Cisco AS5400 - Cisco IOS Release 12.2 XB

Release Notes for Cisco AS5400 Universal Gateways for Cisco IOS Release 12.2(2)XB15

January 14, 2005

Cisco IOS Release 12.2(2)XB15

OL-1680-01 Rev. S2

Note Cisco IOS Release 12.2(2)XB introduces the Cisco AS5400HPX universal gateways, which support a high performance motherboard. The Cisco AS5400HPX does not support images prior to Cisco IOS Release 12.2(2)XB.

These release notes for the Cisco AS5400 universal gateways describe the enhancements provided in Cisco IOS Release 12.2(2)XB15. These release notes are updated as needed.

For a list of the software caveats that apply to Cisco IOS Release 12.2(2)XB15, see the "Caveats for Cisco IOS Release 12.2 XB" section and Caveats for Cisco IOS Release 12.2. The caveats document is updated for every maintenance release and is located on Cisco.com and the Documentation CD-ROM.

Use these release notes with Cross-Platform Release Notes for Cisco IOS Release 12.2 located on Cisco.com and the Documentation CD-ROM.

Cisco recommends that you view the field notices for this release to see if your software or hardware platforms are affected. If you have an account on Cisco.com, you can find field notices at http://www.cisco.com/warp/customer/tech_tips/index/fn.html. If you do not have a Cisco.com login account, you can find field notices at http://www.cisco.com/warp/public/tech_tips/index/fn.html.

These release notes describe the following topics:

• Introduction

• System Requirements

• New and Changed Information

• MIBs

• Limitations and Restrictions

• Important Notes

• Caveats for Cisco IOS Release 12.2 XB

• Related Documentation

• Obtaining Documentation

• Obtaining Technical Assistance

Introduction

The Cisco AS5400 Universal Gateway is a two-rack unit, 8, 12, or 16 T1/E1, 1 CT3 gateway that provides universal port data, voice, and fax services on any port at any time. The Cisco AS5400 offers high performance and high reliability in a compact, modular design. This cost-effective platform is intended for Internet service providers (ISPs) and enterprises requiring innovative universal services.

For information on new features and Cisco IOS commands supported by Cisco IOS Release 12.2(2)XB15, see the "New and Changed Information" section and the "Related Documentation" section.

System Requirements

This section describes the system requirements for Cisco IOS Release 12.2(2)XB15 and includes the following sections:

• Memory Recommendations

• Supported Hardware

• Determining the Software Version

• Feature Set Tables

Memory Recommendations

Table 1 Memory Recommendations for the Cisco AS5400 Universal Gateways
Image Name	Software Image	Recommended Flash Memory	Recommended DRAM Memory	Runs From
IP Plus	c5400-is-mz	32 MB	256 MB	RAM
IP Plus IPsec 56	c5400-ik8s-mz	32 MB	256 MB	RAM
Enterprise Plus	c5400-js-mz	32 MB	256 MB	RAM
Enterprise Plus IPsec 56	c5400-jk8s-mz	32 MB	256 MB	RAM
Enterprise Plus IPsec 3DES	c5400-jk9s-mz	32 MB	256 MB	RAM

Supported Hardware

Cisco IOS Release 12.2(2)XB15 supports the Cisco AS5400 and Cisco AS5400HPX universal gateways.

For detailed descriptions of the new hardware features, see the "New and Changed Information" section.

For additional information about supported hardware for this platform and release, please refer to the Hardware/Software Compatibility Matrix in the Cisco Software Advisor at the following location:

http://www.cisco.com/cgi-bin/front.x/Support/HWSWmatrix/hwswmatrix.cgi

Table 2 Supported Interfaces for the Cisco AS5400 universal gateways
Interfaces and Dial Feature Cards	Product Description
Dial Feature Cards	AS54-DFC-CT3
	AS54-DFC-60NP
	AS54-DFC-108NP
	2 PRI DFC, 4 PRI DFC, 8 PRI DFC
LAN Interfaces	Fast Ethernet 10/100BaseT (RJ-45)
Trunk/Backhaul Interface Options	2PRI CT1/CE1 DFC, 4PRI CT1/CE1 DFC, 8PRI CT1/CE1 DFC
	CT3 DFC
	2 serial ports on the motherboard

Determining the Software Version

To determine the version of Cisco IOS software running on your Cisco AS5400 universal gateways, log in to the Cisco AS5400 universal gateways and enter the show version EXEC command:

Router> show version

Cisco Internetwork Operating System Software

IOS (tm) 12.2 XB Software (c5400-is-mz), Version 12.2(2)XB15, RELEASE SOFTWARE

Feature Set Tables

The Cisco IOS software is packaged in feature sets consisting of software images—depending on the platform. Each feature set contains a specific set of Cisco IOS features.

Cisco IOS Release 12.2(2)XB15 is based on the following releases:

•Cisco IOS Release 12.1(5)XM

•Cisco IOS Release 12.2(1)

•Cisco IOS Release 12.2(2)XA

All features in the above releases are in Cisco IOS Release 12.2(2)XB15. Their features are listed in the "Feature Set Tables" sections of the following release notes:

•Release Notes for Cisco AS5400 universal gateways for Cisco IOS Release 12.1 XM at:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121relnt/5400/rn5400xm.htm

•Cisco IOS Release 12.2 Cross-Platform Release Notes

Click Platform-Specific Information and Cisco AS5400 Universal Gateways at:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122relnt/xprn122/index.htm

•Release Notes for Cisco AS5400 universal gateways for Cisco IOS Release 12.2 XA at:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122relnt/5400/rn5400xa.htm

Caution

Cisco IOS images with strong encryption (including, but not limited to, 168-bit Triple Data Encryption Standard [3DES] data encryption feature sets) are subject to United States government export controls and have limited distribution. Strong encryption images to be installed outside the United States are likely to require an export license. Customer orders may be denied or subject to delay because of United States government regulations. When applicable, purchaser and user must obtain local import and use authorizations for all encryption strengths. Please contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com.

Table 3 lists the features and feature sets supported by the Cisco AS5400 universal gateways in Cisco IOS Release 12.2(2)XB15 and uses the following conventions:

•Yes—The feature is supported in the software image.

•No—The feature is not supported in the software image.

•In—The number in the "In" column indicates the Cisco IOS release in which the feature was introduced.

Note These release notes are not cumulative and only list features that are new to Cisco IOS Release 12.2 XB. One of the parent releases for Cisco IOS Release12.2 XB is Cisco IOS Release 12.2(1). To find information about inherited features in this release, refer to Cisco.com or Feature Navigator. For Cisco.com, go to http://www.cisco.com/univercd/home/index.htm, select the appropriate software release under Cisco IOS Software, and click Release Notes. If you have a Cisco.com login account, you can use the Feature Navigator tool at http://www.cisco.com/go/fn.

Table 3 Feature List by Feature Set for the Cisco AS5400 Universal Gateways
	In	Software Images by Feature Set
Features	In	IP Plus	IP Plus IPsec 56	Enterprise Plus	Enterprise Plus IPsec 56
Dial
NAS Package for MGCP	12.2(2)XB	Yes	No	Yes	No
PRI/Q.931 Signaling Backhaul for Call Agent Applications	12.2(2)XB	Yes	Yes	Yes	Yes
V.44 LZJH Compression	12.2(2)XB	Yes	Yes	Yes	Yes
V.92 Modem on Hold	12.2(2)XB	Yes	Yes	Yes	Yes
V.92 Quick Connect	12.2(2)XB	Yes	Yes	Yes	Yes
IP - Routing Protocols
SIP INVITE Request with Malformed Via Header	12.2(2)XB	Yes	No	Yes	No
Other
Cisco AS5400HPX	12.2(2)XB	Yes	Yes	Yes	Yes
Particle Drivers	12.2(2)XB	Yes	Yes	Yes	Yes
Quality of Service
MGCP VoIP Call Admission Control	12.2(2)XB	Yes	Yes	Yes	Yes
Voice
Call Transfer Capabilities Using Refer	12.2(2)XB	Yes	No	Yes	No
Configurable PSTN Cause Code to SIP Response Mapping	12.2(2)XB	Yes	No	Yes	No
DTMF Relay Using NTE	12.2(2)XB	Yes	No	Yes	No
Fax Relay Packet Loss Concealment	12.2(2)XB2	Yes	Yes	Yes	Yes
Full Functionality Long Pound	12.2(2)XB	Yes	No	Yes	No
MGCP 1.0 with NCS 1.0 and TGCP 1.0 Profiles	12.2(2)XB	Yes	Yes	Yes	Yes
MGCP-Based Fax (T.38) and DTMF Relay	12.2(2)XB	Yes	Yes	Yes	Yes
RADIUS Packet of Disconnect	12.2(2)XB	Yes	No	Yes	No
RFC2782 Compliance for DNS SRV	12.2(2)XB	Yes	No	Yes	No
SIP Gateway Support for Bind Command	12.2(2)XB	Yes	No	Yes	No
SIP Gateway Support of RSVP and "tel" URL	12.2(2)XB	Yes	No	Yes	No
SIP T.38 Fax Relay	12.2(2)XB	Yes	No	Yes	No
T.37 Fax and Store Forward Enhancement to the T.37/T.38 Fax Gateway Feature	12.2(2)XB2	Yes	Yes	Yes	Yes
WAN
ISDN and V.120 Support For NextPort DSPs	12.2(2)XB	Yes	Yes	Yes	Yes

New and Changed Information

The following sections list the new hardware and software features supported by the Cisco AS5400 universal gateways for Cisco IOS Release 12.2(2)XB15.

New Hardware and Software Features in Cisco IOS Release 12.2(2)XB6 to Cisco IOS Release 12.2(2)XB15

No new hardware or software features are supported by the Cisco AS5400 universal gateways for Cisco IOS Release 12.2(2)XB6 to Cisco IOS Release 12.2(2)XB15.

Note Cisco IOS Release 12.2(2)XB9 is not distributed for widespread availability. Cisco IOS Release 12.2(2)XB13 does not exist.

New Hardware Features in Cisco IOS Release 12.2(2)XB5

No new hardware features are supported by the Cisco AS5400 universal gateways for Cisco IOS Release 12.2(2)XB5.

New Software Features in Cisco IOS Release 12.2(2)XB5

The following new software features are supported by the Cisco AS5400 universal gateways for Cisco IOS Release 12.2(2)XB5:

EAP RADIUS Support

The EAP RADIUS Support feature allows users to apply to the client authentication methods that may not be supported by the network access server; this is done via the Extensible Authentication Protocol (EAP). Before this feature was introduced, support for various authentication methods for PPP connections required custom vendor-specific work and changes to the client and NAS.

EAP is an authentication protocol for PPP that supports multiple authentication mechanisms that are negotiated during the authentication phase (instead of the link control protocol [LCP] phase). EAP allows a third-party authentication server to interact with a PPP implementation through a generic interface.

MS CHAP Version 2

The MS CHAP Version 2 feature in Cisco IOS Release 12.2(2)XB5 introduces the ability of Cisco routers to utilize Microsoft Challenge Handshake Authentication Protocol Version 2 (MSCHAP V2) authentication for PPP connections between a computer using a Microsoft Windows operating system and a network access server (NAS). MSCHAP V2 authentication is an updated version of MSCHAP that is similar to, but incompatible with MSCHAP. MSCHAP V2 introduces mutual authentication between peers and a change password feature.

