Table Of Contents
Cisco 6400 NRP - Release Notes for Cisco IOS Release 12.1(4) DC
Determining the Software Version
Upgrading to a New Software Release
Features Not Yet Supported for the NRP-2
New Hardware and Software Features Supported in Releases 12.1(4)DC3
New Hardware and Software Features Supported in Releases 12.1(4)DC2
New Hardware and Software Features Supported in Releases 12.1(4)DC1
New Hardware Features Supported in Releases 12.1(4)DC
Node Route Processor 2 (NRP-2)
New Software Features Supported in Releases 12.1(4)DC
ATM PVC Range and RBE Subinterface Grouping by PVC Range
New Hardware Features Supported in Release 12.1(3)DC1
New Software Features Supported in Release 12.1(3)DC1
IPCP Subnet Mask Support Enhancements
RADIUS Attribute 8 (Framed-IP-Address) in Access Requests
Service Selection Gateway (SSG) Proxy RADIUS Enhancements
New Hardware Features Supported in Release 12.1(1)DC1
New Software Features in Release 12.1(1)DC1
Dynamic Host Configuration Protocol Relay for Unnumbered Interfaces Using ATM RBE
Session Scalability Enhancements
L2TP Tunnel Management Enhancements
L2TP Tunnel Service Authorization Enhancements
Node Route Processor-Service Selection Gateway—Local Forwarding
Segmentation and Reassembly Buffer Management Enhancements for the NRP-1
PPP over Ethernet (PPPoE) Fast Switching for Multicast
VPI/VCI Identification in RADIUS Requests
Gigabit Ethernet Interface on the NRP-2
Session and Tunnel Scalability
L2TP Session Scalability Commands with Recommended Settings for Both the NRP-1 and NRP-2
L2TP Session Scalability Commands with Recommended Settings for the NRP-2
Additional L2TP Session Scalability Commands
Open Caveats—Cisco IOS Release 12.1(1) DC3
Resolved Caveats—Cisco IOS Release 12.1(1) DC3
Open Caveats—Release 12.1(4)DC2
Resolved Caveats—Release 12.1(4)DC2
Open Caveats—Release 12.1(4)DC1
Resolved Caveats—Release 12.1(4)DC1
Resolved Caveats—Release 12.1(4)DC3
Open Caveats—Release 12.1(4)DC
Caveats that Apply to Both the NRP-1 and NRP-2
Preexisting NRP-1 Hardware Caveats
Determining Your NRP-1 Part Number
Cisco IOS Software Documentation Set
Cisco IOS Release 12.1 Documentation Set Contents
Obtaining Technical Assistance
Contacting TAC by Using the Cisco TAC Website
Cisco 6400 NRP - Release Notes for Cisco IOS Release 12.1(4) DC
February 18, 2002
Cisco IOS Release 12.1(4) DC3
78-10959-03 Rev. H0
These release notes for the Cisco 6400 node route processor (NRP) describe the enhancements provided in Cisco IOS Release 12.1(4) DC3. These release notes are updated as needed.
For a list of the software caveats that apply to Release 12.1(4) DC3, see the "Software Caveats" section and Caveats for Cisco IOS Release 12.1 T . The caveats document is updated for every maintenance release and is located on Cisco.com and the Documentation CD-ROM.
Use these release notes in conjunction with the cross-platform Release Notes for Cisco IOS
Release 12.1 located on Cisco.com and the Documentation CD-ROM.
Note
In these release notes, the acronym NRP refers to both the NRP-1 and the NRP-2. Where there are differences between the NRP-1 and the NRP-2, a clear distinction is made.
Contents
These release notes describe the following topics:
•
•
System Requirements
This section describes the system requirements for Cisco IOS Release 12.1(4) DC3 and includes the following sections:
•
•
Memory Recommendations
Table 1 lists the memory recommendations for the NRP-1 and NRP-2.
Note
Note
Supported Hardware
Cisco IOS Release 12.1(4) DC3 supports the Cisco 6400 NRP-1 and NRP-2. For detailed descriptions of the new hardware features, see the "New and Changed Information" section and the "Related Documentation" section.
Software Compatibility
Cisco recommends that Cisco IOS Release 12.1(4) DC3 be used concurrently with Cisco IOS Release 12.1(4)DB1 for the Cisco 6400 node switch processor (NSP). For information about Release 12.1(4)DB1 for the NSP, see the Release Notes for Cisco 6400 Node Switch Processor (NSP) for Cisco IOS Release 12.1(4)DB1.
For NRP-Service Selection Gateway (SSG) users, Cisco IOS Release 12.1(4) DC3 works with the Cisco Service Selection Dashboard (SSD) version 2.2. To use the Single-Host Logon feature, you can install and configure Cisco SSD version 2.2S(1.12). However, note that both Cisco SSD version 2.2 and version 2.2S(1.12) have not completed a full-production release cycle and therefore are considered nonsupported software versions. Cisco SSD version 2.5(1) is a fully supported production-release version that also supports Single-Host Logon, and was scheduled to be available in November 2000.
Determining the Software Version
To determine the version of Cisco IOS software currently running on the Cisco 6400 NRP, log in to the NRP and enter the show version EXEC command:
Router> show versionCisco Internetwork Operating System SoftwareIOS (tm) C6400R Software (C6400R-G4P5-M), Version 12.1(4) DC3, EARLY DEPLOYMENTRELEASE SOFTWARE (fc1)The output includes additional information, including processor revision numbers, memory amounts, hardware IDs, and partition information.
Upgrading to a New Software Release
For information about upgrading software on the Cisco 6400 Universal Access Concentrator (UAC), including upgrading a single- or dual-NRP system to a new software release, see the software note Upgrading Software on the 6400 UAC
For general information about upgrading to a new software release, see the Software Advisor located at: http://www.cisco.com/Support/Fusion/FusionHome.do
If you do not have an account on Cisco.com and want general information about upgrading to a new software release, see the product bulletin Cisco IOS Software Release 11.3 Upgrade Paths and Packaging Simplification (#703: 12/97) on Cisco.com.
Technical Documents: Product Bulletins: Software:Cisco IOS 11.3:
Cisco IOS Software Release 11.3 Upgrade Paths No. 703This product bulletin does not contain information specific to Cisco IOS Release 12.1 DC but provides generic upgrade information that may apply to Cisco IOS Release 12.1 DC.
Feature Tables
The Cisco IOS software is packaged in software images. Each image contains a specific set of Cisco IOS features.
NRP-1 Feature Table
Table 2 lists the features supported by the Cisco 6400 NRP-1 image called c6400r-g4p5-mz in this release.
Note
NRP-2 Feature Table
Table 3 lists the features supported by the Cisco 6400 NRP-2 image called c6400r2sp-g4p5-mz in this release.
Note
Table 3 Features Supported by the Cisco 6400 NRP-2 in Cisco IOS Release 12.1(4) DC3
Layer 3 ProtocolsAddress Resolution Protocol (ARP)
Internet Protocol Control Protocol (IPCP)
Internet Protocol (IP) forwarding
IP host
IP multicast
Integrated routing and bridging (IRB)
Layer 2 Tunnel Protocol (L2TP)
Multilink Point-to-Point Protocol (MLPPP or MLP)
Multiprotocol Label Switching (MPLS), excluding MPLS VPN
Point-to-Point Protocol (PPP) over Asynchronous Transfer Mode (ATM)
PPP over Ethernet (PPPoE), excluding PPPoE Fast Switching for Multicast
Route bridge encapsulation (RBE)
Routed RFC1483 encapsulation
Transmission Control Protocol (TCP)
Layer 2 and
Layer 3 Protocols (continued)Telnet
Trivial File Transfer Protocol (TFTP)
User Datagram Protocol (UDP)
Transparent bridging
Virtual LAN (VLAN)
Border Gateway Protocol version 4 (BGP4)
Enhanced Interior Gateway Routing Protocol (EIGRP)
Intermediate System-to-Intermediate System (IS-IS)
Open Shortest Path First (OSPF)
Protocol Independent Multicast (PIM)
Routing Information Protocol (RIP)
Web Cache Coordination Protocol (WCCP) version 2
Authentication, authorization, and accounting (AAA)
Challenge Handshake Authentication Protocol (CHAP)
File Transfer Protocol (FTP)
Network Address Translation (NAT)
Password Authentication Protocol (PAP)
Remote Dial-In User Service (RADIUS)
Simple Network Management Protocol (SNMP)
Terminal Access Controller Access Control System Plus (TACACS+)
ATM (OC-3, OC-12, DS3)
Gigabit Ethernet interface1
RADIUS accounting and interim accounting
Service Selection Gateway (SSG) default network
SSG autologon service
SSG automatic service access order manipulation
SSG Cisco express forwarding (CEF) support
SSG Cisco IOS NAT support
SSG Domain Name System (DNS) fault tolerance
SSG DNS selection
SSG full username RADIUS attribute
SSG idle timeout
SSG IPCP subnet mask
SSG local profile
SSG L2TP web selection
SSG multicast support
SSG proxy service
NRP Service Selection Gateway (continued)
SSG sequential and concurrent service access
SSG service-defined cookie
SSG service profile order selection
SSG session timeout
SSG single-host logon
SSG virtual path identifier/virtual channel identifier (VPI/VCI) RADIUS accounting
Transparent passthrough
Transparent passthrough filter
VPI/VCI static bind index to service profile (or VC service map)
CEF Switching
L2TP access concentrator (LAC) CEF Switching
L2TP tunnel switching2 , including:
•
•
RADIUS Attribute 8 (Framed-IP-Address) in Access Requests
Session Scalability Enhancements
VPI/VCI Identification in RADIUS Requests
1 The GE interface was not yet fully tested for Cisco IOS Release 12.1(4)DC2 and therefore should not be deployed with Release 12.1(4)DC2.
