Table Of Contents
Release Notes for the Cisco Session Border Controller on the Cisco 7600 Router
Contents
New Features in ACE Session Border Controller Release 3.1.2
New Features in ACE Session Border Controller Release 3.1.1
New Features in ACE Session Border Controller Release 3.1.00
New Features in ACE Session Border Controller Release 3.0.2
New Features in ACE Session Border Controller Release 3.0.1
New Features in ACE Session Border Controller Release 3.0.00
New Features in ACE Session Border Controller Release 2.0.00
Available SBC Licenses
Software Version Maintenance Release 3.1.2 Caveats
Software Version ACE Session Border Controller Release 3.1.2 Resolved Caveats
Software Version ACE Session Border Controller Release 3.1.2 Open Caveats
Software Version Maintenance Release 3.1.1 Caveats
Software Version ACE Session Border Controller Release 3.1.1 Resolved Caveats
Software Version ACE Session Border Controller Release 3.1.1 Open Caveats
Software Version Maintenance Release 3.1.00 Caveats
Software Version ACE Session Border Controller Release 3.1.00 Resolved Caveats
Software Version ACE Session Border Controller Release 3.1.00 Open Caveats
Software Version Maintenance Release 3.0.2 Caveats
Software Version ACE Session Border Controller Release 3.0.2 Resolved Caveats
Software Version ACE Session Border Controller Release 3.0.2 Open Caveats
Software Version Maintenance Release 3.0.1 Caveats
Software Version ACE Session Border Controller Release 3.0.1 Resolved Caveats
Software Version ACE Session Border Controller Release 3.0.1 Open Caveats
Software Version ACE Session Border Controller Release 3.0.00 Caveats
Software Version ACE Session Border Controller Release 3.0.00 Resolved Caveats
Software Version ACE Session Border Controller Release 3.0.00 Open Caveats
Related Documentation
Cisco.com
Product Documentation DVD
Ordering Documentation
Documentation Feedback
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Product Alerts and Field Notices
Obtaining Technical Assistance
Cisco Support Website
Submitting a Service Request
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Release Notes for the Cisco Session Border Controller on the Cisco 7600 Router
Oct 23, 2009
Note 
The most current Cisco documentation for released products is available on Cisco.com.
Contents
This release note applies to the following software versions for the Cisco Session Border Controller (SBC) on the Cisco 7600 router:
•ACE-SBC-SW3000-K9—ACE Session Border Controller Release 3.1.2 (DC OS SW)
•ACE-SBC-SW3000-K9—ACE Session Border Controller Release 3.1.1 (DC OS SW)
•ACE-SBC-SW3000-K9—ACE Session Border Controller Release 3.1.00 (DC OS SW)
•ACE-SBC-SW3000-K9—ACE Session Border Controller Release 3.0.2 (DC OS SW)
•ACE-SBC-SW3000-K9—ACE Session Border Controller Release 3.0.1 (DC OS SW)
•ACE-SBC-SW3000-K9—ACE Session Border Controller Release 3.0.00 (DC OS SW)
•ACE-SBC-SW2000-K9—ACE Session Border Controller Release 2.0.00 (DC OS SW)
Both software versions run on Cisco 7600 Series ACE 20 HW for the Session Border Controller (ACE20-SBC-K9).
The ACE20-SBC-K9 requires Cisco IOS Release 12.2(33)SRB1 or later for the following models of Supervisor 720 engines: WS-SUP720, WS-SUP720-3B, and WS-SUP720-3BXL.
The ACE20-SBC-K9 requires Cisco IOS Release 12.2(33)SRC or later for the Route Switching Processor 720-1GE.
For information on the Application Control Engine (ACE) module features and configuration details, see the ACE module documentation located at:
http://www.cisco.com/en/US/products/ps6906/tsd_products_support_model_home.html
This release note contains the following sections:
•New Features in ACE Session Border Controller Release 3.1.2
•New Features in ACE Session Border Controller Release 3.1.1
•New Features in ACE Session Border Controller Release 3.1.1
•New Features in ACE Session Border Controller Release 3.0.1
•New Features in ACE Session Border Controller Release 3.0.00
•New Features in ACE Session Border Controller Release 2.0.00
•Available SBC Licenses
•Software Version Maintenance Release 3.0.2 Caveats
•Software Version Maintenance Release 3.0.1 Caveats
•Software Version ACE Session Border Controller Release 3.0.00 Caveats
•Related Documentation
•Documentation Feedback
•Cisco Product Security Overview
•Product Alerts and Field Notices
•Obtaining Technical Assistance
•Obtaining Additional Publications and Information
New Features in ACE Session Border Controller Release 3.1.2
The ACE Session Border Controller Release 3.1.2 provides no new features.
New Features in ACE Session Border Controller Release 3.1.1
The ACE Session Border Controller Release 3.1.1 provides no new features.
New Features in ACE Session Border Controller Release 3.1.00
The ACE Session Border Controller Release 3.1.00 provides the following new features:
•Additional changes to SBC billing
•CAC rate limiting
•DBE signaling pinhole
•Debug usability enhancements
•H.323 performance improvement
•Improved fast register
•Interchassis redundancy
•Late-to-Early media internetworking
•Parameter profiles
•P-KT-UE-IP feature
•Provisional response filtering
•Response code mapping
•Routing features including:
–Routing by category
–Source number manipulation
–Least-cost routing
–Weighted routing
–Time-based routing
–Regular expression routing
•SDP attribute passthrough
•SDP call hold interworking
•Secure media passthrough
•SIP header manipulation
•SIP PING message support
•SIP statistics setting
•Subscriber policy
•Support for media information
•VRF-Aware DNS query
New Features in ACE Session Border Controller Release 3.0.2
The ACE Session Border Controller Release 3.0.2 provides no new features.
New Features in ACE Session Border Controller Release 3.0.1
The ACE Session Border Controller Release 3.0.1 provides the following feature:
•Cisco 7600/ACE SBC MIB Implementation
New Features in ACE Session Border Controller Release 3.0.00
The ACE Session Border Controller Release 3.0.00 software release provides the following features:
•SBC Adjacencies
•SBC Billing
•SBC Policies
•SBC Transcoding
•SBC Firewall Traversal and Network Address Translator
•Session Initiation Protocol (SIP) Method Profiles
•Header Profiles
•Restricting Codecs
•SIP Telephone (TEL) Uniform Resource Identifier (URI) Support
•SIP Timer
•ITU-T H.323 Support
•ITU-T H.323-SIP Interworking
•Tracking Policy Failure Statistics
•SIP 3xx Redirect Responses
•SIP Call Hold
•SIP Call Transfer
•SIP Outbound Authentication
•SIP Inbound Authentication
•SIP-Interworking (I) Transparency and Profile Support
•SIP Configuration Flexibility
•Implementing SBC Quality of Service (QoS) (Marking)
•Denial of Service (DoS) Prevention and Dynamic Blacklisting
•Early Media
•Proxy-Call Session Control Function (P-CSCF) Support
•Integration of Resource Management and SIP
•Interconnection
•Border Control Function (IBCF) Processing Support
For additional information on these features, see the Cisco 7600 Series Routers Session Border Controller Configuration Guide.
