Table Of Contents
Release Notes for the Cisco Home Agent 2.1 Feature in Cisco IOS Release 12.3(11)YF2
Determining the Software Version
Upgrading to a New Software Release
Cisco Mobile Wireless Software Features in Cisco IOS Release 12.3(11)YF2
Unresolved Caveats Prior to Cisco IOS Release 12.3(11)YF2
Unresolved Caveats Prior to Cisco IOS Release 12.3(11)YF1
Unresolved Caveats Prior to Cisco IOS Release 12.3(11)YF
Unresolved Caveats Prior to IOS 12.3(8)XW3
Unresolved Caveats Prior to IOS 12.3(8)XW2
Unresolved Caveats Prior to IOS 12.3(8)XW
Unresolved Caveats Prior to Cisco IOS Release 12.3(7)XJ1
Resolved Caveats Prior to Cisco IOS Release 12.3(11)YF2
Resolved Caveats Prior to Cisco IOS Release 12.3(11)YF1
Resolved Caveats Prior to 12.3(11)YF
Resolved Caveats Prior to 12.3(8)XW3
Resolved Caveats Prior to 12.3(8)XW2
Resolved Caveats Prior to 12.3(8)XW1
Resolved Caveats Prior to Cisco IOS 12.3(8)XW
Cisco IOS Software Documentation Set
Release 12.3 Documentation Set
Obtaining Technical Assistance
Cisco Technical Support Website
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Release Notes for the Cisco Home Agent 2.1 Feature in Cisco IOS Release 12.3(11)YF2
May 2005
Cisco IOS Release 12.3(11)YF2 is a special release that is based on Cisco IOS Release 12.3, with the addition of enhancements to the Cisco Mobile Wireless Home Agent feature. Cisco IOS Release 12.3(11)YF2 is optimized for the Cisco Mobile Wireless Home Agent Release 2.1 feature on the on the Cisco 7206VXR Router, the Cisco 7206VXR Router with Cisco NPE-G1 Network Processing Engine, for the Cisco Multi-Processor WAN Application Module on the Cisco 6500 Catalyst switch platform, and the 7600 Internet router platform.
Contents
These release notes include important information and caveats for the Cisco Mobile Wireless Home Agent software feature provided in Cisco IOS 12.3(11)YF2 for the Cisco 7206VXR Router with Cisco NPE-G1 Network Processing Engine, and the MWAM card on the 6500 Catalyst Switch and Cisco 7600 Series Router platforms.
Caveats for Cisco IOS Releases 12.3 can be found on CCO at:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123relnt/xprn123/index.htm
Release notes for Cisco 7000 Family for Release 12.3T can be found on CCO at:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123relnt/7000/index.htm
Release notes for the Cisco 6000 and 7600 Family for 12.3T can be found on CCO at:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/relnotes/index.htm
This release note includes the following topics:
•
Cisco Mobile Wireless Software Features in Cisco IOS Release 12.3(11)YF2
•
Introduction
The Cisco Mobile Wireless Home Agent (HA) maintains mobile user registrations and tunnels packets destined for the mobile to the PDSN/FA. It supports reverse tunneling, and can securely tunnel packets to the PDSN using IPSec. Broadcast packets are not tunneled. Additionally, the HA performs both static and dynamic home address assignment for the mobile. Home address assignment can be from address pools configured locally, through either DHCP, ODAP, or AAA server access.
System Requirements
This section describes the system requirements for Cisco IOS Release 12.3(11)YF2:
•
•
•
Memory Requirements
Table 1 shows the memory requirements for the Cisco Mobile Wireless Home Agent Software Feature Set that supports the Cisco 7206VXR Router, the Cisco 7206VXR Router with Cisco NPE-G1 Network Processing Engine, and the MWAM on the 6500 Catalyst Switch and Cisco 7600 Series Router. The table also lists the memory requirements for the IP Standard Feature Set (for the Cisco Mobile Wireless Home Agent [HA]).
Hardware Supported
The Cisco IOS Release 12.3(11)YF2 is a release optimized for the Cisco Home Agent Release 2.1 feature on the Cisco 7206VXR router platform, and for the Cisco Multi-Processor WAN Application Module on the Cisco 6500 Catalyst Switch platform and the 7600 Internet Router platform.
For recommended hardware configuration, and for a complete list of supported interfaces on the 7200 platform, refer to the 12.3(11)YF2 Product Bulletin. If you require a different configuration you should consult with your Cisco representative before you order.
The recommended hardware configuration for Home Agent Release 2.1 is based on a Catalyst 6500 or 7600 chassis with a SUP2/MSFC2, and 512 MB of DRAM.
A Cisco IPSec Services Module (VPNSM) is required for hardware support of IPSec. VAMII is used for 7200 and the Cisco IPSec VPN Services Module is used for 6500/7600.
Note
For a complete list of interfaces supported on 6500 and 7600 platforms, please refer to the on-line product information at Cisco.com home page. For hardware details on the 6500 and 7600 platforms, please refer to the Catalyst 6500 product specifications at http://www.cisco.com/en/US/products/hw/switches/ps708/index.html.
Software Compatibility
Cisco IOS Release 12.3(11)YF2 is a special release that is developed on Cisco IOS Release 12.3.
Cisco IOS Release 12.3(11)YF2 supports the same features that are in Cisco IOS Release 12.3, with the addition of the Cisco Home Agent Release 2.1 feature.
Determining the Software Version
To determine the version of Cisco IOS software running on your router, log in to the router and enter the show version EXEC command:
Router#show versionCisco Internetwork Operating System SoftwareIOS (tm) MWAM Software (MWAM-H1IS-M), Version 12.3(11)YF2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Synched to technology version 12.3(8)TTAC Support: http://www.cisco.com/tacCopyright (c) 1986-2004 by cisco Systems, Inc.Upgrading to a New Software Release
For information on upgrading to a new software release, see the product bulletin Cisco IOS Software Upgrade Ordering Instructions located at:
http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/957_pp.htm
MIBs
Old Cisco Management Information Bases (MIBs) will be replaced in a future release. Currently, OLD-CISCO-* MIBs are being converted into more scalable MIBs—without affecting existing Cisco IOS products or NMS applications. You can update from deprecated MIBs to the replacement MIBs as shown in Table 2.
Cisco IOS Feature Sets
The Cisco IOS software is packaged in feature sets consisting of software images—depending on the platform. Each feature set contains a specific set of Cisco IOS features.
Cisco IOS Release 12.3(11)YF2 supports the same feature sets as Cisco Release 12.2, with the exceptions that Cisco Release 12.3(11)YF2 includes the Cisco Home Agent Release 2.1 feature. The Home Agent Release 2.1 feature is optimized for the Cisco 7206 router, the Cisco 6500 Catalyst Switch, and the 7600 Internet Router.
Caution
Cisco Mobile Wireless Software Features in Cisco IOS Release 12.3(11)YF2
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Caveats
Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.
The"Open Caveats" section lists open caveats that apply to the current release and might also apply to previous releases.
The "Resolved Caveats" section lists caveats resolved in a particular release, which may have been open in previous releases.
Note
Open Caveats
The following caveats are unresolved in Cisco IOS Release 12.3(11)YF2:
•
On a Cisco MWAM based module acting as Home agent and handling calls and traffic to simulate background load conditions, when a processor acting as active is forcebly made standby by shutting down the interfaceNULLIDB tracebacks appear of the processor on which the transition is made.
This condition occurs when the interface is shut, or the PI link flaps.
Workaround: none. There is no functional breakdown of Home Agent. This traceback does not have any effect on Home Agent functionality.
•
Security-Association for the NAI is deleted when one of the flows are closed on the HA.
This symptom has been observed on a router that is running Cisco IOS release 12.3T under the following conditions:
–
–
–
*The above symptom is seen for NAI-based users when multiple MIP flows are opened with same NAI but different home-addresses.
Workaround: none.
•
A Cisco router running Home Agent R2.0 software and configured as Standby HA reloads when bindings are cleared while the standby exchanges HSRP state information with the active HA.
This condition exists when the bindings on the standby HA are cleared after reloading the active HA.
This problem is very rare and was seen only once during testing.
Workaround: none.
•
The active HA releases the DHCP address for the binding when the HSRP interface of the standby HA goes down, when proxy DHCP allocation is configured.
This condition is observed when the standby HA's HSRP interface is shut down while the active and standby has active Mobileip bindings with dynamic allocation using proxy DHCP.
Workaround: none.
•
On a Cisco 7200/7600 router running Home Agent R2.0 Software, spurious memory access is observed on the standby HA while opening and closing of bindings using DHCP.
This condition exists when opening and closing Mobile IP bindings using DHCP, and the HA is configured with redundancy.
Workaround: none.
•
Security violation counters are not incrementing in a Cisco router running 12.3T R2.0 Release HA software.
This condition occurs when MNHA authentication failed for an invalid SPI value .
Workaround: none.
•
The standby Home Agent reloads on receiving a bind update from the active when pre-emption is configured
The reload is observed only after repeating the switchover more than once .
Workaround: none.
•
On Cisco router running Release 2.0 PDSN software, when Proxy MIP flow is opened in a setup with HA-SLB(Directed Mode), the flow does not come up as the destination address set in the RRP seems to be incorrect.
This symptom occurs when Proxy MIP flow is opened with HA-SLB operating on Directed Mode. This issue is not seen when HA SLB used in Dispatched mode for PMIP flow.
Workaround: none.
•
Error condition for Registration request in the debug message is not reflecting the actual failure scenario.
Workaround: none.
