Release Notes for Cisco MC3810 Multiservice Access Concentrators for Cisco IOS Release 12.2(2)XB15
January 13, 2004
Cisco IOS Release 12.2(2)XB15
OL-1676-01 Rev. I1
These release notes for the Cisco MC3810 describe the enhancements provided in Cisco IOS Release 12.2(2)XB15. These release notes are updated as needed.
The Cisco MC3810 multiservice access concentrator is fully supported by Cisco IOS software for multiprotocol routing, bridging, and Systems Network Architecture (SNA). As part of an enterprise backbone or as a CPE device to serve provider-managed network services, the Cisco MC3810 reduces operating costs and complexity, and increases network throughput and performance.
The Cisco MC3810 provides a complete file system for software images, message files, and reports. The standard Flash memory size is 8 MB. A 16-MB upgrade option is available. The 16-MB version can hold two code images simultaneously for fail-safe upgrades.
Management and configuration of the Cisco MC3810 should be familiar to the Cisco IOS user and compatible with existing management systems. As such, it provides a superset of the Cisco command-line interface (CLI). The Cisco MC3810 can be managed by standard Cisco management platforms and facilities such as CiscoView and the native remote login facilities provided by Telnet and rlogin. Three types of configuration interfaces are provided as follows:
Cisco CLI
HTTP-based configuration server
SNMP-based MIB
The HTTP-based interface allows configuration from any web browser such as Netscape Navigator or Microsoft Explorer. The Simple Network Management Protocol (SNMP) MIB allows management of the Cisco MC3810 from SNMP managers (for example, HP OpenView).
Table 1 Memory Recommendations for the Cisco MC3810 Multiservice Access Concentrator
Image Name
Software Image
Flash Memory Recommended
DRAM Memory Recommended
Runs From
IP/ATM Plus IPsec 56 No ISDN
mc3810-a2i5k8s-mz
8 MB
32 MB
RAM
IP/ATM Plus IPsec 3DES No ISDN
mc3810-a2i5k9s-mz
8 MB
32 MB
RAM
IP/ATM Plus No ISDN
mc3810-a2i5s-mz
8 MB
32 MB
RAM
IP/ATM Plus IPsec3DES
mc3810-a2ik9s-mz
16 MB
64 MB
RAM
IP Plus VoIP/VoATM
mc3810-a2isv5-mz
16 MB
64 MB
RAM
IP Plus VoIP/VoATM IPsec 56
mc3810-a2ik8sv5-mz
16 MB
64 MB
RAM
IP Plus VoIP/VoATM IPsec 3DES
mc3810-a2ik9sv5-mz
16 MB
64 MB
RAM
Enterprise/ATM Plus IPsec 3DES
mc3810-a2jk9s-mz
16 MB
64 MB
RAM
Enterprise Plus VoIP/VoATM
mc3810-a2jsv5-mz
16 MB
64 MB
RAM
Enterprise Plus/H.323 MCM
mc3810-a2jsv5x-mz
16 MB
64 MB
RAM
Enterprise Plus VoIP/VoATM IPsec56
mc3810-a2jk8sv5-mz
16 MB
64 MB
RAM
Enterprise Plus VoIP/VoATM IPsec3DES
mc3810-a2jk9sv5-mz
16 MB
64 MB
RAM
Supported Hardware
Cisco IOS Release 12.2 T supports the Cisco MC3810 multiservice access concentrator. The Cisco MC3810 base chassis is a semifixed configuration router that can be customized for a specific application at the factory or in the field by a qualified technician. The base chassis includes the following components:
One fixed Ethernet LAN port
A console port and an auxiliary port
Two synchronous serial ports
Five mounting areas for functional modules that support additional capabilities
AC, DC, or redundant power supply option
Cisco MC3810 series concentrators are supplied in various standard hardware configurations. These concentrators are equipped with different sets of functional modules to provide specific functional capability. Many configurations are possible, but they are all variations of the basic categories described in Table 2. Supported hardware is shown in Table 3. The chassis opening for any mounting area that is not equipped with a functional module is closed off with a removable cover plate.
For additional information about supported hardware for this platform and release, please refer to the Hardware/Software Compatibility Matrix in the Cisco Software Advisor at the following location:
2-DSP HCM, supports up to 8 channels of compressed voice
MC3810-HCM2=
6-DSP HCM, supports up to 24 channels of compressed voice
MC3810-HCM6=
3-DSP VCM, supports up to 6 channels9 of compressed voice
MC3810-VCM3=
6-DSP VCM, supports up to 12 channels9of compressed voice
MC3810-VCM6=
Multiflex Trunk Modules with Optional BRI
1-port MFT with RJ-48 channelized T1 interface
MC3810-MFT-T1=
1-port MFT with RJ-48 channelized E1 interface
MC3810-MFT-E1=
1-port MFT with unbalanced E1-BNC interface
MC3810-MFT-BNC=
1-port MFT with RJ-48 channelized T1 and BRI S/T interfaces
MC3810-MFT-TBS=
1-port MFT with unbalanced E1-BNC and BRI S/T interfaces
MC3810-MFT-EUS=
1 Requires one to six APMs and one voice compression module (VCM3 or VCM6).
2 Requires one or two voice compression modules (VCM6) for processed voice.
3 Requires one voice compression module (VCM3 or VCM6) and Cisco IOS Release 12.0(4)T or a later release.
4 Requires MFT for ATM connectivity and Cisco serial V.35 DCE cable (product order number 72-1721-01) that includes a Ringing Indicator (RI) conductor, and a Cisco EIA/TIA-366 ACE cable (product order number 72-1722-01) to connect the VDM to the videoconferencing equipment RS-366 dialup DTE port.
5 For use with analog voice modules; one AVM requires at least one APM and supports up to six APMs.
6 PR2 countries currently include Australia and New Zealand.
7 PR3 countries currently include Japan and Singapore.
8 VCMs and Cisco IOS Plus feature sets are required for voice processing (for example, switching, compression, echo cancellation, and silence suppression) but not for drop-and-insert applications.
9 Cisco MC3810 maximum voice channel support by compression algorithm: G.711 at 64 kbps = 6 channels; G.726 at 32 kbps = 12 channels; G.729 at 8 kbps = 12 channels; G.729a at 8 kbps = 24 channels.
Determining the Software Version
To determine the version of Cisco IOS software running on your Cisco MC3810, log in to the Cisco MC3810 and enter the show version EXEC command:
Router> show version
Cisco Internetwork Operating System Software
IOS (tm) 12.2 XB Software mc3810-js-mz, Version 12.2(2)XB15, RELEASE SOFTWARE
Upgrading to a New Software Release
For general information about upgrading to a new software release, refer to Software Installation and Upgrade Procedures locatedat the following URL:
The Cisco IOS software is packaged in feature sets consisting of software images—depending on the platform. Each feature set contains a specific set of Cisco IOS features.
Cisco IOS Release 12.2(2)XB15 supports the same feature sets as Cisco IOS Release 12.2(4) T, but Cisco IOS Release12.2(2)XB15 can include new features supported by the Cisco MC3810.
Caution Cisco IOS images with strong encryption (including, but not limited to, 168-bit Triple Data Encryption Standard [3DES] data encryption feature sets) are subject to United States government export controls and have limited distribution. Strong encryption images to be installed outside the United States are likely to require an export license. Customer orders may be denied or subject to delay because of United States government regulations. When applicable, purchaser and user must obtain local import and use authorizations for all encryption strengths. Please contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com.
Table 4 and Table 5 list the features and feature sets supported by the Cisco MC3810 used the following conventions:
Yes—The feature is supported in the software image.
No—The feature is not supported in the software image.
In—The number in the "In" column indicates the Cisco IOS release in which the feature was introduced.
Note These release notes are not cumulative and only list features that are new to Cisco IOS
Release 12.2(2)XB15. The parent release for Cisco IOS Release 12.2(2)XB15 is Cisco IOS
Release 12.2(4) T. To find information about inherited features, refer to Cisco.com or Feature
Navigator. For Cisco.com, go to
http://www.cisco.com/univercd/home/index.htm, select the appropriate software release
under Cisco IOS Software, and click Release Notes. If you have a Cisco.com login account, you can
use the Feature Navigator tool at http://www.cisco.com/go/fn.
