stop-127.x.x.x deny 10 
match ip address 10 
! 
route-map Stop-127.x.x.x permit 20 
! 
router ospf 1 
redistribute connected subnets route-map Stop-127.x.x.x 
! 
end
CSCsb63042

The current implementation of ToS overwrite requires that static cable quality of service (QoS) profiles be created and the necessary tos-overwrite command added to achieve the desired packet coloring.

This implementation works well if only a few different service types are offered. Scalability problems arise when multiple service operators (MSOs) offer dozens of different service levels, each requiring a static QoS profile to perform ToS overwrite.

A feature that would allow a default ToS overwrite to be bound to cable modem (CM) created profiles would help eliminate the scalability problem. Such a feature would be limited in that all CM created profiles would be forced to use the same ToS setting.

There are no known workarounds.

CSCsc01244

As the number of reserved Non Real Time Polling Service (nrtPS) service flows increases on an upstream, the number of possible Voice over IP (VoIP) calls on that upstream decreases.

This issue occurs on a Cisco uBR7100 router running Cisco IOS Release 12.3(9a)BC2 with DOCSIS 1.1 VoIP calls and nrtPS polling interval of 250ms.

There are no known workarounds.

CSCsc10117

When a cable modem termination system (CMTS) bundle interface has 100,000 Address Resolution Protocol (ARP) entries, entering the interface configuration mode of that bundle hogs the CPU for 15-20 seconds.

This issue occurs when the bundle interface has a large number of entries in the ARP and Forwarding Information Base (FIB) tables.

Workaround: Enter the bundle interface configuration mode during a maintenance window, or split one large bundle into several smaller bundles.

CSCsc19010

A Gate-Set is sent to the cable modem termination system (CMTS), but no response is received.

This issue occurs when modifying a Gate.

There are no known workarounds.

CSCsc27292

Integrated customer premises equipment (CPE) inside of certain brands of cable modems and set-top box units are unable to acquire an IP address using the Cisco uBR cable modem termination system (CMTS).

The issue occurs when cable interface bundling is configured on Cisco IOS Release 12.3(13a)BC, but not in earlier Cisco IOS releases.

Workaround: Revert to an earlier release of Cisco IOS for the Cisco uBR CMTS, or un-configure cable interface bundling.

CSCsc27520

When the Network Time Protocol (NTP) clock gets updated, the clock on the Performance Routing Engine (PRE) changes as expected, however, the MC520 clock does not get updated.

Workaround: Restart the CMTS or the line card.

CSCsc63687

On a Cisco uBR series cable modem termination system (CMTS), when service flows are generated for multicast traffic through the use of the cable and bundle interface cable match address command, the docsQosMIBObjects Simple Network Management Protocol (SNMP) objects do not report details of the multicast service flows.

Workaround: Revert to the use of the Cisco IOS Command Line Interface to gather statistics on multicast service flows.
CSCsc69945
Cable modems connected to an MC28U style line card on a Cisco uBR7100 cable modem termination system (CMTS) become stuck in the init(d) state after a line card recovers from an unexpected reset.

The state appears in the show cable modem command. In addition, an error message similar to the following appears as the line card comes back online:
%PARSER-4-BADCFG: Unexpected end of configuration file.
The issue occurs only when multicast quality of service (QoS) service flows, as configured by the cable interface command cable match address, have been activated.

Workaround: Manually shut/no shut any affected cable interfaces.
CSCsc73808

Source is ignored when SSM-mapping with a non-ssmp group is configured.

There are no known workarounds.

CSCsc86355

When customer premises equipment (CPE) is joining and leaving multicast groups on a bundle interface at a very fast rate, and the show interface bundle x multicast command is issued, an alignment error or a bus error reload occurs.

There are no known workarounds.

CSCsc99552

Unnecessary crypto information is printed out in the running-config.

This occurs when Baseline Privacy Interface Plus (BPI+) is configured and is being used on the cable modem termination system (CMTS).

Workaround: Use the show running-config brief command to avoid this information.
CSCsd10009
When the debug cable privacy command is enabled, a Cisco uBR series cable modem termination system (CMTS) generates error messages similar to the following, followed by traceback:
SLOT 5/0: Jan 18 22:12:33.320: %SCHED-2-EDISMSCRIT: Critical/high 
priority process CMTS MAC Parser may not dismiss. 
-Process= "CMTS MAC Parser", ipl= 0, pid= 43
This issue stops Baseline Privacy Interface Plus (BPI+) enabled cable modems from negotiating BPI+ encryption with the CMTS.

The issue occurs when debug is enabled and a cable modem running BPI+ tries to come online.

Workaround: Disable the debug with the no debug cable privacy command. Use an alternative debug command that produces similar, but more verbose output, the debug cable bpiatp command.
CSCsd14049
A feature request has been made for better fixed frequency support with advanced spectrum management for advanced Physical Interface Chip (PHY) CLCs such as the MC28U and 5x20U.

At present, the band command must be used, even if a fixed frequency is desired:
Router(config)# cable spectrum-group 15 band 6000000 9200000 
Router(config)# interface cable 6/0  
Router(config-if)# cable upstream 0 spectrum-group 15 
There are no known workarounds.
CSCsd23426

Cable modems using non-real time polling service flows with a 300ms polling interval are not allowed to register with the cable modem termination system (CMTS). The output generated by the show cable modem command is reject(c).

Workaround: Use a polling interval that is not 300ms. For example, 250ms has been tested and works.

CSCsd30319

Modems get stuck in the init(o) state following an online insertion and removal (OIR) operation if the replacement card type is not identical to the original card.

This issue is related to virtual interface bundling, and occurs only on interfaces that are members of a cable bundle.

Workaround: Reboot the router.

CSCsd39821

The VID data in the entPhysicalHardwareRev MIB displays the wrong value if the data field in EEPROM is missing.

