Table Of Contents
Release Notes for
Cisco VPN Solutions Center:
MPLS Solution 1.2.1Materials Included in Packaging
What Has Changed in Release 1.2.1 of MPLS VPN Solution
Download and Upload Function—Two Choices
Download and Upload Mechanism Recognition and Troubleshooting
Download and Upload Mechanism Recognition
Troubleshooting When Using the New Default Download and Upload Mechanism (TGS)
Viewing Debug Messages Sent by TGServer
Errata for the Installation Guide
MPLS VPN Solution System Recommendations
Cisco IP Manager (CIPM) (Lite) Version 2 Recommendations
Time Zones for NetFlow Collection
Task API Usage: TaskFactory::createGetSLAData() Operation
Problems Fixed Since Cisco VPN Solutions Center: MPLS Solution Release 1.2
Known Problems in Cisco VPN Solutions Center: MPLS Solution Release 1.2.1
Release Notes for
Cisco VPN Solutions Center:
MPLS Solution 1.2.1
The information in this Release Notes for Cisco VPN Solutions Center: MPLS Solution 1.2.1 document supersedes all information in the Release 1.2 documentation set for Cisco VPN Solutions Center: MPLS Solution, referred to as MPLS VPN Solution.
Note
Please read this document prior to reading any other Release 1.2 manual for Cisco VPN Solutions Center: MPLS Solution.
Contents
The information in this release note is organized into the following sections:
•
•
•
•
•
•
•
•
•
Materials Included in Packaging
The materials included in the product box are as follows:
•
•
•
•
•
•
Additionally, the product includes the Cisco IP Manager product (in case you choose not to use the new default download and upload mechanism integrated into this product), which includes the following components:
•
•
•
Note
If you order a Cisco VPN Solutions Center: MPLS Solution API upgrade, you will receive the following:
•
•
•
Introduction
Effective operations management is one of the most important success factors for the Service Provider business. Cisco VPN Solutions Center: Multi Protocol Label Switching (MPLS) Solution, referred to as MPLS VPN Solution, is part of operations management tools. MPLS VPN Solution is the provisioning and network management solution for MPLS VPNs.
Service Provider MPLS VPN networks present new challenges to the provisioning of network services. The Service Provider must be able to share bandwidth among customers while simultaneously ensuring that the network reliability and security remain at the same level as private leased lines. To effectively meet these requirements, network architecture, deployment, roll out, and operational support procedures must be well planned and defined. MPLS VPN Solution enables the Service Provider to effectively manage and maintain the integrity of the network.
MPLS VPN Solution runs on a Sun Microsystems Solaris platform, Release 2.6. The setup function allows you to create targets from router configuration files and define the Provider Administrative Domain, customers, and VPNs. MPLS VPN Solution is a service management system that allows service operators to use wizards to enter the requested service-related information. MPLS VPN Solution has an audit function that monitors and reports the current state of a VPN service request over its lifetime and the reasons why the service request is in its current state. MPLS VPN Solution provides collection tasks and reports for accounting and Service Level Agreements (SLAs).
What Has Changed in Release 1.2.1 of MPLS VPN Solution
The implementation for the following topics was changed from Release 1.2 to Release 1.2.1:
•
•
Download and Upload Function—Two Choices
In Release 1.2, the default method of downloading and uploading configuration files was Cisco IP Manager (CIPM). For Release 1.2.1, MPLS VPN Solution incorporates a new default method of downloading and uploading configuration files, the Telnet Gateway Server (TGS). Therefore, you are not required to install Oracle and CIPM, which required a second workstation, unless you choose to use CIPM as the download and upload method.
For more specific installation instructions and an explanation of the download and upload mechanism choices, see the "Errata for the Installation Guide" section.
For information about added properties in the csm.properties file to support the new download and upload mechanism, see the "Errata for the User Reference" section.
For information about recognizing the download and upload mechanism in use and troubleshooting when using the newly bundled download and upload mechanism, see the "Download and Upload Mechanism Recognition and Troubleshooting" section.
Hardware Support
Testing has verified that MPLS VPN Solution supports the following hardware:
•
•
Download and Upload Mechanism Recognition and Troubleshooting
Due to the addition of the incorporated default download and upload mechanism, this section indicates the following:
•
•
Download and Upload Mechanism Recognition
To determine which download and upload mechanism you are using, look at the csm.properties file and view the property DIPMServer.mode. If TGS is specified, you are using the default download and upload mechanism incorporated into this product, the Telnet Gateway Server. If CIPM is specified, you overrode the default and are using Cisco IP Manager (CIPM) as the download and upload mechanism.
Note
Troubleshooting When Using the New Default Download and Upload Mechanism (TGS)
When using TGS, the new default download and upload mechanism, you can troubleshoot this mechanism in the following ways:
•
Viewing Debug Messages Sent by TGServer
To view every debug message sent by TGS through the TGServer, do the following:
Step 1
Step 2
Note
Debugging TGS Expect Scripts
To debug TGS expect scripts, do the following:
Step 1
Step 2
Note
Errata for the Installation Guide
In the Cisco VPN Solutions Center: MPLS Solution Installation Guide, Software Release 1.2, many areas speak to the necessity to install Cisco IP Manager (Lite) Version 2, which is bundled with this product. In this 1.2.1 release, Cisco IP Manager (CIPM) is not required. Telnet Gateway Server, the default download and upload mechanism, is now packaged into this product (see Download and Upload Function—Two Choices)
In Release 1.2.1, after Step 17 on page 4-8 of the Cisco VPN Solutions Center: MPLS Solution Installation Guide, Software Release 1.2, the following steps have now been added:
Step 1
Step 2
Note
To set the local host as the TFTP server, do the following in a new terminal window:
a.
b.
#tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpbootc.
d.
ps -ef | grep inetdThe result is:
root <pid> 1 0 <date> <time> /usr/sbin/inetd -se.
kill -1 <pid>where <pid> is the same as <pid> in the resulting line in Step d.
Step 3
If you choose to use TGS, the default download and upload mechanism, you do not need to address the following sections in the Cisco VPN Solutions Center: MPLS Solution Installation Guide, Software Release 1.2:
•
•
•
•
•
When reviewing information about the CE Routing Communities (CERCs), as in Chapter 1, section, "CE Routing Communities," and Chapter 4, sections, "Defining CE Routing Communities," and "Adding CERC Definition," be sure to understand that if you bypass the Auto-pick route target values option and set the route target (RT) values manually, the RT values cannot be edited once they have been defined in MPLS VPN Solution.
Errata for the User Reference
In the Cisco VPN Solutions Center: MPLS Solution User Reference, Software Release 1.2, Figure 11-3, Version and Copyright Information, on page 11-2, now shows a new screen indicating this version, V1.2.1.