•
Spurious memory access is observed on the Home Agent when Security associations are cleared and downloaded using the ip mob sec aaa-download rate 10 command.
The traceback is seen only when using the aaa-download rate command.
Workaround: none.
•
The SA is not getting dowloaded in standby HA.
This problem occurs under the following conditions:
–
–
–
Workaround: do not shut the HSRP interface in the standby HA.
•
When the MN NAI is unconfigured and configured again, the HA rejects the binding for that NAI.
This only occurs when the NAI is unconfigured and configured, and tries to register with HA.
This happens in local pool, static and DHCP address allocation schemes.
Workaround: do not unconfigure the NAI in HA for which the registration has to be made.
•
The HA drops RRQ under following conditions:
–
–
Workaround: ensure that the MN and FA do not send an unknown extension in RRQ.
•
When ip mobile home-agent nat traversal keepalive value is configured, the following configurations appear:
ip mobile home-agent revocation traversal keepalive valueip mobile home-agent nat traversal keepalive valueThis has no effect on revocation or NAT traversal feature behavior, but, when the HA is reloaded, revocation may get disabled.
Workaround: remove ip mobile home-agent revocation traversal keepalive value from the startup configuration, or reconfigure revocation manually on reload.
•
Cisco router running release 2.0 HA software and configured with DFP does not send weight updates when the ip mobile home-agent dynamic-address ip-addr command is not configured.
Workaround: configure the ip mobile home-agent dynamic-address ip-addr command.
•
Binding does not sync to the standby HA when the configuration is changed from group to a single user.
This condition occurs when the ip mobile host nai command is initially configured for a group of users, and then unconfigured and changed to a single user.
Workaround: do not change the configuration from group to per-user.
•
On a Cisco PDSN/Home agent running an R2.0 image, the security association for the MN is not stored permanantly on the HA even though the aaa load-sa permanent option is configured for the nai on the HA.
This condition occurs when the security association for the MN is deleted on the HA on de-registration, even when the aaa load-sa permanent option is configured for the nai on the HA.
Workaround: none.
Unresolved Caveats Prior to Cisco IOS Release 12.3(11)YF2
The following caveats are unresolved in Cisco IOS Release 12.3(11)YF1:
•
On a Cisco MWAM based module acting as Home agent and handling calls and traffic to simulate background load conditions, when a processor acting as active is forcebly made standby by shutting down the interfaceNULLIDB tracebacks appear of the processor on which the transition is made.
This condition occurs when the interface is shut, or the PI link flaps.
Workaround: none. There is no functional breakdown of Home Agent. This traceback does not have any effect on Home Agent functionality.
•
Security-Association for the NAI is deleted when one of the flows are closed on the HA.
This symptom has been observed on a router that is running Cisco IOS release 12.3T under the following conditions:
–
–
–
*The above symptom is seen for NAI-based users when multiple MIP flows are opened with same NAI but different home-addresses.
Workaround: none.
•
A Cisco router running Home Agent R2.0 software and configured as Standby HA reloads when bindings are cleared while the standby exchanges HSRP state information with the active HA.
This condition exists when the bindings on the standby HA are cleared after reloading the active HA.
This problem is very rare and was seen only once during testing.
Workaround: none.
•
The active HA releases the DHCP address for the binding when the HSRP interface of the standby HA goes down, when proxy DHCP allocation is configured.
This condition is observed when the standby HA's HSRP interface is shut down while the active and standby has active Mobileip bindings with dynamic allocation using proxy DHCP.
Workaround: none.
•
On a Cisco 7200/7600 router running Home Agent R2.0 Software, spurious memory access is observed on the standby HA while opening and closing of bindings using DHCP.
This condition exists when opening and closing Mobile IP bindings using DHCP, and the HA is configured with redundancy.
Workaround: none.
•
Security violation counters are not incrementing in a Cisco router running 12.3T R2.0 Release HA software.
This condition occurs when MNHA authentication failed for an invalid SPI value .
Workaround: none.
•
The standby Home Agent reloads on receiving a bind update from the active when pre-emption is configured
The reload is observed only after repeating the switchover more than once .
Workaround: none.
•
On Cisco router running Release 2.0 PDSN software, when Proxy MIP flow is opened in a setup with HA-SLB(Directed Mode), the flow does not come up as the destination address set in the RRP seems to be incorrect.
This symptom occurs when Proxy MIP flow is opened with HA-SLB operating on Directed Mode. This issue is not seen when HA SLB used in Dispatched mode for PMIP flow.
Workaround: none.
•
Error condition for Registration request in the debug message is not reflecting the actual failure scenario.
Workaround: none.
•
Spurious memory access is observed on the Home Agent when Security associations are cleared and downloaded using the ip mob sec aaa-download rate 10 command.
The traceback is seen only when using the aaa-download rate command.
Workaround: none.
•
The SA is not getting dowloaded in standby HA.
This problem occurs under the following conditions:
–
–
–
Workaround: do not shut the HSRP interface in the standby HA.
•
When the MN NAI is unconfigured and configured again, the HA rejects the binding for that NAI.
This only occurs when the NAI is unconfigured and configured, and tries to register with HA.
This happens in local pool, static and DHCP address allocation schemes.
Workaround: do not unconfigure the NAI in HA for which the registration has to be made.
•
The HA drops RRQ under following conditions:
–
–
Workaround: ensure that the MN and FA do not send an unknown extension in RRQ.
•
When ip mobile home-agent nat traversal keepalive value is configured, the following configurations appear:
ip mobile home-agent revocation traversal keepalive valueip mobile home-agent nat traversal keepalive valueThis has no effect on revocation or NAT traversal feature behavior, but, when the HA is reloaded, revocation may get disabled.
Workaround: remove ip mobile home-agent revocation traversal keepalive value from the startup configuration, or reconfigure revocation manually on reload.
•
Cisco router running release 2.0 HA software and configured with DFP does not send weight updates when the ip mobile home-agent dynamic-address ip-addr command is not configured.
Workaround: configure the ip mobile home-agent dynamic-address ip-addr command.
•
Binding does not sync to the standby HA when the configuration is changed from group to a single user.
This condition occurs when the ip mobile host nai command is initially configured for a group of users, and then unconfigured and changed to a single user.
Workaround: do not change the configuration from group to per-user.
•
On a Cisco PDSN/Home agent running an R2.0 image, the security association for the MN is not stored permanantly on the HA even though the aaa load-sa permanent option is configured for the nai on the HA.
This condition occurs when the security association for the MN is deleted on the HA on de-registration, even when the aaa load-sa permanent option is configured for the nai on the HA.
Workaround: none.
•
A Cisco Home Agent (HA) does not clear bindings on the standby HA when the HSRP interface is shut.
Workaround: clear the bindings manually when the interface is shutdown.
Unresolved Caveats Prior to Cisco IOS Release 12.3(11)YF1
The following caveats are unresolved in Cisco IOS Release 12.3(11)YF:
•
On a Cisco 7200/7600 router running Home Agent R2.0 Software, a memory leak is observed on both active and standby HA while opening 8000 MOIP tunnels.
Workaround: none.
•
On a Cisco MWAM based module acting as Home agent and handling calls and traffic to simulate background load conditions, when a processor acting as active is forcebly made standby by shutting down the interfaceNULLIDB tracebacks appear of the processor on which the transition is made.
This condition occurs when the interface is shut, or the PI link flaps.
Workaround: none. There is no functional breakdown of Home Agent. This traceback does not have any effect on Home Agent functionality.
•
Security-Association for the NAI is deleted when one of the flows are closed on the HA.
This symptom has been observed on a router that is running Cisco IOS release 12.3T under the following conditions:
–
–
–
*The above symptom is seen for NAI-based users when multiple MIP flows are opened with same NAI but different home-addresses.
Workaround: none.
•
A Cisco router running Home Agent R2.0 software and configured as Standby HA reloads when bindings are cleared while the standby exchanges HSRP state information with the active HA.
This condition exists when the bindings on the standby HA are cleared after reloading the active HA.
This problem is very rare and was seen only once during testing.
Workaround: none.
•
On a Cisco 7200/7600 router running Home Agent R2.0 software, alignment and spurious memory errors occur and HA may reload when bindings are cleared after a stress test.
The errors are seen only when NAI related CLI (ip mobile host nai) is configured and unconfigured while mobiles are sending messages, traffic is flowing upstream through the sessions established by these nodes, and Change of Authorization messages are sent by the radius server.
Workaround: do not change the NAI related configuration for a mobile while sessions are being brought up or down.
•
The active HA releases the DHCP address for the binding when the HSRP interface of the standby HA goes down, when proxy DHCP allocation is configured.
This condition is observed when the standby HA's HSRP interface is shut down while the active and standby has active Mobileip bindings with dynamic allocation using proxy DHCP.
Workaround: none.
•
On a Cisco 7200/7600 router running Home Agent R2.0 Software, spurious memory access is observed on the standby HA while opening and closing of bindings using DHCP.
This condition exists when opening and closing Mobile IP bindings using DHCP, and the HA is configured with redundancy.
Workaround: none.
•
Security violation counters are not incrementing in a Cisco router running 12.3T R2.0 Release HA software.
This condition occurs when MNHA authentication failed for an invalid SPI value .
Workaround: none.
•
The standby Home Agent reloads on receiving a bind update from the active when pre-emption is configured
The reload is observed only after repeating the switchover more than once .
Workaround: none.
•
On Cisco router running Release 2.0 PDSN software, when Proxy MIP flow is opened in a setup with HA-SLB(Directed Mode), the flow does not come up as the destination address set in the RRP seems to be incorrect.
