Downloads |
Table Of Contents
Release Notes for Cisco AS5200 Universal Access Servers for Cisco IOS Release 12.0 XJ
Determining the Software Version
Upgrading to a New Software Release
Microcode and Modem Code Software
No New Features in Release 12.0(4)XJ5
Affected Devices and Software Versions
Open Caveats—Release 12.0(4)XJ5
Resolved Caveats—Release 12.0(4)XJ5
Cisco IOS Software Documentation Set
Release 12.0 Documentation Set
Software Configuration Tips on the Cisco Technical Assistance Center Home Page
Release Notes for Cisco AS5200 Universal Access Servers for Cisco IOS Release 12.0 XJ
December 6, 1999
These release notes for Cisco AS5200 universal access servers support Cisco IOS Release 12.0 XJ, up to and including Release 12.0(4)XJ5. These release notes are updated as needed to describe new features, memory requirements, hardware support, software platform deferrals, and changes to the microcode or modem code and related documents.
For a list of the software caveats that apply to Release 12.0(4)XJ5, see the "Caveats" section and Caveats for Cisco IOS Release 12.0T . The caveats document is updated for every maintenance release and is located on Cisco Connection Online (CCO) and the Documentation CD-ROM.
Use these release notes with Cross-Platform Release Notes for Cisco IOS Release 12.0 on CCO and the Documentation CD-ROM.
Contents
These release notes describe the following topics:
Introduction
This section contains information about the Cisco AS5200 universal access servers and Early Deployment (ED) Releases for the Cisco AS5200.
Cisco AS5200
The Cisco AS5200 universal access server is a multifaceted data communications platform that provides all the functions of an access server, a router, modems, and terminal adapters (TAs) in a modular chassis. Mid-sized organizations or service providers requiring centralized processing capabilities for mobile users and telecommuters will benefit the most using the Cisco AS5200 universal access server.
With their optimization for high-speed modem access, the Cisco AS5200 universal access servers are ideally suited for all traditional dial-up applications, such as host access, electronic mail, file transfer, and dial-in access to a local area network.
For information on new features and Cisco IOS commands supported by Release 12.0(4)XJ5, see the "New and Changed Information" section and "Related Documentation" section.
Early Deployment Releases
These release notes describe only Release 12.0 XJ for Cisco AS5200 universal access servers and do not describe features that are available in Release 12.0 or other Release 12.0 Early Deployment (ED) releases. Release 12.0(4)XJ5 is an Early Deployment (ED) release based on Release 12.0 and announces fixes to software caveats and support for new Cisco hardware.
For information about features in Release 12.0, see Cross-Platform Release Notes for Cisco IOS Release 12.0 on CCO and the Documentation CD-ROM.
For information about features in other platforms, see Release Notes for Cisco IOS Release 12.0 on CCO and the Documentation CD-ROM.
System Requirements
This section describes the system requirements for Release 12.0 XJ:
•
Determining the Software Version
•
•
Memory Requirements
Table 1 describes the memory requirements for the Cisco AS5200 platform feature sets supported by Cisco IOS Release 12.0(4)XJ5.
Hardware Supported
Cisco IOS Release 12.0 XJ supports the Cisco AS5200 universal access servers.
The following are LAN interfaces supported on the Cisco AS5200:
•
•
The following are WAN data rates supported on the Cisco AS5200:
•
•
The following are WAN interfaces supported on the Cisco AS5200:
•
•
•
•
•
•
•
•
•
•
For detailed descriptions of the new hardware features, see the "New and Changed Information" section.
Determining the Software Version
To determine the version of Cisco IOS software running on your Cisco AS5200, log in to the Cisco AS5200 and enter the show version EXEC command:
router>show versionCisco Internetwork Operating System SoftwareIOS (tm) AS5200 Software c5200-d-l, Version 12.0(4)XJ5, RELEASE SOFTWAREUpgrading to a New Software Release
For information on upgrading to a new software release, see the product bulletin Cisco IOS Software Release 12.0 T Upgrade Paths and Packaging Simplification (#819: 1/99) on CCO at:
http://www.cisco.com/warp/public/cc/cisco/mkt/ios/rel/120/prodlit/819_pp.htm
Service & Support: Software Center: Cisco IOS Software: Product Bulletins: Software
Under Cisco IOS 12.0, click Cisco IOS Software Release 12.0 T Upgrade (#819: 1/99).
Microcode and Modem Code Software
Microcode and modem code software images are bundled with the system software image—with the exception of the Channel Interface Processor (CIP) microcode (all system software images). Bundling eliminates the need to store separate microcode and modem code images. When the router starts, the system software unpacks the microcode and/or modem code software bundle and loads the proper software on all the interface processor boards. lists the current microcode and modem code versions for the Cisco AS5200 universal access servers.
Note
The modem code release notes are on CCO and the Documentation CD-ROM:
You can reach the release notes on CCO at:
Service & Support: Documentation Home Page: Access Servers and Access Routers: Firmware and Portware Information
You can reach the release notes on the Documentation CD-ROM at:
Cisco Product Documentation: Access Servers and Access Routers: Firmware and Portware Information
Feature Set Tables
The Cisco IOS software is packaged in feature sets consisting of software images—depending on the platform. Each feature set contains a specific set of Cisco IOS features.
