Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco IOS Software Releases 12.1 Special and Early Deployments

Cisco uBR905 - Cisco IOS Release 12.1 XL

Downloads

Table Of Contents

Release Notes for Cisco uBR905 Cable Access Router for Cisco IOS Release 12.1(3a)XL2

Contents

Introduction

Cisco uBR905 Cable Access Router

Early Deployment Releases

System Requirements

Memory Recommendations

Headend Interoperability

DOCSIS Concatenation

DOCSIS 1.0+ Extensions

IPSec Encryption Support

Hardware Supported

Determining the Software Version

Upgrading to a New Software Release

Feature Set Tables

New and Changed Information

New Hardware and Software Features in Cisco IOS Release 12.1(3a) XL4

New Hardware and Software Features in Cisco IOS Release 12.1(3a) XL3

New Hardware Features in Release 12.1(3a)XL2

New Software Features in Release 12.1(3a)XL2

Cable Monitor Web Diagnostics Tool

Cisco IOS Firewall (Phase I and II)

Cisco Secure Intrusion Detection System (IDS) Support

DOCSIS 1.0+ Extensions

DOCSIS Baseline Privacy Interface (BPI)

DOCSIS Baseline Privacy Management Information Base

Dynamic Host Configuration Protocol Proxy Support

Easy IP—DHCP Server and NAT/PAT

Enhanced Bridging

Full and DOCSIS-Compliant Bridging

HSRP Support for ICMP Redirects (CSCdp37610)

IP Address Negotiation

IPSec Encryption (56-bit and 3DES)

Layer 2 Tunneling Protocol

Management Information Base (MIB) Features

RFC 2233 Support

Routing (RIP V2)

Secure Shell Version 1 Client Support

SNMP Enhancements

VPN Enhancement—Dynamic Crypto Map

Limitations and Restrictions

Bridging Support

DOCSIS CLI Commands are Removed

GRE IP Tunnels Are Not Supported

IP Address Negotiation

Upgrading Software Images Using BPI

Using Access Lists 100 and 101

Using Multiple PCs with the Cisco uBR905 Cable Access Router

Using the Reset Switch

Important Notes

CPE Device Filtering

Disabling the Finger Server

Supported MIBs

Cable Device MIBs

Cisco Standard MIBs

Radio Frequency Interface MIBs

Cable-Specific MIBs

Deprecated MIBs

Caveats

Open Caveats—Cisco IOS Release12.1(3a)XL4

Resolved Caveats—Cisco IOS Release12.1(3a)XL4

Open Caveats—Release 12.1(3a)XL2

Closed or Resolved Caveats—Release 12.1(3a)XL2

Related Documentation

Release-Specific Documents

Platform-Specific Documents

Feature Modules

Cisco IOS Software Documentation Set

Documentation Modules

Release 12.1 Documentation Set

Obtaining Documentation

World Wide Web

Documentation CD-ROM

Ordering Documentation

Obtaining Technical Assistance

Cisco Connection Online

Technical Assistance Center

Software Configuration Tips on the Cisco Technical Assistance Center Home Page

Documentation Feedback


Release Notes for Cisco uBR905 Cable Access Router for Cisco IOS Release 12.1(3a)XL2

February 16, 2002
Part Number: OL-0633-01 Rev. E0

Note You can find the most current Cisco IOS documentation on Cisco Connection Online (CCO). These electronic documents may contain updates and modifications made after this document was published.

These release notes for the Cisco uBR905 Cable Access Router describe the enhancements provided in Cisco IOS Release 12.1(3a)XL2. These release notes are updated as needed to describe new features, memory requirements, hardware support, software platform deferrals, and changes to the microcode or modem code and related documents.

For a list of software caveats that apply to Release 12.1(3a)XL2, see the "Caveats" section and Caveats for Cisco IOS Release 12.1 T. The caveats document is updated for every maintenance release and is located on Cisco Connection Online (CCO) and the Documentation CD-ROM.

Use these release notes with Cross-Platform Release Notes for Cisco IOS Release 12.1 located on CCO and the Documentation CD-ROM. For complete documentation on the Cisco uBR905 Cable Access Router, see the documentation listed in the "Related Documentation" section.

Contents

These release notes describe the following topics:

Introduction

System Requirements

New and Changed Information

Limitations and Restrictions

Important Notes

Caveats

Related Documentation

Obtaining Documentation

Obtaining Technical Assistance

Introduction

The DOCSIS-based Cisco uBR905 Cable Access Router gives small office/home office (SOHO) and branch office subscribers high-speed Internet or Intranet access. The Cisco uBR905 Cable Access Router supports data traffic via a shared two-way cable system and Internet Protocol (IP) backbone network. The Cisco uBR905 Cable Access Router connects computers and other customer premises devices at a subscriber site to the service provider's cable, hybrid/fiber coax (HFC), and IP backbone network.

The Cisco uBR905 Cable Access Router is based on Data-over-Cable Service Interface Specifications (DOCSIS) and interoperates with any bidirectional, DOCSIS-qualified Cable Modem Termination System (CMTS). The Cisco uBR905 Cable Access Router ships from the Cisco factory with a Cisco IOS software image stored in nonvolatile Flash memory that supports DOCSIS-compliant bridging data operations. The Cisco uBR905 Cable Access Router functions as a cable modem at the subscriber site to convey data communications on the cable television system.

Note For information on new features and Cisco IOS commands supported by Release 12.1 XL, see the "New and Changed Information" section and the "Related Documentation" section.

Based on the feature licenses your company purchased, other Cisco IOS images can be downloaded from Cisco Connection Online (CCO). Special operating modes, based on your service offering and the practices in place for your network, can be supported for the Cisco uBR905 router, based on the available images in Cisco IOS Release 12.1(3a)XL2. The Cisco uBR905 Cable Access Router can also function as an advanced router, providing wide area network (WAN) data connectivity in a variety of configurations.

Note All Cisco uBR905 Cable Access Router images support DOCSIS Baseline Privacy Interface (BPI) encryption. BPI is subject to export restrictions.

Cisco uBR905 Cable Access Router

The Cisco uBR905 Cable Access Router features a single F-connector interface to the cable system, four RJ-45 (10BaseT Ethernet) hub ports, and one RJ-45 console port to connect to a laptop computer/console terminal for local Cisco IOS configuration. The Cisco uBR905 Cable Access Router also provides an onboard IPSec hardware accelerator, which provides high-performance encryption that is significantly faster than software-based encryption.

The Cisco uBR905 Cable Access Router supports a number of Cisco IOS software images. The feature sets available in Release 12.1(3a)XL2 include Easy IP, Cisco IOS Firewall (Phases I and Phase II), and IPSec encryption.