Table 4 Feature List by Feature Set for the Cisco MC3810 Router, Part 1 of 3
Features
In
Software Images by Feature Sets
IP/ATM Plus IPsec 56 No ISDN
IP/ATM Plus IPsec 3DES No ISDN
IP/ATM Plus No ISDN
IP Plus VoIP/ VoATM
IP Plus VoIP/ VoATM IPsec 56
Multiservice Applications - Voice
MGCP based Fax (T.38) and DTMF Relay
12.2(2)XB
No
No
No
Yes
No
Quality of Service
MGCP VoIP Call Admission Control
12.2(2)XB
No
No
No
Yes
Yes
UBR+ and ATM Enhancements for Service Provider Integrated Access
12.2(2)XB
Yes
Yes
Yes
Yes
No
Table 5 Feature List by Feature Set for the Cisco MC3810 Router, Part 2 of 3
Features
In
Software Images by Feature Sets
IP Plus VoIP/VoATM IPsec 3DES
IP/ATM Plus IPsec 3DES
Enterprise Plus VoIP/VoATM IPsec 56
Enterprise/ATM Plus IPsec 3DES
Multiservice Applications - Voice
MGCP based Fax (T.38) and DTMF Relay
12.2(2)XB
Yes
No
Yes
No
Quality of Service
MGCP VoIP Call Admission Control
12.2(2)XB
Yes
No
No
No
UBR+ and ATM Enhancements for Service Provider Integrated Access
12.2(2)XB
No
Yes
No
Yes
Table 6 Feature List by Feature Set for the Cisco MC3810 Router, Part 3 of 3
Features
In
Software Images by Feature Sets
Enterprise Plus/ H323 MCM
Enterprise Plus VoIP/VoATM IPsec 56
Enterprise Plus VoIP/VoATM IPsec 3DES
Multiservice Applications - Voice
MGCP based Fax (T.38) and DTMF Relay
12.2(2)XB
Yes
Yes
No
Quality of Service
MGCP VoIP Call Admission Control
12.2(2)XB
Yes
No
Yes
uBR+ and ATM Enhancements
12.2(2)XB
Yes
No
No
New and Changed Information
The following sections list the new hardware and software features supported by the Cisco MC3810 for Cisco IOS Release 12.2(2) XB14.
New Hardware and Software Features in Cisco IOS Release 12.2(2)XB14 to Cisco IOS Release 12.2(2)XB15
No new hardware and software features are supported by the Cisco MC3810 for Cisco IOS Release 12.2(2)XB14 to Cisco IOS Release 12.2(2)XB15.
New Hardware and Software Features in Cisco IOS Release 12.2(2)XB9 to Cisco IOS Release 12.2(2)XB13
Cisco IOS Release 12.2(2)XB9 to Cisco IOS Release 12.2(2)XB13 do not support the Cisco MC3810.
Note Cisco IOS Release 12.2(2)XB9 is not distributed for widespread availability. Cisco IOS
Release 12.2(2)XB13 does not exist.
New Hardware and Software Features from Cisco IOS Release 12.2(2)XB1 to Cisco IOS Release 12.2(2)XB8
No new hardware and software features are supported by the Cisco MC3810 from Cisco IOS Release 12.2(2)XB1 to Cisco IOS Release 12.2(2)XB8.
New Software Features in Cisco IOS Release 12.2(2)XB
The following new software features are supported by the Cisco MC3810 for Cisco IOS Release 12.2(2)XB:
MGCP Based Fax (T.38) and DTMF Relay
The MGCP Based Fax (T.38) and DTMF (IETF) Relay feature adds support for fax relay and DTMF relay with MGCP. The fax relay component conforms to ITU-T T.38, Procedures for real-time Group 3 facsimile communication over IP networks, which determines procedures for real-time facsimile communication in various gateway control protocol (XGCP) applications. The DTMF relay component conforms to RFC 2833, RTP Payload for DTMF Digits, Telephony Tones and Telephony Signals, developed by the Internet Engineering Task Force (IETF) Audio/Video Transport (AVT) working group. Per RFC 2833, DTMF is relayed using Named Telephony Events (NTEs) in Real-Time Transport Protocol (RTP) packets.
This feature provides two modes of implementation for each component: gateway (GW)-controlled mode and call agent (CA)-controlled mode. In GW-controlled mode, GWs negotiate DTMF and fax relay transmission by exchanging capability information in Session Description Protocol (SDP) messages. That transmission is transparent to the CA. GW-controlled mode allows use of the MGCP Based Fax (T.38) and DTMF (IETF) Relay feature without upgrading the CA software to support the feature.
In CA-controlled mode, CAs use MGCP messaging to instruct GWs to process fax and DTMF traffic. For MGCP T.38 Fax Relay, the CAs can also instruct GWs to revert to GW-controlled mode if the CA is unable to handle the fax control messaging traffic; for example, in overloaded or congested networks.
Refer to the following document for further information:
MGCP CAC determines if calls can be accepted on the IP network based on available network resources. Prior to this release, MGCP VoIP calls were established regardless of the available resources on the gateway or network. The gateway had no mechanism for gracefully refusing calls if resources were not available to process the call. New calls would fail with unexpected behavior and in-progress calls would experience quality-related problems.
Refer to the following document for further information:
Unspecified Bit Rate Plus (uBR+) and ATM Enhancements
The uBR+ and ATM enhancements include the following:
uBR+ functionality
Proportional allocation of excess bandwidth
Over subscription of the Cisco MC3810-MFT T1/E1 trunk and similar ATM-capable interfaces offered on the Cisco 2600 series
These enhancements permit the over subscription of ATM trunks for uBR+ permanent virtual circuits (PVCs).
uBR+ supports a zero committed information rate (CIR) with infinite burst capabilities. It allows any available network bandwidth to be continuously usable by any data application. For this feature, all data traffic in the network will use uBR+. The zero CIR with infinite burst feature is exclusive to data traffic and implemented for AAL5.
Without the uBR+ and ATM enhancement feature, a file transfer from one virtual circuit (VC) uses the entire trunk bandwidth when no other VCs (data or voice) are active. When other VCs are active with a fixed amount of bandwidth, the one VC's file transfer will appropriate all of the remaining bandwidth that the other VCs are not using.
Since uBR allows for a continuous burst, bandwidth could be conserved by assigning a uBR Class of Service (CoS) to the VC. However, uBR has a variable bit rate (VBR) that constrains the burst period to a maximum burst size (MBS), rather than allowing a continuous burst. The uBR+ and ATM enhancements feature does not have an MBS constraint.
Refer to the following document for further information:
If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:
To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
Old Cisco MIBs will be replaced in a future release. Currently, OLD-CISCO-* MIBs are being converted into more scalable MIBs without affecting existing Cisco IOS products or network management system (NMS) applications. You can update from deprecated MIBs to the replacement MIBs as shown in Table 7.
Table 7 Deprecated and Replacement MIBs
Deprecated MIB
Replacement
OLD-CISCO-APPLETALK-MIB
RFC1243-MIB
OLD-CISCO-CHASSIS-MIB
ENTITY-MIB
OLD-CISCO-CPUK-MIB
To be determined
OLD-CISCO-DECNET-MIB
To be determined
OLD-CISCO-ENV-MIB
CISCO-ENVMON-MIB
OLD-CISCO-FLASH-MIB
CISCO-FLASH-MIB
OLD-CISCO-INTERFACES-MIB
IF-MIB CISCO-QUEUE-MIB
OLD-CISCO-IP-MIB
To be determined
OLD-CISCO-MEMORY-MIB
CISCO-MEMORY-POOL-MIB
OLD-CISCO-NOVELL-MIB
NOVELL-IPX-MIB
OLD-CISCO-SYS-MIB
(Compilation of other OLD* MIBs)
OLD-CISCO-SYSTEM-MIB
CISCO-CONFIG-COPY-MIB
OLD-CISCO-TCP-MIB
CISCO-TCP-MIB
OLD-CISCO-TS-MIB
To be determined
OLD-CISCO-VINES-MIB
CISCO-VINES-MIB
OLD-CISCO-XNS-MIB
To be determined
Important Notes
The following sections contain important notes about Cisco IOS Release12.2 XB that can apply to the Cisco MC3810.
Changes to output attenuation Command
In Cisco IOS Release 12.2(2), the range of the output attenuation command for voice ports has changed from 0-14 to -6-14.
Using the Cisco MC3810 with QSIG or BRI
Serial port 1 is restricted to DCE operation in the following scenarios:
Q (point of the ISDN model) Signaling (QSIG) is enabled.
BRI voice module (BVM) is installed and BRI is enabled.
BRI S/T backup port is installed and enabled on the multiflex trunk module (MFT).
Using the Cisco MC3810 with the PSTN
This section includes important notes regarding use of the Cisco MC3810 with the Public Switched Telephone Network (PSTN):
Connections to the PSTN—Exercise care when connecting switched voice ports on the Cisco MC3810 directly to the PSTN because improper configurations can expose a corporate network to telephone fraud.
Switched access from the PSTN—The Cisco MC3810 can connect a user from the PSTN directly to the corporate wide-area telephone network. You can configure the Cisco MC3810 as a phone switch that can switch a user to any location in that network, even to remote locations that are connected again to another PSTN. However, the Cisco MC3810 does not provide any mechanism to restrict users from calling after they are connected. Without proper network design, this condition could result in the unauthorized use of the corporate network for making calls at the expense of the corporation. To prevent the unauthorized use of the network from occurring, we do not recommend connecting a switched voice interface on the Cisco MC3810 directly to the PSTN. Instead, it should connect to a PBX that implements a security scheme that prevents unauthorized use.
Nonswitched calls—The same opportunity for illicit use does not exist for nonswitched call types such as pass-through connections, although the possibility for fraud does exist at the direct contact point. Pass-through calls create a path to only a single location specified by the network administrator. For example, a pass-through connection might be used to pass a trunk from a PBX to the PSTN. In this case, the trunk on the PBX always passes straight through the Cisco MC3810 to the PSTN. As a result, the necessary security is provided by the PBX.