New Features in ACE Session Border Controller Release 2.0.00
The ACE Session Border Controller Release 2.0.00 software release provides the following features:
•Network Address Translator (NAT)
•SBC QoS—Marking
•DoS Prevention
•SBC Interworking Dual Tone Multifrequency
•Unexpected Source Address Alerting
•SBC Redundancy (High Availability)
•Data Border Element (DBE) Overload Reporting
•Media Address Pools
•FAX Support
•SBC Multi-VPN Routing and Forwarding (VRF)
For additional information on these features, see the Cisco 7600 Series Routers Session Border Controller Configuration Guide.
Available SBC Licenses
For ACE-SBC-SW3000-K9:
•ACE-SBC-SIP
•ACE-SBC-H323
For ACE-SBC-SW2000-K9:
•ACE-SBC-RTU 7600 Session Border Control Application RTU
•ACE-SBC-H248 7600 Session Border Control H.248 License
•ACE-SBC-SIP 7600 Session Border Control SIP License
Note You can access the license and show license commands only in the Admin context. You must have the Admin role in the Admin context to perform the tasks of installing, removing, and updating the license.
Software Version Maintenance Release 3.1.2 Caveats
The following sections contain the resolved and open caveats in software version ACE Session Border Control Release 3.1.2:
•Software Version ACE Session Border Controller Release 3.1.2 Resolved Caveats
•Software Version ACE Session Border Controller Release 3.1.2 Open Caveats
Software Version ACE Session Border Controller Release 3.1.2 Resolved Caveats
The following resolved caveats apply to software version ACE Session Border Control Release 3.1.2:
•CSCta00117
SBC cannot increase bandwidth on the SDP answer.
This condition is observed when the SDP answer has lower ptime than the SDP offer
Workaround: Increase the ptime in the SDP offer to a value greater than in the SDP answer.
•CSCta23634
PCT_SCK 46 needs to be rate-limited and improved. The following message is printed repeatedly:
%ACE-2-900014: SBC/SOCKET: **** UNEXPECTED 0x0303 - 46 (0000) ****
00000000000000000000000000000001
SBC/SOCKET: (sckrecv2.c 1289) at 17:24:28, 17 June 2009 (180013 ms)
SBC/SOCKET: Socket write error: Network is unreachable
SBC/SOCKET: (Debugging info: error code = 128
SBC/SOCKET: socket ID = 49)
The reason for this condition not known.
Workaround: Disable logging using the no logging enable command.
•CSCta20031
Command execution error when standby SBC is reloaded. The following error is displayed:
switch/Admin# Internal CLI error: No such file or directory
*** Context 0: cmd exec error ***
This condition is observed when the active SBC is configured with ssh key rsa 1024 force command.
Workaround: Remove the ssh key related CLIs from the active SBC configuration.
•CSCta36111
Default method-profile cannot be changed. Updating the default profile results in a configuration error.
This condition is observed after an initial switchover.
Workaround: Create a new method-profile with a name other than "default".
•CSCta79672
No snmp adj trap is sent when ping message is lost.
This condition is observed when sip Adj is configured with ping-enable command.
Workaround: Check the syslog/console log to get peer lost information.
•CSCsz00331
The SBC crashes when configuring an adjacency through Cisco Element Management System (EMS).
This condition is observed while configuring an adjacency through EMS, which causes SBC coredump.
Workaround: There is no known workaround.
•CSCta00098
RTP packet mismatch.
When SBC get INVITE with offer G711 stream without ptime attribute, it forwards it to peer after setting ptime=10, which causes RTP packet mismatch since the destination processor has different ptime expectation.
Workaround: There is no known workaround.
•CSCta77573
SBC fails to pass through UPDATE 200 RSP.
This condition is observed when the time header is configured to require state.
Workaround: Disable session timer in EP point or add the following configuration:
option-profile ua inbound opt1
option-profile ua outbound opt1
option-profile ua inbound opt1
option-profile ua outbound opt1
•CSCtb64929
SBC crashes.
This condition is observed while processing duplicate SDP.
Workaround: There is no known workaround.
•CSCta75746
SBC crashes.
This condition is observed when a CANCEL is received for an INVITE dialog while an UPDATE transaction is in progress.
Workaround: There is no known workaround.
•CSCta30427
Standby SBC crashes on first sip call with cic after promotion to active.
This condition is observed when a routing policy entry includes the edit-src command.
Workaround: Remove the edit-src command from the configuration, using the no edit-src command.
•CSCtc47070
nbb_assert in sipt_prk_ua_fsm.
This condition is observed when SBC process a PRACK request immediately after processing a 486 final INVITE response and 183 reliable response.
Workaround: There is no known workaround.
•CSCtc49534
Memory utilization increases as SBC fails to clear up UPDATE transaction state.
This condition is oberved when a call was cancelled while an UPDATE renegotiation was in progress.
Workaround: There is no known workaround.
•CSCtc48324
SBC retransmits the INVITE after 20 seconds even though it has received a 180 ringing reply from the PGW.
This condition is observed due to problem with NAT function.
Workaround: There is no known workaround.
•CSCtc18639
The standby SBC crashed while upgrading from 3.1.1 to a special image with the b-line fix.
This condition is observed while upgrading from image version 3.1.1 to special image upgrade
Workaround: There is no known workaround.
Software Version ACE Session Border Controller Release 3.1.2 Open Caveats
The following resolved caveats apply to software version ACE Session Border Control Release 3.1.2:
•CSCsz14483
The Cseq in the Second INVITE uses the same Cseq as the first INVITE to terminate side for transcoding.
This condition is observed when the value of CSeq is not getting incremented by one for the new request, which is a function of transcoding feature.
Workaround: Use codec filtering on SBC to enforce transcoding. The SBC allows you to restrict the codecs that a particular call, caller and callee are allowed to use by whitelisting the codecs. Initially all recognized codecs are on the whitelist. If a codec is requested which is absent from the call, caller, or callee codec whitelist, the call proceeds after removing the forbidden codecs from the offer and media gate configuration.
•CSCsx97013
SBC console or terminal hangs on running a command and the control is not returned back to the console or terminal.