Early Deployment Releases

These release notes describe the Cisco uBR905 Cable Access Router for Cisco IOS Release 12.1 XL, which is an early deployment (ED) release based on Cisco IOS Release 12.1 T. Early deployment releases contain fixes for software caveats and support for new Cisco hardware and software features.

Table 1 shows that Release 12.1(3a)XL1 is the initial early deployment release of the Cisco uBR905 Cable Access Router:

Table 1 Early Deployment Releases for the Cisco uBR905 Cable Access Router 

ED Release
Additional Software Features
Availability

12.1(3a)XL1

Cable Monitor Web Diagnostics Tool

Cisco Firewall (Phases I and II)—Cisco IOS Firewall Software

Cisco Secure Intrusion Detection System (IDS) (formerly known as NetRanger) support

DOCSIS 1.0+ Extensions—Dynamic Multi-SID1 Assignment and Concatenation

DOCSIS Baseline Privacy Interface (BPI)

Dynamic Host Configuration Protocol (DHCP) Proxy Support

Enhanced bridging functionality

Full and DOCSIS-compliant bridging

HSRP2 Support for ICMP3 Redirect

IPSec—56-bit encryption/decryption at network layer (Phase I)

IPSec 3DES—Triple DES4 (Phase I): 168-bit encryption/decryption at network layer (Phase I)

IPSec Hardware Accelerator—onboard encryption hardware accelerator is automatically used by default for all IPSec encryption

L2TP—Layer 2 tunneling protocol (Phase I)

Network address translation and port address translation (NAT/PAT)

Radio frequency interface

RFC 2233 support for link up/down traps and for theIF-MIB MIB5

Routing (RIP V2)

Secure Shell (SSH) Version 1 Client and Server Support

Support for the ip address dhcp command

VPN6 Enhancements—Dynamic Crypto Map

Now

1 SID = Service ID

2 HSRP = Hot-Standby Routing Protocol

3 ICMP = Internet Control Message Protocol

4 DES = Data Encryption Standard

5 MIB = Management Information Base

6 VPN = Virtual Private Network


System Requirements

This section describes the system requirements for Cisco IOS Release 12.1(3a)XL2:

Memory Recommendations

Headend Interoperability

Hardware Supported

Determining the Software Version

Upgrading to a New Software Release

Feature Set Tables

Memory Recommendations

Table 2 lists the memory recommendations for each of the feature sets available for the Cisco uBR905 Cable Access Router in Cisco IOS Release 12.1(3a)XL2. The image subset legend for Table 2Table 2 is as follows:

y5=Reduced IP image with Easy IP functionality (PAT/NAT/DHCP server)

s=Plus set includes L2TP

v4=Voice set

o3=Firewall (Phase II) feature set

k1=DOCSIS baseline privacy

56i=56-bit IPSec

k2=Triple DES IPSec (Phase I)

Table 2 Memory Recommendations for the Cisco uBR905 Cable Access Router,
Release 12.1(3a)XL2 Feature Sets 

Feature Set Matrix Term1
Image Name
Minimum
Flash
Memory
Minimum
DRAM
Memory
Runs
From

Value Telecommuter—Easy IP and IPSec 56

ubr925-k1sv4y556i-mz

8 MB Flash

24 MB DRAM

RAM

Performance Telecommuter— Easy IP and IPSec 3DES

ubr925-k1k2sv4y5-mz

8 MB Flash

24 MB DRAM

RAM

Value Small Office—Easy IP, FW2 , and IPSec 56

ubr925-k1o3sv4y556i-mz

8 MB Flash

24 MB DRAM

RAM

Performance Small Office— Easy IP, FW2, and IPSec 3DES

ubr925-k1k2o3sv4y5-mz

8 MB Flash

24 MB DRAM

RAM

1 The voice feature set is not supported on the Cisco uBR905 Cable Access Router.

2 FW—Cisco IOS Firewall


Headend Interoperability

DOCSIS Concatenation

If using DOCSIS concatenation with a 16-QAM (quadrature amplitude modulation) symbol rate, the CMTS must be configured for Unique Word 16 in the preamble for both short and long data burst profiles. On the Cisco uBR7200 series universal broadband routers, use the cable modulation-profile global configuration command and specify "uw16" for both the long and short modulation profiles. See caveats CSCdp76415 and CSCdp92139 on page 22 for more detail.

DOCSIS 1.0+ Extensions

Cisco IOS Release 12.1 XL images support the Cisco DOCSIS 1.0+ Extensions, which include dynamic multi-SID assignment and concatenation. To use the dynamic multi-SID and concatenation features, both the Cisco uBR905 router and the CMTS router must support them. If you are using the Cisco uBR7200 series headend equipment as the CMTS router, Cisco IOS Release 12.1(1) T or greater is required on the CMTS router to ensure that these features are activated.

To configure the Cisco uBR905 Cable Access Router to support multiple classes of service, use either the Cisco Subscriber Registration Center (CSRC) tool or the configuration file editor of your choice. DOCSIS configuration files can contain multiple classes of service (CoS) to support voice and other real-time traffic. The first CoS is used for data (and voice if no other CoS is defined), and up to three additional classes of service can be defined to give higher priority for voice and other real-time traffic.

IPSec Encryption Support

To use IPSec encryption, both the Cisco uBR905 Cable Access Router and the destination endpoint must support IPSec encryption and be configured for the same encryption policy. The endpoint is typically an IPSec gateway such as a peer router, Cisco PIX firewall, or other device that can be configured for IPSec. (The CMTS does not need to support IPSec encryption unless it is desired that the CMTS act as an IPSec gateway.)

Note The IPSec feature set encrypts traffic sent between endpoints, such as between two Cisco uBR905 Cable Access Routers, to protect traffic sent across the Internet and other unprotected networks. The DOCSIS BPI feature encrypts traffic on the cable interface, between the Cisco uBR905 Cable Access Router and the CMTS. To use BPI encryption, both the Cisco uBR905 Cable Access Router and the CMTS must support and enable BPI encryption.

Hardware Supported

The Cisco uBR905 Cable Access Router contains:

A single F-connector interface to the cable system.

Four RJ-45 (10BaseT Ethernet) hub ports to connect:

Up to three computers directly to the four Ethernet hub ports at the rear of the Cisco uBR905 router when operating in bridging mode. When operating in routing mode, all four Ethernet hub ports can be connected directly to four computers.

