|
These release notes describe important information and caveats for the Cisco 6510 Service Selection Gateway up to and including version 1.0(2). Information in this document supplements information in the Cisco 6510 Service Selection Gateway Hardware Installation Guide and the Cisco 6510 Service Selection Gateway Software Installation and Configuration Guide.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar, and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.
The following topics are discussed:
When new software becomes available on CCO, it will be available from the following URL:
http://www.cisco.com/cgi-bin/tablebuild.pl/6510
To access CCO, you must be a registered user. After entering your username and password, the next page contains a list of available files similar to the following:
Filename Description
------------------------------- -------------------------------------
6510-SSG-1.0.2.bin 6510 Version 1.0(2) Software image
6510-SSG-1.0.2.readme.txt 6510 Version 1.0(2) Release Notes
6510-SSG-Dashboard-1.1.69.exe Dashboard Client v1.1(69) Software
6510-SSG-dictionary-1.0.txt SSG dictionary for freeware RADIUS
6510-SSG-dictionary-CSU-1.0.txt SSG dictionary for CS UNIX 2.2(2)
If newer software is available, the list will show file version numbers different than what is shown above.
The Cisco 6510 RADIUS dictionary files help set up a RADIUS server for use with the Cisco 6510. If the RADIUS server uses the traditional RADIUS dictionary file format, download the freeware RADIUS dictionary file. If the RADIUS server uses Cisco User Control Point (UCP) or CiscoSecure Access Control Server (ACS) for UNIX, download the CS UNIX dictionary file.
After downloading the software image file, complete the following steps to upgrade the Cisco 6510:
Step 1 Rename the downloaded software image file to csco6510 and copy this file to a 1.44 MB DOS formatted 3.5-inch disk.
Step 2 Follow the instructions in the Cisco 6510 Service Selection Gateway Hardware Installation Guide until the Cisco 6510 displays an SSG>
prompt.
Step 3 Insert the disk in the Cisco 6510 drive and enter the following command:
Step 4 Remove the disk and reboot the Cisco 6510.
The Cisco 6510 can be configured as a DHCP relay agent. To enable or disable the DHCP relay option, use the following command:
config set DHCPRelayEnable {0 | 1}0 | Disables the DHCP relay option (default). |
1 | Enables the DHCP relay option. |
This section describes possibly unexpected behavior and known issues regarding version 1.0(2) of the Cisco 6510.
The second and subsequent uses of the burnimg command in a single session (from boot to reboot) will cause the false dosFsDevInit message to appear.
This error message will not effect the operation of the burnimg command and can be ignored. [CSCdk01571]
The Cisco 6510 can use two IP addresses for authentication and authorization servers (AAAIP1 and AAAIP2) and two for accounting servers (AccountingIP1 and AccountingIP2).
The Cisco 6510 acts as a proxy RADIUS server for authentication and authorization requests and does not control the number of transmission retries or the timeout interval for these requests. When both AAAIP1 and AAAIP2 are configured, the Cisco 6510 load balances (round-robins) the requests between these two IP addresses, resulting in greater response times and increased load utilization. If one of the two AAA servers is down, half of the authentication requests will begin to time out. because the timed out requests will be retried, authentication will continue to succeed for most users. However, some requests may be retried to the downed server three times. When this happens, the user will not be authenticated (although, the user may try again).
Because the Cisco 6510 generates accounting records, it can control the transmission retries and timeouts for accounting requests. Consequently, all accounting requests are sent to the first accounting server (AccountingIP1). If the Cisco 6510 does not receive a response, it sends requests to the second accounting server. [CSCdj92684]
Debugging can dramatically decrease the performance of the Cisco 6510. The more debug handlers and debug levels that are enabled, the more performance will decrease. Only use debugging in a test environment for troubleshooting purposes. After the problem is resolved, disable debugging.
The Cisco 6510 prioritizes packet handling over debugging. For this reason, debug messages might be dropped if heavy debugging (verbose and packet) is enabled during heavy traffic.
Log messages can only be sent to target0. Targets 1 through 4 are not implemented in this release. [CSCdj84980]
Cisco IOS software has a hard-coded limit of 300 Virtual Access interfaces and 300 Interface Descriptor Blocks (IDB). In addition to VPDN connections, IDB resources are also used by other Cisco IOS features such as multi-chassis MLPPP, Frame Relay subinterfaces, and GRE tunnel interfaces. This hard-coded limit restricts the number of possible connections to the home gateway router. The actual amount of VPDN connections that can be made is dependent on what features are used on the router. On a router being used strictly as a home gateway, you can expect to make around 275 to 280 VPDN connections.
There is no workaround at this time. The next version of Cisco IOS software is planned to increase the IDB resource limit. [CSCdj56717]
Current releases of Cisco IOS affect the functionality of the Cisco 6510 under certain circumstances. The problem can occur during high sustained traffic through an L2F tunnel with PPP keepalives enabled on the Virtual-Access interfaces.
The PPP keepalives will begin to time out which will eventually cause the tunnel to be dropped. To work around this problem, disable PPP keepalives on the Virtual-Template interface. The following is an example in Cisco IOS software:
!
interface Virtual-Template 1
ip unnumbered Ethernet0
no keepalive
!
Cisco IOS software prior to versions 11.2(13) and 11.3(3) exhibited a problem where an L2F tunnel would unexpectedly close during high sustained traffic through an L2F tunnel. Consequently, it is required that these versions or higher are used on routers that will act as home gateways for the Cisco 6510. [CSCdj93132]
If you leave a disk in the drive of the Cisco 6510, it will not boot up and no warning message will be displayed on the console. This might occur if you upgrade the Cisco 6510 software and forget to remove the disk from the drive.
To work around this problem, remove the disk and power cycle the Cisco 6510. [CSCdj86887]
Most parameters can be set using the config set command. However, the config set command does not cause all parameters to take effect immediately. The following is a list of parameters that do not take effect immediately when configured with the config set command:
There are two workarounds. The first workaround is to use the formal commands that set these parameters such as ifconfig, remoteport, and accountingparam. The other workaround is to reboot the Cisco 6510 after changing any of the above parameters with the config set command. [CSCdk08117]
The Cisco 6510 requires that the RADIUS server used with the Cisco 6510 support RADIUS vendor-specific attributes in both RADIUS Access-Requests and RADIUS Accounting-Requests. CiscoSecure for UNIX version 2.2(2) and the current release of UCP (CiscoSecure is a component of UCP) did not handle these types of attributes correctly in Accounting-Requests. If you plan to use CiscoSecure with the Cisco 6510, you must use version 2.2(2) with patch #1 or higher.
For convenience, patch #1 is available at the same location as the Cisco 6510 software on CCO.
The Cisco 6510 does not currently provide Telnet capability for remote administration.
If you require remote administration capability, one possible workaround is to connect the console port of the Cisco 6510 to an asynchronous port on a Cisco 2509 or 2511 router. You can then access the Cisco 6510 console by "reverse Telneting" to the router. For example, if you connect the console port to the async1 port on a Cisco 2509 router, you will be able to access the Cisco 6510 console by Telneting to the router on TCP port 2001 (telnet as2509 2001
). To use async2, you would Telnet to port 2002, and so on.
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can access CCO in the following ways:
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
|