Guest

Cisco AS5400 Series Universal Gateways

Release Notes for ANI Suppression and MGCP NAS LAPB/TA Autodetect with Cisco IOS Release 12.3(7)YB

 Feedback

Table Of Contents

Release Notes for ANI Suppression and MGCP NAS LAPB/TA Autodetect with Cisco IOS Release 12.3(7)YB on Cisco AS5350 and Cisco AS5400

Contents

Inheritance Information

System Requirements

Memory Requirements

Hardware Supported

Software Supported

Determining Your Software Release

Upgrading to a New Software Release

Feature Set Tables

Determining Which Software Images (Feature Sets) Support a Specific Feature

Determining Which Features Are Supported in a Specific Software Image (Feature Set)

New and Changed Information

New Hardware Features in Release 12.3(7)YB

New Software Features in Release 12.3(7)YB

New Software Features in Release 12.3(7)YB

Limitations and Restrictions

Caveats

Open Cisco IOS Caveats - Release 12.3(7)YB1

Resolved Cisco IOS Caveats - Release 12.3(7)YB1

Open Cisco IOS Caveats - Release 12.3(7)YB

Resolved Cisco IOS Caveats - Release 12.3(7)YB

Caveat Advisories

Additional References

Release-Specific Documents

Platform-Specific Documents

Feature Modules

Cisco Feature Navigator

Cisco IOS Software Documentation Set

Documentation Modules

Obtaining Documentation, Obtaining Support, and Security Guidelines


Release Notes for ANI Suppression and MGCP NAS LAPB/TA Autodetect with Cisco IOS Release 12.3(7)YB on Cisco AS5350 and Cisco AS5400


August 8, 2007
Cisco IOS Release 12.3(7)YB1
OL-7513-02

These release notes for the ANI Suppression and MGCP NAS LAPB/TA Autodetect on Cisco AS5350 and Cisco AS5400 platforms describe the enhancements provided in the Cisco IOS 12.3(7)YB releases. These release notes are updated as needed.

For a list of the software caveats that apply to Cisco IOS Release 12.3(7)YB, see the "Caveats" section. See also Caveats for Cisco IOS Release 12.3T, which is updated for every maintenance release and is located on Cisco.com and the Documentation CD-ROM.

Use these release notes with Cross-Platform Release Notes for Cisco IOS Release 12.3 T located on Cisco.com and the Documentation CD-ROM.

Cisco recommends that you view the field notices for this release to see if your software or hardware platforms are affected. If you have an account on Cisco.com, you can find field notices at http://www.cisco.com/warp/public/tech_tips/index/fn.html. If you do not have a Cisco.com login account, you can find field notices at http://www.cisco.com/warp/public/tech_tips/index/fn.html.

Contents

These release notes describe the following topics:

Inheritance Information

System Requirements

New and Changed Information

Limitations and Restrictions

Caveats

Additional References

Obtaining Documentation, Obtaining Support, and Security Guidelines

Inheritance Information

Cisco IOS Release 12.3(7)YB1, an early deployment release, is based on Cisco IOS Release 12.3(7)T, which in turn is based on Cisco IOS Release 12.3. See Table 1 for more information.

All features in Cisco IOS Release 12.3(7)T are in Cisco IOS Release 12.3(7)YB1.

Table 1 References for the Cross-Platform Release Notes for Cisco IOS Release 12.3 T and Cisco IOS Release 12.3(7)T

Topic
Location

Determining the Software Version

Upgrading to a New Software Release

To view information about the topics in the left column, click Cross-Platform System Requirements at: http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123relnt/xprn123/123reqs.htm

New and Changed Information (Feature Descriptions)

MIBs

Important Notes

To view information about the topics in the left column.

For Cisco IOS Release 12.3 T, go to:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123relnt/xprn123/123newf.htm

Scroll down and click New Software Features in Cisco IOS Release 12.3(7)T, or MIBs, or Important Notes.