This condition is observed:
–Due to high load with memory congestion. The console or terminal hangs when you run no activate sbe and activate sbe commands immediately one after the other.
–Due to continual reload of standby while active sbc is on high load with memory congestion
Workaround: Follow the instructions below:
–Wait for more than five seconds between no activate sbe and activate sbe commands as th e sbc needs to release many current calls on it.
–Do not continually reload the standby card when active sbc is on high load with memory congestion.
Software Version Maintenance Release 3.1.1 Caveats
The following sections contain the resolved and open caveats in software version ACE Session Border Control Release 3.1.1:
•Software Version ACE Session Border Controller Release 3.1.1 Resolved Caveats
•Software Version ACE Session Border Controller Release 3.1.1 Open Caveats
Software Version ACE Session Border Controller Release 3.1.1 Resolved Caveats
There are no resolved caveats for software version ACE Session Border Control Release 3.1.1.
Software Version ACE Session Border Controller Release 3.1.1 Open Caveats
The following resolved caveats apply to software version ACE Session Border Control Release 3.11:
•CSCsz37049—Several TCP ports are opened on the SBC which leads to a security issue. These ports are 27000, 6464, and 32778.
–Workaround: For port 6464, this issue is resolved by binding port 6464 to the local host.
For ports 27000 and 32778, configure the ACL on the supervisor as follows:
sbc-dev03(config)# access-list 101 deny tcp any host 10.140.80.20 range 27000
27009
sbc-dev03(config)# access-list 101 deny tcp any host 10.140.80.20 eq 32778
sbc-dev03(config)# access-list 101 permit ip any any
Apply this ACL to the VLAN interface for SBC:
sbc-dev03(config)# interface vlan 93
sbc-dev03(config-if)# ip access-group 101 out
•CSCsz82020—The show services output of the Match Prefix Length in cac table is incorrect.
–Workaround: None.
•CSCsj78705—The show services sbc dbe controller command shows incorrect counter values.
–Workaround: None.
•CSCsz36539—Inbound local authentication fails under interop due to lack of Authorization information being included in ACK message.
–Workaround: None.
•CSCsz00331—The SBC crashes when configuring an adjacency through Cisco Element Management System (EMS).
–Workaround: None.
•CSCsx97013—The SBC console or freezes on any command entry. The command does not return control to the console or terminal.
–Workaround: Use the no activate sbe command and then wait five seconds and do the activate sbe command (to allow the SBC to release current calls). Also, do not continually reload the standby card.
•CSCsz14483—The Cseq in the second INVITE uses the same Cseq as the first INVITE to terminate the side for transcoding.
–Workaround: Use codec filtering on the SBC to enforce transcoding.
Software Version Maintenance Release 3.1.00 Caveats
The following sections contain the resolved and open caveats in software version ACE Session Border Control Release 3.1.00:
•Software Version ACE Session Border Controller Release 3.1.00 Resolved Caveats
•Software Version ACE Session Border Controller Release 3.1.00 Open Caveats
Software Version ACE Session Border Controller Release 3.1.00 Resolved Caveats
The following resolved caveats apply to software version ACE Session Border Control Release 3.1.00:
•CSCsh42395—After adding VDBE local controller parameters, the configured values are not applied or displayed with the show run command.
•CSCsh61600—The CLI backend blocks deleting media-addresses when DBE is activated, but it allows media-address port ranges to be deleted. This can result in media-addresses without port ranges.
•CSCsk77454—The authentication nonce timeout is not shown under the adjacency after it is configured as 0.
•CSCso08776—When making a SIP call, the SBC fails to act on an invite containing four videos when the invite is returned from a SIP Proxy.
•CSCso59933—Differentiated Services Code Point (DSCP) signaling QoS profiles value are shown when profiles are not set.
•CSCso82801—It is possible to delete an adjacency without a prompt when it is attached or passing traffic.
•CSCsq77128—During a switchover, adjacencies will move from the detached state to the going up state.
•CSCsr09141—Entering the no reason routing-failure command when there is a blacklist address-default containing multiple reasons (including the reason routing-failure) causes the blacklist configuration to disappear.
•CSCsr09181—For the show services sbc sbe call-stats command, the number of successful call attempts appears unrealistic.
•CSCsr31814—The CANCEL and the 487 (the response to the INVITE) sent to the callee by the SBC to the INVITE do not contain the Reason header, while the same messages received by the SBC do contain the Reason header.
•CSCsr42637—The show sbe dbe h248-profile command may show garbage values if the SBE is configured.
•CSCsr65684—The TFTP application is enabled in the default setting.
•CSCsr66234—When running traffic and performing multiple switchovers on the SBC, only one of the ACE modules recovered and the SBC signaling border element (SBE) configuration did not activate. As a result, all adjancencies became detached and no traffic passed.
•CSCsr78503—The show services sbc sbe sip timers command tcp-connect-timeout defaults to 0 ms (instead of 30000 ms).
•CSCsr81465—The SIP timer udp-response-linger-period cannot be modidifed.
•CSCsr93741—Setting the default value of the sbc sbe radius authentication retry-limit command yields 3 instead of the proper default value of 5.
•CSCsu04433—After using the no control address aaa command, the RADIUS authentication server is not reconfigurable.
•CSCsu12327—An H.323 to H.323 call with H.245-tunnel disable causes the SBC to core dump.
•CSCsu22440—The SBC cannot create an SBE after a DBE.
•CSCsu49054—The SBC starts to drop calls when CPU usage is approximately 60 percent.
•CSCsu49062—The ips and pd log is lost when the SBC core dumps.
•CSCsu64585—The show services sbc sbe adjacency command shows the description for the H.323 adjacency instead of the SIP adjacency.
•CSCsu64749—The SBC loses the IP connection with the supervisor card during and after a malform IPv4 attack.
•CSCsu64793—The show services sbc sbe adjacencies detail command shows incorrect parameters.
•CSCsu65827—There are issues with the call admission control scope. When creating the second CAC policy set, the new policy, by default, inherits the first policy's scope parameters. The no form of the first-cac-scope command fails. In some cases, multiple scopes are allowed, whereas in other cases, only one is allowed.
•CSCsu69653—The show services sbc sbe adjacencies command cannot display an adjacency name longer than twelve characters.
•CSCsu70031—The show run and show services commands do not show the configured blacklist.
•CSCsu72051—After setting marking on both caller and callee, marking is only be applied after a specific point in a call.
•CSCsu72287—The SBC resets when the callee-hold-setting command is configured under the CAC policy.
•CSCsu73534—The delivery of an H.245 address is not configurable on an H.323 adjacency.