Release 12.0(4)XJ5 supports the same feature sets as Release 12.0(5)T, but Release 12.0(4)XJ5 can include new features supported by the Cisco AS5200 universal access servers.
Table 3 Feature Sets Supported by the Cisco AS5200 Series
Feature SetIP
Basic1
c5200-i-l
IP Plus
Plus2
c5200-is-l
Desktop Standard
Feature SetIP/IPX/AppleTalk/DEC
Basic
c5200-d-l
IP/IPX/AppleTalk/DEC Plus
Plus
c5200-ds-l
1 This feature set is offered in the basic feature set.
2 This feature set is offered in the Plus feature set.
CautionCisco IOS images with strong encryption (including, but not limited to 168-bit (3DES) data encryption feature sets) are subject to United States government export controls and have limited distribution. Strong encryption images to be installed outside the United States are likely to require an export license. Customer orders may be denied or subject to delay due to United States government regulations. When applicable, purchaser/user must obtain local import and use authorizations for all encryption strengths. Please contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com.
lists the features and feature sets supported by the Cisco AS5200 universal access servers in Cisco IOS Release 12.0 XJ and uses the following conventions:
•
•
•
Note
Table 4 Feature List by Feature Set for the Cisco AS5200 Universal Access Server
AT/DEC
AT/DEC
PlusLayer 2 Tunnel Protocol (L2TP)
(1)T
No
Yes
No
Yes
Bridging Code Rework
Yes
Yes
Yes
Yes
RIF Passthru in DLSw+
No
No
No
No
Easy IP Phase 2-DHCP Server
(1)T
Yes
Yes
Yes
Yes
IP Type of Service and Precedence for GRE Tunnels
Yes
Yes
Yes
Yes
OSPF Point to Multipoint
Yes
Yes
Yes
Yes
Per User DNS
Yes
Yes
Yes
Yes
Cisco IOS File System
Yes
Yes
Yes
Yes
Entity MIB
Yes
Yes
Yes
Yes
Expression MIB
Yes
Yes
Yes
Yes
Conditionally Triggered Debugging
Yes
Yes
Yes
Yes
ISDN MIB RFC 2127
(1)T
Yes
Yes
Yes
Yes
Show Caller
Yes
Yes
Yes
Yes
SNMP Inform Request
No
No
No
No
SNMP Manager
Yes
Yes
Yes
Yes
VPDN MIB and Syslog Facility
No
Yes
No
Yes
Protocol-Independent Multicasts (PIM) Version 2
Yes
Yes
Yes
Yes
CLI String Search
(1)T
Yes
Yes
Yes
Yes
Airline Product Set (ALPS)
Yes
Yes
Yes
Yes
Additional Vendor-Proprietary RADIUS Attributes
Yes
Yes
Yes
Yes
Authenticating ACLs
Yes
Yes
Yes
Yes
Automated Double Authentication
Yes
Yes
Yes
Yes
MS-CHAP Support
No
No
No
No
Named Method Lists for AAA Authentication & Accounting
Yes
Yes
Yes
Yes
Subblock Phase 1
Yes
Yes
Yes
Yes
DRP Server Agent Enhancement
Yes
Yes
No
Yes
Always On/Dynamic ISDN (AO/DI)
No
No
No
No
ATM E.164 Auto Conversion
Yes
Yes
Yes
Yes
Dialer Watch
Yes
Yes
Yes
Yes
Layer 2 Tunneling Protocol
(1)T
No
Yes
No
Yes
Microsoft Point-to-Point (MPPC)
Yes
Yes
Yes
Yes
MS Callback
Yes
Yes
Yes
Yes
Multiple ISDN Switch Types
Yes
Yes
Yes
Yes
National ISDN Switch Types
Yes
Yes
Yes
Yes
Signaling System 7
No
Yes
No
Yes
Stackable Home Gateway
No
Yes
No
Yes
Asynch over UDP
(4)
Yes
Yes
Yes
Yes
Cisco SNMP Version 3
(4)
Yes
Yes
Yes
Yes
CNS Client for Cisco IOS Software
(4)
No
No
No
No
Dynamic Multiple Encapsulation for Dial-in over ISDN
(4)
Yes
Yes
Yes
Yes
Flow Random Early Detection (Flow WRED)
(4)
Yes
Yes
Yes
Yes
Generic Filesystem Layer (OS_IFSS)
(4)
Yes
Yes
Yes
Yes
ISDN LAPB-TA
(4)
Yes
Yes
Yes
Yes
Large Scale Dialout
(4)
Yes
Yes
No
No
Multilink Inverse Multiplexor
(4)
Yes
Yes
Yes
Yes
Parse Bookmarks
(4)
Yes
Yes
Yes
Yes
Process MIB
(4)
Yes
Yes
Yes
Yes
Signaling System 7 (SS7)
(4)
No
Yes
No
Yes
SLIP-PPP Banner and Banner Tokens
(4)
No
No
No
No
Virtual Console
(1)
Yes
Yes
Yes
Yes
1 This column indicates the maintenance release in which the feature was introduced. If this cell is empty in this column, this feature was introduced in the initial base release.