Field Notices and Bulletins
For general information about the types of documents listed in this section, refer to the following document:
What's Hot for IOS Releases: Cisco IOS 12.1—What's Hot for IOS Releases: Cisco IOS 12.1provides information about caveats that are related to deferred software images for Cisco IOS Release 12.1. If you have an account with Cisco.com, you can access What's Hot for IOS Releases: Cisco IOS 12.1 at http://www.cisco.com/kobayashi/sw-center/sw-ios.shtml or by logging in and selecting Software Center: Cisco IOS Software.
What's New for IOS — What's New for IOS lists recently posted Cisco IOS software releases and software releases that have been removed from Cisco.com. If you have an account with Cisco.com you can access What's New for IOS at http://www.cisco.com/kobayashi/sw-center/sw-ios.shtml or by logging in and selecting Software Center: Cisco IOS Software.
Caveats for Cisco IOS Release 12.2 XB
Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only select severity 3 caveats are included in the caveats document.
This section contains only open and resolved caveats for the current Cisco IOS maintenance release.
All caveats in Cisco IOS Release 12.2 and Cisco IOS Release 12.2 T are also in Cisco IOS Release 12.2(2)XB15.
For information on caveats in Cisco IOS Release 12.2(2) T, see Caveats for Cisco IOS Release 12.2(2) T , which lists severity 1 and 2 caveats and select severity 3 caveats and is located on Cisco.com and the Documentation CD-ROM.
Note If you have an account with Cisco.com, you can also use the Bug Toolkit to find select caveats of any
severity. To reach the Bug Toolkit, log in to Cisco.com and click Service & Support: Software
Center: Cisco IOS Software: BUG TOOLKIT. Another option is to go to
http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl.
Open Caveats—Cisco IOS Release 12.2(2)XB15
There are no open caveats specific to Cisco IOS Release 12.2(2)XB15 that require documentation in the release notes.
Resolved Caveats—Cisco IOS Release 12.2(2)XB15
All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB15. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
Table 8 Resolved Caveats for Cisco IOS Release 12.2(2)XB15
DDTS ID Number
Description
CSCec87533
ios fw hang then crash with h323 corrupt packet
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
There are no open caveats specific to Cisco IOS Release 12.2(2)XB14 that require documentation in the release notes.
Resolved Caveats—Cisco IOS Release 12.2(2)XB14
All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB14. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
Table 9 Resolved Caveats for Cisco IOS Release 12.2(2)XB8
DDTS ID Number
Description
CSCdx76632
as5300 crashed in MultiBitDecode
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
Symptoms: A Cisco router that has a voice feature such as H.323 enabled may reload because of a bus error at address 0xD0D0D0B.
Conditions: This symptom is observed on a Cisco 3700 series but may also occur on other routers.
Workaround: There is no workaround.
CSCea27536
Router crash when H323v3/v4 pkts pass through NAT router
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
NAT router (which is H323v2 stack aware) crashes when H323v3/v4 pkt is processed as "ip nat service h323all" is turned on.
Workaround: Turn off "ip nat service h323all" or move to 12.3T image (which has NAT-H323v3/v4) support
CSCea32240
H323 crashes in strncpy when receiving invalid setup packet
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
h323: proxy crashes when malformed h225 setup message received
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
h323: proxy crashes when processing invalid h225 setup messafe
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
h323 proxy: crash at pxy_proc_recv_SETUP when invalid h225 setup rx
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
h323: software forced crash if bad packet received and debug opened
Symptoms: Cisco IOS software may cause a Cisco router to reload unexpectedly when the router receives a malformed H.225 setup message.
Conditions: This symptom is observed on a Cisco 1700 series that runs Cisco IOS Release 12.2(13c). The symptom occurs when the following debug privileged EXEC commands are enabled:
debug h225 asn1
debug h225 events
debug h225 q931
Workaround: There is no workaround.
No Caveats—Cisco IOS Release 12.2(2)XB9 to Cisco IOS Release 12.2(2)XB13
Cisco IOS Release 12.2(2)XB13 does not exist, so no caveats are documented. Cisco IOS Release 12.2(2)XB9 through Cisco IOS Release 12.2(2)XB12 do not support the Cisco MC3810. Cisco IOS Release 12.2(2)XB9 is not distributed for widespread availability.
Open Caveats—Cisco IOS Release 12.2(2)XB8
This section documents possible unexpected behavior by Cisco IOS Release 12.2(2)XB8 and describes only severity 1 and 2 caveats and select severity 3 caveats.
Table 10 Open Caveats for Cisco IOS Release 12.2(2)XB8
DDTS ID Number
Description
CSCdx37301
Symptom: On reloading Cisco AS5850 universal gateway route-switch controller (RSC), the universal port feature card (UP324) may unexpectedly crash.
Condition: Reload Cisco AS5850 RSC.
Workaround: There is no workaround.
CSCdz00534
Symptom: 12.2.2XB7+ L2TP is incorrectly indicating "service up" to Calltracker with a service type of PPP.
Conditions:This behavior happens for L2TP calls.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.2(2)XB8
All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB8. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
Table 11 Resolved Caveats for Cisco IOS Release 12.2(2)XB8
DDTS ID Number
Description
CSCdw93992
A Cisco Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC) may fail to send accounting records for a PPP over ATM (PPPoA) call after the call has been forwarded via L2TP to an L2TP network server (LNS). The LNS drops the call by sending a Call Disconnect Notification (CDN) message to the LAC.
Workaround: Clear the virtual access interface for the call on the LAC.
CSCdy06029
When using MS-Callback with IOS 12.2(2)XB6 and the 'callback-noverify' option, the NAS fails to apply Framed-IP-Address or any AV-Pairs associated with that user.
CSCdy51116
In IOS 12.2(12.5)T or later a router which does not have AAA configured may unexpectedly reload when a user attempts to telnet from the router to another device.
Workaround: Enable AAA.
CSCdy69192
Cisco AS5300 server encounters system crash when RADIUS authentication is used for authenticating asynchronous call.
Workaround: Use Local or TACACS+ authentication.
CSCdy71629
The task_id attribute in AAA accounting record might be wrong if the task_id is greater then 9999.
Workaround: There is no workaround.
Open Caveats—Cisco IOS Release 12.2(2)XB7
This section documents possible unexpected behavior by Cisco IOS Release 12.2(2)XB7 and describes only severity 1 and 2 caveats and select severity 3 caveats.
Table 12 Open Caveats for Cisco IOS Release 12.2(2)XB7
DDTS ID Number
Description
CSCdy14689
In Cisco IOS Release 12.2(2)XB, Cisco IOS Release 12.2(4)T, and later Cisco IOS codes, the router does not send radius connection accounting attribute 46 for TCP clear calls or for any outbound telnet connections from the router. The is issue is only with telnet connections. Regular PPP calls accounting records do contain this attribute.
Workaround: There is no workaround.
CSCuk34949
A Cisco router may generate a large number of alignment errors when TCP Header Compression is configured in conjunction with L2TP and Multilink PPP.
Workaround: Disable header compression, both in the local configuration (use the interface command no ip rtp header-compression) and in any Radius/AAA database.
Resolved Caveats—Cisco IOS Release 12.2(2)XB7
All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB7. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
Table 13 Resolved Caveats for Cisco IOS Release 12.2(2)XB7
DDTS ID Number
Description
CSCdk31736
PPP authentication requests with no username are not forwarded to the TACACS+/RADIUS server. This may prevent you from authenticating people by Caller ID.
CSCdv21918
A router may reload if netflow-data is exported to a multicast address.
Workaround: Do not configure a multicast address; use a unicast address instead.
CSCdv27734
New PPP configuration commands are provided which provide control over the negotiation and application of the LCP configuration options for HDLC Address and Control Field Compression (ACFC) and PPP Protocol Field Compression (PFC).
CSCdw00055
The non-variable-length dial-plan matching character \Q$' permits a user to force a match on a destination-pattern consisting of a fixed number of digits. For example, use the following configuration:
!
dial-peer voice 1 voip
destination-pattern 01152....$
session target ipv4:IP_ADDR_RTR1
ip precedence 5
!
dial-peer voice 2 voip
destination-pattern 01152......
session target ipv4:IP_ADDR_RTR2
ip precedence 5
!
The user in this situation has calls to phone numbers which share the same first set of prefix digits but whose complete set of digits are different in number. In the example above, calls to RTR1 have nine digits starting with \Q01152' while calls to RTR2 have 11 digits starting with \Q01152'. To eliminate the ambiguity as to which dial-peer to match, the \Q$' is used so that a call to RTR2 will not match on dial-peer 1. This configuration works in Cisco IOS Release 12.1 images which support the \Q$' dial-peer matching character and Cisco IOS Release 12.2(1a).
Starting in Cisco IOS Release 12.2(1.1) and in Cisco IOS Release 12.2(2)T, the dial-plan no longer permits a destination-pattern terminated with the \Q$' character to be matched at all, and hence no calls using that dial-peer will complete.
Workaround: Configure the destination-patterns which end in \Q$' to end in \QT?$':
!
dial-peer voice 1 voip
destination-pattern 01152....T?$
session target ipv4:IP_ADDR_RTR1
ip precedence 5
!
dial-peer voice 2 voip
destination-pattern 01152......
session target ipv4:IP_ADDR_RTR2
ip precedence 5
!
CSCdw93050
The problem is transparent to the customer and is involved with the IOS MLP/PPP architecture.
CSCdx15859
Calltracker, show call calltracker active, and ... history commands display extraneous comma after authentication time.
