Table Of Contents

Release Notes for Cisco ONS 15540 ESP
for Cisco IOS Release 12.2(24)SV1

Contents

Introduction

System Requirements

Memory Requirements

Hardware Supported

Determining the Software Version

Upgrading the System Image

Feature Set Table

New and Changed Information

New Features in Release 12.2(24)SV

New Features in Release 12.2(23)SV

New Features in Release 12.2(22)SV

New Features in Release 12.2(18)SV2

New Features in Release 12.2(18)SV1

New Features in Release 12.2(18)SV

Caveats

Resolved Caveats in Release 12.2(24)SV1

Open Caveats in Release 12.2(24)SV

Resolved Caveats in Release 12.2(24)SV

Resolved Caveats in Release 12.2(23)SV

Resolved Caveats in Release 12.2(22)SV

Resolved Caveats in Release 12.2(18)SV2

Resolved Caveats in Release 12.2(18)SV1

Resolved Caveats for Release 12.2(18)SV

Limitations and Restrictions

Transponder Modules

Related Documentation

Obtaining Documentation

Cisco.com

Ordering Documentation

Documentation Feedback

Obtaining Technical Assistance

Cisco TAC Website

Opening a TAC Case

TAC Case Priority Definitions

Obtaining Additional Publications and Information

Release Notes for Cisco ONS 15540 ESP
for Cisco IOS Release 12.2(24)SV1

---

This document describes caveats for Cisco IOS Release 12.2(24)SV1 for the Cisco ONS 15540 ESP (Extended Services Platform).

Date: July 29, 2005

Text Part Number OL-4892-06 E0

Contents

This document includes the following information:

• Introduction

• System Requirements

• New and Changed Information

• Caveats

• Limitations and Restrictions

• Related Documentation

• Obtaining Documentation

• Documentation Feedback

• Obtaining Technical Assistance

• Obtaining Additional Publications and Information

Introduction

The Cisco ONS 15540 ESP is an optical transport platform that employs DWDM (dense wavelength division multiplexing) technology. With the Cisco ONS 15540 ESP, users can take advantage of the availability of dark fiber to build a common infrastructure that supports data, SAN (storage area networking), and TDM (time-division multiplexing) traffic. For more information about DWDM technology and applications, refer to the Introduction to DWDM Technology publication and the
Cisco ONS 15540 ESP Planning Guide.

System Requirements

This section describes the system requirements for the Cisco ONS 15540 ESP and includes the following sections:

• Memory Requirements

• Hardware Supported

• Determining the Software Version

• Upgrading the System Image

• Feature Set Table

Memory Requirements

The DRAM memory configuration is 128 MB, which is the default for the Cisco ONS 15540 ESP.

Hardware Supported

Table 1 lists the hardware components supported on the Cisco ONS 15540 ESP and the minimum software version required. See the "Determining the Software Version" section.

Table 1 Cisco ONS 15540 ESP Supported Hardware Modules and Minimum Software Requirements 