2 In Cisco IOS Release 12.1(4)DC2, L2TP tunnel switching for the NRP-2 has been tested and is supported at the same session and tunnel levels as the NRP-1. For more information, see Table 6.
Features Not Yet Supported for the NRP-2
Table 4 lists the features that are present in the c6400r2sp-g4p5-mz image, but not yet tested by the 6400 test team and therefore not yet supported for the NRP-2 in Cisco IOS Release 12.1(4) DC3.
New and Changed Information
The following sections list the new hardware and software features supported by the Cisco 6400 NRP for Release 12.1(4) DC3.
Note
New Hardware and Software Features Supported in Releases 12.1(4)DC3
No new hardware and software features are supported by the Cisco 6400 NRP for Cisco IOS Release 12.1(4) DC3.
New Hardware and Software Features Supported in Releases 12.1(4)DC2
No new hardware and software features are supported by the Cisco 6400 NRP for Cisco IOS Release 12.1(4) DC2.
New Hardware and Software Features Supported in Releases 12.1(4)DC1
No new hardware and software features are supported by the Cisco 6400 NRP for Cisco IOS Release 12.1(4) DC1.
New Hardware Features Supported in Releases 12.1(4)DC
The following new hardware features are supported by the Cisco 6400 NRP for Cisco IOS Release 12.1(4)DC.
Node Route Processor 2 (NRP-2)
The second-generation node route processor (NRP-2) for the Cisco 6400 platform allows aggregation and termination of large numbers of broadband subscribers while supporting Layer 3 and integrated high-touch services such as authentication, policy routing, and Network Address Translation (NAT). The Cisco 6400 receives subscribers over OC-3, OC-12, or DS-3 interfaces on node line cards (NLCs). The node switch processor (NSP) switches incoming virtual circuits (VCs) or virtual paths (VPs) to the appropriate NRP-2. The NRP-2 aggregates and terminates the incoming virtual circuits (VCs), offering extended services based on user and service profiles through the Service Selection Gateway (SSG).
Benefits of the NRP-2
In comparison with the NRP-1, the NRP-2 provides the following benefits:
Increased Session Scalability
The NRP-2 increases the session capacity of the Cisco 6400, providing a dramatic reduction in cost per subscriber. Table 6 shows the number of sessions and tunnels supported by the NRP-2 in Cisco IOS Release 12.1(4)DC2.
Increased Bandwidth
The NRP-2 supports a 622-Mbps ATM interface to the backplane and a Gigabit Ethernet (GE) packet interface on the faceplate.
Note
Dual Processors
The NRP-2 hardware includes two processor subsystems. In Cisco IOS Release 12.1(4)DC2, only one of the processors is used. In later software releases, the second processor will be used to provide increased session scalability.
Integrated System Management
Configuration storage, console traffic, and network management traffic are now controlled by the existing NSP, providing a more manageable and integrated platform. You can use a single console port on the NSP to access the console lines of all NRP-2s in the Cisco 6400 chassis and use a single management Ethernet interface on the NSP to monitor all NRP-2s in the system.
Backward Compatibility
The NRP-2 can be deployed in a Cisco 6400 chassis with existing modules, including the first-generation NRP-1. This enables you to increase your network capacity without replacing the chassis.
Note
Modular Design
The modular nature of the NRP-2 allows you to upgrade as your subscriber base grows. As the demand for services rises, you can add NRP-2 modules to the Cisco 6400 to provide increased session and bandwidth support.
Differences Between the NRP-1 and NRP-2
Table 5 shows the major differences between the NRP-1 and NRP-2.
Table 5 Differences Between NRP-1 and NRP-2
Session scalability
Hardware supports as many as 2000 sessions per NRP-1.
Hardware supports as many as 16,000 sessions per NRP-2
Physical interfaces
Faceplate interfaces:
•
•
•
•
Faceplate interfaces:
•
Backplane interfaces:
•
•
Backplane interfaces:
•
Location of software images, configurations, and crash information
NRP-1 memory (built-in or internal Flash)
PCMCIA4 disk on NSP
Message logging
Messages are logged on the NRP-1 as local messages.
NRP-2 messages are logged on both the NSP and NRP-2. NRP-2 messages on the NSP include the NRP-2 slot number.
Console line access
Direct external connection to NRP-1 console port or auxiliary port
Indirect external connection via the NSP. NSP contains a virtual communication server to access the NRP-2 console.
ROMMON5
ROMMON not upgradable;
NRP-1 ROM state information stored locally on NRP-1ROMMON is upgradable;
NRP-2 ROM state information is stored on the NSP PCMCIA disk.SNMP6
Standard SNMP services
Standard SNMP services, or can use the NSP as the proxy forwarder
LED display7
None
On faceplate
1 The GE interface is not supported in Cisco IOS Release 12.1(4)DC2.
2 PAM = Pulse amplitude modulation
3 The PAM mailbox serial interface is used for internal system communication. Do not attempt to configure serial interfaces on the Cisco 6400.
4 PCMCIA = Personal Computer Memory Card International Association
5 ROMMON = ROM Monitor
6 SNMP = Simple Network Management Protocol
7 The LED display on the NRP-2 does not provide any information in Cisco IOS Release 12.1(4)DC2, but will do so in future software releases.
More Information about the NRP-2
For more information about the NRP-2, see the NRP-2 feature module.
New Software Features Supported in Releases 12.1(4)DC
The following new software features are supported by the Cisco 6400 NRP for Cisco IOS Release 12.1(4)DC.
ATM PVC Range and RBE Subinterface Grouping by PVC Range
In a digital-subscriber line (DSL) environment, many applications require the configuration of a large number of ATM permanent virtual circuits (PVCs). The ATM PVC Range and Routed Bridge Encapsulation (RBE) Subinterface Grouping feature enables you to group a number of PVCs together into a PVC range in order to configure them all at once.
For applications that use multipoint subinterfaces, such as PPP over Ethernet and PPP over ATM, the PVC range is on a single multipoint subinterface. For applications that use point-to-point subinterfaces, such as RBE, a point-to-point subinterface is created for each PVC in the range.
Configuring many PVCs and subinterfaces at once saves time for the user and the parser, and conserves NVRAM space.
A PVC range is defined by two virtual path identifier (VPI)/virtual channel identifier (VCI) pairs. The two VPIs define a VPI range, and the two VCIs define a VCI range. The number of PVCs in the PVC range equals the VPI range multiplied by the VCI range.
Once the PVC range is defined, you can configure the range by using the existing Interface-ATM-VC configuration commands that are also supported in PVC range configuration mode. The shutdown PVC range command can be used to deactivate the range without deleting the configuration.
The ATM PVC Range and RBE Subinterface Grouping feature also introduces the pvc-in-range command, which allows you to explicitly configure an individual PVC within the defined range of PVCs on a multipoint subinterface. The shutdown PVC-in-range command allows you to deactivate an individual PVC within a range.
ATM PVC Range only supports multipoint ATM subinterfaces. You cannot configure individual PVCs within a PVC range on point-to-point subinterfaces. You must remove the individual PVC configurations from the configuration file to take advantage of the PVC range. If multiple configurations remain in the file, these configurations will override the PVC range commands.
For more information on this feature, see the ATM PVC Range and Routed Bridge Encapsulation Subinterface Grouping feature module.
Note
New Hardware Features Supported in Release 12.1(3)DC1
There are no new hardware features for the Cisco 6400 NRP supported in Cisco IOS Release 12.1(3)DC1.
New Software Features Supported in Release 12.1(3)DC1
The following new software features are supported by the Cisco 6400 NRP for Cisco IOS Release 12.1(3)DC1.
IPCP Subnet Mask Support Enhancements
IP Control Protocol (IPCP) subnet mask support allows customer premise equipment (CPE) to connect to the Cisco 6400 NRP and obtain an IP address and subnet mask range that it can use to populate its Dynamic Host Configuration Protocol (DHCP) server database. However, the software default setting does not allow subnet negotiations.