CSCdx33166
During LSDOCallback, the sessions on the server side go down due to which callback already exists debugs can be seen in the logs inhibiting callback from occurring.
Workaround: There is no workaround.
CSCdx41454
Symptom: Router applies the ip tacacs source-interface configuration only to the first tacacs server in the server list and fails to use the IP address for other configured servers.
Conditions: When the primary TACACS server is not available, the router will attempt for the next TACACS server in the list. While connecting to the secondary TACACS server, the router ignores the ip tacacs source-interface configuration and it uses the IP address of the outgoing interface.
The router is expected to use the IP address configured through ip tacacs source-interface command as source address, while connecting to the TACACS server, including the secondaries.
Workaround: A workaround is possible using NAT. The user can apply NAT for the TACACS packets by the following configuration.
interface outbound interface to the tacacs server
ip nat outside
!
ip nat inside source list 102 interface Loopback0 overload
access-list 102 permit tcp any any eq tacacs
CSCdx81130
Microsoft Callback negotiation may fail with particular clients. This is due to a minor difference between Cisco's implementation of the Microsoft Callback server and the original implementation by Microsoft in a detail that is not clearly specified in the draft RFC. While this particular problem does not seem to impact Microsoft Windows clients requesting for callback, it has been observed with a 3Com OfficeConnect LAN modem that failed to negotiate MS callback with a Cisco NAS.
Workaround: There is no workaround.
CSCdx93324
The H.323 gateway may crash accessing invalid memory location.
Workaround: There is no work around.
CSCdy01787
When MTU configuration is manually overridden the EAP proxy client may not be able to appropriately size frames for the client's MRU.
Workaround: Do not adjust the MTU on the router.
CSCdy05296
The port information provided on a Cisco AS5350 universal gateway, Cisco AS5400 universal gateway, or Cisco AS5850 universal gateway on modems within Radius attribute 5 using either nas-port format a or b for async calls provide the true port information (as in slot/port) and not the TTY line number of the modem which previous generation dial platforms provided. This is causing problems for service providers using a variety of Cisco dial platforms as they are inconsistent in the information being relayed on the various platforms Cisco sells.
Workaround: There is no workaround.
CSCuk36415
Symptom: RTP packets queued from the fast switching path will be sent uncompressed.
Workaround: There is no workaround.
Open Caveats—Cisco IOS Release 12.2(2)XB6
This section documents possible unexpected behavior by Cisco IOS Release 12.2(2)XB6 and describes only severity 1 and 2 caveats and select severity 3 caveats.
Table 14 Open Caveats for Cisco IOS Release 12.2(2)XB6
DDTS ID Number
Description
CSCds37794
Router crash due to memory corruption with compression in T1-CAS env
Symptom: System may reload due to memory corruption when having traffic.
Conditions: when TCP header compression and predictor compression are enabled. Tearing down calls from the caller side.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.2(2)XB6
All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB6. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
Table 15 Resolved Caveats for Cisco IOS Release 12.2(2)XB6
DDTS ID Number
Description
CSCdx07849
radius_saveident should use CSCdw51651 method to avoid write_memory
An attempt to update the startup-config file (via the exec "write memory" command or equivalent) may fail with the following error:
router#write memory startup-config file open failed (Device or resource busy)
This problem can be caused by a process that is attempting to update NVRAM getting stuck for some reason. To track down the offending process, use the command "show file descriptors":
router#show file descriptors
File Descriptors:
FD Position Open PID Path
0 0 430A 157 nvram:
Now, using "show process", find the process with the offending PID. If the PID belongs to a process called "radius nvwrite", then this DDTS is the problem.
Workaround: save the current running config to a temporary file in flash or on a TFTP server. Reload. Immediately after reloading, copy the saved configuration to nvram:startup-config .
CSCdw03288
UP324 card crash while handing over in handover-split mode
Symptom: While handing over UP324 board from one RSC to another using the redundancy hand-over mode and reloading the RSC which was handling the UP324, the CPU util of the UP324 goes upto 100% and the board crashes when its handed to the other RSC.
Conditions: This affects platforms which have redundancy hand-over mode support.
Workaround: There is no workaround.
Open Caveats—Cisco IOS Release 12.2(2)XB5
This section documents possible unexpected behavior by Cisco IOS Release 12.2(2)XB5 and describes only severity 1 and 2 caveats and select severity 3 caveats.
Table 16 Open Caveats for Cisco IOS Release 12.2(2)XB5
DDTS ID Number
Description
CSCdu79111
TCL APP processes take too much cpu when making +7cps debicard calls.
Symptom: When system running debitcard application with bursty traffic of 15+ call per second back-to-back, IVR processes such as TCL APP take too much cpu causing a high overall cpu utilization.
Workaround: Control incoming calls to avoid bursty traffic and turn on Call Admission Control to prevent catastrophic errors at high cpu utilization.
CSCdv70676
SPE went to Bad state with incoming modem calls and 100% COT.
With modem calls and 100% COT transponder, SPEs on a Cisco AS5400 OGW would transition to BAD state one by one. Executing the clear spe command or the would reset the SPEs back to normal state but after a few more modem calls, the SPEs would come back to BAD state. Test port modem back to back also bring the SPEs back to normal state.
CSCdw80521
RPM does not unbind dynamic template when call disconnects early
If a gateway is configured for resource-pooling with customer profile templates, a short, abnormal call may cause the next call on that modem/interface to bind to multiple profiles causing the configuration for the next call to be different than intended. A workaround which works under some circumstances (but not all) is to make sure that each customer profile template explicitly specifies every configuration item which may be different on other customer profile templates to make sure the configuration items on the intended template overrides any configuration items on other templates which may be unexpectedly bound. The workaround does not work when multiple short, abnormal calls land on the same port consecutively.
Conditions: Force switch WS1->WS2 on AXSM/B, Lockout on BXM side.
Workaround: There is no workaround.
CSCdx03069
Memory leak on GW if AltEP present in ACF with dCSA 0.0.0.0
Memory leak on the H323 voice gateways noticed. If the Gatekeeper of the Gateway sends an Admission Confirm (ACF) message with the destination Call Signal Address (dCSA) field set to 0.0.0.0 and if the alternate Endpoint field is present in the message.
Workaround: There is no workaround.
CSCdx13190
Hearing Loud pitch (1Khz) Tone with e&m-fgb mf dnis.
Workaround: There is no workaround.
CSCdx26331
SIP: Connect Timestamp missing in CallHistory when ACK is missing.
Symptom: The Call History information generated by the SIP call leg does not have a valid (non-zero) duration while the POTS Call History for the same call has a non-zero duration.
Condition: This will happen when the ACK fails to reach the TGW following an answer (200 OK response).
Workaround: There is no workaround.
CSCdx50498
Local RPM CLI commands for VPDN profiles stripped out at bootup
Symptom: The resource pooling VPDN CLI commands in startup config is not recognized by 5400 when it boots up.
Workaround: Workaround is to manually enter that in the configuration after bootup.
Resolved Caveats—Cisco IOS Release 12.2(2)XB5
All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB5. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
Table 17 Resolved Caveats for Cisco IOS Release 12.2(2)XB5
DDTS ID Number
Description
CSCdu14530
If the IP address is removed from a the PPP interface of a Cisco 7500, running Cisco IOS Release 12.1E IOS, and then the IP address is added, this change is not reflected immediately in CEF. This results in 50% packet loss until the background CEF process updates the adjacency.
The workarounds are:
shut / no shut the PPP interface.
disable CEF (not an option as the 7500 is a PE router).
CSCdv38563
Client code does not add attributes 90 & 91 for the LAC Network access server (NAS) may fail to include attributes 90 and 91 when a router hostname is used as the tunnel ID and when the tunnel ID is not included in the user profile. There is no workaround.
CSCdv54127
Missing Acct-Output-Packets & Acct-Input-Packets in STOP rec
The Acct-Output-Packets and Acct-Input-Packets attributes are missing in the STOP record while testing network accounting, even though they are seen in the debug output.
CSCdv66747
Traceback at l2tp_fixup_cached_header
Tracebacks occur with vpdn in Cisco IOS Release 12.2(02)XB, Cisco IOS Release 12.2(03)PI, & Cisco IOS Release 12.2.T.
CSCdv71454
l2tp_process_unsent_queue may cause CPUHOG
In Cisco IOS Release 12.2T, "L2TP mgmt daemon" may cause CPUHOG if there are lots of packets in unsentQ.
CSCdw00924
MLP bundle transmit may jam when link departs bundle
On a PPP multilink bundle that has multiple links, if one of the links departs from the bundle while data is enqueued for output at the bundle interface, the output mechanism on the bundle may stall, halting any further output from that bundle. The output queue on the bundle becomes full, causing packets that are forwarded to that bundle to be dropped and the affected bundle to stop transmitting packets.
Workaround: There is no workaround.
CSCdw06038
RPM:no profile found for call-type digital
Symptom: With Resource Pooling and Resource Pooling AAA accounting configured, a customer profile may not be found for a particular DNIS group.
Conditions: The gateway may have a problem with incoming calls finding the customer profile depending on the order, size and value of the dnis entered; results may vary depending on whether the DNIS is manually entered or whether the wavl is set up from reload via the start-up config.
Workaround: There is no workaround.