New and Changed Information
The following sections list the new hardware and software features supported by the Cisco AS5200 universal access servers for Release 12.0(4)XJ5:
No New Features in Release 12.0(4)XJ5
There are no new features supported by the Cisco AS5200 universal access servers in Cisco IOS Release 12.0(4)XJ5.
Important Notes
The following sections contain important notes about Cisco IOS Release 12.0 that can apply to the CiscoAS5200 universal access servers.
Cisco IOS Syslog Failure
Certain versions of Cisco IOS software can fail when they receive invalid User Datagram Protocol (UDP) packets sent to their syslog ports (port 514). At least one commonly used Internet scanning tool generates packets that cause such problems. This fact has been published on public Internet mailing lists, which are widely read both by security professionals and by security crackers. This information should be considered in the public domain.
Attackers can cause Cisco IOS devices to repeatedly fail and reload, resulting in a completely disabled Cisco IOS device that needs to be reconfigured by its administrator. Some Cisco IOS devices can hang instead of failing when attacked. These devices do not recover until they are manually restarted by reset or power cycling. An administrator must visit the device to restart it, even if the attacker is no longer actively sending any traffic. Some devices have failed without providing stack traces; some devices indicate that they were "restarted by power-on," even when that was not the case.
Assume that any potential attacker knows the existence of this problem and the ways to exploit it. An attacker can use tools available to the public on the Internet and does not need to write any software to exploit the vulnerability. Minimal skill is required and no special equipment is required.
Despite Cisco specifically inviting such reports, Cisco has received no actual reports of malicious exploitation of this problem.
This vulnerability notice was posted on Cisco's World Wide Web site:
http://www.cisco.com/warp/public/770/iossyslog-pub.shtml
This information was also sent to the following e-mail and USENET news recipients:
•
•
•
•
•
•
•
Affected Devices and Software Versions
describes hardware and software that are affected by this problem. Affected versions include Releases 11.3 AA, 11.3 DB, and all 12.0 versions (including 12.0 mainline, 12.0 S, 12.0 T, and any other regular released version whose number starts with 12.0), up to the repaired releases listed in . Cisco is correcting the problem in certain special releases, will correct it in future maintenance and interim releases, and intends to provide fixes for all affected IOS variants. See , for details.
No particular configuration is needed to make a Cisco IOS device vulnerable. It is possible to filter out attack traffic by using access lists. See the "Workarounds" section for techniques. However, except at Internet firewalls, the appropriate filters are not common in customer configurations. Carefully evaluate your configuration before assuming that any filtering you have protects you against this attack.
The most commonly used or asked-about products are listed below. If you are unsure whether your device is running Cisco IOS software, log in to the device and enter the show version command. Cisco IOS software will identify itself simply as "IOS" or "Internetwork Operating System Software." Other Cisco devices do not have the show version command and identify themselves differently in their output. The most common Cisco devices that run Cisco IOS software include the following:
•
•
•
•
Affected software versions, which are relatively new, are not necessarily available on every device listed above. If you are not running Cisco IOS software, you are not affected by this problem.
The following Cisco devices are not affected:
•
•
•
•
•
•
•
•
This vulnerability has been assigned Cisco bug ID CSCdk77426.
Solution
Cisco offers free software updates to correct this vulnerability for all affected customers—regardless of their contract status. However, because this vulnerability information has been disseminated by third parties, Cisco has released this notice before updates are available for all software versions. gives Cisco's projected fix dates.
Make sure that your hardware has adequate RAM to support the new software before installing it. The amount of RAM is seldom a problem when you upgrade within a major release, for example, from 11.2[11]P to 11.2[17]P, but it is often a factor when you upgrade between major releases, for example, from 11.2 P to 11.3 T.
Because fixes will be available for all affected releases, this vulnerability will rarely, if ever, require you to upgrade to a new major release. Cisco recommends that you carefully plan for any upgrade between major releases. Make certain no known bugs will prevent the new software from working properly in your environment.
Further upgrade planning assistance is available on Cisco's World Wide Web site at:
http://www.cisco.com
If you have service contracts, you can obtain new software through your regular update channels (generally through Cisco's World Wide Web site). You can upgrade to any software release, but you must remain within the boundaries of the feature sets you have purchased.
If you do not have service contracts, you can upgrade to only obtain the bug fixes; free upgrades are restricted to the minimum upgrade required to resolve the defects. You can only upgrade to the software described in one row of —except when no upgrade within the same row is available in a timely manner.
Obtain updates by contacting one of the following Cisco Technical Assistance Centers (TACs):
•
•
•
Give the URL of this notice (http://www.cisco.com/warp/public/770/iossyslog-pub.shtml) as evidence for a free update. Customers with no contracts must request for free updates through the TAC. For software updates, please do not contact either "psirt@cisco.com" or "security-alert@cisco.com.
Workarounds
You can work around this vulnerability by preventing any affected Cisco IOS device from receiving or processing UDP datagrams addressed to port 514. You can do this by either using packet filtering on surrounding devices, or by using input access list filtering on the affected IOS device itself.