New Hardware and Software Features for Cisco IOS Release 12.2(2)XB3 to Cisco IOS Release 12.2(2)XB4

No new hardware or software features are supported by the Cisco AS5400 universal gateways for Cisco IOS Release 12.2(2)XB3 to Cisco IOS Release 12.2(2)XB4.

New Hardware Features in Cisco IOS Release 12.2(2)XB2

No new hardware features are supported by the Cisco AS5400 universal gateways for Cisco IOS Release 12.2(2)XB2.

New Software Features in Cisco IOS Release 12.2(2)XB2

The following new software features are supported by the Cisco AS5400 universal gateways for Cisco IOS Release 12.2(2)XB2:

Fax Relay Packet Loss Concealment

This feature improves the current real-time Fax over IP (commonly known as fax relay) implementation in Cisco gateways, allowing fax transmissions to work reliably over higher packet loss conditions. The improvement is the configuration of fax relay Error Correction Mode (ECM) on the Voice over IP (VoIP) dial peer. ECM provides for error-free page transmission and is available on fax machines that include memory for storage of the page data (usually high-end fax machines).

When ECM is disabled, the page is transmitted using high-speed modulation in its raw encoded format. When detecting line errors with ECM disabled, the receiving fax has three options (in order of severity):

•Respond to page reception with the ReTrain Positive command. This response causes the transmitting fax to go through the training check process before transmitting the next page.

•Respond to the page reception with the ReTrain Negative command. This response causes the transmitting fax to go through the Training Check Frame (TCF) process with a lower modulation scheme.

•Disconnect immediately.

When ECM is enabled, the page is transmitted in a series of blocks. After receiving the complete page data, the receiving fax indicates any frames with errors. The transmitting fax then retransmits these frames. This process is repeated until all frames are received without errors. If the receiving fax is unable to receive an error-free page, the fax transmission might fail and one of the fax machines disconnects. With packet loss levels greater than 2 percent, fax transmissions consistently fail between page transmissions when ECM is enabled.

Refer to the following document for further information:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/ft_0393.htm

T.37 Fax and Store Forward Enhancement to the T.37/T.38 Fax Gateway Feature

The T.37/T.38 Fax Gateway includes two features: T.38 Fax Relay and T.37 Fax and Store Forward. T.38 Fax Relay was released in Cisco IOS Release 12.1(5)XM for the Cisco AS5350 and Cisco AS5400. Cisco IOS Release 12.2(2)XB2 completes the T.37/T.38 Fax Gateway feature with the introduction of T.37 Fax and Store Forward.

When the Cisco universal gateway is equipped with universal port dial feature cards (DFCs), it supports carrier-class Voice over IP (VoIP) and fax over IP services. Since the Cisco universal gateway is H.323 compliant, it supports a family of industry-standard voice codecs and provides echo cancellation and Voice Activity Detection (VAD)/silence suppression. The DFCs work with existing telephone and fax equipment, and are compatible with H.323 standards for audio and video conferencing.

Fax over IP uses a proprietary T.38 and an H.323 connection. The T.37 path uses the Extended Simple Mail Transfer Protocol (ESMTP) store and forward method. The on-ramp gateway router accepts fax data from the PSTN or a fax machine connected to the analog line.

It converts the fax data into a TIFF attachment in a MIME e-mail message and transmits it to a store and forward SMTP server. These servers deliver the faxmail message to the off-ramp gateway router. Once the off-ramp gateway router receives the faxmail message, it processes the message and initiates a session with the destination fax machine.

The T.38 path will take precedence over the T.37 path whenever possible. This means that as a fax session is being set up, the sending gateway will first communicate using the T.38 path. If the communication fails, the sending gateway will rollover to the Cisco T.37 path if it is configured to rollover.

Refer to the following document for further information:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/plfxrl5x.htm

New Hardware and Software Features in Cisco IOS Release 12.2(2)XB1

No new hardware and software features are supported by the Cisco AS5400 universal gateways for Cisco IOS Release 12.2(2)XB1.

New Hardware Features in Cisco IOS Release 12.2(2)XB

The following new hardware feature is supported by the Cisco AS5400 universal gateways for Cisco IOS Release 12.2(2)XB:

Cisco AS5400HPX

Note The Cisco AS5400HPX does not support images prior to Cisco IOS Release 12.2(2)XB.

Cisco IOS Release 12.2(2)XB introduces the Cisco AS5400HPX universal gateway, which supports a higher performance motherboard than the Cisco AS5400 universal gateways. The high performance motherboard has an upgraded CPU and L3 cache.

Refer to the following document for further information:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/as5400/hw_inst/mem_warn.htm

New Software Features in Cisco IOS Release 12.2(2)XB

The following new software features are supported by the Cisco AS5400 universal gateways for Cisco IOS Release 12.2(2)XB:

Call Transfer Capabilities Using Refer

Call transfer allows a wide variety of decentralized multiparty call operations. These decentralized call operations form the basis for third-party call control, and thus are important features for Voice over IP (VoIP) and SIP. Call transfer is also critical for conference calling, where calls can transition smoothly between multiple point-to-point links and IP level multicasting.

Refer to the following document for further information:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/ftrefer.htm

Configurable PSTN Cause Code to SIP Response Mapping

For calls to be established between a SIP network and a PSTN network, the two networks must be able to interoperate. One aspect of their interoperation is the mapping of PSTN cause codes, which indicate reasons for PSTN call failure or completion, to SIP status codes or events. The opposite is also true: SIP status codes or events are mapped to PSTN cause codes. Event mapping tables found in this document show the standard or default mappings between SIP and PSTN.

However, you may want to customize the SIP user agent software to override the default mappings between the SIP and PSTN networks. The Configurable PSTN Cause Code to SIP Response Mapping feature allows you to configure specific map settings between the PSTN and SIP networks. Thus, any SIP status code can be mapped to any PSTN cause code, or vice versa. When set, these settings can be stored in the NVRAM and are restored automatically on bootup.

Refer to the following document for further information:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/ftmap.htm

DTMF Relay Using NTE

The SIP NTE DTMF relay feature is used for the following applications:

•Reliable DTMF Relay

•SIP Phone Support

Note The SIP NTE DTMF relay feature is implemented for SIP calls only on Cisco Voice-over-IP (VoIP) gateways.

Reliable DTMF Relay

The SIP NTE DTMF relay feature provides reliable digit relay between Cisco VoIP gateways when a low bandwidth codec is used. Using NTE to relay DTMF tones provides a standardized means of transporting DTMF tones in Real-Time Transport Protocol (RTP) packets according to section 3 of RFC 2833, RTP Payload for DTMF Digits, Telephony Tones and Telephony Signals, developed by the Internet Engineering Task Force (IETF) Audio/Video Transport (AVT) working group. RFC 2833 defines formats of NTE RTP packets used to transport DTMF digits, hookflash, and other telephony events between two peer endpoints.

Note The SIP NTE DTMF relay feature does not support hookflash generation for advanced features such as call waiting and conferencing.

SIP Phone Support

The SIP NTE DTMF relay feature adds SIP phone support. When SIP IP phones are running software that does not have the capability to generate DTMF tones, the phones use NTE packets to indicate DTMF digits. With the SIP NTE DTMF relay feature, Cisco VoIP gateways can communicate with SIP phones that use NTE packets to indicate DTMF digits. The Cisco VoIP gateways can relay the digits to other endpoints.

Refer to the following document for further information:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/ft_dtmf.htm

Full Functionality Long Pound

This feature allows an IVR application to detect a long pound (new call request) at any point after the gateway accepts the incoming call. When the calling-party presses "long #", the gateway terminates any current or pending call state and initiates a new call setup.

For further information, refer to the TCL IVR API Version 2.0 Programmer's Guide at:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/vapp_dev/tclivrv2.htm.

ISDN and V.120 Support For NextPort DSPs

This feature provides full coverage for digital calls and performance enhancement for V.120 calls. The feature permits terminating synchronous ISDN and V.120 sessions without customer intervention. This feature allows the Cisco AS5400 series universal gateways to terminate more than 256 ISDN sessions per channelized T3 (CT3) controller by adding ISDN capacity. This feature is mandatory for wholesale dial installations where ISDN is being used. This feature permits V.120 calls to operate on the NextPort DSP instead of the CT3 controller to reduce activity on the central processing unit and to increase the V.120 call capability. Support for these enhancements is automatic, and no configuration steps are required.

MGCP 1.0 with NCS 1.0 and TGCP 1.0 Profiles

This feature implements the following protocols on the supported Cisco media gateways:

•Media Gateway Control Protocol (MGCP) 1.0, which applies to both trunking gateways and residential gateways. Each type of gateway supports a subset of MGCP media event packages.

•Network-based Call Signaling (NCS) 1.0, the PacketCable profile of MGCP 1.0 for residential gateways (RGWs)

� Trunking Gateway Control Protocol (TGCP) 1.0, the PacketCable profile of MGCP 1.0 for trunking gateways (TGWs)

The MGCP 1.0 specification and the NCS and TGCP profiles support new packages, endpoints, and event definitions. In addition, the specifications provide more detail regarding error recovery. In general, the latest edition of the MGCP specification provides greater feature functionality and guidelines for more reliable implementations of the protocol. MGCP 1.0 has the ability to interoperate with H.323 and SIP control agents, which allows leverage of the feature sets available in the different protocols, and provides the ability to migrate smoothly from one protocol to another.

Media Gateway Control Protocol (MGCP) 1.0 is a protocol for the control of Voice over IP (VoIP) calls by external call-control elements known as media gateway controllers (MGCs) or call agents (CAs). It is described in the informational RFC2705, published by the Internet Society. MGCP 1.0 provides flexible interoperability with a wide variety of call agents, thus enabling an extensive range of solutions.

The NCS and TGCP protocol specifications were developed through PacketCable, an industry-wide initiative to establish interoperability standards for multimedia services over cable facilities using packet technology, led by CableLabs, an industry consortium. The NCS and TGCP protocol specifications contain extensions and modifications to MGCP while preserving basic MGCP architecture and constructs. NCS 1.0 is designed for use with analog, single-line user equipment on residential gateways, while TGCP 1.0 is intended for use in VoIP-to-PSTN trunking gateways in a cable environment. TGCP and NCS allow participation in packet cable solutions, but the specifications do not preclude using them in non-cable environments.

Refer to the following document for further information:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/as5400/sw_conf/ios_122/122_2x/pulmgcpd.htm

MGCP-Based Fax (T.38) and DTMF Relay

The MGCP Based Fax (T.38) and DTMF (IETF) Relay feature adds support for fax relay and DTMF relay with MGCP. The fax relay component conforms to ITU-T T.38, Procedures for real-time Group 3 facsimile communication over IP networks, which determines procedures for real-time facsimile communication in various gateway control protocol (XGCP) applications. The DTMF relay component conforms to RFC 2833, RTP Payload for DTMF Digits, Telephony Tones and Telephony Signals, developed by the Internet Engineering Task Force (IETF) Audio/Video Transport (AVT) working group. Per RFC 2833, DTMF is relayed using Named Telephony Events (NTEs) in Real-Time Transport Protocol (RTP) packets.

This feature provides two modes of implementation for each component: gateway (GW)-controlled mode and call agent (CA)-controlled mode. In GW-controlled mode, GWs negotiate DTMF and fax relay transmission by exchanging capability information in Session Description Protocol (SDP) messages. That transmission is transparent to the CA. GW-controlled mode allows use of the MGCP Based Fax (T.38) and DTMF (IETF) Relay feature without upgrading the CA software to support the feature.