To enable IPCP subnet mask support, issue the ppp ipcp mask CLI command. In addition, a value must be specified for the Framed-IP-Netmask attribute (Internet Engineering Task Force [IETF] RADIUS attribute 9) in the RADIUS user profile.
The Cisco 6400 NRP brings up PPP sessions with the CPE and authenticates each CPE as a separate user. The Cisco 6400 NRP adds a static route for the IP address with the subnet mask specified. If the subnet mask is specified in the user profile, the Cisco 6400 NRP passes the IP netmask value and the IP address to the CPE during IPCP negotiation. The CPE uses the subnet mask to calculate an IP address pool from which IP addresses are assigned to PCs using the access link.
For more information on the IPCP subnet mask support feature, see the PCP Subnet Mask Support Enhancements feature module.
Note
Multilink PPP
Multilink Point-to-Point Protocol (PPP), referred to as MLPPP or MLP, is now supported on the Cisco 6400 NRP. MLP provides a method for spreading traffic across multiple physical WAN links while providing packet fragmentation and reassembly, proper sequencing, multivendor interoperability, and load balancing on inbound and outbound traffic. MLP provides bandwidth on demand and reduces transmission latency across WAN links.
For information on configuring MLP, see the chapter Configuring Media-Independent PPP and Multilink PPP in the PPP Configuration section of the Cisco IOS Dial Services Configuration Guide: Terminal Services.
L2TP LAC CEF Switching
Cisco express forwarding (CEF) is now supported on the Cisco 6400 NRP configured as an L2TP access concentrator (LAC).
For more information on CEF, see the chapter "Cisco Express Forwarding" in the Cisco IOS Switching Services Configuration Guide. For more information on L2TP, see the Layer 2 Tunnel Protocol Scalability Enhancements feature module.
Single-Host Logon
Single-Host Logon is an enhancement to the Node Route Processor—Service Selection Gateway (NRP-SSG). Single-Host Logon combines the PPP session logon and NRP-SSG host logon steps into one.
For more information, see the Node Route Processor-Service Selection Gateway Enhancements IV feature module.
Note
Note
Per VC Error Display
The command show controllers atm of the command language interface (CLI) was modified to allow the user to:
•
•
•
For more information on this feature, see the Per VC Error Display feature module.
RADIUS Attribute 8 (Framed-IP-Address) in Access Requests
The RADIUS Attribute 8 (Framed-IP-Address) in Access Requests feature makes it possible for a network access server to provide the RADIUS server with a hint of the user IP address in advance of user authentication. An application can be run on the RADIUS server to use this hint and build a table (map) of user names and addresses. Using the mapping information, service applications can begin preparing user login information to have available upon successful user authentication.
For more information on this feature, see the RADIUS Attribute 8 (Framed-IP-Address) in Access Requests feature module.
Service Selection Gateway (SSG) Proxy RADIUS Enhancements
The Cisco 6400 NRP-SSG feature was first released in Cisco IOS Releases 12.0(3)DC, while enhancements were added in later releases. Releases 12.1(3)DC1 introduces the following Proxy RADIUS Enhancements:
•
•
For more information on these enhancements, see the Node Route Processor-Service Selection Gateway Enhancements IV feature module.
New Hardware Features Supported in Release 12.1(1)DC1
There are no new hardware features for the Cisco 6400 NRP supported in Cisco IOS Release 12.1(1)DC1.
New Software Features in Release 12.1(1)DC1
The following new software features are supported by the Cisco 6400 NRP for Cisco IOS Release 12.1(1)DC1.
Cisco Express Forwarding
CEF switching is now supported for PPP over ATM (PPPoA), generic routing encapsulation (GRE), and Network Address Translation (NAT).
Dynamic Host Configuration Protocol Relay for Unnumbered Interfaces Using ATM RBE
Dynamic Host Configuration Protocol (DHCP) Relay now supports unnumbered interfaces using ATM route bridge encapsulation (RBE). DHCP Relay automatically adds a static host route specifying the unnumbered interface as the outbound interface.
DHCP Relay now also can use the ip dhcp database global configuration command. This optional command allows the DHCP Relay to save route information to a TFTP, FTP, or RCP server for recovery after reloads.
For more information on DHCP, see "Configuring DHCP" in the Cisco IOS IP and IP Routing Configuration Guide and "DHCP Commands" in the Cisco IOS IP and IP Routing Command Reference. For more information on the ATM RBE feature, see the ATM Routed Bridge Encaps feature module.
Session Scalability Enhancements
The following enhancements provide better session stability:
•
•
•
For more information, see the Session Scalability Enhancements II feature module.
L2TP Tunnel Management Enhancements
The L2TP tunnel management enhancements include the following features:
•
•
For more information, see the L2TP Tunnel Management Enhancements feature module
L2TP Tunnel Service Authorization Enhancements
These enhancements enable the L2TP access concentrator (LAC) to conduct static or dynamic tunnel service authorization. A static domain name can be configured on the ATM permanent virtual circuit (PVC) port to override the domain name supplied by the client. If a static domain name is not configured, the LAC conducts dynamic tunnel service authorization, which now includes two steps:
1.
2.
For more information, see the L2TP Tunnel Service Authorization Enhancements feature module.
L2TP Tunnel Switching
This feature enables the Cisco 6400 NRP to terminate tunnels from LACs and forward the sessions through new L2TP tunnels selected independently of the client-supplied domains. The NRP as a tunnel switch performs virtual private dial-up network (VPDN) tunnel authorization based on the ingress tunnel names that are mapped to specified LTP Network Servers (LNSs).
For more information, see the L2TP Tunnel Switching feature module.
Node Route Processor-Service Selection Gateway—Local Forwarding
This feature includes the Local Forwarding enhancement to the Node Route Processor—Service Selection Gateway (NRP-SSG). Local Forwarding enables NRP-SSG to forward packets locally.
For more information, see the Node Route Processor—Service Selection Gateway Enhancements III feature module.
Segmentation and Reassembly Buffer Management Enhancements for the NRP-1
This feature includes the following enhancements to segmentation and reassembly (SAR) buffer management:
•
•
•
For more information, see the Segmentation and Reassembly Buffer Management Enhancements
feature module.PPP Autosense
The PPP Autosense feature enables the network access server to:
•
•
For more information, see the PPP Autosense feature module.
PPP over Ethernet (PPPoE) Fast Switching for Multicast
PPPoE now supports fast switching for multicast in addition to Cisco express forwarding (CEF).
VPI/VCI Identification in RADIUS Requests
This feature enables the RADIUS VC Logging [Cisco IOS Release 12.0(5)DC] feature to support PPPoE. With RADIUS VC Logging enabled, the RADIUS network access server port field is extended and modified to carry VPI/VCI information. This information is logged in:
•
•
For more information, see the RADIUS VC Logging feature module.
Limitations and Restrictions
This section describes the following limitations:
•
•
Maximum Transmission Unit
The maximum transmission unit (MTU) of the NRP-2 ATM interface to the backplane is 1900 bytes. Any incoming packet larger than 1900 bytes is dropped by the NRP-2. To make sure that no incoming packets are larger than the NRP-2 MTU, see the section Matching the MTU Size of the NRP-2 and Its Network Neighbors (Optional) in the NRP-2 feature module.
VPI and VCI Limitations
VPI and VCI values on the NRP-2 must share 14 bits. By default, VPI values are limited to 4 bits (0-15), and VCI values are limited to 10 bits (0-1023). You can change the VPI and VCI ranges, but together the VPI and VCI values cannot exceed 14 bits. To change the allowed VPI and VCI values, see the Modifying VPI and VCI Ranges (Optional) section in the NRP-2 feature module.
Important Notes
NRP-2 Hardware Features
Gigabit Ethernet Interface on the NRP-2
The Gigabit Ethernet interface was not yet fully tested for Cisco IOS Release 12.1(4) DC3 and therefore should not be deployed with Release 12.1(4) DC3.
LED Display on the NRP-2
The LED display on the NRP-2 does not provide any information in Cisco IOS Release 12.1(4) DC3, but will do so in future software releases.
Session and Tunnel Scalability
Cisco IOS Release 12.1(4) DC3 supports the number of sessions and tunnels shown in Table 6. While using NRP-SSG, Cisco IOS Release 12.1(4) DC3 supports the number of sessions and tunnels shown in Table 7.
Note
Note
Note
Session Scalability Commands
This section provides commands that can be applied to achieve the session counts listed in Table 6 and Table 7.
Table 8 andTable 9 list commands for which Cisco recommends a particular setting in Cisco IOS Release 12.1(4) DC3. Table 10 lists additional commands that might be useful to achieve high session counts, but for which no recommended settings are provided; the setting of these commands depends on the user's environment and configuration.
For additional information, refer to the Layer 2 Tunnel Protocol Scalability Enhancements feature module and the Session Scalability Enhancements feature module.
