|
Table Of Contents
Release Notes for Cisco 2600 Series for Cisco IOS Release 12.2(2)XB15
Determining the Software Version
Upgrading to a New Software Release
New Hardware and Software Features in Cisco IOS Release 12.2(2)XB13 to Cisco IOS Release 12.2(2)XB15
New Hardware and Software Features in Cisco IOS Release 12.2(2)XB12
New Hardware and Software Features in Cisco IOS Release 12.2(2)XB6 to Cisco IOS Release 12.2(2)XB11
New Hardware Features in Cisco IOS Release 12.2(2)XB5
New Software Features in Cisco IOS Release 12.2(2)XB5
New Hardware and Software Features from Cisco IOS Release 12.2(2)XB1 to Cisco IOS Release 12.2(2)XB4
New Hardware Features in Cisco IOS Release 12.2(2)XB
New Software Features in Cisco IOS Release 12.2(2)XB
Deprecated and Replacement MIBs
Addition of the squeeze Command for Cisco 2600 and Cisco 3600 Series Routers
Changes to the output attenuation Command
Caveats for Cisco IOS Release 12.2 XB
Open Caveats—Cisco IOS Release 12.2(2)XB15
Resolved Caveats—Cisco IOS Release 12.2(2)XB15
Open Caveats—Cisco IOS Release 12.2(2)XB14
Resolved Caveats—Cisco IOS Release 12.2(2)XB14
No Caveats—Cisco IOS Release 12.2(2)XB12 to Cisco IOS Release 12.2(2)XB13
Open Caveats—Cisco IOS Release 12.2(2)XB11
Resolved Caveats—Cisco IOS Release 12.2(2)XB11
Open Caveats—Cisco IOS Release 12.2(2)XB9 to Cisco IOS Release 12.2(2)XB10
Resolved Caveats—Cisco IOS Release 12.2(2)XB9 to Cisco IOS Release 12.2(2)XB10
Open Caveats—Cisco IOS Release 12.2(2)XB8
Resolved Caveats—Cisco IOS Release 12.2(2)XB8
Open Caveats—Cisco IOS Release 12.2(2)XB7
Resolved Caveats—Cisco IOS Release 12.2(2)XB7
Open Caveats—Cisco IOS Release 12.2(2)XB6
Resolved Caveats—Cisco IOS Release 12.2(2)XB6
Open Caveats—Cisco IOS Release 12.2(2)XB5
Resolved Caveats—Cisco IOS Release 12.2(2)XB5
Open Caveats—Cisco IOS Release 12.2(2)XB4
Resolved Caveats—Cisco IOS Release 12.2(2)XB4
Open Caveats—Cisco IOS Release 12.2(2)XB3
Resolved Caveats—Cisco IOS Release 12.2(2)XB3
Open and Resolved Caveats—Cisco IOS Release 12.2(2)XB2
Open and Resolved Caveats—Cisco IOS Release 12.2(2)XB1
Open Caveats—Cisco IOS Release 12.2(2)XB
Resolved Caveats—Cisco IOS Release 12.2(2)XB
Cisco IOS Software Documentation Set
Obtaining Technical Assistance
Release Notes for Cisco 2600 Series for Cisco IOS Release 12.2(2)XB15
January 13, 2004
Cisco IOS Release 12.2(2)XB15
OL-1584-02 Rev. O1
These release notes for the Cisco 2600 series describe the enhancements provided in Cisco IOS Release 12.2(2)XB15. These release notes are updated as needed.
For a list of the software caveats that apply to Cisco IOS Release 12.2(2)XB15, see the "Caveats for Cisco IOS Release 12.2 XB" section and Caveats for Cisco IOS Release 12.2. The caveats document is updated for every maintenance release and is located on Cisco.com and the Documentation CD-ROM.
Use these release notes with Cross-Platform Release Notes for Cisco IOS Release 12.2 located on Cisco.com and the Documentation CD-ROM.
Cisco recommends that you view the field notices for this release to see if your software or hardware platforms are affected. If you have an account on Cisco.com, you can find field notices at http://www.cisco.com/kobayashi/support/tac/fn_index.html.
Contents
These release notes describe the following topics:
• MIBs
• Caveats for Cisco IOS Release 12.2 XB
• Obtaining Technical Assistance
Introduction
With the Cisco 2600 series modular access router family, Cisco Systems extends enterprise-class and managed services CPE versatility, integration, and power to branch offices. The widely deployed Cisco 2600 series modular access routers are designed to enable customers to easily adopt future technologies and scale to accommodate network expansion. The Cisco 2600 series shares modular interfaces with the Cisco 1600, Cisco 1700, and Cisco 3600 series, providing a solution to meet the today branch office needs for applications such as the following:
•Internet/intranet access with firewall security
•Multiservice voice/data integration
•Analog and digital dial access services
•Virtual Private Network (VPN) access
•Inter-VLAN routing
•Routing with bandwidth management
The Cisco 2600 series modular architecture provides the versatility needed to adapt to changes in network technology as new services and applications become available. Driven by a powerful RISC processor, the Cisco 2600 series supports the advanced quality of service (QoS), security, and network integration features required in evolving enterprise networks of today.For information on new features and Cisco IOS commands supported by Cisco IOS Release 12.2(2)XB15, see the "New and Changed Information" section and the "Related Documentation" section.
System Requirements
This section describes the system requirements for Cisco IOS Release 12.2 XB and includes the following sections:
• Determining the Software Version
• Upgrading to a New Software Release
Memory Recommendations
Supported Hardware
Cisco IOS Release 12.2(2)XB15 supports the Cisco 2600 series:
•Cisco 2610
•Cisco 2611
•Cisco 2612
•Cisco 2613
•Cisco 2620 and Cisco 2621
•Cisco 2650 and Cisco 2651
For detailed descriptions of the new hardware features, see the "New and Changed Information" section.
Table 2 lists the supported interfaces for the Cisco 2600 series routers for Cisco IOS Release 12.2 T.
For additional information about supported hardware for this platform and release, please refer to the Hardware/Software Compatibility Matrix in the Cisco Software Advisor at the following location:
http://www.cisco.com/cgi-bin/front.x/Support/HWSWmatrix/hwswmatrix.cgi
Table 2 Supported Interfaces for the Cisco 2600 Series Routers
Interface, Network Module, or Data Rate1 Platforms Supported LAN Interfaces21- or 2-port Ethernet (10BASE-T)
All Cisco 2600 series platforms
1-port Token Ring (RJ-45)
Cisco 2612, Cisco 2613
1- or 2-port 10/100-Mbps Ethernet
Cisco 2620, Cisco 2621,
Cisco 2650, Cisco 26513 LAN Network Modules1-port Ethernet
All Cisco 2600 series platforms
4-port Ethernet
All Cisco 2600 series platforms
Serial Network Modules16- or 32-port asynchronous/synchronous serial low speed (128 kbps max)
All Cisco 2600 series platforms
4- or 8-port asynchronous/synchronous serial low speed
(128 kbps max)All Cisco 2600 series platforms
ATM Network Modules14-port T1 ATM network module with IMA (NM-4T1-IMA)
All Cisco 2600 series platforms
4-port E1 ATM network module with IMA (NM-4E1-IMA)
All Cisco 2600 series platforms
8-port T1 ATM network module with IMA (NM-8T1-IMA)
All Cisco 2600 series platforms
8-port E1 ATM network module with IMA (NM-8E1-IMA)
All Cisco 2600 series platforms
1-port ATM T3 network module (NM-1A-T3)
All Cisco 2600 series platforms
1-port ATM E3 network module (NM-1A-E3)
All Cisco 2600 series platforms
1-port ATM-25 RJ-45 interface
All Cisco 2600 series platforms
Digital T1 Packet Voice Trunk Network Modules and Spare Components1-port, 24-channel T1 voice/fax module supports 24 channels of medium-complexity codecs: G.729a/b, G.726, G.711, and fax; or 12 channels of G.726, G.729, G.723.1, G.728, G.729a/b, G.711, and fax. Consists of one NM-HDV, two PVDM-12s, and one VWIC-1MFT-T1.4 Part number: NM-HDV-1T1-24.
All Cisco 2600 series platforms
1-port, enhanced 24-channel T1 voice/fax module, supports 24 channels of high- and medium-complexity codecs: G.729a/b, G.726, G.729, G.728, G.723.1, G.711, and fax. Consists of one NM-HDV, four PVDM-12s, and one VWIC-1MFT-T1.4 Part number: NM-HDV-1T1-24E.
All Cisco 2600 series platforms
2-port, 48-channel T1 voice/fax module supports add/drop multiplexing (drop and insert); 48 channels of medium-complexity codecs: G.729a/b, G.726, G.711, and fax; or 24 channels of G.726, G.729, G.723.1, G.728, G.729a/b, G.711, and fax. Consists of one NM-HDV, four PVDM-12, and one VWIC-2MFT-T1-DI.4 Part number: NM-HDV-2T1-48.
