|
|
These release notes for Cisco AS5300 series universal access servers support Cisco IOS Release 12.0 XI, up to and including Release 12.0(4)XI. These release notes are updated as needed to describe new features, memory requirements, hardware support, software platform deferrals, and changes to the microcode or modem code and related documents.
For a list of the software caveats that apply to Release 12.0(4)XI, see the "Caveats" section and . The caveats document is updated for every maintenance release and is located on Cisco Connection Online (CCO) and the Documentation CD-ROM.
Use these release notes with Cross-Platform Release Notes for Cisco IOS Release on CCO and the Documentation CD-ROM.
These release notes cover the following topics:
This section contains information about the Cisco AS5300 series universal access servers and Early Deployment (ED) releases for the Cisco AS5300.
The Cisco AS5300 series universal access servers are versatile data communications platforms. Each Cisco AS5300 provides the function of an access server, a router, and a bank of digital modems in a single modular chassis. The access server is intended for Internet service providers (ISPs), telecommunications carriers, and other service providers that offer managed Internet connections, in addition to medium to large sites that provide both digital and analog access to users on an enterprise network. By terminating both analog and digital calls on the same chassis simultaneously, the access server provides a clear, simple, and easy migration path from analog dial-access services to digital dial-access services.
For information on new features and Cisco IOS commands supported by Release 12.0 XI, refer to the "New and Changed Information" section and the "Related Documentation" section.
These release notes describe only Release 12.0(4)XI for Cisco AS5300 series universal access servers and do not describe features that are available in Release 12.0 or other Release 12.0 Early Deployment (ED) releases. Release 12.0 XI is an Early Deployment (ED) release based on Release 12.0 and announces fixes to software caveats and support for new Cisco hardware.
For information about features in Release 12.0, see Cross-Platform Release Notes for Cisco IOS Release 12.0 on CCO and the Documentation CD-ROM.
For information about features in other ED releases, see Table 1.
For information about features in other platforms, see Release Notes for Cisco IOS Release 12.0 on CCO and the Documentation CD-ROM.
| ED Release | Maintenance Release | Additional Software Features | Additional Hardware Features | Availability |
|---|---|---|---|---|
This section describes the system requirements for Release 12.0(4)XI:
Table 2 describes the memory requirements of the Cisco IOS feature sets for the Cisco AS5300 series universal access servers for Release 12.0(4)XI.
Cisco IOS Release 12.0(4)XI supports the Cisco AS5300 series universal access servers. Table 3 lists the interface and modem cards supported by the Cisco AS5300.
| Interface Cards | Modem Cards |
|---|---|
To determine the version of Cisco IOS software running on your Cisco AS5300, log in to the access server and enter the show version EXEC command.
For information on upgrading to a new software release, see the product bulletin Cisco IOS Software Release 12.0 T Upgrade Paths and Packaging Simplification (#819: 1/99) on CCO at:
Service & Support: Product Bulletins: Software
Under Cisco IOS 12.0, click Cisco IOS Software Release 12.0 T Upgrade (#819: 1/99).
Modem code is either stored in Flash memory or bundled in the Cisco IOS software image. Bundling eliminates the need to store separate modem code images. When the Cisco AS5300 starts, the system software unpacks the modem software bundle and loads the proper code on the modem cards.
The show modem mapping command lists all versions of modem code running on the modem modules, residing in system Flash, and bundled with Cisco IOS software. Enter the show modem mapping command to determine if you need to update your modem code files.
Note You could have received a later version of modem code than the one bundled with the Cisco IOS software. The modem code in Flash memory is mapped to the modems. Unless you fully understand how Cisco IOS software uses modem code, it is important to keep the factory configuration.
The modem code release notes are on CCO and the Documentation CD-ROM:
You can reach the release notes on CCO at:
Service & Support: Documentation Home Page: Access Servers and Access Routers: Access Servers: Cisco AS5300: Modem Information: Firmware/Portware Release Notes
You can reach the release notes on the Documentation CD-ROM at:
Cisco Product Documentation: Access Servers and Access Routers: Access Servers: Cisco AS5300: Modem Information: Firmware/Portware Release Notes
Note If you have a CCO account, you can reach the Cisco AS5300 Series Software Upgrade Planner, which contains information about the specific releases that support different firmware and portware versions. From CCO, log in and click this path: Service and Support: Software Center: Access Products: AS5300 Series
The Cisco IOS software is packaged in feature sets consisting of software images—depending on the platform. Each feature set contains a specific set of Cisco IOS features.