L2TP Session Scalability Commands with Recommended Settings for Both the NRP-1 and NRP-2
Table 8 lists L2TP session scalability commands with recommended settings that apply to both the NRP-1 and NRP-2 in Cisco IOS Release 12.1(4) DC3.
Table 8 L2TP Session Scalability Commands with Recommended Settings for the NRP-1 and NRP-2
Modifying the PPP Max Configure:
NRP(config)# ppp max-configure number
1. Purpose
Specifies the number of Configure Requests.
2. Symptoms
Use when a large number of connections flap1 .
3. Recommended Settings
To achieve a large number of sessions, Cisco recommends a setting of 225 (that is, the value for number) on the NRP-1 and NRP-2.
Precloning Virtual Access Interfaces:
NRP(config)# virtual-template template-number preclone number
1. Purpose
Specifies the number of virtual access interfaces to be created and cloned from a specific virtual template.
2. Symptoms
Use to reduce the load on the system during call setup.
3. Recommended Settings
The recommended setting depend on the number of sessions that need to be configured. For example, to configure 2000 sessions on the NRP-1, enter a value of 2000 for number; to configure 4000 sessions on the NRP-2, enter a value of 4000 for number.
1 Flapping = Routing problem where an advertised route between two nodes alternates (flaps) back and forth between two paths due to a network problem that causes intermittent interface failures.
L2TP Session Scalability Commands with Recommended Settings for the NRP-2
Table 9 lists L2TP session scalability commands with recommended settings that apply to the NRP-2 in Cisco IOS Release 12.1(4) DC3.
Additional L2TP Session Scalability Commands
Table 10 lists additional commands that might be useful to achieve the session counts listed in Table 6 and Table 7, but for which no recommended settings are provided; the setting of these commands depends on the user's configuration and environment.
Table 10 Additional L2TP Session Scalability Commands without Recommended Settings
Limiting the Number of LCP Session Initiations:
NRP(config)# lcp max-session-starts number
1. Purpose
Specifies the maximum number of simultaneous LCP sessions to be negotiated.
2. Symptoms
Use when a large number of parallel LCP sessions causes many sessions to timeout and retry, which can result in a chain reaction of LCP session negotiations and excessive session recovery times.
Limiting the Number of LCP Session Initiations (continued)
3. Settings Information
To limit the number of simultaneous LCP session initiations, set the value for number between 100 and 3000.
Limiting the Load Metric:
NRP(config)# lcp max-load-metric number
1. Purpose
Specifies the maximum load metric based on the length of the PPP manager process input queue.
2. Symptoms
Use to shorten the session recovery time after a link dropout.
3. Settings Information
The nominal value for number depends on many factors. Cisco recommends that you start with 100. Try several values and select the one that results in the shortest session-recovery time after a link dropout.
Modifying the PPP Authentication Timeout:
•
•
1. Purpose
Specifies the PPP authentication timeout.
2. Symptoms
Use when the number of stable sessions is low because the waiting time for a response from the remote peer is too short, resulting in a PAP1 authentication request, CHAP2 challenge, or CHAP response being retransmitted.
3. Settings Information
The default PPP authentication timeout is 10 seconds. On the NRP-2, to increase the PPP authentication timeout, start with 15 seconds. Try several numbers and select the one that results in the highest number of stable sessions. (The maximum number is 255 seconds.)
Modifying the PPP Retry Timeout:
•
•
1. Purpose
Specifies the PPP retry timeout.
2. Symptoms
Use when the number of stable sessions is low because the waiting time for a response from the remote peer is too short, resulting in a configuration request or connection-termination request being retransmitted.
3. Settings Information
The default PPP retry timeout is 2 seconds. On the NRP-2, to increase the PPP retry timeout, start with 15 seconds. Try several numbers and select the one that results in the highest number of stable sessions. (The maximum number is 255 seconds.)
Setting the Number of Retransmission Attempts:
•
•
1. Purpose
Specifies the number of retransmission attempts per selected VPDN group.
2. Symptoms
Use when the number of retransmission attempts is insufficient.
3. Settings Information
The default number of L2TP tunnel control channel retransmission attempts is 10.
Setting the Minimum and Maximum Retransmission Timeouts:
•
•
•
1. Purpose
Specifies the minimum or maximum timeout for retransmissions on a selected VPDN group.
2. Symptoms
Use when the timeout for retransmissions is too short or to long. To determine the best minimum and maximum timeouts for a given topology, use the privileged EXEC command show vpdn tunnel all and check the displayed retransmit time distribution.
3. Settings Information
Control channel retransmissions follow an exponential backoff, starting at the minimum retransmission timeout, and ending at the maximum retransmission timeout. The maximum timeout can be set to up to 8 seconds.
Setting the Local Control Channel Receive Window Size:
•
•
•
•
•
1. Purpose
Specifies the size of the advertised receive window per selected VPDN group, clears all sessions, and drops the tunnel.
2. Symptoms
Use when the L2TP control channel sends requests too slowly.
3. Settings Information
The default local receive window size (RWS) is 3000 packets.
Setting the L2TP Tunnel Timeout:
•
•
1. Purpose
Specifies the tunnel timeout length per selected VPDN group.
2. Symptoms
Use when a tunnel timeout is too short. For example, after all of its sessions are gone and you expect sessions to come back immediately, you might want to keep the tunnel open.
3. Settings Information
The default tunnel timeout is 10 seconds for an LNS and 15 seconds for an LAC.
1 PAP = Password Authentication Protocol
2 CHAP = Challenge Handshake Authentication Protocol
Software Caveats
Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only select severity 3 caveats are included in the caveats document.
All caveats in Cisco IOS Release 12.1 and Cisco IOS Release 12.1 T are also in Cisco IOS Release 12.1(4) DC3.
For information on caveats in Cisco IOS Release 12.1, see Caveats for Cisco IOS Release 12.1.
For information on caveats in Cisco IOS Release 12.1 T, see the Caveats for Cisco IOS Release 12.1 T, which lists severity 1 and 2 caveats and select severity 3 caveats and is located on Cisco.com and the Documentation CD-ROM.
This section contains open caveats for the current Cisco 6400 NRP Cisco IOS release only and includes severity 1, severity 2, and select severity 3 and severity 4 caveats (severity 4 caveats are minor caveats).
Note
Open Caveats—Cisco IOS Release 12.1(1) DC3
There are no open caveats specific to Cisco IOS Release 12.1(1) DC3 that require documentation in the release notes.
Resolved Caveats—Cisco IOS Release 12.1(1) DC3
All the caveats listed in this section are resolved in Cisco IOS Release 12.1(1) DC3. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Open Caveats—Release 12.1(4)DC2
There are no new open caveats specific to Cisco IOS Release 12.1(4)DC2 that require documentation in the release notes.
Resolved Caveats—Release 12.1(4)DC2
This section describes caveats that have been closed and resolved in Cisco IOS Release 12.1(4)DC2. This section describes severity 1, 2, and select severity 3 and 4 caveats.
•
Connection setup improvements.
This improvement has been included in Cisco IOS Release 12.1(4)DC2.
•
When logging on and logging off consecutively with a different user name from the same host, SSG will reload. There is no workaround.
This caveat has been resolved in Cisco IOS Release 12.1(4)DC2.
•
The "vpn_select_tas" registry and related code is missing in Cisco IOS Release 12.1(3)DC1 and later releases. There is no workaround.
This caveat has been resolved in Cisco IOS Release 12.1(4)DC2.
Open Caveats—Release 12.1(4)DC1
This section describes new possibly unexpected behavior by Cisco IOS Release 12.1(4)DC1. This section describes severity 1, 2, and select severity 3 and 4 caveats.
•
With NAT and Policy Based Routing (PBR) configured together on the NRP, fast switching does not work. There is no workaround.
•
The AAA authentication process on an NRP that is running Cisco IOS Release 12.1(1)DC1 or later with a PPPoA user, experiences a long delay: After the NRP receives the Challenge Handshake Authentication Protocol (CHAP) "response" message, it takes about one minute before the CHAP answers with a "success" message, while only link control protocol (LCP) keepalives are active during the process. There is no workaround.
Resolved Caveats—Release 12.1(4)DC1
This section describes caveats that have been closed and resolved in Cisco IOS Release 12.1(4)DC1. Caveats that were already closed and resolved in previous releases are not included in this section. This section describes severity 1, 2, and select severity 3 and 4 caveats.
•
On a Cisco 6400 functioning as a Network Access Server (NAS), the NAS-port attribute might not show any VPI/VCI values in the "d"-format (that is, VPI/VCI=0/0).
Workaround: remove the problematic PVCs on the NRP and recreate them.
To make sure that all PVCs work properly, do the following:
–
–
–
–
This caveat has been resolved in Cisco IOS Release 12.1(4)DC1.
•
On the NME interface of the NRP, the IP address is still negotiated even if the interface is in a shutdown state. There is no workaround.