All Cisco 2600 series platforms
High-density voice/fax network module spare (NM-HDV)
Digital T1/E1 packet voice trunk network modules spare component
Digital T1 Packet Voice Trunk Network Modules and Spare Components (continued)12-channel packet voice DSP module upgrade spare (PVDM-12)
Digital T1/E1 packet voice trunk network modules spare component
1-port RJ-48 multiflex trunk—T1 (VWIC-1MFT-T1)4
Digital T1/E1 packet voice trunk network modules spare component
2-port RJ-48 multiflex trunk—T1 (VWIC-2MFT-T1)4
Digital T1/E1 packet voice trunk network modules spare component
2-port RJ-48 multiflex trunk with drop and insert—T1 (VWIC-2MFT-T1-DI)4
Digital T1/E1 packet voice trunk network modules spare component
Digital E1 Packet Voice Network Modules1-port 30-channel E1 high-density voice network module (NM-HDV-1E1-30)
All Cisco 2600 series platforms
1-port enhanced 30-channel E1 high-density voice network module (NM-HDV-1E130E)
All Cisco 2600 series platforms
2-port 60-channel high-density voice network module (NM-HDV-2E1-60)
All Cisco 2600 series platforms
Dial, ISDN, and Channelized Serial Network Modules1- or 2-port channelized T1/ISDN PRI
All Cisco 2600 series platforms
1- or 2-port channelized T1/ISDN PRI with CSU
All Cisco 2600 series platforms
1- or 2-port channelized E1/ISDN PRI balanced
All Cisco 2600 series platforms
1- or 2-port channelized E1/ISDN PRI unbalanced
All Cisco 2600 series platforms
4-or 8-port ISDN BRI S/T interface
All Cisco 2600 series platforms
4- or 8-port ISDN BRI U (NT-1) interface
All Cisco 2600 series platforms
8- or 16-port analog modems
All Cisco 2600 series platforms
WIC-1AM and WIC-2AM
All Cisco 2600 series platforms
T1/E1 Multiflex Voice/WAN Interface Cards51-port T1 multiflex trunk interface (VWIC-1MFT-T1)
All Cisco 2600 series platforms
1-port E1 multiflex trunk interface (VWIC-1MFT-E1)
All Cisco 2600 series platforms
2-port T1 multiflex trunk interface (VWIC-2MFT-T1)
All Cisco 2600 series platforms
2-port E1 multiflex trunk interface (VWIC-2MFT-E1)
All Cisco 2600 series platforms
2-port T1 multiflex trunk interface with drop and insert (VWIC-2MFT-T1-DI)
All Cisco 2600 series platforms
2-port E1 multiflex trunk interface with drop and insert (VWIC-2MFT-E1-DI)
All Cisco 2600 series platforms
Voice/Fax Interface Cards1- or 2-voice/fax network module (NM-1V and NM-2V)
All Cisco 2600 series platforms
1-slot high-density T1/E1 voice interface card slots6
All Cisco 2600 series platforms
2-port FXS voice/fax interface card7
All Cisco 2600 series platforms with voice/fax network modules
2-port E&M voice/fax interface card3 (VIC-2E/M)
All Cisco 2600 series platforms with voice/fax network modules
2-port FXO voice/fax interface card3 (VIC-2FXO, VIC-2FXO-M3, and VIC-2FXO-EU)
All Cisco 2600 series platforms with voice/fax network modules
WAN Interface Cards1-port ISDN BRI S/T interface (requires external NT-1)
All Cisco 2600 series platforms
1-port ISDN BRI (NT-1) U
All Cisco 2600 series platforms
1-port 56/64-kbps DSU/CSU
All Cisco 2600 series platforms
1-port T1/fractional T1 with DSU/CSU WAN Interface Card (WIC-1DSU-T1)
All Cisco 2600 series platforms
1-port high-speed serial (up to 2.048 Mbps)
All Cisco 2600 series platforms
2-port dual high-speed serial (up to 2.048 Mbps; asynchronous/synchronous support)
All Cisco 2600 series platforms
2-port asynchronous/synchronous (up to 128 kbps) (WIC-2A/S[=]8
All Cisco 2600 series platforms
Advanced Integration ModuleData compression AIM (up to 8.192 Mbps)
All Cisco 2600 series platforms
Hardware encryption Advanced Integration Module (AIM)9
All Cisco 2600 series platforms
1 The voice/fax and ATM-25 network modules require Cisco IOS Plus feature sets.
2 The 1- or 2-port 10/100 Ethernet LAN interface for the Cisco 2620 and Cisco 2621 series routers is only available in Cisco IOS Release 12.0 XC and later releases.
3 Cisco 2650 and 2651 routers require Cisco IOS Release 12.1(3a)T1 or later releases.
4 See T1/E1 multiflex voice/WAN interface cards in this table.
5 T1 multiflex voice/WAN interface cards can be used in a chassis slot or installed in a digital T1 packet voice trunk module. E1 multiflex voice/WAN interface cards can be installed in a chassis slot.
6 Uses the VWIC-MFT T1/E1 interface cards.
7 Requires the NM-1V or NM-2V network module.
8 Supported in Fast Ethernet mixed media network modules: NM-1FE2W, NM-2FE2W, NM-1FE1R2W, NM-2W.
9 A Cisco 2600 series router with a VPN module installed will run with any feature set for the Cisco IOS 12.1(5)T and later software, but the module is utilized only with IPSec feature sets. For example, Cisco 2600 series Cisco IOS IP-only software for 12.1(5)T will run on a Cisco 2600 series router with the VPN module installed, but it will not be enabled for IPSec and will not exploit the features of the VPN module.
Determining the Software Version
To determine the version of Cisco IOS software running on your Cisco 2600 series, log in to the Cisco 2600 series and enter the show version EXEC command:
Router> show version
Cisco Internetwork Operating System Software
IOS (tm) 12.2 XB Software c-2600-jsx-mz, Version 12.2(2)XB15, RELEASE SOFTWARE
Upgrading to a New Software Release
For general information about upgrading to a new software release, refer to S oftware Installation and Upgrade Procedures located at the following URL:
http://www.cisco.com/warp/public/130/upgrade_index.shtml
Other Firmware Code
The latest version of analog modem firmware for the Cisco 2600 series supports the internal analog modems (both NM-16AM and NM-8AM) in a wide range of countries, starting with Cisco IOS Release 11.3(5)T and later releases. The latest firmware (version 1.2.0) also supports dial-out and fax-out.
Additional information can be found on Cisco.com, beginning under the Service & Support heading:
Technical Documents: Documentation Home Page: Access Servers and Access Routers: Modular Access Routers: Cisco 2600 Series Routers: Analog Modem Firmware
This information is also available on the Documentation CD-ROM at:
Cisco Product Documentation: Access Servers and Access Routers: Modular Access Routers: Cisco 2600 Series Routers: Analog Modem Firmware
Feature Set Tables
The Cisco IOS software is packaged in feature sets consisting of software images—depending on the platform. Each feature set contains a specific set of Cisco IOS features.
Cisco IOS Release 12.2(2)XB15 supports the same feature sets as Cisco IOS Release 12.2(4) T, but Cisco IOS Release 12.2(2)XB15 can include new features supported by the Cisco 2600 series.
Caution Cisco IOS images with strong encryption (including, but not limited to, 168-bit Triple Data Encryption Standard [3DES] data encryption feature sets) are subject to United States government export controls and have limited distribution. Strong encryption images to be installed outside the United States are likely to require an export license. Customer orders may be denied or subject to delay because of United States government regulations. When applicable, purchaser and user must obtain local import and use authorizations for all encryption strengths. Please contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com.
Table 3 and Table 4 list the new features supported by the Cisco 2600 series in Cisco IOS Release 12.2(2)XB15 and uses the following conventions:
•Yes—The feature is supported in the software image.
•No—The feature is not supported in the software image.
•In—The number in the "In" column indicates the Cisco IOS release in which the feature was introduced.
Note These release notes are not cumulative and only list features that are new to Cisco IOS Release 12.2(2)XB15. The parent release for Cisco IOS Release 12.2(2)XB15 is Cisco IOS Release 12.2(4) T. To find information about inherited features, refer to Cisco.com or Feature Navigator. For Cisco.com, go to http://www.cisco.com/univercd/home/index.htm, select the appropriate software release under Cisco IOS Software, and click Release Notes. If you have a Cisco.com login account, you can use the Feature Navigator tool at http://www.cisco.com/go/fn.
New and Changed Information
The following sections list the new hardware and software features supported by the Cisco 2600 series for Cisco IOS Release 12.2(2)XB15.
New Hardware and Software Features in Cisco IOS Release 12.2(2)XB13 to Cisco IOS Release 12.2(2)XB15
No new hardware and software features are supported by the Cisco 2600 series for Cisco IOS Release 12.2(2)XB13 to Cisco IOS Release 12.2(2)XB15.
Note Cisco IOS Release 12.2(2)XB13 does not exist.
New Hardware and Software Features in Cisco IOS Release 12.2(2)XB12
Cisco IOS Release 12.2(2)XB12 does not support the Cisco 2600 series.
New Hardware and Software Features in Cisco IOS Release 12.2(2)XB6 to Cisco IOS Release 12.2(2)XB11
No new hardware or software features are supported by the Cisco 2600 series in Cisco IOS Release 12.2(2)XB6 to Cisco IOS Release 12.2(2)XB11. Cisco IOS Release 12.2(2)XB9 is not distributed for widespread availability.
New Hardware Features in Cisco IOS Release 12.2(2)XB5
No new hardware features are supported by the Cisco 2600 series for Cisco IOS Release 12.2(2)XB5.
New Software Features in Cisco IOS Release 12.2(2)XB5
The following new software features are supported by the Cisco 2600 series for Cisco IOS Release 12.2(2)XB5:
EAP RADIUS Support
The EAP RADIUS Support feature allows users to apply to the client authentication methods that may not be supported by the network access server; this is done via the Extensible Authentication Protocol (EAP). Before this feature was introduced, support for various authentication methods for PPP connections required custom vendor-specific work and changes to the client and NAS.
EAP is an authentication protocol for PPP that supports multiple authentication mechanisms that are negotiated during the authentication phase (instead of the link control protocol [LCP] phase). EAP allows a third-party authentication server to interact with a PPP implementation through a generic interface.
MS CHAP Version 2
The MS CHAP Version 2 feature in Cisco IOS Release 12.2(2)XB5 introduces the ability of Cisco routers to utilize Microsoft Challenge Handshake Authentication Protocol Version 2 (MSCHAP V2) authentication for PPP connections between a computer using a Microsoft Windows operating system and a network access server (NAS). MSCHAP V2 authentication is an updated version of MSCHAP that is similar to, but incompatible with MSCHAP. MSCHAP V2 introduces mutual authentication between peers and a change password feature.
New Hardware and Software Features from Cisco IOS Release 12.2(2)XB1 to Cisco IOS Release 12.2(2)XB4
No new hardware or software features are supported by the Cisco 2600 series from Cisco IOS Release 12.2(2)XB1 to Cisco IOS Release 12.2(2)XB4.
New Hardware Features in Cisco IOS Release 12.2(2)XB
The following new hardware features are supported by the Cisco 2600 series for Cisco IOS Release 12.2(2)XB:
1- and 2- Port V.90 Modem WICs for Cisco 2600 and 3600 Series
The 1- and 2-port V.90 modem WAN interface cards (WICs) for Cisco 2600 and 3600 series multiservice platforms provide low-density integrated modems for remote management, dial-backup, and low-density remote-access servers (RAS).