This symptom occurs when Proxy MIP flow is opened with HA-SLB operating on Directed Mode. This issue is not seen when HA SLB used in Dispatched mode for PMIP flow.
Workaround: none.
•
Error condition for Registration request in the debug message is not reflecting the actual failure scenario.
Workaround: none.
•
Spurious memory access is observed on the Home Agent when Security associations are cleared and downloaded using the ip mob sec aaa-download rate 10 command.
The traceback is seen only when using the aaa-download rate command.
Workaround: none.
•
The SA is not getting dowloaded in standby HA.
This problem occurs under the following conditions:
–
–
–
Workaround: do not shut the HSRP interface in the standby HA.
•
When the MN NAI is unconfigured and configured again, the HA rejects the binding for that NAI.
This only occurs when the NAI is unconfigured and configured, and tries to register with HA.
This happens in local pool, static and DHCP address allocation schemes.
Workaround: do not unconfigure the NAI in HA for which the registration has to be made.
•
The HA drops RRQ under following conditions:
–
–
Workaround: ensure that the MN and FA do not send an unknown extension in RRQ.
•
When ip mobile home-agent nat traversal keepalive value is configured, the following configurations appear:
ip mobile home-agent revocation traversal keepalive valueip mobile home-agent nat traversal keepalive valueThis has no effect on revocation or NAT traversal feature behavior, but, when the HA is reloaded, revocation may get disabled.
Workaround: remove ip mobile home-agent revocation traversal keepalive value from the startup configuration, or reconfigure revocation manually on reload.
•
Cisco router running release 2.0 HA software and configured with DFP does not send weight updates when the ip mobile home-agent dynamic-address ip-addr command is not configured.
Workaround: configure the ip mobile home-agent dynamic-address ip-addr command.
•
Binding does not sync to the standby HA when the configuration is changed from group to a single user.
This condition occurs when the ip mobile host nai command is initially configured for a group of users, and then unconfigured and changed to a single user.
Workaround: do not change the configuration from group to per-user.
•
The standby ODAP client changes its state to active without any changes in the configuration either in active or standby ODAP clients.
The active client is in the active state when the stanby client changes its state.
This condition is very rare. After a few open/close and reopening of bindings for MIP flow, this behaviour was observed.
Workaround: none.
•
The standby HA reloaded when the DHCP server interface connected to the standby HA (DHCP client) is shut and no shut.
This condition only occurs when the DHCP server interface is shut/no shut.
Workaround: do not shutdown the DHCP server interface.
•
Ona Cisco router running release 2.1 PDSN software and acting as an ODAP client, when the DHCP pool is configured and a subnet is being leased from the ODAP server, the client reloads.
This condition occurs when the DHCP pool is configured and is expecting a subnet from the ODAP server.
Workaround: none.
•
On Cisco router running Release 2.1 HA software, both the active and standby HA got reloaded simultaneously when the clear ip dhcp subnet command was issued on the active HA immediately after closing the PMIP flows. This reload is not reproducible.
This behaviour is seen only if the HA is configured for ODAP client redundancy. Under normal conditions, no issues seen.
Workaround: none.
•
On Cisco router running Release 2.1 HA software, the standby HA got reloaded when the HA is configured for DHCP . This reload is not reproducible.
This behaviour is seen only if the HA is configured for ODAP Client redundancy .Under normal scenarios, no issues were seen.
Workaround: none.
Unresolved Caveats Prior to Cisco IOS Release 12.3(11)YF
The following Cisco Mobile Wireless Home Agent Release 2.0 caveats are unresolved in Cisco IOS Release 12.3(8)XW3:
•
On a Cisco 7200/7600 router running Home Agent R2.0 Software, a memory leak is observed on both active and standby HA, while opening 8000 MOIP tunnels.
Workaround: none.
•
On a Cisco MWAM based module acting as Home agent and handling calls and traffic to simulate background load conditions, when a processor acting as active is forcibly made standby by shutting down the interface NULLIDB, tracebacks appear of the processor on which the transition is made.
This condition exists when the interface is shut or the PI link flaps.
Workaround: No known workaround exits. Any conditions that trigger the switchover will expose the tracebacks.
•
The Security-Association for the NAI is deleted when one of the flows are closed on HA. This symptom has been observed on a router that is running Cisco IOS release 12.3T.
The following conditions exist:
–
–
–
Workaround: none.
•
A Cisco router running Home Agent R2.0 software and configured as Standby HA reloads when bindings are cleared while the standby exchanges HSRP state information with the active HA.
This condition exists when the bindings on the standby HA are cleared after reloading the active HA.
This problem is very rare and was seen only once during testing.
Workaround: none.
•
On a Cisco 7200/7600 router running Home Agent R2.0 software, alignment and spurious memory errors occur and HA may reload when bindings are cleared after a stress test.
The errors are seen only when NAI related CLI (ip mobile host nai) is configured and unconfigured while mobiles are sending messages, traffic is flowing upstream through the sessions established by these nodes, and Change of Authorization messages are sent by the radius server.
Workaround: do not change the NAI related configuration for a mobile while sessions are being brought up or down.
•
The active HA releases the DHCP address for the binding when the HSRP interface of the standby HA goes down, when proxy DHCP allocation is configured.
This condition is observed when the standby HA's HSRP interface is shut down while the active and standby has active Mobileip bindings with dynamic allocation using proxy DHCP.
Workaround: none.
•
On a Cisco 7200/7600 router running Home Agent R2.0 Software, spurious memory access is observed on the standby HA while opening and closing of bindings using DHCP.
This condition exists when opening and closing Mobile IP bindings using DHCP, and the HA is configured with redundancy.
Workaround: none.
•
On a Cisco 7200/7600 router running Home agent R2.0 Software tracebacks observed while opening bindings with DHCP.
This condition exists when opening and closing 30000 MOIP bindings with 30 calls/sec using DHCP, then opening 30000 MOIP bindings with DHCP and accounting configuration. Tracebacks are observed on the active HA after opening of bindings.
Workaround: none.
•
On a Cisco 7200/7600 router running Home agent R2.0 software, the standby HA crashed after unconfiguring and configuring ip mobile host.
Workaround: none.
•
The standby Home Agent reloads on receiving a bind update from the active when pre-emption is configured
The reload is observed only after repeating the switchover more than once .
Workaround: none.
•
On a Cisco PDSN/Home agent running R2.0 image, PDSN/HA doesnt use the STC attribute value received in the Access-Accept message from AAA to enable/disable registration revocation capability for the user. The revocation capability can be enabled/disabled for all sessions on the box using CLI.
Workaround: none.
•
The HA drops RRQ under following conditions:
–
–
Workaround: ensure that the MN and FA do not send an unknown extension in RRQ.
•
When ip mobile home-agent nat traversal keepalive value is configured, the following configurations appear:
ip mobile home-agent revocation traversal keepalive valueip mobile home-agent nat traversal keepalive valueThis has no effect on revocation or NAT traversal feature behavior, but, when the HA is reloaded, revocation may get disabled.
Workaround: remove ip mobile home-agent revocation traversal keepalive value from the startup configuration, or reconfigure revocation manually on reload.
Unresolved Caveats Prior to IOS 12.3(8)XW3
The following caveats are unresolved in Cisco IOS Release 12.3(8)XW2:
•
On a Cisco 7200/7600 router running Home Agent R2.0 Software, a memory leak is observed on both active and standby HA, while opening 8000 MOIP tunnels.
Workaround: none.
•
On a Cisco MWAM module acting as Home Agent, when software upgrade is performed while background load is handled by MWAM module in a redundant setup tracebacks appear.
The tracebacks seem to interrupt the call processing and data processing capabilities of the MWAM on which the tracebacks appear.
Workaround: no known workaround exists. Attempts could be made to handle only small set of calls of about 20k calls in order to ensure all bindings as successfully transferred to standby HA (which has gone through s/w upgrade)
•
On a Cisco 7200/7600 router running Home Agent R2.0 Software, during flapping of MOIP bindings, both active and standby HA are crashed.
This condition occurs when flapping of MOIP bindings at 100 bindings/sec for about 4 hours.
Workaround: none.
•
On a Cisco MWAM based module acting as Home agent and handling calls and traffic to simulate background load conditions, when a processor acting as active is forcibly made standby by shutting down the interface NULLIDB, tracebacks appear of the processor on which the transition is made.
This condition exists when the interface is shut or the PI link flaps.
Workaround: No known workaround exits. Any conditions that trigger the switchover will expose the tracebacks.
•
The Security-Association for the NAI is deleted when one of the flows are closed on HA. This symptom has been observed on a router that is running Cisco IOS release 12.3T.
The following conditions exist:
–
–
–
Workaround: none.
•
A Cisco router running Home Agent R2.0 software and configured as Standby HA reloads when bindings are cleared while the standby exchanges HSRP state information with the active HA.
This condition exists when the bindings on the standby HA are cleared after reloading the active HA.
This problem is very rare and was seen only once during testing.
Workaround: none.
•
On a Cisco 7200/7600 router running Home Agent R2.0 software, alignment and spurious memory errors occur and HA may reload when bindings are cleared after a stress test.
The errors are seen only when NAI related CLI (ip mobile host nai) is configured and unconfigured while mobiles are sending messages, traffic is flowing upstream through the sessions established by these nodes, and Change of Authorization messages are sent by the radius server.
Workaround: do not change the NAI related configuration for a mobile while sessions are being brought up or down.
•
The active HA releases the DHCP address for the binding when the HSRP interface of the standby HA goes down, when proxy DHCP allocation is configured.
This condition is observed when the standby HA's HSRP interface is shut down while the active and standby has active Mobileip bindings with dynamic allocation using proxy DHCP.