Component	Part Number	Description	Minimum Software Version Required
Chassis	15540-CHSA		12.1(7a)EY2
Power supplies	15540-PWR-AC	120 to 240 VAC power supply	12.1(7a)EY2
	15540-CAB-AC	Custom AC-input power entry cable	12.1(7a)EY2
	15540-CAB-AC	North America	12.1(7a)EY2
	15540-CAB-ACA	Australia	12.1(7a)EY2
	15540-CAB-ACE	Europe	12.1(7a)EY2
	15540-CAB-CU	UK	12.1(7a)EY2
	15540-CAB-ACI	Italy	12.1(7a)EY2
	15540-CAB-ACR	Argentina	12.1(7a)EY2
Filler motherboards and filler modules	15540-COV-01	Mux/demux motherboard blank panel	12.1(7a)EY2
	15540-COV-02	Mux/demux module	12.1(7a)EY2
	15540-COV-03	Line card motherboard blank panel	12.1(7a)EY2
	15540-COV-04	Transponder module blank panel	12.1(7a)EY2
	15540-COV-06	Processor card cover panel	12.1(7a)EY2
Fans	15540-FTMP	Fan tray module populated with eight fans	12.1(7a)EY2
Processor cards	15540-CPU	Processor card without switch fabric	12.1(7a)EY2
Mux/demux motherboards	15540-MMMB-0100	Supports mux/demux modules with OSC	12.1(7a)EY2
	15540-MMMB-0200	Supports mux/demux modules without OSC	12.1(7a)EY2
Mux/demux modules without OSC	15540-MDXA-04A0	4-channel Band A	12.1(7a)EY2
	15540-MDXA-04B0	4-channel Band B	12.1(7a)EY2
	15540-MDXA-04C0	4-channel Band C	12.1(7a)EY2
	15540-MDXA-04D0	4-channel Band D	12.1(7a)EY2
	15540-MDXA-04E0	4-channel Band E	12.1(7a)EY2
	15540-MDXA-04F0	4-channel Band F	12.1(7a)EY2
	15540-MDXA-04G0	4-channel Band G	12.1(7a)EY2
	15540-MDXA-04H0	4-channel Band H	12.1(7a)EY2
	15540-MDXA-08A0	8-channel Band AB	12.1(7a)EY2
	15540-MDXA-08B0	8-channel Band CD	12.1(7a)EY2
	15540-MDXA-08C0	8-channel Band EF	12.1(7a)EY2
	15540-MDXA-08D0	8-channel Band GH	12.1(7a)EY2
	15540-MDXA-16EH	16-channel Band EH	12.1(7a)EY2
Mux/demux modules with OSC	15540-MDXA-04A0	4-channel Band A	12.1(7a)EY2
	15540-MDXB-04B0	4-channel Band B	12.1(7a)EY2
	15540-MDXB-04C0	4-channel Band C	12.1(7a)EY2
	15540-MDXB-04D0	4-channel Band D	12.1(7a)EY2
	15540-MDXB-04E0	4-channel Band E	12.1(7a)EY2
	15540-MDXB-04F0	4-channel Band F	12.1(7a)EY2
	15540-MDXB-04G0	4-channel Band G	12.1(7a)EY2
	15540-MDXB-04H0	4-channel Band H	12.1(7a)EY2
	15540-MDXB-08A0	8-channel Band AB	12.1(7a)EY2
	15540-MDXB-08B0	8-channel Band CD	12.1(7a)EY2
	15540-MDXB-08C0	8-channel Band EF	12.1(7a)EY2
	15540-MDXB-08D0	8-channel Band GH	12.1(7a)EY2
	15540-MDXB-16AD	16-channel Band AD	12.1(7a)EY2
Line card motherboards	15540-LCMB-0100	Supports four transponders with protection	12.1(7a)EY2
	15540-LCMB-0200	Supports four transponders -East	12.1(7a)EY2
	15540-LCMB-0201	Supports four transponders -West	12.1(7a)EY2
MM transponder modules	15540-TSP1-01A3	Ch 1-2 —1310-nm MM 16 to 622 Mbps with SC	12.1(7a)EY2
	15540-TSP1-03A3	Ch 3-4 — 1310-nm MM 16 to 622 Mbps with SC	12.1(7a)EY2
	15540-TSP1-05A3	Ch 5-6 —1310-nm MM 16 to 622 Mbps with SC	12.1(7a)EY2
	15540-TSP1-07A3	Ch 7-8 — 1310-nm MM 16 to 622 Mbps with SC	12.1(7a)EY2
	15540-TSP1-09A3	Ch 9-10 — 1310-nm MM 16 to 622 Mbps with SC	12.1(7a)EY2
	15540-TSP1-11A3	Ch 11-12 — 1310-nm MM 16 to 622 Mbps with SC	12.1(7a)EY2
	15540-TSP1-13A3	Ch 13-14 — 1310-nm MM 16 to 622 Mbps with SC	12.1(7a)EY2
	15540-TSP1-15A3	Ch 15-16 — 1310-nm MM 16 to 622 Mbps with SC	12.1(7a)EY2
	15540-TSP1-17A3	Ch 17-18 — 1310-nm MM 16 to 622 Mbps with SC	12.1(7a)EY2
	15540-TSP1-19A3	Ch 19-20 — 1310nm MM 16 to 622 Mbps with SC	12.1(7a)EY2
	15540-TSP1-21A3	Ch 21-22 — 1310-nm MM 16 to 622 Mbps with SC	12.1(7a)EY2