If you use an input access list, apply it to all interfaces to which attackers can send datagrams. Interfaces include not only physical LAN and WAN interfaces but also virtual subinterfaces of those physical interfaces—as well as virtual interfaces and interface templates corresponding to GRE, L2TP, L2F, and other tunneling protocols.
The input access list must block traffic destined for UDP port 514 at any of the Cisco IOS device's own IP addresses—as well as at any broadcast or multicast addresses on which the Cisco IOS device may be listening. Be sure to block both old-style "all-zeros" broadcasts and new-style "all-ones" broadcasts. It is not necessary to block traffic being forwarded to other hosts—only traffic actually addressed to the Cisco IOS device.
No single input access list works in all configurations. Be sure you know the effect of your access list in your specific configuration before activating it.
The following example shows a possible access list for a three-interface router, along with the configuration commands needed to apply the list. The example assumes input filtering is not needed—other than as a workaround for this problem:
! Deny all multicasts, and all unspecified-net broadcasts, to port 514access-list 101 deny udp any 224.0.0.0 31.255.255.255 eq 514! Deny old-style unspecified-net broadcastsaccess-list 101 deny udp any host 0.0.0.0 eq 514! Deny network-specific broadcasts. This example assumes that all of! the local interfaces are on the class B network 172.16.0.0, subnetted! everywhere with mask 255.255.255.0. This will differ from network! to network. Note that we block both new-style and old-style broadcasts.access-list 101 deny udp any 172.16.0.255 0.0.255.0 eq 514access-list 101 deny udp any 172.16.0.0 0.0.255.0 eq 514! Deny packets sent to the addresses of our own network interfaces.access-list 101 deny udp any host 172.16.1.1 eq 514access-list 101 deny udp any host 172.16.2.1 eq 514access-list 101 deny udp any host 172.16.3.3 eq 514! Permit all other traffic (default would be to deny)access-list 101 permit ip any any! Apply the access list to the input side of each interfaceinterface ethernet 0ip address 172.16.1.1 255.255.255.0ip access-group 101 ininterface ethernet 2ip address 172.16.2.1 255.255.255.0ip access-group 101 ininterface ethernet 3ip address 172.16.3.3 255.255.255.0ip access-group 101 inListing all possible addresses—especially all possible broadcast addresses—to which attack packets can be sent is complicated. If you do not need to forward any legitimate syslog traffic received on an interface, you can block all syslog traffic arriving on that interface. Remember that blocking will affect traffic routed through the Cisco IOS device—as well as traffic destined to the device. If the IOS device is expected to forward syslog packets, you will have to filter in detail. Because input access lists impact system performance, install them with caution—especially on systems running very near their capacity.
Software Versions and Fixes
Many Cisco software images have been or will be specially reissued to correct this vulnerability. For example, regular released Cisco IOS version 12.0(2) is vulnerable, as are interim versions 12.0(2.1) to 12.0(2.3). The first fixed interim version of Release12.0 mainline software is Release12.0(2.4). However, a special release, 12.0(2a), contains only the fix for this vulnerability and does not include any other bug fixes from later 12.0 interim releases.
If you are running Release 12.0(2) and want to fix this problem without risking possible instability presented by installing the 12.0(2.4) interim release, you can upgrade to Release 12.0(2a). Release 12.0(2a) is a "code branch" from the Release 12.0(2) base, which will merge back into the Release 12.0 mainline at Release 12.0(2.4).
Special releases, like 12.0(2a), are one-time spot fixes, and they will not be maintained. Thus, the upgrade path from Release 12.0(2a) is to Release 12.0(3).
Note
Table 5 Affected and Repaired Software Versions
11.2 and earlier releases—all variants
Unaffected early releases (no syslog server)
Unaffected
Unaffected
Unaffected
11.3, 11.3 T, 11.3 DA, 11.3 MA, 11.3 NA, 11.3 WA, 11.3(2)XA
11.3 releases without syslog servers
Unaffected
Unaffected
Unaffected
11.3 AA
11.3 early deployment for AS58xx
11.3(7)AA2, 8-JAN-19994
11.3(7.2)AA
11.3(8)AA, 15-FEB-1999
11.3 DB
11.3 for Cisco NRP routing blade in Cisco 6400 xDSL DSLAM
11.3(7)DB2, 18-JAN-1999
12.0
12.0 Mainline
12.0(2a), 8-JAN-1999
12.0(2.4)
12.0(3), 1-FEB-1999
12.0 T
12.0 new technology early deployment
12.0(2a)T1, 11-JAN-1999
12.0(2.4)T
12.0(3)T, 15-FEB-1999
12.0 S
ISP support; 7200, RSP, GSR
12.0(2.3)S, 27-DEC-1998
12.0(2)S5 , 18-JAN-1999
12.0 DB
12.0 for Cisco 6400 universal access concentrator node switch processor (lab use)
12.0(2)DB, 18-JAN-1999
12.0(1)W
12.0 for Catalyst 8500 and LS1010
12.0(1)W5(5a) and 12.0(1a)W5(5b) (LS1010 platform only)
12.0(1)W5(5.15)
12.0(1)W5(6) (platform support for Catalyst 8540M will be in 12.0(1)W5(7))
12.0(0.6)W5
One-time early deployment for CH-OC-12 module in Catalyst 8500 series switches
Unaffected; one-time release
Unaffected
Unaffected; To upgrade use 12.0(1)W5 releases.