Release 12.0 XI supports the same feature sets as Release 12.0(4)T, but Release 12.0(4)XI can include new features supported by the Cisco AS5300 series universal access servers.
lists the features and feature sets supported by the Cisco IOS Release 12.0(4)XI for the Cisco AS5300 series universal access servers. This tables uses the following conventions to identify features:
Note This feature set table only contains a selected list of features. This table is not cumulative— nor does it list all the features in each image.
| 1This image is not available in Release 12.0(1)T. It is available in Release 12.0(2)T and later 12.0 T releases.
2This image is not available in Release 12.0(1)T. It is available in Release 12.0(2)T and later 12.0 T releases. 3E1 R2 country support requires specific versions of Mica portware. For details, see the Mica portware release notes, which are available on CCO in the Software Center. Note that country support varies with the portware release level, and the release notes provide a list of countries. 4E1 R1 signaling support for Taiwan requires MICA portware version 2.3.1.0. |
The following sections list the new hardware and software features supported by the Cisco AS5300 series universal access servers in Cisco IOS Release 12.0 XI.
The following software features are supported by the Cisco AS5300 series universal access servers for Release 12.0(4)XI.
The Resource Pool Manager differentiates wholesale dial customers by using configurable Customer Profiles that are based on the dialed number (DNIS) and Call Type determined at the time of an incoming call or by Domain Name after the call is answered. Each configured Customer Profile will include a maximum allowed session value and an overflow value. As sessions are started and ended in the NAS, session counters for each Customer Profile are incremented and decrements in the NAS. Based upon service-level agreements, customers will be given the appropriate call treatment when the session limit is reached.
The following sections contain important notes about Cisco IOS Release 12.0 that might apply to the Cisco AS5300.
Certain versions of Cisco IOS software can fail when they receive invalid User Datagram Protocol (UDP) packets sent to their syslog ports (port 514). At least one commonly used Internet scanning tool generates packets that cause such problems. This fact has been published on public Internet mailing lists, which are widely read both by security professionals and by security crackers. This information should be considered in the public domain.
Attackers can cause Cisco IOS devices to repeatedly fail and reload, resulting in a completely disabled Cisco IOS device that needs to be reconfigured by its administrator. Some Cisco IOS devices can hang instead of failing when attacked. These devices do not recover until they are manually restarted by reset or power cycling. An administrator must visit the device to restart it, even if the attacker is no longer actively sending any traffic. Some devices have failed without providing stack traces; some devices indicate that they were "restarted by power-on," even when that was not the case.
Assume that any potential attacker knows the existence of this problem and the ways to exploit it. An attacker can use tools available to the public on the Internet and does not need to write any software to exploit the vulnerability. Minimal skill is required and no special equipment is required.
Despite Cisco specifically inviting such reports, Cisco has received no actual reports of malicious exploitation of this problem.
This vulnerability notice was posted on Cisco's World Wide Web site:
http://www.cisco.com/warp/public/770/iossyslog-pub.shtml
This information was also sent to the following e-mail and USENET news recipients:
Table 6 describes hardware and software that are affected by this problem. Affected versions include Releases 11.3 AA, 11.3 DB, and all 12.0 versions (including 12.0 mainline, 12.0 S, 12.0 T, and any other regular released version whose number starts with 12.0), up to the repaired releases listed in Table 6. Cisco is correcting the problem in certain special releases, will correct it in future maintenance and interim releases, and intends to provide fixes for all affected IOS variants. See Table 6, Affected and Repaired Software Versions for details.
No particular configuration is needed to make a Cisco IOS device vulnerable. It is possible to filter out attack traffic by using access lists. See the "Workarounds" section for techniques. However, except at Internet firewalls, the appropriate filters are not common in customer configurations. Carefully evaluate your configuration before assuming that any filtering you have protects you against this attack.
The most commonly used or asked-about products are listed below. If you are unsure whether your device is running Cisco IOS software, log in to the device and enter the show version command. Cisco IOS software will identify itself simply as "IOS" or "Internetwork Operating System Software." Other Cisco devices do not have the show version command and identify themselves differently in their output. The most common Cisco devices that run Cisco IOS software include the following:
Affected software versions, which are relatively new, are not necessarily available on every device listed above. If you are not running Cisco IOS software, you are not affected by this problem.
The following Cisco devices are not affected:
This vulnerability has been assigned Cisco bug ID CSCdk77426.
Cisco offers free software updates to correct this vulnerability for all affected customers—regardless of their contract status. However, because this vulnerability information has been disseminated by third parties, Cisco has released this notice before updates are available for all software versions. Table 6 gives Cisco's projected fix dates.
Make sure that your hardware has adequate RAM to support the new software before installing it. The amount of RAM is seldom a problem when you upgrade within a major release, for example, from 11.2[11]P to 11.2[17]P, but it is often a factor when you upgrade between major releases, for example, from 11.2 P to 11.3 T.