Note
All places that show the WatchDog will now additionally show the new server, TGServer.
In the Cisco VPN Solutions Center: MPLS Solution User Reference, Software Release 1.2, Appendix B, "Property Settings," reflects the properties in the csm.properties file for Release 1.2.
The following properties in the csm.properties file were updated for Release 1.2.1:
Note
•
•
•
•
System Recommendations
The system recommendations are explained in the following categories:
•
•
MPLS VPN Solution System Recommendations
The following are the system recommendations for MPLS VPN Solution:
•
Note
•
Note
•
Cisco IP Manager (CIPM) (Lite) Version 2 Recommendations
When installing the MPLS VPN Solution, you must choose either the new default download and upload mechanism, which is incorporated in this product, or Cisco IP Manager (CIPM) (Lite) Version 2.0(40), which is bundled with this product.
Note
For information on how to install CIPM, refer to the Cisco IP Manager (Lite) User's Guide: Version 2.0 distributed with the product. The recommendations for the workstation on which you are installing CIPM are as follows:
•
•
Other System Recommendations
In addition to the MPLS VPN Solution system recommendations, the following is needed:
•
Note
•
Note
•
•
Time Zones for NetFlow Collection
Be sure that all devices from which data is being collected are synchronized. For NetFlow collection, this means that not only does the MPLS VPN Solution system need to be synchronized to the NetFlow Collector, but that the PE routers must also be set to the same time and time zone. Otherwise, data will not be displayed or will be inaccurately displayed based on the router's time stamp embedded in the data.
Task API Usage: TaskFactory::createGetSLAData() Operation
For this release, use the GUI interface (refer to the section Provision SLA Definitions and Collect SLA Data in the Cisco VPN Solutions Center: MPLS Solution User Reference) to create, collect, and delete Service Level Agreements (SLAs).
Problems Fixed Since Cisco VPN Solutions Center: MPLS Solution Release 1.2
The problems fixed since Release 1.2 are presented numerically in the following categories:
•
•
Provisioning
CSCdr92201 - Relax check for duplicate IP addresses on point-to-point interfaces.
CSCdr99461 - Cannot add two interfaces to same VRF.
CSCds01286 - Service interruption occurs when provisioning extranet.
CSCds18797 - RD and RT pools are wrongly marked as full.
CSCds22573 - "no set extcommunity rt xx:xx" removes all extended community route targets.
CSCds23303 - No recognition of manually entered static routes in a modify Service Request.
CSCds34548 - Removing existing BGP address family configuration.
CSCds34621 - Need option to append/prepend template to configlet.
CSCds35298 - Import hangs on Frame Relay IETF encapsulation.
CSCds35479 - Extra export command when full-mesh joins VRF as spoke.
CSCds41565 - "no ip route cache" incorrectly added to interface.
CSCds45857 - Audit not accepting short static route syntax for nonbroadcast interfaces.
CSCds46439 - Redistribute connected and static are not removed.
CSCds47428 - Removal of a Service Request failed to deploy.
CSCds50408 - Configlet download error.
CSCds63187 - Core file generated after auditing.
Graphical User Interface
CSCdp79910 - SA Agent Report gives no date selection.
CSCdr22854 - Task/deployment log - problem with the status message.
CSCds01296 - Graphical User Interface unusable at 3000 SRVCs.
CSCds09827 - Import router configuration files is not working.
CSCds40462 - Cannot select join as spoke when provisioning full mesh VPN/CERC.
Collection
CSCdr49972 - Exception occurring in EventGateway server.
CSCds35335 - getconfig times out if IP domain lookup is enabled on router.
CSCds43040 - VPN with Service Request in pending state does not show up in SLA wizard.
API
CSCdr40466 - VsmVPNConnectivityCreator::setCEAdvertisedRoutes() problem.
CSCds08139 - VpnInvImport does not give proper error message when required data is missing.
CSCds08824 - VsmSRCreator:For Cable:Need to make setCEInterfaceAddress optional.
CSCds10071 - VpnInvImport is not working when InterfaceType is set to Cable.
CSCds11915 - VpnInvImport does not accept Route Target value with an IP address.
CSCds11962 - VpnInvImport does not import VRFDef for Grey-Management VPN.
Other
CSCds20553 - Memory leak in log Server Servlet.
CSCds50822 - DataSetServer does not release inactive objects; has memory leak.
CSCds71890 - Import/Export left out DLCI number.
Known Problems in Cisco VPN Solutions Center: MPLS Solution Release 1.2.1
The known problems are presented numerically in the following categories:
•
Installation
CSCdp95960 - VPN installation must check top binary permissions and untar demo repository
The top binary that is installed in the unsupported directory must be owned by the group sys and setgid. This ownership must be checked or set during VPN installation.CSCdp99604 - Install script should allow user to continue if network is down
Installer appears to be in a loop when trying to ping a host.
Workaround: You can either wait for the network to come on line again or press Cntrl + C to restart the install from the beginning.Provisioning
CSCdm58306 - SelectIPAddress step in Add VPN service wizard needs more checks
During the Add VPN Service to CE wizard, you may enter specific IP address information. While basic validation is done on the IP address, more sophisticated checks of the address are not done. For example, 0.0.0.0/0, 127.0.0.0/0, and 255.255.255.255/32 are all allowed.
Workaround: You should manually check that the addresses being entered are correct.CSCdp14582 - It is difficult to purge a Service Request against an invalid device
If you define, for example, a PE that is inaccessible and make a Service Request that refers to it, provisioning keeps the Service Request in Requested state, because upload will fail. However, if you try to get rid of the Service Request by performing a deletion, it also fails, staying in the Requested state, for the same reason.
As a result, the Service Request cannot go to closed, and hence cannot be purged. Accumulating these bogs down the system, as each download attempt has to time out on access to the bad devices. It is also not possible to delete the invalid device, because there are Service Requests outstanding against it.
Workaround: Any technique that arranges (temporary) access to a device can be used to clear up this corner case. For instance, temporarily pointing the PE Target parameters to some other device allows upload to proceed. If this is not possible, another workaround is to switch the system to ECHO mode, clear the bad request in that mode, and reset to regular (CIPM) mode.CSCdp37895 - Provisioning ATM subinterface greater than 4096 causes error
When creating a Service Request using ATM and the CE is "unmanaged", selecting a subinterface value larger then 4096 causes a provisioning error. The result in an "Invalid" Service Request.