•CSCsu74051—The Media Packet Forwarder (MPF) latches the SIP QoS signal DSCP values when it should change dynamically.
•CSCsu76464—The SBC allows configuration of a non-existing adjacency in a call-policy-set.
•CSCsu77498—The SBC does not accept the RADIUS accounting server name.
•CSCsu77538—The control address and RADIUS account do not show after being successfully added.
•CSCsu94190—After executing the no sbc SigPinhole command, executing the no inservice and inservice ft group 1 commands causes the SBC to crash.
•CSCsu99195—The media-address pool configuration does not accept overlapping media-address pool addresses in a different VRF.
•CSCsv01593—On the ACE module with the clock timezone CST command, there is confusion about what CST means (China Standard Time or Central Standard Time).
•CSCsv09954—The no form of the match-value command fails. Also, in some cases, multiple match-values are allowed where as in other cases, only one is allowed.
•CSCsv09960—You can configure multiple hunting-trigger values without exiting the "adj h323" and "h323" submodes. However, after exiting and reentering the submodes, the previously configured values are lost and must be reconfigured.
•CSCsv24377—When conducting a Nessus scan against the SBC, several alerts were identified.
•CSCsv29115—With the SBC acting as DBE and the PGW acting as SBE, making a H.323(DBE) to H.323(DBE) fax call causes the SBC IXP to hang and the ACE module cannot be pinged.
•CSCsv42258—When the SBC rejects a CAC policy, the CAC policy still appears when the show services sbc sbe cac-policy-set tables command is issued.
•CSCsv57320—The services sbc sbc dbe controllers command shows odd Estab time.
•CSCsv72134-There is an mxfshow core dump when setting the xscale debug trace flag.
•CSCsv75156—When a VRF peer initiates a TCP connection to send a SIP request to the SBC, the SBC is unable to use the connection and instead tries to respond using port 5060 as local port; however, port 5060 is in use, so this causes an error.
•CSCsv85696—The SBC rejects the option profile with multiple tags when it is whitelisted.
•CSCsv97028—When the calling phone is Linksys ATA SPA2102 type and the called phone is Scientific Atlanta cable modem phone EPC2203, and both try to register under proxy through SBC, then the basic SIP call fails.
•CSCsv99743—In an adjacency configuration, the signaling-address and signaling-peer are not reconfigurable without first removing the adjacency and then adding it again.
•CSCsw14703—An incorrect pdlog format in the mpfstub causes a crash without any traceback.
•CSCsw20968—H.323 tunneling is wrongly set to TRUE.
•CSCsw21093—The ldr-check command minute option shows the range as 0-60 instead of 0-59.
•CSCsw26751—The services sbc test sbe radius accounting command that is used to reactivate a failed RADIUS server is not working.
•CSCsw39487—The billing configuration can be activated without RADIUS transport.
•CSCsw44558—Reconfiguring the FT interface VLAN on the ACE module causes the SBC to core dump.
•CSCsw46714—The SBC does not attempt to reconnect with a failed RADIUS server unless the services sbc sbe radius accounting command is used.
•CSCsw49552—If a blacklist configuration is entered for a certain VPN on the SBC, then the SBC duplicates the blacklist configuration for the VPN.
•CSCsw79248—The SBC core dumps when receiving an INVITE with Tel URI.
•CSCsw80381—The debug services sbc off command does not clear the IPS trace.
•CSCsw81646—The help text for the adjacency H323 command ras rrq ttl values shows 2 instead of 60.
•CSCsw83770—The SBC fails to parse an H.323 facility message in a fax call.
•CSCsx03014—The SBC sends a 200 OK message for SUBSCRIBE without an Expires header.
•CSCsx16238—With proxy authorization turned on, the SBC incorrectly sends a 481 for Subscribe request (with the authorization header).
•CSCsx31669—The show services sbc sbe blacklist configured-limits command does not display the address-default blacklist.
•CSCsx32740—When there are more than 1000 subscribers on the SBC, issuing the show services sbc sbe sip subscribers command causes CPU congestion.
•CSCsx51983—The SBC crashes at nbb_assert.
•CSCsx61267—Upon receiving an INVITE containing an SDP with crypto RTP (SRTP), the SBC rejects it with 415 Unsupported Media Type.
•CSCsx63200—Billing does not attempt to restart a failed transport.
•CSCsx64959—When an adjacency is configured with a nondefault method (or header) profile, upon reload adjacencies fail to get configured or attached due to an "invalid header|method profile."
•CSCsx75119—When using Admin Context with FT group not equal to 1, the SBC does not come to STANDBY_HOT status.
•CSCsy05516—Configuring the CAC policy limit before configuring the match value causes the active SBC to crash.
•CSCsy08288—The SBC responds to BYE messages during the switchover by sending a '481 - Call/Transaction Doesn't Exit' message.
•CSCsy16877—If you attempt to configure the local-id argument to be longer than 24 characters, it is truncated to 24.
•CSCsy22000—An SIP-H323 call fails to establish when PRACK is enabled.
•CSCsy22291—On an active ACE module, configuring both the domain server and switchover causes to the ACE module to continuously reload.
•CSCsy33681—The show services sbc sbe billing instance command does not display batch time with units.
•CSCsy34131—The show services sbc sbe call-policy-set command shows an incorrect error message.
•CSCsy39285—The standby SBC resets after a reload with a large blacklist.
•CSCsy55216—On switchover from active to standby, the configuration on the newly promoted active may be corrupted.
•CSCsy68968—When the SBC receives the incoming SIP message method, it incorrectly adds the contact header in the outgoing SIP message method.
•CSCsy72316—The SBC fails to send an ACK signal to a 486 request, causing the endpoint to resend several times.
•CSCsy89034—During a call transfer, the SBC sends a response 486 upon receiving a REFER.
•CSCsy97997—Configuring the FT group and then quickly activating the SBE causes both the active and standby ACE module to become active.
•CSCsy99403—The show mib command does not display the contents of SIP_TM_STAT_TABLE.
•CSCsz07178—The SBC does not respond to ACK messages when the traffic rate is higher than five calls per second (CPS).
•CSCsz11484—SBC IXP hangs when handling transcoding calls.
•CSCsz15006—Online Insertion and Removal (OIR) of hot standby SBC causes new call freeze and blacklisting.
•CSCsz20010—The show services sbc mysbc sbe sip subscribers command shows spurious AOR prefix output.
•CSCsz21557—After using the no activate command and activate command with fast registration, the adjacency remains in the unattached state, unable to attach.
•CSCsz39784—During a switchover when active calls are switched to standby, the media starts flowing through an incorrect context or the media stops flowing in one, or both directions. This occurs when the configured adjacency names have different lengths.
