Table Of Contents
Release Notes for the Cisco 850 and Cisco 870 Series Routers for Cisco IOS Release 12.3(8)YI
Determining the Software Version
Upgrading to a New Software Release
New Hardware Features in Cisco IOS Release 12.3(8)YI3
New Hardware Features in Cisco IOS Release 12.3(8)YI2
New Software Features in Cisco IOS Release 12.3(8)YI3
New Software Features in Cisco IOS Release 12.3(8)YI2
Resolved Caveats - Cisco IOS Release 12.3(8)YI3
Open Caveats - Cisco IOS Release 12.3(8)YI2
Resolved Caveats - Cisco IOS Release 12.3(8)YI2
Open Caveats - Cisco IOS Release 12.3(8)YI1
Resolved Caveats - Cisco IOS Release 12.3(8)YI1
Cisco IOS Software Documentation Set
Obtaining Documentation, Obtaining Support, and Security Guidelines
Release Notes for the Cisco 850 and Cisco 870 Series Routers for Cisco IOS Release 12.3(8)YI
August 8, 2007Cisco IOS Release 12.3(8)YI3OL-8342-02 Fourth ReleaseThese release notes describe new features and significant software components for the Cisco 851, 857, 871, 876, 877, and 878 series routers that support Cisco IOS Release 12.3(8)T, up to and including Release 12.3(8)YI3. These release notes are updated as needed to describe new memory requirements, new features, new hardware support, software platform deferrals, microcode or modem code changes, related document changes, and any other important changes. Use these release notes with the Cross-Platform Release Notes for Cisco IOS Release 12.3 T for Cisco IOS Release 12.3 T located on Cisco.com.
For a list of the software caveats that apply to Release 12.3(8)YI3, refer to the Caveats section below and to the online Caveats for Cisco IOS Release 12.3 T document. The caveats document is updated for every 12.3 T maintenance release and is located on Cisco.com.
Contents
•
Obtaining Documentation, Obtaining Support, and Security Guidelines
System Requirements
This section describes the system requirements for Cisco IOS Release 12.3(8)YI3.
Memory Requirements
Table 1 lists the memory requirements for Cisco IOS Release 12.3(8)YI3.
Hardware Supported
Cisco IOS Release 12.3(8)YI3 supports the following routers:
•
•
•
•
•
•
Determining the Software Version
To determine the version of Cisco IOS software running on your Cisco router, log in to the router and enter the show version command:
Router> show versionCisco IOS Software, C870 Software (C870-ADVENTERPRISEK9-M), Version 12.3(8)YI3, RELEASE SOFTWARE (fc1)Synched to technology version 12.3(10.3)T2Upgrading to a New Software Release
For general information about upgrading to a new software release, see Cisco IOS Software Releases 12.3 T Installation and Upgrade Procedures located on Cisco.com.
Feature Set Tables
The Cisco IOS software is packaged in feature sets consisting of software images, depending on the platform. Each feature set contains a specific set of Cisco IOS features. Release 12.3(8)YI3 supports the same feature sets as Release 12.3(8)YI2.
Note
Table 2 and Table 3 list the features and feature sets supported in Cisco IOS Release 12.3(8)YI3.
Note
Note
New and Changed Information
Cisco IOS Release 12.3(8)YI3 supports the features listed in this section.
New Hardware Features in Cisco IOS Release 12.3(8)YI3
The Cisco IOS Release 12.3(8)YI3 supports the same hardware features as Cisco IOS Release 12.3(8)YI2.
New Hardware Features in Cisco IOS Release 12.3(8)YI2
The Cisco 850 Series integrated services routers are fixed-configuration routers that support broadband cable and ADSL over analog telephone line connections in small offices. The Cisco 870 Series of integrated services routers are fixed-configuration routers that support multiple types of DSL technologies, broadband cable, and Metropolitan (Metro) Ethernet connections in small offices.
Cisco IOS Software Release 12.3(8) YI2 supports the following hardware features on the Cisco 850 and 870 series routers:
•
•
•
•
•
New Software Features in Cisco IOS Release 12.3(8)YI3
The Cisco IOS Release 12.3(8)YI3 supports the same software features that are supported in the Cisco IOS Release 12.3(8)YI2.
New Software Features in Cisco IOS Release 12.3(8)YI2
Cisco IOS Software Release 12.3(8) YI2 supports wireless features associated with the integrated 802.11b/g access point on the Cisco 850 and 870 series routers.
Cisco IOS Software Release 12.3(8) YI2 also supports the following advanced security features on the Cisco 850 and 870 series routers:
•
•
•
•
•
Caveats
Caveats describe unexpected behavior or defects in the Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels. Caveats of all three levels are listed below.
Resolved Caveats - Cisco IOS Release 12.3(8)YI3
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Symptom: Certain malformed client certificates may cause an AP running 12.3.2.JA2 or 12.3.4.JA to crash when EAP-TLS is used.
Workaround: Issue a new client certificate.
•
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
•
The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition.
Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Telnet Services are not affected.