Workaround: none.
•
On a Cisco 7200/7600 router running Home Agent R2.0 Software, spurious memory access is observed on the standby HA while opening and closing of bindings using DHCP.
This condition exists when opening and closing Mobile IP bindings using DHCP, and the HA is configured with redundancy.
Workaround: none.
•
On a Cisco 7200/7600 router running Home agent R2.0 Software tracebacks observed while opening bindings with DHCP.
This condition exists when opening and closing 30000 MOIP bindings with 30 calls/sec using DHCP, then opening 30000 MOIP bindings with DHCP and accounting configuration. Tracebacks are observed on the active HA after opening of bindings.
Workaround: none.
•
On a Cisco 7200/7600 router running Home agent R2.0 software, the standby HA crashed after unconfiguring and configuring ip mobile host.
Workaround: none.
•
The Home Agent stops DHCP-proxy lease after one iteration of active standby switchover for a Proxy Mobileip binding when dynamic address allocation is configured for the user.
Workaround: none.
•
The standby Home Agent reloads on receiving a bind update from the active when pre-emption is configured
The reload is observed only after repeating the switchover more than once .
Workaround: none.
•
The HA drops RRQ under following conditions:
–
–
Workaround: ensure that the MN and FA do not send an unknown extension in RRQ.
•
When ip mobile home-agent nat traversal keepalive 10 is configured, the following configurations appear:
ip mobile home-agent revocation traversal keepalive 10ip mobile home-agent nat traversal keepalive 10This has no effect on revocation or NAT traversal feature behavior, but, when the HA is reloaded, revocation may get disabled.
Workaround: remove ip mobile home-agent revocation traversal keepalive 10 from the startup configuration, or reconfigure revocation manually on reload.
•
When the PATed address or port changes, the HA does not change the remote tunnel endpoint. As a result, subsequent traffic does not get encoded correctly.
Workaround: none.
Unresolved Caveats Prior to IOS 12.3(8)XW2
The following caveats are unresolved in Cisco IOS Release 12.3(8)XW1:
•
On a 7200 VXR NPE-G1 functioning as Home Agent, significant drops are observed on Gigabit interface thereby causing a drop in performance of the product.
Workaround: none.
•
On a Cisco router running Home Agent release 2.0, Proxy Mobile IP flow fails to come up for "New Session" Hot-lining.
Workaround: none.
•
Flapping of MOIP bindings, the RF lost its peer. After some time the process received unknown tracebacks were observed on console.
Workaround: none.
•
Clearing the VRF routing table using the clear ip route command also deletes the route corresponding to the Mobile Node.
Workaround: do not clear IP routes using the clear ip route command.
•
While opening and closing bindings on Home Agent (HA) at a high rate, both active and standby HAs reloaded.
The following sequence of events caused both the active and standby HAs to reload:
–
–
–
–
–
Workaround: none.
•
When a Home Agent is handling calls and traffic to simulate background load conditions, and a processor acting as active is forcibly made standby by shutting down the interface, NULLIDB Trace backs will appear.
Workaround: none.
•
The show ip mobile binding vrf summary command displays the wrong value under the following conditions:
–
–
–
–
Workaround: ensure that VRF configuration exists before opening bindings.
•
The active HA reloads on unconfiguring the HSRP interface address, after opening a binding for a user with dhcp-proxy-client.
The following conditions exist
a.
b.
c.
d.
e.
f.
Workaround: unconfigure the HSRP interface IP address only if there are no active flows.
•
Security-Association for the NAI is deleted when one of the flows are closed on HA under the following conditions:
–
–
–
Workaround: none.
•
Lease time is not in sync on the active and standby HAs. This will result in the active and standby HAs being out of sync.
The following conditions exist:
–
–
–
Additional issues causing subnet renewal problem after switchover include:
a.
b.
Workaround: avoid getting into the first condition by not switching over until the new active has a chance to renew the leases.
Once the first condition manifests itself, manually clear the affected subnet from the active and standby units.
•
Subnets do not sync from Active ODAP server to standby, after standby is reload.
When you open a large number of bindings, the leased subnets are available on both active and standby ODAP servers. Reload the standby server using the reload command. After the standby comes back it is not synching subnets from active.
Workaround: none.
•
Both active and standby HAs keeps reloading with Redundancy Framework (RF) induced reload, one after the other. This behavior started after the active HA reloaded and preempted.
Workaround: none.
•
The standby HA reloads when bindings are cleared while the standby exchanges HSRP state information with the active HA. This problem is very rare and was seen only once during testing.
The bindings on the standby HA are cleared after reloading the active HA.
Workaround: none.
•
Spurious memory access is seen when the ip mobile home-agent aaa user-password command is configured, and a user with default password "cisco" tries to down load a security association from AAA.
Workaround: use default password "cisco".
•
Security Associations are not downloaded when the ip mobile secure aaa-download rate 100 command is configured.
Workaround: do not use the ip mobile secure aaa-download rate 100 command on the HA image.
•
Alignment and spurious memory errors occur, and the HA may reload when bindings are cleared after a stress test as explained in the conditions below.
The errors are seen only when NAI related CLI (ip mobile host nai) is configured and unconfigured while mobiles are sending messages, traffic is flowing upstream through the sessions established by these nodes, and Change of Authorization messages are sent by the RADIUS server.
Workaround: do not change the NAI related configuration for a mobile while sessions are being brought up or down.
•
The standby ODAP server reloads without any Preempt configuration on active with RF interdev config.
The ODAP servers are configured with redundancy (HSRP and RF interdev configured). On reload of an active MWAM card, the standby processor will become active. After some time the current active server reloads without any preempt configured on original active processor.
Workaround: none.
•
In a redundant HA setup, during an upgrade, when the standby HA is brought down with the new R2.0 load and brought back to service with the active HA still running the R1.2 load, bindings do not get synched to the HA with R2.0 load.
The active HA complains about unsupported VendorID in the BindInfo Request Bulk synch message sent by the standby HA, and sends back BindInfo Reply with unknown CVSE-Type error.
Workaround: upgrade when no active bindings are present.
•
Hot Lining is not enabled for a NAI-based MN with static IP address allocation.
If the ip mobile host command is configured with nai, instead of configuring realm and specifying static IP address allocation, as below, Hot-lining is not enabled for that host.
Workaround: none.
•
On a Cisco router running Home Agent Release 2.0 Software in a redundant network, spurious memory access is observed on standby HA while opening and closing of bindings using DHCP.
The problem only occurs when IP address allocation is from DHCP.
Workaround: none.
•
On a Cisco router running Home Agent Release 2.0 Software "Null IDB" tracebacks are observed while opening bindings with DHCP.
The following sequence of actions lead to this issue:
–
–
–
–
Workaround: none.
•
On a Cisco router running Home Agent Release 2.0 Software in a redundant mode, the standby HA reloads intermittently when unconfiguring and configuring ip mobile host command.
Workaround: none.
•
In a redundant Home Agent network, the option to use RFC2002bis or RFC2002 style of authentication calculation (learned by the active HA on a per-PDSN basis) is not relayed to the standby HA.
Workaround: none.
•
When a routemap name is configured for mobile ip tunnels using the ip mobile tunnel route-map command, you cannot unconfigure the route-map using no ip mobile tunnel route-map.
Workaround: There is no workaround to unconfigure the route-map configuration. However, if the running-config with the this CLI has not been saved to the memory, the router can be reloaded.
•
The HA reloads while processing 32-byte key in 3gpp2 format. Currently, the HA accepts MN-HA-SHARED-KEY or hex format key in Cisco Av-pair attribute of length 16 bytes only.
The expected behavior for other length keys in this format is to reject the RRQ.
Workaround: Use the MN-HA-SHARED-KEY of max 16 bytes
•
In an Active-Standby configuration, where both active and standby has equal priority, after an active to standby transition, when a MIP flow is closed, the active HA reloads.
Workaround: none.
Unresolved Caveats Prior to IOS 12.3(8)XW
The following caveats were unresolved in Cisco IOS Release 12.3(7)XJ1, which was the release branch just prior to IOS 12.3(8)XW:
•
On a 7200 VXR NPE-G1 functioning as Home Agent, significant drops are observed on Gigabit interface thereby causing a drop in performance of the product.
Workaround: none.
•
When bindings are brought up and torn down on IPSEC tunnels for an extended periods of time using multiple iterations, a is seen.
Workaround: none.
•
On a Cisco router running Home Agent release R2.0, Proxy Mobile IP flow fails to come up for "New Session" Hot-lining.
Workaround: none.
•
When flapping (Open and Closing) of Mobile IP Bindings with ODAP, the RF lost its peer. This happens only under stressed conditions.
Workaround: configure path-retransmit, assoc-transmit timeouts to avoid this problem.
•
Flapping of MOIP bindings, the RF lost its peer. After some time the process received unknown tracebacks were observed on console.
Workaround: none.
•
When mobile IP bindings are opened over different tunnels, and each over IPSEC tunnel, if the router loaded with HA is left idle for around 5 hours, the IPSEC tunnel goes down.
Workaround: none.
•
Clearing the VRF routing table using the clear ip route command also deletes the route corresponding to the Mobile Node.
Workaround: do not clear IP routes using the clear ip route command.
•
When ODAP with HA redundancy is configured, the subnets on the Standby and Active may not match as observed from show ip dhcp pool.
Workaround: clear the mismatched subnets manually using clear ip dhcp pool pool-name subnet command.
•
When the interface configured with crypto map has interface link state changes (due to administratively shutting the interface, or link connectivity issues), crypto map is removed from the interface. The problem is observed when the ip mobile tunnel crypto map map-name command is configured.