In CA-controlled mode, CAs use MGCP messaging to instruct GWs to process fax and DTMF traffic. For MGCP T.38 Fax Relay, the CAs can also instruct GWs to revert to GW-controlled mode if the CA is unable to handle the fax control messaging traffic; for example, in overloaded or congested networks.

Refer to the following document for further information:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/ftmgcpfx.htm

MGCP VoIP Call Admission Control

MGCP CAC determines if calls can be accepted on the IP network based on available network resources. Prior to this release, MGCP VoIP calls were established regardless of the available resources on the gateway or network. The gateway had no mechanism for gracefully refusing calls if resources were not available to process the call. New calls would fail with unexpected behavior and in-progress calls would experience quality-related problems.

Refer to the following document for further information:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/ftmgcpma.htm

NAS Package for MGCP

This feature adds support for the MGCP NAS package on the Cisco AS5350 and Cisco AS5400 Universal Gateways. With this implementation, data calls can be terminated on a trunking media gateway that is serving as a network access server (NAS). Trunks on the NAS are controlled and managed by a call agent supporting MGCP for both voice and data calls. The call agent must support the MGCP NAS package.

These capabilities are enabled by the universal port functionality of the Cisco AS5350 and the Cisco AS5400, which allows these platforms to operate simultaneously as network access servers and voice gateways to deliver universal services on any port at any time. These universal services include dial access, real-time voice and fax, wireless data access, and unified communications.

Refer to the following document for further information:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/ft_mgnas.htm

Particle Drivers

This feature is a collection of performance and reliability improvements for the Cisco AS5350, Cisco AS5400 and Cisco AS5400HPX universal gateways. It includes particles-based packet drivers for improved performance. These particle drivers optimize Cisco IOS fastswitching code and significantly improve the way IOS uses processor cache memory. Data packets for some protocols, such as MLPPP, IP Multicast, and cRTP, are fastswitched with particle drivers. Cisco IOS CEF switching paths are highly optimized with particle drivers.

ECC Error Correction and Dual Watchdog Timers

The feature includes ECC error correction and Dual Watchdog Timers for improved reliability.

PRI/Q.931 Signaling Backhaul for Call Agent Applications

PRI/Q.931 signaling backhaul is the ability to reliably transport the signaling (Q.931 and above layers) from a PRI trunk that is physically connected to a media gateway (for example, a Cisco AS5350 or Cisco AS5400) to a media gateway controller (Cisco VSC3000) for processing. Additionally, the Cisco VSC3000 can respond through the same interface. For the purposes of this document, the media gateway controller will be referred to as the virtual switch controller (VSC).

The backhaul takes place between a media gateway and a VSC. The gateways provide an interface between the Public Switched Telephone Network (PSTN) and the packet network world (IP or ATM). The VSC provides call processing and gateway control.

The general principle behind signaling backhaul is to reliably pass as many layers of a protocol stack as possible through a gateway directly to the VSC.

Generally, signaling backhaul would occur at a common boundary for all protocols. For ISDN, the signaling backhaul will take place at the layer 2 (Q.921) and layer 3 (Q.931) boundary. The lower layers of the protocol will be terminated and processed on the gateway, while the upper layers will be backhauled to the VSC. The upper layers of the protocol are backhauled, or transported, to the VSC using Reliable User Datagram Protocol, or RUDP over IP. RUDP provides autonomous notification of connected and failed sessions, and in-sequence, guaranteed delivery of signaling protocols across an IP network. Backhaul session manager is a software function on the VSC and gateway that manages RUDP sessions. It also groups sessions between endpoints and establishes a selection priority, and collects these groups together to form a set.

Signaling backhaul provides the additional advantage of distributed protocol processing. This permits greater expandability and scalability while offloading lower layer protocol processing from the VSC.Refer to the following document for further information:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/as5400/sw_conf/ios_122/122_2x/pul0144.htm

RADIUS Packet of Disconnect

This feature consists of a method for terminating a call that has already been connected. This "Packet of Disconnect" (POD) is a RADIUS access_reject packet and is intended to be used in situations where the AAA server wants to disconnect the user after the session has been accepted by the RADIUS access_accept packet. This may be needed in at least two situations:

•Detection of fraudulent use, which cannot be performed before accepting the call.

•A price structure so complex that the maximum session duration cannot be estimated before accepting the call. This may be the case when certain types of discounts are applied or when multiple users use the same subscription simultaneously.

Refer to the following document for further information:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/ft_pod.htm

RFC2782 Compliance for DNS SRV

SIP on Cisco VoIP gateways uses Domain Name System Server (DNS SRV) query to determine the IP address of the user endpoint. The query string has a prefix in the form of "protocol.transport." and is attached to the fully qualified domain name (FQDN) of the next hop SIP server. This prefix style, from RFC 2052, has always been available; however, with this release, a second style is also available. The second style is in compliance with RFC 2782, and prepends the protocol label with an underscore "_"; as in "_protocol._transport.". The addition of the underscore reduces the risk of the same name being used for unrelated purposes. The form compliant with RFC 2782 is the default style.

Use the srv version command to configure the DNS SRV feature.

For further information, refer to the RFC2782 Compliance (Style of DNS SRV Queries) section at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/vvfresrv.htm.

SIP Gateway Support for Bind Command

In previous releases of Cisco IOS software, the source address of a packet going out of the gateway was never deterministic. That is, the session protocols and VoIP layers always depended on the IP layer to give the best local address. The best local address was then used as the source address (the address showing where the SIP request came from) for signaling and media packets. Using this nondeterministic address occasionally caused confusion for firewall applications, as a firewall could not be configured with an exact address and would take action on several different source address packets.

However, the bind interface command allows you to configure the source IP address of signaling and media packets to a specific interface's IP address. Thus, the address that goes out on the packet is bound to the IP address of the interface specified with the bind command. Packets that are not destined to the bound address are discarded.

When you do not want to specify a bind address, or if the interface is down, the IP layer still provides the best local address.

Refer to the following document for further information:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/ftbind.htm

SIP Gateway Support of RSVP and "tel" URL

The SIP Gateway Support of RSVP and TEL URL feature provides the following SIP enhancements:

•RSVP

•Telephone URL Format in SIP Messages

•Interaction with Forking Proxies

•SIP Hairpinning

•Reliability of SIP Provisional Responses

•Configurable Screening Indicator

•RFC2782 Compliance (Style of DNS SRV Queries)

RSVP

In previous Cisco IOS releases, SIP applications over IP networks functioned as best-effort services — their media packets were delivered with no performance guarantees. However, SIP Gateway Support of RSVP and TEL URL ensures quality of service (QoS) by coordinating SIP call signaling and RSVP resource management. This feature reserves sufficient network-layer resources to guarantee bandwidth and bounds on packet loss, delay, and jitter; thus ensuring that the called party's phone rings only after bandwidth required for the call has been successfully reserved.

Telephone URL Format in SIP Messages

The SIP Gateway Support of RSVP and TEL URL feature also supports Telephone Uniform Resource Locators or TEL URL. Currently SIP gateways support URLs in the SIP format. SIP URLs are used in SIP messages to indicate the originator, recipient, and destination of the SIP request. However, SIP gateways may also encounter URLs in other formats, such as TEL URLs. TEL URLs describe voice call connections. They also enable the gateway to accept TEL calls sent through the Internet, and to generate TEL URLs in the request line of outgoing INVITEs requests.

Interaction with Forking Proxies

Support for call forking enables the terminating gateway to handle multiple requests and the originating gateway to handle multiple provisional responses for the same call. Interaction with forking proxies applies to gateways acting as a user agent client (UAC), and takes place when a user is registered to several different locations. When the UAC sends an INVITE message to a proxy, the proxy forks the request and sends it to multiple user agents (UAs). The SIP gateway processes multiple 18X responses by treating them as independent transactions under the same call ID. When the relevant dial peers are configured for QoS, the gateway maintains state and initiates RSVP reservations for each of these independent transactions. When it receives an acknowledgment, such as a 200 OK, the gateway accepts the successful acknowledgment and destroys state for all other transactions.

The forking functionality sets up RSVP for each transaction only if the dial peers are configured for QoS. If not, the calls proceed as best-effort.

SIP Hairpinning

SIP hairpinning is a call routing capability in which an incoming call on a specific gateway is signaled through the IP network and back out the same gateway. This can be a public switched telephone network (PSTN) call routed into the IP network and back out to the PSTN over the same gateway. Similarly, SIP hairpinning can be a call signaled from a line (for example, a telephone line) to the IP network and back out to a line on the same access gateway. With SIP hairpinning, unique gateways for ingress and egress are no longer necessary.

Reliability of SIP Provisional Responses

SIP reliable provisional responses ensure that media information is exchanged and resource reservation can take place prior to connecting the call. Provisional acknowledgement (PRACK) and conditions met (COMET) are two methods that have been implemented.

PRACK allows reliable exchanges of SIP provisional responses between SIP endpoints. COMET indicates if the pre-conditions for a given call or session have been met.

Configurable Screening Indicator

Screening Indicator (SI) is a signaling-related information element found in octet 3a of the ISDN SETUP message that can be used as an authorization mechanism for incoming calls. Enhancements have been made to the Tool Command Language (TCL) Interactive Voice Response (IVR) 2.0 command set that allow SIP terminating gateways to assign a specific value to the screening indicator through the use of TCL scripts.

RFC2782 Compliance (Style of DNS SRV Queries)

Refer to the following document for further information:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/vvfresrv.htm

SIP INVITE Request with Malformed Via Header

A SIP INVITE requests that a user or service participate in a session. Each INVITE contains a Via header that indicates the transport path taken by the request so far, and where to send a response.

In the past, when an INVITE contained a malformed Via header, the gateway would print a debug message and discard the INVITE without incrementing a counter. However, the printed debug message was often inadequate, and it was difficult to detect that messages were being discarded.

The SIP INVITE Request with Malformed Via Header feature provides a response to the malformed request. A counter, Client Error: Bad Request, increments when a response is sent for a malformed Via field. Bad Request is a class 400 response and includes the explanation Malformed Via Field. The response is sent to the source IP address (the IP address where the SIP request originated) at User Datagram Protocol (UDP) port 5060.

Note This feature applies to messages arriving on UDP, because the Via header is not used to respond to messages arriving on TCP.

Refer to the following document for further information:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/ftmalvia.htm

SIP T.38 Fax Relay

The SIP T.38 Fax Relay feature adds standards-based fax support to SIP and conforms to ITU-T T.38, Procedures for real-time Group 3 facsimile communication over IP networks. The ITU-T standard specifies real-time transmission of faxes between two regular fax terminals over an IP network.

Refer to the following document for further information:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/ftsipfax.htm

V.44 LZJH Compression

V.44 LZJH is a new compression standard based on Lempel-Ziv that uses a new string-matching algorithm that increases upload and download speeds to make Internet access and Web browsing faster. The V.44 call success rate (CSR) is similar to V.42bis with significant compression improvement for most file types, including HTML files. V.44 applies more millions of instructions per second (MIPS) than V.42bis toward the same application data stream and yields better compression rates in almost any data stream in which V.42bis shows positive results.

V.44 supports automatic switching between compressed and transparent modes on NextPort DFC-108NP-bearing platforms. Automatic switching allows overall performance gain without loss in throughput for file streams that are not compressible.