12.0(1)XA3
Short-life release; merged to 12/0T at 12.0(2)T
Obsolete
Merged
Upgrade to 12.0(2a)T1 or to 12.0(3)T.
12.0(1)XB
Short-life release for Cisco 800 series; merged to 12.0 T and 12.0 (3)T
12.0(1)XB1
Merged
Upgrade to 12.0(3)T.
12.0(2)XC
Short-life release for new features in Cisco 2600, Cisco 3600, uBR7200, uBR900 series; merged to 12.0 T at 12.0(3)T
12.0(2)XC1, 7-JAN-1999
Merged
Upgrade to 12.0(3)T
12.0(2)XD
Short-life release for ISDN voice features; merged to 12.0 T at 12.0(3)T
12.0(2)XD1, 18-JAN-1999
Merged
Upgrade to 12.0(3)T
12.0(1)XE
Short-life release
12.0(2)XE, 18-JAN-1999
Merged
Upgrade to 12.0(3)T
1 A special fix is a one-time release that provides the most stable immediate upgrade path.
2 Interim releases are tested less rigorously than regular maintenance releases; interim releases can contain serious bugs.
3 Fixed maintenance releases are on a long-term upgrade path. Other long-term upgrade paths also exist.
4 All dates in this table are estimates and are subject to change.
5 This entry is not a misprint. The 12.0(2.3)S interim release is available before the 12.0(2)S regular release.
MIBs
Old Cisco Management Information Bases (MIBs) will be replaced in a future release. OLD-CISCO-* MIBs are currently migrated into more scalable MIBs—without affecting existing Cisco IOS products or NMS applications. You can update from deprecated MIBs to the replacement MIBs as shown in:
Caveats
Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.
This section only contains open and resolved caveats for the current Cisco IOS maintenance release.
All caveats in Release 12.0 and Release 12.0 T are also in Release 12.0 XJ.
For information on caveats in Cisco IOS Release 12.0, see Caveats for Cisco IOS Release 12.0.
For information on caveats in Cisco IOS Release 12.0 T, see Caveats for Cisco IOS Release 12.0 T, which lists severity 1 and 2 caveats, and is located on CCO and the Documentation CD-ROM.
Note
Open Caveats—Release 12.0(4)XJ5
This section describes possibly unexpected behavior by Release 12.0(4)XJ5 and describes only severity 1 and 2 caveats:
Basic System Services
•
SegV Exception in peer_list_sum, NTP related
When utilising ntp pivate mode and control type messages for remote query it is possible to see a router crash or traceback messages .
•
Using show int accounting with 12.0(3)T the accounting records are updated only when the first system interface is sampled and all interfaces share the accounting record of the first interface.
•
Cisco IOS may crash when write memory is entered at the router prompt. This happens during nvgen of line command.
•
Running the latest 12.0T image the router cannot execute boot config commands from flash. This error message appears :
%Error opening nvram:/startup-config (File system is in an inconsistent state)
and no config at all is loaded.
Interfaces and Bridging
•
A Bridge-Group Virtual Interface (BVI) might become wedged intermittently (approximately monthly).
Workaround: Create a new BVI.
•
Alignment error messages on dot1q over IPX SAP.
*Jul 8 11:50:37: %ALIGN-3-CORRECT: Alignment correction made at 0x605B8E70 reading 0x63E5A6F1 *Jul 8 11:50:37: %ALIGN-3-TRACE: -Traceback= 605B8E70 60095714 60095700 00000000 00000000 00000000 00000000 00000000
However this alignment errors do not effect the connectivity or cause packet loss.
•
PA-A1 is subject to rx packets with bad aal5_length field. If the erroneous length is too small, it will corrupt memory sometimes and causes router crash.
•
A Cisco7206VXR with an NPE-300 crashed with a bus error, running 12.0(6.5)T2
IP Routing Protocols
•
Same global inside address used for three different inside hosts - using dynamic address translation / 11.2.9 IOS
•
After a link flap, the summary route might not appear in the routing table even though it appears in the OSPF topology table.
Workaround: Restart the OSPF process, or reload the router.
•
If the following routes exist: 1. An OSPF external route 2. A floating static route (backup for external), with next-hop interface being OSPF enabled, and if there is a flap in external route, floating static will be installed in the routing table. Floating static route will not get replaced by external route, even when external route comes back up.
Workaround: Issue a clear ip route * .
•
This DDTS fixes the problem whereby the tableID is not set when iBGP paths are learned before the prefixes from CE. This leads to inconsistency of paths showing up in the VRF table.
•
NAT might stop creating new entries after running for a while. The workaround is to clear the nat translation table.
•
When configuring policy routing on a rotary group leader, issuing no ip policy route-map <rmapname> on a Group-Async rotary group member or multiple physical interface rotary group members will cause the router to crash with SYS-2-FREEFREE type error.