Workaround: remove the ip mobile tunnel crypto map configuration.
•
While opening and closing bindings on Home Agent (HA) at a high rate, both active and standby HAs reloaded.
The following sequence of events caused both the active and standby HAs to reload:
–
–
–
–
–
Workaround: none.
•
When a Home Agent is handling calls and traffic to simulate background load conditions, and a processor acting as active is forcibly made standby by shutting down the interface, NULLIDB Trace backs will appear.
Workaround: none.
•
The show ip mobile binding vrf summary command displays the wrong value under the following conditions:
–
–
–
–
Workaround: ensure that VRF configuration exists before opening bindings.
•
The active HA reloads on unconfiguring the HSRP interface address, after opening a binding for a user with dhcp-proxy-client.
The following conditions exist
a.
b.
c.
d.
e.
f.
Workaround: unconfigure the HSRP interface IP address only if there are no active flows.
•
Security-Association for the NAI is deleted when one of the flows are closed on HA under the following conditions:
–
–
–
Workaround: none.
•
Lease time is not in sync on the active and standby HAs. This will result in the active and standby HAs being out of sync.
The following conditions exist:
–
–
–
Additional issues causing subnet renewal problem after switchover include:
a.
b.
Workaround: avoid getting into the first condition by not switching over until the new active has a chance to renew the leases.
Once the first condition manifests itself, manually clear the affected subnet from the active and standby units.
•
Subnets do not sync from active ODAP server to standby, after standby is reload.
When you open a large number of bindings, the leased subnets are available on both active and standby ODAP servers. Reload the standby server using the reload command. After the standby comes back it is not synching subnets from active.
Workaround: none.
•
Both active and standby HAs keeps reloading with Redundancy Framework (RF) induced reload, one after the other. This behavior started after the active HA reloaded and preempted.
Workaround: none.
•
The standby HA reloads when bindings are cleared while the standby exchanges HSRP state information with the active HA. This problem is very rare and was seen only once during testing.
The bindings on the standby HA are cleared after reloading the active HA.
Workaround: none.
•
Spurious memory access is seen when the ip mobile home-agent aaa user-password command is configured, and a user with default password "cisco" tries to down load a security association from AAA.
Workaround: use default password "cisco".
•
Security Associations are not downloaded when the ip mobile secure aaa-download rate 100 command is configured.
Workaround: do not use the ip mobile secure aaa-download rate 100 command on the HA image.
•
Alignment and spurious memory errors occur, and the HA may reload when bindings are cleared after a stress test as explained in the conditions below.
The errors are seen only when NAI related CLI (ip mobile host nai) is configured and unconfigured while mobiles are sending messages, traffic is flowing upstream through the sessions established by these nodes, and Change of Authorization messages are sent by the RADIUS server.
Workaround: do not change the NAI related configuration for a mobile while sessions are being brought up or down.
•
The standby ODAP server reloads without any Preempt configuration on active with RF interdev config.
The ODAP servers are configured with redundancy (HSRP and RF interdev configured). On reload of an active MWAM card, the standby processor will become active. After some time the current active server reloads without any preempt configured on original active processor.
Workaround: none.
•
In a redundant HA setup, during an upgrade, when the standby HA is brought down with the new R2.0 load and brought back to service with the active HA still running the R1.2 load, bindings do not get synched to the HA with R2.0 load.
The active HA complains about unsupported VendorID in the BindInfo Request Bulk synch message sent by the standby HA, and sends back BindInfo Reply with unknown CVSE-Type error.
Workaround: upgrade when no active bindings are present.
•
Hot Lining is not enabled for a NAI-based MN with static IP address allocation.
If the ip mobile host command is configured with nai, instead of configuring realm and specifying static IP address allocation, as below, the Hot lining is not enabled for that host.
Workaround: none.
•
On a Cisco router running Home Agent R2.0 Software in a redundant network, spurious memory access is observed on standby HA while opening and closing of bindings using DHCP.
The problem only occurs when IP address allocation is from DHCP.
Workaround: none.
•
On a Cisco router running Home Agent software R2.0 in a redundant mode, HSRP operation stops working after changing interface on active HA into Shutdown state. When the HSRP interface on active HA is shutdown, the HRSP state of standby HA does not change to Active. The original active HA also still remains in the active state.
Workaround: none.
•
On a Cisco router running Home agent R2.0 Software 'Null IDB' trace backs are observed while opening bindings with DHCP.
The following sequence of actions lead to this issue:
–
–
–
–
Workaround: none.
•
On a Cisco router running Home agent R2.0 Software in a redundant mode, the standby HA reloads intermittently when unconfiguring and configuring ip mobile host command.
Workaround: none.
•
On Cisco router running Home Agent software release R2.0, for small sized data packet (example 36, 48 bytes), the packets do not get redirected even though the flow is actively hotlined.
This problem is observed only for small sized packets and is not seen if the packet is of size 100 or greater.
Workaround: none.
•
In a redundant Home Agent Network, the option to use RFC2002bis or RFC2002 style of Authentication calculation (learned by the active HA on a per-PDSN basis) is not relayed to the standby HA.
Workaround: none.
•
On Cisco router running Home Agent software release R2.0, Mobile IP route-map cannot be unconfigured and then re-configured using the ip mobile tunnel route-map command.
Workaround: none.
•
The HA reloads while processing 32-byte key in 3gpp2 format. Currently, the HA accepts MN-HA-SHARED-KEY or hex format key in Cisco Av-pair attribute of length 16 bytes only.
The expected behavior for other length keys in this format is to reject the RRQ.
Workaround: Use the MN-HA-SHARED-KEY of max 16 bytes
Unresolved Caveats Prior to Cisco IOS Release 12.3(7)XJ1
The following caveats are unresolved in Cisco Release 12.3(7)XJ:
•
With NAI-based debug condition set, the debugs pertaining to Parsing of authentication extension in MIP RRQ are not printed.
The problem is observed when a NAI based condition is set to filter the debugs.
Workaround: either set the ip address based condition to filter debugs, or do not set any debug conditions.
•
Once an active HA is reloaded, the standby HA is not able to renew the DHCP lease, and eventually the Mobile ip binding gets deleted on the HA.
On reload the active HA returns the address to the DHCP server. This happens after the standby renews the lease time, to which DHCP binding gets deleted from the Server; thus further renewals fail.
Workaround: none.
•
When bindings are brought up and torn down on IPSEC tunnels for an extended periods of time using multiple iterations, memory leak of 0.8MB to 1MB is seen.
When 235k bindings are opened and closed, a memory leak of 0.8 MB is observed in each iteration. The 235k bindings are opened over 40 IPSEC tunnels (and 40 Mobile IP tunnels).
Workaround: none
•
When flapping (Open and Closing) of Mobile IP Bindings with ODAP, the RF lost its peer. This happens only under stress conditions.
Workaround: to avoid this problem, configure path-retransmit and assoc-transmit timeouts.
•
Flapping of MOIP bindings, RF lost its peer. After some time, process received unknown tracebacks observed on console.
Workaround: none.
•
When an HA that has MobileIP bindings, opened over different Mobile IP tunnels and also over different IPSEC tunnels, is left idle for 5 hours, the IPSEC tunnel goes down while Mobile IP binding and tunnel still exist.
Workaround: none.
•
When ODAP with HA redundancy is configured, the subnets on the standby and active may not match as observed from show ip dhcp pool.
Workaround: clear the mismatched subnets manually using the clear ip dhcp pool pool-name subnet command.
•
Clearing the VRF routing table with the clear ip route command also deletes the route corresponding to the Mobile Node.
Workaround: Do not clear IP routes with the clear ip route command.
•
When an interface with crypto map has interface link state changes (for example, administratively shutting the interface, or link connectivity issues), crypto map is removed from the interface and the crypto map CLI is deleted from the interface. The crypto map command should not be removed from the interface.
Workaround: none.
•
While opening and closing bindings on Home Agent (HA) at a high rate, both active and standby HAs reloaded.
The following sequence of events result in a reload of both Active and Standby HA:
a.
b.
c.
d.
e.
Workaround: none.
•
When a Home Agent is handling calls and traffic to simulate background load conditions, and a processor acting as active is forcibly made standby by shutting down the interface, NULLIDB Trace backs will appear.
Workaround: do not shut the active interfaces, such as interface between the HA-FA, and the HA-RADIUS.
•
After you open a binding for a user with dhcp-proxy-client, the active HA reloads if you unconfigure the hsrp interface address.
The following conditions exist:
a.
b.
c.
d.
e.
f.
Workaround: Unconfigure the hsrp interface IP address only if there are no active flows.
•
The show ip mobile binding vrf summary command displays the wrong value under the following conditions:
–
–
–
–
Workaround: ensure that VRF configuration exists before opening bindings.
•
When dhcp-proxy-client address allocation is used on lease expiry, although the address is returned back to the pool, the Mobile IP binding is not deleted.
Workaround: none.
•
Security-Association for the NAI is deleted when one of the flows are closed on the HA.
The following conditions exist:
–
–
–
Workaround: none.
•
Lease time is not in sync on active and standby HAs. This causes the active and standby HAs to be out sync.
The following conditions exist:
–
–
–
Workaround: none.
•
Subnets do not sync from active ODAP server to standby, after standby is reloaded.
This condition exists when you open 25 k bindings. Leased subnets are available on both the active and standby ODAP server. Reload the standby server using the reload command. After the standby comes back up it is not synching subnets from the active.
Workaround: none.