•CSCsz39971—Residual media after switchover may cause incorrect MAC address entries.
Software Version ACE Session Border Controller Release 3.1.00 Open Caveats
The following open caveats apply to software version ACE Session Border Control Release 3.1.00:
•CSCsj78705—The show services sbc dbe controller command shows incorrect counter values.
–Workaround: None.
•CSCsz36539—Inbound local authentication fails under interop due to lack of Authorization information being included in ACK message.
–Workaround: None.
•CSCsz00331—The SBC crashes when configuring an adjacency through Cisco Element Management System (EMS).
–Workaround: None.
•CSCsz14483—The Cseq in the second INVITE uses the same Cseq as the first INVITE to terminate the side for transcoding.
–Workaround: Use codec filtering on the SBC to enforce transcoding.
•CSCsx97013—The SBC console or freezes on any command entry. The command does not return control to the console or terminal.
–Workaround: Use the no activate sbe command and then wait five seconds and do the activate sbe command (to allow the SBC to release current calls). Also, do not continually reload the standby card.
Software Version Maintenance Release 3.0.2 Caveats
The following sections contain the resolved and open caveats in software version ACE Session Border Control Release 3.0.2:
•Software Version ACE Session Border Controller Release 3.0.2 Resolved Caveats
•Software Version ACE Session Border Controller Release 3.0.2 Open Caveats
Software Version ACE Session Border Controller Release 3.0.2 Resolved Caveats
The following resolved caveats apply to software version ACE Session Border Control Release 3.0.2:
•CSCsv91288—SBC crashes while making SIP to H.323 call.
•CSCsv83092—The ACE module reloads when a mix of SIP and H.323 calls are placed.
•CSCsv75153—When the SBC forwards the Require:100rel header upstream, the header changes to Require:100REL.
•CSCsv97028—When the calling phone is Linksys ATA SPA2102 type and the called phone is Scientific Atlanta cable modem phone EPC2203, and both try to register under proxy through SBC, then the basic SIP call fails.
•CSCsw34404—The SBC core dumps upon receiving a cancel message against the specified endpoint.
•CSCsv85696—The SBC rejects the option profile with multiple tags when it is whitelisted.
•CSCsw36090—A blacklist is triggered without any evident reason and the peer is blacklisted for 138 hours.
•CSCsw33351—When a global blacklist is configured for endpoint-registration and there is no trigger-period configured, the SBC crashes when the number of subscribers exceeds 5000.
•CSCsw73105—The backup ACE module sometimes becomes stuck in the STANDBY COLD state.
•CSCsv29115—With the SBC acting as DBE and the PGW acting as SBE, making a H.323(DBE) to H.323(DBE) fax call causes the SBC IXP to hang and the ACE module cannot be pinged.
•CSCsu64749—The SBC loses the IP connection with the supervisor card during and after a malform IPv4 attack.
•CSCsu62102—When testing a SIP to SIP call using UDP, if the message size is larger than 1500 bytes, the SBC cannot receive the SIP message.
•CSCsr70002—When the PGW (acting as an SBE) sends out a bulk audit request message, checking the Cisco 7600 DBE reply against this audit request message shows a 7600 fragmented UDP message checksum error in the SBC application.
•CSCsr80463—After called party side hold, calling side can not hear on hold music. After called party side resumes, there is no voice path.
•CSCsw67373—The show version command truncated the source workspace path such that the complete path was not available.
•CSCsx43973—When there is a SIP call with a DNS query, the SBC uses up all the file descriptors on the system.
Software Version ACE Session Border Controller Release 3.0.2 Open Caveats
The following open caveats apply to software version ACE Session Border Control Release 3.0.2:
•CSCsu80002—The default DBE location-id for the SBE configuration does not match the the default DBE location-id for the DBE configuration. This causes a "503 Service Unavilable" message when attempting a call.
–Workaround: Set DBE location-id=0 and SBE location-id=0.
•CSCsr66234—When running traffic and performing multiple switchovers on the SBC, only one of the ACE modules recovered and the SBC signaling border element (SBE), configuration did not activate. As a result, all adjancencies became detached and no traffic passed.
–Workaround: Disable one ACE module. Reload the other ACE module and when it becomes active, reload the other ACE module.
•CSCso08776—When making a SIP call, the SBC fails to act on an invite containing four videos when the invite is returned from a SIP Proxy.
–Workaround: None.
•CSCso59933—Differentiated Services Code Point (DSCP) signaling QoS profiles value are shown when profiles are not set.
–Workaround: None.
•CSCsr85533—In the address-default submode of the blacklist command, entering the no reason authentication-failure command, the no reason bad-address command, the no reason corrupt-message command, the no reason endpoint-registration command, the no reason policy-rejection command or the no reason routing-failure command will set triggersize to 0, trigger-period to 0, and timeout to 0. The default value should be triggersize is 4, trigger-period is 100ms, timeout is 600s.
–Workaround: None.
•CSCso61641—The SBC does not release the H.248 socket even after multiple SBC creations and deletions.
–Workaround: None.
•CSCsj78705—The show services sbc test dbe controllers command shows incorrect counter values.
–Workaround: None.
•CSCsu92793—Console shows call failure; console also shows output of the Problem Determination (PD) log indicating a resource shortage even though there are no resource shortages.
–Workaround: The SBC encountered a syntax error while parsing the Request Uniform Resource Identifier (URI). Check the syntax of the Request URI.
•CSCsu12327—An H.323 to H.323 call with H.245-tunnel disable causes the SBC to core dump.
–Workaround: None.
•CSCsx16238—With proxy authorization turned on, the SBC incorrectly sends a 481 for Subscribe request (with the authorization header).
–Workaround: None.
•CSCsw44558—Reconfiguring the ft interface VLAN on the ACE module causes the SBC to core dump.
–Workaround: Before modifying the fault torrent interface VLAN IP address setting, first issue the no ft group command to remove the fault torrent group, then issue the no ft peer command to remove the fault torrent peer on the Cisco 7600 SBC. After completing the fault torrent interface VLAN IP address modification, add back the fault torrent peer and fault torrent group.
•CSCsx50255—When two H.323 adjacencies are configured in UNI (remote-address 0.0.0.0) and NNI mode (remote-address=20.20.20.20) with the same signaling-address and signaling-port, then the configuration fails.
–Workaround: Change the signaling-port for one of the adjacencies to non-default.
•CSCsr31814—The CANCEL and the 487 (the response to the INVITE) sent to the callee by the SBC to the INVITE do not contain the Reason header, while the same messages received by the SBC do contain the Reason header.
–Workaround: None.