One of the four Ethernet hub ports at the rear of the Cisco uBR905 router can be connected to an Ethernet hub, which then connects additional computers or devices at the site when operating in routing or bridging mode.

One RJ-45 console port (optional) to connect to a laptop computer or console terminal when locally configuring the Cisco uBR905 router; the router ships from the Cisco factory with the console port enabled.

The onboard hardware accelerator for IPSec encryption is automatically used by default to encrypt and decrypt all traffic protected by either 56-bit or 168-bit IPSec encryption.

Determining the Software Version

To determine the version of Cisco IOS software running on your Cisco uBR905 Cable Access Router, log into the Cisco uBR905 Cable Access Router and enter the show version EXEC command:

For the Cisco uBR905 Cable Access Router: 

router# show version

Cisco Internetwork Operating System Software

IOS (tm) 920 Software (ubr925-k1v4y5-mz), Version 12.1(3a)XL1, RELEASE SOFTWARE

Upgrading to a New Software Release

For technical information about upgrading to a new software release, see Cisco IOS Upgrade Ordering Instructions on CCO located at:

http://tools.cisco.com/Support/Fusion/FusionHome.do

Feature Set Tables

Cisco IOS software is packaged in feature sets consisting of software images, depending on the platform. Each feature set contains a specific set of Cisco IOS features.

Caution Cisco IOS images with strong encryption (including, but not limited to, 168-bit [3DES] data encryption feature sets) are subject to United States government export controls and have limited distribution. Strong encryption images to be installed outside the United States may require an export license. Customer orders may be denied or subject to delay due to United States government regulations. When applicable, the purchaser/user must obtain local import and use authorizations for all encryption strengths. Contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com.

Table 3 lists the voice and data software images by feature sets for the Cisco uBR905 Cable Access Router. This table uses the following conventions:

Yes—The feature is supported in the feature set.

No—The feature is not supported in the feature set.

Note These feature set tables might contain a selected list of features. These tables might not be cumulative—nor do they list all the features in each image.

Table 3 Feature List by Feature Set for the Cisco uBR905 Cable Access Router—Data 

 
Software Images by Feature Set Matrix Term
Features
Value Telecommuter
Performance Telecommuter
Value Small Office
Performance Small Office

Cable Device MIB (RFC 2669)

Yes

Yes

Yes

Yes

Cable Monitor

Yes

Yes

Yes

Yes

Cisco IOS Firewall Software

No

No

Yes

Yes

Cisco Standard MIBs

Yes

Yes

Yes

Yes

DHCP Proxy Support

Yes

Yes

Yes

Yes

DOCSIS 1.0+ Extensions (Dynamic multi-SID assignment and concatenation)

Yes

Yes

Yes

Yes

DOCSIS Baseline Privacy Interface (BPI) Encryption

Yes

Yes

Yes

Yes

DOCSIS Baseline Privacy Interface (BPI) MIB

Yes

Yes

Yes

Yes

DOCSIS-Compliant Bridging

Yes

Yes

Yes

Yes

Easy IP

Yes

Yes

Yes

Yes

HSRP Support for ICMP Redirect

Yes

Yes

Yes

Yes

IPSec Encryption with 56-bit DES

Yes

Yes

Yes

Yes

IPSec Encryption with Triple DES (3DES)

No

Yes

No

Yes

Layer 2 Tunneling Protocol (L2TP)

No

No

No

No

RFC 2233 Support

Yes

Yes

Yes

Yes

Radio Frequency Interface MIB (RFC 2670)

Yes

Yes

Yes

Yes

Routing (RIP V2)

Yes

Yes

Yes

Yes

Secure Shell (SSH)—56-bit encryption

Yes

Yes

Yes

Yes

Secure Shell (SSH)—3DES encryption

No

Yes

No

Yes


New and Changed Information

The following sections list the new hardware and software features supported by the Cisco uBR905 Cable Access Router.

New Hardware and Software Features in Cisco IOS Release 12.1(3a) XL4

There are no new hardware and software features in the Cisco uBR905 Cable Access Router for Cisco IOS Release 12.1(3a) XL4.

New Hardware and Software Features in Cisco IOS Release 12.1(3a) XL3

There are no new hardware and software features in the Cisco uBR905 Cable Access Router for Cisco IOS Release 12.1(3a) XL3.

New Hardware Features in Release 12.1(3a)XL2

Cisco IOS Release 12.1(3a)XL2 supports the Cisco uBR905 Cable Access Router.

New Software Features in Release 12.1(3a)XL2

The following new software features are supported by the Cisco uBR905 Cable Access Router for Release 12.1(3a)XL2.

Cable Monitor Web Diagnostics Tool

The Cable Monitor is a web-based diagnostic tool to display the current status and configuration of the Cisco uBR905 router. The Cable Monitor can also be used when the cable network is down, providing an easy way for subscribers to provide necessary information to service technicians and troubleshooters.

Cisco IOS Firewall (Phase I and II)

The Cisco IOS Firewall feature set includes the following set of features:

Context-Based Access Control (CBAC) that intelligently filters TCP and UDP packets based on the application-layer protocol. This includes Java applets, which can be blocked completely or allowed only from known and trusted sources.

Detection and prevention of the most common denial of service (DoS) attacks, such as ICMP and UDP echo packet flooding, SYN packet flooding, half-open or other unusual TCP connections, and deliberate misfragmentation of IP packets.

Support for a broad range of commonly used protocols, including H.323 and NetMeeting, FTP, HTTP, MS Netshow, RPC, SMTP, SQL*Net, and TFTP.

Authentication Proxy for authentication and authorization of web clients on a per-user basis.

Dynamic port mapping that maps the default port numbers for well-known applications to other port numbers. This can be done on a host-by-host basis or for an entire subnet, providing a large degree of control over which users can access different applications.

Configurable alerts and audit trail.

Intrusion Detection System (IDS) that recognizes the signatures of 59 common attack profiles. When an intrusion is detected, IDS can either send an alarm to a syslog server or to NetRanger Director, drop the packet, or reset the TCP connection.

User-configurable audit rules.

Configurable real-time alerts and audit trail logs.

For detailed information, see the Cisco IOS Firewall Feature Set documentation set, as well as the section Traffic Filtering and Firewalls in the Security Configuration Guide and the Security Command Reference (available on the Documentation CD-ROM and CCO).

Cisco Secure Intrusion Detection System (IDS) Support

Cisco IOS Release 12.1(3a)XL2 supports the Cisco Secure Intrusion Detection System (IDS), formerly known as Cisco NetRanger, which is composed of three parts:

A management console (director) that is used to view the alarms and to manage the sensors.