Refer to the Cisco WAN Interface Card Hardware Installation Guide for further information at http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/cis2600/hw_inst/wic_inst/wic_doc/index.htm.
See also the "1- and 2- Port V.90 Modem WICs for Cisco 2600 and 3600 Series" section below.
New Software Features in Cisco IOS Release 12.2(2)XB
The following new software features are supported by the Cisco 2600 series for Cisco IOS Release 12.2(2)XB:
1- and 2- Port V.90 Modem WICs for Cisco 2600 and 3600 Series
Three applications are available for the V.90 modem WIC on the Cisco 2600 and Cisco 3600 series Multiservice Platforms:
Remote Router Management and Out-of-Band Access
In this mode, the modem WIC is used as a dial-in modem for remote terminal access to the router's command-line interface (CLI) for configuration, troubleshooting, and monitoring. The modem WIC acts similar to a modem that is connected to the AUX port of a router, but the integrated nature of the modem WIC greatly decreases customer configuration time and deployment and sustaining costs. Typically, the 1-port modem WIC is used for this application. Connection speeds of up to 33.6 kbps are possible.
Asynchronous Dial-on-Demand Routing and Dial-Backup
In this mode, the V.90 modem WIC transports network traffic. When ISDN service is not available and the traffic load does not justify a leased-line or Frame Relay connection, asynchronous dial-on-demand routing (DDR) is often the only choice for making a WAN connection. Even at sites that do have leased-line or Frame Relay connection, asynchronous DDR can increase bandwidth during sustained traffic load. In addition, when the primary leased-line or Frame Relay link is down during an outage, asynchronous dial-backup provides a secondary way to make the WAN connection. Both the 1-port and 2-port versions of the V.90 modem WIC can be used for this application.
Low-Density Analog RAS Access
In this application, the V.90 modem WIC enables the platform to provide the services of a typical small remote access server (RAS). One service allows remote users to dial in and gain access to resources on the LAN (or even across the WAN). The analog modems in the modem WIC allow dial-in connection speeds of up to 33.6 kbps, but MLP can bind multiple links together and increase the throughput.
Refer to the following document for further information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/ft12pwic.htm
ATM Software Segmentation and Reassembly (SAR)
The Cisco 2600 series T1/E1 ATM AAL2 and AAL5 support and Cisco 3660 T1 IMA AAL2 Support feature allows the Cisco 2600 series to carry voice and data traffic over ATM networks using AAL2 and AAL5 and the Cisco 3660 to support AAL2 voice traffic.
For the Cisco 2600 series, this feature works in conjunction with the T1/E1 Multiflex Voice/WAN interface card (VWIC), which is plugged into a WIC slot to provide one ATM WAN interface at a T1/E1 rate supporting up to 24/30 channels of voice.
T1/E1 ATM support is a time-to-market feature that helps service providers take advantage of the inherent quality of service (QoS) features of ATM multiservice applications. FR-ATM (FRF.5 and FRF.8) internetworking is supported on the Cisco 2600 series.
On the Cisco 3660 a T1 IMA Network Module is used as the IMA interface providing a maximum of one ATM IMA interface that supports up to 48/60 voice channels. Up to eight T1/E1s and multiple IMA groups are permitted, but only the first IMA group supports voice over AAL2 for up to 48/60 voice channels. NM-IMA already supports AAL5 on both the Cisco 2600 and Cisco 3600 series (not just 3660).
The Cisco 2600 series T1/E1 ATM portion of this feature provides a shared implementation of the ATM features currently available on the Cisco MC3810 with the Cisco 2600 series.
Refer to the following document for further information:
AIM-Voice-30, AIM-ATM-Voice-30
Three types of Advanced Integration Module (AIM) provide components that provide segmentation and reassembly (SAR) of packets for ATM transport over a wide-area network (WAN) and voice digital signal processing (DSP) services. The Cisco 2600 series has one internal slot for an AIM, and the Cisco 3660 has two. The three types of AIM are as follows:
•AIM-ATM—A High-Performance ATM AIM, which enables voice and data traffic to be carried over ATM networks using AAL2 and AAL5 encapsulation, when installed in Cisco 2600 series or Cisco 3660 routers. If used in conjunction with a T1/E1 multiflex trunk voice/WAN interface card (VWIC-MFT) for circuit-mode data and frame-mode data over ATM infrastructures, it supports up to four T1 or E1 WAN interfaces. These interfaces may be four independent links or four inverse multiplexing over ATM (IMA) groups. When using the voice DSP capability of a digital T1/E1 packet voice trunk network module (NM-HDV) and a T1/E1 multiflex trunk VWIC, it supports as many as 30 channels of compressed voice over a T1/E1 trunk using AAL2 or AAL5. Analog Voice over ATM (VoATM) is enabled with a voice/fax network module (NM-1V or NM-2V) and a voice interface card, which support as many as four analog voice calls using AAL5. All voice interface cards are supported: FXS, FXO, Analog-DID, E&M, and BRI.
•AIM-VOICE-30—An advanced integration module capable of supporting up to 30 voice or fax channels when used with one of the T1/E1 voice/WAN interface cards (such as VWIC-1T1). This AIM includes powerful DSPs that are used for a number of voice processing tasks such as voice compression and decompression, voice activity detection or silence suppression, and private branch exchange (PBX) or public switched telephone network (PSTN) signaling protocols. By using the AIM-VOICE-30 in a Cisco 2600 series router, customers can support Voice over IP (VoIP) or Voice over Frame Relay (VoFR) while leaving the router's network module slot open for other functions such as asynchronous or synchronous serial concentration. When used in combination with one of the various ATM network modules, VoATM or VoIP over ATM can be provisioned using AAL5 and Voice over AAL2 (VoAAL2).
•AIM-ATM-VOICE-30—a combined ATM and DSP AIM that supports voice over ATM (VoATM), voice over IP (VoIP), and voice over Frame Relay (VoFR). It supports as many as four T1 or E1 trunks when installed in a Cisco 2600 series or Cisco 3660 router. This AIM is used in combination with one T1/E1 multiflex trunk interface (VWIC-MFT) to provide PBX or PSTN signaling protocols. It uses VoAAL2 (ITU I.366.1/I.363.2) and VoAAL5, and does not require use of a digital T1/E1 packet voice trunk network module. This AIM has an on board ATM coprocessor for increased AAL2 and AAL5 performance, and for as many as four IMA groups, enabling fractional T3 or E3 bandwidth performance.
Refer to the following document for further information:
Call Transfer Capabilities Using Refer
Call transfer allows a wide variety of decentralized multiparty call operations. These decentralized call operations form the basis for third-party call control, and thus are important features for Voice over IP (VoIP) and SIP. Call transfer is also critical for conference calling, where calls can transition smoothly between multiple point-to-point links and IP level multicasting.
Refer to the following document for further information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/ftrefer.htm
Cisco Gateway Management Agent (CGMA)
The CGMA feature provides an extensible markup language (XML) interface to support real-time management of a Cisco IOS gateway (GW). Currently, GWs provide statistics using Simple Network Management Protocol (SNMP) and do not support real-time polling. The CGMA feature allows GWs to communicate with third-party management applications using XML over TCP/IP.
Refer to the following document for further information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/ftcgma2.htm
Configurable PSTN Cause Code to SIP Response Mapping
For calls to be established between a SIP network and a PSTN network, the two networks must be able to interoperate. One aspect of their interoperation is the mapping of PSTN cause codes, which indicate reasons for PSTN call failure or completion, to SIP status codes or events. The opposite is also true: SIP status codes or events are mapped to PSTN cause codes. Event mapping tables found in this document show the standard or default mappings between SIP and PSTN.
However, you may want to customize the SIP user agent software to override the default mappings between the SIP and PSTN networks. The Configurable PSTN Cause Code to SIP Response Mapping feature allows you to configure specific map settings between the PSTN and SIP networks. Thus, any SIP status code can be mapped to any PSTN cause code, or vice versa. When set, these settings can be stored in the NVRAM and are restored automatically on bootup.
Refer to the following document for further information:
DTMF Relay using NTE
The SIP NTE DTMF relay feature is used for the following applications:
•Reliable DTMF Relay
•SIP Phone Support
Note The SIP NTE DTMF relay feature is implemented for SIP calls only on Cisco Voice-over-IP (VoIP) gateways.
Reliable DTMF Relay
The SIP NTE DTMF relay feature provides reliable digit relay between Cisco VoIP gateways when a low bandwidth codec is used. Using NTE to relay DTMF tones provides a standardized means of transporting DTMF tones in Real-Time Transport Protocol (RTP) packets according to section 3 of RFC 2833, RTP Payload for DTMF Digits, Telephony Tones and Telephony Signals, developed by the Internet Engineering Task Force (IETF) Audio/Video Transport (AVT) working group. RFC 2833 defines formats of NTE RTP packets used to transport DTMF digits, hookflash, and other telephony events between two peer endpoints.
Note The SIP NTE DTMF relay feature does not support hookflash generation for advanced features such as call waiting and conferencing.
SIP Phone Support
The SIP NTE DTMF relay feature adds SIP phone support. When SIP IP phones are running software that does not have the capability to generate DTMF tones, the phones use NTE packets to indicate DTMF digits. With the SIP NTE DTMF relay feature, Cisco VoIP gateways can communicate with SIP phones that use NTE packets to indicate DTMF digits. The Cisco VoIP gateways can relay the digits to other endpoints.
Refer to the following document for further information:
GKTMP Security Token Enhancement
GKTMP Security Token Enhancement enhances the passing of clear tokens up to the RouteServer and then down to the endpoints from the RouteServer. This feature provides enhancements to mix and match local (in domain) gateways with remote access server determinations. It also adds new parameters to the following commands
•Response ARQ
•Request LRQ
•Response LRQ
•Request LCF
•Response LCF
•Request DRQ
These new parameters can be found in GKTMP Messages (GK API Guide Version 3.1) chapter of the Gatekeeper External Interface Reference, Version 3.1 at http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/rel_docs/gktmpv31/gk_tmp.htm
GKTMP Interface Resiliency Enhancement
Gatekeeper Transaction Message Protocol (GKTMP) is used between the Cisco IOS Gatekeeper and a server to provide enhanced call routing and address translation services. The GKTMP Interface Resiliency Enhancement feature adds the following robustness and load balancing functionality.