Because fixes will be available for all affected releases, this vulnerability will rarely, if ever, require you to upgrade to a new major release. Cisco recommends that you carefully plan for any upgrade between major releases. Make certain no known bugs will prevent the new software from working properly in your environment.
Further upgrade planning assistance is available on Cisco's World Wide Web site at:
If you have service contracts, you can obtain new software through your regular update channels (generally through Cisco's World Wide Web site). You can upgrade to any software release, but you must remain within the boundaries of the feature sets you have purchased.
If you do not have service contracts, you can upgrade to only obtain the bug fixes; free upgrades are restricted to the minimum upgrade required to resolve the defects. You can only upgrade to the software described in one row of Table 6—except when no upgrade within the same row is available in a timely manner.
Obtain updates by contacting one of the following Cisco Technical Assistance Centers (TACs):
Give the URL of this notice (http://www.cisco.com/warp/public/770/iossyslog-pub.shtml) as evidence for a free update. Customers with no contracts must request for free updates through the TAC. For software updates, please do not contact either "psirt@cisco.com" or "security-alert@cisco.com.
You can work around this vulnerability by preventing any affected Cisco IOS device from receiving or processing UDP datagrams addressed to port 514. You can do this by either using packet filtering on surrounding devices, or by using input access list filtering on the affected IOS device itself.
If you use an input access list, apply it to all interfaces to which attackers can send datagrams. Interfaces include not only physical LAN and WAN interfaces but also virtual subinterfaces of those physical interfaces—as well as virtual interfaces and interface templates corresponding to GRE, L2TP, L2F, and other tunneling protocols.
The input access list must block traffic destined for UDP port 514 at any of the Cisco IOS device's own IP addresses—as well as at any broadcast or multicast addresses on which the Cisco IOS device may be listening. Be sure to block both old-style "all-zeros" broadcasts and new-style "all-ones" broadcasts. It is not necessary to block traffic being forwarded to other hosts—only traffic actually addressed to the Cisco IOS device.
No single input access list works in all configurations. Be sure you know the effect of your access list in your specific configuration before activating it.
The following example shows a possible access list for a three-interface router, along with the configuration commands needed to apply the list. The example assumes input filtering is not needed—other than as a workaround for this problem:
Listing all possible addresses—especially all possible broadcast addresses—to which attack packets can be sent is complicated. If you do not need to forward any legitimate syslog traffic received on an interface, you can block all syslog traffic arriving on that interface. Remember that blocking will affect traffic routed through the Cisco IOS device—as well as traffic destined to the device. If the IOS device is expected to forward syslog packets, you will have to filter in detail. Because input access lists impact system performance, install them with caution—especially on systems running very near their capacity.
Many Cisco software images have been or will be specially reissued to correct this vulnerability. For example, regular released Cisco IOS version 12.0(2) is vulnerable, as are interim versions 12.0(2.1) to 12.0(2.3). The first fixed interim version of Release12.0 mainline software is Release12.0(2.4). However, a special release, 12.0(2a), contains only the fix for this vulnerability and does not include any other bug fixes from later 12.0 interim releases.
If you are running Release 12.0(2) and want to fix this problem without risking possible instability presented by installing the 12.0(2.4) interim release, you can upgrade to Release 12.0(2a). Release 12.0(2a) is a "code branch" from the Release 12.0(2) base, which will merge back into the Release 12.0 mainline at Release 12.0(2.4).
Special releases, like 12.0(2a), are one-time spot fixes, and they will not be maintained. Thus, the upgrade path from Release 12.0(2a) is to Release 12.0(3).
| 1A special fix is a one-time release that provides the most stable immediate upgrade path.
2Interim releases are tested less rigorously than regular maintenance releases; interim releases can contain serious bugs. 3Fixed maintenance releases are on a long-term upgrade path. Other long-term upgrade paths also exist. 4All dates in this table are estimates and are subject to change. 5This entry is not a misprint. The 12.0(2.3)S interim release is available before the 12.0(2)S regular release. |
Old Cisco Management Information Bases (MIBs) will be replaced in a future release. OLD-CISCO-* MIBs are currently migrated into more scalable MIBs—without affecting existing Cisco IOS products or NMS applications. You can update from deprecated MIBs to the replacement MIBs as shown inTable 7:
Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.
This section only contains open and resolved caveats for the current Cisco IOS maintenance release.
All caveats in Release 12.0 and Release 12.0 T are also in Release 12.0 XI.
For information on caveats in Cisco IOS Release 12.0, see Caveats for Cisco IOS Release 12.0 .