	15540-TSP1-23A3	Ch 23- 24—1310-nm MM 16 to 622 Mbps with SC	12.1(7a)EY2
	15540-TSP1-25A3	Ch 25-26—1310-nm MM 16 to 622 Mbps with SC	12.1(7a)EY2
	15540-TSP1-27A3	Ch 27-28—1310-nm MM 16 to 622 Mbps with SC	12.1(7a)EY2
	15540-TSP1-29A3	Ch 29-30—1310-nm MM 16 to 622 Mbps with SC	12.1(7a)EY2
	15540-TSP1-31A3	Ch 31-32—1310-nm MM 16 to 622 Mbps with SC	12.1(7a)EY2
SM transponder modules	15540-TSP1-01B3	Ch 1-2—1310-nm SM 16 Mbps to 2.5 Gbps with SC	12.1(7a)EY2
	15540-TSP1-03B3	Ch 3-4—1310-nm SM 16 Mbps to 2.5 Gbps with SC	12.1(7a)EY2
	15540-TSP1-05B3	Ch 5-6—1310-nm SM 16 Mbps to 2.5 Gbps with SC	12.1(7a)EY2
	15540-TSP1-07B3	Ch 7-8—1310-nm SM 16 Mbps to 2.5 Gbps with SC	12.1(7a)EY2
	15540-TSP1-09B3	Ch 9-10—1310-nm SM 16 Mbps to 2.5 Gbps with SC	12.1(7a)EY2
	15540-TSP1-11B3	Ch 11-12—1310-nm SM 16 Mbps to 2.5 Gbps with SC	12.1(7a)EY2
	15540-TSP1-13B3	Ch 13-14— 1310-nm SM 16 Mbps to 2.5 Gbps with SC	12.1(7a)EY2
	15540-TSP1-15B3	Ch 15-16—1310-nm SM 16 Mbps to 2.5 Gbps with SC	12.1(7a)EY2
	15540-TSP1-17B3	Ch 17-18—1310-nm SM 16 Mbps to 2.5 Gbps with SC	12.1(7a)EY2
	15540-TSP1-19B3	Ch 19-20—1310nm SM 16 Mbps to 2.5 Gbps with SC	12.1(7a)EY2
	15540-TSP1-21B3	Ch 21-22—1310-nm SM 16 Mbps to 2.5 Gbps with SC	12.1(7a)EY2
	15540-TSP1-23B3	Ch 23- 24—1310-nm SM 16 Mbps to 2.5 Gbps with SC	12.1(7a)EY2
	15540-TSP1-23B3	Ch 23- 24—1310-nm SM 16 Mbps to 2.5 Gbps with SC	12.1(7a)EY2
	15540-TSP1-25B3	Ch 25-26—1310-nm SM 16 Mbps to 2.5 Gbps with SC	12.1(7a)EY2
	15540-TSP1-27B3	Ch 27-28—1310-nm SM 16 Mbps to 2.5 Gbps with SC	12.1(7a)EY2
	15540-TSP1-29B3	Ch 29-30 —1310-nm SM 16 Mbps to 2.5 Gbps with SC	12.1(7a)EY2
	15540-TSP1-31B3	Ch 31-32—1310-nm SM 16 Mbps to 2.5 Gbps with SC	12.1(7a)EY2
Type 2 extended range transponder modules	15540-TSP2-0100	Ch 1-2	12.1(11b)E
	15540-TSP2-0300	Ch 3-4	12.1(11b)E
	15540-TSP2-0500	Ch 5-6	12.1(11b)E
	15540-TSP2-0700	Ch 7-8	12.1(11b)E
	15540-TSP2-0900	Ch 9-10	12.1(11b)E
	15540-TSP2-1100	Ch 11-12	12.1(11b)E
	15540-TSP2-1300	Ch 13-14	12.1(11b)E
	15540-TSP2-1500	Ch 15-16	12.1(11b)E
	15540-TSP2-1700	Ch 17-18	12.1(11b)E
	15540-TSP2-1900	Ch 19-20	12.1(11b)E
	15540-TSP2-2100	Ch 21-22	12.1(11b)E
	15540-TSP2-2300	Ch 23-24	12.1(11b)E
	15540-TSP2-2500	Ch 25-26	12.1(11b)E
	15540-TSP2-2700	Ch 27-28	12.1(11b)E
	15540-TSP2-2900	Ch 29-30	12.1(11b)E
	15540-TSP2-3100	Ch 31-32	12.1(11b)E
Fixed rate SFP optics for Type 2 extended range transponder modules	15500-XVRA-01A2	ESCON and OC-3 1310-nm MM MT-RJ	12.1(11b)E
	15500-XVRA-03B1	Gigabit Ethernet and Fibre Channel (1 Gbps) 1310-nm SM MTLC	12.1(11b)E
	15500-XVRA-03B2	1-Gbps Fibre Channel and 2 Gbps Fibre Channel 1310-nm SM MTLC	12.1(11b)E
	15500-XVRA-02C1	Gigabit Ethernet and Fibre Channel (1 Gbps) 850-nm MM MTLC	12.1(11b)E
	15500-XVRA-02C2	Fibre Channel (1 Gbps and 2 Gbps) 850-nm SM MTLC	12.1(11b)E
	15500-XVRA-06B1	SONET OC-12 1310-nm SM MTLC	12.1(11b)E
	15500-XVRA-07B1	SONET OC-48 1310-nm SM MTLC	12.1(11b)E
Variable rate SFP optics	15500-XVRA-10A1	Low band (16 to 200 Mbps) variable rate, MM (1310 nm) with LC	12.1(12c)EV3
	15500-XVRA-10B1	Low band (16 to 200 Mbps) variable rate, SM (1310 nm) with LC	12.1(12c)EV3
	15500-XVRA-11A1	Mid band (200 to 622 Mbps) variable rate, MM (1310 nm) with LC	12.1(12c)EV3
	15500-XVRA-11B1	Mid band (200 to 1250 Mbps) variable rate, SM (1310 nm) with LC	12.1(12c)EV3
	15500-XVRA-12B1	High band (1.062 Gbps to 2.5 Gbps) variable rate, SM (1310 nm) with LC	12.1(12c)EV3

