|
|
Table Of Contents
Release Notes for Cisco ONS 15216 OADM Release 2.2.3
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support Website
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Release Notes for Cisco ONS 15216 OADM Release 2.2.3
August, 2005
Release notes address closed (maintenance) issues, caveats, and new features for the Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM). For detailed information regarding features, capabilities, hardware, and software introduced with this release, refer to the Cisco ONS 15216 100 GHz OADM Operations Guide, Release 2.2.
Cisco also provides Bug Toolkit, a web resource for tracking defects. To access Bug Toolkit, visit the following URL:
http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl
Contents
Cisco Product Security Overview
Obtaining Technical Assistance
Obtaining Additional Publications and Information
Caveats
Review the notes listed below before deploying the ONS 15216. Caveats with DDTS tracking numbers are known system limitations that are scheduled to be addressed in a subsequent release. Caveats without DDTS tracking numbers are provided to point out procedural or situational considerations when deploying the product.
Hardware Caveats
There are no hardware caveats for this release.
Software Caveats
DDTS # CSCdz40833: LOSDROP East-1 alarm enable/disable status is always enabled after a reset
On the 1-ch OADM, the EAST-1 drop port LOS alarm can be disabled, but after a restart of the unit the alarm is displayed again as enabled.
Conditions
Occurs only on the 1-ch OADM EAST-1 drop port when there is a software reset.
Workaround
If the alarm needs to be disabled, use the ED-NE-GEN command again after a reset to disable the alarm.
DDTS # CSCdz40902: Timeout setting is not kept after a restart
The timeout setting is not stored in the non-volatile memory, so if the user changes the timeout value, the new setting is kept if he logs out and then log in again, but is not kept after a restart of the unit (INIT-SYS). After the restart, the values of the timeout are reverted back to the default values (e.g. 15 minutes for RWA users).
Conditions
Occurs for the SET-ATTR-SECUDFLT command if there is a software restart.
Workaround
If the timeout settings are changed from their default values, use the SET-ATTR-SECUDFLT command again after a restart to set the timeout values.
DDTS # CSCdz41745: Alarms/events log file is reset (emptied) after soft or hard reset
The log files of the autonomous messages are not retained if a power cycle or a soft reset (through INIT-SYS) is performed.
Conditions
Occurs if the unit is reset or power cycled.
Workaround
Retrieve the autonomous message log using the RTRV-AO command before resetting or power cycling the unit.
DDTS # CSCdz41689: Date setting unsuccessful if power cycle happens before user logs out
The date/time settings do not take effect if a power cycle happens before the user logs out. Notice that a soft reset (through INIT-SYS) does not have the same impact (after the reset the date and time setting are still kept).
Conditions
Occurs for the ED-DAT command if the unit is power cycled before user log out.
Workaround
If the date or time is edited, the user should log out before power cycling the unit.
DDTS # CSCdx57061: Telnet port 3083 does not require a semicolon after TL1 commands
TL1 commands are sent on the 3083 telnet port when the user hits the enter key - no semicolon is required.
Conditions
This behavior limited to port 3083. Port 3082 correctly requires that a semicolon be used to terminate and send a TL1 command.
Workaround
Commands are correctly sent if the semicolon key is used to terminate the command line.
DDTS # CSCdy63785: Incorrect syntax for RTRV-AO command response
A carriage return and line feed (i.e. a blank line) is missing from RTRV-AO response message, prior to the final " */" before the terminating semicolon.
Conditions
Occurs under all conditions.
Workaround
None. Issue will be resolved in a future software release.
DDTS # CSCdy63840: RTRV-STATUS command should be allowed to any user
Only RWA level users have access to the RTRV-STATUS command.
Conditions
Occurs under all conditions.
Workaround
Log in as a RWA level user to execute the RTRV-STATUS command.
DDTS # CSCdy65043: INH/ALW-MSG-ALL commands should be allowed to any user.
Only RWA and RW level users have access to the INH-MSG-ALL and ALW-MSG-ALL commands.
Conditions
Occurs under all conditions.
Workaround
Log in as a RWA or RW level user to execute the INH-MSG-ALL or ALW-MSG-ALL commands.
DDTS # CSCdy67627: Incorrect filtering implementation for RTRV-ALM-DWDM and RTRV-ALM-COM
The specific parameters used in the stage General Block of the RTRV-ALM-DWDM and RTRV-ALM-COM commands are used as an OR condition instead of an AND condition. For example, after entering RTRV-ALM-DWDM:::123::MN,LOSADD; the response will show alarms of type LOSADD or with severity MN (instead of only those of type LOSADD and with severity MN).