Workaround: On the "interface" panel, enter the subinterface value in the interface field, that is ATM1/0.10000100. On the next panel where the field asks for a subinterface value, enter a number less then 4096. The value entered in the "interface" panel overrides this panel allowing the provisioning engine to create the Service Request.CSCdp82730 - Time not displayed for the first 3001 Service Requests on the Service Request list
When 20,000 Service Requests were created through the API, for the first 3001 Service Requests, the 'Created At' and the 'Last State Change' columns do not show the time when that event took place. Instead, the message 'Not Available' is seen on these two columns. The remainder of the Service Requests are fine.CSCdp96976 - Multiple subsumption of invalid requests are handled incorrectly
When an invalid Service Request is subsumed by a Service Request and goes invalid, the subsequent subsumption by a Service Request does not behave correctly in the provisioning engine. The delete Service Request contains the parameters from the wrong Service Request.CSCdr36264 - Changing the router name from the CLI leads to a tftp 2007 error
If the router hostname is changed through the router CLI and the hostname is not changed in VPNSC via the GUI, then a configuration download via Cisco IP Manager might fail.
Workaround: Change the hostname in VPNSC via the GUI as well.CSCdr45541 - BGP static configuration - global static route to the CE loopback
When selecting BGP as a protocol between the CE and the PE and selecting static as the redistributed protocol, the loopback0 on the CE is given a static route in the VRF table on the PE. This is okay except that MPLS VPN Solution also places the same static route outside the VRF table. Therefore, two static routes are created to the same loopback, one inside and one outside the VRF. Note: This only occurs with the BGP and static redistributed protocol.CSCdr48910 - Populate interface always reports Task Completed Successfully
After execution of a "Populate interface" task, the task status always reports that the task completed successfully, even if errors occurred.
Workaround: To determine the actual status of a "Populate interface" task, the user should: 1) click on the "Log" link for the corresponding task entry in the Task Log, 2) click on the "MibInterfaceMap" link in the lower left panel, 3) click on the "Errors" link in the lower right panel. This procedure displays the errors, if any, that occurred during the task's execution.CSCdr54038 - Modifying Frame Relay to Frame Relay-IETF causes new loopback generation on PE
A new loopback is assigned when a modify Service Request deletes the subsumed Service Request and adds the new Service Request. In this process, the loopback is deleted and re-added. The loopback-picking algorithm picks a loopback number that is one greater than the greatest loopback configured on the router.
This does not occur if there are other interfaces pointing to the loopback or the loopback in question has the greatest number on that router.
Workaround: None.CSCdr69226 - Management VPN creation requires another VPN definition
When the New Service Request wizard is invoked without creating at least one provider, one customer, and one VPN, an error message says that this wizard requires at least one provider, one customer, and one VPN to be created. This is as designed
Workaround: Understand that when the message says at least one VPN must be created, the meaning is that at least one user-defined VPN must be created.CSCdr75079 - Management VPN Access List and route map changed when modifications were unrelated
When modifying the same and only protocol within a router, the access list number is incremented by one.Workaround: Does not affect functionality.
CSCdr89392 - Service Requests states broken due to Grey Management CE None found in prefix
Audits using VPN Routing Information fail, causing Service Requests to go to the "Broken" state. This affects only those Service Requests for CEs that join the management VPN. The Service Request for the MCE is unaffected and moves to the "Functional" State. This occurs only when the MPE/MCE routing protocol selected is either Static or BGP, and when "Redistribute Connected" has not been selected. In versions prior to 1.2, "Redistribute Connected" was automatically generated in any configlet that contained the PE routing protocol configuration. In version 1.2, "Redistribute Connected" is user selectable in the Service Request wizard.
Workaround: To avoid this scenario, "Redistribute Connected" should be selected when the MPE/MCE routing protocol selected is either Static or BGP.CSCdr95038 - PE-CE link for cable maintenance should not allow subinterface
When provisioning a PE-CE link for a cable maintenance interface, the subinterface is fixed to cablex/x.1. The GUI allows selection of the subinterface, which is inaccurate.
Workaround: None.CSCds01621 - Modifying OSPF process ID on CE should remove network statement
When modifying the OSPF process ID on the CE device, the existing network statement is left intact in the original OSPF process, while the new OSPF process is configured with the original network statement. This is not a valid OSPF configuration.
Workaround: Remove the current Service Request and create a new Service Request with the desired OSPF process ID.CSCds02029 - Audit failed but the state stays at pending
After deploying a Service Request, if you issue an Audit request, the request state stays at "pending" but the audit details show "router failed deployed test."CSCds03822 - Provision Service Request hangs when lost connection
If connection to the router(s) is lost in the midst of a provisioning process, the download agent (DIPMServer) goes into a loop trying to reconnect.
Workaround: Redeploy the Service Request.CSCds03955 - Service Request cannot be removed if Grey management is configured in MPE
MCE...MPE...PE1...CE1. If Grey management is configured in MPE (Service Request 1) and CD1 joins the management VPN (Service Request 2), then removing Grey management VPN causes Service Request 1 to be unremovable.
Workaround: Do not remove management VPN when Service Requests depend on it.CSCds05166 - Modify Service Requests with no shutdown, causes ACLs to be re-added
When you modify Service Requests to have "no shutdown" on interface, it causes the ACL for Grey management to be removed and re-added. This can cause problems with other Service Requests that might be in the same VRF and being managed. This causes lost connections between Grey and managed CEs.CSCds06438 - Need audit check for subnet keyword on redistributions for OSPF
The Auditor does not currently check for the presence of the "subnet" keyword on redistributions within OSPF. If the "subnet" keyword is missing, the Service Request state should go to Lost, rather than staying in the Deployed state.
Workaround: None.CSCds09933 - Service Request goes Invalid when using lower case c for cable interface
Using lower case "c" for interface using Cable causes the Service Request to go "Invalid".
Workaround: Use upper case "C" only for this interface.CSCds11216 - Service Request modification to disjoin management VPN is missing command
If a Service Request for a CE that has joined the Management VPN is modified to disjoin the Management VPN, not all commands are generated to remove the Management related configuration. The configlet generated for the modify Service Request does not contain the following:
ip vrf <vrf_name> "no route-map grey_mgmt_vpn_<vrf_name> permit 10"
All other portions of the Management VPN configuration are removed.
Workaround: Service and functionality are not affected. The only workaround is to manually remove the export map statement from the VRF configuration on the router.CSCds11941 - Service Request for static fails to deploy with inconsistent address and mask
When a Service Request is created with 'static' and 'Give Only default routes to CE' and provisioned, it fails to deploy with the message 'inconsistent address and mask'.
Workaround: None.CSCds25690 - Service Request is stuck in running state, but it is successfully deployed.
When deploying a Service Request, the Service Request stays in the running state and there is no end time on the reports page. However, the deployment has completed successfully on the routers. The action report confirms this by showing SUCCESS for all the fields.
