Table of Contents

Release Notes for Broadband Access Center Release 2.5.1
System Requirements
Software Features Added in Release 2.5.1
Software Features in Release 2.5
New and Changed Information
Limitations and Restrictions
Related Documentation
Obtaining Documentation
Obtaining Technical Assistance
Obtaining Additional Publications and Information

Release Notes for Broadband Access Center Release 2.5.1

October 23, 2003

These release notes are for the Cisco Broadband Access Center (BAC) for Broadband Aggregation Release 2.5.1 software.


These release notes cover the following topics:


Cisco Broadband Access Center (BAC) enables you to provision devices, resources, services, and subscribers easily. You can implement BAC in small to very large scale deployments. The distributed nature of the software supports its deployment in a variety of environments and with a variety of services and technologies.

System Requirements

BAC has the following system requirements:

Hardware and Software Supported

BAC was tested and validated on the hardware, Cisco IOS software, and network cards described in Table 1.

Table 1   Supported Hardware and Cisco IOS Software

Supported Device  Cisco IOS Version and Image File Name  Network Cards 

Cisco 7206 router

12.2(15)B, offers non-SSH, DES, and 3DES security encryption. Use the following Cisco IOS image file:



Cisco 7301 router

12.3(3). For non-SSH security, use the following image file:


For DES and 3DES security encryption, use the following image file:



Cisco 7401 router

12.2(15)B, offers non-SSH, DES, and 3DES security encryption. Use the following image file:



Cisco 10000 router with PRE-1

12.2.(15)BZ1. For non-SSH security, use the following image file:


12.2.15BZ. For DES and 3DES security encryption, use the following image file:


Note Downloading these files requires a special link to CCO. Contact your Cisco account representative.


Cisco 10000 router with PRE-2

12.2(16)BX1, offers non-SSH security. Use the following image file:



BAC integrates with the network servers described in Table 2, although these servers are not bundled with BAC.

Table 2   Supported Network Servers

Server Hardware Platform Software Version

Cisco CNS Access Registrar (RADIUS server)

Netra compatible with Solaris 8

3.0 r2

Interlink Merit (RADIUS server)

Netra compatible with Solaris 8


Cisco CNS Network Registrar (DHCP and DNS server)

Ultra compatible with Solaris 8


Cisco CNS Notification Engine

Netra compatible with Solaris 8

3.0 r5

Software Features Added in Release 2.5.1

This section describes the new software features in Broadband Access Center 2.5.1 and in a previous early deployment release of the software.

Software Features in Release 2.5

This section lists the features provided in Broadband Access Center for Broadband Aggregation Release 2.5:


The procedure for installing BAC is documented in the Broadband Access Center Installation and Configuration Guide. This section describes the following circumstances:

Enabling HTTP Downloads

To enable HTTP download using the CNS agent, follow these steps:

Step 1   Create a new Configuration Engine server in BAC and set its CDM index as follows:

    a. From the Network Services tab Object Selector, select the Config Engine folder.

    b. Click Create. The system displays the Select Owners page in the content area of the main window.

    c. Click Next. The system displays the Configuration Engine page in the contents area of the main window.

    d. Set the CDM Index field to IE2100_1.

Note    For more information about creating a Configuration Engine server, see the Broadband Access Center for Broadband Aggregation User Guide.

Step 2   Associate the device with the Configuration Engine server:

    a. From the Network tab Object Selector, select the network to which the device belongs.

    b. In the subtask bar, click Device Management.

    c. Click Edit. The system displays the Device properties page in the main window.

    d. Click Next four times to go to the Assign System Resources page.

    e. Uncheck the setting for the Cisco Config Registrar field.

    f. Select the Configuration Engine server you just created.

Step 3   Verify that the router has enabled the CNS agent. The following example illustrates how the configuration of the router might appear:

Config t
Cns config partial
Cns id FastEthernet0/0/0 ipaddress event
Cns event keepalive 240 5

Note    In this example, the management IP interface is Fast Ethernet, but it might be Gigabit Ethernet or another interface type; and the example IP address that is used is for the Configuration Engine server.

Extracting the Installation Script Notes

If you are using the Cisco e-kit, you need to extract the installation script as follows:

Step 1   At the UNIX prompt, enter:


The system displays the following message:

This is the
"Broadband Access Center for VOIP, DSL, T1 and Broadband Aggregation v2.5"
Software Distribution unpacking utility.