CSCdw39083
Calls being disconnected by gateway with cause code 47(resource una)
When running test calls in a ThunderVoice environment a small percentage of the calls are being rejected by the originating gateway with cause code 47 (resource unavailable, unspecified).
Workaround: There is no workaround.
CSCdw45584
Cisco-AV pair lcp:send-secret=cisco not supported in XB
VPDN authorization fails when "lcp:send-secret=xxxx" is sent in the access accept packet from radius.
CSCdw62064
IKE Keepalives being dropped with MLPPP fragmentation
On 7200 running Cisco IOS Release 12.2.6, it is seen that with T1 links combined in a Multilink PPP bundle, and MLPPP fragmentation enabled; ISAKMP keepalives are not being received by the box, even though the remote peer is sending out the keepalive messages. As a result each end thinks its peer is dead and deletes the IKE & IPSEC SAs. They then re-negotiate IKE and IPSEC and create new SAs. As a result, IKE and IPSEC are re-negotiated at each IKE keepalive interval and there is some traffic drop during this re-negotiation phase.
Workaround:
Disable hardware crypto acceleration. With software crypto, this problem is not seen.
Disable MLPPP fragmentation. Without fragmentation, the IKE keepalives are received by the peers (even with hardware crypto)
CSCdw68757
Caller hear second dial-tones CHOM noise from Nortel PBX.
Caller on original GW of CAS hear the second dial-tone CHOM from the far end router which connected to Nortel PBX. This is only for CAS case.
Workaround: There is no workaround.
CSCdw80687
ip tcp compression-header passive is always compressing ppp traffic
Symptom: Packets are process switched on an interface with fast switching configured. This can result in high CPU usage.
Conditions: Header-compression must be configured, but only on one side. For example, in a dial-in situation, where header-compression is configured on the central switch, but not on the box that is dialling in. Also, the interface must not support FAST switched header-compression, e.g. most dial-in interfaces are currently not supported.
Workaround: Remove header-compression from the configuration.
Note If header-compression is configured on both sides of a link, and the interface does not support fast-switched header-compression, then process switching is normal and required for successful operation of the header-compression feature.
CSCdw85178
OJ:VSA incorrectly billing ip hops
Genuity is not able to bill multiple customers off of one proxy.
Workaround: There is no workaround.
CSCdw89455
PPP authen failure with fourth method
All PPP Auth methods will not work with MSCHAP V2.
CSCdw91279
L2TP ZLB ACK not processed correctly (regress CSCdk57040)
A Cisco router that is running Cisco IOS Release 12.2(5.7)T or a later release and that is acting as a Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC) or L2TP network server (LNS) may fail to process valid L2TP Zero-Length Body Acknowledgement (ZLB ACK) packets. This behavior may cause sessions and tunnels to drop.
Workaround: There is no workaround.
CSCdx02038
FXS voice port in IAD2420 does not give dialtone, no debugs seen
The customer has some 6 or 7 of his customers not able to place any call in the first port in IAD. The IAD does not even give a Dial tone. All we get is Dead Air. When we try doing debug we do not see ANY information in the Debugs.
Workaround: The only way to fix it is by reloading the box. It will fix the problem for sometime, but will surface back again.
CSCdx02102
Memory corruption with MPPE when MTU exceeds 8K
A Cisco router may experience memory corruption when configured with software encryption (MPPE) if the MTU size is greater than 8K (and if there are actually packets of length greater than 8K).
Workaround: Configure MTU less than 8K when doing software encryption (MPPE).
CSCdx05704
MSCB won't propose the skip CB option to peer with dialer profiles
When a user dials in, requests MSCB and is bound to a dialer profile, after authentication (problem won't happen if the profile is bound before PPP starts) then IOS does not propose the option to skip callback during CBCP even if we are configured for it (ppp callback accept and user has empty callback dial string).
If the user opts to skip the callback anyway, we will drop the call because we did not propose that option, which is correct behavior but has only been enforced since CSCdu55093, which is why this bug has been relatively hidden up until recently.
CSCdx09410
Local RPM CLI commands for VPDN profiles stripped out at bootup
Symptom: A CLI command in startup config is not recognized by Cisco AS5800 when it boots up.
Workaround: Manually enter that in the config after bootup.
CSCdx11607
Enable pre-auth breaks digital calls
AAA Pre-auth causes digital calls to break, because resource allocation fails.
Workaround: There is no workaround.
CSCdx22886
SGBP functionality broken
SGBP forwarding does not work if VPDN is disabled.
A temporary workaround for this problem is to enable VPDN (issue the command 'vpdn enable') and then disable it immediately (issue 'no vpdn enable') on all the SGBP stack group members. This allocates the resources required to do SGBP, and at the same time does not require VPDN to be kept enabled.
CSCdx26331
SIP: Connect Timestamp missing in CallHistory when ACK is missing
Symptom: The Call History information generated by the SIP call leg does not have a valid (non-zero) duration while the POTS Call History for the same call has a non-zero duration.
Condition: This will happen when the ACK fails to reach the TGW following an answer (200 OK response).
Workaround: There is no workaround.
CSCdx33510
Occasionally IAD hold DTMF digits until user hang up.
Symptom: Offhook is reported to the call agent, however any digits dialed for the endpoint are not reported to the call agent. Consequently, the endpoint does not allow a call to originate once it is in this state.
Conditions: The endpoint gets into this condition when a request for digits (A) is sent by the call agent, later followed by a request for digits (D), however the call agent has yet to provide the endpoint a digit map. The call flow described below in "Further Problem Description" provides an example. Note that SGCP 1.5, MGCP 0.1, and MGCP 1.0 are affected.
Further Problem Description:
RQNT 3956664 endpoint protocol-version
X: 3FFF
R: hd, [0-9*#ABCD](A)
200 3956664 OK
NTFY 18956 endpoint protocol-version
X: 3FFF
O: hd
200 18956 OK
RQNT 3956662 endpoint protocol-version
X: 1CFF03003956
R: hu, [0-9#*T](D)
200 3956662 OK
Note This should be a 519 error result since a digit map did not exist for the endpoint. The call agent should then follow up and provide the endpoint with a digit map.
Workaround: There is no workaround.
CSCdx40546
No ANI Information for T37 offramp fax
For T.37 offramp fax, the ANI information is currently available only from the message envelope of the E-mail. But in the case that the mail has to be bounced (such as invalid fax machine number), the mail cannot be bounced back to the correct account. The call cannot be billed in this case.
CSCin03065
New L2TP Tunnel created with existing Tunnel to same LNS.
When an attempt is made to create an additional session that has similar tunnel parameters that are defined by a RADIUS profile (for the same domain, the same user, or a different user), instead of creating a session under the existing tunnel, a new tunnel and a session are created. This condition is observed in Cisco IOS Release 12.2(7.4)T and occurs if the tunnel parameters are defined by RADIUS without either of the following definitions:
Cisco-Avpair vpdn:tunnel-id = "xyz"
Tunnel-Client-Auth-ID = "xyz"
Workaround: Define one of the following definitions under a RADIUS profile when tunnel parameters are defined:
Cisco-Avpair vpdn:tunnel-id = "xyz"
Tunnel-Client-Auth-ID = "xyz"
CSCin03065
New L2TP Tunnel created with existing Tunnel to same LNS.
When an attempt is made to create an additional session that has similar tunnel parameters that are defined by a RADIUS profile (for the same domain, the same user, or a different user), instead of creating a session under the existing tunnel, a new tunnel and a session are created. This condition is observed in Cisco IOS Release 12.2(7.4)T and occurs if the tunnel parameters are defined by RADIUS without either of the following definitions:
Cisco-Avpair vpdn:tunnel-id = "xyz"
Tunnel-Client-Auth-ID = "xyz"
Workaround: Define one of the following definitions under a RADIUS profile when tunnel parameters are defined:
Cisco-Avpair vpdn:tunnel-id = "xyz"
Tunnel-Client-Auth-ID = "xyz"
CSCin06313
RM/AUTH: Process (22) failed to register to VPDN message while boot
Cisco AS5850 pops out the following error message after boot up:
00:00:38: RM/AUTH: Process (22) failed to register to VPDN
This message is seen with c5850-p9-mz-v122_2_xb_throttle_flo_t.0.4.0 image.
Workaround: There is no workaround.
CSCuk32311
PPP: Only allow punt adjacencies to be installed until IPCP is open
When Cisco Express Forwarding (CEF) is enabled, adjacencies are erroneously added for sessions that have been forwarded using a tunnelling protocol such as L2TP or PPPoE. Adjacencies should only be added for sessions that terminate on the router, and only after the IP Control Protocol (IPCP) has been negotiated.
Workaround: There is no workaround.
CSCuk33327
RADIUS fail during EAP should trigger LCP restart
After RADIUS failover, during EAP, the NAS would try to failover to a new RADIUS server. However, this is forbidden midway through authentication. As such, the NAS was required to restart the authentication process from scratch and allow the user another attempt to authenticate.
Open Caveats—Cisco IOS Release 12.2(2)XB4
This section documents possible unexpected behavior by Cisco IOS Release 12.2(2)X4B and describes only severity 1 and 2 caveats and select severity 3 caveats.
.
Table 18 Open Caveats for Cisco IOS Release 12.2(2)XB4
DDTS ID Number
Description
CSCdv38563
Network access server (NAS) may fail to include attributes 90 and 91 when a router hostname is used as the tunnel ID and when the tunnel ID is not included in the user profile.