This caveat has been resolved in Cisco IOS Release 12.1(4)DC1.
•
An interface that is configured for RBE sends out ATM Inverse ARP packets. This might cause clients who misinterpret these packets to insert "0008.0400.0004" in their bridge tables.
Workaround: Disable ATM Inverse ARP.
This caveat has been resolved in Cisco IOS Release 12.1(4)DC1.
•
Only SSG subscribers who use PPPoE or PPPoA (with a Cisco 605 as a modem) can see the dashboard if the SSD revision is 2.2s(2.12). All other subscribers see an empty frame instead of a logon frame. There is no workaround. However, if there is no need to use the SSG single-host logon feature, another revision of SSD can be used to work around this problem.
This caveat has been resolved in Cisco IOS Release 12.1(4)DC1.
•
A defect in multiple releases of Cisco IOS software will cause a Cisco router or switch to halt and reload if the Cisco IOS HTTP service is enabled, browsing to http://router-ip/anytext?/ is attempted, and the enable password is supplied when requested. This defect can be exploited to produce a denial of service (DoS) attack.
The vulnerability, identified as Cisco caveat ID CSCdr91706, affects virtually all mainstream Cisco routers and switches running Cisco IOS software releases 12.0 through 12.1, inclusive. This is not the same defect as CSCdr36952.
The vulnerability has been corrected and Cisco is making fixed releases available for free to replace all affected Cisco IOS releases. Customers are urged to upgrade to releases that are not vulnerable to this defect, as shown in detail below.
This vulnerability can only be exploited if the enable password is known or not set.
You are strongly encouraged to read the complete advisory, which is available at http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml.
This caveat has been resolved in Cisco IOS Release 12.1(4)DC1.
•
The content of "ConnectionObject" of the SSG web-selection L2TP service shows no traffic statistics for both the input and output. There is no workaround.
This caveat has been resolved in Cisco IOS Release 12.1(4)DC1.
•
If fast-switching is turned on, the route bridge encapsulation (RBE) feature does not pad frames with a size less then the minimum Ethernet size to the required minimum IEEE 802.3 frame size. If the remote site on the receiving end does not pad the frames, they will be dropped as a runt frames (that is, frames that are smaller than the minimum IEEE 802.3 frame size).
Workaround: Turn off fast-switching on the ATM interface.
This caveat has been resolved in Cisco IOS Release 12.1(4)DC1.
•
Under extreme traffic loads in an NRP with Cisco IOS Release 12.1(01)DC1 or a higher release, PPP sessions may fail to originate new sessions. Workaround: Restart the processor.
This caveat has been resolved in Cisco IOS Release 12.1(4)DC1.
•
When issuing the command clear int virtual-access on a virtual-access interface, one would expect the PPP session to be terminated. This is not the case, as the command has no effect.
Workaround: Clear or delete and recreate the source interface (ATM VC).
This caveat has been resolved in Cisco IOS Release 12.1(4)DC1.
•
The NRP might reload with the following error message:
%SYS-3-OVERRUN: Block overrun at 627E418 (red zone = 4E205047)This error is caused by process writing beyond the allocated memory. There is no workaround.
This caveat has been resolved in Cisco IOS Release 12.1(4)DC1.
•
When the input queue of the ATM interface is wedged, the ATM interface might stop receiving traffic. When issuing the show atm interface command, input errors as well as cyclic redundancy check (CRC) errors are reported.
Workaround: Disable CEF Switching.
This caveat has been resolved in Cisco IOS Release 12.1(4)DC1.
•
The ip http authentication enable command cannot be saved. Issuing the show run or show conf command does not show the ip http authentication enable command. There is no workaround.
This caveat has been closed in Cisco IOS Release 12.1(4)DC1.
•
In a heavy traffic situation, packets switched by CEF might be corrupted.
Workaround: Disable CEF. Note that this will increase the CPU load.
This caveat has been resolved in Cisco IOS Release 12.1(4)DC1.
•
While running SSG-L2TP using Cisco IOS Release 12.1(3)DC1, L2TP sessions do not correctly load-balance across multiple LNSs.
This caveat has been resolved in Cisco IOS Release 12.1(4)DC1.
•
When the PPP synchronization is lost on a Virtual-Access interface, PPP resynchronization causes multicast parameters to be lost. The interface will no longer have multicast enabled. There is no workaround.
This caveat has been resolved in Cisco IOS Release 12.1(4)DC1.
•
In an L2TP LAC configuration that uses PPPoA, counters in the NRP fail when traffic is process- switched. There is no workaround.
This caveat has been resolved in Cisco IOS Release 12.1(4)DC1.
•
An NRP might reload due to memory-allocation failures in the process and I/O memory: After malloc failures, the NRP eventually reloads, sometimes with redzone-violation errors and other times due to the watchdog timeout. There is no workaround.
This caveat has been resolved in Cisco IOS Release 12.1(4)DC1.
•
An NRP running Cisco IOS Release 12.1(3)DC might experience a 30-MB memory leak after
18 hours of operation with the CPU running at approximately 60%. This causes the command prompt to fail. There is no workaround.
This caveat has been resolved in Cisco IOS Release 12.1(4)DC1.
Resolved Caveats—Release 12.1(4)DC3
This section describes caveats that have been closed and resolved in Cisco IOS Release 12.1(4)DC3. Caveats that were already closed and resolved in previous releases are not included in this section. This section describes severity 1, 2, and select severity 3 and 4 caveats.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Open Caveats—Release 12.1(4)DC
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(4)DC1. This section describes severity 1, 2, and select severity 3 and 4 caveats.
Caveats that Apply to Both the NRP-1 and NRP-2
The following open caveats apply to both the NRP-1 and NRP-2.
•
With the SSG single-host logon feature enabled, SSD does not prompt a subscriber with a logon frame if the account ping fails.
Workaround: The subscriber has to terminate the PPP session to SSG and logon again.
Alternative workaround: If the SSG single-host logon feature is not a requirement, use another revision of SSD.
•
When using multiple RADIUS servers, failure or lack of performance of one of the servers can prevent SSG from using one of the other servers. There is no workaround.
•
During a power-on condition, if an NRP-2 is in a lower-numbered slot than an NRP-1, the user might see the following message on the NRP-1 console and the NRP-1 might reboot:
platform_interface_init: PAM mailbox Config not valid yet, pausing before re-readingThe NRP-1 will then boot correctly. There is no workaround.
•
After all NRP-SSG users log off a specific service, the service object is cleared, but the subblock associated with the interface is not reset. As a result, all traffic from the interface is still treated by NRP-SSG as downstream traffic.
Workaround (do one of the following):
–
–
•
Changing service binding while using the service might cause an inconsistency in the service binding table and break the NRP-SSG data path forwarding table.
Workaround: Avoid changing service binding while the service is in use.
•
After a long period of correct operation and with the Network Access Server port ID format "d" enabled, RADIUS authentication requests and accounting records associated with certain PVCs begin to carry incorrect information (mostly zeros).
Workaround: Remove the problem PVCs and recreate them on the NRP.
•
On a Cisco 6400 functioning as a Network Access Server (NAS), the NAS-port attribute might not show any VPI/VCI values in the "d"-format (that is, VPI/VCI=0/0).
Workaround: remove the problematic PVCs on the NRP and recreate them.
To make sure that all PVCs work properly, do the following:
–
–
–
–
•
Traffic coming from a Fast Ethernet (FE) interface on an NRP with Inter-Switch Link (ISL) encapsulation, forwarded out of an ATM route bridge encapsulation (RBE) interface, might not be fast-switched but process-switched when you use the bridge irb global configuration command on the NRP.
Workaround: Remove the bridge irb global configuration command from the configuration.
•
If atm ilmi-pvc-discovery subinterface is configured on both the ATM 0/0/0 interface and an ATM subinterface, the ATM PVC will not come up after the NRP reloads, unless you do a shut command followed by a no shut command on the ATM 0/0/0 interface.
Workaround: Avoid using atm ilmi-pvc-discovery on ATM subinterfaces.
•
The NRP should use "big" buffers to do IP Multicast packet replication instead of using "very big" buffers when the payload size is 1500 bytes. Since the NRP has a limited number of "very big" buffers, memory allocation failure may be seen if the payload size is 1500 bytes and IP Multicast is enabled.
Workaround: Increase the number of "very big" buffers.
•
In a PPPoA configuration, if a Fast Ethernet interface runs out of local memory under heavy traffic, the pool-memory manager might not be able to allocate fallback pool memory fast enough. This might cause the Fast Ethernet interface to reset and reject incoming traffic temporarily.
There is no workaround.
•
When an NRP-SSG subscriber exceeds the maximum number of services determined by the ssg maxservice global configuration command, the Cisco SSD incorrectly displays the following message: "The server returned an invalid or unrecognized response."