Determining the Software Version

---

Note We strongly recommend that you use the latest available software release for all Cisco ONS 15540 ESP hardware.

---

To determine the version of Cisco IOS software currently running on a Cisco ONS 15540 ESP system, log in to the system and enter the show version EXEC command. The following sample output is from the show version command. The software version number is shown on the second line of the sample output.

Switch# show version

Cisco Internetwork Operating System Software

IOS (tm) ONS-15540 Software (ONS15540-I-M), Version 12.2(24)SV <Information deleted>

Upgrading the System Image

To ensure proper system functioning, follow the system image upgrading procedure described in the Cisco ONS 15540 ESP Software Upgrade Guide.

---

Note Always set the configuration register to 0x2102 when upgrading the system image using the config-reg 0x2102 command in configuration mode.

---

---

Caution Improper system image upgrades can affect system functioning and redundancy. Always follow the recommended upgrade procedures.

---

Feature Set Table

The Cisco IOS Release software is packaged in feature sets (also called software images) depending on the platform. Each feature set contains a specific set of Cisco IOS features. Table 2 lists the Cisco IOS software feature sets available for the Cisco ONS 15540 ESP.

Table 2 Feature Sets Supported by the Cisco ONS 15540 ESP 

Feature Set	Introduced in This Release
Gigabit Ethernet	12.1(7a)EY2
Fast Ethernet	12.1(7a)EY2
Ethernet	12.1(7a)EY2
ATM OC-3/STM-1, OC-12/STM-4, and OC-48/STM-16	12.1(7a)EY2
SONET1 /SDH2	12.1(7a)EY2
POS3	12.1(7a)EY2
Coupling link	12.1(7a)EY2
Fibre Channel (1 Gbps)	12.1(7a)EY2
Fibre Channel (2 Gbps)	12.1(7a)EY2
FDDI4	12.1(7a)EY2
ESCON5 SM (200 Mbps)	12.1(7a)EY2
FICON6 (800 Mbps)	12.1(7a)EY2
FICON (1 Gbps)	12.1(12c)EV3
Token Ring	12.1(7a)EY2
SNMP	12.1(7a)EY2
CiscoView	12.1(7a)EY2
Cisco Transport Manager	12.1(7a)EY2
IP packets	12.1(7a)EY2
OSCP7	12.1(7a)EY2
APS8 protocol packets	12.1(7a)EY2
Point-to-point	12.1(7a)EY2
Hubbed ring	12.1(7a)EY2
Meshed ring	12.1(7a)EY2
IBM GDPS9 ETR/CLO10	12.1(7a)EY2
IBM GDPS 9 coupling link	12.1(7a)EY2
2-Gbps Fibre Channel protocol monitoring on transponder modules	12.2(18)SV
2-Gbps FICON protocol monitoring on transponder modules	12.2(18)SV
Functional image version diagnostics	12.2(18)SV
2-Gbps ISC links peer mode protocol monitoring on 2.5-Gbps transponder modules	12.2(22)SV
1-Gbps ISC links peer mode protocol monitoring on transponder modules	12.2(23)SV
SSHv1 client and server support	12.2(24)SV
SNMPv3 support	12.2(24)SV
Counter preservation on processor card switchovers	12.2(24)SV