The fully expanded installer and tar archive will require: 825000KB.

The script checks to see if you have sufficient space for the expanded installer and tar archive.

Step 2   Follow the instructions that the script provides, as shown in this example:

To unpack the distribution later, or in a different directory,
enter <CTRL C> now.

Use the following command sequence to unpack the distribution manually.

cd /where_you have_enough_space
/where_this_kit_is/BACBA_25/.gtar -xzvf /where_this_kit_is/BACBA_25/BACBA_25_Solaris gtar.gz

Otherwise, the "BACBA_25" software distribution will be unpacked in 15 seconds.

Unpacking the BACBA_25 electronic software distribution...

The unpacking operation was successful.

The product may now be installed...

Step 3   Enter the installation path for the product; for example:


Note    If you are installing from CDROM, the product path is /cdrom/cdrom0/Solaris.

Step 4   Refer to the Broadband Access Center Installation and Configuration Guide for the installation procedure.

Web Server Notes

When you install the BAC server, you are also installing a Web server. The Web server starts automatically when you run ./bacStartup all. Before you can access the Web UI, however, if you have installed the Java Virtual Machine, you might need to reconfigure Internet Explorer as follows:

Step 1   Open Internet Explorer.

Step 2   From the Tools menu, select Internet Options. The browser displays the Internet Options dialog box.

Step 3   Click Advanced. The browser displays a list of advanced settings.

Step 4   Scroll through the list to determine if this setting is checked:

Java (Sun): Use Java <some version number> for <applet> (requires restart)

Step 5   If it is checked, then click to disable this setting.

Step 6   Click Apply and OK.

Step 7   Close Internet Explorer and then re-open it.

Step 8   To access the Web UI, in the Address field of the browser enter the URL for BAC; for example, enter the following:

http:// <web_servername>:8888/bac

New and Changed Information

The following section describes the new and changed information that you need to take advantage of the BAC 2.5.1 release. It describes the following:

Upload Utility

The upload utility (a script called runclient) enables you to convert Cisco IOS configuration files to BAC service features, which are then stored in the BAC database. Initial upload enables you to convert the configuration files on devices that you provisioned before deploying BAC.

Note   You can upload files using Telnet or HTTP. If you choose Telnet, make sure that the running configuration file on the router contains the following global configuration command:

ip http server

This is required due to an internal implementation of Telnet and HTTP. Choosing the no form of this command would disable both Telnet and HTTP.

Running the Upload Utility

To run the runclient utility, follow these steps:

Step 1   Change to the following directory:

cd /opt/CSCObacss/spm/scripts

Step 2   To run the utility, use the following command syntax:

./runclient BACAdmin password [hostname] {/path/XML_filename>}

For example:

>./runclient BACAdmin cisco XMLuploadfile

Example Upload File

The following examples illustrate how to write an XML file to perform an upload. For information on the upload document type definition (DTD), see the "Upload DTD" section.

Example 1   Upload XML File
     <description> upload request </description>
     <targetInfoList CType="Vector">
         <TargetInfo >
             <connectInfo CType="ConnectInfo">

Upload DTD

The upload DTD defines the structure and elements that you can use when you create an upload XML file. The upload DTD is as follows:

<?xml version="1.0" encoding="UTF-8"?>
<!-- edited with XMLSPY v5 rel. 4 U ( by john win (abc) -->
<!--DTD generated by XMLSPY v5 rel. 4 U (>
<!ELEMENT TargetInfo (targetId, sendEvent, connectInfo)>
<!ELEMENT Upload (requestId, description, targetInfoList)>
<!ELEMENT cdmIndex (#PCDATA)>
<!ELEMENT configEngineInfo (cdmIndex, ip)>
<!ATTLIST configEngineInfo
<!ELEMENT connectInfo (source, method, isTransient, configEngineInfo, loginInfo)>
<!ATTLIST connectInfo
<!ELEMENT consolePort (#PCDATA)>
<!ELEMENT consoleUserName (#PCDATA)>
<!ELEMENT description (#PCDATA)>
<!ELEMENT enablePassword (#PCDATA)>
<!ELEMENT enableUserName (#PCDATA)>
<!ELEMENT isTransient (#PCDATA)>
<!ELEMENT loginInfo (deviceIP, termServerUserName, termServerPortUserName, termServerPortPassword, termServerSecretUserName, termServerSecretPassword, consolePort, consoleUserName, userName, password, enableUserName, enablePassword, promptTimeout, operationTimeout)>
<!ATTLIST loginInfo
<!ELEMENT method (#PCDATA)>
<!ELEMENT operationTimeout (#PCDATA)>
<!ELEMENT password (#PCDATA)>
<!ELEMENT promptTimeout (#PCDATA)>
<!ELEMENT requestId (#PCDATA)>
<!ELEMENT sendEvent (#PCDATA)>
<!ELEMENT source (#PCDATA)>
<!ELEMENT targetId (#PCDATA)>
<!ELEMENT targetInfoList (TargetInfo)>
<!ATTLIST targetInfoList
<!ELEMENT termServerPortPassword (#PCDATA)>
<!ELEMENT termServerPortUserName (#PCDATA)>
<!ELEMENT termServerSecretPassword (#PCDATA)>
<!ELEMENT termServerSecretUserName (#PCDATA)>
<!ELEMENT termServerUserName (#PCDATA)>
<!ELEMENT userName (#PCDATA)>


BAC produces summary and detailed upload reports. These are located in the following directory:


Summary reports provide the following information:

Detailed reports provide the following additional information:

Error Handling

Detailed upload reports contain a section that lists errors. The status code and the status message fields in that section indicate what went wrong.

Error messages often fall into one of these categories:

The following examples show how to correct these errors.

Upload Configuration Errors

The synchronization operation first uploads the configuration file from the device. This operation has failed. If you are using HTTP as the upload method, verify that the CNS agent is configured on the router, that the CDM Index is properly set on the Configuration Engine server.2 and the router is associated with the correct Configuration Engine server. For more information, see "Enabling HTTP Downloads" section.

Service Feature Errors

The Basic service feature is a prerequisite for all other service features because it defines basic configuration parameters, for example, the type of authentication that the device uses. Other dependencies also exist with some service features. The following two error messages illustrate the dependency requirement.

Error Message   1514, Can't delete service feature type [VirtualTemplate] Because the existing service feature types [VCClass] need service

In this example, a user has deleted a virtual template configuration from the router, leaving behind the configuration for a VCClass that uses the template. BAC will not permit this operation. To correct this error, either restore the virtual template configuration on the router or delete the VCClass as well. Then, run synchronization again.

This can happen to any service feature. Follow similar steps to correct the error.

Error Message   1514, Service feature type [SinglePVC] needs the service feature type [Basic]. You must add all service feature types { Basic } that [SinglePVC] depends on before adding it.

In this example, the device just has a SinglePVC configured, but BAC requires the Basic service feature. To correct this error, add to the router the configuration information corresponding to the Basic service feature. Then, run synchronization again.

This can happen to other service features where there is a dependency between them.

Error Message   60198, Validation failed: Error message Objects of the given System_virtual_template_no does not exist.

This example assumes that you are trying to synchronize a VCClass service feature. As per the validation XML in /opt/CSCObacss/common/XMLProperties/TemplateFeature/TfVCClass.xml, System_virtual_template_no is a mandatory variable and should be a valid value; that is the virtual template should already be existing on that device. Add the virtual template configuration to the device. Then, run synchronization again.

Insufficient Parameters Errors

Sometimes a variable that BAC requires is missing from the router configuration. The following two examples illustrate this scenario.

Error Message   60127, Validation failed: Requiremenet is (System_vc_class_name is mandatory), input value is (null). (Category 3)

In this example, assume that you are synchronizing a SinglePVC service feature. As per the validation XML, BAC requires the virtual connection class name for the SinglePVC service feature, but it is missing from the device configuration. Add this variable to the device configuration. Then, run synchronization again.

Error Message   9999, {-1=Unable to find value for variable: System_authentication_timeout}

In this example, assume that you are synchronizing a Virtual Template service feature. As per the template, the System_authentication_timeout is a mandatory variable, but it is missing from the device configuration. Add this to virtual template configuration on the device, Then, run synchronization again.

This might happen if you have made changes to the device using the command line, and those changes do not match the BAC template.

Log Viewer

The BAC 2.5.1 release supports Log Viewer. This tool enables you to view an audit trail of BAC activity, including the software component affected and who initiated the activity.