This issue affects the Entity MIB in all Cisco uBR7100 software releases if the VID data field is not programmed.

There are no known workarounds.

CSCsd39843

The entPhysicalSoftwareRev and entPhysicalMfgName MIBs for the Cisco uBR7100-I/O-2FE/E controller card display the wrong data.

This issue affects the Entity MIB for the Cisco uBR7100 software releases.

There are no known workarounds.

CSCsd40636

The show ip vrf ? command does not display the WORD option, and the show inventory raw ? does not display options at all.

There are no known workarounds.

CSCsd59963

The IP ToS/DSCP byte is always set to 0x00 for PacketCable CALEA replicated packets, even when the original packets have a higher value.

There are no known workarounds.

CSCsd67935

When a Dynamic Host Configuration Protocol (DHCP) BOOTREQUEST is received from customer premises equipment (CPE) that has a PPP over Ethernet (PPPoE) session open with the Cisco uBR router, the PPPoE session is terminated once the reply is GLEANed.

This issue occurs when the DHCP BOOTREPLY needs to be GLEANed for a CPE that has a PPPoE session.

Workaround: Perform the following steps:

1. Configure a static IP address on the CPE.

2. Prevent the DHCP BOOTREQUEST at the CPE.

3. If DHCP scripting is possible, prevent the reply to the CPE from the server.

CSCsd80421

The cdxBWQueueTable and cdxBWQueueEntry MIB variables should return information about all upstream bandwidth request queues on a Cisco uBR series cable modem termination system (CMTS). However, only information about the Committed Information Rate (CIR) and the existent Tiered Best Effort (TBE) queue is available.

There are no known workarounds.
CSCsd92344
A Cisco uBR7100 series cable modem termination system (CMTS) generates error messages similar to the following:
%SYS-3-CPUHOG: Task is running for (2008)msecs, more than (2000)msecs 
(699/198),process = DHCPD Receive.
This message can be followed by another error message similar to the following and a software-forced reload:
%UBR7100-4-FAILED_DS_SID_LOOKUP: Failed to find host in DS on int  with 
SID # 4271, IP = 10.99.82.19, MAC = 0004.1af1.c34a
This issue occurs when the cable or virtual bundle interface configuration cable source-verify dhcp command is configured, and is triggered by end hosts that have duplicate or spoofed Ethernet MAC addresses.

Workaround: Remove the dhcp portion of the cable source-verify dhcp command, and use the cable source-verify command only.
CSCse05680

Cable modem termination system (CMTS) read-only quality of service (QoS) profiles are being deleted.

This issue occurs in platforms without distributed line cards

There are no known workarounds.
Resolved Caveats for Release 12.3(17a)BC1

Table 56 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(17a)BC1 release.
Table 56 Resolved Caveats for Cisco IOS Release 12.3(17a)BC1
DDTS ID Number

Description

CSCek26121

The sysUptime SNMP OID counter is reset after a Performance Routing Engine (PRE) switchover occurs.

There are no known workarounds.

CSCek27197

With Dynamic Shared Secret (DMIC) enabled, modems get stuck in the init(io) state and fail to register.

This issue occurs when Dynamic Shared Secret is enabled, and most, if not ALL, of the following conditions are true:

•Each modem gets its own config file (for example, when BACC is used for provisioning)

•The cable modem (CM) config files are large (greater than 1024 bytes in size)

•Large numbers of modems are trying to connect to the cable modem termination system (CMTS)

There are no known workarounds.
CSCsa92748
A Network Processing Engine G1 (NPE-G1) restarts unexpectedly and reports the following message:
Last reset from watchdog reset
This issue occurs only on routers that are configured with an NPE-G1 Network Processing Engine.

There are no known workarounds.
CSCsb25448

A Cisco uBR7100 series router unexpectedly reloads.

There are no known workarounds.

CSCsb84207

Clone cable modems take legitimate modems offline.

There are no known workarounds.

CSCsc86473

High forward error correction (FEC) counts occur on a Cisco uBR7100 cable modem termination system (CMTS) for attached cable modems, and those cable modems are unable to come online.

This issue occurs on a Cisco uBR7100 router running Cisco IOS Release 12.3(9a)BC3 equipped with MC28U cards and connected to a high number (2000 to 3000) of cable modems. The errors are related to specific third party cable modems

There are no known workarounds.
CSCsd15546
A Cisco router configured as a Dynamic Host Configuration Protocol (DHCP) relay does not append Option 82 (Relay Agent Option), even when configured to do so:
ip dhcp relay information option 
no ip dhcp relay information check 
ip dhcp relay information trust-all
This issue occurs when the DHCP message contains an invalid option (for example, option 12 with length 0.)

Workaround: Ensure that the DHCP messages sent to the Cisco router that is acting as DHCP relay contain valid options.
CSCsd15937

On voice systems, the following occurs:

•The clear cable modem mac delete command leads to a software-forced reload.

•Any cable modem (CM) going offline, for any reason, leads to a software-forced reload.

•Aborted DSX transactions lead to a software-forced reload.

•A Dynamic Service Deletion (DSD) message leads to a software-forced reload.

This issue affects Cisco IOS Releases 12.2(15)BC2h, 12.3(13)BC1 and 12.3(13)BC2.

The cable modem (CM) initiates overlapping Dynamic Service Change (DSC) transactions, drops DSC ACKs, and does not hold down state of previous transaction. The classifier state is modified during several transactions that overlap DSX error handling, creating a classifier with a state that does not match the list that it is on, or creating duplicate classifier pointers on the same list. Subsequent state changes, followed by DSC delete, DSD, or CM offline, cause a double free of the classifier pointer, resulting in a software-forced reload.

Workaround: A debug image is available that avoids the software-forced reload and provides additional debugging information.

CSCsd16035

Configured traps for cable and docsis-cmts disable as soon as another trap is configured.