The correct message reads: "You have reached the maximum allowed number of concurrently logged in services for your system, host-ID. Please logoff of at least one service, and try your service logon request again."
Workaround: Click OK to recognize the error, and select the service on the viewService frame again. The correct message will appear.
•
On an NRP-1, during an ATM interface-flapping test in a configuration with 2000 PPPoA/40 L2TP tunnels and without any traffic, the 2000 tunnels will not all be re-established after issuing a shut command, pausing 5 minutes, and issuing a no shut command. The same test with a configuration of 1700 PPPoA/300 L2TP tunnels recovers fine. There is no workaround.
•
A memory leak might happen when the NRP has 2000 PPPoA sessions with AAA authentication configured and has a very large volume of trace messages to display during NRP booting up.
Workaround: Turn off console logging. (The NRP should turn off console logging as a normal operation.)
•
If you turn on traffic shaping on 400 or more PVCs, and heavy traffic causes the PVCs to become congested simultaneously, random PPP sessions might be dropped.
Workaround (do one of the following):
–
–
•
Traffic shaping configuration using the vbr-nrt <pcr> <scr> <input burst> under VC-class command cannot be removed by entering no vbr-nrt <pcr> <scr> <input burst>.
Workaround: Remove the entire VC-class, and re-enter the VC-class configuration without traffic shaping.
•
The Interim Local Management Interface cannot be brought up on DS3 interfaces. This causes the interfaces on a Cisco 6400 NSP to stay in the User-Network Interface. If the Cisco 6400 connects to a Cisco LightStream 1010, the Private Network Node Interface will never come up.
Workaround: Configure a well-known VC manually.
•
After the reboot of an NRP and with AAA configured, you might not be able to bring up a PPPoE session for a period of 15 to 30 minutes. Issuing the command show proc cpu will show a high CPU activity in either the PPP Authentication or the PPP Manager. Issuing the command show atm ingress all detail will show the ingress VPI/VCI as 0/0 and the IP address as 0.0.0.0. There is no workaround.
•
When 800 sessions are brought up through the home gateway, NRP-1, and L2TP access concentrators, the send-receive counters are out-of-sync and the tunnels are torn down. Under these circumstances, all sessions are terminated. There is no workaround.
•
When SSG is enabled on the NRP, issuing the clear interface ATM 0/0/0 command causes the NRP to reload.
This behavior is observed only when SSG is enabled on the NRP and does not happen when SSG has been disabled with the no ssg enable command.
Workaround: When SSG is enabled on the NRP, do not issue the clear interface ATM 0/0/0 command during any ATM traffic volume.
Alternative workaround: When SSG is enabled on the NRP, after issuing a shut command on the ATM interface, wait for more than 10 minutes before issuing a no shut command.
•
The PPP authentication process might cause a memory leak. This is most likely to happen when the 6400 is terminating a large number of PPP sessions and there is a high level of PPP-authentication processing. There is no workaround.
•
When memory corruption causes the NRP to reload, the reload-information file might not include the dump of the corrupted memory that caused the reload. There is no workaround.
•
When using IP multicast, the NRP might report "CPUHOG" errors, referencing the PIM and IGMP processes. These errors indicate that the processes are not relinquishing the CPU often enough to allow other packet-handling processes to perform. In extreme cases, this can lead to severe degradation in performance. There is no workaround.
•
When IP relay is configured on an unnumbered VPN Routing/Forwarding (VRF) interface, the static route might be inserted into the global rting table instead of the VRF routing table. There is no workaround.
•
With frequent CLI operations on the ATM interface (for example, reconfiguration commands, commands to clear the interface, etc.) during heavy traffic, the NRP might have a bus-error crash in the packet-receiving path.
Workaround: Avoid frequent CLI operations on the ATM interface during heavy traffic.
•
A configuration with PPPoA/SSG and NetMeeting may cause a red-zone violation and a reload on the NRP. There is no workaround.
•
When a large number of PPPoE sessions is configured, and these sessions go down and try to come up again, some resources are not re-used. The command show vtemplate shows a larger number of virtual accesses then the number of sessions. There is no workaround.
•
The NRP might reload with the following error message:
%SYS-3-OVERRUN: Block overrun at 627E418 (red zone = 4E205047)This error is caused by process writing beyond the allocated memory. There is no workaround.
This caveat might have the same root cause as CSCds43050, which has been resolved.
•
The aaa accounting update command does not change the frequency of the accounting updates that are sent to the RADIUS server. There is no workaround.
•
When SSG is enabled, it is possible to configure NetFlow with the ip route-cache flow command, assuming that the ip cef command was enabled previously. However, this is not supported by SSG and will short-circuit the SSG functionality.
Workaround: Use the no ip route-cache flow command to prevent the problem.
•
The ip http authentication enable command cannot be saved. Issuing the show run or show conf command does not show the ip http authentication enable command. There is no workaround.
•
An NRP that is running Cisco IOS Release 12.1(1)DC1 and that has 1900+ access interfaces and memory compression configured, experiences memory fragmentation: the largest block is about 45 KB and the free memory is 20 MB.
Workaround: Configure a free list size for the compression history block, using the memory free-list number command.
•
An NRP that is running Cisco IOS Release 12.1(1)DC1 or later releases and that has 1900+ access interfaces and memory compression configured, experiences memory fragmentation: the largest block is about 45 KB and the free memory is 20 MB.
Workaround: Configure a free list size for the compression history block, using the memory free-list number command.
•
During configuration, the NRP might unexpectedly reload with the following error message:
%ALIGN-1-FATAL: Corrupted program counterThis behavior might be due to a race condition in which a function might be called before its initialization. There is no workaround.
•
When the NRP is reloaded with a dead switch port, the NRP attempts to bring up the FE interface. The NRP reports the interface status as "reset with line down" instead of reporting the interface as down. There is no workaround.
•
While reconfiguring PVCs on the NRP, you might experience an unexpected reload after a message similar to the following message:
19:12:03: %SYS-3-MGDTIMER: Uninitialized timer, timer stop, timer = 61406F10.-Process= "Virtual Exec", ipl= 0, pid= 41There is no workaround.
•
When copying or changing the configuration on the NRP, the NRP might unexpectedly reload with the following error message:
04:50:00: %SYS-2-FREEBAD: Attempted to free memory at AB1234CD, not part of buffer pool -Traceback= (...)There is no workaround.
•
On a Cisco 6400, when an ATM interface is configured with RBE with IP unnumbered, static routes are not created if dynamic addresses are handed out using a Cisco IOS DHCP server. The addresses are handed out correctly by the Cisco IOS DHCP server, but the static routes are not built in the routing table.
Workaround: Use an external DHCP server.
•
The packets-out counter on the Virtual-Access interface of a Cisco 6400 LNS might be incorrect when the L2TP tunnel and the outgoing traffic use the same physical interface and CEF is enabled.
Workaround: Disable CEF.
•
When using "dot1q" encapsulation on the Cisco 6400 and the native VLAN is VLAN 1, the communication between the devices stops.
Workaround: Use ISL instead of "dot1q" encapsulation.
Alternate workaround: Change the native VLAN to a VLAN other than VLAN 1.
•
When the PPP synchronization is lost on a Virtual-Access interface, PPP resynchronization causes multicast parameters to be lost. The interface will no longer have multicast enabled. There is no workaround.
•
In an L2TP LAC configuration that uses PPPoA, counters in the NRP fail when traffic is process- switched. There is no workaround.
•
When using the BGP routing protocol, the NRP does not send route updates to its BGP neighbors when the default-metric CLI command is issued on the NRP.
Workaround: issue the command clear ip bgp * to reset all BGP connections. You might need to issue this command twice, which is a side effect of this caveat.
•
If an ambiguous command (for example, config-if-atm-ran) is entered while in the PVC range configuration submode, a spurious memory traceback message will be displayed when the next command is entered. The traceback message is harmless.
Workaround: Do not enter incomplete commands while in the PVC range configuration submode.
•
An NRP running Cisco IOS Release 12.1(3)DC1 or later might reload due to malloc failures and might produce error messages such as the following ones:
%SYS-2-MALLOCFAIL: Memory allocation of 788 bytes failed from 0x6025A258, pool I/O, alignment 32 -Process= "Syslog Traps", ipl= 7, pid= 75or
%SYS-2-MALLOCFAIL: Memory allocation of 276 bytes failed from 0x6025A258, pool I/O, alignment 32 -Process= "Net Background", ipl= 7, pid= 17This is due to a memory leak which ultimately results in exhaustion of the memory resource. As a result, some process(es) fail to acquire the needed memory and the system restarts. There is no workaround.
•
Under rare circumstances, and more likely when IP NAT is used, an NRP might reload with the following message:
%SYS-3-BADMAGIC: Corrupt block at 624D0C38 (magic 0D0D0D0D)This error might be caused by process writing beyond the allocated memory. There is no workaround.