V.44 is globally controlled through dialed number ID service (DNIS), calling line ID (CLID), and resource pool manager server (RPMS) virtual groups, and performance improvement is determined by the LZJH algorithms. The NextPort Dial Feature Card (DFC) is responsible for the ITU implementation of V.44 and the collection of statistics related to the new feature.

To support V.44 LZJH compression, the control switch module (CSM) has been modified. MIBs that show the status of V.42bis have been extended to show V.44 configuration status. New disconnect reasons help manage V.44 session status and debugging.

For further details, please see:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/ft_v44.htm

V.92 Modem on Hold

V.92 Modem on Hold allows a dial-in customer to suspend a modem session to answer an incoming voice call or to place an outgoing call while engaged in a modem session. When the dial-in customer uses Modem on Hold to suspend an active modem session to engage in an incoming voice call, the Internet service provider (ISP) modem listens to the original modem connection and waits for the dial-in customer's modem to resume the connection. When the voice call ends, the modem signals the telephone system to end the second call and return to the original modem connection, then the modem signals the ISP modem that it is ready to resume the modem call. Both modems renegotiate the connection, and the original exchange of data continues.

Note This feature is designed for use on telephone lines that are configured for call-waiting service; call-waiting signals trigger the suspension of the modem session. If call-waiting service is not present on the subscriber's line, other callers receive a busy signal, and the modem session is not interrupted.

For further details, please see:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/ftv92moh.htm

V.92 Quick Connect

V.92 Quick Connect speeds up the client-to-server startup negotiation, reducing the overall connect time up to 30 percent. The client modem retains line condition information and characteristics of the connection to the Internet service provider (ISP), which reduces connect time by avoiding some of the initial signal handshaking.

For further details, please see:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/ftv92qc.htm

MIBs

Current MIBs

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://tools.cisco.com/ITDIT/MIBS/servlet/index

If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:

http://www.cisco.com/register

Deprecated and Replacement MIBs

Old Cisco Management Information Bases (MIBs) will be replaced in a future release. Currently, OLD-CISCO-* MIBs are being converted into more scalable MIBs—without affecting existing Cisco IOS products or NMS applications. You can update from deprecated MIBs to the replacement MIBs as shown in Table 4.

Table 4 Deprecated and Replacement MIBs
Deprecated MIB	Replacement
OLD-CISCO-APPLETALK-MIB	RFC1243-MIB
OLD-CISCO-CHASSIS-MIB	ENTITY-MIB
OLD-CISCO-CPUK-MIB	To be determined
OLD-CISCO-DECNET-MIB	To be determined
OLD-CISCO-ENV-MIB	CISCO-ENVMON-MIB
OLD-CISCO-FLASH-MIB	CISCO-FLASH-MIB
OLD-CISCO-INTERFACES-MIB	IF-MIB CISCO-QUEUE-MIB
OLD-CISCO-IP-MIB	To be determined
OLD-CISCO-MEMORY-MIB	CISCO-MEMORY-POOL-MIB
OLD-CISCO-NOVELL-MIB	NOVELL-IPX-MIB
OLD-CISCO-SYS-MIB	(Compilation of other OLD* MIBs)
OLD-CISCO-SYSTEM-MIB	CISCO-CONFIG-COPY-MIB
OLD-CISCO-TCP-MIB	CISCO-TCP-MIB
OLD-CISCO-TS-MIB	To be determined
OLD-CISCO-VINES-MIB	CISCO-VINES-MIB
OLD-CISCO-XNS-MIB	To be determined

Limitations and Restrictions

The MICA and Microcom modems are not supported on the Cisco AS5400. Both modem and voice services are supported by using the NextPort dial feature card.

Important Notes

The following sections contain important notes about Cisco IOS Release 12.2(2) XB12 that can apply to the Cisco AS5400.

Building Integrated Timing Supply (BITS) Interface Port Clock Reference

The BITS interface port requires a T1 line composite clock reference set at 1.544 MHz and an E1 line composite clock reference set at 2.048 MHz.

H.323 and SIP Coexistence

Cisco IOS Software Release 12.2(2)XB6 provides support for session initiation protocol (SIP) and H.323 coexistence on the Cisco IOS gateway. SIP and H.323 coexistence is supported for the Cisco AS5400 and Cisco AS5350 platforms. The following H.323, SIP, and other features function simultaneously on the Cisco IOS gateway.

H.323 Features

•Cisco SS7 Interconnect for Voice Gateways Solution features

•Netspeak interoperability (Internet call waiting)

•PC-to-phone interoperability (Click to dial)

•Netspeak Cleartoken object ID (OID)

•Q.SIG

•Call deflection (H.450.3)

•Call transfer (H.450.2)

•H.235 call security

•Dual Tone Multi-Frequency (DTMF) tunneling

•Public Switched Telephone Network (PSTN) fallback based on Voice Over IP (VoIP) network congestion

•Call admission control; programmable call treatment

•T.38 fax relay and fax relay reliability

•Time division multiplex (TDM) hairpinning

•Programmable interactive voice response (IVR)

•Rotary dial peers

•Alternate gatekeeper support on the gateway

•Multiple redirecting numbers (RDNs)

•IP address bind

•New resource availability indication (RAI) algorithm

•Frame size negotiation

•Codec negotiation and support

SIP Features

•SIP via user datagram protocol (UDP)

•Primary rate interface (PRI)

•Call transfer

•Call hold

•UDP connected socket

•Privacy indicator

•Mapping PRI within 180/183 SIP messaging

•Call control redirect/diversion

•Domain name server (DNS)

•Codec negotiation and support

Other Features

•Call history

•Quality of Service: IP precedence and Priority Queue Weighted Fair Queuing (PQWFQ)

•AAA/RADIUS server

•Network side PRI for 5ESS, DMS100, NI2, and NET5 switch types

FastEthernet Interface Configuration Issues

Voice testing with the Cisco AS5400 and the FastEthernet interface requires the following configurations:

•Fast switching must remain at its default ip route-cache configuration.

Field Notices and Bulletins

For general information about the types of documents listed in this section, refer to the following document:

http://www.cisco.com/warp/customer/cc/general/bulletin/software/general/1654_pp.htm

•Field Notices—Cisco recommends that you view the field notices for this release to see if your software or hardware platforms are affected. If you have an account on Cisco.com, you can find field notices at http://www.cisco.com/warp/customer/tech_tips/index/fn.html. If you do not have a Cisco.com login account, you can find field notices at http://www.cisco.com/warp/public/tech_tips/index/fn.html.

•Product Bulletins—If you have an account on Cisco.com, you can find product bulletins at http://www.cisco.com/warp/customer/cc/general/bulletin/index.shtml. If you do not have a Cisco.com login account, you can find product bulletins at http://www.cisco.com/warp/public/cc/general/bulletin/iosw/index.shtml.

•What's New for IOS — What's New for IOS lists recently posted Cisco IOS software releases and software releases that have been removed from Cisco.com. If you have an account with Cisco.com you can access What's New for IOS at http://www.cisco.com/kobayashi/sw-center/sw-ios.shtml or by logging in and selecting Software Center: Cisco IOS Software.

Caveats for Cisco IOS Release 12.2 XB

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only select severity 3 caveats are included in the caveats document.

This section contains only open and resolved caveats for the current Cisco IOS maintenance release.

All caveats in Cisco IOS Release 12.1(5)XM, Cisco IOS Release 12.2(1), and Cisco IOS Release 12.2(2)XB are also in Cisco IOS Release 12.2(2) XB12.

For information on caveats in Cisco IOS Release 12.1(5)XM see the "Caveats" section in the Release Notes for Cisco AS5400 Universal Gateways for Cisco IOS Release 12.1 XM at http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121relnt/5400/rn5400xm.htm.

For information on caveats in Cisco IOS Release 12.2(1), see Caveats for Cisco IOS Release 12.2, which lists severity 1 and 2 caveats and select severity 3 caveats and is located on Cisco.com and the Documentation CD-ROM.

For information on caveats in Cisco IOS Release 12.2 XA at see the "Caveats" section in the Release Notes for Cisco AS5400 Universal Gateways for Cisco IOS Release 12.1 XB at http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122relnt/5400/rn5400xa.htm

Note If you have an account with Cisco.com, you can also use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com and click Service & Support: Software Center: Cisco IOS Software: BUG TOOLKIT. Another option is to go to http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl.

Open Caveats—Cisco IOS Release 12.2(2)XB15

There are no open caveats specific to Cisco IOS Release 12.2(2)XB15 that require documentation in the release notes.

Resolved Caveats—Cisco IOS Release 12.2(2)XB15

All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB15. This section describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 5 Resolved Caveats for Cisco IOS Release 12.2(2)XB15
DDTS ID Number	Description
CSCec87533	ios fw hang then crash with h323 corrupt packet Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities. Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS). There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

Open Caveats—Cisco IOS Release 12.2(2)XB14

There are no open caveats specific to Cisco IOS Release 12.2(2)XB14 that require documentation in the release notes.

Resolved Caveats—Cisco IOS Release 12.2(2)XB14

All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB14. This section describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 6 Resolved Caveats for Cisco IOS Release 12.2(2)XB14
DDTS ID Number	Description
CSCdx76632	as5300 crashed in MultiBitDecode Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities. Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS). There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
CSCea19885	Bus error at address 0xD0D0D0B, Process CCH323_CT Symptoms: A Cisco router that has a voice feature such as H.323 enabled may reload because of a bus error at address 0xD0D0D0B. Conditions: This symptom is observed on a Cisco 3700 series but may also occur on other routers. Workaround: There is no workaround.
CSCea27536	Router crash when H323v3/v4 pkts pass through NAT router Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities. Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS). There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml. NAT router (which is H323v2 stack aware) crashes when H323v3/v4 pkt is processed as "ip nat service h323all" is turned on. Workaround: Turn off "ip nat service h323all" or move to 12.3T image (which has NAT-H323v3/v4) support
CSCea32240	H323 crashes in strncpy when receiving invalid setup packet Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities. Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS). There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
CSCea33065	H323 Spurious memory access in h450ProcRcvdApdus Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities. Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS). There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
CSCea36231	Router hangs when receive in invalid h225 setup Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities. Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS). There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
CSCea46342	h.323 crashes in ACFnonStandardInfo DEC_ERR=13 Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities. Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS). There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
CSCea51030	h323: proxy crashes when malformed h225 setup message received Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities. Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS). There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
CSCea51076	h323: proxy crashes when processing invalid h225 setup messafe Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities. Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS). There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
CSCea54851	h323 proxy: crash at pxy_proc_recv_SETUP when invalid h225 setup rx Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities. Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS). There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
CSCeb78836	h323: software forced crash if bad packet received and debug opened Symptoms: Cisco IOS software may cause a Cisco router to reload unexpectedly when the router receives a malformed H.225 setup message. Conditions: This symptom is observed on a Cisco 1700 series that runs Cisco IOS Release 12.2(13c). The symptom occurs when the following debug privileged EXEC commands are enabled: •debug h225 asn1 •debug h225 events •debug h225 q931 Workaround: There is no workaround.

No Caveats—Cisco IOS Release 12.2(2)XB13

Cisco IOS Release 12.2(2)XB13 does not exist, so no caveats are documented.

Open Caveats—Cisco IOS Release 12.2(2)XB12

There are no open caveats specific to Cisco IOS Release 12.2(2)XB12 that require documentation in the release notes.