•
Both active and standby HAs keep reloading with RF-induced reload, one after the other. This behavior started after active HA reloaded and Preempted.
Workaround: none.
•
The standby HA reloads when bindings are cleared while the standby exchanges HSRP state information with the active HA. This problem is very rare and was seen only once during testing.
The bindings on standby HA are cleared after reloading the active HA.
Workaround: none.
•
Spurious memory access is seen when the ip mobile home-agent aaa user-password command is configured, and a user with default password "cisco" tries to download a security association from AAA.
Workaround: use default password "cisco".
•
Unconfiguring the ip mobile host command fails when configured for a Non-NAI user on a virtual-network. This condition arises only when you unconfigure the command specifying the whole CLI.
Workaround: use only a partial configuration (for example, no ip mobile host x.x.x.x to unconfigure the command.
•
Alignment and spurious memory errors occur and the HA may reload when bindings are cleared after a stress test.
The errors are seen only when the NAI-related ip mobile host nai command is configured and unconfigured while mobiles are sending messages, traffic is flowing upstream through the sessions established by these nodes, and Change of Authorization messages are sent by the RADIUS server.
Workaround: do not change the NAI related configuration for a mobile while sessions are being brought up or down.
•
Security Associations are not downloaded when the ip mobile secure aaa-download rate 100 command is configured.
Workaround: Do not use the ip mobile secure aaa-download rate 100 command on the HA image.
•
The standby ODAP server reloads without any Preempt configuration on active with RF interdev configuration.
The ODAP Servers are configured with redundancy (HSRP and RF interdev configured). On reload of the active MWAM card, the standby processor will become active. After some time the current active server reloads without any preempt configured on original active processor.
Workaround: none.
•
In a redundant HA setup during an upgrade, when the standby HA is brought down with the new R2.0 load and brought back to service with the Active HA still running R1.2 load, bindings do not get synched to the HA with R2.0 load.
The Active HA complains about unsupported VendorID in the BindInfo Request Bulk synch message sent by the Standby HA and sends back BindInfo Reply with unknown CVSE-Type error.
Workaround: upgrade when no active bindings are present.
•
The active HA releases the DHCP address for the binding when the HSRP interface of standby HA goes down (when proxy DHCP allocation is configured).
This condition is observed when the Standby HA's HSRP interface is shut down, while the active and standby has active Mobileip bindings with dynamic allocation using proxy DHCP.
Workaround: none
•
The HA reloads while processing 32-byte key in 3gpp2 format. Currently, the HA accepts MN-HA-SHARED-KEY or hex format key in "Cisco Av-pair" attribute of length 16 bytes only.
The expected behavior for other length keys in this format is to reject the RRQ.
Workaround: Use MN-HA-SHARED-KEY of max 16 bytes
•
When HA-SLB operates in dispatched mode, it forwards MIP RRQs to the real HAs without changing the destination IP address. So when HAs receive RRQs with non-zero Home-agent address the destination IP address will be that of the SLB virtual server. The binding is established but the HA sends back an RRP with the destination ip address of the received packet as the home-agent address regardless of the home-agent address in the RRQ. So the tunnel is established between the FA and the vserver addr.
Subsequent re/de-registrations are sent to HA-SLB instead of the HA. The SLB drops the de- registrations as the lifetime is zero and can forward the re-registrations to some other HA. So the concerned HA may/will not get the re/de-registrations.
Workaround: Do not use HA-SLB in dispatched mode when the incoming RRQs have a non-zero home-agent address.
Resolved Caveats
The following caveats are resolved in Cisco IOS Release 12.3(11)YF2
•
Reception of certain IPv6 fragments with carefully crafted illegal contents may cause a router running Cisco IOS to reload if it has IPv6 configured. This applies to all versions of Cisco IOS that includesupport for IPv6.
The system may be protected by installing appropriate access lists to filter all IPv6 fragments destined for the system. For example:
interface Ethernet0/0ipv6 traffic-filter nofragments in!ipv6 access-list nofragmentsdeny ipv6 any <my address1> undetermined-transportdeny ipv6 any <my address2> fragmentspermit ipv6 any anyThis must be applied across all interfaces, and must be applied to all IPv6 addresses which the system recognises as its own. This will effectively disable reassembly of all IPv6 fragments. Some networks may rely on IPv6 fragmentation, so careful consideration should be given before applying this workaround.
We recommend that you upgrade to the fixed IOS release. All IOS releases listed in IPv6 Routing Header Vulnerability Advisory at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml contain fixes for this issue.
•
Cisco Internetwork Operating System (IOS) software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.
Cisco has made free software available to address this vulnerability for all affected customers.
More details can be found in the security advisory that is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml.
•
A Cisco 7200 router with VAM2 will display many output authentication errors and invalid packet errors.
This condition occurs under high stress and when QOS pre-classify is configured.
Workaround: Disable QOS or reduce the traffic rate.
•
A Cisco Home Agent router may report the tunnel source and destination, for a dynamically created Mobile IP-IP Tunnel, as "UNKNOWN" in the show interface command output.
Router# show interface t1Tunnel1 is up, line protocol is upHardware is TunnelInterface is unnumbered. Using address of Ethernet0/0 (10.1.1.1)MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,reliability 255/255, txload 1/255, rxload 1/255Encapsulation TUNNEL, loopback not setKeepalive not setTunnel source UNKNOWN, destination UNKNOWNWorkaround: none.
•
This DDTS is not a bug. The diffs for this DDTS provide functionality that is utilized by the fix for bug CSCeh14272.
Since CSCeh14272 needs to go into a throttle, CSCeg17877 will also need to go into a throttle.
(The commit moves duplicate functionality out of a pair of drivers into the common code for help with maintainability.)
•
Reception of certain IPv6 fragments with carefully crafted illegal contents may cause a router running Cisco IOS to reload if it has IPv6 configured. This applies to all versions of Cisco IOS that includesupport for IPv6.
The system may be protected by installing appropriate access lists to filter all IPv6 fragments destined for the system. For example:
interface Ethernet0/0ipv6 traffic-filter nofragments in!ipv6 access-list nofragmentsdeny ipv6 any <my address1> undetermined-transportdeny ipv6 any <my address2> fragmentspermit ipv6 any anyThis must be applied across all interfaces, and must be applied to all IPv6 addresses which the system recognises as its own. This will effectively disable reassembly of all IPv6 fragments. Some networks may rely on IPv6 fragmentation, so careful consideration should be given before applying this workaround.
We recommend that you upgrade to the fixed IOS release. All IOS releases listed in IPv6 Routing Header Vulnerability Advisory at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml contain fixes for this issue.
•
Session gets cleared at PDSN due to revocation message from Cisco Home Agent. This can happen if the interface on active HA is shutdown.
This condition occurs when the HSRP interface on active HA is shutdown.
Workaround: none.
•
Conditional debugging does not filter revocation related debugs, when a revocation message is received on HA and the corresponding binding does not exist, or when a revocation messge is received on PDSN/FA and the corresponding visitor table entry does not exist
Workaround: none
•
An SA-VAM2 stops processing all packets.
This condition is observed sporadically on a Cisco 7200 series that is configured with an NPE-G1 when the SA-VAM2 is configured for AES 192 or AES 256.
Workaround: Reset the SA-VAM2 by entering the no crypto engine accelerator command followed by crypto engine accelerator command. If the symptom persists, disable the SA-VAM2 by entering the no crypto engine accelerator command. Doing so causes the router to switch to software encryption.
•
The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition.
Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Telnet Services are not affected.
Devices configured with only Authentication Proxy for HTTP and/or HTTPS are not affected.
Only devices running certain versions of Cisco IOS are affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml
•
Home Agent (HA) does not clear bindings on standby HA when HSRP interface is shut.
This condition occurs when the HSRP interface is shut on standby HA.
Workaround: clear the bindings manually when interface is shutdown.
Resolved Caveats Prior to Cisco IOS Release 12.3(11)YF2
The following caveats are resolved in Cisco IOS Release 12.3(11)YF1:
•
On a Cisco Home agent running the R2.0 image, conditional debugging support is not available for Registration Revocation feature.
Workaround: none.
•
ICMP unreachable debug messages are seen on the Home Agent on mobile nodes for which conditional debugging is not enabled.
Workaround: none.
•
Ona Cisco router running release 2.1 PDSN software and acting as an ODAP client, when the DHCP pool is configured and a subnet is being leased from the ODAP server, the client reloads.
This condition occurs when the DHCP pool is configured and is expecting a subnet from the ODAP server.
Workaround: none.
•
The MWAM processor returns a sysObjectId of "ciscoWsSvcMWAM1" instead of "cevC6xxxMWAMBlade". Because of this, the network management station running RME 4.0 may not be able to identify the device successfully.
This condition occurs when the MWAM processor is running a Cisco IOS image 123(11)YF, or later.
Workaround: none.
Resolved Caveats Prior to Cisco IOS Release 12.3(11)YF1
The following caveats are resolved in Cisco IOS Release 12.3(11)YF:
•
Some configuration commands fail, do not operate properly, or cause dead memory when using batch mode config download or config-mode supervisor.
This problem occurs when the MWAM processor is configured for "supervisor" config-mode.
Workaround: use config-mode local on MWAM..
•
When using config on supervisor with the MWAM, the processors are not able to retrieve their configurations from the supervisor.
This problem was first seen when using supervisor release 122-18.2.2.SX. This defect would be present in all future supervisor releases when mated with an MWAM IOS image that did not contain this fix.