Software Version Maintenance Release 3.0.1 Caveats
The following sections contain the resolved and open caveats in software version ACE Session Border Control Release 3.0.1:
•Software Version ACE Session Border Controller Release 3.0.1 Resolved Caveats
•Software Version ACE Session Border Controller Release 3.0.1 Open Caveats
Software Version ACE Session Border Controller Release 3.0.1 Resolved Caveats
The following resolved caveats apply to software version ACE Session Border Control Release 3.0.1:
•CSCsq92036—The ACE module reloads with a call from a delayed offer device when codec restriction list is applied.
•CSCsr67524—A crash is seen on the ACE module when configuring a RADIUS server with debugs enabled.
•CSCsq74827—With High Availability (HA) and RADIUS billing is configured with 20 cps of SIP UDP calls, both ACE modules reload.
•CSCso88697—The SBC crashes after a DBE no activate and re-activate while there is a dangling call.
•CSCsq32222—The ACE module reloads while bringing up of the pair of ACE modules at the same time.
•CSCsq22492—H.323 fast start calls fail if ITU-T H.245 tunneling is disabled on the SBC.
•CSCsr67892—SBC memory congestion and leaking occurs with SIP User Datagram Protocol (UDP) to SIP (UDP) traffic with 200 seconds call hold time and 38 cps.
•CSCso81839—After running 8K transmission control protocol (TCP) calls at 25 cps for an extended period of time with a complex configuration, the ACE module hangs.
•CSCsq07528—The active ACE module hangs under a heavy H.323 call load and the standby module takes over.
•CSCsq65238—When the ping-fail-count is configured with the value 4294967294 (maximum value) the show services sbc test sbe mib vpssadjtable command displays a negative value.
•CSCsq73655—Configuration of DVI4, EVRCO, and MP2S codecs causes an N-base error.
•CSCsr57919—A supported header is incorrectly stripped from the 200 REGISTER response even when option whitelisting is set to pass everything.
•CSCsr57276—The SBC tears down the call when the SBC receives a modified Session Description Protocol (SDP) in the 200 OK SIP message.
•CSCsr48072—After the SBC has received and forwarded the connect message, the SBC releases the call because of the "h.225 establishment timeout."
•CSCsr80463—During the established call session, the SBC does not learn the changed Real-Time Protocol (RTP) remote port.
•CSCsr61902—A record query fails because the signaling peer is cofigured for a domain name server (DNS) name that has more than 24 characters.
•CSCsu06779—The SBC crashes with the debug services sbc information command enabled.
•CSCsr09181—For the show services sbc sbe call-stats command, the number of successful call attempts appears unrealistic.
•CSCsr09141—Entering the no reason routing-failure command when there is a blacklist address-default containing multiple reasons (including the reason routing-failure) causes the blacklist configuration to disappear.
•CSCsr09098—For the blacklist dump, the timing format is inconsistant.
•CSCsl58752—After FT (Fault Tolerance) is configured on a new standby ACE module, the active ACE module sends all the non-SBC configuration information to the standby ACE module but does not send the SBC configuration. If the user switches over to the standby ACE module, the SBC configuration will be lost.
•CSCsr93741—Setting the default value of the sbc sbe radius authentication retry-limit command yields 3 instead of the proper default value of 5.
•CSCsr91326—After switchover, Simple Network Management Protocol (SNMP) Traps do not display csbSBCServiceName with the SBC name on the active ACE module.
•CSCsr09127—When running a sequence of attacks, the show services sbc test sbe blacklist configured-limits command shows blacklisted IP addresses in an endless loop. This does not affect functionality.
•CSCsr06813—N-base error occurs when executing the no form of the adjacency h323 signaling address, adjacency h323 remote address, adjacency h323 signaling peer, adjacency sip signaling address, adjacency sip remote address, adjacency sip signaling peer, and adjacency sip reg-min-expiry commands.
•CSCsr00947—Cannot configure more than the specified buffer size for the sbc sbc-name sbe cac-policy-set cac-policy-num table table-name entry entry_id command.
•CSCsr21178—When log level and debugs are on, and there are no other calls, the SBC hangs or reloads if a hairpin call is made at very high log level (level 5).
•CSCsq86751—With call admission control policy failure where bandwidth limits are involved, after call admission control policy is pegged (specifically based on codec whitelisting in this particular scenario), the policy failure statistics show bandwidth limits counter pegged two times for a single failure.
•CSCso07369—With some unused adjacencies in detached state (for example, when no IP addresses are configured), there is a 503 error when setting up calls between two attached adjacencies.
•CSCsq85566—Setting the media-timeout value to 0 results in inconsistent call handling behavior (to include calls terminating early from the SBC and some no-media calls completing while others are prevented).
•CSCsq36265—A large trigger period configured for blacklist does not display correctly with show services CLI.
•CSCsq24086—The maximum outbound-flood-rate and ping-fail-count in adjacency data display incorrectly as -1 if the configured value is 4294967295.
•CSCsm22787—The number of H.323 media-update failures is not reflected accurately in policy-failure statistics.
•CSCso38593—Cannot edit or remove media gateway configuration when configuring the media gateway address followed by the exit command.
•CSCsr48686—N-base error while deleting the first-cac-table.
•CSCsk76641—Just before the blacklist timeout expiry, the show services sbc sbe blacklist current-blacklisting command shows the time remaining as 49 days instead of 1 or 2 seconds.
•CSCso89807—When the SBC receives a 18x message with the 'requires: 100rel' header:param it includes a second duplicate header in the outgoing 18x, which is combined into a 'Required: 100rel, 100rel' header later in the call flow.
•CSCso13743—After configuring hunting triggers in SIP adjacencies, the show services sbc j sbe sip hunting-trigger command does not show hunting triggers.
•CSCsu12327—Starting an H.323-H.323 call with an H.245 tunnel disabled causes an SBC core dump.
•CSCsr99758—The SBC core dumps while running the Codenomicon H.248 test suite.
•CSCsr99489—In an SBC redundant deployment, the standby ACE module may reload after a write memory command is issued on the active ACE module.
•CSCsr21042—The SBC reloads after FT switchover, which is expected, then reloads three more times, which is not expected.
•CSCsr43832—If the answer received by SBC has changed payload types for a codec, that codec is forwarded by SBC in the ongoing answer. If the answer is left with no valid media codecs, the signaling goes through. However, there may be media issues because of incompatible media-types.
•CSCsu26306—When configuring congestion on the DBE, the ACE module crashes. This occurs when configuring sbc test, rsrc-mon, and cpu congestion-threshold 1 clear-threshold 2 freq 1000 congestion-probe-period 200 normal-proble-period 200.
•CSCsr65536—SBC may crash when using the show logging internal facility command.