This issue occurs on Cisco IOS Release 12.3(9a)BC6.

Workaround: Configure cable and docsis-cmts traps last.

CSCsd17301

When Dynamic Shared Secret (DMIC) is configured on the cable modem termination system (CMTS), the CMTS enters a state where all subsequent cable modem (CM) registration attempts fail and the CM ends up in the init(io) state. Cable modems that are online continue to work, but any other cable modems that are reset, either by means of power-cycling or by the delete/reset command, fail.

This issue occurs if the multiple service operator (MSO) mistakenly provisions a modem config file that does not exist on the Trivial File Transfer Protocol (TFTP) server, and any modem tries to get online with the CMTS using such a non-existent config file.

There are no known workarounds.

CSCsd20135

On voice systems, the following occurs:

•The clear cable modem mac delete command leads to a software-forced reload.

•Any cable modem (CM) going offline, for any reason, leads to a software-forced reload.

•Aborted DSX transactions lead to a software-forced reload.

•A Dynamic Service Deletion (DSD) message leads to a software-forced reload.

This issue affects Cisco IOS releases 12.2(15)BC2h, 12.3(13)BC1 and 12.3(13)BC2.

The CM initiates overlapping Dynamic Service Change (DSC) transactions, drops DSC ACKs, and does not hold down state of previous transaction. The classifier state is modified during several transactions that overlap DSX error handling, possibly creating duplicate classifier pointers on the same list. Subsequent state changes, followed by DSC delete, DSD, or CM offline, cause a double free of the classifier pointer, resulting in a software-forced reload.

Workaround: A debug image is available that avoids the software-forced reload and provides additional debugging information.

CSCsd20814

MC28Us add additional leading byte(s) to the data payload portion of a cable intercept packet where the source MAC address of the original packet is expected. Most recreate attempts show the addition of only a single extra byte. However, there have been cases where more than 1 extra byte was added.

Other observations are as follows:

•The problem seems to be intermittent on MC28Us CLCs. Other MC28U interfaces may or may not have the problem.

•Problem could not be reproduced on legacy CLCs, such as the MC16S card.

•Problem was duplicated in the lab on Cisco IOS Release 12.3(13a)BC2; Cisco IOS Release 12.3(9a)x is affected as well.

There are no known workarounds.

CSCsd22348

A Cisco uBR7100 series router running an experimental image, experiences a bus error crash at cmts_rx_pdu_common.

There are no known workarounds.

CSCsd22949

The Ethernet port adapter does not have the MAC address for Open Shortest Path First (OSPF) in its MAC-filter after a reboot. This issue prevents OSPF adjacencies from establishing.

This issue occurs on a Cisco uBR7100 series router running Cisco IOS Release 12.3(13a)BC1 with a dot1q subinterface on a port-channel containing Gigabit Ethernet interfaces enabled for OSPF.

Workaround: This issue can be fixed by a manual shut/no shut of the port-channel.

CSCsd42802

Modems are not coming up on the MC28u line cards in certain Virtual Interface configurations.

After configuring DS0 with US0 on connector 7, modems will not come up.

Workaround: Do not create US0 connections using connector 7.

Note Note: Default connector for US0 is connector 0.

CSCsd47337

The cable service flow inactivity-threshold command does not get written to running-config or startup-config.

This issue affects the Cisco IOS Release 12.3(17a) only.

Workaround: Re-enter the command after the cable modem termination system (CMTS) boots up.

CSCsd84940

For Cisco IOS releases 12.3(17a)BC, 12.3(13)BC1, 12.3(13)BC2, 12.3(9a)BC8, a significant increase in the number of upstream forward error correction (FEC) errors occurs when using MC16C or MC28C cards.

The exact degradation that occurs (if any) depends upon plant conditions and the cable modems (CMs) and Media Terminal Adapters (MTAs) being used.

There are no known workarounds.
Open Caveats for Release 12.3(17a)BC

Table 57 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(17a)BC release.
Table 57 Open Caveats for Cisco IOS Release 12.3(17a)BC
DDTS ID Number

Description

CSCeh33888

A Cisco router reloads with the last reset from the watchdog reset.

This issue occurs on a router that is running Cisco IOS Release 12.3(9a)BC.

There are no known workarounds.

CSCei25309

The cable monitor and MC16C card does not operate correctly. Initial ranging is no longer captured, or the station main map message is not output when specifying the service identifier (SID) option and map-grant.

There are no known workarounds.

CSCej89390

On a Cisco uBR cable modem termination system (CMTS) platform with MC28U/MC16U cable line cards, if a CLC interface has a bundle slave configured, and the interface bundle slave is brought in/out of the bundle slave configuration, CMTS features, such as cable source-verify dhcp and cable arp, do not work properly.

There are no known workarounds.

CSCek26121

The sysUptime SNMP OID counter resets after a Performance Routing Engine (PRE) switchover occurs.

There are no known workarounds.

CSCsb24406

With Cisco IOS Release 12.3(13a)BC a MAC address based cable monitor does not show packets from service identifiers (SIDs) other than the primary. This functionality no longer works on legacy line cards.

There are no known workarounds.

CSCsb27203

With no Best Effort (BE) traffic, Unsolicited Grant Services (UGS) traffic encroaches upstream (US) bandwidth that is exclusively reserved for BE data.

Workaround: Configure Admission Control (AC) exclusively for UGS traffic.

CSCsb27648

Multiple Qos_reserve Qos_commits appear on a RADIUS packet while intercepting packets in PacketCable.

This issue occurs when the cable modem termination system (CMTS) is configured for PacketCable and the Gate_set needs to be received.

There are no known workarounds.
CSCsb30270
A Cisco uBR7100 series router with MC28U style line cards has an internal 127.x.x.x network that is used for inter line card communication.