Workaround: After issuing a stopwd and startwd, when the same Service Request is deployed again, then it concludes with 'Task Completed Successfully.' Unfortunately this workaround is only valid for about 2 hours. After that, the same problem arises.CSCds25757 - Service Request blocked in the running state
When deploying a Service Request, the Service Request stays in the running state and there is no end time on the reports page, but the deployment has not been successful on the routers. stopwd and startwd did not help. Redeploying the Service Request produces the same running state. Trying to do something else (for example, creating a new Service Request) was impossible. The only solution was to reinstall.CSCds35943 - Duplicate IP address on Frame Relay major interface not recognized
No ability to provision major interfaces with frame-relay encapsulation. Any attempt to provision frame-relay encapsulation on major interfaces causes the major interface IP address to be removed and a subinterface with subinterface number equaling the DLCI to be configured.CSCds35975 - Frame Relay Service Request download inserts encapsulation HDLC on major interface
Modifying a Service Request from HDLC encapsulation to frame-relay encapsulation leaves the major interface with HDLC encapsulation.
Workaround: Remove all the subcommands of the major interface before modifying the Service Request.CSCds36011 - setCIPMUserPasswd utility dumps core
When you run the setCIPMUserPassword utility and specify the user name and password. The utility core dumps, though the user id and password are set correctly in the Repository.
Workaround: Use the tool. The user and password are set correctly.CSCds36473 - Remove Service Request downloads no ip addr to CE Ethernet interface
Deploying remove service request results in loss of connectivity if the PE-CE link is used to download the remove service request. It is recommended to use a different link to the CE to remove a Service Request on the CE.CSCds41847 - Grey management access-list increasing
Normally when configuring several VPNs belonging to the same PE, one route-map per VPN should be created and all route-maps should contain the same access-list. But sometimes, we see that the access-list starts increasing. The consequence is that the grey management has got only the IP connectivity to the first configured CE in a VPN.CSCds42683 - DIPMServer - not setting TFTP server and path
Initial downloads can fail if the transfer mode is set to tftp.
If the CIPM domain has not been created and configured to use a TFTP server (configured via the CIPM GUI), then VPNSC will create the domain, and set the NEM server for that domain, however it will not set the TFTP server attributes for the NEM server.
Workaround: The TFTP server configuration needs to be done via the CIPM GUI. If no domains have been created, then create one using a VPNSC network name for the domain name. Then set the NEM server for the domain and the TFTP server attributes for that NEM server. If there are existing domains, just choose one and set the TFTP server attributes on the NEM server.
NOTE: Because the TFTP server attributes are actually set on the NEM server, this only needs to be done once. All subsequent domains created through the CIPM GUI or through VPNSC only need to set the NEM server.CSCds43391 - Frame Relay Encapsulation does not work on Gigabit Switch Router (GSR)
This is a problem related to IOS on GSR.CSCds44423 - When remove Service Request with template, the template was appended
Templates that have been added to a Service Request are appended to the remove Service Request.
Workaround: Modify the Service Request and remove the template and deploy. Then remove the Service Request.CSCds47546 - CERC membership removal does not occur.
A VRF/RD overwrite-enabled Repository did remove the old CERC memberships and replace them with the new CERC memberships. However, the provision engine cannot generate a configlet due to the errors as "Extra Route Target found = 4353:3".CSCds50408 - Configlet download error due to non-warning found
A string has been added to csm.properties to catch the warning output generated by IOS on the GSR platform.CSCds50694 - VRF override RD is not correctly generated in configlet
If the VRFRDOverride.unix property is true in csm.properties, when you enter values for the RD that are within the router's valid limit, the VPNSC changes it to a different value in the configlet when deploying the Service Request.
Workaround: None.CSCds65683 - Failed downloads through CIPM can succeed when write mem enabled
Due to a bug/feature in Cisco IP Manager (CIPM), a failed download can be reported as a success, when the write running to startup flag is set in csm.properties. The problem is if the download fails, CIPM still attempts the write mem as a separate operation. If the write mem succeeds, then it returns successful. This is an edge condition, since the most common timeout and login password errors will still be returned as errors.
Workaround: Check for syntax errors in configlets that are downloaded. Because the download server checks for errors in each CIPM response buffer, errors can be added to the DIPMServer.CIPMIOSErrorExpressions property in the csm.properties file.
Example: "% Invalid "CSCds67439 - VPNSC can deploy duplicated IP address over ATM interface
Duplicate IP addresses are configured on multiple ATM subinterfaces. IOS does accept duplicate IP addresses. Only the first IP address is accepted.Graphical User Interface
CSCdm52106 - Schedule window too small in wizard
The schedule step that appears in certain wizards may not show all the possible scheduling options because the window is too small.
Workaround: Make the window larger.CSCdm56137 - Task status may show active after it completed
In the task manager window, the status of a task may show as Active, even if the task has actually completed.
Workaround: None.CSCdm59399 - VPN Console windows have bad sizing behavior under X emulators
The VPN Console has shown bad sizing behavior when used with X emulators, such as XVision on Windows, NCD Xterminals, and Reflection X.
Workaround: Resize the windows manually, if possible, or display to a Solaris workstation's display.CSCdm59856 - Icons may not be displayed in topology
When using the topology, the icons may not display immediately.
Workaround: Close the topology and re-open it.CSCdm65063 - Inconsistent behavior of modal windows in Admin Console
The Admin Console window handling is inconsistent. For most modal windows, if an attempt is made to click outside the window, an audible beep is heard indicating that this is not allowed. However, if another nonmodal window is already displayed and a modal window is then opened, it is possible to click on the nonmodal and no beep is heard.
Workaround: None.CSCdm85670 - Target retries and timeout entry confusing
The timeout value has an upper limit of 60 seconds. This is the timeout value used for each retry attempt to communicate to the router.CSCdm87862 - Editing a region may remove it from the region listing
In some cases, when editing a region, the region may disappear from the Provider Administrative Domain's region list. The same thing may happen with the sites and customers.
Workaround: Click Cancel on the Region window and the Provider window and re-open the provider and region windows.CSCdm91769 - Click in Traffic Summary Graph displays wrong tag/numbers
The pie charts for the Accounting reports allow clicking on one of the wedges to see more information. In some cases, the numbers in the pie chart correspond to the wrong row in the tabular report.CSCdm91773 - Axis values in accounting charts incorrect
The axis values in some of the accounting charts may be incorrect.CSCdp04528 - Failure to create a Provider Administrative Domain results in multiple error message windows
Whenever creation of the Provider Administrative Domain fails, multiple failure message windows appear.
Workaround: None.CSCdp04969 - Default route disappears when modifying a Service Request
A problem occurs when modifying a Service Request that is using Static routing between the PE and CE. The "default route" specified in the original Service Request is no longer displayed.