•
When importing is done between 2 VRFs on the same PE, the imported paths will have wrong tableid and set to tableid of the original VRF.
•
Following entries are added to the running config without NAT being configured in the box.
•
•
•
•
•
•
•
Miscellaneous
•
Customer has to issue the command clear interface bri X, where X is the interface number of the 4000 8 port MBRI module that has a layer 2 state of "AWAITING_ESTABLISHMENT" for one Spid and "TEI_ASSIGNED" for the other Spid. The interface that gets stuck in this state is not always the same and it occurs at random times. It is not periodic.
After issuing the clear interface command, the layer 2 of the affected port changes to state "MULTIPLE_FRAME_ESTABLISHED" for both Spids. At this time, another ISDN call is able to be placed.
•
In Release 11.2P and 11.3 when Fast Ethernet subinterfaces are configured for encryption, if the crypto map is only applied to the main interface and the IP address is configured in the subinterface, the packets could be switched in the clear. In Release 12.0, enabling CEF could cause the packets to get dropped.
•
When tunneling IPX over an ip tunnel, and when using an extended inbound access list for IP on the tunnel interface, the IPX traffic gets blocked by the access list. As a workaround a permit gre statement could be added in the extended access-list.
•
If Token Ring is the endpoint of an encrypted tunnel, extra packets are generated.
Symptoms are a high CPU load (mainly taken by the Crypto Engine) and bogus addresses when enabling the debug tunnel command.
The workaround is to use the interface command tunnel sequence-datagrams on both endpoints of the tunnel.
•
After this ddts, the number of packets that can be queued on the hardware transmit queue can be limited using the tx-queue-limit CLI in the interface configuration. The current tx-queue-limit value can be obtained from the show controllers output. The following line will be displayed.
tx_limited=TRUE tx_queue_limit=2
tx_limited=TRUE means PQ or WFQ is enabled. tx_queue_limit value is displayed only if tx_limited is TRUE. When WFQ/PQ is enabled, the tx_queue_limit is set to 2. To change this value, the tx-queue-limit can be used. For PRI interfaces, the tx-queue-limit is configured to the D-channel interface. This tx-queue-limit will then apply to the B-channels.
For strict priority queueing the tx-queue-limit will have to be set to 1. The drawback of setting the tx-queue-limit to 1 is that the priority queueing code will kick in for each packet so this will have a performance impact. So it's a trade off between strict prioritization and performance.
•
When changing traffic shaping parameter in presence of traffic going through, NRP may have a software crash. There is already a fix, but not in 11.3(9)DB2. One may choose to shutdown the interface during configuration update as a wrokaround.
•
Statistics for per atm pvc wred do not propogate from VIP to RSP. This gives the impression the feature is not functioning. However, the feature is executing on the VIP. It is just that the stats are not coming up to the RSP and thus cannot be displayed in the show output.
•
PVC will fail to transmit if the configuration for that PVC is changed while the outbound rate on that PVC exceeds SCR.
Workaround is to do a clear interface ATMx/y when the problem occurs.
•
When you enable bridging on a Fast EtherChannel (FEC), the host functionality might not work properly, but bridging functionality is not affected. There is no workaround.
•
In 12.0T code cef will not work with bundle VC-s if subinterfaces part of the same physical interface are used .
•
Running a high load using IPsec may cause the router to reload after an indeterminate amount of time (5 minutes to 5 hours or more). There is no workaround.
•
Whan an entry in the arp table of the MPS change (more specifically when the corrispondance between the MAC address and the IP address change and the change is reflected into the MPS ARP table), some shourtcuts cannot be valid any more.
The MPS should take some initiative to notify the client about that, for example sending a purge.
The situation happens when devices that can "share" the same IP address at different times are connected behind a MPC.
•
A Cisco L2TP LAC or LNS will not send a ZLB ACK for a retransmitted CDN which could cause the tunnel to drop if the peer doesn't receive a response to its control message.
•
VIPs may crash when a 2FE is installed during bootup or configuration prior to this release.
•
If there are more than 35-40 connections active on the same DMM modem card and there is a large volume of unframed (non PPP) data output on the modems, the Router Shelf processor load may go very high and data output to the modems may be lost. There is no workaround.
•
Compression packets are process switched on the HSSI interface. With ip rtp header-compression and either ip route-cache or ip cef configured on a HSSI interface, packets will take the process path instead of the fast path. There is no workaround.
•
Compressed packets cannot be fast switched on PA-MC-8E1 card. Fastswitching on packets will not be compressed on the PAMC8E1 card and will only be compressed in the process path. There is no workaround
•
The problem is that under certain curcumstances when the socket errors condition occur, the H323 process who is one of the process that uses socket event API may spin with 98% to 100% CPU. There is not get around.
The problem can be identify by observe the % CPU utilization of the H323 process and enable the debug ip socket for the following errors.