Related Documentation

Obtaining Documentation

Obtaining Technical Assistance

To view information about the topics in the left column, go to:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123relnt/xprn123/123docs.htm


System Requirements

This section describes the system requirements for Cisco IOS Release 12.3(7)YB and includes the following sections:

Memory Requirements

Hardware Supported

Software Supported

Memory Requirements

Table 2 Cisco Release 12.3(7)YB1 Memory Recommendations for the Cisco AS5350 and Cisco AS5400 

Feature Set
Software Image
Recommended
Flash
Memory
Recommended
DRAM
Memory
Runs
From

Cisco AS5350

Boot image

c5350-boot-mz

32 MB

128 MB

RAM

IP Plus IPsec 56

c5350-ik8s-mz

32 MB

128 MB

RAM

IP Plus

c5350-is-mz

32 MB

128 MB

RAM

IP Plus source route switch VLAN RIP bridging

c5350-isu2-mz

32 MB

128 MB

RAM

Enterprise Plus IPsec 56

c5350-jk8s-mz

32 MB

128 MB

RAM

Enterprise Plus

c5350-js-mz

32 MB

128 MB

RAM

Cisco AS5400

Boot image

c5400-boot-mz

32 MB

128 MB

RAM

IP Plus IPsec 56

c5400-ik8s-mz

32 MB

128 MB

RAM

IP Plus

c5400-is-mz

32 MB

128 MB

RAM

IP Plus source route switch VLAN RIP bridging

c5400-isu2-mz

32 MB

128 MB

RAM

Enterprise Plus IPsec 56

c5400-jk8s-mz

32 MB

128 MB

RAM

Enterprise Plus

c5400-js-mz

32 MB

128 MB

RAM


Hardware Supported

See the following link for information about supported hardware for the Cisco AS5350 and Cisco AS5400:

Cisco AS5350 index:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/as5350/index.htm

Cisco AS5400 index:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/as5400/index.htm

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Software Supported

The Cisco AS5350 and Cisco AS5400 should be set up and configured for operation. For information, see the following documentation indexes:

Configuration documents for Cisco AS5350

Configuration documents for Cisco AS5400

Cisco SPE firmware version 8.11.2 or later should be configured on a network router. For information, see the following documents on Cisco.com:

NextPort SPE Release Notes

SPE and Firmware Download

Determining Your Software Release

To determine the version of Cisco IOS software running on the Cisco VG 224 analog gateway, log in to the gateway and enter the show version EXEC command:

Router> show version
Cisco Internetwork Operating System Software 
IOS (tm) 5350 Software (C5350-JS-M), Version 12.3(7)YB, RELEASE SOFTWARE (fc1)
Copyright (c) 2005 by cisco Systems, Inc.
Image text-base: 0x6000895C, data-base: 0x61900000

Upgrading to a New Software Release

For general information about upgrading to a new software release, see Cisco IOS Upgrade Ordering Instructions located at: http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/957_pp.htm.

Feature Set Tables

The feature set tables have been removed from the Cisco IOS Release 12.3-based release notes to improve the usability of the release notes documentation. The feature-to-image mapping that was provided by the feature set tables is available through Cisco Feature Navigator.

Cisco Feature Navigator is a web-based tool that enables you to determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or by feature set (software image). Under the release section, you can compare Cisco IOS software releases side by side to display both the features unique to each software release and the features that the releases have in common.

To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:

http://tools.cisco.com/RPF/register/register.do

Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

For frequently asked questions about Cisco Feature Navigator, see the FAQs at the following URL:

http://www.cisco.com/support/FeatureNav/FNFAQ.html

Determining Which Software Images (Feature Sets) Support a Specific Feature

To determine which software images (feature sets) in Cisco IOS Release 12.3T support a specific feature, go to the Cisco Feature Navigator home page, enter your Cisco.com login, and perform the following steps.

Step 1 From the Cisco Feature Navigator home page, click Search by feature.

Step 2 To find a feature, use either "Search by full or partial feature name" or "Browse features in alphabetical order." Either a list of features that match the search criteria or a list of features that begin with the number or letter selected from the ordered list will be displayed in the Features available text box on the left side of the web page.

Step 3 Select a feature from the Features available text box, and click the Add button to add a feature to the Features selected text box on the right side of the web page.


Note To learn more about a feature in the list, click the Show Description(s) button below the Features available text box.


Repeat this step to add additional features. A maximum of 20 features can be chosen for a single search.

Step 4 Click Continue when you are finished selecting features.

Step 5 From the Major Release drop-down menu, choose 12.3T.

Step 6 From the Release drop-down menu, choose the appropriate maintenance release.

Step 7 From the Platform drop-down menu, select the appropriate hardware platform. The "Search Results" table will list all the software images (feature sets) that support the feature(s) that you selected.