Workaround: configure an arbitrary tftp-server (for example, tftp-server nvram:startup-config) on the supervisor. It does not matter what file you serve up, even one of the mwam configs. If you do serve up one of the MWAM configs, be sure to add the alias: "tftp-server bootflash:SLOTxPCy.cfg alias SLOTxPCy.cfg".
Supervisor release 122-18.2.2.SX changed the mechanism used by the MWAM processors to retrieve their configurations. This ddts changed the mechanism used by the MWAM processors to be compatible with the supervisor IOS change. This ddts is also backwards compatible with previous supervisor images.
•
Authorization for Mobile IP subscribers does not work using TACACS+.
Workaround: authorize using RADIUS or locally configured security associations.
•
Removing the ip mobile host configuration command from the standby Home Agent may cause the agent to reload if registration requests are concurrently being received for those mobile hosts.
Workaround: deconfigure from the active home agent first.
•
The standby HA does not clear bindings when the HSRP interface on the standby is shut.
This problem occurs under the following conditions:
–
–
–
–
Workaround:Bindings on the standby HA cannot be cleared manually through CLI.
•
If bindings are opened with finite lifetime, the active HA can not bulk sync 235k bindings to the standby HA.
Workaround: open bindings with infinite lifetime.
•
The ip mobile redundancy command options inforeq and infreply, when configured, are not written into NVRAM.
Workaround: re-configure the ip mobile redundancy command with the inforeq and inforeply options, on every reload of the Home Agent.
Resolved Caveats Prior to 12.3(11)YF
The following Cisco Mobile Wireless Release 2.0 caveats are resolved in Cisco Release 12.3(8)XW3:
•
On the Home Agent, Packet of Disconnect is enabled even if the STC value downloaded in the Access-Accept message has the value 2 for Proxy Mobile IP flows.
On the Home Agent, the Hotlining feature is not enabled for a new session Hotlining. When Hotlining is enabled in the Access-Accept message during the authentication phase for the Proxy Mobile IP flow, it is disabled.
This condition occurs only for Proxy Mobile IP flows.
Workaround: none.
•
On a Cisco 7200/7600 router running Home Agent R2.0 software, during flapping of MOIP bindings both active and standby HA are crashed.
This condition occurs when flapping of MOIP Bindings at 100 bindings/sec for about 4 hours.
Workaround: none.
•
When conditional debugging is enabled on HA and mobileip debugs are enabled, UPD tunneling related debugs are not filtered based on condition.
Workaround: none.
•
In some rare timing scenario, the router may reload when the On Demand Address Pool is deconfigured while the subnet failed to be renewed.
Workaround: First, clear all subnets in the DHCP pool and ensure that all of them have been released. The ODAP may automatically request and receive another subnet after the last one has been released. At this time the DHCP pool can be deleted. The new subnet will automatically be released back to the subnet allocation server.
•
The Cisco Home Agent stops dhcp-proxy lease , after one iteration of active standby switchover for a Proxy Mobileip binding when dynamic address allocation is configured for the user.
This condition is seen after one iteration of active standby switch over.
Workaround: none.
•
When the MIP flow is deleted and then the interface on HA is brought back up, the HA becomes active and updates its stale bindings to the standby HA.
This condition occurs when the interface on Active HA is shutdown and standby becomes active. And later, the interface is brought up to make this HA as active.
Workaround: Specify the HA IP address in the ip mobile homeagent address ha-ip-addr command. This will help clear the bindings when interface is shut on HA.
•
On the Cisco c6svcmwam-h1is-mz MWAM Home Agent image, when the HA receives MFCE (Mobile Foreign Agent Challenge Extension), the HA performs authentication using the CHAP challenge in MFCE. While sending Access-Request to AAA, the HA trucates the challenge to 4 byte value. This results in authentication failure.
Workaround: none.
•
When NAT Traversal is enabled on Home Agent, and the NAT device in the path deletes the previous NAT mapping and allocates a new NAT mapping with a different source address and port number for a re-registration request from the mobile node, the Home Agent continues to tunnel traffic to old NAT mapping.
Workaround: none.
•
The show ip mobile secure command is introduced in 12.3(8)XW3 and displays active standby home agent security associations. Here is the CLI and a sample output:
HA#show ip mobile secure ?
foreign-agent Foreign agent security associations
home-agent Home agent security associations
host Mobile host security associations
summary Summary of SAsHA#show ip mobile secure homHA#show ip mobile secure home-agentSecurity Associations (algorithm,mode,replay protection,key):30.0.0.30:SPI 100, MD5, Prefix-suffix, Timestamp +/- 7,Key 'red'HA#HA#•
On a Cisco router running HA R2.0 software, the mobile virtual network routes disappear after an interface is shut and no-shut.
The ondition occurs when two HSRP groups are configured on two different interfaces and the non-HA interface is shut and no-shut.
Workaround: none.
•
When configured, the ip mobile redundancy command options inforeq and infreply are not written into NVRAM
Workaround: Re-configure the ip mobile redundancy command with the inforeq and inforeply options on every reload of the Home Agent.
•
If bindings are opened with a finite lifetime, the active HA can not bulk sync 235k bindings to the standby HA.
Workaround: Open bindings with infinite lifetime.
Resolved Caveats Prior to 12.3(8)XW3
The following caveats are resolved in Cisco Release 12.3(8)XW2:
•
The active HA reloads when you unconfigure the HSRP interface address after opening a binding for a user with dhcp-proxy-client.
The following conditions exist:
a.
b.
c.
d.
e.
f.
Workaround: unconfigure the HSRP interface IP address only if there are no active flows.
•
A Cisco 7200/7600 router running Home Agent R2.0 software may reloads when the show ip mobile host command is executed.
The security association needs to be downloaded from the RADIUS server when the binding is created. Additionally, the node that is currently being displayed using the show ip mobile host command is being deleted, then the Home Agent may reload.
This problem is very rare and was seen only once during testing.
Workaround: use the show ip mobile binding command to display the details of the host or binding.
•
On Cisco 7600 running HA Release 2.0 image, lease time is not sync on Active and Standby HA's. This will result into out of sync between Active and Standby HA.
Open 25 k bindings on active and standby HA reload active mwam standby HA become active, and try to renew lease, some subnets are out of sync with server. Unable to renew lease. Server is deleting subnets after lease expiry. Due to this both active and standby bindings are deleted
Workaround: none.
•
In a redundant Cisco Home Agent (HA) network, when the standby HA is upgraded from a R1.2 to R2.0 load, bindings do not get synched to the Standby HA.
This problem is only seen when the redundant HA with an R2.0 load tries to synch bindings from the HA with R1.2 load.
Workaround: upgrade when no active bindings are present.
•
Mobileip bind deletion information is not synced to the standby in lease expiry when Address allocation used is the dhcp-proxy-client.
This problem occurs when proxy DHCP is used, and the lease renewal fails to happen.
Workaround: none.
•
A Cisco PDSN running R2.0 S/W incorrectly displays a NACK message being sent even though it correctly sends an ACK message to RADIUS server in response to a POD request.
This condition occurs when the POD feature is enabled, and the PDSN receives a POD request from RADIUS server with only NAI and NAS-ID and no session identification attributes in it.
Workaround: none
•
Cisco router configured with the ip tcp adjust-mss command may fail to set the value for outbound packets.
The command works on 12.3(7)T2 code, but fails on 12.3(8)T code. This issue has currently been seen on a 3700 router.
Workaround: disable cef.
Note
•
A mobileip re-registration request is rejected in the following scenarios:
–
–
–
This condition occurs when the Home Agent is deployed in active-standby redundant mode.
Workaround: reload both active and standby at the same time.
•
The Sibyte processor can hang when RF induced reload occurs.
This condition occurs when the active and standby switchover is required, RF induces reload.
Workaround: none. Use the reload all command from PC to bring the processor back to normal state.
•
On a standby Home Agent mobileip binding is not synced after reconfiguration of ip mobile home-agent redundancy CLI.
This condition is observed for users with aaa load-sa configured
Workaround: use local authentication on home agent
•
The router reloaded by bus error when the customer issued no ip mobile host nai @xxx.xxx.xxx.xxx address pool local ha-pool interface FastEthernet x/x aaa command after configuring ip mobile host nai @xxx.xxx.xxx.xxx address pool local ha-pool interface FastEthernet x/x aaa.
Workaround: none.
•
On a Cisco HomeAgent router when the ip mobile home-agent command is configured with the unknown-ha option (along with another home-agent option), the show running command does not display the whole command line interface.
Workaround: configure the ip mobile home-agent unknown-ha command on a separate line and the remaining commands on a separate line.
•
The ip access-group group in command, configured on tunnel template, does not get applied to mobileip tunnels, when UDP tunneling is used.
Workaround: use the ip access-group group out command instead.
Resolved Caveats Prior to 12.3(8)XW2
The following caveats were resolved in Cisco Release 12.3(8)XW1:
•
Cisco Cat6500/7600 MWAM platform running XW Home Agent (HA) image may reload while it is loading with startup configuration having large configurations (for example, ip localpool configurations).
Workaround: Unconfigure the local pool configuration from the startup configuration. This will help prevent the CPUs from reloading. However, with large configurations on MWAM after startup, the CPU can reload later when configured.
Resolved Caveats Prior to 12.3(8)XW1
The following caveats are resolved in Cisco Release 12.3(8)XW:
•
When ODAP with HA redundancy is configured, the subnets on the standby and active may not match as observed from the show ip dhcp pool command.
Workaround: clear the mismatched subnets manually using clear ip dhcp pool pool-name subnet command.
•
When the interface configured with crypto map has interface link state changes (due to administratively shutting the interface, or link connectivity issues), crypto map is removed from the interface. The problem is observed when the ip mobile tunnel crypto map map-name command is configured.