•Enhanced REQUEST DRQ Message—The Gatekeeper Transaction Message Protocol (GKTMP) Interface Resiliency Enhancement feature provides additional parameters in the disengage request (REQUEST DRQ) message sent from the GK to the server.
•New REQUEST ALV and RESPONSE ALV Messages— The REQUEST ALV message is sent to detect server failures and is sent from the GK to the GKTMP server as soon as the server registers with the GK. The GKTMP server responds to the REQUEST ALV message with a RESPONSE ALV message.
•Server Failure Detection and Flow Control—The GKTMP Interface Resiliency Enhancement feature provides a new command to start the GK's flow-control and failure detection features. Using the server flow-control command, you can set a timeout value for responses from the server to the GK. The GK measures the average time taken by the server to process each transaction. If the time period for processing reaches 80 percent of the configured timeout value, the server is marked as unavailable. The GK routes transactions bound for this server to alternate servers if they are available. If no alternate servers are available, the GK handles the calls.
Refer to the following document for further information:
IOS Telephony Services - IP-Keyswitch
The IP Keyswitch feature provides Cisco IP phone call-handling capabilities in a LAN environment. This feature enables the Cisco IAD2400 series to provide IP Keyswitch capability integrated in the router for the Cisco IP Phone 7960, Cisco IP Phone 7940, and Cisco IP Phone 7910. It loads phone images, and configures, and manages the Cisco IP phones in your LAN. It also provides a host of features such as call forwarding, call transfer, and hold, for example. The IP Keyswitch feature provides you with integrated call processing capabilities for a small office with up to 48 extensions.
Refer to the following document for further information:
http://www.cisco.com/univercd/cc/td/doc/product/access/ip_ph/ip_ks/index.htm
MGCP VoIP Call Admission Control
MGCP CAC determines if calls can be accepted on the IP network based on available network resources. Prior to this release, MGCP VoIP calls were established regardless of the available resources on the gateway or network. The gateway had no mechanism for gracefully refusing calls if resources were not available to process the call. New calls would fail with unexpected behavior and in-progress calls would experience quality-related problems.
Refer to the following document for further information:
RFC2782 Compliance for DNS SRV
SIP on Cisco VoIP gateways uses Domain Name System Server (DNS SRV) query to determine the IP address of the user endpoint. The query string has a prefix in the form of "protocol.transport." and is attached to the fully qualified domain name (FQDN) of the next hop SIP server. This prefix style, from RFC 2052, has always been available; however, with this release, a second style is also available. The second style is in compliance with RFC 2782, and prepends the protocol label with an underscore "_"; as in "_protocol._transport.". The addition of the underscore reduces the risk of the same name being used for unrelated purposes. The form compliant with RFC 2782 is the default style.
Use the srv version command to configure the DNS SRV feature.
For further information, refer to the RFC2782 Compliance (Style of DNS SRV Queries) section at:
SIP Gateway Support for Bind Command
In previous releases of Cisco IOS software, the source address of a packet going out of the gateway was never deterministic. That is, the session protocols and VoIP layers always depended on the IP layer to give the best local address. The best local address was then used as the source address (the address showing where the SIP request came from) for signaling and media packets. Using this nondeterministic address occasionally caused confusion for firewall applications, as a firewall could not be configured with an exact address and would take action on several different source address packets.
However, the bind interface command allows you to configure the source IP address of signaling and media packets to a specific interface's IP address. Thus, the address that goes out on the packet is bound to the IP address of the interface specified with the bind command. Packets that are not destined to the bound address are discarded.
When you do not want to specify a bind address, or if the interface is down, the IP layer still provides the best local address.
Refer to the following document for further information:
SIP Gateway Support of RSVP and "tel" URL
The SIP Gateway Support of RSVP and TEL URL feature provides the following SIP enhancements:
•RSVP
•Telephone URL Format in SIP Messages
•Interaction with Forking Proxies
•SIP Hairpinning
•Reliability of SIP Provisional Responses
•Configurable Screening Indicator
•RFC2782 Compliance (Style of DNS SRV Queries)
RSVP
In previous Cisco IOS releases, SIP applications over IP networks functioned as best-effort services — their media packets were delivered with no performance guarantees. However, SIP Gateway Support of RSVP and TEL URL ensures quality of service (QoS) by coordinating SIP call signaling and RSVP resource management. This feature reserves sufficient network-layer resources to guarantee bandwidth and bounds on packet loss, delay, and jitter; thus ensuring that the called party's phone rings only after bandwidth required for the call has been successfully reserved.
Telephone URL Format in SIP Messages
The SIP Gateway Support of RSVP and TEL URL feature also supports Telephone Uniform Resource Locators or TEL URL. Currently SIP gateways support URLs in the SIP format. SIP URLs are used in SIP messages to indicate the originator, recipient, and destination of the SIP request. However, SIP gateways may also encounter URLs in other formats, such as TEL URLs. TEL URLs describe voice call connections. They also enable the gateway to accept TEL calls sent through the Internet, and to generate TEL URLs in the request line of outgoing INVITEs requests.
Interaction with Forking Proxies
Support for call forking enables the terminating gateway to handle multiple requests and the originating gateway to handle multiple provisional responses for the same call. Interaction with forking proxies applies to gateways acting as a user agent client (UAC), and takes place when a user is registered to several different locations. When the UAC sends an INVITE message to a proxy, the proxy forks the request and sends it to multiple user agents (UAs). The SIP gateway processes multiple 18X responses by treating them as independent transactions under the same call ID. When the relevant dial peers are configured for QoS, the gateway maintains state and initiates RSVP reservations for each of these independent transactions. When it receives an acknowledgment, such as a 200 OK, the gateway accepts the successful acknowledgment and destroys state for all other transactions.
The forking functionality sets up RSVP for each transaction only if the dial peers are configured for QoS. If not, the calls proceed as best-effort.
SIP Hairpinning
SIP hairpinning is a call routing capability in which an incoming call on a specific gateway is signaled through the IP network and back out the same gateway. This can be a public switched telephone network (PSTN) call routed into the IP network and back out to the PSTN over the same gateway. Similarly, SIP hairpinning can be a call signaled from a line (for example, a telephone line) to the IP network and back out to a line on the same access gateway. With SIP hairpinning, unique gateways for ingress and egress are no longer necessary.
Reliability of SIP Provisional Responses
SIP reliable provisional responses ensure that media information is exchanged and resource reservation can take place prior to connecting the call. Provisional acknowledgement (PRACK) and conditions met (COMET) are two methods that have been implemented.
PRACK allows reliable exchanges of SIP provisional responses between SIP endpoints. COMET indicates if the pre-conditions for a given call or session have been met.
Configurable Screening Indicator
Screening Indicator (SI) is a signaling-related information element found in octet 3a of the ISDN SETUP message that can be used as an authorization mechanism for incoming calls. Enhancements have been made to the Tool Command Language (TCL) Interactive Voice Response (IVR) 2.0 command set that allow SIP terminating gateways to assign a specific value to the screening indicator through the use of TCL scripts.
RFC2782 Compliance (Style of DNS SRV Queries)
SIP on Cisco VoIP gateways uses Domain Name System Server (DNS SRV) query to determine the IP address of the user endpoint. The query string has a prefix in the form of "protocol.transport." and is attached to the fully qualified domain name (FQDN) of the next hop SIP server. This prefix style, from RFC 2052, has always been available; however, with this release, a second style is also available. The second style is in compliance with RFC 2782, and prepends the protocol label with an underscore "_"; as in "_protocol._transport.". The addition of the underscore reduces the risk of the same name being used for unrelated purposes. The form compliant with RFC 2782 is the default style.
Refer to the following document for further information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/vvfresrv.htm
SIP Intra-Gateway Hairpinning
Voice SIP hairpinning is a call routing capability in which an incoming call on a specific gateway is signaled through the IP network and back out the same gateway. This can be a public switched telephone network (PSTN) call routed into the IP network and back out to the PSTN over the same gateway.
Similarly, SIP hairpinning can be a call signaled from a line (for example, a telephone line) to the IP network and back out to a line on the same access gateway. With SIP hairpinning, unique gateways for ingress and egress are no longer necessary.
For further information refer to the Session Interface Protocol section in the Voice, Video, and Fax Overview chapter of the Cisco IOS Voice, Video, and Fax Configuration Guide, Release 12.2 at http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fvvfax_c/vvfover.htm.
SIP INVITE Request with Malformed Via Header
A SIP INVITE requests that a user or service participate in a session. Each INVITE contains a Via header that indicates the transport path taken by the request so far, and where to send a response.
In the past, when an INVITE contained a malformed Via header, the gateway would print a debug message and discard the INVITE without incrementing a counter. However, the printed debug message was often inadequate, and it was difficult to detect that messages were being discarded.
The SIP INVITE Request with Malformed Via Header feature provides a response to the malformed request. A counter, Client Error: Bad Request, increments when a response is sent for a malformed Via field. Bad Request is a class 400 response and includes the explanation Malformed Via Field. The response is sent to the source IP address (the IP address where the SIP request originated) at User Datagram Protocol (UDP) port 5060.
Note This feature applies to messages arriving on UDP, because the Via header is not used to respond to messages arriving on TCP.
Refer to the following document for further information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/ftmalvia.htm
SIP T.37 and Cisco Fax
SIP T.37 is an ITU specification that enables store and forward fax applications, as well as toggling from voice to fax, for example, providing an IVR front-end to a fax store and forward application.
Refer to the following document for further information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/dtfaxrly.htm
Survivability Remote Site Telephony
The Survivable Remote Site Telephony feature provides the Cisco CallManager with fallback support for the Cisco IP phones attached to the router on your local Ethernet. Cisco IOS Release 12.1(5)YD integrates this feature on the Cisco IAD2400 series and enables the routers to provide call handling support for the Cisco IP phones when the Cisco IP phones lose connection to the remote primary, secondary, or tertiary Cisco CallManager or when the WAN connection is down.