Determining Which Features Are Supported in a Specific Software Image (Feature Set)

To determine which features are supported in a specific software image (feature set) in Cisco IOS Release 12.3T, go to the Cisco Feature Navigator home page, enter your Cisco.com login, and perform the following steps.


Step 1 From the Cisco Feature Navigator home page, click Compare Images, and then Search by Release.

Step 2 In the "Find the features in a specific Cisco IOS release, using one of the following methods:" area, choose 12.3T from the Cisco IOS Major Release drop-down menu.

Step 3 Click Continue.

Step 4 From the Release drop-down menu, choose the appropriate maintenance release.

Step 5 From the Platform drop-down menu, choose the appropriate hardware platform.

Step 6 From the Feature Set drop-down menu, choose the appropriate feature set. The "Search Results" table will list all the features that are supported by the feature set (software image) that you selected.

New and Changed Information

New Hardware Features in Release 12.3(7)YB

There are no new hardware features.

New Software Features in Release 12.3(7)YB

The following new software features are supported in the Cisco IOS 12.3(7)YB releases.

New Software Features in Release 12.3(7)YB

Calling Number Suppression for L2TP Setup

MGCP NAS Package LAPB-TA

Calling Number Suppression for L2TP Setup

The Calling Number Suppression for L2TP Setup feature provides the ability to suppress all or some part of the calling number field in the Layer 2 Tunneling Protocol (L2TP) setup process through RADIUS attribute functionality. The Calling Number Suppression for L2TP Setup feature allows you to make part or all of the calling number anonymous. This document tells you how to configure the Calling Number Suppression for L2TP Setup feature on your RADIUS server.

MGCP NAS Package LAPB-TA

The Media Gateway Control Protocol (MGCP) network access server (NAS) Package Link Access Procedure, Balanced (LAPB)-terminal adapter (TA) feature implements autodetection for the MGCP NAS package, as supported in Cisco IOS Release12.3(9) under ISDN serial interfaces. This document tells you how to configure autodetection, which allows asynchronous traffic, such as PPP carried over an ISDN line with the LAPB protocol, to be terminated at a Cisco media gateway.

For more information about these features, see the following link:

http://www.cisco.com/en/US/docs/ios/12_3/12_3y/12_3_7yb/gtnaspkg.pdf

Limitations and Restrictions

For more information about limitations and restrictions in Cisco IOS Release 12.3(7)YB, see the following documentation:

Tools, Maintenance, and Troubleshooting Tips for Cisco IOS Software:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/taclinks.htm

Caveats

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only selected severity 3 caveats are included in the caveats document.

This section contains open and resolved caveats for the current Cisco IOS maintenance release.

All caveats in Cisco IOS Release 12.3 and Cisco IOS Release 12.3 T are also in Cisco IOS Release 12.3(7)YB.

For information on caveats in Cisco IOS Release 12.3 and Cisco IOS Release 12.3 T, see Caveats for Cisco IOS Release 12.3 T. These documents lists severity 1 and severity 2 caveats and only selected severity 3 caveats, and are located on Cisco.com and the Documentation CD-ROM.

Caveat numbers, brief descriptions, and workarounds for Release 12.3(7)YB1 and follow on releases are listed in this section.


Note If you have an account on Cisco.com, you can use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com by clicking the Log In button on the right side, go to the drop down menu on the top bar of the page and select Technical Support: Tools & Utilities: Software Bug Toolkit (under Troubleshooting Tools). Another option is to enter the following URL in your web browser or go to
http://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl


The following sections contain caveat information specific to the Cisco IOS 12.3(7)YB releases:

Open Cisco IOS Caveats - Release 12.3(7)YB1

Resolved Cisco IOS Caveats - Release 12.3(7)YB1

Open Cisco IOS Caveats - Release 12.3(7)YB

Resolved Cisco IOS Caveats - Release 12.3(7)YB

Caveat Advisories

Open Cisco IOS Caveats - Release 12.3(7)YB1

CSCsa78186: Ping sweep fails for 2020 byte packets

Symptoms: On a Cisco AS5400 or AS5350 configured for MGCP NAS Package, autodetected LAPB-TA calls will have intermittent ping failures when doing a ping sweep from 60 to 2020 bytes.

Conditions: Gateway must be configured for MGCP NAS Package and terminating a LAPB-TA autodetected call.

Workaround: There is no workaround.

Resolved Cisco IOS Caveats - Release 12.3(7)YB1

CSCsb24007

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCeh13489: BGP should not propagate an update w excessive AS Path > 255

Symptoms: A router may reset its Border Gateway Protocol (BGP) session.