Workaround: remove the ip mobile tunnel crypto map configuration.
•
On Cisco router running Home Agent software release 2.0, for small sized data packet (example 36, 48 bytes), the packets do not get redirected even though the flow is actively hotlined.
This problem is observed only for small sized packets and is not seen if the packet size is 100 or greater.
Workaround: none.
•
In a redundant HA setup when standby HA come up and downloads the bind info from active HA, the Lifetime remaining on standby HA is reset back to the initial value. This leads to discrepancies in lifetime values on the active and standby HAs. This problem is seen when a bulksync happens between the standby and active HA.
Workaround: none.
•
On a Cisco 7200/7600 router running Home Agent Release 2.0 Software, CPU HOG is observed when synching of subnets from active to standby. The problem is observed in a redundant HA setup with a preempt configuration, and with address allocation from ODAP.
Workaround: none.
Resolved Caveats Prior to Cisco IOS 12.3(8)XW
The following caveats are resolved in Cisco Release 12.3(7)XJ1, which was the branch release just prior to the Cisco IOS 12.3(8)XW release:
•
On the Cisco HA image, with NAI based debug condition set, the debugs pertaining to parsing of authentication extension in MIP RRQ are not printed.
The above-mentioned problem is observed when a NAI-based condition is set to filter the debugs.
Workaround: The workaround is as follows:
a.
b.
•
Once the active HA is reloaded, the Standby HA is not able to renew the DHCP lease, and eventually the Mobile IP binding gets deleted on the HA.
On reload, the active HA returns the address to DHCP server. This happens after the standby renews the lease time due to which DHCP binding gets deleted from the Server. Thus further renewals fail.
Work around: none.
•
The problem is seen on Cisco routers running Home Agent R2.0 software in a redundant network. When a binding is deleted on the active Home Agent due to receipt of Radius Disconnect message, it does not automatically delete the corresponding binding on standby Home Agent.
Workaround: none.
•
A Cisco router running the Home Agent in a redundant mode does not synch the bindings deleted due to clear command to the peer HRSP Home Agent.
Workaround: none.
•
On a Cisco MWG Home Agent running R2.0 image, when dhcp-proxy-client address allocation is used (on lease expiry), although the address is returned back to the pool, the Mobile IP binding is not deleted.
Workaround: none.
•
Mobile nodes which can not ignore NVSE may fail initial registration because of the inclusion of a Prefix length NVSE.
Workaround: none.
•
Home Agent rejects Registration Request (RRQ) from mobile when Home Agent address is configured on Loopback interface and address allocation for the mobile is done from local pool.
Workaround: do not configure the Home Agent address as a Loopback address.
The problem is seen because configuring the Home Agent address under Loopback interface treats the redundancy setup in a peer-to-peer mode. In this mode, loop pool is not allowed for redundancy.
This issue is solved by adding a new mode active-standby variable in the ip mobile home-agent redundancy command.
•
A Cisco router running the Cisco Home Agent (HA), always sends out Registration revocation message with Authentication extension (AE) as described in RFC 3012bis. The HA should be able to append the AE in RFC 3012 or RFC 3012bis format on a per PDSN basis.
Workaround: none.
•
In a redundant Home Agent network, the standby HA intermittently reloads while processing the Bindupdate from the active unit during sync process.
Workaround: none.
•
The clock summer-time configuration is not synced from supervisor to MWAM processor, while clock timezone is being synced alright. So, the timezone on the MWAM processor is wrong during daylight savings time.
This problem occurs when the clock summer-time command is configured on the supervisor.
Workaround: none.
•
In a redundant HA setup, when standby HA come up and downloads the bind info from Active, the lifetime remaining on Standby HA is reset back to the initial value. This leads to discrepancy in lifetime values on Active and standby HA.
This problem is seen when a bulk synch happens between the standby and active.
Workaround: none.
•
Tracebacks, due to alignment error, can be seen on Home Agent while opening Proxy Mobile IP flows when ip mobile debugging is turned on.
The problem is observed only for Proxy Mobile IP flows and IP mobile debugging is turned on.
Workaround: do not enable IP mobile debugging.
•
The Cisco Home Agent reloads on receiving Registration Revocation message when the Revocation feature is enabled, but the Foreign Home (FH) Security Association (SA) is not configured.
Workaround: configure FH SA when enabling the registration revocation feature.
•
In a redundant Home Agent network, the active HA reloads when the standby downloads mobileip bindings and security associations after it goes down and comes back up. The program counter gets corrupted and causes the Home Agent to reload.
Workaround: none.
•
When HA-SLB operates in dispatched mode, it forwards MIP RRQs to the real HAs without changing the destination IP address. So, when the HAs receive RRQs with non-zero Home-agent addresses, the destination IP address will be that of the SLB virtual server.
The binding is established, but the HA sends back an RRP with the destination IP address of the received packet as the home-agent address regardless of the home-agent address in the RRQ. So the tunnel is established between the FA and the vserver address.
Subsequent re/de-registrations are sent to HA-SLB instead of the HA. The SLB drops the de-registrations as the lifetime is zero, and can forward the re-registrations to some other HA. So the concerned HA may or will not get the re/de-registrations.
Workaround: Do not use HA-SLB in dispatched mode when the incoming RRQs have a non-zero home-agent address.
•
Requirement 1: When not using the unknown-ha CLI option, debug error message displayed for RRQ (where the Home Agent address is not right) is incorrect. Proper debug message needs to be printed under such conditions.
Requirement 2: In this case, the HA should return to the PDSN with "unknown HA" as the error code in RRP.
Workaround: none.
•
Better debug messages are required on the HA to display the details about the registration reply message contents and options sent back in the reply.
Workaround: none.
•
In the current implementation on R2.0 HA, Mobile IP Registration Revocation feature is not supported with HA redundancy. Support for the Resource Revocation feature with HA redundancy is required.
Workaround: none.
•
On a Cisco router running Release 2.0 Home Agent software, in rare situations, an incorrect value is sent for the STC attribute in a Radius Access-Request message, when RADIUS disconnect capability is enabled on PDSN.
Workaround: none.
•
If configured in hex format, the MN-HA shared key should always be 16bytes long. A hex key with length less than 16 bytes results in authentication failure.
Workaround: Use key format as string instead of hex.
•
As per IS835C, the HA should provide enable or disable radius disconnect capabilities for a session based on the STC attribute value authorized for the user by the AAA. In the current implementation, the STC attribute received in the Access-Accept message from AAA is not used to enable or disable the radius disconnect capability per user. Currently, the capability can be enabled or disabled at the box level.
Workaround: none.
•
The unknown-ha accept option in the ip mobile home-agent unknown-ha accept CLI is not working as expected. The Home Agent rejects the Mobile IP registration request (RRQ) with error code "Unknown HA", instead of accepting the RRQ.
Workaround: none.
Related Documentation
Except for feature modules, documentation is available as printed manuals or electronic documents. Feature modules are available online on CCO and the Documentation CD-ROM.
Use these release notes with these documents:
•
Release-Specific Documents
The following documents are specific to Cisco IOS Release 12.3(8)XW:
•
The following documents are specific to Release 12.3 and are located on CCO :
•
On CCO at:
Technical Documents: Cisco IOS Software Configuration: Cisco IOS Release 12.3: Release Notes: Cisco IOS Release 12.3: Cross-Platform Release Notes
•
See Caveats for Cisco IOS Release 12.2 and Caveats for Cisco IOS Release 12.2T, which contain caveats applicable to all platforms for all maintenance releases of Release 12.2 and Release 12.2 T.
On CCO at:
Technical Documents: Cisco IOS Software Configuration: Cisco IOS Release 12.2: Caveats
Note
•
Technical Documents
Platform-Specific Documents
Documentation specific to the Cisco 7206 Router is located at the following locations:
•
Documentation specific to the Cisco 7600 Router is located at the following location:
•
Documentation specific to the Cisco Catalyst 6500 Switch is located at the following location:
•
Feature Modules
Feature modules describe new features supported by Release 12.3 and are updates to the Cisco IOS documentation set. A feature module consists of a brief overview of the feature, benefits, configuration tasks, and a command reference. As updates, the feature modules are available online only. Feature module information is incorporated in the next printing of the Cisco IOS documentation set.
On CCO at:
Technical Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.3: New Feature Documentation
Cisco IOS Software Documentation Set
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents that are shipped with your order in electronic form on the Documentation CD-ROM, unless you specifically ordered the printed versions.
Documentation Modules
Each module in the Cisco IOS documentation set consists of two books: a configuration guide and a corresponding command reference. Chapters in a configuration guide describe protocols, configuration tasks, Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference.
On CCO, two master hot-linked documents provide information for the Cisco IOS software documentation set.
On CCO at:
Technical Documents: Cisco IOS Software Configuration: Cisco IOS Release 12.3: Configuration Guides and Command References
Release 12.3 Documentation Set
Note
On CCO at:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/index.htm
Note
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
•
http://www.cisco.com/en/US/partner/ordering/index.shtml
•
Documentation Feedback
You can send comments about technical documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.
Cisco Technical Support Website
The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year at this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool automatically provides recommended solutions. If your issue is not resolved using the recommended resources, your service request will be assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553 2447For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.
Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•
http://www.cisco.com/go/marketplace/
•
http://cisco.com/univercd/cc/td/doc/pcat/
•
•
•
http://www.cisco.com/go/iqmagazine
•
•
http://www.cisco.com/en/US/learning/index.html
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R)
Copyright © 2005, Cisco Systems, Inc.
All rights reserved.
Guest