•
An NRP running Cisco IOS Release 12.1(3)DC might reload unexpectedly due to a bus error related to an Inverse ARP problem. There is no workaround.
•
An NRP might reload due to memory-allocation failures in the process and I/O memory: After malloc failures, the NRP eventually reloads, sometimes with redzone-violation errors and other times due to the watchdog timeout. There is no workaround.
•
After using the Belle application to modify the unspecified bit rate plus (UBR+) on VCs for a period of time, some VCs might pause indefinitely.
Workaround: issue the clear int a0/0/0 command.
•
An NRP running Cisco IOS Release 12.1(3)DC might experience a 30-MB memory leak after
18 hours of operation with the CPU running at approximately 60%. This causes the command prompt to fail. There is no workaround.
•
After an NRP running Cisco IOS Release 12.1(3)DC or Release 12.1(3)DC1 has reloaded unexpectedly, the boot date and time stamp and the uptime might not show correctly in the output of the show version command.
Workaround: Restart the NRP manually.
•
After the RADIUS process has completed processing the data packet and is trying to free its contexts, the NRP might reload unexpectedly due to a bus error in the AAA code.
Open Caveats for the NRP-2
The following open caveats apply only to the NRP-2.
•
The NRP-2 configuration is held on the NSP PCMCIA Disk. When you attempt to save the configuration on the NRP-2, the process on the NSP currently does not check for available disk space before trying to write the configuration to the disk. This might cause the file to be stored on the disk incompletely, or not at all. Generally this is not an issue, because a chassis alarm is generated when the disk space gets low.
Workaround: Check the disk space on the NSP and check any disk alarms before saving NRP-2 configurations.
•
Some host services, including RADIUS, need to be send in an out-of-band fashion via the Network Management Interface (NME) on the Cisco 6400. As there is no direct NME interface on the NRP-2, some other path needs be used for this class of traffic. Currently, the NSP will not allow the CPU port to be added to a bridge group; therefore functionality similar to the Ethernet consolidation can not be used.
Workaround: Users with an NRP-1 in their Cisco 6400 chassis can configure a "Host Services" VC from the NRP-2 to be bridged into the NRP-1, where traffic can be forwarded over either the Fast Ethernet interface or over the Backplane Ethernet interface.
Note
•
The compress-configuration option is not currently available for the NRP-2 platform. The configuration command service compress-config is currently ignored and configurations are saved uncompressed. There is no workaround.
•
The NSP disk-format operations to the PCMCIA disk in slot 1 might affect concurrent disk operations to the disk in slot 0.
Workaround: As the disk in slot 0 is used for storing NRP-2 system configuration, the user should not perform formatting operations on disk 1 while the NRP-2 uses disk 0.
•
The NRP-2 booting and configuration operations depend on the presence of the PCMCIA disk in slot 0 of the NSP. Removal of that disk during NRP-2 disk operations, including booting and the saving of configurations, may result in an unexpected reload of the NRP-2.
Workaround: Assure that no NRP-2 disk operations are in progress before removing the PCMCIA disk from slot 0 of the NSP.
•
The NRP-2 running configuration is saved on the NSP PCMCIA disk. If that disk is not present, the configuration cannot be saved. The current NRP-2 software does not warn the user if the configuration has not been saved correctly.
Workaround: Make sure that the PCMCIA disk is present on the NSP before saving the NRP-2 running configuration.
•
The total memory size displayed for the NRP-2 in response to the show version command is incorrect. Systems with 512 MB installed display the following memory size:
cisco NRP2SP (NRP2SP) processor with 393216K/196608K bytes of memory.The second value, the installed I/O memory, is too large by 64MB. Systems with 256 MB installed also show an I/O memory value that is too large by 64MB. There is no workaround.
•
When an ATM subinterface is configured, it does not show up in the running configuration.
Workaround: Issue the show ip interface command or the show interface command to show the ATM subinterface.
•
Resetting the NRP-2 with the hw-module slot x reset NSP command while the NRP-2 has pending console output, causes bus error warning messages to appear on the NSP console and in the NSP error log. Although there is no workaround, the messages are simply a warning and are harmless.
•
When issuing a shutdown CLI command on an ATM interface with a large number (more than 1000) VCs configured, the following "CPUHOG" message appears on the console output:
00:06:39: %SYS-3-CPUHOG: Task ran for 2744 msec (0/0), process = Exec, PC = 602A7F88.Although the operation is unlikely to be affected by this caveat, there is no workaround.
•
Booting up an NRP-2 with a configuration that contains a large number of subinterfaces might cause the following "CPUHOG" message to appear on the console output:
00:07:51: %SYS-3-CPUHOG: Task ran for 49272 msec (0/0), process = Auto Config insertion process, PC = 602AFF20.Although the operation is unlikely to be affected by this caveat, there is no workaround.
•
Booting up an NRP-2 with a configuration that contains a large number of subinterfaces might cause the following "CPUHOG" message to appear on the console output:
00:08:36: %SYS-3-CPUHOG: Task ran for 40052 msec (0/0), process = CEF process, PC = 602AFF20.Although the operation is unlikely to be affected by this caveat, there is no workaround.
•
Booting up an NRP-2 with a configuration that contains a large number of subinterfaces might cause the following "CPUHOG" message to appear on the console output:
00:10:09: %SYS-3-CPUHOG: Task ran for 75244 msec (0/0), process = CEF process, PC = 601A7010.Although the operation is unlikely to be affected by this caveat, there is no workaround.
•
When an NRP-2 receives traffic that exceeds the Maximum Transmission Unit (MTU) specified on that NRP-2, the virtual access (VA) interfaces counter displays incorrect values. After issuing the show controller <atm0/0/0> command, the counter for giant packets (rx_drop_giant) displays the incorrect values.
Workaround: Use the giant discard statistic counter (rx_giant_discard) in the show controller <atm0/0/0> command to adjust the number shown in the giant packets counter in the following manner:
total giants discarded = (rx_drop_giant) minus (rx_giant_discard/2)
Note
•
If the NRP-2 is reset or loses power while the configuration is being saved to a storage medium, the configuration file might become corrupted. Attempting to restart the NRP-2 might cause the NRP-2 to reload unexpectedly.
Workaround: Do not reset the NRP-2 after issuing a command that saves the configuration file, but wait until the saving process has been completed.
If the problem occurs due to a power loss or accident, the storage medium needs to be formatted after the NRP-2 has been rebooted. Formatting the storage medium causes all data on the storage medium to be lost. If possible, before starting the formatting process, copy the data on the storage medium that needs to be formatted to another storage medium. When the formatting process has been completed, copy the data back to the storage medium that has been formatted and restore the corrupt configuration file from a backup copy.
•
When a PPPoE session (on an ATM subinterface) is up and the ATM subinterface is shut on the NRP-2 LAC, the following message is logged on the NRP-2 console:
1d03h: %NRP2_SE64-3-ULD_BADVC: ATM0/0/0 bad vcd 2002 packet - 07D28000 AAAA0300 80C20007 000000D0 BA706B2B 00D0BA70This message is due to a timing-race condition in shutting down PVCs within the SAR driver. There is no workaround.
•
When a write mem command is issued on the NRP-2, the configuration data is sent to the NSP for storage on the NSP disk. If this disk operation fails, the NSP will issue an error message, however, the NRP-2 itself will not indicate the failure on the console.
To ensure that the configuration data has been written to the NSP disk, the user can look at the time and date stamp for the configuration file on the NSP disk. Configuration data is stored in "disk0:/slotn/NRP2-startup-config", where "n" (in slotn) is the slot number of the NRP-2. A quick scan for error messages on the NSP console will also reveal any problems that might have occurred while writing the configuration to the NSP disk.
•
When a PPPoE session is up, the NRP-2 drops sweep ping packets with a size is greater than 4000 bytes. There is no workaround.
•
With CEF enabled while using RBE, packets are not switched to fast switching, causing the packet flow to stop.
Workaround: Disable CEF on the ATM subinterface.
•
The contents of the current crashinfo file are not displayed as part of the output from the show stacks.
Workaround: View the current crashinfo file by using the more nsp_slot:nrp-crashinfo-data command of the NRP-2. The NRP-2 crashinfo files may also be viewed by looking in the appropriate slot directory on "disk0:" of the NSP.
•
While bringing up 4000 L2TP sessions on an LNS, spurious memory reads might be generated and might cause an "ALIGN-3-SPURIOUS" error message. Although there are no known negative effects of this problem, there is no workaround.
•
Some sessions do not come up when the ATM interface of either the LAC or the LNS is flapped many times. The test configuration has 4000 PPPoA sessions and uses a ppp-keepalive interval value of 10.
Workaround: Increase the keepalive interval to 200 (as per the recommended scalability guidelines).
Preexisting NRP-1 Hardware Caveats
This section describes possible unexpected behavior by earlier hardware versions of the NRP-1. To determine your NRP-1 part number (P/N), see the "Determining Your NRP-1 Part Number" section.