A sensor that monitors traffic. This traffic is matched against a list of known signatures to detect misuse of the network. This is usually in the form of scanning for vulnerabilities or of attacking systems. When a signature is matched, the sensor can track certain actions. In the case of the appliance sensor, it can reset the sessions (using the TCP/rst calls), or enable "shuns" of further traffic. In the case of the IOS-IDS, it can drop traffic. In all cases, the sensor can send alarms to the director.

Communications through automated report generation of standardized and customizable reports and QoS/CoS monitoring capabilities.

DOCSIS 1.0+ Extensions

In addition to the other quality of service (QoS) features, DOCSIS 1.1 supports a number of features that are required for the delivery of high-quality voice traffic. To use these features before the DOCSIS 1.1 specification is finalized, Cisco has created the DOCSIS 1.0+ extensions that contain the most important of these features:

Concatenation—DOCSIS concatenation combines multiple upstream packets into one packet to reduce packet overhead and overall latency, and to increase transmission efficiency. Using concatenation, a DOCSIS cable modem makes only one bandwidth request for multiple packets, as opposed to making a different bandwidth request for each individual packet; this technique is especially effective for bursty real-time traffic, such as voice calls.

Dynamic Multi-SID Assignment—To give priority to voice traffic, the Cisco uBR905 router assigns a different SID to each voice port. Without the DOCSIS 1.0+ extensions, the router creates these SIDs during the provisioning process, and the SIDs remain in effect until the router is rebooted with a different configuration. As part of this process, a minimum guaranteed bandwidth is permanently allocated to the voice ports; this bandwidth is reserved to the voice ports even if no calls are being made.

To avoid potentially wasting bandwidth in this manner, the DOCSIS 1.0+ extensions support the dynamic creation of multiple SIDs. New Media Access Control (MAC) messages dynamically add, delete, and modify SIDs when needed. When a phone connected to the router is taken off-hook, the Cisco uBR905 router creates a SID that has the QoS parameters needed for that particular voice call. When the call terminates, the router deletes the SID, releasing its bandwidth for use elsewhere.

The DOCSIS 1.0+ features are introduced in Cisco IOS Software Release 12.0(7) XR and 12.1(1) T.

Note Both the Cisco uBR905 Cable Access Router and the CMTS must support the dynamic multi-SID and concatenation features for them to be used on the cable network. If you are using the Cisco uBR7200 series universal broadband router as the CMTS, Cisco IOS Release 12.1(1) T (or later) is required on the Cisco uBR7200 series routers to use these features.

DOCSIS Baseline Privacy Interface (BPI)

The DOCSIS Baseline Privacy Interface (BPI) feature is based on the DOCSIS BPI Specification (SP-BPI-I02-990319 or later revision). It provides data privacy across the Hybrid Fiber-Coaxial (HFC) network by encrypting traffic flows between the Cisco uBR905 Cable Access Router and the cable operator's CMTS.

The BPI+ (BPI Plus) feature is an enhancement to the BPI feature and is based on the DOCSIS BPI+ Specification (SP-BPI+-I04-000407 or later revision), which is still in development. In addition to the regular BPI features, BPI+ provides more secure authentication of cable modems through the use of digital certificates. Also, a cable modem can use a digital signature to verify that the software image it has downloaded has not been altered or corrupted in transit.

Note Cisco IOS Release 12.1(3a)XL2 supports BPI encryption but not BPI+ encryption. The CMTS and Cisco uBR905 Cable Access Router must both support and enable BPI to use its features.

DOCSIS Baseline Privacy Management Information Base

The Baseline Privacy Management Information Base (MIB), as currently defined, is available in Cisco IOS Release 12.1(3a)XL2 code. BPI allows a Simple Network Management Protocol (SNMP) manager to monitor and manage the Cisco uBR905 Cable Access Router's BPI configuration, including whether BPI is enabled, status of current authorization keys, current timeout values, real-time status counters, and additional information about authorization errors.

Note The SNMP manager must load the DOCSIS-BPI-MIB.my MIB to access the BPI attributes. See the section "Cable-Specific MIBs" on page 19 for details.

Dynamic Host Configuration Protocol Proxy Support

The DHCP Proxy Support feature helps to automate the configuration of the Cisco uBR905 Cable Access Router in two situations:

When the Cisco uBR905 Cable Access Router is configured for routing mode, an IP address must be assigned to its Ethernet interface. The DHCP Proxy Support feature allows an external DHCP server to assign an IP address to the Ethernet interface, as opposed to having to assign it manually with the appropriate command line interface (CLI) commands.

When network address translation (NAT) is used, an inside global address pool must be created on the Ethernet interface. The DHCP Proxy Support feature allows a DHCP server to assign an IP address that automatically creates the NAT address pool, as opposed to manually specifying a static IP address with the appropriate command line interface (CLI) commands.

When configured for DHCP Proxy Support, during startup the Cisco uBR905 Cable Access Router sends a proxy DHCP request to the DHCP server using the Ethernet interface's MAC address. The DHCP server replies with a second IP address that the router assigns to either the Ethernet interface or to the NAT pool, depending on which option was specified.

Easy IP—DHCP Server and NAT/PAT

The Easy IP feature set includes the following features to automate the assignment and use of IP addresses:

The DHCP server feature on the Cisco uBR905 Cable Access Router includes both Intelligent DHCP Relay and DHCP Client functionality. A DHCP Relay Agent is any host that forwards DHCP packets between clients and servers—this enables the client and server to reside on separate subnets. If the Cisco uBR905 Cable Access Router DHCP server cannot satisfy a DHCP request from its own database, it can act as a DHCP proxy agent by forwarding the DHCP request to one or more secondary DHCP servers.

Network address translation (NAT) and port address translation (PAT) frees a private network from needing a worldwide unique IP address for every computer connected to the Internet. Instead, the Cisco uBR905 Cable Access Router translates the IP addresses used on the private network into a global IP address that can be used on the Internet. One IP address can be used for multiple computers because a unique port address identifies the individual computers on the private network.

Note NAT and PAT are defined in Requests for Comments (RFC) 1631.

Enhanced Bridging

The Cisco uBR905 Cable Access Router contains four RJ-45 (10BaseT Ethernet) hub ports, which can be connected to four computers directly or one of the four ports to an Ethernet hub. The Ethernet hub connects additional computers or devices at the site. A maximum of 254 devices can be bridged in DOCSIS bridging mode; no limit exists in routing mode.

Full and DOCSIS-Compliant Bridging

DOCSIS-compliant bridging allows the Cisco uBR905 Cable Access Router to operate as a DOCSIS 1.0 cable modem, so that it can interoperate with any DOCSIS-qualified CMTS. This is the default mode of operation for the Cisco uBR905 Cable Access Router.