The Cisco CallManager 3.0 supports Cisco IP phones at remote sites attached to Cisco branch office multi-service routers across the WAN. Prior to Survivable Remote Site Telephony, when the WAN connection between the remote branch office router and the Cisco CallManager failed, or connectivity with the Cisco CallManager was lost for some other reason, the Cisco IP phones at the branch office became unusable for the duration of the failure. To overcome this problem the Survivable Remote Site Telephony feature was developed. The feature provides call-handling support on the branch-office router for its attached Cisco IP phones when a failure occurs. The system automatically detects the failure, and using Simple Network Auto Provisioning (SNAP) technology, auto configures the branch office router to provide call processing service for the local IP phones. When the failure is restored, call-handling capabilities for the Cisco IP phones switch back to the primary Cisco CallManager. During a failure, the Cisco IP phone displays a message to inform the user that the Cisco IP phone is in the Cisco CallManager fallback mode and is able to perform a limited set of functions.
Refer to the following document for further information:
http://www.cisco.com/univercd/cc/td/doc/product/access/ip_ph/srs/index.htm
Unspecified Bit Rate Plus (uBR+) and ATM Enhancements
The uBR+ and ATM Enhancements include the following:
•uBR+ functionality
•Proportional allocation of excess bandwidth
•Over subscription of the Cisco MC3810-MFT T1/E1 trunk and similar ATM-capable interfaces offered on the Cisco 2600 series
These enhancements permit the over subscription of ATM trunks for uBR+ permanent virtual circuits (PVCs).
uBR+ supports a zero committed information rate (CIR) with infinite burst capabilities. It allows any available network bandwidth to be continuously usable by any data application. For this feature, all data traffic in the network will use uBR+. The zero CIR with infinite burst feature is exclusive to data traffic and implemented for AAL5.
Without the uBR+ and ATM enhancement feature, a file transfer from one virtual circuit (VC) uses the entire trunk bandwidth when no other VCs (data or voice) are active. When other VCs are active with a fixed amount of bandwidth, the one VC's file transfer will appropriate all of the remaining bandwidth that the other VCs are not using.
Since uBR allows for a continuous burst, bandwidth could be conserved by assigning a uBR Class of Service (CoS) to the VC. However, uBR has a variable bit rate (VBR) that constrains the burst period to a maximum burst size (MBS), rather than allowing a continuous burst. The uBR+ and ATM enhancements feature does not have an MBS constraint.
Refer to the following document for further information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/ft_ubr.htm
MIBs
Current MIBs
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://tools.cisco.com/ITDIT/MIBS/servlet/index
If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
Deprecated and Replacement MIBs
Old Cisco MIBs will be replaced in a future release. Currently, OLD-CISCO-* MIBs are being converted into more scalable MIBs without affecting existing Cisco IOS products or network management system (NMS) applications. You can update from deprecated MIBs to the replacement MIBs as shown in Table 5.
Important Notes
The following sections contain important notes about Cisco IOS Release 12.2 XB that can apply to the Cisco 2600 series.
Addition of the squeeze Command for Cisco 2600 and Cisco 3600 Series Routers
The squeeze command, which is used to erase all files marked for deletion on a Flash file system, is now available on Cisco 2600 and Cisco 3600 series routers.
Changes to the output attenuation Command
In Cisco IOS Release 12.2(2), the range of the output attenuation command for voice ports has changed from 0-14 to -6-14.
Field Notices and Bulletins
For general information about the types of documents listed in this section, refer to the following document:
http://www.cisco.com/kobayashi/support/tac/fn_index.html
•Field Notices—Cisco recommends that you view the field notices for this release to see if your software or hardware platforms are affected. If you have an account on Cisco.com, you can find field notices at http://www.cisco.com/kobayashi,support/tac/fn_index.html
•Product Bulletins—If you have an account on Cisco.com, you can find product bulletins at http://www.cisco.com/warp/customer/cc/general/bulletin/index.shtml. If you do not have a Cisco.com login account, you can find product bulletins at http://www.cisco.com/warp/public/cc/general/bulletin/iosw/index.shtml.
•What's Hot for IOS Releases: Cisco IOS 12.1—What's Hot for IOS Releases: Cisco IOS 12.1 provides information about caveats that are related to deferred software images for Cisco IOS Release 12.1. If you have an account with Cisco.com, you can access What's Hot for IOS Releases: Cisco IOS 12.1 at http://www.cisco.com/kobayashi/sw-center/sw-ios.shtml or by logging in and selecting Software Center: Cisco IOS Software.
•What's New for IOS — What's New for IOS lists recently posted Cisco IOS software releases and software releases that have been removed from Cisco.com. If you have an account with Cisco.com you can access What's New for IOS at http://www.cisco.com/kobayashi/sw-center/sw-ios.shtml or by logging in and selecting Software Center: Cisco IOS Software.
Caveats for Cisco IOS Release 12.2 XB
Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only select severity 3 caveats are included in the caveats document.
This section contains only open and resolved caveats for the current Cisco IOS maintenance release.
All caveats in Cisco IOS Release 12.2 and Cisco IOS Release 12.2 T are also in Cisco IOS Release 12.2(2)XB15.
For information on caveats in Cisco IOS Release 12.2, see Caveats for Cisco IOS Release 12.2.
For information on caveats in Cisco IOS Release 12.2(2) T, see Caveats for Cisco IOS Release 12.2(2) T, which lists severity 1 and 2 caveats and select severity 3 caveats and is located on Cisco.com and the Documentation CD-ROM.
Note If you have an account with Cisco.com, you can also use the Bug Toolkit to find caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com and click Technical Support: Tools & Utilities: More: Software Bug Toolkit (under Troubleshooting Tools). Another option is to go to http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl.
Open Caveats—Cisco IOS Release 12.2(2)XB15
There are no open caveats specific to Cisco IOS Release 12.2(2)XB15 that require documentation in the release notes.
Resolved Caveats—Cisco IOS Release 12.2(2)XB15
All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB15. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
Table 6 Resolved Caveats for Cisco IOS Release 12.2(2)XB15
DDTS ID Number DescriptionCSCec87533
ios fw hang then crash with h323 corrupt packet
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
Open Caveats—Cisco IOS Release 12.2(2)XB14
There are no open caveats specific to Cisco IOS Release 12.2(2)XB14 that require documentation in the release notes.
Resolved Caveats—Cisco IOS Release 12.2(2)XB14
All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB14. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
Table 7 Resolved Caveats for Cisco IOS Release 12.2(2)XB14
DDTS ID Number DescriptionCSCdx76632
as5300 crashed in MultiBitDecode
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
CSCea19885
Bus error at address 0xD0D0D0B, Process CCH323_CT
Symptoms: A Cisco router that has a voice feature such as H.323 enabled may reload because of a bus error at address 0xD0D0D0B.
Conditions: This symptom is observed on a Cisco 3700 series but may also occur on other routers.
Workaround: There is no workaround.
CSCea27536
Router crash when H323v3/v4 pkts pass through NAT router
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
NAT router (which is H323v2 stack aware) crashes when H323v3/v4 pkt is processed as "ip nat service h323all" is turned on.
Workaround: Turn off "ip nat service h323all" or move to 12.3T image (which has NAT-H323v3/v4) support
CSCea32240
H323 crashes in strncpy when receiving invalid setup packet
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
CSCea33065
H323 Spurious memory access in h450ProcRcvdApdus
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
CSCea36231
Router hangs when receive in invalid h225 setup
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
CSCea46342
h.323 crashes in ACFnonStandardInfo DEC_ERR=13
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
CSCea51030
h323: proxy crashes when malformed h225 setup message received
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
CSCea51076
h323: proxy crashes when processing invalid h225 setup messafe
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
CSCea54851
h323 proxy: crash at pxy_proc_recv_SETUP when invalid h225 setup rx
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
CSCeb78836
h323: software forced crash if bad packet received and debug opened
Symptoms: Cisco IOS software may cause a Cisco router to reload unexpectedly when the router receives a malformed H.225 setup message.
Conditions: This symptom is observed on a Cisco 1700 series that runs Cisco IOS Release 12.2(13c). The symptom occurs when the following debug privileged EXEC commands are enabled:
•debug h225 asn1
•debug h225 events
•debug h225 q931
Workaround: There is no workaround.
No Caveats—Cisco IOS Release 12.2(2)XB12 to Cisco IOS Release 12.2(2)XB13
Cisco IOS Release 12.2(2)XB13 does not exist so no caveats are documented. Cisco IOS Release 12.2(2)XB12 does not support the Cisco 2600 series.
Open Caveats—Cisco IOS Release 12.2(2)XB11
There are no open caveats specific to Cisco IOS Release 12.2(2)X11 that require documentation in the release notes.
Resolved Caveats—Cisco IOS Release 12.2(2)XB11
All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB11. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
Table 8 Resolved Caveats for Cisco IOS Release 12.2(2)XB11
DDTS ID Number DescriptionCSCdu15973
ISDN should reject V110 calls based on LLC octet 5a
Symptom: When router receive a V.110 call with User rate = 0, even it is async call and not in-band negotiable, ISDN still passes it to the application.
Conditions: V.110 call, User Rate = 0, Async call AND NOT in-band negotiable
Workaround: There is no workaround.
CSCdu73001
call-record username still empty for reverse telnet session
Symptoms: On an AS5300, the username field in the modem call-record (MCR) and Call Tracker call record is left blank for a reverse telnet session.
Workaround: Run AAA accounting in conjunction with Call Tracker or MCR. Correlate the accounting records, based upon line identifier and time of day, with the call records.
CSCdu80540
System crashes when user tries to delete file with ciscoFlashMiscOpT
Symptoms: When user tries to delete a file using ciscoFlashMiscOpTable with ciscoFlashMiscOpDestinationName set to a string greater than 33 characters, the system may crash. This bug has been fixed in Cisco IOS Release 12.1(8)ES and later releases.
Workaround: There is no workaround.