Conditions
Occurs only when more than one parameter is specified in the stage general block.
Workaround
None. Issue will be resolved in a future software release.
DDTS # CSCdy67682: ED-DAT command should be allowed to any user
Only RWA and RW level users have access to the ED-DAT command.
Conditions
Occurs under all conditions.
Workaround
Log in as a RWA or RW level user to execute the ED-DAT command.
DDTS # CSCdx78978: ED-, RTRV-, SET-TH, and RTRV-TH-DWDM take more than two seconds to complete
TL1 commands ED-DWDM, RTRV-DWDM, SET-TH-DWDM, and RTRV-TH-DWDM may sometimes take three to four seconds to complete, without issuing an "in progress" message.
Conditions
Occurs intermittently.
Workaround
None.
DDTS # CSCdy80557: RTRV-DFLT-SECU response message does not display the <aid>
The response message for the RTRV-DFLT-SECU does not include the EQPT <aid>, as per TR-835.
Conditions
Occurs for the RTRV-DFLT-SECU command.
Workaround
None. Issue will be resolved in a future software release.
Resolved Caveats
The following caveat is resolved in Release 2.2.3.
DDTS # CSCee23360: Cisco ONS 15216 OADM Telnet Denial-of-Service Vulnerability
The Cisco ONS 15216 OADM (Optical Add/Drop Multiplexer) contains a vulnerability in the handling of telnet sessions that can cause a denial-of-service condition in the management plane. Traffic going through the Cisco ONS 15216 OADM (i.e. transit traffic), is not affected when the management plane is under a denial-of-service condition. However, clearing the denial-of-service condition on the management plane requires resetting the device, which impacts transit traffic.
More details can be found in the Security Advisory which posted at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20050713-ons.shtml
New Features
This section provides a description of the new features found in ONS 15216, Release 2.2. These are included in the Release 2.2.3 release notes for reference.
New Hardware Features
This section is a high-level overview of the hardware features of ONS 15216, Release 2.2.
One-channel OADM
A one channel OADM is now part of the ONS 15216 product line.
Increased EVOA Accuracy
Improved EVOA accuracy is now 1.04 dB.
New Software Features
This section is a high-level overview of the software features of ONS 15216—Network Release 2.2.
Dual DC Voltage Monitoring
The ONS 15216 OADM now has the capability to individually monitor and alarm the A and B DC voltage feeds.
CALCSETP Function
The addition of the CALCSETP parameter as part of the response to the RTRV-DWDM command provides the user with the ONS 15216's recommended add channel optical power setting based on the optical power of the corresponding drop channel.
Related Documentation
Release-Specific Documents
•
Upgrading the Cisco ONS 15216 OADM Release 2.2.3
Platform-Specific Documents
•
•
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Documentation DVD
Cisco documentation and additional literature are available in a Documentation DVD package, which may have shipped with your product. The Documentation DVD is updated regularly and may be more current than printed documentation. The Documentation DVD package is available as a single unit.
Registered Cisco.com users (Cisco direct customers) can order a Cisco Documentation DVD (product number DOC-DOCDVD=) from the Ordering tool or Cisco Marketplace.
Cisco Ordering tool:
http://www.cisco.com/en/US/partner/ordering/
Cisco Marketplace:
http://www.cisco.com/go/marketplace/
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
•
http://www.cisco.com/en/US/partner/ordering/
•
Documentation Feedback
You can send comments about technical documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Cisco Product Security Overview
Cisco provides a free online Security Vulnerability Policy portal at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
From this site, you can perform these tasks:
•
•
•
A current list of security advisories and notices for Cisco products is available at this URL:
If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:
http://www.cisco.com/en/US/products/products_psirt_rss_feed.html
Reporting Security Problems in Cisco Products
Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a vulnerability in a Cisco product, contact PSIRT:
•
•
Tip
Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one that has the most recent creation date in this public key server list:
http://pgp.mit.edu:11371/pks/lookup?search=psirt%40cisco.com&op=index&exact=on
In an emergency, you can also reach PSIRT by telephone:
•
•
Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.
Cisco Technical Support Website
The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year, at this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Note
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.
Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•
http://www.cisco.com/go/marketplace/
•
•
•
http://www.cisco.com/go/iqmagazine
•
•
http://www.cisco.com/en/US/learning/index.html
This document is to be used in conjunction with the Cisco ONS 15216 100 GHz OADM Operations Guide, Release 2.2.
Copyright © 2005 Cisco Systems, Inc. All rights reserved.
Posted: Sun Apr 2 03:28:19 PDT 2006
All contents are Copyright © 1992--2006 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.