For information on caveats in Cisco IOS Release 12.0 T, see Caveats for Cisco IOS Release 12.0 T, which lists severity 1 and 2 caveats, and is located on CCO and the Documentation CD-ROM.
Note If you have an account with CCO, you can use Bug Navigator II to find caveats of any severity for any release. You can reach Bug Navigator II on CCO at Service & Support: Online Technical Support: Software Bug Toolkit., or at http://www.cisco.com/support/bugtools.
This section describes possibly unexpected behavior by Release 12.0(4)XI. Unless otherwise noted, these caveats apply to all 12.0 releases up to and including 12.0(4)XI.
The following cli command does not function : snmp-server packetsize. The maximum snmp packetsize for 12.0(3)T is fixed at 484. There is no known workaround.
When tunneling IPX over an IP tunnel, and when using an extended inbound access list for ip on the tunnel interface, the ipx traffic gets blocked by the access list. As a workaround a "permit gre" statement could be added in the extended access-list.
Because Release 12.0(4)XI is the base release, there are no resolved caveats.
The following sections describe the documentation available for the Cisco AS5300 series universal access servers. These documents consist of hardware and software installation guides, Cisco IOS configuration and command references, system error messages, feature modules, and other documents.
Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online on CCO and the Documentation CD-ROM.
Use these release notes with these documents:
The following documents are specific to Release 12.0 and are located on CCO and the Documentation CD-ROM:
Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Release Notes: Cross-Platform Release Notes
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Release Notes: Cross-Platform Release Notes
Service & Support: Technical Documents
Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Caveats
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Caveats
Note If you have an account with CCO, you can use Bug Navigator II to find caveats of any severity for any release. You can reach Bug Navigator II on CCO at Service & Support: Online Technical Support: Software Bug Toolkit, or at http://www.cisco.com/support/bugtools.
These documents are available for the Cisco AS5300 series universal access servers on CCO and the Documentation CD-ROM.
You can reach Cisco AS5300 documentation from CCO at:
Service & Support: Documentation Home Page: Access Servers and Access Routers: Access Servers: Cisco AS5300
You can reach Cisco AS5300 documentation on the Documentation CD-ROM at:
Cisco Product Documentation: Access Servers and Access Routers: Access Servers: Cisco AS5300
Feature modules describe new features supported by Release 12.0 XI and are updates to the Cisco IOS documentation set. A feature module consists of a brief overview of the feature, benefits, configuration tasks, and a command reference. As updates, the feature modules are available online only. Feature module information is incorporated in the next printing of the Cisco IOS documentation set.
Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: New Feature Documentation
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: New Feature Documentation
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents, which are shipped with your order in electronic form on the Documentation CD-ROM—unless you specifically ordered the printed versions.
Each module in the Cisco IOS documentation set consists of two books: a configuration guide and a corresponding command reference. Chapters in a configuration guide describe protocols, configuration tasks, Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference.
On CCO and the Documentation CD-ROM, two master hot-linked documents provide information for the Cisco IOS software documentation set.
You can reach these documents on CCO at:
Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Configuration Guides and Command References
You can reach these documents on the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Configuration Guides and Command References
Table 8 describes the contents of the Cisco IOS Release 12.0 software documentation set, which is available in electronic form and in printed form upon request.
Note You can find the most current Cisco IOS documentation on CCO and the Documentation CD-ROM. These electronic documents may contain updates and modifications made after the hard-copy documents were printed.
You can reach the Cisco IOS documentation set on CCO at:
Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0
You can reach the Cisco IOS documentation set on the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0
Note Cisco Management Information Base (MIB) User Quick Reference is no longer published. For the latest list of MIBs supported by Cisco, see Cisco Network Management Toolkit on Cisco Connection Online. From CCO, click on the following path: Service & Support: Software Center: Network Mgmt Products: Cisco Network Management Toolkit: Cisco MIB.
For service and support for a product purchased from a reseller, contact the reseller, who offers a wide variety of Cisco service and support programs described in "Service and Support" of Cisco Information Packet shipped with your product.
Note If you purchased your product from a reseller, you can access CCO as a guest. CCO is Cisco Systems' primary real-time support channel. Your reseller offers programs that include direct access to CCO services.
For service and support for a product purchased directly from Cisco, use CCO.
If you have a CCO login account, you can access the following URL, which contains links and tips on configuring your Cisco products:
http://www.cisco.com/kobayashi/serv_tips.shtml
This URL is subject to change without notice. If it changes, point your Web browser to CCO and click on this path: Products & Technologies: Products: Technical Tips.
The following sections are provided from the Technical Tips page:
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can reach CCO in the following ways:
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
Note If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com. To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526-7208, or cs-rep@cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which package that ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.
Posted: Fri Jan 17 15:19:17 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.