CSCdv29225
5300 returns channel state to IDLE after receiving GSM OOS from SC
Symptoms: On a Cisco AS5300 universal access server that is running Cisco IOS Release 12.2(2)XA1 in a Signaling System 7 (SS7) Interconnect for Voice Gateway solution, if a call is made ingress to the solution from a Public Switched Telephone Network (PSTN) and if a requested continuity test (COT) fails, the Cisco SC2200 signaling controller will send a group service message to the Cisco AS5300 and puts the associated channel on the access server into the maintenance state. However, the Cisco AS5300 puts the associated channel into the idle state a few seconds later. This behavior creates a mismatch in the channel state between the signaling controller and the Cisco AS5300.
Workaround: There is no workaround.
CSCdw18198
Parser cache entry may get deleted when in use
Symptom: Under rare circumstances a router will generate a traceback error or reload if both of the following conditions occur:
•A background process is processing a parser command (for example: pre-clone command or no pre-clone command for vtemplate), and
•Another command is issued at the console (most common is the show interface virt 1 command).
Workaround: There is no workaround.
CSCdw24379
RADIUS attribute Framed-Filter attribute parsing incorrect
Symptoms: Framed-Filter attributes with a value which contains multiple "." characters will not be parsed correctly.
Workaround: Do not use the "." character unless it is used to delimit the suffix with ".in" or ".out".
CSCdx11089
Change password sequence broken: 12.2T + CS Unix
Symptoms: It may not be possible to activate the change password sequence through a Telnet session to a router that is using TACACS+ user authentication.
Conditions: This symptom is observed on a Cisco router that is using a CiscoSecure UNIX (CSUNIX) TACACS+ server and that is running Cisco IOS Release 12.2 T.
Workaround: There is no workaround.
CSCdx28879
Spurious mem access due to preauth_do_author() for vpdn call initiat
Symptoms: When a virtual private dial-up network (VPDN) call is made with authentication, authorization, and accounting (AAA) preauthorization, a traceback is observed because of a spurious memory access made by a preauth_do_author function call.
Conditions: This symptom is observed on a Cisco AS5300 when preauthorization is configured with only the aaa group server radius 7777 command.
Workaround: Configure the dnis required customer profile configuration command.
CSCdx32763
RADIUS decode error when Filter-Id attribute is null terminated
Symptom: A Cisco access server running Cisco IOS Release 12.2(4)T or later may reject a RADIUS authentication response from a RADIUS server when the profile includes the Filter-Id attribute which is terminated with a NULL.
Workaround: Stop the RADIUS server from including the NULL character at the end of the Filter-Id attribute or to downgrade to mainline Cisco IOS Release 12.2 software.
CSCdx54449
router crashed when 100 concurrent x25 sync telnet sessions issued
Symptoms: Router reloads when 100 concurrent x25 sync telnet sessions are issued.
Conditions: Only happens with large number of simultaneous x25 sync telnet sessions.
Workaround: There is no workaround.
CSCdx56527
Memory leak of 20M/Day until crash
Symptoms: A router may reload after a memory leak occurs.
Conditions: This symptom is observed on any Cisco router that is running Cisco IOS Release 12.2 (or Cisco IOS Release 12.2B or Cisco IOS Release 12.2T). The memory leak is triggered by authentication, authorization, and accounting (AAA) when AAA attempts to enable TCP header compression twice within the same user session.
Workaround: Disable TCP header compression when a RADIUS or AAA database is used.
CSCdx72670
router reload in ip_build_outputQ on clear ip mroute
Symptoms: Between PIM process and timer wheel process, there is data corruption which causes crash.
Workaround: There is no workaround.
CSCdy07358
Alignment errors in ipfrag_init process
Symptoms: A Cisco 7200 router running Cisco IOS Release 12.1(15.5) configured as an LNS in a VPDN environment may suffer alignment errors in the ipfrag_init function. The problem does not have any adverse reaction on the router but could impact performance slightly.
Workaround: There is no workaround.
CSCdy63815
OLD-CISCO-TS-MIB tsLineUser empty with AAA radius and local user
Symptoms: An empty value is returned for the tsLineUser value in the OLD-CISCO-TS-MIB MIB.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(2)XB6 with authentication, authorization, and accounting (AAA) RADIUS and that has a local user configuration. The tsLineUser value of the OLD-CISCO-TS-MIB is populated when Cisco IOS 12.1(5)T8 is used.
Workaround: There is no workaround.
CSCdy72086
Torch RSC drops all digital calls after the 421st call is setup.
Symptoms: The 421st call cannot be made and existing calls thereafter drop.
Conditions: With a configuration to bring up 450 digital calls, existing digital calls start dropping after the 421st call.
Workaround: Need to configure 'dialer pool-member 1' option on serial6/1:15
CSCdy73370
Invalid user info displayed in CallTracker
Symptom: Calltracker records are incorrectly reported for modem calls. The userid, ip address and mask are wrong.
Workaround: There is no workaround.
CSCdz00204
no aaa nas port extended has no effect
Symptoms: With the XB6 image the nas port format is the same (for example "Async1/01*Serial3/0:2") with and without the no aaa nas port extende command configured. With the 12.2(2)XA5 image, this is not a case.
Workaround: There is no workaround.
CSCdz00304
Acct-Authentic attribute not correct in some scenarios
Symptoms: Radius accounting attribute 45 (Acct-Authentic) may have a wrong value under some circumstances.
Workaround: There is no workaround.
CSCdz01366
Multihop router Crashs with port flap: PPPoA/L2TP multihop
Symptom: A multihop router may reload because of a port flap.
Conditions: This symptom is observed when there are 940 PPP over ATM (PPPoA) sessions with 50 ingress and 10 egress tunnels configured on a Cisco router running Cisco IOS that is employed as a multihop router.
Workaround: There is no workaround.
CSCdz04349
User-name not included in accounting with nocallback-verify
Symptom: When nocallback-verify is configured for a ppp microsoft callback client, dialing into a Cisco Access Server, it is possible that the username attribute is not included in the aaa accounting records.
Workaround: There is no workaround.
CSCdz18330
Tacacs cmd authorization doesnt work with directed requests
Symptoms: Tacacs+ command authorization on a Cisco router running Cisco IOS Release 12.2(11)T1 fails when used by users that logged in using the Tacacs directed-requests feature (user@<address>). The router incorrectly uses the full username (including the @<address>) to authorize commands against the Tacacs server.
Workaround: There is no workaround.
CSCdz23256
SYS-2-LINKED: Bad dequeue messages periodically reported on AS5800
Symptoms: The following message has been periodically reported on all platforms running Cisco IOS Release 12.2(12.6):
Nov 6 09:22:17.364 CET: %SYS-2-LINKED: Bad dequeue of 62C3B194 in queue 69408DAC
-Process= "<interrupt level>", ipl= 4
-Traceback= 6055A354 604FFAFC 60398F10 60398E44 60B94720 60398C24 6039B380 6039A018 6000F8C4 6015EA80 601624CC 605BDD20 60162358 60B94484 60B92B68 60B295D8
Condition: Problem happens on all platforms running Cisco IOS Release 12.2(12.6), with active X.25 or LAPB serial connections, when LAPB retransmissions are occurring with moderate-to-heavy traffic.
Workaround: There is no workaround.
CSCdz34487
tacacs+ password change sequence broken
Symptoms: The password change sequence does not work as expected when it is used with Cisco Secure Access Control Server software. The user can still access the router with the old password. User can change the existing password to a new password at a later time.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(11)T. This problem was not noticed in 12.2(13)T image with Cisco Secure Access Control Server running on an NT box.
Workaround: There is no workaround.
CSCdz38708
5800 with E1R2 may not accept modem calls
Symptoms: When terminating incoming E1 R2 calls on an AS5800 Access Server with MICA modems, a large percentage (up to 100%) of calls may fail. Debugging on the NAS shows that ANI/DNIS collection succeeds and the call is cleared by the switch shortly after sending the line answer ABCD bits. Debugging on the switch side will show that the interregister signalling answer signal (B6 by default) is never terminated before sending the line answer signal.
Conditions: This problem is seen on an AS5800 series Access server using MICA modems and configured for compelled E1 R2 signalling. The proble is not seen on AS5300 or AS5850 Access Servers or on AS5800 with Nextport card, and it does not occur with sem- or non-compelled E1 R2 signalling or any other signalling type. In addition, this problem only affects incoming calls.
Workaround: There is no workaround.
CSCdz39284
SIP: PROTOS Test Group 5 - Test Cases 330 to 435 causes as5350 crash
Symptoms: Multiple Cisco products contain vulnerabilities in the processing of Session Initiation Protocol (SIP) INVITE messages. These vulnerabilities were identified by the University of Oulu Secure Programming Group (OUSPG) "PROTOS" Test Suite for SIP and can be repeatedly exploited to produce a denial of service.
Conditions: This issue is observed on Cisco devices which contain support for the SIP protocol and are running vulnerable versions of software.
Workaround: Cisco will be making free software available to correct the problem as soon as possible. Additional workarounds will be documented in the Security Advisory.
This advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml
CSCdz40483
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = IP I
Symptoms: A Cisco router permanently pauses with a watchdog timer under normal operation.
Conditions: This symptom is observed when the router is a voice endpoint with active calls.
Workaround: There is no workaround.
CSCdz44203
Dynamic Dialer map not created with aaa authentication if-needed
Symptoms: Users connecting to an AS5350, using a post dial terminal window for authentication, may not be able to ping the AS5350 after connecting. This problem only occurs with "aaa authentication ppp <list> if-needed" configured. The root of the problem is that a dynamic dial map is not created for the user. This can be seen with the show dialer map command. The other symptom of this problem is that there will be no output packets on the async interface to which the user is connected.
Workaround: Reconfigure the router to use virtual-profiles, or remove "if-needed" from the AAA authentication command.
CSCdz45885
AAA POD not disconnecting client requests with 8 byte session id
Symptoms: An authentication, authorization, and accounting (AAA) packet of disconnect (POD) server may not disconnect a client request that has an 8-byte session ID.
Conditions: This symptom may occur on a Cisco AS5400 or a Cisco AS58500 that is functioning as a triple A POD server.
Workaround: There is no workaround.
CSCdz51403
NAS-port attribut 5 has been changed for format C
Symptoms: VTY interface is not supported with extended NAS-PORT format.
Workaround: There is no workaround.
CSCdz51941
Call drops once the Card is OIRed in case of NFAS.