Workaround: There is no workaround.
CSCin00405
No radius accounting start or stop record is sent by the NAS when "ppp multilink" and "aaa accounting delay-start" are configured.
Workaround: Remove one of these two commands.
Resolved Caveats—Cisco IOS Release 12.2(2)XB4
All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB4. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
Table 19 Resolved Caveats for Cisco IOS Release 12.2(2)XB4
DDTS ID Number
Description
CSCdr47232
Set operation is not implemented for a few dsx1 specific MIB objects like dsx1LineType, dsx1LineCoding etc.
CSCdr85436
Description: This command can be used in the global config mode, to enable sending radius attribute 32 (NAS-Identifier) in the accounting request. By default fully qualified domain name (FQDN) is sent in the attribute when the format is not specified.
Syntax:
[no] radius-server attribute 32 include-in-accounting-req {format <A string that may have %i, %h or %d.>}
%i = IP address
%h = Hostname
%d = Domain name
FQDN is sent by default if the format string is not configured.
Examples:
manly(config)#radius-server attribute 32 include-in-accounting-req format cisco %h.%d %i
Following string will be sent in NAS-identifier as a part of accounting record.
An IP route entry may fail to be updated properly when one-step and two-step translations are performed using the Serial Line Internet Protocol (SLIP).
Workaround: There is no workaround.
CSCdu13706
IAD2420 and MC3810 will respond to MGCP AUEP message with 501 error message.
CSCdu19432
Attribute Acct-Session-Time [46] in Exec Acct. Stop Record is zero.
Workaround: There is no workaround.
CSCdu35843
IP access lists are not installed when they are received from a RADIUS server. This condition is observed in Cisco IOS Release 12.2(1.2)PI.
CSCdu36862
A system accounting record needs to be sent when a radius server is added or deleted.
This will be committed in latest Cisco IOS Release 12.2 branch and will also be committed in latest 6400 branch.
CSCdu40615
Some clients may fail to successfully complete IP Control Protocol (IPCP) negotiations when thousands of PPP sessions are simultaneously reestablished, as is the case when an interface with many links is recycled. All Layer 2 Tunneling Protocol (L2TP) sessions are established, but some client virtual access interfaces may not get a negotiated IP address. The missing IP address results in lost IP connectivity on that link.
Workaround: There is no workaround.
CSCdu43689
Currently, the Per-User Request buffer is limited to 600 bytes. If the user profile has more than 600 bytes of configuration information, the Per-User attributes are not processed, which results in rejecting the user.
Workaround: There is no workaround.
CSCdu64847
CISCO-AAA-SESSION-MIB user disconnect feature doesn't work for vpdn connections on the LNS.
CSCdu67010
Some TACACS+ attribute string names and attribute string values have changed slightly, e.g. "nas_rx_speed" is now "nas-rx-speed". This may cause problems for backend accounting applications trying to process records or authorization failures.
CSCdu74728
No accounting records are generated for outbound Telnet sessions after connection accounting is configured.
Workaround: There is no workaround.
CSCdu82254
Cause: the default voice port codec byte size is set to 160 bytes. For MC3810/IAD2420, default voice port codec type is set to g729ar8, therefore the default codec byte size of 160 can not be used on MC3810/IAD2420. It is OK on other platforms, since their default voice port codec type is g711ulaw.
Symptom: Bad voice quality is heard for internal voice port to voice port call with default codec type (g729ar8) on MC3810/IAD2420 without local-bypass after boot up.
Workaround: right after MC3810/IAD2420 boot up, configure codec g729ar8 on the all voice ports, which in effect overwrites the default codec byte size with 20.
CSCdu84692
When using Cisco IOS Release 12.2(2.x) and Cisco IOS Release 12.2(3.x)PI code, local VPDN authorization does not failover to the next method in the method list if the domain/dnis profile is not found. The workaround is to only use RADIUS/TACACS+ vpdn authorization.
CSCdu86243
The RADIUS attributes Ascend-Client-Primary-DNS and Ascend-Client-Secondary-DNS do not work in Cisco IOS Release 12.2(3.4)T or later. The Cisco-AVPair ip:dns-server also does not work.
Spurious access may been seen when TACACS+ is enabled in Cisco IOS Release 12.2(3.4)T or later.
Workaround: There is no workaround.
CSCdv02732
A router that is running Cisco IOS Release 12.2(3.4) T or a later release may reload unexpectedly after the Terminal Access Controller Access Control System (TACACS+) command accounting is enabled and a config net privileged EXEC command is executed. There is no workaround.
CSCdv03076
A Cisco router running Cisco IOS Release 12.2(3.4)T or later will not process Ascend RADIUS server attributes even if "non-standard" is part of the radius-server host configuration statement if the radius-server is referenced through a aaa server group. The workaround is not to use a server-group and use group radius instead.
CSCdv03689
If a Point to Point Protocol (PPP) Multilink bundle interface goes down while data is flowing through it, a Cisco router may reload.
Workaround: There is no workaround.
CSCdv04999
The username, accounting record type, and service attributes in the command accounting record is do not have appropriate value.
Workaround: There is no workaround.
CSCdv13634
AAA Accounting is not done for the additional links added to Multilink PPP bundle when "aaa accounting delay-start" is configured.
Workaround: There is no workaround.
CSCdv19031
Currently with radius debugging turned on customers see a lot of debugs describing attributes in the packets sent and received. In order to reduce the amount of spewed out on the console a new option of 'brief' needs to be added the 'debug radius' command. This option will only indicate I/O transactions with some packet header information. Customers not turning on debugging or, not doing RADIUS wont see this problem.
CSCdv19928
When the Idle-Timeout attribute is received from RADIUS on an asynchronous interface, a vaccess interface is created and the timeout is not applied directly to the asynchronous interface. The Idle-Timeout attribute still works. The only side effect is that there is an extra vaccess created that is bound to the asynchronous interface.
Workaround: There is no workaround.
CSCdv20977
Incoming Multilink Point-to-Point Protocol (MLP) packets from an ATM interface are getting process switched when a virtual template is used for the MLP bundle configuration.
CSCdv26709
Certain values for Ascend-Disconnect-Cause and Ascend-Connect-Progress are recorded inaccurately in Stop messages. This is mainly observed in 122T train.
This problem is observed with PPP sessions when using RADIUS Accounting.
Workaround: There is no workaround.
CSCdv29468
If a PPP client does not authenticate after agreeing to do so during LCP negotiation, the PPP session will continue to stay open in this limbo state until the client disconnects the session.
CSCdv33270
Under certain conditions, resources may be associated with a virtual private dialup network (VPDN) group even when there are no active calls.
Workaround: There is no workaround.
CSCdv33313
When network accounting is performed for PPP over ATM (PPPoA) sessions, RADIUS "start" or "stop" accounting records may occasionally fail to be sent. There is no workaround.
Under certain conditions on a LAC, if the session is a VPDN forwarded session and the connection to the LAC is a dedicated serial line, memory can be leaked because AAA misses the stop record, so it never cleans up the AAA data for the session. This will happen if the connection continuously tries to renegotiate then attempt forwarding, which never succeeds. Eventually, the client sends a TERMREQ which restarts the session, but AAA does not get a NET STOP event so memory is leaked.
CSCdv34768
A Cisco router running IOS may show the following traceback when using "local-case" authentication:
00:05:16: %AAA-3-BADMETHOD: Cannot process authentication method 2160756888
Reverse-access Authorization fails if the method used is Radius. Radius mandatory attribute "port" is not properly obtained causing this authorization failure.
Workaround: There is no workaround.
CSCdv40729
In a plain bri-pri (Peer - NAS) scenario, when a call is disconnected with the command 'clear in serial0:23' on the NAS, the Ascend-Disconnect-Cause value generated is '0' (No-Reason).
When the call is brought down by clearing the interface on the peer, it is given a value(63). If brought down by doing 'shutdown' on peer/NAS value 11 is generated. The problem occurs only with by doing clear interface on the NAS.
CSCdv41871
Ping fails when non-mlppp call is up on B-channel previously used to terminate mlppp call.
CSCdv43136
We may see some unexpected debug information during call suspend. Those debug information doesn't cause any side effect beside displaying unexpected debug information.
CSCdv43856
aaa attr debug does not show the tag added. This is seen in Cisco IOS Release 12.2(4.2)PI. This is just a problem in debug and will not affect any other functionality.
CSCdv54349
When running Cisco IOS Release 12.2(5.2)T and later IOS images, you may be unable to do local AAA authentication.
Workaround: There is no workaround. Either do AAA to a remote server or downgrade to an earlier release of code.
CSCdv62649
The command ip tacacs source-interface doesn't work properly. If configured to use loopback interface for tacacs packets, router may still use interface address.
CSCdv64668
The first PAP authentication after a PPP renegotiation triggered by a CONFREQ from the client will fail even though the RADIUS/TACACS+ server returns a success.
Workaround: There is no workaround.
CSCdv67009
The following error message may be seen on a Cisco voice gateway running the Session Initiation Protocol (SIP):
Nov 24 20:24:12: %SIP-3-BADPAIR: Unexpected event 14 (SIPSPI_EV_CC_CALL_CONNECT) in state 8 (STATE_DISCONNECTING) substate 0 (SUBSTATE_NONE)
-Traceback= 60DAD08C 60DAD7AC 6040ACD4 6040ACC0.