Nov 22 19:01:45.941: process_get_socket_event(): pid 111, proc_soc 0x6226FD08 fd 3 mask 0x1 sock 0x62779184, sock->next 0x627BA000 *Nov 22 19:01:46.865: process_get_socket_event(): pid 111, proc_soc 0x6226FD08 fd 3 mask 0x1 sock 0x62779184, sock->next 0x627BA000 *Nov 22 19:01:46.865: SOCKET: Read failed: socket 0x62779184 can't read anymore *Nov 22 19:01:46.865: process_get_socket_event(): pid 111, proc_soc 0x6226FD08 fd 2 mask 0x1 sock 0x627BA000, sock->next 0x6260E8B8 *Nov 22 19:01:46.865: SOCKET: Read failed: socket 0x627BA000 can't read anymore 3d18h: %SYS-3-MSGLOST: 47995 messages lost because of queue overflow *Nov 22 19:01:46.941: SOCKET: Read failed: socket 0x62779184 can't read anymore *Nov 22 19:01:47.869: process_get_socket_event(): pid 111, proc_soc 0x6226FD08 fd 3 mask 0x1 sock 0x62779184, sock->next 0x627BA000 *Nov 22 19:01:47.873: SOCKET: Read failed: socket 0x62779184 can't read anymore *Nov 22 19:01:47.873: process_get_socket_event(): pid 111, proc_soc 0x6226FD08 fd 2 mask 0x1 sock 0x627BA000, sock->next 0x6260E8B8 *Nov 22 19:01:47.873: SOCKET: Read failed: socket 0x627BA000 can't read
•
Before fix, hotswapping a modem card affects certain MIB variables (i.e. upstream and downstream channel information) for that card and all modem cards below that slot. If there is a CM connected to an other modem card, when mibwalk docsIfCmtsObjects which contains docsIfCmtsCmStatusTable, it is possible that UBR will look like it is hanging.
After fix, when hotswapping a modem card, the deletion and addition of ifTable and ifStackTable have being handled correctly and no MIB variables would be missing for that card and all modem cards below that slot and no hanging when mibwalk docsIfCmtsCmtsObjects.
Workaround is to reload the router after OIR.
•
If Baseline Privacy is active, issuing the command show cable flap-list will crash the router. There is no workaround. This only affects Baseline Privacy ("k1") images.
Wide-Area Networking
•
The Link Access Procedure, Balanced (LAPB) module will retransmit any outstanding unacknowledged frames when the remote device reports "Receiver Ready" after previously reporting "Receiver Not Ready." If the T1 timer has not expired while the remote device was not ready, the outstanding unacknowledged frames should still be considered outstanding, and the LAPB should not retransmit them. There is no workaround.
•
The problem seems to happen only when transferring large information (ie: ftp). During that time we see Badsync or Badversion.
•
When using the interface multilink method for creating MLP bundle super interfaces in release 12.0(7.1)T and greater, a crash may occur intermittently when the member links are removed from the "multilink interface" via the command no multilink-group x. The user should perform a shut on all interfaces, remove each group member, then shut and remove the "multilink interface x"
•
When interworking with non-ISDN, the default number type and number plan for outgoing QSIG calls should be unknown.
•
Removal of the RLM GROUP from configuration will cause the serial interface to be removed.
Resolved Caveats—Release 12.0(4)XJ5
All the caveats listed in this section are resolved in release 12.0(4)XJ5.
IBM Connectivity
•
Removing the client ip ... configuration command may cause the router to unexpectedly restart due to a software forced crash.
Interfaces and Bridging
•
When you enable bridging on a Fast EtherChannel (FEC), the host functionality might not work properly, but bridging functionality is not affected. There is no workaround.
•
When a cable is disconnected from a GEIP interface port, the Cisco IOS does not report the "link down" event, and the interface stays up. There is no workaround.
•
When configuring a new E1 interface on a Port Adapter in a VIP2 based system ALL active E1's will go down.
The E1's don't have to be on the same VIP2
This event has been observed when configuring the following: 1) timeslots on the controller, 2) encapsulation type on the interface.
Currently there is no workaround.
Configuration changes on an E1 controller have to be executed in a maintenance window until this behaviour has been corrected.
IP Routing Protocols
•
After reloading BGP-3-BADROUTEMAP: Bad parameters in the route-map <name> applied for Dampening is logged every minute on 12.0(5)T (not on 12.0(4)T).
A sho ip bgp dampened-paths shows % dampening reconfiguration in progress
Doing a no bgp dampening route-map <name> bgp makes both issues go away.
•
BGP will not send the default route to its neighbor when "default-originate" is configured.
•
In some circumstances, EIGRP will not automatically install and advertise PPP host routes created through dial-in.
Workaround: Perform redistribute connected under EIGRP on the router receiving the dial connections.
LAT
•
The following line commands are not supported in Cisco IOS Release 12.0(5.5) through Release 12.0(6): the session-limit command, the absolute-timeout command, and online help for the lat command. There is no workaround.
Miscellaneous
•
The Ascend-Idle-Limit attribute is defined as being a value in seconds.
When this is applied to a client using PPP dedicated mode, the attribute is interpreted correctly and the client is idled out.
When this is applied to a client using PPP interactive mode, the attribute is interpreted and set as a minute value.