HSRP Support for ICMP Redirects (CSCdp37610)

The HSRP Support for ICMP Redirects feature enables Internet Control Message Protocol (ICMP) redirection on interfaces configured with the Hot Standby Router Protocol.

When running HSRP, it is important to prevent hosts from discovering the interface (or real) MAC addresses of routers in the HSRP group. If a host is redirected by ICMP to the real MAC address of a router, and that router later fails, then packets from the host will be lost. Previously, ICMP redirect messages were automatically disabled on interfaces configured with HSRP.

This feature now enables ICMP redirects on interfaces configured with HSRP. This functionality works by filtering outgoing ICMP redirect messages through HSRP, where the next-hop IP address may be changed to an HSRP virtual IP address.

IP Address Negotiation

The Cisco uBR905 Cable Access Router supports the ip address dhcp command on the cable interface. Older Cisco IOS releases used the ip address negotiated command for this purpose, but this command is now reserved for serial interfaces.

IPSec Encryption (56-bit and 3DES)

IPSec Network Security (IPSec) is an IP security feature that provides robust authentications and encryption of IP packets. IPSec is a framework of open standards developed by the Internet Engineering Task Force (IETF). IPSec provides security for transmission of sensitive information over unprotected networks such as the Internet. IPSec acts at the network layer, protecting and authenticating IP packets between participating IPSec devices ("peers") such as the Cisco uBR905 Cable Access Router.

IPSec provides the following network security services:

Privacy—IPSec can encrypt packets before transmitting them across a network.

Integrity—IPSec authenticates packets at the destination peer to ensure that the data has not been altered during transmission.

Authentication—Peers authenticate the source of all IPSec-protected packets.

Anti-replay protection—Prevents capture and replay of packets; helps protect against denial-of-service attacks.

3DES—Triple DES (3DES) images increase the encryption/decryption from the 56-bit IPSec feature set to 168 bits.

Layer 2 Tunneling Protocol

Layer 2 Tunneling Protocol (L2TP) is an emerging Internet Engineering Task Force (IETF) standard that combines Cisco's Layer 2 Forwarding (L2F) and Microsoft's Point-to-Point Tunneling Protocol (PPTP). L2TP is an extension of the Point-to-Point Protocol (PPP), which is an important component for Access Virtual Private Networks (VPNs).

Traditional dial-up networking services only supported registered IP addresses, which limited the types of applications that could be implemented over VPNs. L2TP supports multiple protocols and unregistered and privately administered IP addresses over the Internet. This allows the existing access infrastructure, such as the Internet, modems, access servers, and ISDN terminal adapters (TAs), to be used.

L2TP can be initiated wherever PPTP or L2F is currently deployed and can be operated as a client initiated tunnel, such as PPTP, or a network access server (NAS) initiated tunnel, such as L2F.

Refer to the section Limitations and Restrictions on page 14 for information regarding the functionality of the Cisco uBR905 Cable Access Router in L2TP applications.

Management Information Base (MIB) Features

Cisco IOS Release 12.1(3a)XL2 supports the following MIB features:

Baseline Privacy Interface (BPI) MIBs

Cable Device MIBs

Cisco Standard MIBs

Radio Frequency Interface MIBs

RFC 2233 Support

In Cisco IOS Release 12.1(3a)XL2, the IF-MIB MIB supports RFC 2233, which obsoletes the previous RFC 1573. This change adds the "ifCounterDiscontinuityTime" attribute and changes the "ifTableLastChange attribute."

In addition, this feature adds support for RFC 2233-compliant link up and link down traps. By default, link up and link down traps are implemented as given in the CISCO-IF-CAPABILITY.my MIB. To generate link up and link down traps as defined by RFC 2233, use the snmp-server trap link ietf global configuration command.

Routing (RIP V2)

When configured for routing mode, the Cisco uBR905 Cable Access Router supports the Routing Information Protocol Version 2 (RIPv2). In routing mode the Cisco uBR905 Cable Access Router automatically configures itself to use the headend's IP address as its IP default gateway. This allows the Cisco uBR905 Cable Access Router to send packets not intended for the private LAN to the headend for delivery to the Internet and other networks.

Note The Cisco uBR905 Cable Access Router supports only static routes and the RIP routing protocol.

Secure Shell Version 1 Client Support

The Secure Shell (SSH) protocol provides for authentication and encryption at the application layer, providing a secure connection even when BPI or IPSec authentication and encryption are not used at the network layer.

By default, the SSH feature uses 56-bit DES encryption. Higher security 168-bit 3DES encryption is available when using Cisco IOS images that support 3DES IPSec encryption. (The SSH client must also support the same level of encryption.)

In Cisco IOS Release 12.1(3a)XL2, SSH support includes the following features:

SSH server support allows users to use an SSH connection to log in to the Cisco uBR905 router.

SSH client support allows a user logged in to the Cisco uBR905 Cable Access Router to log in to another router using SSH authentication and encryption.

DES and 3DES encryption are supported, depending on the capabilities of the Cisco IOS image being used.

RSA authentication. (RSA stands for Rivest, Shamir, and Adelman, inventors of a public-key cryptographic system.)

Note For configuration and other information, see the Secure Shell Version 1 Client feature module, available on CCO and the Documentation CD-ROM.

SNMP Enhancements

Cisco IOS Release 12.1(3a)XL2 supports RFC 2669 and RFC 2670 for the DOCS-CABLE-DEVICE-MIB and DOCS-IF-MIB MIBs, respectively.

VPN Enhancement—Dynamic Crypto Map

Dynamic crypto map is one of the Cisco PIX IPSec network security commands. IPSec provides security for transmission of sensitive information over unprotected networks such as the Internet.

The dynamic crypto map command is used to create policy templates that are used when processing negotiation requests for new security associations from a remote IPSec peer, even if you do not know all of the crypto map parameters required to communicate with the remote peer (such as the peer's IP address). The dynamic crypto map allows you to accept requests for new security associations from previously unknown peers. These requests, however, are not processed until the Internet Security Association and Key Management Protocol (ISAKMP) Internet Key Exchange (IKE) authentication has completed successfully.

When the firewall receives a negotiation request via IKE from another IPSec peer, the request is examined to see if it matches a crypto map entry. If the negotiation does not match any explicit crypto map entry, it will be rejected unless the crypto map set includes a reference to a dynamic crypto map.