•
Affected Part Numbers: 800-03785-03, 800-03655-02 or higher part numbers
Symptom:
While the NSP is in Slot 0A of a single NSP system, the NRP-1s reset during NSP reloads or resets.Workaround:
In a nonredundant system using an NSP of P/N 800-03785-03, place the NSP in Slot 0B.•
Affected Part Numbers:
800-03655-01, 800-03655-02, 800-03655-03, 800-03655-04Symptoms:
Regardless of any boot system global configuration command entries in the startup configuration, the NRP-1 boots the first image in Flash memory after a reset. This problem occurs after one of the following actions:–
–
Workaround:
To avoid this problem, make sure that the desired image is the first file on the Flash memory device. Complete the following steps in EXEC mode:a.
b.
c.
d.
Recovery:
If you encounter the problem before implementing the workaround, reset the NRP-1 once by using the hw-module slot number reset EXEC command on the NSP. As long as the NSP sends a single reset to the NRP-1, the NRP-1 does not ignore the boot system global configuration command entries in the startup configuration.•
Affected Part Numbers:
800-03655-04, 800-03655-05, 800-03655-06Symptoms:
With or without redundancy configured, an NRP-1 inserted into a live system might reset the NRP-1 in the adjacent slot of the slot pair. NRP-1 slot pairs are slots 1-2, 3-4, 5-6, and 7-8.Workaround (use one of the following):
–
–
•
Affected Part Number: 800-03655-01
Symptoms:
When the terminal server is configured such that hardware flow control is enabled on the port attached to the NRP-1 console, the NRP-1 console port does not respond.Workaround:
Configure your terminal server to disable hardware flow control on the port attached to the NRP-1 console.•
Affected Part Numbers:
800-03655-01, 800-03655-02, 800-03655-03, 800-03655-04, 800-03655-05, 800-03655-06, 800-03655-07, 800-03655-08Symptom:
NSP reports unknown cardtype when the chassis is populated primarily with NRP-1s.Workaround (use one of the following):
–
–
–
•
The NRP-1 crashes during reload when both of the following conditions are met:
–
–
Workaround (use one of the following):
–
–
•
When the SSG is enabled after an upgrade from Cisco IOS Release 12.0(3)DC1 or Release 12.0(5)DC to Release 12.0(7)DC or higher, the SSG transparent passthrough feature is no longer supported.
Workaround: To enable non-SSG connections to pass through the NRP-1, disable the SSG with the no ssg enable command.
•
The execution of the Show ip nat translation verbose may cause the 6400 NRP-1 to reload. Workaround: Set the terminal length to "term len 0" before executing the Show ip nat translation verbose.
Determining Your NRP-1 Part Number
To determine the NRP-1 part number, use one of the following methods with the information in Table 11:
•
•
•
The following example displays the show nrp command output for an NRP-1 with part number 73-3082-06:
6400-nrp# show nrpRouter installed in slot 5Network IO Interrupt Throttling:throttle count=0, timer count=0active=0, configured=0netint usec=4000, netint mask usec=200NRP CPU ID EEPROM:Hardware revision 4.255 Board revision A0Serial number 12346818 Part number 73-3082-06
Test history 0x0 RMA number 00-00-00EEPROM format version 2EEPROM contents (hex):0x00: 02 E3 04 FF 00 BC 65 C2 49 0E 26 05 00 00 00 000x10: 50 00 00 00 07 CF 04 09 00 00 00 78 00 00 00 006400-nrp#
Related Documentation
The following sections describe the documentation available for the Cisco 6400 universal access concentrator. These documents consist of hardware and software installation guides, Cisco IOS configuration guides and command references, system error messages, feature modules, and other documents.
Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online on Cisco.com and the Documentation CD-ROM.
Use these release notes with these documents:
•
Release-Specific Documents
The following documents are specific to Cisco IOS Release 12.1 and are located on Cisco.com and the Documentation CD-ROM:
•
On Cisco.com at:
Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.1: Release Notes
On the Documentation CD-ROM at:
Cisco IOS Software Configuration: Cisco IOS Release 12.1: Release Notes
•
Technical Documents
•
As a supplement to the caveats listed in the "Software Caveats" section in these release notes, see Caveats for Cisco IOS Release 12.1 and Caveats for Cisco IOS Release 12.1 T, which contain caveats applicable to all platforms for all maintenance releases of Release 12.1.
On Cisco.com:
Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.1: Release Notes: Caveats
On the Documentation CD-ROM:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.1: Caveats
Note
Platform-Specific Documents
The documents listed in Table 12 are available for the Cisco 6400 UAC on Cisco.com and the Documentation CD-ROM.
To access Cisco 6400 documentation on Cisco.com, follow this path:
Technical Documents: Documentation Home Page: Aggregation Solutions:
Cisco 6400 Universal Access ConcentratorTo access Cisco 6400 documentation on the Documentation CD-ROM, follow this path:
Aggregation Solutions: Cisco 6400 Universal Access Concentrator
Feature Modules
Feature modules describe new features supported by Cisco IOS Release 12.1 DC and are updates to the Cisco IOS documentation set. A feature module consists of a brief overview of the feature, benefits, configuration tasks, and a command reference. As updates, the feature modules are available online only. Feature module information is incorporated in the next printing of the Cisco IOS documentation set.
On Cisco.com at:
Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.1: New Feature Documentation: New Features in 12.1-Based Limited Lifetime Releases: New Features in Release 12.1 DC
On the Documentation CD-ROM at:
Cisco IOS Software Configuration: Cisco IOS Release 12.1: New Feature Documentation:
New Features in 12.1-Based Limited Lifetime Releases: New Features in Release 12.1 DCCisco IOS Software Documentation Set
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents. The Cisco IOS software documentation set is shipped with your order in electronic form on the Documentation CD-ROM, unless you specifically ordered the printed versions.
Documentation Modules
Each module in the Cisco IOS documentation set consists of one or more configuration guides and one or more corresponding command references. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference.
On Cisco.com and the Documentation CD-ROM, two master hot-linked documents provide information for the Cisco IOS software documentation set.
On Cisco.com at:
Technical Documents: Documentation Home Page: Cisco IOS Software Configuration:
Cisco IOS Release 12.1: Configuration Guides and Command ReferencesOn the Documentation CD-ROM at:
Cisco IOS Software Configuration: Cisco IOS Release 12.1:
Configuration Guides and Command ReferencesCisco IOS Release 12.1 Documentation Set Contents
Table 13 lists the contents of the Cisco IOS Release 12.1 software documentation set, which is available in electronic form and in printed form, if ordered.
Note
On Cisco.com at:
Technical Documents: Documentation Home Page: Cisco IOS Software Configuration:
Cisco IOS Release 12.1On the Documentation CD-ROM at:
Cisco IOS Software Configuration: Cisco IOS Release 12.1
Note
Obtaining Documentation
The following sections provide sources for obtaining documentation from Cisco Systems.
World Wide Web
The most current Cisco documentation is available on the World Wide Web at http://www.cisco.com. Translated documentation can be accessed at http://www.cisco.com/public/countries_languages.shtml.
Documentation CD-ROM
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.
Ordering Documentation
Cisco documentation is available in the following ways:
•
http://www.cisco.com/cgi-bin/order/order_root.pl
•
http://www.cisco.com/go/subscription
•
Documentation Feedback
If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.
You can e-mail your comments to bug-doc@cisco.com.
To submit your comments by mail, for your convenience many documents contain a response card behind the front cover. Otherwise, you can mail your comments to the following address:
Cisco Systems, Inc.
Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Obtaining Technical Assistance
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC website.
Cisco.com
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.
Cisco.com provides a broad range of features and services to help customers and partners streamline business processes and improve productivity. Through Cisco.com, you can find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online technical support, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on Cisco.com to obtain additional personalized information and services. Registered users can order products, check on the status of an order, access technical support, and view benefits specific to their relationships with Cisco.
To access Cisco.com, go to the following website:
http://www.cisco.com
Technical Assistance Center
The Cisco TAC website is available to all customers who need technical assistance with a Cisco product or technology that is under warranty or covered by a maintenance contract.
Contacting TAC by Using the Cisco TAC Website
If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC by going to the TAC website:
http://www.cisco.com/tac
P3 and P4 level problems are defined as follows:
•
•
In each of the above cases, use the Cisco TAC website to quickly find answers to your questions.
To register for Cisco.com, go to the following website:
http://www.cisco.com/register/
If you cannot resolve your technical issue by using the TAC online resources, Cisco.com registered users can open a case online by using the TAC Case Open tool at the following website:
http://www.cisco.com/tac/caseopen
Contacting TAC by Telephone
If you have a priority level 1(P1) or priority level 2 (P2) problem, contact TAC by telephone and immediately open a case. To obtain a directory of toll-free numbers for your country, go to the following website:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
P1 and P2 level problems are defined as follows:
•
•