This network is errantly advertised by IP routing protocols when the redistribute connected [subnets] command is specified under the routing protocol's configuration paragraph.

Workaround: Configure a route-map that prevents the accidental redistribution of 127.x.x.x network numbers into routing protocols. For example, the following configuration commands will achieve this goal for an Open Shortest Path First (OSPF) process with a process ID of 1:
access-list 10 permit 127.0.0.0 0.255.255.255 
! 
route-map Stop-127.x.x.x deny 10 
match ip address 10 
! 
route-map Stop-127.x.x.x permit 20 
! 
router ospf 1 
redistribute connected subnets route-map Stop-127.x.x.x 
! 
end
CSCsb52587

A Cisco uBR7100 router running Cisco IOS Release 12.3(9a)BC unexpectedly reloads due to a bus error under rare conditions.

There are no known workarounds.

CSCsb61414

When running Cisco IOS Release 12.3(9a)BC3 or 12.3 (9a)BC6 on a Cisco uBR7100 series router, sporadically, the cable modem termination system (CMTS) cannot ping some of the cable modems and customer premises equipment (CPE) behind the modem. This problem does not occur with Cisco IOS Release 12.3(9a)BC.

Cable monitor traces recorded while the failure is present show no input packets on the CMTS from affected cable modems.

This issue occurs on CMTS with approximately 3000 cable modems online.

Workaround: Reset the cable modem.

CSCsc01244

As the number of reserved Non Real Time Polling Service (nrtPS) service flows increases on an upstream, the number of possible Voice over IP (VoIP) calls on that upstream decreases.

This issue occurs on a Cisco uBR7100 series router running Cisco IOS Release 12.3(9a)BC2 with DOCSIS 1.1 VoIP calls and an nrtPS polling interval of 250ms.

There are no known workarounds.

CSCsc10117

When a cable modem termination system (CMTS) bundle interface has 100,000 Address Resolution Protocol (ARP) entries, entering the interface configuration mode of that bundle hogs the CPU for 15-20 seconds.

This issue occurs when the bundle interface has a large number of entries in the ARP and Forwarding Information Base (FIB) tables.

Workaround: Enter bundle interface configuration mode during a maintenance window, or split one large bundle into several smaller bundles.

CSCsc16702

NPE-G1 unexpectedly reloads with a bus error when running Cisco IOS Release 12.2(15)BC2h during normal operation.

There are no known workarounds.

CSCsc19010

A Gate-Set is sent to the cable modem termination system (CMTS), but no response is received.

This issue occurs only when modifying a Gate.

There are no known workarounds.

CSCsc27292

Integrated customer premises equipment (CPE) inside of certain brands of cable modems and set-top box units are unable to acquire an IP address using the Cisco uBR cable modem termination system (CMTS).

The issue occurs when cable interface bundling is configured on Cisco IOS Release 12.3(13a)BC, but not in earlier Cisco IOS releases.

Workaround: Revert to an earlier release of Cisco IOS for the Cisco uBR CMTS, or un-configure cable interface bundling.

CSCsc27520

When the Network Time Protocol (NTP) clock gets updated, the clock on the Performance Routing Engine (PRE) changes as expected, however, the MC520 clock does not get updated.

Workaround: Restart the cable modem termination system (CMTS) or the line card.

CSCsc63687

On a Cisco uBR series cable modem termination system (CMTS), when service flows are generated for multicast traffic through the use of the cable and bundle interface cable match address command, the docsQosMIBObjects Simple Network Management Protocol (SNMP) objects do not report details of the multicast service flows.

Workaround: Revert to the use of the Cisco IOS Command Line Interface to gather statistics on multicast service flows.
CSCsc69945
Cable modems connected to an MC28U style line card on a Cisco uBR7100 series cable modem termination system (CMTS) become stuck in the init(d) state after a line card recovers from an unexpected reset.

The state appears in the show cable modem command. In addition, an error message similar to the following appears as the line card comes back online:
%PARSER-4-BADCFG: Unexpected end of configuration file.
The issue occurs only when multicast quality of service (QoS) service flows, as configured by the cable interface cable match address command, have been activated.

Workaround: Manually shut/no shut any affected cable interfaces.
CSCsc73808

The source is ignored when configuring SSM-mapping with a non-ssmp group.

There are no known workarounds.

CSCsc84934

When the sflog entries are less than the terminated SFs, the terminated SFs which were logged by the sflog file in the cable modem termination system (CMTS), are not reported in the XML file.

Workaround: Perform the following steps:

1. Make the sflog entries to 2, and enable cable metering in file system mode.

2. Reload the router.

3. After the reload, terminate the 4 SFs.

4. Do the metering.

5. Verify the XML file.

CSCsc86355

When customer premises equipment (CPE) is joining and leaving multicast groups on a bundle interface at a very fast rate and the show interface bundle x multicast command is issued, an alignment error or a bus error reload occurs.

There are no known workarounds.

CSCsc86473

High forward error correction (FEC) counts occur on a Cisco uBR7100 cable modem termination system (CMTS) for attached cable modems. These cable modems are unable to come online.

This issue occurs on a Cisco uBR7100 series router running Cisco IOS Release 12.3(9a)BC3 equipped with MC28U cards and connected to a high number (2000 to 3000) of cable modems. The errors are related to specific third party cable modems

There are no known workarounds.

CSCsc87614

All of the cable modems on an MC16 modem card for a Cisco uBR7100 series router suddenly go offline.

Workaround: Use the shut/no shut command on the cable interface.

CSCsc91170

When the clear cable modem cm delete command is entered, an unexpected reload occurs.

This issue occurs in Cisco IOS Release 12.2(15)BC2h and 12.3(13)BC1.

Workaround: A debug image is available, which provides more debugging information and may avoid the unexpected reload.

CSCsc99552

Unnecessary crypto information is printed out in the running-config.