If the firewall accepts the peer's request, at the point that it installs the new IPSec security associations, it also installs a temporary crypto map entry. This entry is filled in with the results of the negotiation. At this point, the firewall performs normal processing, using this temporary crypto map entry as a normal entry, even requesting new security associations if the current ones are expiring (based on the policy specified in the temporary crypto map entry). After all of the corresponding security associations expire, the temporary crypto map entry is removed.

Dynamic crypto map sets are not used for initiating IPSec security associations. However, they are used for determining whether traffic should be protected.

Note The only parameter required in a dynamic crypto map command is the set transform-set. All other parameters are optional.

Limitations and Restrictions

This section describes warnings and cautions about using Cisco IOS Release 12.1(3a)XL2 software.

Bridging Support

The Cisco uBR905 Cable Access Router interoperates with DOCSIS cable networks. Cisco IOS Release 12.1(3a)XL2 does not support bridging traffic across a non-DOCSIS cable network.

DOCSIS CLI Commands are Removed

To comply with DOCSIS requirements that restrict access to commands that change DOCSIS parameters, Cisco IOS Release 12.1(3a)XL2 has removed a number of commands from the CLI. The following commands are now reserved exclusively for DOCSIS use:

[no] cable-modem downstream saved channel

[no] cable-modem fast-search

[no] cable-modem downstream symbol rate

[no] cable-modem transmit-power

[no] cable-modem upstream preamble qpsk

GRE IP Tunnels Are Not Supported

Generic routing encapsulation (GRE) IP tunnels cannot be built between two Cisco uBR905 Cable Access Routers because GRE IP tunnels are not supported in any Cisco IOS image for the Cisco uBR905 Cable Access Routers. IPSec tunnels, however, are supported when using Cisco IOS images that support IPSec encryption.

IP Address Negotiation

The DOCSIS specifications require that a cable modem obtain its IP address at power-on or reset from a DHCP server that is available through the cable interface. For this reason, the Cisco uBR905 Cable Access Router defaults to a configuration that uses the ip address dhcp command for the cable interface. It is not possible to override this setting by specifying a specific static IP address; to assign a static IP address to the Cisco uBR905 router, configure the DHCP server so that it assigns the desired IP address on the basis of the unit's MAC address.

Note The ip address negotiated command cannot be used on the cable interface because this command is reserved exclusively for the serial interface. However, in Cisco IOS Release 12.1(3a)XL2 when the ip address dhcp command is used for cable interfaces, the configuration files still show the ip address negotiated command, which can generate an "invalid input" error during boot. This is only a cosmetic issue and does not affect the unit's functionality. See the description of caveat CSCdr61697, for more information.

Upgrading Software Images Using BPI

To enable BPI encryption, the Cisco uBR905 Cable Access Router must use a Cisco IOS image that supports BPI encryption. If the router's current software image does not support BPI encryption (or if the current software image is corrupted), you must disable BPI encryption in the DOCSIS configuration file and reset the router before you will be able to download a new software image.

Using Access Lists 100 and 101

Access lists 100 and 101 are reserved for DOCSIS use and should never be configured manually on the Cisco uBR905 Cable Access Router. Use any access lists 102 through 199 instead.

Using Multiple PCs with the Cisco uBR905 Cable Access Router

The "MAX CPE" parameter in a Cisco uBR905 Cable Access Router's DOCSIS configuration file determines how many PCs (or other CPE devices) are supported by the Cisco uBR905 Cable Access Router. The default value for the "MAX CPE" parameter is 1, which means only one PC can be connected to the Cisco uBR905 Cable Access Router.

The DOCSIS 1.0 specification states that a CMTS cannot age-out MAC addresses for CPE devices, so the first PC that is connected to the Cisco uBR905 Cable Access Router is normally the only one that the CMTS recognizes as valid. If a subscriber replaces an existing PC or changes its network interface card (NIC) to one that has a different MAC address, the CMTS will refuse to let the PC come online because this would exceed the maximum number of CPE devices specified by the "MAX CPE" parameter. A similar thing would happen if a user decides to move a PC from one Cisco uBR905 router to another.

To allow a subscriber to replace an existing PC or NIC, the following workarounds are possible:

If using a Cisco uBR7200 series router as the CMTS, enter the clear cable host MAC address command on the Cisco uBR7200 series router to remove the PC's MAC address from the router's internal address tables. The new PC will be rediscovered and associated with the correct Cisco uBR905 Cable Access Router during the next DHCP lease cycle.

Increase the value of the "MAX CPE" parameter in the Cisco uBR905 Cable Access Router's DOCSIS configuration file so that it can accommodate the desired number of PCs. Reset the Cisco uBR905 Cable Access Router to force it to load the new configuration file.

Using the Reset Switch

The reset switch on the back panel of the Cisco uBR905 Cable Access Router is recessed to prevent accidental resets of the router. To depress the switch, use a blunt object, such as a pen or pencil point; do not use a sharp object, such as a knife or awl, because this could damage the switch and the router's circuitry.

Important Notes

This section contains important information about using Cisco IOS Release 12.1(3a)XL2 software.

CPE Device Filtering

In Cisco IOS Release 12.1(3a)XL2 and above, the "docsDevCpeIpMax" attribute defaults to -1 instead of the default of 1, which was used in previous releases. This attribute controls the maximum number of CPE devices that can pass traffic through the router from its Ethernet interface as follows:

When "docsDevCpeIpMax" is set to -1, the Cisco uBR905 Cable Access Router does not filter any IP packets on the basis of their IP addresses, and CPE IP addresses are not added to the "docsDevFilterCpeTable" table.

When "docsDevCpeIpMax" is set to 0, the Cisco uBR905 Cable Access Router does not filter IP packets on the basis of the IP addresses. However, the source IP addresses are still entered into the "docsDevFilterCpeTable" table.

When "docsDevCpeIpMax" is set to a positive integer, it specifies the maximum number of IP addresses that can be entered into the "docsDevFilterCpeTable" table. The Cisco uBR905 Cable Access Router compares the source IP address for packets it receives from CPE devices to the addresses in this table. If a match is found, the packet is processed; otherwise, the packet is dropped.

CPE IP address filtering is done as part of the following process:

1. MAC address filtering—Packets are filtered on the basis of the CPE device's MAC address. This is controlled by the value of the "MAX CPE" parameter, which is set in the DOCSIS configuration file.

2. Link Level Control (LLC) filtering—Packets are filtered on the basis of the packet's protocol. This is controlled by the "docsDevFilterLLCTable" table.

3. CPE IP address filtering—Packets are filtered on the basis of the CPE device's IP address, as controlled by the "docsDevCpeIpMax" attribute and the "docsDevFilterCpeTable" table.