Workaround: Re-add the "default route" (0.0.0.0).CSCdp13406 - Audit and Provisioning wizards get confused if run simultaneously
Running the Add VPN to CE wizard and the Generate Audit Report wizard at the same time can get the two wizards into a confused state when the Back button is used. Using Back can return you to the previous screen in the other wizard.
Workaround: Use only one wizard at a time.CSCdp14446 - Remove requests (re)scheduled by the task manager receive fatal error
A Remove VPN Service Request that is re-deployed through the Task Manager, fails with a Task Log error message of FATAL ERROR. There are no Service Requests of type \VIRepGenericSrvcReq::SRObjTypeSRVC\.
Workaround: Use the Provisioning > Deploy Service Request function to redeploy requests instead of rescheduling an existing task from the Task Manager.CSCdp25127 - Xclipboard functionality non-existent
There is currently no way to copy text out of an MPLS VPN Solution window and paste it into another Xclient window.CSCdp50127 - VPN Console window should close when the watchdog goes down
VPN Console returns an error stating that an object could not be found in the database.
Workaround: Close the VPN Console and re-open it.CSCdp54462 - GUI Refresh of VPN Inventory does not reread the Repository
If the Raima utility initdb is used to clear out a database, then the Refresh functions in the VPN inventory of the VPN Console do not work.
Workaround: Restart vpnconsole.CSCdp54481 - Refresh of Task Manager window does not reread the repository
Tasks remain in the task manager GUI after the task database has been initialized and the GUI is refreshed.
Workaround: Restart vpnconsole.CSCdp62988 - GUI hangs when modifying the repository during backup
When a Repository backup is running, the database is write locked until the backup task completes. If you try to insert a new task into the repository while the backup is running, it fails. The VPN Console hung until the backup completed. Since a repository backup may take time, the VPN Console should not hang, but rather inform you that the database is currently write-locked.
Workaround: Do not attempt to modify the repository while running a backup.CSCdp86529 - GUI lists objects twice if refreshed during initial load
Selecting Refresh on the VPN Inventory section in the GUI while it is still getting the object list results in the object tree being listed multiple times.
Workaround: Be careful not to select Refresh at this time.CSCdp86884 - Adding a VPN through the topology and exiting before finishing causes errors
If a Service Request is created from topology and is canceled before completion, it shows up in the left pane of the topology.
Workaround: Do not use the topology to create Service Requests, use the wizard located in the VPN Console at Provisioning > Add VPN Service to CE.CSCdr03591 - Java exception occurs when deleting Region
When a PE or Region is being deleted by another user, it is difficult to read the error message, when moving through the Add VPN Service wizard.
Workaround: None.CSCdr17172 - Task logs not being deleted from tmp directory
Logs are not deleted from the /tmp directory according to schedule.
Workaround: Leave default configuration for csm.properties file as true, to clean up log files.CSCdr27624 - Deleting a region does not check for associated PEs
When you delete a region with PEs in it, no error message is displayed and the PEs are also deleted.
Workaround: None.CSCdr42538 - Task API: Scheduled task name is not seen in the GUI
The scheduled task name entered through the CORBA API is not displayed in the task manager GUI.
Workaround: None.CSCdr52515 - Deletion of Region does not synchronize with its PEs
When Delete the Region fails, the region remains in the left panel but the PEs under the region are removed.
Workaround: None.CSCdr56337 - PE-CE provisioning if Change PE does not refresh interfaces
In the interface selection step of the Service Request wizard, the list of interfaces are not refreshed if the PE selection is changed.
Workaround: Exit the wizard and start a new wizard.CSCdr63519 - VPNSC hangs when you double-click on Edit in the Edit Customer site
When you double-click on Edit in the Edit Customer site window, the application hangs.
Workaround: The only way to execute is to stopwd, kill the existing jre, and startwd.CSCdr83328 - Restore utility in Repository Administration does not start all the servers
The Restore utility in Repository Administration shuts down and restarts all the servers. However, some servers fail to come up correctly and are therefore disabled. Additionally, if wdgui was running when the servers were restarted, it no longer displays the correct status for all servers.
Workaround: After performing a Restore, be sure to close all instances of wdgui and vpnconsole. Then restart VPNSC by performing a stopwd -y followed by a startwd.CSCdr92346 - Do not enter spaces in data-entry fields of GUI
GUI inappropriately allows trailing spaces after task and target names.
Workaround: Do not put trailing spaces when entering names into the GUI.CSCdr92352 - Cable provision GUI needs to disable CE IP address options
When provisioning cable interfaces, the CE interface field in the SelectIPAddress step in the Service Request wizard is enabled even though you do not need to enter the CE interface address.
Workaround: None. You do not need to enter the IP addressCSCdr92550 - Create works as Edit if the user already exists
While creating a new user through the user administration facility of the tool, if an attempt is made to create a second user with the same name, no error message is given. Instead, the tool modifies the details of the existing user.
Workaround: Create unique user names while creating new users.CSCdr92734 - PE to CE provision screen accepts different IP network address
When creating PE to CE links, the GUI allows the PE and CE IP addresses to be in different networks.
Workaround: None.CSCdr93603 - Delete region creates deadlock when Provider Administrative Domain has only one region
When trying to delete a Region, a deadlock occurs when the Provider Administrative Domain contains only one Region under it.
Workaround: a) Instead of deleting the Region, modify the existing one. b) Delete the Region from the hierarchical pane (on the left side), instead of deleting it from the Edit PAD window. In this way, no error or deadlock occurs.CSCdr94757 - Print report: changing file extension converts name to lower case
When printing SLA reports to a file, uppercase characters within the file pathname are permanently converted to lowercase when the output format (PS, TEXT, CSV, HTML, and so on) is changed.CSCdr95645 - Print report to file: no warning if directory does not exist
When printing SLA reports to a file, there is no warning if the directory does not exist. Printing the report fails, but no warning is sent.CSCdr96786 - OSPF redistribution fails on CE when OSPF is the selected protocol
Currently, when OSPF is selected as the PE/CE routing protocol, it is not possible to select OSPF redistribution on the CE in the RedistProtocols window of the add or modify Service Request wizard. This should be allowed, since it is possible to redistribute a different/existing OSPF process into the OSPF process VPNSC is provisioning.
Workaround: Manually configure redistribution if required.CSCdr96924 - Cable interface configuration GUI should show the subinterface number
Cable interface PE-CE provisioning screen only has the option of showing the Major interface. When modifying a subinterface, it is difficult to trace the interface we are modifying. For clarity while modifying, the GUI should show which interface the Service Request is attached to.
Workaround: None.CSCdr97462 - Multiple user feature compounds data report memory leak
A VPN Console uses large memory especially when displaying large reports. Also, with some reports, there is a memory leak. When multiple users concurrently run VPN Consoles from the same machine, the memory problem multiplies.