•CSCsr24168—When running the PROTOS test suite, certain test cases cause an SBC core dump.
•CSCsr65640—The SBC does not show active blacklist defaults even when blacklist is not configured.
•CSCsw28053—For certain calls rejected by CAC policy, the SIP 503 response is sent when it should be 486.
Software Version ACE Session Border Controller Release 3.0.1 Open Caveats
The following open caveats apply to software version ACE Session Border Control Release 3.0.1:
•CSCsu80002—The default DBE location-id for the SBE configuration does not match the the default DBE location-id for the DBE configuration. This causes a "503 Service Unavilable" message when attempting a call.
–Workaround: Set DBE location-id=0 and SBE location-id=0.
•CSCsr66234—When running traffic and performing multiple switchovers on the SBC, only one of the ACE modules recovered and the SBC signaling border element (SBE), configuration did not activate. As a result, all adjancencies became detached and no traffic passed.
–Workaround: Disable one ACE module. Reload the other ACE module and when it becomes active, reload the other ACE module.
•CSCso08776—When making a SIP call, the SBC fails to act on an invite containing four videos when the invite is returned from a SIP Proxy.
–Workaround: None.
•CSCso59933—Differentiated Services Code Point (DSCP) signaling QoS profiles value are shown when profiles are not set.
–Workaround: None.
•CSCsr85533—In the address-default submode of the blacklist command, entering the no reason authentication-failure command, the no reason bad-address command, the no reason corrupt-message command, the no reason endpoint-registration command, the no reason policy-rejection command or the no reason routing-failure command will set triggersize to 0, trigger-period to 0, and timeout to 0. The default value should be triggersize is 4, trigger-period is 100ms, timeout is 600s.
–Workaround: None.
•CSCsr70002—With a PGW acting as a signaling border element (SBE) and a Cisco 7600 DBE, the PGW sends out a bulk audit request message. The Cisco 7600 DBE should send out a fragmented UDP message without a UDP checksum error, however, when checking the DBE reply against this audit request message, there is a Cisco 7600 fragmented UDP message checksum error.
–Workaround: None.
•CSCso61641—The SBC does not release the H.248 socket even after multiple SBC creations and deletions.
–Workaround: None.
•CSCsj78705—The show services sbc test dbe controllers command shows incorrect counter values.
–Workaround: None.
•CSCsu82541—If the show running-config command for a release 3.0.1 image shows h248-profile gatecontrol, the downgrade procedures from Release 3.0.1 to Release 3.0.0 do not work.
–Workaround: SBC Release 3.0.0 only supports H.248-profile-version 3 for the gatecontrol profile (the default settings).
•CSCsu87098—When upgading from SBC Release 3.0.0 to 3.0.1, a concurent-requests XXX *** cmd parse error *** appears where XXX is a value other than 250 (the default).
–Workaround: Two workarounds are available. For the first workaround, temporarily deactivate and remove the radius accounting client name command configuration during the downgrade procedure. For the second workaround, temporarily set concurrent-requests parameter to its default value (250) for the SBC Release 3.0.1 configuration.
•CSCsu92793—Console shows call failure; console also shows output of the Problem Determination (PD) log indicating a resource shortage even though there are no resource shortages.
–Workaround: The SBC encountered a syntax error while parsing the Request Uniform Resource Identifier (URI). Check the syntax of the Request URI.
Software Version ACE Session Border Controller Release 3.0.00 Caveats
The following sections contain the resolved and open caveats in software version ACE Session Border Control Release 3.0.00:
•Software Version ACE Session Border Controller Release 3.0.00 Resolved Caveats
•Software Version ACE Session Border Controller Release 3.0.00 Open Caveats
Software Version ACE Session Border Controller Release 3.0.00 Resolved Caveats
The following resolved caveats apply to software version ACE Session Border Control Release 3.0.00:
•CSCsq22492—H.323 fast start calls fail if H.245-tunnel is disabled on SBC. In case of transcoding, the H.323 calls need to be slow started as that is a SBC limitation. If the originator is capable of generating a fast start call, SBC is supposed to force it to slow start , this is achieved by configuring on the adjacency "h245tunnel-disable." This was tested with Cisco's IOS callgen.
•CSCso88697—SBC crash with SBC DBE no activate and re-activate. This is a negative scenario and is not recommended in a live enviroment.
•CSCsq32222—When the pair of HA modules came up, one module reloaded while both ACE modules were coming up at the same time.
Software Version ACE Session Border Controller Release 3.0.00 Open Caveats
The following open caveats apply to software version ACE Session Border Control Release 3.0.00:
•OPENCSCsq23314—After executing multiple switchovers with 8K SIP TCP calls at a high call rate with a limited size media-address pool, there are call failures and no CLI response.
–Workaround: None.
•CSCsq07699—The intermittent call forwarding failures if you start with a configuration that points the call routing into the wrong adjacency or when there is a change to the call routing configuration to point to the correct adjacency.
–Workaround: Reset any of the active or standby ACE modules.
•CSCsk99196—CLI for clearing blacklisting does not work. After the clear services sbc uut105-1 sbe blacklist ipv4 command is executed, the blacklisted endpoint is not cleared from the list and continues to be blacklisted.
–Workaround: None.
•CSCso81445—The ACE module coredumps with switchover 10K reg and 5K calls on a node running the SBC application. This issue is seen intermittently after at least 3 to 4 switchovers.
–Workaround: None.
•CSCso72393—After a switchover both ACE modules become active. This condition is seen on a node running the SBC application. After switchover, the heartbeats are not exchanged between the ACE module and standby ACE module and after the standby comes up, it becomes active. Reset the standby module to clear the condition.
–Workaround: None.
•CSCso67902—After configuring SBC and immediately executing a write memory command, the active ACE FT status went to active and the standby ACE FT status went to unknown.
–Workaround: Use the copy running-config startup-config command instead of the write memory command.
•CSCso67839—With fully qualified domain names (FQDNs) requiring DNS resolution with SBC running as P-CSCF in IMS setup, there are aborting call error messages with 6k calls at 10cps plus 10K reg.
–Workaround: None.
•CSCso03125—On a node running the SBC application, the SBC configuration is lost after switchover.
–Workaround: None.
•CSCsq37874—The SBC is not blacklisting the bad address port responsible for a DOS attack.
–Workaround: None.
•CSCsq37007—While running the SBC application under a heavy load for an extended period of time, the ACE module hangs. Heavy load consisted of 6k to 8k SIP calls at a rate of 20 cps (on average) with features that include DTMF interworking, transcoding, call forwarding, and registrations.
–Workaround: Reduce the CPS and avoid congestion.