Resolved Caveats—Cisco IOS Release 12.2(2)XB12

All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB12. This section describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 7 Resolved Caveats for Cisco IOS Release 12.2(2)XB12
DDTS ID Number	Description
CSCdp42990	Modem log shows false outgoing calls Symptom: On rare occasions, a Cisco AS5300 or Cisco AS5800 access server, with MICA modems, is seen to place spurious outbound calls, even if configured not to allow such calls. These calls fail to train up; an examination of the modem log shows them to be placed to garbage hexadecimal addresses. Sometimes these spurious outbound calls are placed while in the middle of an active modem session, often shortly following a speedshift. Any active call is terminated shortly following the dialout attempt. Here are some examples of such calls, as seen in the modem log: `02:59:57: ISDN outgoing called number: ADAADBADAC` `08:43:32: ISDN outgoing called number: DBDD2D` `01:28:33: ISDN outgoing called number: AAC102A` Workaround: If using an image with the CSCdw44612 fix (12.2(7.6+)*), and if there is no need to allow outbound calls, then configure modem dialin on the modem lines. This does not prevent the spurious outbound call events from hanging up the calls active on the affected lines, but does prevent an outbound call attempt from being signaled to the circuit network.
CSCdu53400	Incorrect count in sh call calltracker summ after digital call down Symptom: In the Cisco AS5800 access server environment with SS7 setup, the show call calltracker summary command is not showing the correct number of calls for MLPPP digital calls after the calls are being torn down. This occurs due to the sh call calltracker active still displaying some digital calls that have already been torn down. Async modem calls are working properly. Workaround: There is no workaround.
CSCdz80238	Modems suddenly download portware...portware download fails Symptom: MICA portware download fails on Cisco AS5300. Modems are marked bad. Conditions: The trigger for this issue is not yet known. Workaround: There is no workaround.
CSCea02945	Memory leak in AAA Attr List when EXEC author uses local RADIUS Symptom: A Cisco router may experience a memory leak if the AAA EXEC authorization method list is configured to use local then RADIUS. Workaround: Disable EXEC authorization or use RADIUS then local.
CSCea11487	Framed-callback with user defined callback number fails Symptom: When using Framed-callback and the callback number needs to be specified by user input, you get the next message: `*Feb 6 09:55:16: Se7/1:0 MCB: Callback not authorized for this user ww` The excepted behavior is that the NAS should proceed with Microsoft Callback and callback to user. However, the NAS negotiates Callback 'None'. `Feb 6 09:55:12: Se7/1:0 MCB: O Request Id 19 Callback Type None` This behavior is incorrect. Workaround: Using Callback with Cisco-AV-pair and the empty dialstring option. Configuring MS Callback Between a Router and a Windows PC http://www.cisco.com/en/US/tech/tk801/tk36/technologies_configuration_example09186a0080094338.shtml Configuring PPP Callback with RADIUS http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a0 080093dc9 .shtml#output2 Configuring PPP Callback over ISDN with an AAA Provided Callback String http://www.cisco.com/en/US/tech/tk713/tk507/technologies_configuration_example09186a00800946ff.shtml
CSCea20210	sh controller E1 does not show the line status of DSOs (ABCD values) Symptom: Command show controller E1 command does not display the line status of DSOs (ABCD values) on a Cisco Access Server AS5850 running Cisco IOS Release 12.2(2)XB10 and Release 12.2(13)T. This is a issue with only the show command and it does not effect any real-time performance nor hamper any call treatment. It just hampers an effective way to troubleshoot the line. Workaround: There is no workaround.
CSCea69547	Busied Out Modem counters not increasing upon firmware download Symptom: On a Cisco AS5300 access router the busyout couner may not be incremented per port when the module is recovered by using maintenance action. Workaround: There is no workaround.
CSCea69740	Need to be able to shut down the NextPort modem in any state Symptom: When a bad port/SPE is shut down, the show spe command shows the port state as 'B' and not as 's'. Conditions: A bad port/SPE when shutdown Further Problem Description: If a SPE in bad state is shut down, the show spe command shows the state as 'B' and not 's'. If a port/SPE is shut, then it really doesn't matter what state the modem is in. So the state displayed should be 's' and not 'B'. Workaround: There is no workaround.
CSCea75851	Attribute 195 reported as No Reason Symptom: Attribute 195 may report No Reason cause on Cisco AS5800 access server running Cisco IOS Release 12.2(2)XB10. Workaround: There is no workaround.
CSCea77220	Extra accounting STOP record generated if guard timer enable Symptom: An unexpected resource accounting stop record is being sent after the ISDN guard timer expires. Conditions: This occurs under some very specific conditions, namely: 1. ISDN guard timer is configured to accept on expiry; 2. Stop-failure resource accounting is configured; and 3. Pre-authentication is held up (e.g. due to the unavailability of the AAA server). Workaround: Configure the aaa session-id unique command.
CSCea79607	First 0utgoing CONFREQ not received by Windows PPP clients Symptom: First outgoing CONFREQ is not recieved by the PPP Windows DUN client. Conditions: LCP negotiation takes a longer time. Workaround: Make all connection into the NAS dedicated by configuring async mode dedicated under the Group-Async interface.
CSCeb08802	DS0 info of CAS T1s not reported in RADIUS accounting Symptom: RADIUS accounting for CAS T1s may not report on the DS0 information. Conditions: This occurs on a Cisco AS5400 with CAS T1s provisioned. Workaround: There is no workaround.

Open Caveats—Cisco IOS Release 12.2(2)XB11

This section documents possible unexpected behavior by Cisco IOS Release 12.2(2)XB11 and describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 8 Open Caveats for Cisco IOS Release 12.2(2)XB11
DDTS ID Number	Description
CSCea75851	Attribute 195 may report No Reason cause on Cisco AS 5800 running 12.2(2)XB10. Symptom: Attribute 195 may report No Reason cause on a Cisco AS5800 that is running Cisco IOS Release 12.2(2)XB10. Workaround: There is no workaround.
CSCea83232	Modems failing to negotiate data compression fail in autoselect Symptom: On a Cisco Systems AS5xxx access server running NextPort technology, some modem connections may exhibit failures where EC/DC negotiation fails. Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.2(2)XB11