Workaround: Avoid opening large reports and running multiple VPN consoles concurrently. Even though our system supports multi user accounts, concurrent VPN consoles can cause memory problems.CSCds00560 - Inaccurate error message when creating SLA task through the GUI
Start with a clean Repository and create a framework. At this stage, there is no service request created. Then use the menu task bar, Monitoring > Provision SLA Definitions and Collect SLA Data to create and schedule an SLA.
An error message results: There are no SA Agent customer edge (CE) routers associated with a VPN. Please associate at least one SA Agent customer edge (CE) router with a VPN, using the Setup menu, before attempting to use this wizard.
The problem with this error message is that the only way to associate a CE with a VPN is by creating a Service Request on the CE. This association cannot be done through the Setup menu, and therefore the above error message is not accurate.
Workaround: Create a Service Request for the CE before monitoring its SLA performance.CSCds01408 - GUI hangs after clicking Next in confirm window of Service Request wizard
The GUI hangs intermittently just after clicking the Next button in the confirm window of the add/modify Service Request wizard. The GUI function is usually restored after approximately 3-4 minutes. There is no set procedure to reproduce it, although it only occurs when completing the add/modify Service Request wizard.
Workaround: When this problem is observed, allow 3-4 minutes for the GUI functionality to return.CSCds05224 - Service Request State Change Report misses Deployed state change
Service Request State Change Report does not report that the Service Request went into the Deployed State.CSCds05278 - State History for Web reports not working
The State History button does not Display reports for the Web interface reports, for Service Request Detail Report for SR<#>.CSCds13047 - Service Request Audit Report window should avoid links
Service Request Audit Report window creating link to nonexisting target files to access the audit reports.
Workaround: None.CSCds28921 - CIPM GUI does not work with SSH
CIPM does not work with SSH.
Workaround: Set the DISPLAY variable, but then the GUI will be displayed on the client station across X, not SSH.CSCds44103 - Display of tree-view becomes corrupted when viewing 3000 CEs
Tree view pane becomes corrupted when viewing 1000s of CEs.
Workaround: No workaround known, but will not seriously impact functionality.CSCds48679 - Inconsistent range for RT and RD from various GUI panel
In the GUI, there are several places to enter RD or RT values. Each place should be tested with in-range values and out-of-range values, as well as acceptable and nonacceptable characters.
Workaround: None.CSCds49891 - NetFlow integration, only NetFlow created directories OK
For integration with NetFlow, only the NetFlow created directory (for example 2000_10_17) are permitted under $NFC_DIR. $NFC_DIR is most of the time /opt/CSCOnfc/Data
Workaround: - Do not use a subdirectory of $NFC_DIR to save some NetFlow data. Remove any directory not created by NetFlow Collector from $NFC_DIR.CSCds59001 - Space accepted as suffix for Target name.
The GUI strips any leading and trailing spaces before validating. Even if the GUI allows the user to enter a space in the beginning or at the end, the spaces are stripped before committing to the database.
Workaround: None.CSCds59838 - Application hangs when opening Task manager window with 30+ tasks
GUI hangs when trying to open the task manager window with more than 30 tasks.
Workaround: Reboot the vpnconsole.CSCds63395 - VPN Inventory changes not visible in second GUI
When running two instances of the GUI, a change in the VPN inventory in one instance is not reflected in the second GUI. You must exit and restart vpnconsole to see the change. Closing and reopening the VPN folder does not work either.Collection
CSCdp07809 - NetFlow can not map to subinterface for FastEthernet and High-Speed Serial Interface (HSSI)
If the connection between the PE and CE is through a subinterface of FastEthernet or HSSI type, Accounting drops the traffic through this link. The current IOS does not populate the subinterface information to the MIB.
Workaround: None.CSCdp54370 - Bypassing login is invalid if no password is configured
Currently, the collection engine requires the router to be configured with a login password. The collection fails if the router is configured to by-pass the login.
Workaround: Configure the router to require a password to log in.CSCdp76580 - Empty reports may result from a mismatch of time zones between the Repository and the system
If a repository containing accounting data is moved to another system in a different time zone or the time zone on the system where the data was collected is changed, the reports are empty or incorrect when viewed.
Workaround: Set the time zone of the system on which you wish to view the accounting reports to be the same as the time zone in which they were collected. Also, the time zone of the NetFlow collector system must be the same as the time zone of the system on which accounting collection tasks are run.CSCdp95654 - Problem with current CAR aggregation
The aggregation code currently assumes that the if the value collected is smaller than the prior collection (say packet count or KByte count), that the counters have wrapped. This does not take into consideration the possibility of counters being cleared or a router rebooting.
Workaround: None.CSCdr34322 - Some APIs in DCDirectory module are not supported
Some APIs in the DCDirectory module can throw exceptions under certain conditions. There is no way to fix it without changing the IDL to explicitly throw an exception or to indicate that the returned object is invalid. The APIs are the following:
Interface Name API - Target ownerMediator(); Nsm localMediator(); Mediator localNsm(); Mediator backupMediator(); DirectoryManager nsm(in long nsmId); DirectoryManager mediator(in long mediatorId); DirectoryManager target(in long targetId); DirectoryManager targetByMachineDomainNetworkAndRole (...)
Workaround: The client code should catch the exceptions that might be thrown.CSCdr41598 - Task Log reports wrong status for SA Agent collection task
The problems are:a) An SA Agent collection task fails if it is executed on a machine other than the one it was created on.
b) SA Agent collection tasks are always reported as having completed successfully, regardless of any errors that might have occurred during their execution.
Workarounds: a) When using a Repository that was created on a different machine, be sure to re-create any SA Agent collection tasks that were defined on the other machine
b) To determine the actual status of an SA Agent collection task, you need to do the following:
1) Click on the Log link for the corresponding task entry in the Task Log.
2) Click on the first action's link in the lower left panel.
3) Click on the Errors link in the lower right panel.
This displays the errors, if any, that occurred during the execution of the task.CSCdr86087 - Watchdog event subject are not correct to the specification
Watchdog event subject name missing m1.
Workaround: Look for subject "cisco.vpnsc.watchdog.XXX" instead of "cisco.vpnsc.watchdog.m1.XXX"CSCdr94226 - MIB2 task does not run when a target name has trailing spaces
MIB2 stat.task returns Status Unknown in task logs, and does not appear to run.
Workaround: There is probably a target in the collection that has a trailing space. Remove the trailing spaces. Also, rebooting the watchdog gets the task to run, but it fails individually for the target with trailing spaces.CSCds01730 - Memory leak when multiple versions of wdgui are open at the same time
VPN Console GUI operates very slowly or sluggishly after numerous users have been logged in over a period of a few days. Using this much resource is causing problems.