1 SONET = Synchronous Optical Networking 2 SDH = Synchronous Digital Hierarchy 3 POS = Packet over SONET 4 FDDI = Fiber Distributed Data Interface 5 ESCON = Enterprise Systems Connection 6 FICON = Fiber Connection 7 OSCP = Optical Supervisory Channel Protocol 8 APS = Automatic Protection Switching 9 GDPS = Geographically Dispersed Parallel Sysplex 10 ETR/CLO = external timer reference/control link oscillator

New and Changed Information

This section lists new features that appear in this and previous releases of Cisco IOS Release 12.2. The new features are sorted by release number.

New Features in Release 12.2(24)SV

The following new software features are available for the Cisco ONS 15540 ESP in Cisco IOS Release 12.2(24)SV:

•SSHv1 client and server support

•SNMPv3 support

•Counter preservation on processor card switchovers

New Features in Release 12.2(23)SV

The following new software feature is available for the Cisco ONS 15540 ESP in Cisco IOS Release 12.2(23)SV:

•1-Gbps ISC links peer mode protocol monitoring on the transponder module

New Features in Release 12.2(22)SV

The following new software feature is available for the Cisco ONS 15540 ESP in Cisco IOS Release 12.2(22)SV:

•2-Gbps ISC links peer mode protocol monitoring on 2.5-Gbps transponder modules.

---

Note 2-Gbps Fibre Channel/FICON protocol monitoring requires transponder functional image
release 1.A3 or later.

---

New Features in Release 12.2(18)SV2

No new features are available for this release.

New Features in Release 12.2(18)SV1

No new features are available for this release.

New Features in Release 12.2(18)SV

The following new software features are available for the Cisco ONS 15540 ESP in Cisco IOS Release 12.2(18)SV:

•2-Gbps Fibre Channel protocol monitoring on 2.5-Gbps transponder modules

---

Note 2-Gbps Fibre Channel/FICON protocol monitoring requires transponder functional image
release 1.A3 or later.

---

•2-Gbps FICON protocol monitoring on 2.5-Gbps transponder modules

---

Note 2-Gbps Fibre Channel/FICON protocol monitoring requires transponder functional image
release 1.A3 or later.

---

•Data file with upgrade information for the ROMMON and functional images

•show upgrade-info functional-image command

Caveats

This section describes open and resolved severity 1 and 2 caveats and certain severity 3 caveats. The "Open Caveats" section lists open caveats that apply to the current release and may apply to previous releases. The "Resolved Caveats" sections list caveats resolved in a particular release, but open in previous releases.

Resolved Caveats in Release 12.2(24)SV1

•CSCef68324

Cisco Internetwork Operating System (IOS) software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.

Cisco has made free software available to address this vulnerability for all affected customers.

More details can be found in the security advisory that is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml.

Open Caveats in Release 12.2(24)SV

•CSCeb79990

Symptom: The patch commands saved on the system are not compatible with CTM (Cisco Transport Manager).

Workaround: Remove the patch commands that show up out of order after the configuration is saved. Then reset the active processor card or switch to the standby processor card and reenter the patch commands.

•CSCed74239

Symptom: In a point-to-point network with y-cable based APS configured, the protection path does not automatically come up if the working path is down.

Workaround: Put a loopback on the client side to restore traffic to the protection path.

CSCee70825

Symptom: During normal operation, an outage may result when trying to connect through the console port. The console port issues error messages. These can be routine messages relating to loss of light on wave ports that were turned on. Interface alarm flapping may cause hardware watchdog timeout, failed to switchover to standby processor card.