Symptoms: On a Cisco AS5800 when a trunk which has been configured for Primary NFAS is inserted back after OIR, the calls on the other cards, which are configured for NFAS of the same group, could fail, especially in the case of a TD/TV solution.
Workaround: There is no workaround.
CSCdz54240
poor performance on MLP with h/w compression (single channel ISDN)
Symptoms: The transportation of files across a single BRI connection of an E1 line may result in poor performance.
Conditions: This symptom is observed on a Cisco 3600 series router that is running Cisco IOS Release 12.2(02)XB7.
Workaround: There is no workaround.
CSCdz56776
Outgoing PPP frames are stuck on MLPPP
Symptoms: If Multilink PPP call(MLPPP) is disconnected by cause except Normal call clearing, no frames are send out on subsequent calls and the output queue may be stuck.
Condition: The symptoms occur under the following conditions:
•You are running Cisco IOS Release 12.2 and Cisco IOS Release 12.2T
•MLPPP is enabled on ISDN interface (BRI and PRI).
•Dialer profile and multiple dialer interfaces belonging to the same dialer pool number are configured.
Workaround: Use the no fair-queue command on physical interfaces.
CSCdz61141
MPPE fails with radius
Symptoms: Microsoft Point-to-Point Encryption (MPPE) does not work when RADIUS is used for authentication and authorization. The user is able to authenticate and MPPE is negotiated, but traffic will not pass through unless MPPE is disabled or local authentication is used.
Conditions: This symptom occurs when MPPE is used with RADIUS to perform authentication and authorization.
Workaround: There is no workaround.
CSCdz70933
Filter-Id from preauthentication not applied with auth-required=0
Symptoms: When the Filter-Id attribute is provided during preauthentication, it is accepted, but not applied to the virtual access interface. When the same attribute is provided during PPP authentication, it is applied OK.
Workaround: There is no workaround.
CSCdz71219
Input-queue wedge intermittently
Symptoms: Intermittent problem on Virtual-Access interfaces. The input-queue becomes wedge, for example:
input queue 11/10
Increasing the input-queue size does not help.
Workaround: There is no workaround.
CSCdz72678
mgcp-nas-pkg calls generate zero values for RADIUS acct attributes
Symptoms: Media Gateway Control Protocol (MGCP) network access server (NAS) package calls may cause the following RADIUS accounting attributes to contain zero values:
•Acct-Input-Octets
•Acct-Output-Octets
•Acct-Input-Packets
•Acct-Output-Packets
•Data-Rate
•Ascend-Xmit-Rate
•Presession-Packets-Input
•Presession-Packets-Output
•Presession-Octets-In
•Presession-Octets-Out
Conditions: This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(2)XB8 or Cisco IOS Release 12.2 T.
Workaround: There is no workaround.
CSCdz85925
PPP Async interfaces not updated in routing table
Symptoms: Non-Multilink PPP (non-MLP) asynchronous users may not get a connected route in the IP routing table.
Conditions: This symptom is observed with non-MLP asynchronous users that are on an asynchronous interface that was previously used for MLP.
Workaround: Configure the router to use virtual profiles by entering the following sequence of commands:
Router(config)# interface virtual-template 1
Router(config)# virtual-profile virtual-template 1
Router(config)# no virtual-profile if-needed
CSCdz88409
Router crashed during weak Radius service
Symptoms: Cisco C5800 Router running Cisco IOS Release 12.2(2)XB10 crashed during a period of weak Radius service that provocated high session flapping.
Workaround: There is no workaround.
CSCdz89543
Missing accounting stop record with LSDO and Multilink PPP
Symptoms: In a Large-Scale Dial-Out (LSDO) setup in which the called site (remote site) is configured to add additional member links to the Multilink PPP (MLP) connection, the initial call to the remote site via LSDO may not trigger an accounting stop record when the call terminates.
Conditions: This symptom is observed when the customer premises equipment (CPE) adds additional links to the multilink bundle that is built by the initial LSDO call. If there is only one LSDO call or if all member links are initiated by the remote site (LSDO is not used), stop accounting records are correctly generated for all member links.
Workaround: There is no workaround.
CSCdz89669
AAA Accounting not sent for multilink isdn calls, when MSCB confd
Symptoms: When an ISDN dial-in client negotiates callback and multilink, and the callback is not configured for that user, the authentication, authorization, and accounting (AAA) records may not be sent.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2 T.
Workaround: There is no workaround.
CSCea02355
rare ip packets may cause input queue wedge
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
CSCea12966
function aaa_attr_list_ptr_copy_to_req does not support merged lists
Symptoms: Function aaa_attr_list_ptr_copy_to_req incorrectly strips off any additional attribute lists connected to the list passed in. This causes attributes lists to be lost, resulting in missing attributes being sent to AAA Servers.
Workaround: There is no workaround.
CSCea19087
CALLTRKR-6-CALL_RECORD not displayed for a modem-pool call with CAS
Symptoms: A Cisco AS5300 may not display some Calltracker information for a modem call.
Conditions: This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(2)XB10 or Cisco IOS Release 12.2(13)T and is configured for channel-associated signaling (CAS) with modem pooling. This is observed, in particular, when the call is routed to a configured modem pool instead of to the default modem pool. The Calltracker messages look like the following messages:
CALLTRKR-6-CALL_RECORD
and
CALLRECORD-3-MICA_TERSE_CALL_REC
However, when the symptom occurs, the first message is omitted.
Workaround: Configure the Cisco AS5300 for ISDN (PRI) instead for CAS.
First Alternate Workaround: Do not configure modem pooling.
Second Alternate Workaround: Ensure that the call is routed to the default modem pool.
CSCea23484
VPDN rejecting 127.0.0.x address as source-ip
Symptoms: IP addresses of the "127.0.0.x" type may be rejected by a virtual private dial-up network (VPDN) to be used as the source IP address for VPDN tunnels.
Conditions: This symptom is observed on a Cisco AS5400 or Cisco AS5800.
Workaround: There is no workaround.
CSCea24574
VSA not processed if sent with tagged tunnel attributes
Symptoms: AAA may not process VSA if sent with tagged L2TP tunnel attributes.
Conditions: This symptom is observed on a Cisco AS5400/AS5800.
Workaround: There is no workaround.
CSCea28396
AS5300 reloads while sending aaa accounting request
Symptoms: A router may reload when sending an authentication, authorization, and accounting (AAA) request to a TACACS+ server.
Conditions: This symptom is observed on a Cisco AS5300 universal access server that is running Cisco IOS Release 12.2XB(10) and Cisco IOS Release 12.2 T.
Workaround: There is no workaround.
CSCea28958
Function to manipulate attribute lists does not merge correctly
Symptoms: While copying an AAA attribute list into an event, the copy function strips off any additional attribute lists connected to the list passed in. This causes attributes lists to be lost, resulting in missing attributes being sent to AAA Servers.
Workaround: There is no workaround.
CSCea41989
AS5400/AS5350 - ANI/DNIS Delimiter (sig-class) CAS for CT1 is broken
Symptoms: A user-configured signaling class template may not be not used during incoming and outgoing channel-associated signaling (CAS) calls. Instead, the default signaling template is used.
Conditions: This symptom is observed in Cisco IOS Release 12.2 and Cisco IOS Release 12.2 T on a Cisco AS5350 and a Cisco AS5400.
Workaround: There is no workaround.
CSCea45343
Not able to manually shutdown modem/spe in BAD state
Symptom: When a modem in bad state is shutdown, the show modem command reports the state as BAD and not as SHUT.
Further Problem Description: The states of busy out and shut were clubbed together as 'b'. The two were segregated as part of DDTS CSCdr31105. If a modem in bad state is shut down, the show modem command shows the state as 'B' and not as 'S'. But if a modem is shut down, it really doesn't matter what state the modem is in. So the state should be shown as 'S'.
Workaround: There is no workaround.
CSCea52804
bus error at auth_tx_failure
Symptoms: A Cisco AS5350/AS5400 running Cisco IOS Release 12.2(2)XB7 crashes with bus error at auth_tx_failure.
Workaround: There is no workaround.
CSCea53600
authorization failure for terminal login call with per-user DNS/WINS
Symptoms: Issue with terminal server login where a radius assigned DNS or WINS server (ie. per-user dns/wins) causes authorization to fail.
Workaround: There is no workaround.
CSCea61814
bearer capability changed for outgoing hairpinned call
Symptoms: The bearer capability is changed for outgoing hairpinned call.
Workaround: There is no workaround.
CSCea66630
COT_TP_IN test fail resulting channels in maintenence pending
Symptoms: The first COT_TP_IN test failed right after reload and the AS5300 never received COT_TP_OUT from softswitch, putting the channel in maintenance pending state. The timer in COT_TP_IN test should bring the channel to idle even if it does not receive the COT_TP_OUT from softswitch.
Workaround: There is no workaround.
CSCin03921
The 872uut crashes inconsistently during cbwfq tests
Symptom: Adding or removing a service policy to a dialer interface may infrequently cause a spontaneous reload of the router.
Workaround: There is no workaround. However relying on experience with similar issues (involving reconfiguring a dialer on the fly), the suggestion is that either or both of the following steps might help:
•Stop generating traffic through the interface
•Shutdown the dialer interface when changing the service policy
Open Caveats—Cisco IOS Release 12.2(2)XB9 to Cisco IOS Release 12.2(2)XB10
There are no open caveats specific to Cisco IOS Release 12.2(2)XB9 through Cisco IOS Release 12.2(2)XB10 that require documentation in the release notes. Cisco IOS Release 12.2(2)XB9 is not distributed for widespread availability.
Resolved Caveats—Cisco IOS Release 12.2(2)XB9 to Cisco IOS Release 12.2(2)XB10
There are no resolved caveats specific to Cisco IOS Release 12.2(2)XB9 through Cisco IOS Release 12.2(2)XB10 that require documentation in the release notes. Cisco IOS Release 12.2(2)XB9 is not distributed for widespread availability.
Open Caveats—Cisco IOS Release 12.2(2)XB8
This section documents possible unexpected behavior by Cisco IOS Release 12.2(2)XB8 and describes only severity 1 and 2 caveats and select severity 3 caveats.