Devices configured with only Authentication Proxy for HTTP and/or HTTPS are not affected.
Only devices running certain versions of Cisco IOS are affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml
•
tracebacks for dot11 card while querying the ENTITY-MIB.
•
Symptoms: Power value advertised is in mW instead of dBm.
Conditions: Beacon and probe packet that publish power values.
Workaround: Use legacy, instead of 802.11d.
•
Symptoms: Router reloads while executing the show ip nbar protocol-discovery command.
Conditions: NBAR protocol-discovery is enabled on the Virtual-Template interface.
Workaround: There is no workaround.
•
Symptoms: Router fails to boot.
Conditions: This symptom occurs when you change the Cisco IOS image from an image that does not include the fix for caveat CSCsa50959, to an image that does include the fix for caveat CSCsa50959.
Workaround: There is no workaround.
•
Bridge MIB not Populated.
•
VendorType and ParentRelPos of ENTITY-MIB displays incorrect values.
•
Symptoms: Clients behind AP cannot ping clients behind repeater/WGB.
Conditions: With fragmentation threshold set on both airlink and repeater to 256, cln1 and cln2 cannot be pinged when the packet size is above the fragmentation threshold, but it can be pinged when the packet is not fragmented.
Workaround: There is no workaround.
•
Symptoms: It takes over five minutes for the adsl line to be trained. If you perform the `no shutdown' command at the adsl/atm interface, wait for the line to come up and then remove the cable, it will take approximately 15 minutes for the %LINEPROTO-5-UPDOWN message to be printed on the console.
Condition: This occurs when the CLI 'dsl enable-training-log' under `int atm 0' is active.
Workaround: Enter `no dsl enable-training-log.'
•
Symptoms: Incoming packets (larger than 1400 bytes) are counted as "input errors" for the ATM interface. The ATM error debug reports "ATM0: AAL5 rx errors (status = 0C100000)" which suggests a CNG is experienced during cells traversing. During testing, a consistent pattern of lost packets was not found.
Conditions: A router configured as PPPoE client or pure RFC1483 bridging.
Workaround: There is no workaround.
•
Symptoms: Although there are free tty lines, you cannot make a Telnet connection and a "No Free TTYs error" message is generated.
Conditions: This symptom is observed when there are simultaneous Telnet requests.
Workaround: There is no workaround.
•
Symptoms: When sending multicast traffic over an IPSec tunnel, a memory leak occurs.
Conditions: This symptom is observed on a Cisco router running Cisco IOS Release 12.3T when both IP CEF and hardware encryption are configured.
Workaround: Switch to software encryption for a while, and then switch back to hardware encryption.
Alternate Workaround: Disable IP CEF.
•
Symptoms: When there is a failure between two IPSec peers, DPD can detect that the communication fails. When there are multiple phase 2 SAs and DPD failures, phase 1 SAs are deleted, but only one phase 2 SA is deleted.
Conditions: This symptom is observed on a Cisco router that is configured for IPSec ISAKMP when there are multiple ACEs in a dynamic crypto ACL, causing multiple phase 2 SAs to be generated.
Workaround: Enter the clear crypto sa command.
•
Radio system messages show up with no radio present on reload.
•
Symptoms: When a router detects "invalid identity" failures while decrypting IPsec packets, a memory leak occurs for the packet memory that is associated with these failed packets.
Conditions: This symptom is observed only when an "invalid identity" error occurs, which is an uncommon error that indicates that the originating router does not send packets according to what was originally negotiated. However, if there is another error that causes a "bad" decryption, the packet could be invalid and may also cause the symptom to occur.
Workaround: There is no workaround.
•
Unmatched SSID probe request response causes TX stuck.
•
Symptoms: Unable to configure anything under non-dot11 subinterface, including IP address.
Workaround: None before code change.
•
Symptoms: A router that is configured for Dynamic Multipoint VPN (DMVPN) may frequently generate the following error message:
%SYS-2-BADSHARE: Bad refcount in datagram_done
Conditions: This symptom is observed on routers that function as a DMVPN spoke.
Workaround: There is no workaround.
•
Symptoms: Routers crash while enabling dot1x
Conditions: The crash is seen only when enabling dot1x on onboard FE interface, not on the switchports.
Workaround: There is no workaround.
•
IPv6 multicast traffics do not get fast-switched.
•
Symptoms: CISCO-DSL-CPE-MIB: some values are not initialized, including cdcAssetVendorType.
Conditions: 180x router with CISCO-DSL-CPE-MIB support.
Workaround: There is no workaround.
•
show wlccp ap mob forwarding, show dot asso missing from show tech.
•
EAP User-name field length is restricted to 64 bytes.
•
1812 router should close 2887 wlccp port.
•
Symptoms: Buffering problem on aux line on the Cisco 871 and Cisco 851 series routers. The last character of AT commands from the router AUX line (line 1) is displayed only after first "RETURN" character. After the second "RETURN" character, the AT command is executed by the analog modem. This behaviour is causing problems with chat scripts and sending AT commands to the analog modem (impossible to dialout using chat scripts). It is possible to send AT commands to the modem using reverse telnet (AUX port), but after each command, hit the Enter key twice. Entering command characters (like AT), the letter A is echoed after pressing T, the letter T is echoed after next character and so on.