All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB11. This section describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 9 Resolved Caveats for Cisco IOS Release 12.2(2)XB11
DDTS ID Number	Description
CSCdt58342	Excessive FIRMWARE_RUNNING/FIRMWARE_STOPPED messages Symptom: On a Cisco AS5300 with a "+" E1/T1 trunk card, the console may display the following error messages: `Feb 28 06:54:37 %DSX1-1-FIRMWARE_STOPPED: T1/E1 Firmware is not running` `Feb 28 06:54:38 %DSX1-1-FIRMWARE_RUNNING: T1/E1 Firmware is running` The FIRMWARE_RUNNING message appears a few seconds after the FIRMWARE_STOPPED message. This may recur irregularly at intervals of several minutes or hours. These messages are believed to be cosmetic only and not service impacting. Workaround: There is no workaround.
CSCdu15973	ISDN should reject V110 calls based on LLC octet 5a Symptom: When a router receive a V.110 call with User rate = 0, even it is async call and not in-band negotiable, ISDN still passes it to the application. Conditions: V.110 call, User Rate = 0, Async call and not in-band negotiable Workaround: There is no workaround.
CSCdu47222	Modem status messages passed to EXEC process Symptom: When a user logs in to a Cisco 3620 router by using an external modem, the RING and CONNECT status messages pass to the EXEC process. An unknown command error results when the status messages that are passed to the EXEC process are interpreted as commands. Workaround: There is no workaround.
CSCdu58902	GW piggybacks when piggybacking turned off Conditions: This problem can occur when Media Gateway Contol Protocol (MGCP ) piggybacking is turned off and when the gateway is attempting to send an command at the same time as it is sending an acknowlegement to a CA initiated command. Symptom: The Ack is piggybacked to the command. Workaround: There is no workaround.
CSCdv29225	5300 returns channel state to IDLE after receiving GSM OOS from SC Symptom: On a Cisco AS5300 universal access server that is running Cisco IOS Release 12.2(2)XA1 in a Signaling System 7 (SS7) Interconnect for Voice Gateway solution, if a call is made ingress to the solution from a Public Switched Telephone Network (PSTN) and if a requested continuity test (COT) fails, the Cisco SC2200 signaling controller will send a group service message to the Cisco AS5300 and puts the associated channel on the access server into the maintenance state. However, the Cisco AS5300 puts the associated channel into the idle state a few seconds later. This behavior creates a mismatch in the channel state between the signaling controller and the Cisco AS5300. Workaround: There is no workaround.
CSCdw18198	Parser cache entry may get deleted when in use Symptom: Under rare circumstances a router generates a traceback error or reload if both of the following conditions occur: •A background process is processing a parser command (for example: pre-clone command or no pre-clone command for vtemplate), and •Another command is issued at the console (most common is the show interface virt 1 command). Workaround: There is no workaround.
CSCdw24379	RADIUS attribute Framed-Filter attribute parsing incorrect Symptom: Framed-Filter attributes with a value which contains multiple "." characters is not parse correctly. Workaround: Do not use the "." character unless it is used to delimit the suffix with ".in" or ".out".
CSCdw69092	5400 crashes at CCPMSG_RejectMsg after SC2200 failover Symptom: Supercell Testing in Cisco IOS Release 12.2(2)XU on a Cisco AS5400 involved doing a switchover test on the SC2200 by killing one of the UNIX processes. This caused one of the Cisco AS5400 servers to crash. The server was processing approximately 5cps with approximately 200 active calls (all egress) at the time. Workaround: Do not manually kill the process on the supercell, use MML instead.
CSCdw86366	Router crashes during Callerid callback Symptom: With caller ID callback configurations, the server crashes. This doesn't happen when a single link is called back, but with multiple links. Workaround: There is no workaround.
CSCdx11089	Change password sequence broken: 12.2 T + CS Unix Symptom: It may not be possible to activate the change password sequence through a Telnet session to a router that is using TACACS+ user authentication. Conditions: This symptom is observed on a Cisco router that is using a CiscoSecure UNIX (CSUNIX) TACACS+ server and that is running Cisco IOS Release 12.2 T. Workaround: There is no workaround.
CSCdx18084	spur mem access at np_dsplib_signaling_active_ntf on egress COT call Symptom: In an SS7 for interconnect on voice gateways configuration, a traceback is seen on the Cisco AS5850 if the customer is doing egress continuity test (COT). Conditions: If the customer is running Cisco IOS Release 12.2(02)XU and doing egress COT on a Cisco AS5850. Workaround: There is no workaround.
CSCdx28879	Spurious mem access due to preauth_do_author() for vpdn call initiat Symptom: When a virtual private dial-up network (VPDN) call is made with authentication, authorization, and accounting (AAA) preauthorization, a traceback is observed because of a spurious memory access made by a preauth_do_author function call. Conditions: This symptom is observed on a Cisco AS5300 when preauthorization is configured with only the aaa group server radius 7777 command. Workaround: Configure the dnis required customer profile configuration command.
CSCdx32763	RADIUS decode error when Filter-Id attribute is null terminated Symptom: A Cisco access server that is running Cisco IOS Release 12.2(4)T or later releases may reject a RADIUS authentication response from a RADIUS server when the profile includes the Filter-ID attribute which is terminated with a NULL. Workaround: Stop the RADIUS server from including the NULL character at the end of the Filter-ID attribute or to downgrade to mainline Cisco IOS Release 12.2 software.
CSCdx54449	router crashed when 100 concurrent x25 sync telnet sessions issued Symptom: Router reloads when 100 concurrent x25 sync telnet sessions issued. Conditions: Only happens with large number simultaneous X25 sync telnet sessions. Workaround: There is no workaround. This issue is now resolved.
CSCdx56527	Memory leak of 20M/Day until crash Symptom: A router may reload after a memory leak occurs. Conditions: This symptom is observed on any Cisco router that is running Cisco IOS Release 12.2 (or Cisco IOS Release 12.2 B or Cisco IOS Release 12.2 T). The memory leak is triggered by authentication, authorization, and accounting (AAA) when AAA attempts to enable TCP header compression twice within the same user session. Workaround: Disable TCP header compression when a RADIUS or AAA database is used.
CSCdx72670	router reload in ip_build_outputQ on clear ip mroute Symptom: Betweenthe PIM process and the timer wheel process, there is data corruption which causes crash. Workaround: There is no workaround.
CSCdy07358	Alignment errors in ipfrag_init process Symptom: A Cisco 7200 router that is running Cisco IOS Release 12.1(15.5) and is configured as an LNS in a VPDN environment may suffer alignment errors in the ipfrag_init function. The problem does not have any adverse reaction on the router but could impact performance slightly. Workaround: There is no workaround.
CSCdy51329	Problems with modem mgmt introduced by CSCdx48036 Symptom: With the debug csm mod command enabled, the following debug message is now output upon each modem call: `DAS_ST_MODEM_ERR(1/0): modem_mgmt_get_modem_parm: not MICA` Conditions: This message is from a Cisco AS5850 with no MICA boards. All ports are NextPort DSPs. Workaround: There is no workaround.
CSCdy63815	OLD-CISCO-TS-MIB tsLineUser empty with AAA RADIUS and local user Symptom: An empty value is returned for the tsLineUser value in the OLD-CISCO-TS-MIB MIB. Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(2)XB6 with authentication, authorization, and accounting (AAA) RADIUS and that has a local user configuration. The tsLineUser value of the OLD-CISCO-TS-MIB is populated when Cisco IOS 12.1(5)T8 is used. Workaround: There is no workaround.
CSCdy72086	Torch RSC drops all digital calls after the 421st call is setup. Symptom: The 421st call cannot be made and existing calls thereafter drop. Conditions: With a configuration to bring up 450 digital calls, existing digital calls start dropping after the 421st call. Workaround: Need to configure 'dialer pool-member 1' on serial6/1:15
CSCdy73370	Invalid user info displayed in CallTracker Symptom: Calltracker records are incorrectly reported for modem calls. The userid, IP address and mask are wrong. Workaround: There is no workaround.
CSCdz00204	no aaa nas port extended has no effect Symptom: With the Cisco IOS Release 12.2(2)XB6 image, the NAS port format is the same (for example "Async1/01*Serial3/0:2") with and without the no aaa nas port extende command configured. With the Cisco IOS Release 12.2(2)XA5 image, this is not a case. Workaround: There is no workaround.
CSCdz00304	Acct-Authentic attribute not correct in some scenarios Symptom: RADIUS accounting attribute 45 (Acct-Authentic) may have a wrong value under some circumstances. Workaround: There is no workaround.
CSCdz01366	Multihop router Crashs with port flap: PPPoA/L2TP multihop Symptom: A multihop router may reload because of a port flap. Conditions: This symptom is observed when there are 940 PPP over ATM (PPPoA) sessions with 50 ingress and 10 egress tunnels configured on a Cisco router running Cisco IOS that is employed as a multihop router. Workaround: There is no workaround.
CSCdz02435	Autoselect PPP loop resulting in AOL client step 3 failures Symptom: PPP autoselect in a loop results in null username failures. Conditions: This bug will affect all AS5xxx series of Access Servers. Workaround:Enable flush-at-activation under the lines and load an image which has the fix for this DDTS.
CSCdz04349	User-name not included in accounting with nocallback-verify Symptom: When nocallback-verify is configured for a ppp microsoft callback client, dialing into a Cisco Access Server, it is possible that the username attribute is not included in the AAA accounting records. Workaround: There is no workaround.
CSCdz17327	NEAT firmware corruption:FIRMWARE_RUNNING/FIRMWARE_STOPPED Symptom: Intermittently the T1 controller firmware may stop running. Following message will indicate such a problem: `%DSX1-1-FIRMWARE_STOPPED: T1/E1 Firmware is not running` `%DSX1-1-FIRMWARE_RUNNING: T1/E1 Firmware is running` `%DSX1-1-FIRMWARE_STOPPED: T1/E1 Firmware is not running` `%DSX1-1-FIRMWARE_RUNNING: T1/E1 Firmware is running` `%DSX1-1-FIRMWARE_STOPPED: T1/E1 Firmware is not running` `%DSX1-1-FIRMWARE_RUNNING: T1/E1 Firmware is running` `%DSX1-1-FIRMWARE_STOPPED: T1/E1 Firmware is not running` `%DSX1-1-FIRMWARE_RUNNING: T1/E1 Firmware is running` Conditions: This is a very rare problem. When this happen the calls may stay up on the affected T1/E1. But it may make the graceful provisioning of new T1/E1 impossible. Workaround: Reloading the Cisco IOS will initialize the T1/E1 controller firmware.
CSCdz18330	Tacacs cmd authorization doesnt work with directed requests Symptom: Tacacs+ command authorization on a Cisco router running Cisco IOS Release 12.2(11)T1 fails when used by users that logged in using the Tacacs directed-requests feature (user@<address>). The router incorrectly uses the full username (including the @<address>) to authorize commands against the Tacacs server. Workaround: There is no workaround.
CSCdz21534	T1 remote line loopback fails on CT3 card Symptom: A T1 in a channelized T3 port (CT3) dial feature card (DFC) goes into a loopback. This can cause the remote to receive Path Code Violations (PCVs) and sometimes Loss of Signal (LoS). Conditions: This symptom is observed on a CT3 DFC on a Cisco AS5400 router. Workaround: Cable a hard loop to test from the network to the T3 of the Cisco AS5400.
CSCdz23256	SYS-2-LINKED: Bad dequeue messages periodically reported on AS5800 Symptom: The following message has been periodically reported on all platforms running Cisco IOS Release 12.2(12.6): `Nov 6 09:22:17.364 CET: %SYS-2-LINKED: Bad dequeue of 62C3B194 in queue 69408DAC` `-Process= "<interrupt level>", ipl= 4` `-Traceback= 6055A354 604FFAFC 60398F10 60398E44 60B94720 60398C24 6039B380 6039A018 6000F8C4 6015EA80 601624CC 605BDD20 60162358 60B94484 60B92B68 60B295D8` Conditions: Problem happens on all platforms running Cisco IOS Release 12.2(12.6), with active X.25 or LAPB serial connections, when LAPB retransmissions are occurring with moderate-to-heavy traffic. Workaround: There is no workaround.
CSCdz27817	1Khz tone on ide CAS trunk -19.9 db Symptom: A T1 channel-associated signaling (CAS) trunk may produce a 1-kHz tone at 19.9 dB while the trunk is in the idle state. Conditions: This symptom is observed on a T1 CAS trunk that is running Cisco IOS Release 12.2(11)T. This symptom does not affect normal call operation. Workaround: The problem has been fixed in the latest releases.
CSCdz30790	T3 controller link up/down traps not sent for snmp Symptom: On a Cisco AS5400 router, Simple Network Management Protocol (SNMP) linkchange traps are not generated for a T3 controller up and down state changes. Conditions: This symptom is observed on a Cisco AS5400 router that is running a c5400-is-mz.122-2.XB9 image of Cisco IOS software and that is configured with the following router configuration command: snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart Workaround: There is no workaround.
CSCdz34487	tacacs+ password change sequence broken Symptom: The password change sequence does not work as expected when it is used with Cisco Secure Access Control Server software. The user can still access the router with the old password. User can change the existing password to a new password at a later time. Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(11)T. This problem was not noticed in 12.2(13)T image with Cisco Secure Access Control Server running on an NT box. Workaround: There is no workaround.
CSCdz38708	5800 with E1R2 may not accept modem calls Symptom: When terminating incoming E1 R2 calls on a Cisco AS5800 Access Server with MICA modems, a large percentage (up to 100%) of calls may fail. Debugging on the NAS shows that ANI/DNIS collection succeeds and the call is cleared by the switch shortly after sending the line answer ABCD bits. Debugging on the switch side shows that the interregister signaling answer signal (B6 by default) is never terminated before sending the line answer signal. Conditions: This problem is seen on a Cisco AS5800 series Access server using MICA modems and configured for compelled E1 R2 signaling. The problem is not seen on Cisco AS5300 or AS5850 Access Servers or on Cisco AS5800 with NextPort card, and it does not occur with sem- or non-compelled E1 R2 signaling or any other signaling type. In addition, this problem only affects incoming calls. Workaround: There is no workaround.
CSCdz39284	SIP: PROTOS Test Group 5 - Test Cases 330 to 435 causes as5350 crash Symptom: Multiple Cisco products contain vulnerabilities in the processing of Session Initiation Protocol (SIP) INVITE messages. These vulnerabilities were identified by the University of Oulu Secure Programming Group (OUSPG) "PROTOS" Test Suite for SIP and can be repeatedly exploited to produce a denial of service. Conditions: This issue is observed on Cisco devices which contain support for the SIP protocol and are running vulnerable versions of software. Workaround: Cisco will be making free software available to correct the problem as soon as possible. Additional workarounds will be documented in the Security Advisory. This advisory is available at: http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml
CSCdz40483	%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = IP I Symptom: A Cisco router permanently pauses with a watchdog timer under normal operation. Conditions: This symptom is observed when the router is a voice endpoint with active calls. Workaround: There is no workaround.
CSCdz44203	Dynamic Dialer map not created with aaa authentication if-needed Symptom: Users connecting to a Cisco AS5350, using a post dial terminal window for authentication, may not be able to ping the Cisco AS5350 after connecting. This problem only occurs with "aaa authentication ppp <list> if-needed" configured. The root of the problem is that a dynamic dial map is not created for the user. This can be seen with the show dialer map command. The other symptom of this problem is that there will be no output packets on the async interface to which the user is connected. Workaround: Reconfigure the router to use virtual-profiles, or remove "if-needed" from the AAA authentication command.
CSCdz45885	AAA POD not disconnecting client requests with 8-byte session id Symptom: An authentication, authorization, and accounting (AAA) packet of disconnect (POD) server may not disconnect a client request that has an 8-byte session ID. Conditions: This symptom may occur on a Cisco AS5400 or a Cisco AS58500 that is functioning as a triple A POD server. Workaround: There is no workaround.
CSCdz51403	NAS-port attribut 5 has been changed for format C Symptom: VTY interface is not supported with extended NAS-PORT format. Workaround: There is no workaround.
CSCdz51941	Call drops once the Card is OIRed in case of NFAS. Symptom: On a Cisco AS5800 when a trunk which has been configured for Primary NFAS is inserted back after OIR, the calls on the other cards, which are configured for NFAS of the same group, could fail, especially in the case of a TD/TV solution.
CSCdz52059	cmIncomingConnectionFailures are not correct on 5350 Symptom: cmIncomingConnectionFailures from cmLineStatisticsTable of CISCO-MODEM-MGMT-MIB sometimes decrease on the Cisco AS5350 access server. Workaround: There is no workaround.
CSCdz54240	poor performance on MLP with h/w compression (single channel ISDN) Symptom: The transportation of files across a single BRI connection of an E1 line may result in poor performance. Conditions: This symptom is observed on a Cisco 3600 series router that is running Cisco IOS Release 12.2(02)XB7. Workaround: There is no workaround.
CSCdz56776	Outgoing PPP frames are stuck on MLPPP Symptom: If Multilink PPP call(MLPPP) is disconnected by cause except Normal call clearing, no frames are send out on subsequent calls and the output queue may be stuck. Conditions: The symptoms occur under the following conditions: •You are running Cisco IOS Release 12.2 and Cisco IOS Release 12.2 T •MLPPP is enabled on ISDN interface (BRI and PRI). •Dialer profile and multiple dialer interfaces belonging to the same dialer pool number are configured. Workaround: Use the no fair-queue command on physical interfaces.
CSCdz58910	CT3-DFC does not provide ATT TR 54016 performance data Symptom: The internal DSU for a T1 in a Cisco AS5400 access server's CT3-DFC may fail to provide performance data when queried through ATT FDL (per ATT document TR 54016.) Workaround: Monitor through SNMP instead of ATT FDL.
CSCdz61141	MPPE fails with RADIUS Symptom: Microsoft Point-to-Point Encryption (MPPE) does not work when RADIUS is used for authentication and authorization. The user is able to authenticate and MPPE is negotiated, but traffic will not pass through unless MPPE is disabled or local authentication is used. Conditions: This symptom occurs when MPPE is used with RADIUS to perform authentication and authorization. Workaround: There is no workaround.
CSCdz61543	Remove 64K rejection for 1AESS Symptom: Calls coming in on 1AESS trunks get rejected by the Cisco AS5x00 access servers. Conditions: Incoming calls on 1AESS trunk lines will fail to connect. Trunks coming from other switch types will not be effected by this bug. Workaround: There is no workaround.
CSCdz69604	5400 E1/R2 is not sending answer signal group A Symptom: Calls may be dropped after 10 seconds because a Cisco AS5400 does not answer. Conditions: This symptom is observed when a Cisco AS5400 does not send answer signal A6 for incoming calls. Outgoing calls work fine. The symptom may also occur on other platforms. Workaround: There is no workaround.
CSCdz70933	Filter-Id from preauthentication not applied with auth-required=0 Symptom: When the Filter-Id attribute is provided during preauthentication, it is accepted, but not applied to the virtual access interface. When the same attribute is provided during PPP authentication, it is applied OK. Workaround: There is no workaround.
CSCdz71219	Input-queue wedge intermittently Symptom: Intermittent problem on Virtual-Access interfaces. The input-queue becomes wedge, for example: `input queue 11/10` Increasing the input-queue size does not help. Workaround: There is no workaround.
CSCdz72678	mgcp-nas-pkg calls generate zero values for RADIUS acct attributes Symptom: Media Gateway Control Protocol (MGCP) network access server (NAS) package calls may cause the following RADIUS accounting attributes to contain zero values: •Acct-Input-Octets •Acct-Output-Octets •Acct-Input-Packets •Acct-Output-Packets •Data-Rate •Ascend-Xmit-Rate •Presession-Packets-Input •Presession-Packets-Output •Presession-Octets-In •Presession-Octets-Out Conditions: This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(2)XB8 or Cisco IOS Release 12.2 T. Workaround: There is no workaround.
CSCdz73060	kSmall buffer leak at mica_generate_digits A Cisco AS5300 running Cisco IOS Release 12.2(2)XB8 may experience I/O memory allocation failures that cause the router to freeze and stop passing traffic. Workaround: A reboot is required to restore memory.
CSCdz85925	PPP Async interfaces not updated in routing table Symptom: Non-Multilink PPP (non-MLP) asynchronous users may not get a connected route in the IP routing table. Conditions: This symptom is observed with non-MLP asynchronous users that are on an asynchronous interface that was previously used for MLP. Workaround: Configure the router to use virtual profiles by entering the following sequence of commands: `Router(config)# interface virtual-template 1` `Router(config)# virtual-profile virtual-template 1` `Router(config)# no virtual-profile if-needed`
CSCdz88409	Router crashed during weak RADIUS service Symptom: Cisco C5800 Router running Cisco IOS Release 12.2(2)XB10 crashed during a period of weak RADIUS service that provocated high session flapping. Workaround: There is no workaround.
CSCdz89543	Missing accounting stop record with LSDO and Multilink PPP Symptom: In a Large-Scale Dial-Out (LSDO) setup in which the called site (remote site) is configured to add additional member links to the Multilink PPP (MLP) connection, the initial call to the remote site via LSDO may not trigger an accounting stop record when the call terminates. Conditions: This symptom is observed when the customer premises equipment (CPE) adds additional links to the multilink bundle that is built by the initial LSDO call. If there is only one LSDO call or if all member links are initiated by the remote site (LSDO is not used), stop accounting records are correctly generated for all member links. Workaround: There is no workaround.
CSCdz89669	AAA Accounting not sent for multilink isdn calls, when MSCB confd Symptom: When an ISDN dial-in client negotiates callback and multilink, and the callback is not configured for that user, the authentication, authorization, and accounting (AAA) records may not be sent. Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2 T. Workaround: There is no workaround.
CSCea02355	rare ip packets may cause input queue wedge Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available. Cisco has made software available, free of charge, to correct the problem. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
CSCea12966	function aaa_attr_list_ptr_copy_to_req does not support merged lists Symptom: Function aaa_attr_list_ptr_copy_to_req incorrectly strips off any additional attribute lists connected to the list passed in. This causes attributes lists to be lost, resulting in missing attributes being sent to AAA Servers. Workaround: There is no workaround.
CSCea14392	Need to commit Nextport Module Code 3.2.22.18 Request to commit new module code to bundle in Cisco IOS releases for the NextPort based Cisco AS5350/AS5400/AS5850 platforms. This module code 3.2.22.18 addresses the following issues for customers: •CSCdy55561 2 Modems marked BAD after V.110 CSM parameter failure •CSCdx71846 3 g.726 interop w/non-Cisco GW shows misordered 4 bit samples in Pload •CSCdx69453 3 Voice and Fax-Relay info field size range from 0 is invalid
CSCea19087	CALLTRKR-6-CALL_RECORD not displayed for a modem-pool call with CAS Symptom: A Cisco AS5300 may not display some Calltracker information for a modem call. Conditions: This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(2)XB10 or Cisco IOS Release 12.2(13)T and is configured for channel-associated signaling (CAS) with modem pooling. This is observed, in particular, when the call is routed to a configured modem pool instead of to the default modem pool. The Calltracker messages look like the following messages: `CALLTRKR-6-CALL_RECORD` and `CALLRECORD-3-MICA_TERSE_CALL_REC` However, when the symptom occurs, the first message is omitted. Workaround: Configure the Cisco AS5300 for ISDN (PRI) instead for CAS. First Alternate Workaround: Do not configure modem pooling. Second Alternate Workaround: Ensure that the call is routed to the default modem pool.
CSCea23484	VPDN rejecting 127.0.0.x address as source-ip Symptom: IP addresses of the "127.0.0.x" type may be rejected by a virtual private dial-up network (VPDN) to be used as the source IP address for VPDN tunnels. Conditions: This symptom is observed on a Cisco AS5400 or Cisco AS5800. Workaround: There is no workaround.
CSCea24574	VSA not processed if sent with tagged tunnel attributes Symptom: AAA may not process VSA if sent with tagged L2TP tunnel attributes. Conditions: This symptom is observed on a Cisco AS5400 or Cisco AS5800. Workaround: There is no workaround.
CSCea28396	AS5300 reloads while sending aaa accounting request Symptom: A router may reload when sending an authentication, authorization, and accounting (AAA) request to a TACACS+ server. Conditions: This symptom is observed on a Cisco AS5300 universal access server that is running Cisco IOS Release 12.2(2)XB10 and Cisco IOS Release 12.2 T. Workaround: There is no workaround.
CSCea28958	Function to manipulate attribute lists does not merge correctly Symptom: While copying an AAA attribute list into an event, the copy function strips off any additional attribute lists connected to the list passed in. This causes attributes lists to be lost, resulting in missing attributes being sent to AAA Servers. Workaround: There is no workaround.
CSCea41989	AS5400/AS5350 - ANI/DNIS Delimiter (sig-class) CAS for CT1 is broken Symptom: A user-configured signaling class template may not be not used during incoming and outgoing channel-associated signaling (CAS) calls. Instead, the default signaling template is used. Conditions: This symptom is observed in Cisco IOS Release 12.2 and Cisco IOS Release 12.2 T on a Cisco AS5350 and a Cisco AS5400. Workaround: There is no workaround.
CSCea45343	Not able to manually shutdown modem/spe in BAD state Symptom: When a modem in bad state is shutdown, the show modem command reports the state as BAD and not as SHUT. Further Problem Description: The states of busy out and shut were clubbed together as 'b'. The two were segregated as part of DDTS CSCdr31105. If a modem in bad state is shut down, the show modem command shows the state as 'B' and not as 'S'. But if a modem is shut down, it really doesn't matter what state the modem is in. So the state should be shown as 'S'. Workaround: There is no workaround.
CSCea49108	MICA Boardware does not recover after crash Symptom: If boardware crashes in some scenarios, Cisco IOS does not know and therefore cannot recover. Impact: Failed calls into that carrier card (up to 120 modems impacted). Workaround: Use the copy flash modem command with the file: system:/ucode/mica_board_firmware
CSCea49565	no ip pool download via AAA for terminal login call Download of IP pools is not initiated for terminal login async PPP call in test image. Download works correctly in Cisco IOS Release 12.2(2)XB10. Workaround: There is no workaround.
CSCea52804	bus error at auth_tx_failure Symptom: A Cisco AS5350/AS5400 running Cisco IOS Release 12.2(2)XB7 crashes with bus error at auth_tx_failure. Workaround: There is no workaround.
CSCea53600	authorization failure for terminal login call with per-user DNS/WINS Symptom: Issue with terminal server login where a RADIUS assigned DNS or WINS server (ie. per-user dns/wins) causes authorization to fail. Workaround: There is no workaround.
CSCea54013	Two simultaneous boardware downloads cause bus error exception If the copy system:/ucode/mica_board_firmware modem command is executed on a Cisco AS5300 series Access Server before a previous boardware download has completed, the system may reload unexpectedly with a Bus Error Exception. Workaround: Before attempting a boardware download, make sure that any previous boardware download attempts have been completed.
CSCea61814	bearer capability changed for outgoing hairpinned call Symptom: The bearer capability is changed for outgoing hairpinned call. Workaround: There is no workaround.
CSCea66514	Assertion Failure on PRI Layer2 Up in 12.2 XB Symptom: Assertion failure seen when the T1 controllers configured for ESF are commanded for shut and no shut on the remote end. Conditions: T1 controllers configured for ESF. Workaround: On the controllers where the Assertions failures are seen, enter the commands fdl ansi followed by no fdl ansi.
CSCea66630	COT_TP_IN test fail resulting channels in maintenence pending Symptom: The first COT_TP_IN test failed right after reload and the Cisco AS5300 never received COT_TP_OUT from softswitch, putting the channel in maintenance pending state. The timer in COT_TP_IN test should bring the channel to idle even if it does not receive the COT_TP_OUT from softswitch. Workaround: There is no workaround.
CSCea79604	buffer size mismatch between MICA boardware and Cisco IOS Symptom: The buffer size used by Cisco IOS to send data to the MICA carrier card is larger than the maximum buffer size defined by the carrier card software. If Cisco IOS sends a buffer which exceeds the maximum size set by the carrier card, the carrier card software may crash. If this software crashes, communication with all modems on the board will be lost. Conditions: This mismatch in buffer size affects all images starting with 12.2M and 12.2 T. Workaround: The router must be reloaded.
CSCin03921	The 872uut crashes inconsistently during cbwfq tests Symptom: Adding or removing a service policy to a dialer interface may infrequently cause a spontaneous reload of the router. Workaround: There is no workaround. However relying on experience with similar issues (involving reconfiguring a dialer on the fly), the suggestion is that either or both of the following steps might help: •Stop generating traffic through the interface •Shutdown the dialer interface when changing the service policy