Related Documentation
The following publications are available for the Cisco 7600 series routers:
•Cisco 7600 Series Router Installation Guide
•Cisco 7600 Series Router Module Installation Guide
•Cisco 7600 Series Router SIP, SSC, and SPA Hardware Installation Guide
•Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide
•Cisco 7600 Series Router Cisco IOS Command Reference
•Cisco 7600 Series Internet Router System Message Guide
•Release Notes for Cisco IOS Release 12.2SRA on the Cisco 7600 Series Routers
•Cisco IOS Configuration Guides and Command References—Use these publications to help you configure Cisco IOS software features not described in the Cisco 7600 series router publications:
–Configuration Fundamentals Configuration Guide
–Configuration Fundamentals Command Reference
–Bridging and IBM Networking Configuration Guide
–Bridging and IBM Networking Command Reference
–Interface Configuration Guide
–Interface Command Reference
–Network Protocols Configuration Guide, Parts 1, 2, and 3
–Network Protocols Command Reference, Parts 1, 2, and 3
–Security Configuration Guide
–Security Command Reference
–Switching Services Configuration Guide
–Switching Services Command Reference
–Voice, Video, and Home Applications Configuration Guide
–Voice, Video, and Home Applications Command Reference
–Software Command Summary
–Software System Error Messages
–Debug Command Reference
–Internetwork Design Guide
–Internetwork Troubleshooting Guide
–Configuration Builder Getting Started Guide
The Cisco IOS Configuration Guides and Command References are located at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/index.htm
•For information about MIBs, go to this URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtmlObtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. This section explains the product documentation resources that Cisco offers.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/techsupport
You can access the Cisco website at this URL:
http://www.cisco.com
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Product Documentation DVD
The Product Documentation DVD is a library of technical product documentation on a portable medium. The DVD enables you to access installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the HTML documentation and some of the PDF files found on the Cisco website at this URL:
http://www.cisco.com/univercd/home/home.htm
The Product Documentation DVD is created and released regularly. DVDs are available singly or by subscription. Registered Cisco.com users can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at the Product Documentation Store at this URL:
http://www.cisco.com/go/marketplace/docstore
Ordering Documentation
You must be a registered Cisco.com user to access Cisco Marketplace. Registered users may order Cisco documentation at the Product Documentation Store at this URL:
http://www.cisco.com/go/marketplace/docstore
If you do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Documentation Feedback
You can provide feedback about Cisco technical documentation on the Cisco Support site area by entering your comments in the feedback form available in every online document.
Cisco Product Security Overview
Cisco provides a free online Security Vulnerability Policy portal at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
From this site, you will find information about how to do the following:
•Report security vulnerabilities in Cisco products
•Obtain assistance with security incidents that involve Cisco products
•Register to receive security information from Cisco
A current list of security advisories, security notices, and security responses for Cisco products is available at this URL:
http://www.cisco.com/go/psirt
To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL:
http://www.cisco.com/en/US/products/products_psirt_rss_feed.html
Reporting Security Problems in Cisco Products
Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT:
•For emergencies only — security-alert@cisco.com
An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.
•For nonemergencies — psirt@cisco.com
In an emergency, you can also reach PSIRT by telephone:
•1 877 228-7302
•1 408 525-6532
Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x.
Never use a revoked encryption key or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
The link on this page has the current PGP key ID in use.
If you do not have or use PGP, contact PSIRT to find other means of encrypting the data before sending any sensitive material.
Product Alerts and Field Notices
Modifications to or updates about Cisco products are announced in Cisco Product Alerts and Cisco Field Notices. You can receive these announcements by using the Product Alert Tool on Cisco.com. This tool enables you to create a profile and choose those products for which you want to receive information.
To access the Product Alert Tool, you must be a registered Cisco.com user. Registered users can access the tool at this URL:
http://tools.cisco.com/Support/PAT/do/ViewMyProfiles.do?local=en
To register as a Cisco.com user, go to this URL:
http://tools.cisco.com/RPF/register/register.do
Obtaining Technical Assistance
Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Support website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.
Cisco Support Website
The Cisco Support website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day at this URL:
http://www.cisco.com/en/US/support/index.html
Access to all tools on the Cisco Support website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Note Before you submit a request for service online or by phone, use the Cisco Product Identification Tool to locate your product serial number. You can access this tool from the Cisco Support website by clicking the Get Tools & Resources link, clicking the All Tools (A-Z) tab, and then choosing Cisco Product Identification Tool from the alphabetical list. This tool offers three search options: by product ID or model name; by tree view; or, for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.
Tip Displaying and Searching on Cisco.com
If you suspect that the browser is not refreshing a web page, force the browser to update the web page by holding down the Ctrl key while pressing F5.
To find technical information, narrow your search to look in technical documentation, not the entire Cisco.com website. After using the Search box on the Cisco.com home page, click the Advanced Search link next to the Search box on the resulting page and then click the Technical Support & Documentation radio button.
To provide feedback about the Cisco.com website or a particular technical document, click Contacts & Feedback at the top of any Cisco.com web page.
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411
Australia: 1 800 805 227
EMEA: +32 2 704 55 55
USA: 1 800 553 2447
For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.
Severity 1 (S1)—An existing network is "down" or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of the network is impaired while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•The Cisco Online Subscription Center is the website where you can sign up for a variety of Cisco e-mail newsletters and other communications. Create a profile and then select the subscriptions that you would like to receive. To visit the Cisco Online Subscription Center, go to this URL:
http://www.cisco.com/offer/subscribe
•The Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product overviews, key features, sample part numbers, and abbreviated technical specifications for many Cisco products that are sold through channel partners. It is updated twice a year and includes the latest Cisco channel product offerings. To order and find out more about the Cisco Product Quick Reference Guide, go to this URL:
http://www.cisco.com/go/guide
•Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:
http://www.cisco.com/go/marketplace/
•Cisco Press publishes a wide range of general networking, training, and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:
http://www.ciscopress.com
•Internet Protocol Journal is a quarterly journal published by Cisco for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:
http://www.cisco.com/ipj
•Networking products offered by Cisco, as well as customer support services, can be obtained at this URL:
http://www.cisco.com/en/US/products/index.html
•Networking Professionals Connection is an interactive website where networking professionals share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL:
http://www.cisco.com/discuss/networking
•"What's New in Cisco Documentation" is an online publication that provides information about the latest documentation releases for Cisco products. Updated monthly, this online publication is organized by product category to direct you quickly to the documentation for your products. You can view the latest release of "What's New in Cisco Documentation" at this URL:
http://www.cisco.com/univercd/cc/td/doc/abtunicd/136957.htm
•World-class networking training is available from Cisco. You can view current offerings at this URL:
http://www.cisco.com/en/US/learning/index.html