Workaround: Open only one wdgui at a time, preferably only when logged in as "Admin".CSCds18453 - Accounting data from a Release 1.1 Repository can not be displayed with Release 1.2
NetFlow data collected and made VPN aware under the Release 1.1 code structure can not be viewed with the Release 1.2 code. Data that was previously mapped to the VPN topology is all now classified as Unmapped. Type of Service (ToS) traffic that was applied to the appropriate classification is now all listed as Class 4 "Out of Contract, Worst Class." All other reports that map traffic to end points or PEs are empty.
Workaround: None.API
CSCdm80601 - Module CiscoVPNServiceRequest
In the Provisioning CORBA API, the module CiscoVPNServiceRequest is not needed. This module can be safely removed and all references to it.CSCdp10956 - VsmSRCreator:setPEPortReservationOnly() does not work
The CiscoVsmSRCreator::VsmVPNConnectivityCreator::setPEPortReservationOnly() operation is FOR FUTURE USE.CSCdp69441 - Need new API to unset maximum AS occurrence in path
Once you have called VsmVPNConnectivityCreator::setMaxASOccurrenceInPath() on a Service Request, there is currently no mechanism to undo this. That is, you can change the value of max. AS occurrence in the path, but you can not unset it.
Workaround: Remove the Service Request. Create a new Service Request without calling setMaxASOccurrenceInPath() and deploy the new Service Request.CSCdp70476 - There is no CORBA API to unset import/export map and maximum routes
There is currently no mechanism through the API to do the following:1.
2.
3.
Workaround: Remove the Service Request. Create a new one without the import/export map and without calling setMaxRoutes(). Then redeploy the new Service Request.
CSCdp71973 - Need API to remove CoS profile from an existing SRVC
There is currently no mechanism to remove a CoS profile from an existing Service Request. That is, if you have an existing Service Request that is associated with a CoS profile, say profileX, you are not able to remove profileX from the Service Request through the API.
Workaround: Remove the existing Service Request. Create a new one without the CoS profile, and deploy the new request.CSCdp96865 - createImportRouterConfigTask() check dirPath & network validation
TaskFactory::createImportRouterConfigTask(String taskName, String dirPath, String network) The task server does not complain when the dirPath and network are invalid.
Workaround: Do the checking in the client code. The following is the sample code that can be added into the client code:
...File dirPath = new File("<dir that contains config files>"); if(!path.exists()) { System.out.println("<dirName> does not exist"); System.exit(1); } ...
String [] networks = null; Vector netVector = new Vector(); DirectoryManager dirMgr ...//connect to dir mgr here
networks = dirMgr.networks(); for(int i = 0; i < networks.length; ++i) { System.out.println("Adding network: " + networks[i]); netVector.addElement(networks[i]); } String network = "<networkName>";
if(!netVector.contains(network)) { System.out.println(network + " does not exist"); System.exit(1); } ...CSCdp97442 - Task server should do range checking for hr, min, and sec
TaskScheduledTask::setEarliestStartTime() and TaskScheduledTask::setLatestStartTime() do not do range checking for hour, minute, and second. For example, when setting the earliest time to be 2/29/2000 12:23:70 or 2/29/2000 12:-3:20, there is no error msg. Instead, the scheduler translates 2/29/2000 12:23:70 to 2/29/2000 12:24:10, which is OK. But 2/29/2000 12:-3:20 translates to 4/29/2000, which may not be intended.
Workaround: The client can add the range (0~59) checking code for hour, minute, and second in client code to ensure the time settings are correct.CSCdr24652 - Task Log can not be viewed if the task name has spaces
If a task is defined with spaces in its name, that task does not appear in the Task Log.
Workaround: Ensure that task names do not contain spaces, for example: by using underscores, by using a capital letter to start each word in a multi-word name, and so on.CSCdr44272 - Wrong error code returns when an error occurs on VPN Inventory Repository
The operation addToRep() in the module CiscoVsmFWCreator returns a wrong errCode (errCode: 0) when trying to add invalid objects into the VPN Inventory Repository.CSCdr68089 - CiscoEventGateway.idl: IDL code is not CORBA compliant
The following struct is from the <CmdArg>CiscoEventGateway.idl<noCmdArg> file and is a new addition in Cisco VPN Solutions Center: MPLS Solution, Release 1.2:
struct Event { string subject; Msg msg; };
The IDL grammar states that no two namespaces can differ only on the basis of case. In this struct, both Msg and <CmdArg>msg<noCmdArg> occupy the same namespace according to the IDL grammar, which supports IDL mapping to traditionally-all-uppercase COBOL.
Workaround: The Orbix and OrbixWeb IDL compilers do not enforce this part of the IDL, so this is not an issue for those customers using the suggested Iona CORBA implementations and corresponding IDL compilers. However, this may pose a problem for customers using an IDL compiler from another vendor. If this is the case, contact customer support for your IDL vendor, and ask how to disable this grammar-checking feature or enable case-sensitive namespace support.CSCdr71204 - Catch CORBA exception when remove CoS profile from vi rep
When the API CiscoVpnServiceModel::VpnInvMgr.removeCoSProfileFromRep() is called, the following CORBA API is caught: org.omg.CORBA.NO_PERMISSION: remote exception - No permission for attempted operation. The server '(unknown)' can only be launched persistently.
Workaround: Ignore.CSCdr75731 - NonCORBA-compliant struct in CiscoSlaMonitor.idl file
The following struct is from the <CmdArg>CiscoSlaMonitor.idl<noCmdArg> file and is a new addition in Cisco VPN Solutions Center: MPLS Solution, Release 1.2:
struct SAAEntry { SlaId id; long protocol; TimeStamp timeStamp;
ProtocolDataUnion protocolData; };
The IDL grammar states that no two namespaces can differ only on the basis of case. In this struct, both TimeStamp and <CmdArg>timeStamp<noCmdArg> occupy the same namespace according to the IDL grammar, which supports IDL mapping to traditionally-all-uppercase COBOL.
Workaround: The Orbix and OrbixWeb IDL compilers do not enforce this part of the IDL, so this is not an issue for those customers using the suggested Iona CORBA implementations and corresponding IDL compilers. However, this may pose a problem for customers using an IDL compiler from another vendor. If this is the case, contact customer support for your IDL vendor, and ask how to disable this grammar-checking feature or enable case-sensitive namespace support.CSCdr77121 - Invalid datatype (VsmRTSeed) used on getAllRTSeeds(), freeRT() operation
The APIs involved are:
freeRT(in VsmRTSeed rt) operation: the format of the input parameter is like: "100:1". VsmRTSeedSeq getAllRTSeeds(): the format of the return value is like: "100:(1+9)".