4. Access list filtering—Packets are filtered on the basis of access lists. IP filtering is controlled by the "docsDevFilterIpTable" table, and SNMP access filters are controlled by the "docsDevNmAccessTable" table.

See the DOCS-CABLE-DEVICE-MIB.my MIB for more information on the attributes and tables listed above.

Disabling the Finger Server

By default, the Cisco uBR900 series Cable Access Router enables its onboard TCP/IP "finger" server to allow remote users to query the number and identities of any users who are logged in to the router. Unless your network operations center (NOC) requires this service, it should be disabled to prevent denial of service attacks that access the finger server's well-known port (TCP port 79). To disable the finger server, include the no service finger command in the Cisco IOS configuration file that the router downloads at initial power-on.

Supported MIBs

The Cisco uBR905 Cable Access Router supports the following categories of MIBs:

Cable device MIBs—These MIBs are for DOCSIS-compliant cable modems and CMTS to record statistics related to the configuration and status of the cable modem. These MIBs include support for the MIB attributes defined in RFC 2669.

Cisco's standard MIBs—These MIBs are common across most of Cisco's router platforms. If your network management applications are already configured to support other Cisco routers, such as the Cisco 2600 series or Cisco 7200 series, no further configuration is needed unless the version of Cisco IOS software being used has updated these MIBs.

Radio Frequency Interface MIBs—These MIBs are for DOCSIS-compliant radio frequency interfaces in cable modems and CMTS. This MIB includes support for the MIB attributes defined in RFC 2670.

SNMP standard MIBs—These are the MIBs required by any agent supporting SNMPv1 or SNMPv2 network management.

Cable-specific MIBs—These MIBs provide information about the cable interface and related information on the Cisco uBR905 Cable Access Router. They include both DOCSIS-required MIBs and Cisco-specific enterprise MIBs. If your network management applications have not already been configured for the Cisco uBR905 Cable Access Router, these MIBs must be loaded.

Deprecated MIBs—These MIBs were supported in earlier releases of Cisco IOS software but have been replaced by more standardized, scalable MIBs. Network Management applications and scripts should convert to the replacement MIBs as soon as possible.

Cable Device MIBs

The Cisco uBR905 Cable Access Router supports the Cable Device MIB, which is defined by RFC 2669 and describes DOCSIS-compliant cable modems and CMTS. The Cable Device MIB records statistics related to the configuration and status of the cable modem. Statistics include an events log and device status. The following list details the components of the Cable Device MIB:

docsDevBase group extends the MIB-II "system" group with objects needed for cable device system management.

docsDevNmAccess group provides a minimum level of SNMP access security.

docsDevSoftware group provides information for network downloadable software upgrades.

docsDevServer group provides information about the progress of interaction with various provisioning servers.

docsDevEvent group provides information about the progress of reporting.

docsDevFilter group configures filters at link layer and IP layer for bridge data traffic.

The Cable Device MIB is very similar to the RFI MIB in that both allow access to statistics; they are different in that the Cable Device MIB reports statistics on the cable modem, and the RFI MIB reports statistics on the radio frequency transmissions over the cable television line.

Cisco Standard MIBs

The Cisco uBR905 Cable Access Router supports the Cisco Standard MIBs, which consist of the following components:

CISCO-PRODUCT-MIB

CISCO-SYSLOG-MIB

CISCO-FLASH-MIB

BRIDGE-MIB

IF-MIB (RFC 2233)

CiscoWorks/CiscoView support

Note The Cisco Management Information Base (MIB) User Quick Reference publication is no longer published. For the latest list of MIBs supported by Cisco, see the Cisco Network Management Toolkit on Cisco Connection Online (CCO). From the CCO home page, click on this path: Service & Support: Software Center: Network Mgmt Products: Cisco Network Management Toolkit: Cisco MIB

Radio Frequency Interface MIBs

The Cisco uBR905 Cable Access Router supports the Radio Frequency Interface (RFI) MIB. The RFI MIB module is defined in RFC 2670 and describes DOCSIS-compliant radio frequency interfaces in cable modems and CMTS. On the cable modem, RFI MIB entries provide:

Upstream and downstream channel characteristics

Class-of-service attributes

Physical signal quality of the downstream channels

Attributes of cable access router MAC interface

Status of several MAC layer counters

The RFI MIB includes tables describing both the CMTS and the cable modem side of the cable interface. All cable modem tables are implemented.

With IPSec, data can be transmitted across a public network without fear of observation, modification, or spoofing. This enables applications such as VPNs, extranets, and remote user access.

IPSec services are similar to those provided by Cisco Encryption Technology, a proprietary Cisco security solution. However, IPSec provides a more robust security solution, and is standards based.

Cable-Specific MIBs

Table 4 shows the cable-specific MIBs that are supported on the Cisco uBR905 Cable Access Router. This table also provides a brief description of each MIB's contents and the Cisco IOS software release in which the MIB was initially functional—earlier releases might have had unsupported prototype versions of the MIB; later releases might have added new attributes and functionality.

Note The names given in Table 4 are the filenames for the MIBs as they exist on Cisco's FTP site. Most MIBs are available in both SNMPv1 and SNMPv2 versions; the SNMPv1 versions have V1SMI as part of their filenames. Also see the Cisco MIBs home page at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.

Table 4 Supported MIBs for the Cisco uBR905 Cable Access Router 

MIB Filename
Description
Release

SNMPv2-SMI.my

SNMPv2-SMI-V1SMI.my

This module specifies the Structure of Management Information (SMI) for SNMPv2, as defined in RFC 1902.

12.1(3a)XL1

SNMPv2-TC.my

SNMPv2-TC-V1SMI.my

This module defines the textual conventions as specified in pages 4, 10-11 of RFC 854.

12.1(3a)XL1

CISCO-SMI.my

CISCO-SMI-V1SMI.my

This module specifies the Structure of Management Information (SMI) for Cisco's enterprise MIBs.

12.1(3a)XL1

CISCO-TC.my

CISCO-TC-V1SMI.my

This module defines the textual conventions used in Cisco's enterprise MIBs.

12.1(3a)XL1

IF-MIB.my

IF-MIB-V1SMI.my

This module describes generic objects for the Layer 3 network interface sublayers. This MIB is an updated version of MIB-II's if table, and incorporates the extensions defined in RFC 2233.

12.1(3a)XL1

CISCO-CABLE-SPECTRUM-MIB.my

CISCO-CABLE-SPECTRUM-MIB-V1SMI.my

This module describes the spectrum management flap list attributes.