This issue occurs when Baseline Privacy Interface Plus (BPI+) is configured and is being used on the cable modem termination system (CMTS).

Workaround: Use the show running-config brief command to avoid this information.

CSCsd02882

When performing snmpwalk on the docsIfCmtsServiceNewCmStatusIndex, the returned values fail to return branches/values for certain interfaces (ifIndexes).

This issue appears to occur only when MC28u is used.

Workaround: Set the Snmpwalk docsIfCmtsServiceNewCmStatusIndex.ifIndex directly. For example, if ifIndex = 2 is missing from the tree, enter snmpwalkl.1.3.6.1.2.1.10.127.1.3.4.1.8.2.
CSCsd07509
Event throttling does not work and traps and syslogs are not limited to values set by the docsDevEvThrottleThreshold. All the traps and syslogs generated are delivered.

For example, if MIBs are set as follows, then no more than 10 traps/syslogs should be delivered in 60 seconds, but instead, all the traps/syslogs are delivered:
docsDevEvThrottleThreshold - 10 
docsDevEvThrottleInterval - 60 
docsDevEvThrottleAdminStatus.0 -  2 
There are no known workarounds.
CSCsd10009
When the debug cable privacy command is enabled, a Cisco uBR series cable modem termination system (CMTS) generates error messages similar to the following, followed by traceback:
SLOT 5/0: Jan 18 22:12:33.320: %SCHED-2-EDISMSCRIT: Critical/high 
priority process CMTS MAC Parser may not dismiss. 
-Process= "CMTS MAC Parser", ipl= 0, pid= 43
This issue stops Baseline Privacy Interface Plus (BPI+) enabled cable modems from negotiating BPI+ encryption with the CMTS. The issue occurs when debug is enabled and a cable modem running BPI+ tries to come online.

Workaround: Disable the debug with the no debug cable privacy command. Use an alternative debug command that produces similar, but more verbose output, the debug cable bpiatp command.
CSCsd14049
A request has been made for better fixed frequency support with advanced spectrum management for advanced Physical Interface Chip (PHY) CLCs such as the MC28U and 5x20U.

At present, the band command must be used, even if a fixed frequency is desired:
Router(config)# cable spectrum-group 15 band 6000000 9200000  
Router(config)# interface cable 6/0  
Router(config-if)# cable upstream 0 spectrum-group 15 
There are no known workarounds.
CSCsd20814

MC28Us add one or more leading byte(s) to the data payload portion of a cable intercept packet, where the source MAC address of the original packet is expected. This issue is intermittent on MC28Us CLCs. Other MC28U interfaces may or may not have the problem.

The issue occurs in Cisco IOS Release 12.3(13a)BC2, but Cisco IOS Release 12.3(9a)x is affected also.

There are no known workarounds.

CSCsd22348

A Cisco uBR7100 series router that is running an experimental image experiences a bus error crash at cmts_rx_pdu_common.

There are no known workarounds.

CSCsd22949

The Ethernet port adapter does not have the MAC address for Open Shortest Path First (OSPF) in its MAC-filter after a reboot. This prevents OSPF adjacencies from establishing.

This issue occurs on a Cisco uBR7100 series router running Cisco IOS Release 12.3(13a)BC1 with a dot1q subinterface on a port-channel containing Gigabit Ethernet interfaces enabled for OSPF.

Workaround: Manually shut/no shut the Port-Channel.

CSCsd23426

Cable modems using non-real time polling service flows with a 300ms polling interval are not allowed to register with the cable modem termination system (CMTS). The output generated by the show cable modem command is reject(c).

Workaround: Use a polling interval that is not 300ms. For example, 250ms has been tested and works.

CSCsd30319

Modems get stuck in the init(o) state following an online insertion and removal (OIR) operation if the replacement card type is not identical to the original card.

This issue is related to virtual interface bundling, and occurs only on interfaces that are members of a cable bundle.

Workaround: Reboot the router.

CSCsd31496

A Cisco uBR7100 series router experiences unexpected bus reloads at payload header suppression (PHS) function as a result of accessing freed memory.

There are no known workarounds.
Resolved Caveats for Release 12.3(17a)BC

Table 58 lists only severity 1 and 2 caveats and select severity 3 caveats for the Cisco IOS 12.3(17a)BC release.
Table 58 Resolved Caveats for Cisco IOS Release 12.3(17a)BC
DDTS ID Number

Description

CSCef60396

When a file is copied via the Trivial File Transfer Protocol (TFTP) on a secondary Route Processor (RP) while a switchover occurs that causes the secondary RP to become the primary RP, the new primary RP (that is, the RP that was the secondary RP before the switchover) unexpectedly reloads when it resumes copying the file.

This issue occurs on a Cisco uBR7100 series router that has two RPs that function in a redundant configuration.

Workaround: Do not perform any TFTP copies from the console of the secondary RP.

CSCef60659

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages

2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks

3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at

http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at

http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.pdf

CSCef90168

When using Transparent LAN Service (TLS) in a non-Baseline Privacy Interface (BPI) environment, traffic flows between different VPNs.

Workaround One: Use the feature on BPI-enabled modems only.

Workaround Two: Isolate the remote networks with a gateway/firewall router.
CSCef96146
Frequent log messages, reporting a problem with one of the fans, are generated:
%ENVM-3-BLOWER: Fan 1 may have failed
The fan appears to be working correctly with no cooling problem.

This issue occurs on Cisco uBR7100 routers running Cisco IOS Release 12.2(15)BC2, such as 2a or 2b.

There are no known workarounds.
CSCeg74394

The primary and backup Fast Ethernet (FE) or Gigabit Ethernet (GE) interfaces go into admin shutdown after a reload.

While the router is coming backup after a reload, the console displays Ethernets coming up and then going down, followed by a "shutdown" notice under the configuration for both interfaces. In addition, one of the Ethernet interfaces loses its configured IP address and "no ip address" appears in the interface configuration.