Log Viewer support several categories of audit information:

To read log messages, follow these steps:

Step 1   Click the Tools tab. The system displays the tools page in the content area of the main window.

Step 2   In the subtask bar, click Log Viewer. The system displays the Log Viewer page in the main window.

Step 3   To view a log message, click View Message.

Step 4   To change the sort order of the log, click the column header you would like to use to sort the file.

Step 5   To filter the log messages, click Filter. The system displays the Filter Criteria dialog box.

Step 6   Set your filter criteria.

Step 7   Click OK.

Saving Device Provisioning Information

BAC 2.5.1 provides an XML file that enables you to save device provisioning information that you create using BAC to the NVRAM on the device. This means that you have a backup configuration file on the router in case of failure.

The XML file is as follows:

<description> upload-transient request </description>
<targetInfoList CType="Vector">
<TargetInfo >
    <cli>write mem</cli>
    <connectInfo CType="ConnectInfo">
        <configEngineInfo CType="ConfigEngineInfo">
        <loginInfo CType="LoginInfo">

Documentation Corrections

The information about how to change the default password is correctly presented in the Broadband Access Center for Broadband Aggregation Installation and Configuration Guide.

Limitations and Restrictions

The following are limitations and restrictions with BAC:

>cd /opt/CSCObacss/scripts 
./interfaceDiscovery parentFDN deviceRDN 

In the following example, a router encounters a duplicate VLAN ID and generates the following message:

"%Configureation of multiple subinterfaces of the same main interface with the same VID (xx) is not permitted.
This VID is already configured on interface FastEthernet0/0.xx"

BAC receives this as a warning and treats the operation as a success, but the VLAN ID was not configured on the router. Thus, the operation failed. To fix the problem, update the keyword in the /opt/CSCObacss/common/IOSParser.config file. In the VLAN ID example, the update would appear as follows:

TG_ERROR_MESSAGE_EXPRESSION=Inconsistent address and mask
TG_ERROR_MESSAGE_EXPRESSION=Invalid access list name
TG_ERROR_MESSAGE_EXPRESSION=VID is already configured ---> define keyword treated it as failure!!

Small Deployments Startup Order

    a. Oracle

    b. CNS Access Registrar (Must have Oracle running.)

    c. CNS Configuration Engine (rvrd started here)

    d. BAC (Must have Oracle and Configuration Engine running.)

    e. CNS Notification Engine (Must have Oracle, CNS CE, and BAC running.)

    f. CIC (Must have CNS Configuration Engine running.)

    g. CNS Performance Engine (Must have Configuration Engine running.)

Small Deployment Shutdown Order

    a. CNS Performance Engine

    b. CNS Notification Engine (Must shutdown before Oracle and BAC.)

    c. CIC

    d. BAC (Must shutdown before Oracle.)

    e. CNS Access Registrar (Must shutdown before Oracle.)

    f. Oracle

    g. CNS Configuration Engine

BAC steps for adding auto reboot to Solaris installations

    a. Change to root user.

    b. Change to the /etc/init.d directory.

    c. Create a BAC file in the directory and add the following:

# Startup and shutdown BAC Server as BAC User
case "$1" in
if [ ! -f $BAC_HOME/scripts/bacStartUp ]
echo "BAC: Cannot startup due to missing script."
# Startup script present. Start BAC as BAC user.
su - $BAC_USER -c "$BAC_HOME/scripts/bacStartUp all"
if [ ! -f $BAC_HOME/scripts/bacShutDown ]
echo "BAC: Cannot shutdown due to missing script."
case "$1" in
if [ ! -f $BAC_HOME/scripts/bacStartUp ]
echo "BAC: Cannot startup due to missing script."
"BAC: Cannot shutdown due to missing script."
# Shutdown script present. Shutdown BAC as BAC user.
su - $BAC_USER -c "$BAC_HOME/scripts/bacShutDown all"

    d. Link the "bac" file to the correct shutdown level and order, i.e. "ln -s /etc/init.d/bac /etc/rc0.d/K04bac".

    e. Link the "bac" file to the correct startup level and order.

The VcSystemProperties.xml file affects the following:

The VcSupportedDeviceList.xml file contains all information related to device creation. The model list field and subtype field obtain their values from this file. This file also determines whether a device supports SSH or discovery.