Conditions: This symptom is observed when a Cisco router that peers with other routers receives an Autonomous System (AS) path with a length that is equal to or greater than 255.

Workaround: Configure the bgp maxas limit command in such as way that the maximum length of the AS path is a value below 255. When the router receives an update with an excessive AS path value, the prefix is rejected and recorded the event in the log.

CSCeh32676: vpdn_disc_cause_str() not implemented

Symptoms: Call Tracker records do not give a unique disconnect string for VPDN disconnects.

Conditions: For data/modem calls which experience a disconnect initiated by the VPDN subsystem, a unique disconnect code is given, but not a unique disconnect string. The VPDN subsystem is required to initiate the disconnect the frequency is medium. This is only an issue in call tracker call records if call tracker is enabled.

Work around: To differentiate the disconnect reasons the call tracker disconnect code can be used, instead of the verbose string.

CSCeh57207: Call Tracker modem rx byte count incorrect approx 2x expected value

Symptoms: On a Cisco AS5400 or Cisco AS5350 the calltracker stat for rx bytes can be approximately twice the expected value for modem calls.

Workaround: There is no workaround.

CSCsa70831: Calltracker does not display correct V.110 rate

Symptoms: Calltracker record does not display the user bit rate for V.110 calls.

Conditions: MGCP NAS configured, Calltracker enabled for V.110 calls.

Workaround: There is no workaround.

CSCsa78155: No VTY Available Calltracker Disconnect Text when VTYs are available

Symptoms: Calltracker disconnect text displays "no vty" as the disconnect reason.

Condition: MGCP NAS, CallTracker and autodetection configured. This is possible only for autodetected lap (x.75), V.120 and sync PPP calls. The disconnect reason is wrong if VTYs are available and the true reason is usually LCP timeout.

Workaround: There is no workaround. The stat bug does not impact functionality.

CSCsa83186: Outbound synchPPP calls at 56k fail for MGCP NAS Package

Symptoms: Outbound synchPPP calls placed by a Cisco AS5400 or Cisco AS5350 configured for MGCP NAS Package will fail.

Conditions: This failure will only happen for outbound synchPPP calls place by a gateway configured for MGCP NAS Package

Workaround: There is no workaround.

CSCsa99029: Show XCSP Port displays Idle (Active)

Symptoms: Show xcsp port info is incorrect for a 5400 configured for MGCP NAS Package.

Workaround: There is no workaround.

CSCsb39082: V.110 rates 24k, 28.8k and 38.4k do not connect when using MGCP NAS Pkg

Symptoms: On an AS5x platform using 12.4(2)T IOS configured for MGCP NAS Package a V.110 call will fail if the rate is 24k, 28.8k or 38.4k

Workaround: There is no workaround.

CSCsb39062: V.110 at 14.4K fails due to wrong rate being specified by IOS

On a Cisco AS5x platform using Cisco IOS Release 12.4(2)T configured for MGCP NAS Package. A 14.4k V.110 call will fail due to Cisco IOS trying to configure the SPE with the wrong rate (16k).

Conditions: You will see a NAK when this occurs and the call will fail:

%NP_EST-6-CTRL_NAK_RSP: (NP address 2/0/0/255), Msg ID=0xF201, 
Result=INVALID_PARAMETER_VALUE, Data format=Binary, Data len=40, Data=00 0A 00 DD 10 
00 F2 01 00 07 00 00 80 01 00 00 80 13 00 08 80 3A 3E 80 00 00 00 00 80 02 00 08 80 03 
00 00 80 04 00 02 

Workaround: There is no workaround.

CSCsb54349: Calltracker displays an active modem call when no calls are on the GW

Symptoms: On a Cisco AS5400 or AS5350 configured for MGCP NAS Package there is a slight possibility that calltracker can display active call records for calls that have already disconnected. This occurs when the guard timer disconnect calls and calltracker is not notified of the disconnect.

Conditions: This will cause a very slow memory leak.

Workaround: Disable Call Tracker or use only for debugging and profiling.

CSCsb56743: Traceback seen in mixed stress

Symptoms: On a Cisco AS5400 or Cisco AS5350 configured for MGCP NAS Package running in a mixed call environment (v.120, syncPPP, v.110,lapb-ta, modem) there is a slight possibility for a traceback to be seen in the gateway logs. This is non-impacting to the gateway and does not impact functionality. The traceback will usually end with 00000000 00000000 00000000 00000000 00000000 00000000.