This issue occurs only if a higher number FE or GE interface, such as FE0/3 or GE0/3, is configured as primary while a lower number interface, such as FE 0/2 or GE0/2, is configured as backup.

This issue does not occur when the situation is reversed: when a lower number Ethernet interface is configured as primary, and a higher number Ethernet interface is configured as backup.

There are no known workarounds.

CSCeh03165

A Cisco uBR router experiences an unexpected reload when the cable arp debug command, followed by a clear arp command, is executed, or when only the clear arp command is executed.

There are no known workarounds.
CSCeh04755
When you enter the reload command for a router, the router unexpectedly enters ROMmon mode and generates the following error message:
%SYS-5-RELOAD: Reload requested by console. 
Reload Reason: Reload command. 
monitor: command "boot" aborted due to user interrupt 
rommon 1 >
Workaround: Enter the confreg 0x2002 command.
CSCeh13489

A router resets its Border Gateway Protocol (BGP) session.

This issue occurs when a Cisco router that peers with other routers receives an Autonomous System (AS) path with a length that is equal to or greater than 255.

Workaround: Configure the bgp maxas limit command so that the maximum length of the AS path is a value below 255. When the router receives an update with an excessive AS path value, the prefix is rejected and an event is recorded in the log.

CSCeh89244

The cable modem termination system (CMTS) does not remove the quality of service (QoS) profiles created by cable modems (CMs), even if they are not used by any CM on the system.

There are no known workarounds.

CSCei25308

The broadcast address 01e0.2f00.0001 no longer captures Upstream Channel Descriptors (UCDs) or MAP messages when using the cable monitor on the MC16C card.

There are no known workarounds.

CSCei25374

Cable modems being load balanced between cable line cards take a long time to come online. Modems are stuck in the "pending" state. This state appears in the output of the show cable load-balance pending command.

Affected modems have duplicate entries in the pending table and are being moved back and forth between different line cards.

This issue occurs when load balancing is configured between Cisco uBR-MC28U line cards and a cable modem is directed by a line card to move to a second line card. However, by the time the modem is moved to the second line card, the second line card has enough modems online and directs the modem to move back, or to yet another line card.

Workaround: Configure a large minimum-threshold for load balancing with the cable load-balance group group-number threshold load minimum minimum-threshold command.

To make the cable modems stuck in the pending state come online, execute the clear cable load-balance state command.

CSCei25867

If a cable monitor command is configured on a legacy cable line card in a Cisco uBR7100 chassis and the command involves ACL, the command disappears after a cable modem termination system (CMTS) reload.

This issue does not occur with an MC28U or MC16U card in the same CMTS chassis.

There are no known workarounds.

CSCei29698

Modems mapped to a dot1q Transparent LAN Service (TLS) tunnel do not come online after a reset

This issue occurs if the cable modem (CM) is mapped to a dot1q TLS tunnel and is then reset.

Workaround: Enter the clear cable modem mac d command from the cable modem termination system (CMTS).

CSCei30261

The cable modem termination system (CMTS) wrongly sends the payload header suppression (PHS) error set in its response when there are no PHS rule errors.

There are no known workarounds.

CSCei32125

The cable monitor command is not configured on the MC28U CLC.

This issue occurs when a cable monitor command that contains no space between the output interface name and the slot/sublsot is sent from the NPE to the MC28U; the MC28U CLC rejects the command. If there is space between the interface name and its slot/subslot, the command is accepted by the CLC.

For example:

"cable monitor interface gi0/2 ..." fails, and "cable monitor interface gi 0/2 ..." passes.

Workaround: When entering a cable monitor command, enter a space between the output interface name and the slot/subslot of the command.

CSCei32146

The cable clock card does not show up in entityMIB.

There are no known workarounds.

CSCei36689

The boot images for the Cisco uBR7100 routers do not build for pre-CCO of Cisco IOS Release 12.3(13)BC after the commit of CSCei25867 to the branch.

There are no known workarounds.

CSCei37717

The service class index 255 cannot be used with the cable match command; other indices do work.

There are no known workarounds.

CSCei45607

The service-policy command is configurable on cable interfaces, which suggests to customers that Modular QoS (MQC) is supported, but MQC is currently not supported on Cable interfaces

There are no known workarounds.

CSCei49132

Traceback occurs on the Network Processing Engine (NPE) in a Cisco uBR7100 series router when the cable modem termination system (CMTS) reloads, and the MC28U card is up and running.

This issue occurs when the CMON:ACL is configured on the CMTS.

There are no known workarounds.

CSCei51209

The cable modem termination system (CMTS) unexpectedly reloads.

This issue occurs when unconfiguring Transparent LAN Service (TLS) after an online insertion and removal (OIR) of the WAN interface.

Workaround: Ensure that the WAN interface comes up after OIR, then remove the TLS configuration.

CSCei51407

Multicast traffic fails to flow from the aggregator router to the cable modem termination system (CMTS) through the Transparent LAN Service (TLS) tunnel.

There are no known workarounds.
CSCei51424
While polling certain objects in the docsIfMIB, IOS locks out interrupts for an unusually long period of time.

This issue occurs because of the polled reading of the device across a slow data bus.

Workaround: Configure the cable modem termination system (CMTS) to prohibit Simple Network Management Protocol (SNMP) reads of this particular object.

Example:
snmp-server view noarp 1.3.6.1.2.1.10.127.1.1.1.1 excluded 
snmp-server view noarp iso include 
snmp-server community "public" view noarp ro
CSCei61732

Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.

Cisco has made free software available that includes the additional integrity checks for affected customers.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
CSCei68746
Motorola cable modems (CMs) have two Organizational Unique Identifiers (OUIs). One OUI is properly mapped to the vendor "Motorola" in the show cable modem vendor display. For the other OUI, the "vendor" field shows the OUI, which means the software does not know the identity of the vendor.