12.1(3a)XL1

DOCS-IF-MIB.my

DOCS-IF-MIB-V1SMI.my

This module describes the DOCSIS-compliant Radio Frequency (RF) interfaces in cable modems and cable modem termination systems, as described in RFC 2670.

12.1(3a)XL1

DOCS-BPI-MIB.my

DOCS-BPI-MIB-V1SMI.my

This module describes the attributes for the DOCSIS-specified Baseline Privacy Interface (BPI) on cable modems and the CMTS.

12.1(3a)XL1

CISCO-DOCS-EXT-MIB.my

CISCO-DOCS-EXT-MIB-V1SMI.my

This module extends the DOCSIS standard RFI MIB (DOCS-IF-MIB) with Cisco-specific extensions, such as QoS attributes and connection status and other information regarding the cable modems and CPE devices supported by the CMTS.

12.1(3a)XL1

DOCS-CABLE-DEVICE-MIB.my

DOCS-CABLE-DEVICE-MIB-V1SMI.my

This module was previously known as the CABLE-DEVICE-MIB and contains cable-related objects for DOCSIS-compliant cable modems, as specified in RFC 2669.

12.1(3a)XL1


Note Because of interdependencies, the MIBs must be loaded in the order given in the table.

Deprecated MIBs

A number of Cisco-provided MIBs have been replaced with more scalable, standardized MIBs; these MIBs have filenames that start with "OLD" and first appeared in Cisco IOS Release 10.2. The functionality of these MIBs has already been incorporated into replacement MIBs, but the old MIBs are still present to support existing Cisco IOS products or network management system (NMS) applications. However, because the deprecated MIBs will be removed from support in the future, you should update your network management applications and scripts to refer to the table names and attributes that are found in the replacement MIBs.

Table 5 shows the deprecated MIBs and their replacements. In most cases, SNMPv1 and SNMPv2 replacements are available, but some MIBs are available only in one version. A few of the deprecated MIBs do not have replacement MIBs; support for these MIBs will be discontinued in a future release of Cisco IOS software.

Table 5 Replacements for Deprecated MIBs 

Deprecated MIB
Replacement MIBs
SNMPv1 MIB
SNMPv2 MIB

OLD-CISCO-APPLETALK-MIB

RFC1243-MIB

OLD-CISCO-CHASSIS-MIB

ENTITY-MIB-V1SMI

ENTITY-MIB

OLD-CISCO-CPU-MIB

CISCO-PROCESS-MIB

OLD-CISCO-DECNET-MIB

OLD-CISCO-ENV-MIB

CISCO-ENVMON-MIB-V1SMI

CISCO-ENVMON-MIB

OLD-CISCO-FLASH-MIB

CISCO-FLASH-MIB-V1SMI

CISCO-FLASH-MIB

OLD-CISCO-INTERFACES-MIB

IF-MIB-V1SMI

CISCO-QUEUE-MIB-V1SMI

IF-MIB

CISCO-QUEUE-MIB

OLD-CISCO-IP-MIB

OLD-CISCO-MEMORY-MIB

CISCO-MEMORY-POOL-MIB-V1SMI

CISCO-MEMORY-POOL-MIB

OLD-CISCO-NOVELL-MIB

NOVELL-IPX-MIB

OLD-CISCO-SYS-MIB

(Compilation of other OLD* MIBS)

OLD-CISCO-SYSTEM-MIB

CISCO-CONFIG-COPY-MIB-V1SMI

CISCO-CONFIG-COPY-MIB

OLD-CISCO-TCP-MIB

CISCO-TCP-MIB-V1SMI

CISCO-TCP-MIB

OLD-CISCO-TS-MIB

OLD-CISCO-VINES-MIB

CISCO-VINES-MIB-V1SMI

CISCO-VINES-MIB

OLD-CISCO-XNS-MIB


Note Some of the MIBs listed in Table 5 Table 5represent feature sets that are not supported on the Cisco uBR905 Cable Access Router.

Caveats

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.

This section contains open and resolved caveats for Cisco IOS Release 12.1(3a)XL2. All caveats in Release 12.1 T are also in Release 12.1(3a)XL2.

For information on caveats in Cisco IOS Release 12.1 T, see Caveats for Cisco IOS Release 12.1 T, which lists severity 1 and 2 caveats, and is located on CCO and the Documentation CD-ROM.

Note If you have an account with CCO, you can use Bug Navigator II to find caveats of any severity for any release. To reach Bug Navigator II, go to CCO and press Login. Then go to Software Center: Cisco IOS Software: Cisco Bugtool Navigator II. Another option is to go to http://www.cisco.com/support/bugtools (you must have an account on CCO to access this site).

Open Caveats—Cisco IOS Release12.1(3a)XL4

There are no open caveats specific to Cisco IOS Release 12.2(2)XA5 that require documentation in the release notes.

Resolved Caveats—Cisco IOS Release12.1(3a)XL4

All the caveats listed in this section are resolved in Cisco IOS Release 12.1(3a)XL4. This section describes only severity 1 and 2 caveats and select severity 3 caveats.

CSCdw65903

An error can occur with management protocol processing. Please use the following URL for further information:

http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903

Open Caveats—Release 12.1(3a)XL2

All the caveats listed in this section are open in Release 12.1(3a)XL2:

CSCdm38753

The Cisco uBR905 router, when running the NAT and firewall features, crashes if establishing roughly 150 Telnet sessions (using the solaris_telnet client). The workaround is to avoid creating that many Telnet sessions.

CSCdp76415 and CSCdp92139

Packets can be unexpectedly dropped on the upstream channel when the Cisco uBR905 is configured to use DOCSIS concatenation and the upstream is using 16 QAM symbol rate. The workaround is to configure the CMTS for a preamble with Unique Word 16 for both the short and long data burst profile. On the Cisco uBR7200 series universal broadband routers, this can be done with the cable modulation-profile global configuration command, specifying uw16 for both the long and short modulation profiles.

CSCdr28707

The show interface command can show an impossible number of CRC errors on the cable interface when transmitting VoIP traffic. When this error occurs, the number of CRC errors typically exceeds a billion errors and is greater than the total number of packets transmitted on the interface. The workaround is to use the show interface cable 0 counters command to display the correct number of errors.

CSCdr45850 and CSCdr46128

The Cisco uBR905 Cable Access Router might reload when using an access list numbered 100 or 101 while running Cisco IOS Release 12.1 XL images that support any form of IPSec encryption. Other access lists, however, can be used without problem.

Workaround: Do not configure access list numbers 100 and 101 for any purpose. Use access lists 102 through 199 instead.

&