Workaround: There is no workaround

CSCsb57540: Crash when removing extsig while there are active calls

Symptoms: On a Cisco AS5400 or Cisco AS5350 configured for MGCP NAS Package a crash will occur if you remove the existing MGCP from the controller while active autodetected calls are on the box. The probability of someone doing this is very rare and this crash should not happen under normal operating conditions.

Workaround: Delay removing existing from the controller until all calls on the controller have been released.

CSCsb65114: Cisco 5400 crashes due to memory corruption

Symptoms: A Cisco AS5400 or AS5350 can crash due to rapid disconnects of autodetected call when the gateway is configured for MGCP NAS package.

Workaround: Disable V.120 autodetection on all interfaces.

CSCsb69041: no idb handoff causes subsequent calls to fail for next 10 secs

Symptoms: If the call agent clears a channel while the channel is autodetecting, xcsp immediately clears the call, but the serial autodetect module does not clear until the autodetect timer expires (10 seconds). XCSP failed to call the serial autodetect reset in this case. This caused between 6 and 10 subsequent calls on the same channel would all fail.

Workaround: There is no workaround.

Open Cisco IOS Caveats - Release 12.3(7)YB

CSCeg07256: Calltracker signalling field is not updated for ISDN autodetect calls

Symptoms: The Signalling field in calltracker record when the show calltracker active command is entered for all ISDN autodetect calls is always seen as LLC instead of AUTO. This is observed on the Cisco AS5400.

Conditions: The behavior is observed when ISDN autodetect calls are made.

Workaround: There is no workaround.

CSCeg66867: Disconnect lapb sessions on rejected giants w/ CT disc reason

Symptoms: Lapbta sessions do not disconnect with a calltracker reason when a giant frame is received. If a giant frame is received by the lapb layer, a disconnect is not initiated for X.75 TA calls.

Conditions: MGCP NAS or ISDN autodetected lapb calls.

Work around: Just let the user (TA) hang up. The session will stop passing data and the user will hang up. This will cause the call disconnect with a call tracker reason indicating giants were received. Also, set the client TA max frame size to a maximum of 1500 bytes to eliminate giant frames.

CSCeg81290: Calltracker mib failing smic compile

Symptoms: There is no apparent symptom to the user.

Conditions: The MIB modifications need approval and approval requires the MIB to compile using the SMIC MIB compiler. The existing MIB does not compile, so the changes added do not compile. The MIB compiles using the Cisco IOS MIB compiler.

Work Around: None needed. Changes to the call tracker MIB function as expected. However, the MIB has not been approved yet.

CSCeh32676: vpdn_disc_cause_str() not implemented

Symptoms: Call Tracker records do not give a unique disconnect string for VPDN disconnects.

Conditions: For data/modem calls which experience a disconnect initiated by the VPDN subsystem, a unique disconnect code is given, but not a unique disconnect string. The VPDN subsystem is required to initiate the disconnect with the frequency set at medium. This is only an issue in call tracker call records if call tracker is enabled.

Work around: To differentiate the disconnect reasons the call tracker disconnect code can be used, instead of the verbose string.

CSCsa66285: Modem calls with mgcp nas package are not being torn down correctly

Symptoms: A Cisco AS5400 or AS5350 Access Server running 12.3(7)T6 IOS configured with MGCP NAS package might not handle modem calls correctly if a burst of modem calls (greater than 12) come in on the same T1/E1 line. This is a very rare condition and will not occur unless the timing of how the calls are handle is just right.

Conditions: To determine if you are experiencing this issue you can stop the modem calls and issue a show call calltracker active. If calltracker shows an active modem call when no modem calls are present on the access sever then you could be experiencing this issue.

Workaround: There is no workaround.

CSCsa70831: Calltracker does not display correct V.110 rate

Symptoms: Calltracker record does not display the user bit rate for V.110 calls.

Conditions: MGCP NAS configured, Calltracker enabled. V.110 calls.

Work Around: There is no workaround.

CSCsa70864: is_xcsp() returns False for Modem Calls

Symptoms: There is no apparent symptom visible to the user

Conditions: With all xcsp debugs enabled, MGCP NAS and modem calls, debugs show the helper function is_xcsp() returning FALSE during an xcsp controlled call.

Work Around: None required, the anomaly does not affect the modem call.