This issue occurs on newer Motorola CMs, which have the new OUI in use.

Workaround: Use the cable modem vendor oui vendor configuration command.

For example:
Router# show run | inc vendor 
cable modem vendor 00.08.0E SB4220 
cable modem vendor 00.06.28 CVA122 
cable modem vendor 00.30.10 uBR900
CSCei69932

PS does not get a gate-delete-ack from the cable modem termination system (CMTS) for a PacketCable Multimedia (PCMM) call.

This issue occurs when a different PS, other than the one used at gate creation, is used. CMTS sends out gate-delete-ack message to the original PS.

Workaround: Use the same PS.

CSCei72695

When the cable modem termination system (CMTS) is configured in mixed mode using QAM16, and upstream is heavily utilized, a 0.5% pkt loss occurs on a BCM3137 Physical Interface Chip (PHY) based line card.

Workaround: Increase the ranging-burst preamble power, which results in a side-effect of low-signal-to-noise ratio (SNR), at around 17 dB, at the CMTS.

Alternative workaround: Do not use the QAM-16 rate on the CMTS.
CSCei85762
The cable modem termination system (CMTS) reports the following error when the cable downstream subs-traffic-mgmt command is entered:
%IP PIM must be enabled on virtual interface Bundle1 for tunnel traffic 
to get forwarded 
%Error: DSG client list 0 is not defined yet.
There are no known workarounds.
CSCei85808

When the show cable subscriber-usage command is entered, the system does not pause between screens with the "--More--" prompt.

There are no known workarounds.

CSCei86312

The cable modem termination system (CMTS) fails to send the classifier information for the upstream to the termination side of the SMDS Interface Protocol (SIP) Video phone call.

There are no known workarounds.

CSCei88999

If a Policy Server sends the cable modem termination system (CMTS) a gate-set that results in the gate being in the ACTIVE state, and billing information is added to the gate-set, the CMTS unexpectedly reloads when the cable modem (CM) sends an -rsp to the Dynamic Service Addition (DSA) request sent by the CMTS.

In normal instances, the CM should not send an -rsp to the DSA request. Several checks have been put in place to verify the parameters and ensure that the number of service flows has not been exceeded. However, some CMs may still send an -rsp to a DSA. If an -rsp is sent, the event management code generates an event message after the gate has been deleted.

Workaround: Because it cannot be determined when the CM will send an -rsp, the best workaround is to not use EM at this time.
CSCej61240
The following "% Ambiguous command:" messages occur when IP-related commands are input:
% Ambiguous command: "ip dhcp pool " 
% Ambiguous command: "ip dhcp binding " 
% Ambiguous command: "ip dhcp smart-relay " 
% Ambiguous command: "ip domain " 
% Ambiguous command: "ip domain-lookup " 
% Ambiguous command: "ip address-pool " 
% Ambiguous command: "ip telnet comport "
This issue occurs in the Cisco IOS Release 12.3 BC train.

There are no known workarounds.
CSCei90582

A service policy cannot be configured on a virtual bundle interface. An error message is returned when the command is entered.

This issue occurs when configuring a virtual bundle interface using the Cisco IOS Release 12.3(13a)BC or later.

There are no known workarounds.

CSCej23936

Tracebacks occur when executing an OSS-03 snmpv3 test.

There are no known workarounds.

CSCej34349

PacketCable Multimedia (PCMM) gates are left without the timer running and can use up gate resources when used with a legacy card.

Workaround: Enter the clear packet gate all command. However, be aware that this command clears all gates and can impact service.

CSCek07537

The cable modem termination system (CMTS) does not allow the UCC-RSP MAC message to be transmitted over a secondary service identifier (SID). This behavior is not DOCSIS2.0 compliant.

There are no known workarounds.
CSCek23937
The uptime-field in a Subscriber Account Management Interface Specification (SAMIS) exported records goes negative after 248 days:
(CMTSsysUpTime)-2147425017/(CMTSsysUpTime)
CMTSsysUpTime is an official DOCSIS / SAMIS MIB variable name.

This condition causes the billing application to drop records because of invalid values. Thus, an unpatched billing application cannot charge some customers for used traffic.

This issue occurs on all cable modem termination systems (CMTSs) that are not rebooted after more than 2147483647/100 seconds or 248 days.

Workaround: Prior to 248 days of uptime, schedule a CMTS reload during a maintenance window.
CSCsa54516

Baseline Privacy Interface (BPI)-enabled modems shift from online(pt) to online(pk), and traffic is not encrypted.

During this state, the traffic encryption key (TEK) request message is blocked and is not received by the cable modem termination system (CMTS).

Workaround: Reboot the CMTS.

CSCsa59600

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages

2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks

3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at

http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at

http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.pdf
CSCsa93574
On a Cisco uBR7100 series router, the following message appears while running Cisco IOS Release 12.2(15)BC2f:
%SYS-3-INVMEMINT: Invalid memory action (free) at 
interrupt level 
-Traceback= 60886E40 60581654 605816C0 6058277C 604FE8B0 604BC46C 
6058EE1C 6058F360 
605972E0 6059AE38 60590870 605A0468 
There are no known workarounds.
CSCsb02366

The quality of service (QoS) Prov for DOCSIS 2.0 cable modems correctly shows DOCSIS 1.0 or DOCSIS 1.1 because the major difference between a modem running in DOCSIS 2.0 mode as opposed to DOCSIS 1.0/1.1 mode is the physical layer and not the QoS provisioning.

However, to be consistent, the "DOC2.0" column under "QoS Provision" should be removed from the show cable modem mac summary command display.

In addition, a show cable modem phy summary command should be added to provide a quick summary of the cable modems in each phy mode on each interface.