To refresh servers, follow these steps:

Step 1   Click the Tools tab. The tools page displays in the content area of the main window.

Step 2   Click Refresh Servers.


CSCdx59874—The BAC API does not support implementing multiple instances of network address translation (NAT) on the same interfaces, whether they are inside or outside interfaces. While you can add multiple NATs (with different names and ranges) to an interface, you cannot remove them.

The workaround for this situation is to do one of the following:

CSCdx63539—If you download a configuration to a router that contains an incorrect ATM subinterface, then the download configuration pattern through Telnet is wrong. Ultimately, Telnet times out, returning a message that it could not connect to the router.

CSCdy09364—A problem occurs if different roles share the same virtual private dial-up network (VPDN) template. For the PTA-PPPoEoA, PTA-PPPoEoE and PTA-PPPoEoVLAN roles, you can select IPPool or DHCP. For the LAC-PPPoEoA, LAC-PPPoEoE, LAC-PPPoEoVLAN roles, these features are not available, but are still displayed. The same problem exists when you add a virtual template service feature.

You can have only one VPDN on a router regardless of the number roles that you add. Since the router can act as either a PTA or a LAC, VPDN prompts the user to select one of three options:

1) Local Pool
3) None

You should carefully plan the number of roles you add to a router. For example, you might start with LAC-PPPoEoA. When you create the VPDN, you do not need to provide an IP address. However, you can still select either local pool or DHCP because the IP address might be required later for PTA.

CSCdy19994—When you select the console method of downloading device configuration, the Service Provisioning Manager component of the BAC software clears the console port before performing the download. When you log in to the router, the console displays a considerable amount of garbage characters before displaying the new running configuration.

This is most likely to occur when your terminal server is configured for modem callout. To turn off modem callout, do the following:

Step 1   Establish a Telnet session to the terminal server.

Step 2   At the command line, enter the following:

config t
line 1 16 ---> all available ports
no modem callout
no model ri
no exec
wr mem

CSCdy20943—The Service Provisioning Manager (SPM) component of BAC rolls back download transactions when either the router returns an error or the IE2100 syntax checker returns an error. This is due to a limitation of the CNS Agent, which cannot distinguish between an IE2100 syntax error and a router error.

CSCdy40442—When you attempt to provision a VLAN range using HTTP or Telnet, Cisco IOS reports an error. The other download methods operate properly.

CSCdy72787—To use SSH security to communicate with a router, make sure that, when you add the device using the BAC Web UI, the hostname you enter matches the hostname of an SSH-enabled router. SSH uses the hostname to generate an encryption key. If the hostnames do not match, SSH will not authenticate transmissions to the router.

CSCdy88590—The BAC Web UI has a paging feature that enables you to choose whether to display 10 or 20 records at time. You can also pick the column of data BAC uses to sort these records for display. When you choose the column of data that you want to use for the sort, BAC displays it in alphanumeric order; for example:


CSCdz40721—When you are configuring quality of service (QoS), BAC checks the following dependencies:

The BACAdmin user can assign different ISPs to each of these resources. For example, the policy map might be associated with ISP1 and the service might be associated with ISP2. If a user belonging to a group at ISP2 logs in, the policy map field for the service is empty. To avoid this situation, make sure that the same ISP is associated with the service, policy map, class map, and access list.

CSCea01239—In some instances, the BAC Web UI provides default values that are not valid for all device types. For example, the default value for QoS Rate is not valid for all device types. You may encounter a download error if the QoS rate is out of range for a particular device. Review the QoS rate ranges for your routers.

CSCea34430—In multiple user environments, be aware that the ISC Template Manager component of BAC does not provide a locking mechanism. Thus, it is possible for one user to inadverently overwrite the work of another user. Use caution when modifying templates in such environments.

CSCea39869—If you intend to uninstall BAC and then reinstall the software, use the same username and password to perform each operation. If you use a different username and password for the reinstallation, the ISC Template Manager component of BAC generates error messages.