CSCsa71930: NAS code incorrect for modem calls that disc due to the absolute timer

Symptoms: When a modem call disconnects on a Cisco AS5400 or Cisco AS5350 configured for MGCP NAS Package the NAS code will report Modem Reset. The NAS code should be Admin Close.

Conditions: The gateway configured to use MGCP NAS Package.

Workaround: There is no workaround. This issue does not impact the call functionality.

CSCsa72092: NAS reason code is incorrect for modem calls term by the absolute timer

Symptoms: When placing modem calls to a Cisco AS5400 or Cisco AS5350 configured for MGCP NAS package, when the call is disconnected via the absolute timeout the NAS reason code is incorrect.

The NAS reason code will list Modem hang-up when it should list Admin close.

Conditions: The gateway should be configured for MGCP NAS package.

Workaround: There is no workaround; this issue does not impact functionality.

CSCsa78155: No VTY Available Calltracker Disconnect Text when VTYs are available

Symptoms: Calltracker disconnect text displays no vty as the disconnect reason.

Conditions: MGCP NAS, CallTracker and autodetection configured. This is possible only for autodetected lap (x.75), V.120 and sync PPP calls. The disconnect reason is wrong if VTYs are available and the true reason is usually LCP timeout.

Work Around: There is no workaround. The stat bug does not impact functionality.

CSCsa78176: pm7366_rx_intr: Spurious interrupt when making autodetection calls

Symptoms: When making MGCP NAS package autodetection calls on a Cisco AS5400 or Cisco AS5350 intermittently pm7366_rx_intr: Spurious interrupt messages will appear when the following debugs are enabled:

debug freedm
debug serial interface
debug serial event

Conditions: The gateway must be configured for MGCP NAS package.

Workaround: There is no workaround.

CSCsa78186: Ping sweep fails for 2020 byte packets

Symptoms: On a Cisco AS5400 or Cisco AS5350 configured for the MGCP NAS package, autodetected LAPB-TA calls will have intermittent ping failures when doing a ping sweep from 60 to 2020 bytes.

Conditions: The gateway must be configured for MGCP NAS package and must be able to terminate a LAPB-TA autodetected call.

Workaround: There is no workaround.

CSCeh50615: Fix feature-related static analysis warnings

Symptoms: There are no apparent symptoms to impact the user.

Conditions: Static analysis run on the YB branch finds 50 or so warnings in feature-related subsystems.

Work Around: There is no workaround.

CSCeh57207: Call Tracker modem rx byte count incorrect approx 2x expected value

Symptoms: When the user enables calltracker for MGCP NAS data calls, the rx byte count in the calltracker record will not be accurate under certain conditions.

Conditions: The cause is not know yet, but the frequency is medium when calltracker is enabled under MGCP NAS.

Work Around: There is no workaround.

CSCsa70817: show mgcp nas dump is not consistent for all calls

Symptoms: show mgcp nas dump displays the default bearer cap instead of the bearer cap of the last call.

Conditions: This stat is accurate during an active MGCP NAS data call. However, once the call disconnects, it is only accurate for some call types. The failing cases display the default bearer cap once the call disconnects.

Work Around: Enable Calltracker.

CSCsa82070: Unsolicited mgcp_parse_v110_asynch_parms appear on console for V110 call

Symptoms: On a Cisco AS5400 or Cisco AS5350 the following message will appear on the console when answering a V.110 call:

mgcp_parse_v110_asynch_parms: proc_buff=none
mgcp_parse_v110_asynch_parms: proc_buff=1
mgcp_parse_v110_asynch_parms: proc_buff=8

Workaround: There is no workaround; this issue does not impact the call functionality.

CSCsa82073: MGCP NAS Dump displays Negative byte count

Symptoms: On a Cisco AS5400 or Cisco AS5350 the command show mgcp nas dump will intermittently display negative values for the byte count.

Conditions: show mgcp nas dump is only relevant for a gateway configured to use the MGCP NAS package.

Workaround: There is no workaround; this issue does not impact the call functionality. The issue is with the reporting of the byte statistics.

CSCsa83186: Outbound synchPPP calls at 56k fail for MGCP NAS package

Symptoms: Outbound synchPPP calls placed by a CISCO AS5400 or Cisco AS5350 configured for MGCP NAS Package will fail.

Conditions: This failure will only happen for outbound synchPPP calls place by a gateway configured for MGCP NAS Package

Workaround: There is no workaround.