CSCsb03623

The snmpwalk of cdxIfCmtsServiceOutOctets counter reports a value of 0 for interfaces connected to cable modems, even though there is traffic on the interface.

There are no known workarounds.

CSCsb10448

When dynamic upstream load-balancing is configured in a Multiprotocol Label Switching (MPLS)/Virtual Private Network (VPN) environment, any cable modems with secondary upstream service-flows associated with the management VPN that are moved by the load-balancing process have no IP connectivity.

The show cable modem h.h.h qos command followed by the show interface cable x/y/z sid cm primary sid association command shows the cable modem (CM) primary service identifier (SID) associated with the management VPN.

The show interface cable x/y/z sid cm secondary sid association command shows the secondary SID is "Not in use".

This issue occurs when the cable modem termination system (CMTS) is configured for MPLS/VPN, and a CM that is associated with a VPN is being moved to a new upstream using dynamic load-balancing, and has more than 1 upstream service flow (DOCSIS 1.1 or PacketCable). Static load-balancing does not induce this problem. (For example, under the above conditions, a load-balancing configuration such as cable load-balance group 1 threshold load 5 enforce can induce this issue.)

Workaround: As a temporary workaround, reset any modems in this state using the clear cable modem h.h.h reset command:

No permanent workaround exists. In this environment, dynamic load-balancing should be disabled.

CSCsb24464

When the show interfaces x/y command is issued on the Cisco uBR7100 series router, the output values are not displayed. The output values are displayed at the bundle interface.

Cisco uBR7100 Series Universal Broadband Routers

Release Notes for Cisco uBR7100 Series for Cisco IOS Release 12.3 BC

Hierarchical Navigation

Downloads

Table Of Contents

Release Notes for Cisco uBR7100 Series for Cisco IOS Release 12.3 BC

Contents

Introduction

Overview of Cisco Universal Broadband Routers

Cisco uBR7100 Series Universal Broadband Routers

Cisco uBR7111 and Cisco uBR7111E Universal Broadband Routers

Cisco uBR7114 and Cisco uBR7114E Universal Broadband Routers

Universal Broadband Router Overview

Early Deployment Releases

System Requirements

Memory Recommendations

Supported Hardware

Port Adapter Cards

Determining Your Software Release

Upgrading to a New Software Release

DOCSIS System Interoperability on the Cisco uBR7100 Series CMTS

DOCSIS 1.0 Baseline Privacy

Cable Modem Interoperability

DOCSIS 1.0 and 1.0+ Extensions

DOCSIS 1.1 Extensions

DOCSIS 1.1 Quality of Service

Feature Support

New and Changed Information

New Hardware Features in Cisco IOS Release 12.3(21a)BC9

New Software Features in Cisco IOS Release 12.3(21a)BC9

New Hardware Features in Cisco IOS Release 12.3(23)BC6

New Software Features in Cisco IOS Release 12.3(23)BC5

New Hardware Features in Cisco IOS Release 12.3(23)BC5

New Software Features in Cisco IOS Release 12.3(23)BC5

New Hardware Features in Cisco IOS Release 12.3(23)BC4

New Software Features in Cisco IOS Release 12.3(23)BC4

New Hardware Features in Cisco IOS Release 12.3(21a)BC8

New Software Features in Cisco IOS Release 12.3(21a)BC8

New Hardware Features in Cisco IOS Release 12.3(23)BC3

New Software Features in Cisco IOS Release 12.3(23)BC3

New Hardware Features in Cisco IOS Release 12.3(23)BC2

New Software Features in Cisco IOS Release 12.3(23)BC2

Subscriber Traffic Management Version 1.2

New Hardware Features in Cisco IOS Release 12.3(21a)BC7

New Software Features in Cisco IOS Release 12.3(21a)BC7

New Hardware Features in Cisco IOS Release 12.3(23)BC1

New Software Features in Cisco IOS Release 12.3(23)BC1

New Hardware Features in Cisco IOS Release 12.3(21a)BC6

New Software Features in Cisco IOS Release 12.3(21a)BC6

New Hardware Features in Cisco IOS Release 12.3(21a)BC5

New Software Features in Cisco IOS Release 12.3(21a)BC5

New Hardware Features in Cisco IOS Release 12.3(23)BC

DOCSIS Timing & Control Card (DTCC)

New Software Features in Cisco IOS Release 12.3(23)BC

New Hardware Features in Cisco IOS Release 12.3(21a)BC4

New Software Features in Cisco IOS Release 12.3(21a)BC4

New Hardware Features in Cisco IOS Release 12.3(21a)BC3

New Software Features in Cisco IOS Release 12.3(21a)BC3

New Hardware Features in Cisco IOS Release 12.3(21a)BC2

New Software Features in Cisco IOS Release 12.3(21a)BC2

New Hardware Features in Cisco IOS Release 12.3(21a)BC1

New Software Features in Cisco IOS Release 12.3(21a)BC1

New Hardware Features in Cisco IOS Release 12.3(21)BC

New Software Features in Cisco IOS Release 12.3(21)BC

Automatic Virtual Interface Bundles

Cable DHCP Enhancements

Dynamic Cable Helper Address Selection

Cable Node Location Reporting

show cable modem docsis device-class

Per Downstream Static Multicast

SAMIS Source Address Management

New Hardware Features in Cisco IOS Release 12.3(17b)BC9

New Software Features in Cisco IOS Release 12.3(17b)BC9

New Hardware Features in Cisco IOS Release 12.3(17b)BC8

New Software Features in Cisco IOS Release 12.3(17b)BC8

New Hardware Features in Cisco IOS Release 12.3(17b)BC7

New Software Features in Cisco IOS Release 12.3(17b)BC7

New Hardware Features in Cisco IOS Release 12.3(17b)BC6

New Software Features in Cisco IOS Release 12.3(17b)BC6

New Hardware Features in Cisco IOS Release 12.3(17b)BC5