CSCea66254—When you first run bacStartUp and then call IE2100 setup, you might encounter the following message:

Commit changes (y/n): y
unable to load 'random state'
This means that the random number generator has not been seeded
with much random data.
Consider setting the RANDFILE environment variable to point at a file that
'random' data can be kept in (the file will be overwritten).
25818:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:m
d_rand.c:501:You need to read the OpenSSL FAQ,
Following command failed: see /var/log/appliance-setup.log for details
system failed: 256 exit_value  = 1 signal_num  = 0 dumped_core = 0 
do_plutoSupport ...
Shutdown servers ...
/etc/init.d/tibcorvd stop
Configure IMGW ...
Configure DCL ...


You can ignore this message.

CSCea65867—If you create a device using the BAC northbound API, BAC does not validate the useSSH variable. Set the useSSH variable to true if device is created using NBAPI even if the property file sets supportsSSH to false.

CSCea79133—If you configure a broadband aggregator with the AAA authentication set to local and then provision a subscriber, the subscriber's username and password is not configured on the router during the provisioning process. To authenticate the subscriber's CPE in this configuration, you need to manually add the subscriber's username and password to the router.

CSCea80432—When you create a service under the Network Services tab, the Session-Timeout and Idle-Timeout fields are mandatory fields. These settings are associated with a subscriber when the service profile is connected to the service and saved in the AAA server. When the subscriber's CPE is brought up, these two settings are sent by the RADIUS server to the aggregator and used to set the session and idle timeout for the subscriber. You can see these settings on the aggregator by entering: >show caller timeouts.

The workaround for this situation is as follows:

Step 1   Open the following file in a text editor:


Step 2   Find the Session and Idle Timeout areas which are as follows:

<namelessness-Timeout</name>" and "<displayName>Idle- Timeout</displayName>"

Step 3   Change the surrounding <IntegerField> and </IntegerField> tags to <TextField> and </TextField>, respectively.

Step 4   Save the file.

Step 5   Create a service under the Network Services and make the Session-Timeout and Idle-Timeout fields empty.

Step 6   Save the service profile.

Step 7   Provision the subscriber's service profile so it is associated with the service profile you just created.

CSCea82309—The Cisco IOS image, 12.2(15)BZ, that BAC requires for the Cisco 10000 series router does not support RPR+ mode from the router console. This means that you cannot perform simultaneous configurations on the PRE-2.

CSCea84238—If you login as an intermediate operator and then delete the LACPPPOA service feature, the Web UI behaves inconsistently. The first time that you select all service features, the Web UI grays out SinglePVCoA and PVCRangeoA. If you uncheck the select all box and then select all again, BAC enables you to select SinglePVCoA and PVCRangeoA. The backend software, however, performs a dependency check and generates an error message.

CSCea86069—If you intend to install BAC using the silent option, before you run the installation make sure the window is allowed to setup connections to the X server. Otherwise, the installation process exits, and you cannot bring up servers when you run the bacStartUp initial command. To avoid the problem, simply run the xhost + command.

CSCea86868—BAC does not validate the type of RADIUS servers that you add to a RADIUS group. For example you can add radius1, which might be an Access Registrar server, and radius2, an Interlink Merit server, to the same group. For load balancing purposes, this mixing of servers is unlikely. Make sure all RADIUS servers in a RADIUS group are of the same type.

CSCeb73930—The BAC installation script is case sensitive. This can cause a problem with the Oracle database when you enter the server id (SID). Enter the Oracle SID as it appears in the oracle configuration file.

CSCec01988—If you delete a policy map, BAC does not check to see if a virtual template service feature still uses the policy map. BAC does not generate an error message until you try to delete the last policy map associated with the virtual template service feature. The workaround is to delete all service features before you delete the policy. The dependency between service profiles and service features is documented in Chapter 7, "Provisioning Broadband Aggregators" of the Cisco Broadband Access Center for Broadband Aggregation User Guide.

CSCec05694—Before you create a class map, make sure to create an access list for it. BAC does not check to see if the access list that you specify when you create a class map already exists. If the access list does not exist, BAC generates an error message when you later provision a policy map.

CSCec14541—A synchronization operation involving an administrative network with multiple devices might fail when an ATM interfaces incorrectly references the vc-class of another device.

CSCec38931—The CNS agent on the Cisco 7301 router does not include error line number information in the <error-message> tag. The error line information is included in the <line-number> tag. For example, if a provisioning request fails, the following error message is generated:


To work around this situation and to determine at which CLI line the provisioning failed, follow these steps:

Step 1   At the command line, change to the following directory:

cd /opt/CSCOcnsie/tools

Step 2   Make the provisioning request, and enter the following command:

> ./"cns-listen "cisco.mgmt.cns.>"  

If an error occurred, the error line is reported in the <line-number> tag.