Resolved Cisco IOS Caveats - Release 12.3(7)YB

CSCef67682: Reception of certain IPv6 fragments with carefully crafted illegal contents may cause a router running Cisco IOS to reload if it has IPv6 configured. This applies to all versions of Cisco IOS that include support for IPv6.

Workaround: The system may be protected by installing appropriate access lists to filter all IPv6 fragments destined for the system. For example:

  interface Ethernet0/0
    ipv6 traffic-filter nofragments in
  !
  ipv6 access-list nofragments
    deny ipv6 any <my address1> undetermined-transport
    deny ipv6 any <my address2> fragments
    permit ipv6 any any

This must be applied across all interfaces, and must be applied to all IPv6 addresses which the system recognizes as its own.

This will effectively disable reassembly of all IPv6 fragments. Some networks may rely on IPv6 fragmentation, so careful consideration should be given before applying this workaround.

Caveat Advisories

The following advisories are associated with 12.3(7)YB1:

CSCef60659: More stringent checks required for ICMP unreachables

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

CSCei61732

Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.

Cisco has made free software available that includes the additional integrity checks for affected customers.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml

CSCsa59600: IPSec PMTUD not working [after CSCef44225]

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

CSCef43691: L2TPv3 and UTI sessions doing PMTUD vulnerable to spoofed ICMP paks

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

CSCef44225: IPSec (ESP-AH) doing PMTUD vulnerable to spoofed ICMP packets

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

CSCef44699: GRE and IPinIP doing PMTUD vulnerable to spoofed ICMP packets

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

CSCef61610: Incorrect handling of ICMPv6 messages can cause TCP performance problems

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

CSCsa61864: Enhancements to L2TPv3 PMTUD may not work [Follow-up to CSCef43691]

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

CSCed78149: TCP connections doing PMTU discovery vulnerable to spoofed ICMP pkts

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

CSCsa52807: L2TP doing PMTUD vulnerable to spoofed ICMP paks

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

Additional References

The following sections describe the documentation available for the Cisco AS5350 and Cisco AS5400 platforms . Typically, these documents consist of hardware and software installation guides, Cisco IOS configuration and command references, system error messages, feature modules, and other documents. Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online on Cisco.com in pdf or html form.

Use these release notes with the documents listed in the following sections:

Release-Specific Documents

Platform-Specific Documents

Release-Specific Documents

The following documents are specific to Release 12.3 and apply to Cisco IOS Release 12.3(7)YB. They are located on Cisco.com:

Cross-Platform Release Notes for Cisco IOS Release 12.3T

Field Notices: http://www.cisco.com/warp/public/tech_tips/index/fn.html.

Caveats for Cisco IOS Release 12.3 and Caveats for Cisco IOS Release 12.3T

Platform-Specific Documents

Hardware installation guides, configuration and command reference guides, and additional documents specific to the Cisco AS5350 and Cisco AS5400 platforms are available on Cisco.com at the following location:

http://www.cisco.com/en/US/products/hw/routers/tsd_products_support_category_home.html

Feature Modules

Feature modules describe new features supported by Cisco IOS Release 12.3 and Cisco IOS Release 12.3(7)YB, and are updates to the Cisco IOS documentation set. A feature module consists of a brief overview of the feature, benefits, configuration tasks, and a command reference. As updates, the feature modules are available online only.

Cisco Feature Navigator

Cisco Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a particular set of features and which features are supported in a particular Cisco IOS image. Cisco Feature Navigator is available 24 hours a day, 7 days a week.

To use Cisco Feature Navigator, you must have a JavaScript-enabled web browser such as Netscape 3.0 or later, or Internet Explorer 4.0 or later. Internet Explorer 4.0 always has JavaScript enabled. To enable JavaScript for Netscape 3.x or Netscape 4.x, follow the instructions provided with the web browser. For JavaScript support and enabling instructions for other browsers, check with the browser vendor.

Cisco Feature Navigator is updated when major Cisco IOS software releases and technology releases occur. You can access Feature Navigator at the following URL:

http://www.cisco.com/go/cfn 

Cisco IOS Software Documentation Set

The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents.

Documentation Modules

Each module in the Cisco IOS documentation set consists of one or more configuration guides and one or more corresponding command references. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference. Cisco IOS Software Documentation is available in html or pdf form.

Select your release and click the command references, configuration guides, or any other Cisco IOS documentation you need

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, obtaining support, providing documentation feed-back, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html