Workaround: None

•CSCee71928

Symptom: The optical link fails to come up between two 8-port GBIC modules through the ONS15540 PSM DWDMs when forward laser control (FLC) is enabled.

Workaround: Use a 16-port GBIC module or deactivate FLC.

•CSCin76822

Symptom: If a failed subcard is replaced by a new one, the show diag online output continues to indicate that there was a 'previous failure' for this subcard. This should have been cleared when the new card was inserted. This is specific to subcards, for motherboards the older failures are cleared when a new card is inserted.

Workaround: None.

Resolved Caveats in Release 12.2(24)SV

•CSCdz82276

Symptom: A warning is issued if the card has an unknown functional image. Version compatibility checks need to be performed during system initialization. The hardware version compatibility should identify any mismatch between functional image versions and hardware versions. The software version compatibility should identify any mismatch between the functional image and software image.

Workaround: None.

•CSCec45305

Symptom: If the transparent interface on a multimode transponder module is configured for Sysplex ETR traffic (encap sysplex etr command), the show interfaces transparent command output shows that forward laser control is set to off. Forward laser control is automatically enabled for Sysplex ETR.

Workaround: Add client input traffic and the trunk side laser will function.

•CSCec55713

Symptom: The Prot Switch Byte Failure - In Effect alarm message appears on the console.

Workaround: None.

•CSCec55713

Symptom: The Prot Switch Byte Failure - In Effect alarm message appears on the console.

Workaround: None.

•CSCec78648

Symptom: The show redundancy command is not valid on specific versions of the Cisco ONS 15530 software but the choice still exists.

Workaround: Use the show redundancy summary command.

•CSCed65285

Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial In User Service (RADIUS) is not affected by these vulnerabilities.

Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)

This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml.

•CSCed65778

Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial In User Service (RADIUS) is not affected by these vulnerabilities.

Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)

This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml.

•CSCed78149

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

•CSCee50294

Symptom: Cisco IOS® devices running branches of Cisco IOS version 12.2S that have Dynamic Host Configuration Protocol (DHCP) server or relay agent enabled, even if not configured, are vulnerable to a denial of service where the input queue becomes blocked when receiving specifically crafted DHCP packets. Cisco is providing free fixed software to address this issue. There are also workarounds to mitigate this vulnerability. This issue was introduced by the fix included in CSCdx46180 and is being tracked by Cisco Bug ID CSCee50294.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20041110-dhcp.shtml .

Workaround: None.

•CSCee75578

Symptom: The GE optical link fails to come up between two Catalyst 65xx 8-port GBIC modules through the Cisco ONS155xx transparent transponders when Forward Laser Control (FLC) is enabled on the system. The link fails to come up irrespective of the type of protection scheme.

Workaround: Use a 16-port GBIC module on the Catalyst 65xx or deactivate FLC on the ONS155xx.

•CSCin69960

Symptom: A receive failure might display a message that the laser if shut due to forward laser control.

Workaround: None.

Resolved Caveats in Release 12.2(23)SV

•CSCec31146

Symptom: If monitoring is disabled, Loss of Light on the local transparent interface results in Loss of Sync on the far side wave interface.

Workaround: Enable monitoring on the transparent interface.

•CSCed38657

Symptom: DWDM links set at a 196.608-Mbps rate, or an uncommon rate close to this, may not work properly on the 2.5-Gbps transponder module. Link initialization failures and bit errors may occur.

Workaround: None.

•CSCee34107

Symptom: APS behavior for the aps clear command is inconsistent with the standard behavior if the following conditions occur:

–Traffic runs from the working link (link A) and you perform a manual switch to the protected link (link B), causing traffic to switch to link B.

–You enter the aps clear command for the aps-group; link A becomes active, regardless of whether the APS group is configured revertively or nonrevertively.

Workaround: None.

•CSCeb70408

Symptom: The IDPROM values from the high band single-mode SFPs are not readable. The SFPs cannot be configured and cannot be used.

Workaround: None.

Resolved Caveats in Release 12.2(22)SV

•CSCeb18103

Symptom: The OSC wave interface does not come back up after resolving a trunk fiber break if laser safety control was configured after the trunk fiber break occurred.

Workaround: None.

Resolution: Upgrade the Cisco ONS 15540 mux/demux motherboard functional image to release 2.67 or later.