•
In some instances you may see RPM_VIRTUAL_PORT-3-IPCERR indicating that RPM was not able to convey the existing virtual port information to PXM. This situation is more likely to happen after clrallcnf command is executed or card is reset. At this point the connection database get out of sync between RPM and PXM, and RPM experienced a problem in connection resync. However, the connections eventually come up successfully.
If not, the saved config needs to be copied to running config by copy command.
•
Under some circumstances, the store-and-forward fax SMTP server may return the following message to the SMTP client even though the fax was delivered successfully:
450 4.4.2 Fax protocol delivery error•
A Cisco router running MPLS VPN is forwarding ICMP "unreachable" messages into according to the main routing table instead of sending them to the originating VRF.
This prevents IP MTU discovery to work properly.
Workaround: Disable IP MTU discovery on the affected hosts.
Wide-Area Networking
•
All platforms running MLP may potentially encounter a transient error condition where no links are assigned to a multi-link bundle.
•
Occassionaly a VIP card may not respond to a RSP boards request for a DBUS transaction. When this occurs the RSP will reset the VIP interface and perform a cbus complex restart (to re-allocate MEMD).
We do have a workaround for this problem now. Please refer to the workaround enclosure.
•
Router crashes with bus error in xot_cx_transition The stack is not always exactly the same.
•
While making multiple digital calls to an isdn PRI router, excessive CPU utilization will be given to the Dialer software component. These CPU HOGS will cause an rsp4 with 10 busy PRI's to become unusable.
•
In 12.0(5)T release of IOS software, LANE clients may use an incorrect value as a SDU size in their setup message to the LES. This can prevent the client from coming up. This would happen only if the mtu on the sub-interface is non-default(greater than 1500). The workaround is to use an MTU of 1500 on those sub-interfaces until this problem is resolved in the next release of IOS software.
Related Documentation
The following sections describe the documentation available for the Cisco AS5200 universal access servers. These documents consist of hardware and software installation guides, Cisco IOS configuration and command references, system error messages, feature modules, and other documents.
Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online on CCO and the Documentation CD-ROM.
Use these release notes with these documents:
•
Release-Specific Documents
The following documents are specific to Release 12.0 and are located on CCO and the Documentation CD-ROM:
•
On CCO at:
Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Release Notes: Cross-Platform Release Notes
•
Service & Support: Technical Documents
•
As a supplement to the caveats listed in "Caveats" in these release notes, see Caveats for Cisco IOS Release 12.0 and Caveats for Cisco IOS Release 12.0 T, which contains caveats applicable to all platforms for all maintenance releases of Release 12.0.
On CCO at:
Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Caveats
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Caveats
Note
Platform-Specific Documents
These documents are available for the Cisco AS5200 universal access servers on CCO and the Documentation CD-ROM:
•
•
•
•
•
•
•
On CCO at:
Technical Documents: Documentation Home Page: Cisco Product Documentation: Access Servers and Access Routers: Access Servers: Cisco AS5200
On the Documentation CD-ROM at:
Cisco Product Documentation: Access Servers and Access Routers: Access Servers: Cisco AS5200
Feature Modules
Feature modules describe new features supported by Release 12.0 XJ and are updates to the Cisco IOS documentation set. A feature module consists of a brief overview of the feature, benefits, configuration tasks, and a command reference. As updates, the feature modules are available online only. Feature module information is incorporated in the next printing of the Cisco IOS documentation set.
On CCO at:
Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: New Feature Documentation
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: New Feature Documentation
Cisco IOS Software Documentation Set
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents, which are shipped with your order in electronic form on the Documentation CD-ROM—unless you specifically ordered the printed versions.
Documentation Modules
Each module in the Cisco IOS documentation set consists of two books: a configuration guide and a corresponding command reference. Chapters in a configuration guide describe protocols, configuration tasks, Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference.
On CCO and the Documentation CD-ROM, two master hot-linked documents provide information for the Cisco IOS software documentation set.
You can reach these documents on CCO at:
Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Configuration Guides and Command References
You can reach these documents on the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Configuration Guides and Command References
Release 12.0 Documentation Set
describes the contents of the Cisco IOS Release 12.0 software documentation set, which is available in electronic form and in printed form upon request.
Note
You can reach the Cisco IOS documentation set on CCO at:
Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0
You can reach the Cisco IOS documentation set on the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0
Note
Service and Support
For service and support for a product purchased from a reseller, contact the reseller, who offers a wide variety of Cisco service and support programs described in "Service and Support" of Cisco Information Packet that shipped with your product.
Note
For service and support for a product purchased directly from Cisco, use CCO.
Software Configuration Tips on the Cisco Technical Assistance Center Home Page
If you have a CCO login account, you can access the following URL, which contains links and tips on configuring your Cisco products:
http://www.cisco.com/kobayashi/serv_tips.shtml
This URL is subject to change without notice. If it changes, point your Web browser to CCO and click on this path: Products & Technologies: Products: Technical Tips.
The following sections are provided from the Technical Tips page:
•
•
•
•
•
•
•
•
•
Cisco Connection Online
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can reach CCO in the following ways:
•
•
•
•
•
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
Note
Documentation CD-ROM
Cisco documentation and additional literature are available in a CD-ROM package, which package that ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.
78-6917-05