CSCec39363—If a BAC server has a local copy of Cisco CNS Access Registrar installed, but /cisco-ar is not created and soft-linked to the actual Access Registrar path, the Add Radius Service feature fails. This is because /opt/CSCObacss/sam/bin is soft-linked to /cisco-ar/bin. To work around this problem, manually create the symbolic link /cisco-ar.

CSCec49730—The BAC installation script erroneously displays the following prompt and error message:

Please enter the full path name of the primitive map file:

You entered an empty file name. You must update the SPM map file (/opt/bac_install/CSCObacss/spm/config/task_mgr/config/primitive_register/JACL/SPM) manually."

The current version of BAC does not use this module, so you can ignore this message.

CSCec52024—If you are unprovisioning a device, you might encounter the following situation: You successfully unprovision a Service role (for example, PTAPPPoA), and its associated service features, but BAC still displays the device has having a role. Consider the following scenario:

Step 1   Unprovision subscribers on the device.

Step 2   Go to Device Management to unprovision the service role and all associated service features.

Step 3   On the Unprovisioning page, click Config Preview.

Step 4   Without waiting for BAC to display the complete configuration, click Next and Unprovision. BAC displays the following error message:

Elements required for provisioning/unprovisioning are currently locked by another requrest.

Step 5   Click Back and allow BAC to display the complete configuration.

Step 6   Click Next again and unprovision successfully. Notice that in the Device Management window, however, that the device is listed as Unprovisioned, but it has a Service role (for example, PTAPPPoA). Notice also that if you click View Service, under the PTAPPPoA role, BAC displays a SinglePVCoASF but with no rows.

Related Documentation

The BAC documentation consists of the following:

Obtaining Documentation

Cisco provides several ways to obtain documentation, technical assistance, and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

You can access the most current Cisco documentation on the World Wide Web at this URL:

You can access the Cisco website at this URL:

International Cisco websites can be accessed from this URL:

Documentation CD-ROM

Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which may have shipped with your product. The Documentation CD-ROM is updated regularly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual or quarterly subscription.

Registered users can order a single Documentation CD-ROM (product number DOC-CONDOCCD=) through the Cisco Ordering tool:

All users can order annual or quarterly subscriptions through the online Subscription Store:

Ordering Documentation

You can find instructions for ordering documentation at this URL:

You can order Cisco documentation in these ways:

Documentation Feedback

You can submit comments electronically on On the Cisco Documentation home page, click Feedback at the top of the page.

You can send your comments in e-mail to

You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, the Cisco Technical Assistance Center (TAC) provides 24-hour, award-winning technical support services, online and over the phone. features the Cisco TAC website as an online starting point for technical assistance.

Cisco TAC Website

The Cisco TAC website ( ) provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The Cisco TAC website is available 24 hours a day, 365 days a year.

Accessing all the tools on the Cisco TAC website requires a user ID and password. If you have a valid service contract but do not have a login ID or password, register at this URL:

Opening a TAC Case

The online TAC Case Open Tool ( ) is the fastest way to open P3 and P4 cases. (Your network is minimally impaired or you require product information). After you describe your situation, the TAC Case Open Tool automatically recommends resources for an immediate solution. If your issue is not resolved using these recommendations, your case will be assigned to a Cisco TAC engineer.

For P1 or P2 cases (your production network is down or severely degraded) or if you do not have Internet access, contact Cisco TAC by telephone. Cisco TAC engineers are assigned immediately to P1 and P2 cases to help keep your business operations running smoothly.

To open a case by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447

For a complete listing of Cisco TAC contacts, go to this URL:

TAC Case Priority Definitions

To ensure that all cases are reported in a standard format, Cisco has established case priority definitions.

Priority 1 (P1)—Your network is "down" or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Priority 2 (P2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Priority 3 (P3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Priority 4 (P4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

Copyright © 2003 Cisco Systems, Inc. All rights reserved.

Printed in the USA on recycled paper containing 10% postconsumer waste.

Posted: Fri Nov 14 12:01:22 PST 2003
All contents are Copyright © 1992--2003 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.