Conditions: This problem is observed in the Cisco 871 series and Cisco 851 series router.
Workaround: There is no workaround.
•
Symptoms: Outgoing calls fail on ISDN Non-Facility Associated Signaling (NFAS) group members that do not have a D-channel.
Conditions: The symptom is observed when outgoing calls are made via NFAS group members that have the nfas_d none keyword configured.
Workaround: There is no workaround.
Open Caveats - Cisco IOS Release 12.3(8)YI2
•
Previously associated clients intermittently cannot reassociate upon reload
•
Not all wireless clients are shown under dot11 network-map
•
LEAP intermittent failure when dot1x reauth-period config;reboot req
•
WPA-PSK intermittently fails.
•
Applying "IP unnumbered vlan1" on dot11 sub-interface doesn't work.
Resolved Caveats - Cisco IOS Release 12.3(8)YI2
•
Traceback generated on SNMP query of CISCO-IETF-DOT11-QOS-EXT-MIB
•
NAS-Port-Type needs to be consistent with WNBU AP
•
FW broken on dot11 with VLAN
•
Airlink IF-MIB - ifInUcastPkts Counter32 value decreasing
•
•
•
•
•
When bootup with no startup configuration, the line "station-role root" is missing from Dot11Radio0 interface.
•
•
•
•
•
Open Caveats - Cisco IOS Release 12.3(8)YI1
•
rtsp_smi test intermittently fails; some rtsp-data may be missing.
•
Policy may not classify packets with subprotocols.
•
Static wep fails if transmit-keys between router and client are different.
•
Previously associated clients are sometimes not reassociated upon router reload.
•
Tx side of 802.11g radio fluctuates during stress testing.
•
Unsupported wireless encryption mode "aes-ccm" displays error message, but results in a partial "encryption mode ciphers" configuration that can disassociate clients.
•
show dot11 association sometimes shows incorrect IP address.
•
IPv6 commands under dot11 interface to be removed.
Resolved Caveats - Cisco IOS Release 12.3(8)YI1
•
Alignment/spurious errors occur while testing IPsec-realtime DNS.
•
Traceback messages are generated with the dial string rotation feature.
•
WPA-PSK and WPA 802.1x authentication, such as network-eap or open eap, can be configured simultaneously on the same SSID.
Workaround: While the GUI prevents this invalid configuration, CLI users need to make sure that both WPA-PSK and WPA 802.1x authentication are not configured on the same SSID.
Additional References
The following sections describe the documentation available for the Cisco 851, 857, 871, 876, 877, and 878 series routers. Typically, these documents consist of hardware and software installation guides, Cisco IOS configuration and command references, system error messages, feature modules, and other documents. Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online on Cisco.com in pdf or html form.
Use these release notes with the documents listed in the following sections:
Release-Specific Documents
The following documents are specific to Release 12.3 and apply to Cisco IOS Release 12.3(8)YI. They are located on Cisco.com:
•
•
•
Platform-Specific Documents
Hardware installation guides, configuration and command reference guides, and additional documents specific to the Cisco 851, 857, 871, 876, 877, and 878 series routers that are available on Cisco.com at the following location:
http://www.cisco.com/en/US/products/hw/routers/tsd_products_support_category_home.html
Feature Modules
Feature modules describe new features supported by Cisco IOS Release 12.3 and Cisco IOS Release 12.3(8)YI3, and are updates to the Cisco IOS documentation set. A feature module consists of a brief overview of the feature, benefits, configuration tasks, and a command reference. As updates, the feature modules are available online only.
Cisco Feature Navigator
Cisco Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a particular set of features and which features are supported in a particular Cisco IOS image. Cisco Feature Navigator is available 24 hours a day, 7 days a week.
To use Cisco Feature Navigator, you must have a JavaScript-enabled web browser such as Netscape 3.0 or later, or Internet Explorer 4.0 or later. Internet Explorer 4.0 always has JavaScript enabled. To enable JavaScript for Netscape 3.x or Netscape 4.x, follow the instructions provided with the web browser. For JavaScript support and enabling instructions for other browsers, check with the browser vendor.
Cisco Feature Navigator is updated when major Cisco IOS software releases and technology releases occur. You can access Feature Navigator at the following URL:
Cisco IOS Software Documentation Set
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents.
Documentation Modules
Each module in the Cisco IOS documentation set consists of one or more configuration guides and one or more corresponding command references. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference. Cisco IOS Software Documentation is available in html or pdf form.
Select your release and click the command references, configuration guides, or any other Cisco IOS documentation you need
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feed-back, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Use this document in conjunction with the documents listed in the "Additional References" section.
CCVP, the Cisco logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networking Academy, Network Registrar, Packet, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0705R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2007, Cisco Systems, Inc. All rights reserved
Guest