•CSCin60562

Symptom: If a row is created in cApsChanConfigTable using createAndWait, a set operation on an instance of cApsChanConfigIfIndex might modify another instance of that object.

Workaround: Use createAndGo to create the row.

•CSCin67971

Symptom: If a one-way patch configuration is removed between a thru interface and a wdm interface, the system hangs for a long time and eventually crashes.

Workaround: Configure two-way patches between the thru and wdm interfaces.

Resolved Caveats in Release 12.2(18)SV2

•CSCeb87507

Symptom: In some instances the system crashes when it attempts to parse IP SNMP related commands.

Workaround: None.

•CSCed22589

Symptom: Link initialization failure due to Loss of Lock might occur for ESCON traffic on some transponder modules due to a transient failure of the clock recovery unit. Only some transponder modules are susceptible to this failure and not all. This is an initialization failure and not a run-time failure.

Workaround: None.

Resolved Caveats in Release 12.2(18)SV1

•CSCec28182

Symptom: Tracebacks related to processor hog issues are seen when reprogramming the 2.5-Gbps transponder module functional image.

Workaround: None.

•CSCec59409

Symptom: Issuing a Ctrl-U when connected to a raw TL1 port causes the system to crash.

Workaround: If a TL1 port is unused, apply an IP ACL to the management Ethernet interface that blocks the incoming TCP connections to that port.

Resolved Caveats for Release 12.2(18)SV

•CSCdu53656

A Cisco device running Cisco IOS software and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP is not enabled by default, and must be configured to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.

Cisco has made free software available to address this problem. For more details, refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.

•CSCea28131

A Cisco device running Cisco IOS software and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP is not enabled by default, and must be configured to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.

Cisco has made free software available to address this problem. For more details, refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.

•CSCeb61427

Symptom: The system crashes when the user exits from the console after the active processor card has been removed and inserted online and is switched back to being the active processor card.

Workaround: None.

•CSCeb72528

Symptom: Client Tx fault alarm is asserted when an SFP optics is inserted or upon a y-cable switchover.

Workaround: Upgrade to Cisco IOS Release 12.1(12c)EV3 and transponder functional image version 1.A2 or higher.

•CSCec05746

Symptom: In a point-to-point network topology setup where bidirectional PSM trunk fiber protection APS is configured, and the CDL (Converged Data Link) is configured for dcc and the controller type of the mux/demux module is 0x1104 (4-channel mux/demux module without OSC), APS cannot to track a valid ethernetdcc interface. Therefore the group cannot be associated.

Workaround: Do not configure CDL as dcc for PSM APS if the corresponding mux/demux module does not have OSC ports (controller type 0x1104).

•CSCec22377

Symptom: Continuous optical performance monitoring alarms cause memory leaks that lead to bus error exceptions and an unexpected reload.

Workaround: None.

•CSCec31503

Symptom: Unable to disable APS group through SNMP. The console or Telnet session hangs indefinitely after configuration mode is entered using the SNMP set command.

Workaround: Do not disable the APS group through SNMP.

•CSCec31512

Symptom: When you enter the send break command on the active processor and keep the active processor in the ROM monitor (ROMMON) mode for a long time, the standby processor may reload because of a bus error exception.

Workaround: None.

Limitations and Restrictions

This section provides limitations and restrictions for Cisco ONS 15540 ESP hardware and software.

Transponder Modules

This section contains limitations and restrictions that apply to transponder modules.

•When you insert the standby transponder module in a y-cable protected configuration, remove the cable from the transponder module before inserting the transponder module into the shelf. Failure to remove the cable might result in errors that can affect the performance of the active signal received by the client equipment.

•CRC errors may occur with 2-Gbps Fibre Channel on single-mode transponders when high input power levels are received from the client laser sources.

Data errors or link-down conditions for 2-Gbps Fibre Channel might occur when used with certain client laser sources. Transmitters in some client GBIC and SFP transceiver units might send large overshoots in optical power with signal bit transitions, causing momentary overload conditions on the transponder client side receiver. The average transmitted power level from the GBIC does not violate the overload specification of the transponder client side receiver, so a power meter does not detect the overload.

The workaround is to attenuate the signal from the client equipment to a recommended level of -12 dBm when transmitting 2-Gbps Fibre Channel services.