This indicates that the call was cancelled while it was in the process of being brought up.
This message can be safely ignored.
CSCdv76649
When the customer tries to use ^C to abort the copy operation when he prompted for confirmation, he can't break out of the copy process.
CSCdv78693
Spurious memory access messages appear on gatekeepers when an URQ without a call signal address in it is sent to Gateway.
Workaround: There is no workaround.
CSCdv79210
A Cisco router gradually looses memory when Media Gateway Control Protocol (MGCP) calls are originated on the router.
Workaround: There is no workaround.
CSCdv83040
When using Ascend RADIUS attribute 242, IP protocols of 50 and 51 will not be accepted. This will cause users with these IPsec protocols set in their profile to be disconnected.
CSCdv83402
A PPPoE/PPPoA aggregation router may unexpectedly reload when many PPP events happen in a short amount of time. The router will display a STACKLOW message before reloading.
CSCdv87754
Symptom: A Cisco AS5850 Route Switch Controller incorrectly attempts to repeatedly netboot a Cisco IOS image if it cannot find the specified boot system image on its compact flash. The system interprets the full path of the configured boot image that failed as the image it should netboot.
Messages similar to the following are observed:
Sleeping for 2 secs before next netboot attempt
%SYS-6-READ_BOOTFILE_FAIL: disk0:c5850-p9-mz File boot failed -- File not
accessible.
The correct behavior for a bootloader if it cannot find any specified boot images at reload time is to fall back and request the system to run the first image it can find off disk0: or bootflash:
Conditions: Cisco AS5850 Route Switch Controllers with Cisco IOS 12.2(2)XB1 or Cisco IOS 12.2(2)XB2 bootloaders may experience this problem at reload time if the boot system image configuration points to a file on disk0: that does not exist.
Workaround: Ensure that the boot system image configuration points to an existing and valid image on disk0:, provide additional correct boot image locations in the configuration, or use a bootloader of version Cisco IOS 12.1(5)XV3.
CSCdw00019
Although SGBP tunnels will still be up, SGBP bidding itself might stop working after a router has been up for sometime. This problem only occurs if two routers in the stack group receive two links of a bundle at the same time.
Removing, and reapplying the SGBP config was sufficient to get things working again.
CSCdw01726
A Simple Network Management Protocol version 3 (SNMPv3) user is created using message digest 5 (MD5) authentication using the following commands:
snmp group groupy v3 auth
snmp user abcdefghij groupy v3 auth md5 abcdefghij
An SNMP walk is performed, the configuration is saved, and the router is reloaded.
newhope:~/src/wccp2# snmpwalk -v 3 -u abcdefghij -A abcdefghij -a MD5 -l
Symptom: Incoming calls may fail to create a virtual profile even though the router is configured for this.
Conditions: This problem may occur in a dial up environment where a virtual profile virtual template is defined but where no AAA authorization has been enabled This issue only occurs in Cisco IOS Release 12.2 T.
Workaround: A workaround is to configure AAA authorization e.g., aaa authorization network default local
CSCdw06322
The following error message may be seen on a Cisco voice gateway running the Session Initiation Protocol (SIP):
Nov 24 20:24:12: %SIP-3-BADPAIR: Unexpected event 14 (SIPSPI_EV_CC_CALL_CONNECT) in state 8 (STATE_DISCONNECTING) substate 0 (SUBSTATE_NONE)
-Traceback= 60DAD08C 60DAD7AC 6040ACD4 6040ACC0.
This indicates that the call was cancelled while it was in the process of being brought up.
This message can be safely ignored.
CSCdw09542
Before this fix, per-user authorization required a service type of Outbound in the Radius profile.
CSCdw11765
PPP Link Control Protocol (LCP) is not accepting sent CONFACK negotiated on a asynchronous interface for a virtual profile.
Workaround: There is no workaround.
CSCdw13432
When the called party is busy in a two-stage call scenario, the calling party may not hear a busy tone and the call terminates immediately. This behavior is observed with Cisco IOS Release 12.2(2)XB, Release 12.2(7), and some earlier Cisco IOS Release 12.2 releases.
Workaround: There is no workaround.
CSCdw18785
When a 302 redirect is received after a 18x with a COntact header the outgoing INVITE will have the request uri of the Contact in the 18x. It should use the Contact of the 302.
A workaround is disabling rel1xx on the router.
CSCdw23836
When a 18x is received which was sent reliably, a PRACK needs to be sent. Subsequent 18x's received that match the previous one's call leg do not receive a PRACK. A workaround is to disable reliable provisional responses.
CSCdw25746
Symptom: Cisco Voice Gateways may experience a reload especially when running high levels of traffic.
Conditions: This problem may be experienced in Cisco IOS Release 12.2(2)XB2 and Cisco IOS Release 12.2 mainline releases.
Workaround: There is no workaround.
CSCdw28786
When the customer tries to use ^C to abort the copy operation when he prompted for confirmation, he can't break out of the copy process.
CSCdw30994
When downloading IP pools from a AAA server, there is no way to define a non-contiguous range of addresses using multiple statements like this:
When those statements are applied, the second pool-def overwrites the first one. Defining the pools on the command line yields the expected result. This only happens in Cisco IOS Release 12.2(2)XB ED release train. Cisco IOS Release 12.1/Cisco IOS Release 12.2 does not exhibit this behavior.
CSCdw35046
A Cisco router may reload when proxied RADIUS is used for authentication and accounting.
Workaround: There is no workaround.
CSCdw35930
The command aaa authentication attempts login <n> appears in the configuration if the command tacacs-server attempts <n> is present in the configuration. Changes to either command will be reflected in the other. Also, the number of attempts granted is actually one less than the number configured. The workaround is to configure one more attempt than the number you actually want.
CSCdw42441
When T1 CAS goes down cause FRF5(DLCI) inactive state. The problem happens when T1 1 goes down, it deactivates the FRF5 dlci.
CSCdw43862
For some devices that are not conforming to V.110 async to sync padding requirements, this cli command allow the users to disable the padding.
CSCdw46065
A Cisco router that is used as a gateway may reload if one of multiple record routes that are received on the gateway is invalid.
Workaround: There is no workaround.
CSCdw53071
If a second call is made after the first call is completely disconnected (by hanging up the phone instead of using the flash feature to switch between two calls), the second call may fail.
Workaround: There is no workaround.
CSCdw53243
In a Cisco Signaling System 7 (SS7) Interconnect for Voice Gateways solution, if a Cisco AS5400 universal access gateway receives an incoming time-division multiplexing (TDM) call (NI-2, PRI, channel-associated signaling [CAS]) with a called number that does not match a configured dial-peer, the call will be connected to a modem, and a modem tone will be played back to the calling party. This is normal behavior, however there is no configurable option for such to be rejected instead of being treated as a modem call.
CSCdw62969
A network access server (NAS) that is running Cisco IOS Release 12.2(02)XB3 or Release 12.2(8)T may reload when Layer 2 forwarding (L2F) virtual private dial-up network (VPDN) calls are placed using an authentication, authorization, and accounting (AAA) VPDN user profile that does not contain the RADIUS class (25) attribute.
Workaround: Configure a dummy RADIUS class (25) attribute in the VPDN user profile on the AAA server.
CSCdw66251
SIP gateway midcall INVITE requests in the called to calling party direction will have the Route header constructed incorrectly. ACK requests in the called to calling party direction will have the request URI constructed incorrectly. This could cause some operations such as T.38 fax relay to fail.
This problem can occur only if two or more SIP proxies are in the SIP signalling path and the Record Route feature is enabled.
Workaround: There is no workaround.
CSCdw68658
The gateway will reject a mid-call Invite with hold sdp where the connection information (c line) is set to 0.0.0.0 and the port number of the media description (m line) is also set to 0. Instead of responding with a 200 OK response, the gateway will return a 488 Media Unacceptable response. The problem will not occur if the user agent placing the gateway on hold, sets the port number to a value other than 0.
Workaround: There is no workaround.
CSCdw77524
When rtp payload-type cisco-codec-fax-ind is changed from 96 to 99 then we ingress an invite with sdp rtp payload type 96 nte the gateway responds with an rtp payload type 97. These 2 payload types are chosen for the proprietary implementation of Cisco fax-relay. Per RFC2833, the gateway should not be doing this. This affects all Cisco fax gateways which support Cisco fax-relay.
Work around: Use the rtp payload-type command on the Cisco gateway to change the assignment of the payload types, but this command is broken.
CSCuk25642
When using callin authentication on a LSDO call with RADIUS, PPP sends multiple authorization requests to AAA. This will slow down call setup but have no functional impact.
CSCuk25721
RADIUS CLID attribute was missing for large scale dialout accounting.
CSCuk25947
If PPP authentication is configured on an interface and if a user negotiates a callback during a Link Control Protocol (LCP) operation, the call will fail if the user does not have any callback information configured.
Workaround: There is no workaround.
CSCuk26562
AAA id debugging was not clear and displayed far too much information.
CSCuk26642
RADIUS calls with a non-RFC supported value were accepted when they should be rejected.
CSCuk27924
send-auth would not be applied on the NAS, but rather the value of auth-type would be used instead.