VsmRTSeedSeq getAllFreeRTs() the format of the return value is like: "100:2".
VsmRTSeed getNextRT(): the format of the return value is like: "100:2".
void removeRTSeed(VsmRTSeed rt) the format of the input parameter is like: 100
The same thing for RD Seeds.CSCdr88407 - Error in VpnInvImport Tool
If the input file to the import tool has an individual IP specified as the address pool, an error is flagged.
Workaround: Modify the Region's address pool in the input file so that it represents a pool and not an individual address.CSCdr92324 - ServiceProvider1_grey_mgmt_vpn should not be allowed to create
VPN name should not contain the suffix "_grey_mgmt_vpn", that is, "ServiceProvider1_grey_mgmt_vpn". This suffix is reserved for naming grey management VPNs.
Workaround: Do not use suffix "_grey_mgmt_vpn" when creating VPNs.CSCdr93908 - VsmPECreator:No error checking for Telnet timeout/retries
The APIs CiscoVsmFWCreator::VsmPECreator::setTelnetTimeOut(in unsigned long timeOut) and CiscoVsmFWCreator::VsmPECreator::setTelnetRetries(in unsigned short retries) do not do any range checking for the input parameters timeOut and retries respectively. API users have to do their own checking for the legal range 1 - 60 for both these parameters.CSCdr94129 - Deleting Provider Administrative Domain has different behaviors on GUI and API operation
When deleting the specified Provider Administrative Domain, GUI has a different behavior from the API's operation on the following test case:
Create a Provider Administrative Domain and assign some regions to it. For all of these regions, however, neither PEs nor IP address Pools are assigned to any of them.
The result is that you can delete the Provider Administrative Domain from the GUI side even though there are still some regions corresponding to it.
However when doing this through the API, calling the operation "removeProviderAdminDomainFromRep()" generates an error message: There are region(s) dependent on this provider admin domain record!
It is expected that the GUI and the API behavior should be the same.CSCds00434 - Unsynchronized behavior of GUI and API for SLA Task Creation
Start with a clean Repository and then create a framework. At this stage, no service request is created.
Then use the menu task bar, Monitoring > Provision SLA Definitions and Collect SLA Data to create and schedule an SLA.
An error message results: There are no SA Agent customer edge (CE) routers associated with a VPN. Please associate at least one SA Agent customer edge (CE) router with a VPN, using the Setup menu, before attempting to use this wizard.
The API behavior is as follows. API used: CiscoTaskFactory.createGetSlaDataTask(String taskName, String inputFile). The task can be created and scheduled without getting any error message. But the task is not executed forever. This is not the right behavior.
Workaround: Make sure that there is a Service Request created for the CE that you want to monitor the SLA performance.CSCds04218 - First interface name is blank VpnInvExported file
The first interface is blank in the <VsmPE> block.
Workaround: None.CSCds04789 - Unable to connect to EventGateway Server through Naming Service
EventGatewayServer applications cannot reference the server through the Naming Server.
Instead, a _bind() to the specific EventGatewayServer is used.CSCds16296 - VpnInvMgr::removePEFromRep() failed to remove PE target
When a Service Request is at "closed" state, the involved PE and CE could not be removed from VPN inventory. Following is the error message received for this action:
Error: RepException caught errCode = 123 errMessage = VpnServiceModelImpl.cpp::VpnInvMgrImpl::removeCEFromRep, line:4247
VIRepCE.cpp::VIRepCE::removeFromDB, line:1127 returns error code: 123 -- There are SRVCs depended on this CE record! Can not delete this CE record!
To reproduce this problem: 1. Create a Service Request 1 for the connection between one PE1 and one CE1. The state is "requested" at this point. 2. Deploy Service Request 1 and its state goes to "pending." 3. Remove Service Request 1 and a new Service Request 2 is created and its state is "requested." 4. Deploy Service Request 2 and its state goes to "pending." 5. Audit Service Request 2 and its state goes to "closed." 6. Try to remove PE1 and CE1. Can remove PE1 successfully. However, and error message will occur when removing CE1. 7. Purge Service Request 2 from the Repository, and then PE1 and CE1 can be removed without any problem.CSCds59150 - User access permission denied
All user access is logged to vpnconsole in a UNIX file called vpnUserAccess.log in the tmp directory. This log file is created when the vpnconsole is run for the first time and the owner of the file is the UNIX user who runs the vpnconsole. This becomes a problem if a different UNIX user tries to run the vpnconsole after the log file is created. Log file access permission denied will occur even if the Unix user has the right vpnconsole user account. Note, our multiuser feature is limited to the vpnconsole user account. It is independent of the UNIX user account. However, vpnUserAccess log file is a UNIX file that depends on the UNIX user account.
Workaround: As described above, this is really a limitation of our system/Unix. We need to force all vpnconsole users to log into the Unix machine as vpnadm before they run vpnconsole. This is one of the reasons why we create the vpnadm Unix account.Other
CSCdp06576 - Hardwired path in Repository
When changing the location of the Repository, make sure old tasks are deleted. These tasks may still refer to the old repository location.CSCdp62940 - Printing Data Summary report in PS takes large amount of resources
Printing a report makes the GUI behave sluggishly or hangs it for a period of time.
Workaround: Do not try to print reports containing large data sets using the PS option. Instead, print to a text or HTML file and then open this file in a browser.CSCdp63081 - Print of Data Summary report using TXT option has poor formatting
Format of printed Data Summary report needs to be enhanced.CSCdr54951 - Collect configuration files did not collect configuration files
Under certain conditions (currently unknown), a configuration collect task reports that none of the specified devices need collection, and it therefore does not collect from any of them.
Workaround: None. Note that this behavior is expected and normal when devices are smart-collected, that is, registered for config-change traps. It might help to set the collect cycle time property, namely netsys.datacollector.cct.cycle_t, to a value smaller than your collection frequency.CSCdr72168 - Version 1.1 patch 3 installation causes the httpd to die
This bug only affects version 1.1 patch3 for this customer only.CSCdr87449 - VPNSC: rep.list does not like the symbolic link: misc. errors
The rep.list must always point to a full path and not to a path that contains a symbolic. Otherwise, the trapcatcher contains this error: !!! PROGRAMMER/USER error: -24 attempt to access unlocked set/record C errno = 0 C errno = 0 !!! and the trapcatcher generation count is high.
Workaround: Restore the Repository from the GUI so that the rep.list points to the full path.CSCds34572 - VpnInvImport - cannot import RT and RD address pool offset values
The offset values to the RD and RT pools are currently not imported by the import tool.Cisco Connection Online
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can access CCO in the following ways:
•
•
•
•
•
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
Documentation CD-ROM
The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.
Guest