•Error-free transmission of some D1 video signals (defined by the SMPTE 259M standard) and test patterns (such as Matrix SDI) cannot be guaranteed by the Cisco 15500 Series because of the pathological pattern in D1 video. This well-known limitation is usually overcome by the D1 video equipment vendor, who uses a proprietary, second level of scrambling. No standards exist at this time for the second level of scrambling.

Related Documentation

Refer to the following documents for more information about the Cisco ONS 15540 ESP:

• Regulatory Compliance and Safety Information for the Cisco ONS 15500 Series

• Cisco ONS 15540 ESP Planning Guide

• Cisco ONS 15540 ESP Hardware Installation Guide

• Cisco ONS 15540 ESP Optical Transport Turn-Up and Test Guide

• Cisco ONS 15540 ESP Configuration Guide

• Cisco ONS 15540 ESP Command Reference

•Cisco ONS 15540 ESP System Alarms and Error Messages

• Cisco ONS 15540 ESP Troubleshooting Guide

• Network Management for the Cisco ONS 15540 ESP

•Cisco ONS 15540 ESP TL1 Command Reference

• MIB Quick Reference for the Cisco ONS 15500 Series

•Cisco ONS 15540 ESP Software Upgrade Guide

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation on the World Wide Web at this URL:

http://www.cisco.com/univercd/home/home.htm

You can access the Cisco website at this URL:

http://www.cisco.com

International Cisco websites can be accessed from this URL:

http://www.cisco.com/public/countries_languages.shtml

Ordering Documentation

You can find instructions for ordering documentation at this URL:

http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm

You can order Cisco documentation in these ways:

•Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:

http://www.cisco.com/en/US/partner/ordering/index.shtml

•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).

Documentation Feedback

You can submit e-mail comments about technical documentation to bug-doc@cisco.com.

You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, the Cisco Technical Assistance Center (TAC) provides 24-hour-a-day, award-winning technical support services, online and over the phone. Cisco.com features the Cisco TAC website as an online starting point for technical assistance. If you do not hold a valid Cisco service contract, please contact your reseller.

Cisco TAC Website

The Cisco TAC website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The Cisco TAC website is available 24 hours a day, 365 days a year. The Cisco TAC website is located at this URL:

http://www.cisco.com/tac

Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a login ID or password, register at this URL:

http://tools.cisco.com/RPF/register/register.do

Opening a TAC Case

Using the online TAC Case Open Tool is the fastest way to open P3 and P4 cases. (P3 and P4 cases are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Case Open Tool automatically recommends resources for an immediate solution. If your issue is not resolved using the recommended resources, your case will be assigned to a Cisco TAC engineer. The online TAC Case Open Tool is located at this URL:

http://www.cisco.com/tac/caseopen

For P1 or P2 cases (P1 and P2 cases are those in which your production network is down or severely degraded) or if you do not have Internet access, contact Cisco TAC by telephone. Cisco TAC engineers are assigned immediately to P1 and P2 cases to help keep your business operations running smoothly.

To open a case by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447

For a complete listing of Cisco TAC contacts, go to this URL:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

TAC Case Priority Definitions

To ensure that all cases are reported in a standard format, Cisco has established case priority definitions.

Priority 1 (P1)—Your network is "down" or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Priority 2 (P2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Priority 3 (P3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Priority 4 (P4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

•Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Go to this URL to visit the company store:

http://www.cisco.com/go/marketplace/

•The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as ordering and customer support services. Access the Cisco Product Catalog at this URL:

http://cisco.com/univercd/cc/td/doc/pcat/

•Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press online at this URL:

http://www.ciscopress.com

•Packet magazine is the Cisco quarterly publication that provides the latest networking trends, technology breakthroughs, and Cisco products and solutions to help industry professionals get the most from their networking investment. Included are networking deployment and troubleshooting tips, configuration examples, customer case studies, tutorials and training, certification information, and links to numerous in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/packet

•iQ Magazine is the Cisco bimonthly publication that delivers the latest information about Internet business strategies for executives. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

•Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

•Training—Cisco offers world-class networking training. Current offerings in network training are listed at this URL:

http://www.cisco.com/en/US/learning/index.html

This document is to be used in conjunction with the documents listed in the "Related Documentation" section.

CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R)

Copyright © 2003-2005 Cisco Systems, Inc. All rights reserved.

Posted: Fri Jul 29 23:20:59 PDT 2005
All contents are Copyright © 1992--2005 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.