Resolved Caveats—Cisco IOS Release 12.2(2)XB8
All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB8. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
Open Caveats—Cisco IOS Release 12.2(2)XB7
This section documents possible unexpected behavior by Cisco IOS Release 12.2(2)XB7 and describes only severity 1 and 2 caveats and select severity 3 caveats.
Resolved Caveats—Cisco IOS Release 12.2(2)XB7
All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB7. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
Open Caveats—Cisco IOS Release 12.2(2)XB6
This section documents possible unexpected behavior by Cisco IOS Release 12.2(2)XB6 and describes only severity 1 and 2 caveats and select severity 3 caveats.
Resolved Caveats—Cisco IOS Release 12.2(2)XB6
All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB6. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
Open Caveats—Cisco IOS Release 12.2(2)XB5
This section documents possible unexpected behavior by Cisco IOS Release 12.2(2)XB5 and describes only severity 1 and 2 caveats and select severity 3 caveats.
Resolved Caveats—Cisco IOS Release 12.2(2)XB5
All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB5. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
Open Caveats—Cisco IOS Release 12.2(2)XB4
This section documents possible unexpected behavior by Cisco IOS Release 12.2(2)XB4 and describes only severity 1 and 2 caveats and select severity 3 caveats.
.
Resolved Caveats—Cisco IOS Release 12.2(2)XB4
All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB4. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
Open Caveats—Cisco IOS Release 12.2(2)XB3
There are no open caveats specific to Cisco IOS Release 12.2(2)XB3 that require documentation in the release notes.
Resolved Caveats—Cisco IOS Release 12.2(2)XB3
All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB3. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
•CSCdw65903
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Open and Resolved Caveats—Cisco IOS Release 12.2(2)XB2
There are no open and resolved caveats specific to Cisco IOS Release 12.2(2)XB2 that require documentation in the release notes.
Open and Resolved Caveats—Cisco IOS Release 12.2(2)XB1
Cisco IOS Release 12.2(2)XB1 does not support the Cisco 2600 series.
Open Caveats—Cisco IOS Release 12.2(2)XB
This section documents possible unexpected behavior by Cisco IOS Release 12.2(2)XB and describes only severity 1 and 2 caveats and select severity 3 caveats.
•CSCdv46685
Second Stage Dialing Broken on MGCP Gateways
Symptom: Back-to-back MGCP second stage dialing calls may fail. The second (and all subsequent) requests for digit detection may not receive NTFY messages containing the detected digits so the Call Agent will not know that the gateway received the digits.
In MGCP, if the following happens:
a. An RQNT is sent from the Call Agent requesting digits and then a NTFY is sent by the gateway indicating that the requested digit map has been satisfied
b. A "DLCX" is sent with NO "X:" parameter and no other messages between a) and b) are sent which include an empty "R:" parameter
c. A second RQNT is sent from the Call Agent requesting digits
then the digits detected for the second RQNT will NOT be sent in a NTFY. No digits will be detected on that endpoint until either a DLCX WITH an "X:" parameter is sent OR any message with an empty "R:" parameter is sent.
Conditions: This problem has been reproduced on 5400 universal gateways but will be present for any MGCP gateway.
Workaround: There are two possible workarounds. Both involve modifications to the messages sent from a Call Agent:
a. If the Call Agent sends any MGCP message with an empty "R:" parameter to that endpoint between the initial RQNT and the later RQNT (either before or after the DLCX) then the second RQNT will get NTFY'ed as expected.
b. If the Call Agent includes an "X:" parameter in the DLCX then the second RQNT will get NTFY'ed as expected.
Resolved Caveats—Cisco IOS Release 12.2(2)XB
There are no resolved caveats specific to Cisco IOS Release 12.2(2)XB that require documentation in the release notes.
Related Documentation
The following sections describe the documentation available for the Cisco 2600 series. These documents consist of hardware and software installation guides, Cisco IOS configuration guides and command references, system error messages, feature modules, and other documents.
Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online on Cisco.com and the Documentation CD-ROM.
Use these release notes with these documents:
• Cisco IOS Software Documentation Set
Release-Specific Documents
The following documents are specific to Cisco IOS Release 12.2 and are located on Cisco.com and the Documentation CD-ROM:
•Cross-Platform Release Notes for Cisco IOS Release 12.2
On Cisco.com at:
Technical Documents: Cisco IOS Software: Cisco IOS Release 12.2: Release Notes: Cross-Platform Release Notes
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.2: Release Notes: Cross-Platform Release Notes
•Product bulletins, field notices, and other release-specific documents on Cisco.com at:
Technical Documents
•The "Caveats for Cisco IOS Release 12.2 XB" section
As a supplement to the caveats listed in "Caveats for Cisco IOS Release 12.2 XB" in these release notes, see Caveats for Cisco IOS Release 12.2 and Caveats for Cisco IOS Release 12.2 T, which contain caveats applicable to all platforms for all maintenance releases of Cisco IOS Release 12.2 and Cisco IOS Release 12.2 T.
On Cisco.com at:
Technical Documents: Cisco IOS Software: Cisco IOS Release 12.2: Release Notes: Caveats
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.2: Caveats
Note If you have an account with Cisco.com, you can also use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com and click Technical Support: Tools & Utilities: More: Software Bug Toolkit (under Troubleshooting Tools). Another option is to go to http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl.
Platform-Specific Documents
These documents are available for the Cisco 2600 series on Cisco.com and the Documentation CD-ROM:
•Cisco 2600 Series Modular Routers Quick Start Guide
•Hardware Installation Documents for Cisco 2600 series
•Software Configuration Documents for Cisco 2600 series
•Regulatory Compliance and Safety Documents for Cisco 2600 series
On Cisco.com at:
Technical Documents: Cisco Product Documentation: Access Servers and Access Routers: Modular Access Routers: Cisco 2600 Series Routers
On the Documentation CD-ROM at:
Cisco Product Documentation: Access Servers and Access Routers: Modular Access Routers: Cisco 2600 Series Routers
Feature Modules
Feature modules describe new features supported by Cisco IOS Release 12.2(2)XB15 and are updates to the Cisco IOS documentation set. A feature module consists of a brief overview of the feature, benefits, configuration tasks, and a command reference. As updates, the feature modules are available online only. Feature module information is incorporated in the next printing of the Cisco IOS documentation set.
On Cisco.com at:
Technical Documents: Cisco IOS Software: Cisco IOS Release 12.2: New Feature Documentation
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.2: New Feature Documentation
Feature Navigator
Cisco IOS software is packaged in feature sets that are supported on specific platforms. To get updated information regarding platform support for this feature, access Cisco Feature Navigator. Cisco Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.
Cisco Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or release. Under the release section, you can compare releases side by side to display both the features unique to each software release and the features in common.
To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:
http://www.cisco.com/cgi-bin/Support/FeatureNav/FN.pl
Cisco IOS Software Documentation Set
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents. The Cisco IOS software documentation set is shipped with your order in electronic form on the Documentation CD-ROM—unless you specifically ordered the printed versions.
Documentation Modules
Each module in the Cisco IOS documentation set consists of one or more configuration guides and one or more corresponding command references. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference.
On Cisco.com at:
Technical Documents: Cisco IOS Software: Cisco IOS Release 12.2: Configuration Guides and Command References
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.2: Configuration Guides and Command References
Cisco IOS Release 12.2 Documentation Set Contents
Table 19 lists the contents of the Cisco IOS Release 12.2 software documentation set, which is available in electronic form and in printed form if ordered.
Note You can find the most current Cisco IOS documentation on Cisco.com and the Documentation CD-ROM.
On Cisco.com at:
Technical Documents: Cisco IOS Software: Cisco IOS Release 12.2
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.2
Obtaining Documentation
The following sections provide sources for obtaining documentation from Cisco Systems.
World Wide Web
You can access the most current Cisco documentation on the World Wide Web at this URL:
Translated documentation is available at this URL:
http://www.cisco.com/public/countries_languages.shtml
Documentation CD-ROM
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.
Ordering Documentation
You can order Cisco documentation in these ways:
•Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Networking Products MarketPlace:
http://www.cisco.com/cgi-bin/order/order_root.pl
•Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store:
http://www.cisco.com/go/subscription
•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, U.S.A.) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).
Documentation Feedback
You can submit comments electronically on Cisco.com. In the Cisco Documentation home page, click the Fax or Email option in the "Leave Feedback" section at the bottom of the page.
You can email your comments to bug-doc@cisco.com.
You can submit your comments by mail by using the response card behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Obtaining Technical Assistance
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain online documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site.
Cisco.com
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.
Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you with these tasks:
•Streamline business processes and improve productivity
•Resolve technical issues with online support
•Download and test software packages
•Order Cisco learning materials and merchandise
•Register for online skill assessment, training, and certification programs
If you want to obtain customized information and service, you can self-register on Cisco.com. To access Cisco.com, go to this URL:
Technical Assistance Center
The Cisco Technical Assistance Center (TAC) is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two levels of support are available: the Cisco TAC Web Site and the Cisco TAC Escalation Center.
Cisco TAC inquiries are categorized according to the urgency of the issue:
•Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration.
•Priority level 3 (P3)—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.
•Priority level 2 (P2)—Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available.
•Priority level 1 (P1)—Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available.
The Cisco TAC resource that you choose is based on the priority of the problem and the conditions of service contracts, when applicable.
Cisco TAC Web Site
You can use the Cisco TAC Web Site to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to this URL:
All customers, partners, and resellers who have a valid Cisco service contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to this URL to register:
http://www.cisco.com/register/
If you are a Cisco.com registered user, and you cannot resolve your technical issues by using the Cisco TAC Web Site, you can open a case online by using the TAC Case Open tool at this URL:
http://www.cisco.com/tac/caseopen
If you have Internet access, we recommend that you open P3 and P4 cases through the Cisco TAC Web Site.
Cisco TAC Escalation Center
The Cisco TAC Escalation Center addresses priority level 1 or priority level 2 issues. These classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer automatically opens a case.
To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to this URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled: for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). When you call the center, please have available your service agreement number and your product serial number.
Posted: Tue Dec 13 19:02:25 PST 2005
All contents are Copyright © 1992--2005 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.