CSCuk28445
We now store a generic 'wrapper' record which holds information in the tree, generic to all accounting records. This way, we are not impacted by the life-span of any one accounting record.
Open Caveats—Cisco IOS Release 12.2(2)XB3
There are no open caveats specific to Cisco IOS Release 12.2(2)XB3 that require documentation in the release notes.
Resolved Caveats—Cisco IOS Release 12.2(2)XB3
All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB3. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
CSCdw65903
An error can occur with management protocol processing. Please use the following URL for further information:
Open and Resolved Caveats—Cisco IOS Release 12.2(2)XB2
There are no open and resolved caveats specific to Cisco IOS Release 12.2(2)XB2 that require documentation in the release notes.
Open and Resolved Caveats—Cisco IOS Release 12.2(2)XB1
Cisco IOS Release 12.2(2)XB1 does not support the Cisco MC3810.
Open Caveats—Cisco IOS Release 12.2(2)XB
This section documents possible unexpected behavior by Cisco IOS Release 12.2(2)XB and describes only severity 1 and 2 caveats and select severity 3 caveats.
CSCdv46685
Second Stage Dialing Broken on MGCP Gateways
Symptom: Back-to-back MGCP second stage dialing calls may fail. The second (and all subsequent) requests for digit detection may not receive NTFY messages containing the detected digits so the Call Agent will not know that the gateway received the digits.
In MGCP, if the following happens:
a. An RQNT is sent from the Call Agent requesting digits and then a NTFY is sent by the gateway indicating that the requested digit map has been satisfied
b. A "DLCX" is sent with NO "X:" parameter and no other messages between a) and b) are sent which include an empty "R:" parameter
c. A second RQNT is sent from the Call Agent requesting digits
then the digits detected for the second RQNT will NOT be sent in a NTFY. No digits will be detected on that endpoint until either a DLCX WITH an "X:" parameter is sent OR any message with an empty "R:" parameter is sent.
Conditions: This problem has been reproduced on 5400 universal gateways but will be present for any MGCP gateway.
Workaround: There are two possible workarounds. Both involve modifications to the messages sent from a Call Agent:
a. If the Call Agent sends any MGCP message with an empty "R:" parameter to that endpoint between the initial RQNT and the later RQNT (either before or after the DLCX) then the second RQNT will get NTFY'ed as expected.
b. If the Call Agent includes an "X:" parameter in the DLCX then the second RQNT will get NTFY'ed as expected.
Resolved Caveats—Cisco IOS Release 12.2(2)XB
There are no resolved caveats specific to Cisco IOS Release 12.2(2)XB that require documentation in the release notes.
Related Documentation
The following sections describe the documentation available for the Cisco MC3810. These documents consist of hardware and software installation guides, Cisco IOS configuration guides and command references, system error messages, feature modules, and other documents.
Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online on Cisco.com and the Documentation CD-ROM.
Note If you have an account with Cisco.com, you can also use the Bug Toolkit to find select caveats of any
severity. To reach the Bug Toolkit, log in to Cisco.com and click Service & Support: Software
Center: Cisco IOS Software: BUG TOOLKIT. Another option is to go to
http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl.
Platform-Specific Documents
These documents are available for the Cisco MC3810 on Cisco.com and the Documentation CD-ROM:
Quick Start Guide: Cisco MC3810 Installation and Startup
Feature modules describe new features supported by Cisco IOS Release 12.2(2) XB14 and are updates to the Cisco IOS documentation set. A feature module consists of a brief overview of the feature, benefits, configuration tasks, and a command reference. As updates, the feature modules are available online only. Feature module information is incorporated in the next printing of the Cisco IOS documentation set.
Cisco IOS software is packaged in feature sets that are supported on specific platforms. To get updated information regarding platform support for this feature, access Cisco Feature Navigator. Cisco Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.
Cisco Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or release. Under the release section, you can compare releases side by side to display both the features unique to each software release and the features in common.
To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents. The CiscoIOS software documentation set is shipped with your order in electronic form on the Documentation CD-ROM—unless you specifically ordered the printed versions.
Documentation Modules
Each module in the Cisco IOS documentation set consists of one or more configuration guides and one or more corresponding command references. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference.
Table 20 lists the contents of the Cisco IOS Release 12.2 software documentation set, which is available in electronic form and in printed form if ordered.
Note You can find the most current Cisco IOS documentation on
Cisco.com and the Documentation CD-ROM.
Cisco IOS User Interfaces File Management System Management
Cisco IOS Bridging and IBM Networking Configuration Guide
Cisco IOS Bridging and IBM Networking Command Reference, Volume 1 of 2
Cisco IOS Bridging and IBM Networking Command Reference, Volume 2 of 2
Transparent Bridging SRB Token Ring Inter-Switch Link Token Ring Route Switch Module RSRB DLSW+ Serial Tunnel and Block Serial Tunnel LLC2 and SDLC IBM Network Media Translation SNA Frame Relay Access NCIA Client/Server Airline Product Set DSPU and SNA Service Point SNA Switching Services Cisco Transaction Connection Cisco Mainframe Channel Connection CLAW and TCP/IP Offload CSNA, CMPC, and CMPC+ TN3270 Server
Cisco IOS Dial Technologies Command Reference, Volume 1 of 2
Cisco IOS Dial Technologies Command Reference, Volume 2 of 2
Dial Access Modem and Dial Shelf Configuration and Management ISDN Configuration Signaling Configuration Point-to-Point Protocols Dial-on-Demand Routing Dial Backup Dial Related Addressing Service Network Access Solutions Large-Scale Dial Solutions Cost-Control Solutions Internetworking Dial Access Scenarios
Cisco IOS Interface Configuration Guide
Cisco IOS Interface Command Reference
LAN Interfaces Serial Interfaces Logical Interfaces
Cisco IOS IP Configuration Guide
Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services
Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols
Cisco IOS IP Command Reference, Volume 3 of 3: Multicast
IP Addressing IP Services IP Routing Protocols IP Multicast
Cisco IOS AppleTalk and Novell IPX Configuration Guide
Cisco IOS AppleTalk and Novell IPX Command Reference
AppleTalk Novell IPX
Cisco IOS Apollo Domain, Banyan VINES, DECnet, ISO CLNS, and XNS Configuration Guide
Cisco IOS Apollo Domain, Banyan VINES, DECnet, ISO CLNS, and XNS Command Reference
Apollo Domain Banyan VINES DECnet ISO CLNS XNS
Cisco IOS Voice, Video, and Fax Configuration Guide
Cisco IOS Voice, Video, and Fax Command Reference
Voice over IP Call Control Signaling Voice over Frame Relay Voice over ATM Telephony Applications Trunk Management Fax, Video, and Modem Support
Cisco IOS Quality of Service Solutions Configuration Guide
Cisco IOS Quality of Service Solutions Command Reference
Packet Classification Congestion Management Congestion Avoidance Policing and Shaping Signaling Link Efficiency Mechanisms
Cisco IOS Security Configuration Guide
Cisco IOS Security Command Reference
AAA Security Services Security Server Protocols Traffic Filtering and Firewalls IP Security and Encryption Passwords and Privileges Neighbor Router Authentication IP Security Options Supported AV Pairs
Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which is shipped with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual subscription.
Ordering Documentation
You can order Cisco documentation in these ways:
Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Networking Products MarketPlace:
Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, U.S.A.) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).
Documentation Feedback
You can submit comments electronically on Cisco.com. In the Cisco Documentation home page, click the Fax or Email option in the "Leave Feedback" section at the bottom of the page.
You can e-mail your comments to bug-doc@cisco.com.
You can submit your comments by mail by using the response card behind the front cover of your document or by writing to the following address:
Cisco Systems Attn: Document Resource Connection 170 West Tasman Drive San Jose, CA 95134-9883
We appreciate your comments.
Obtaining Technical Assistance
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain online documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site.
Cisco.com
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.
Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you with these tasks:
Streamline business processes and improve productivity
Resolve technical issues with online support
Download and test software packages
Order Cisco learning materials and merchandise
Register for online skill assessment, training, and certification programs
If you want to obtain customized information and service, you can self-register on Cisco.com. To access Cisco.com, go to this URL:
The Cisco Technical Assistance Center (TAC) is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two levels of support are available: the Cisco TAC Web Site and the Cisco TAC Escalation Center.
Cisco TAC inquiries are categorized according to the urgency of the issue:
Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration.
Priority level 3 (P3)—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.
Priority level 2 (P2)—Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available.
Priority level 1 (P1)—Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available.
The Cisco TAC resource that you choose is based on the priority of the problem and the conditions of service contracts, when applicable.
Cisco TAC Web Site
You can use the Cisco TAC Web Site to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to this URL:
All customers, partners, and resellers who have a valid Cisco service contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to this URL to register:
If you are a Cisco.com registered user, and you cannot resolve your technical issues by using the Cisco TAC Web Site, you can open a case online by using the TAC Case Open tool at this URL:
If you have Internet access, we recommend that you open P3 and P4 cases through the Cisco TAC Web Site.
Cisco TAC Escalation Center
The Cisco TAC Escalation Center addresses priority level 1 or priority level 2 issues. These classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer automatically opens a case.
To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to this URL:
Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled: for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). When you call the center, please have available your service agreement number and your product serial number.