Open Caveats—Cisco IOS Release 12.2(2)XB10

There are no open caveats specific to Cisco IOS Release 12.2(2)XB10 that require documentation in the release notes.

Resolved Caveats—Cisco IOS Release 12.2(2)XB10

All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB10. This section describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 10 Resolved Caveats for Cisco IOS Release 12.2(2)XB10
DDTS ID Number	Description
CSCdt64681	EIGRP route stuck in RT after neighbor down over ISDN: Symptom: Cisco 7200 running Cisco IOS Release 12.1(6) with PRI and multiple dialer interfaces. Two dialer neighbors advertise a prefix which is stuck in topology table/routing table once the neighbors are down. Workaround: Clearing the route makes it come back.
CSCdu26701	Compression & CEF on same int should not be allowed: Symptom: If you configure compress mppc on an interface and configure ip cef globally, IP fast switching is disabled. This affects connections that are not configured for compression to be process switched just like the compression connections, which adversely affects performance. If you disable compression, enable fast-switching, and re-enable compression, the interface incorrectly allows fast-switching simultaneously with compression. Workaround: Do not configure compression on interfaces you wish to have fast-switched.
CSCdv00338	Calls not disconnected (show isdn active) when idle time expires: Symptom: ISDN calls on NFAS signaled E1/T1 which arrive on B-channel 16 (for E1) or 24 (for T1) are not purged from the call-history MIB shown by show isdn active upon disconnect but are still shown as active. This can cause the ISDN process to consume more and more memory and CPU load in order to maintain the growing list. Workaround: Deactivate call-history-mib using the commands: call-history-mib max-size 0 call-history-mib retain-timer 0
CSCdx62491	CISCO-AAA-SESSION-MIB casnActiveTable: getnext returns wrong OID: Symptom: The getnext command returns the wrong OID when retrieving an object from the casnActiveTable of the CISCO-AAA-SESSION-MIB and no instance is given. `> getnext -v2c 10.89.152.43 public casnUserId` `casnTotalSessions.0 = 2` `> getnext -v2c 10.89.152.43 public casnUserId.0` `casnUserId.1 =` `> getnext -v2c 10.89.152.43 public casnUserId.1` `casnUserId.2 = cisco` Conditions: This problem only occurs when no instance is given in the getnext request. Workaround: There is no workaround.
CSCdx86284	Resend OOS service message after RESTART: Symptom: If an ISDN B channel has been set out of service (via the D channel interface command "isdn service"), and if the router should subsequently receive from the switch a RESTART message for that channel, then the router will think that the channel is still OOS, while the switch thinks that it is not OOS any more. The result will be that the switch may offer a call to the router on that channel, which call will be rejected by the router with "Requested circuit/channel not available". Instead, after receiving the RESTART message for an OOS channel, the router should refrain from acknowledging RESTART, but instead should reissue the SERVICE message, to restore the channel to the out-of-service state. Workaround: There is no workaround.
CSCdx90988	Memory leak in ISDN: Symptom: A leak with the ISDN process may be observed on a router after about three days. The router reloads because of a lack of memory resources after about 14 days. Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(10). Workaround: Reboot the router at a time when there is low traffic.
CSCdy34494	NAS-Identifier value isnt correct in attribute_32 test.: Symptom: The NAS-Identifier value is not correct because the value can only take 33 characters. Workaround: There is no workaround.
CSCdy48813	Outgoing call failed due to dialer DNS reverse-lookup failed: Symptom: For dialout, the outgoing call fails due to DNS reverse-lookup when dialer DNS is used on the dialer interface. The problem didn't appear in Cisco IOS Release 12.2(2)XB5. Workaround: There is no workaround.
CSCdy63815	OLD-CISCO-TS-MIB tsLineUser empty with AAA RADIUS and local user: Symptom: OLD-CISCO-TS-MIB tsLineUser is empty in Cisco IOS Release 12.2(2)XB6 with AAA RADIUS and local user configuration. The same configuration works with Cisco IOS Release 12.1(5)T8, and the tsLineUser value is populated. Workaround: There is no workaround.
CSCdy68133	Async Call fails to come up when no preauth is configured: Symptom: Modems calls will be rejected with no resource available. Conditions: This only happens if preauthorization is not configured. Workaround: Configure preauthorization for incoming calls. This may not be possible in all networks.
CSCdy85971	wrong SDP in 200 ok reply to a re-invite to conference: Conditions: This problem happens every time a mid-call INVITE is received to revert from a negotiated DTMF-rely payload type to Inband Voice. Symptom: In response to the mid-call INVITE, part of the old negotiated payload type is advertised in the 200 ok. The SDP looks as follows (Note the missing encoding name) : `a=rtpmap:96 /8000 a=fmtp:96 0-15` Workaround: There is no workaround.
CSCdz12110	ANI configured is not followed for E1-R2 outgoing call: Symptom: For an outgoing call, Cisco AS5400 running Cisco IOS Release 12.2(12a) may send the same DNIS and ANI to PSTN switch without following the ANI configured under cas-custom under controllers
CSCdz12711	NAS timedout user reported with incorrect prog. /discon. code: Symptom: Incorrect progress / disconnect code is reported for a user timing out by NAS with no RADIUS response. Workaround: There is no workaround.
CSCdz19909	RADIUS interim-update records not being sent correctly: Symptom: The customer is using Cisco 7206VXR. The RADIUS interim-update records have been enabled with the following global command: `aaa accounting update periodic 1440` The DSL router is supposed to send an update record for every active session every 24 hours but is producing inconsistent results instead. For many sessions that are active for more than a day, no update records are ever sent. For sessions where update records are sent, the time interval between updates is inconsistent. Workaround: There is no workaround.
CSCdz19944	MGCP T38 inhibit does not suppress T38 capability: Symptom: On Cisco AS5400 with Cisco IOS Release 12.2(12.14)T or Cisco IOS Release 12.2(2)XB8, disabling T.38 through mgcp fax t38 inhibit and/or fax t38 inhibit under voice service voip does not suppress the gateway's advertisement of T.38 as a capability. Workaround: There is no workaround.
CSCdz24736	Multilink PPP reporting master channel with a progress code 65: Symptom: Multilink PPP should report the master channel with a RADIUS accounting progress code of 60. Workaround: There is no workaround.
CSCdz45885	AAA POD not disconnecting client requests with 8-byte session id: Symptom: AAA POD is not disconnecting client requests with 8-byte session-id.
CSCin23107	Possible memory leaks during async callback: Symptom: On Cisco AS5400 universal access servers running Cisco IOS Release 12.2(2)XB8 or 12.2(12.14)T, memory leaks associated with async callback are possible. Workaround: There is no workaround.

Open Caveats—Cisco IOS Release 12.2(2)XB9

Cisco IOS Release 12.2(2)XB9 is not distributed for widespread availability.

Resolved Caveats—Cisco IOS Release 12.2(2)XB9

Cisco IOS Release 12.2(2)XB9 is not distributed for widespread availability.

Open Caveats—Cisco IOS Release 12.2(2)XB8

This section documents possible unexpected behavior by Cisco IOS Release 12.2(2)XB8 and describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 11 Open Caveats for Cisco IOS Release 12.2(2)XB8
DDTS ID Number	Description
CSCdx15393	Symptom: A universal gateway changes the connection identification (ID) during a call when a continuity test (COT) is requested by the create connection (CRCX) request. Conditions: This symptom is observed on a Cisco AS5350. The voice leg creates a connection ID and the mode is changed to "m:nas/data" by a modify connection (MDCX) request. The network access server (NAS) package creates a new connection ID and sends it back with an acknowledgement (ACK) message. Workaround: There is no workaround.
CSCdx20211	Description: this problem occurred after running stress traffic for approximately 3 days. Workaround : There is no workaround.
CSCdx37301	Symptom: On reloading Cisco AS5850 universal gateway route-switch controller (RSC), the universal port feature card (UP324) may unexpectedly crash. Conditions: Reload Cisco AS5850 RSC. Workaround: There is no workaround.
CSCdx48096	Unable to write to NVRAM with "radius-server unique x" configured after upgrading from Cisco IOS Release 12.1(5)XM8 to Cisco IOS Release 12.2(2)XB5. Workaround : There is no workaround.
CSCdx50317	We see memory allocation problems if the box encounters AAA authentication timeouts and dsp resources are overbooked. It is due to some dangling calls which are not cleaned properly when a call is rejected. Workaround : There is no workaround.
CSCdy67791	L2TP failed sessions to report L2TP RADIUS attributes 64,65,66,67,82 in the RADIUS accounting STOP packets.
CSCdz00534	Symptom: Cisco IOS Release 12.2(2)XB7+ L2TP is incorrectly indicating "service up" to Calltracker with a service type of PPP. Conditions:This behavior happens for L2TP calls. Workaround:There is no workaround.
CSCdz03993	Extra STOP record generated when LCP is renegotiated in PPP.
CSCdz04011	AAA pre-auth failure generates STOP records.
CSCdz05317	Handset call reported in RADIUS attributes 195, 255, and 77 with values.

Resolved Caveats—Cisco IOS Release 12.2(2)XB8

All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB8. This section describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 12 Resolved Caveats for Cisco IOS Release 12.2(2)XB8
DDTS ID Number	Description
CSCdw87887	Symptom: With continuous traffic and calls being cleared regularly, outgoing calls may fail. Conditions: This symptom is observed on a Cisco AS5400. Workaround: There is no workaround.
CSCdw90587	Symptom: Media Gateway Control Protocol (MGCP) dial calls are unsuccessful and cannot be completed if ISDN is configured. Conditions: This symptom is observed if ISDN is configured on MGCP dial platforms such as the Cisco AS5300, Cisco AS5350, and the Cisco AS5400. Workaround: There is no workaround.
CSCdw93992	A Cisco Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC) may fail to send accounting records for a PPP over ATM (PPPoA) call after the call has been forwarded via L2TP to an L2TP network server (LNS). The LNS drops the call by sending a Call Disconnect Notification (CDN) message to the LAC. Workaround: Clear the virtual access interface for the call on the LAC.
CSCdx41056	Symptom: A serial interface that has been previously shut down may be inadvertently brought back up when a router is reloaded. Conditions: This symptom is observed on a Cisco AS5400 universal gateway that has a serial interface. Workaround: There is no workaround.
CSCdy06029	When using MS-Callback with Cisco IOS Release 12.2(2)XB6 and the 'callback-noverify' option, the NAS fails to apply Framed-IP-Address or any AV-Pairs associated with that user.
CSCdy25116	When analog and HDLC calls are mixed on CSMV6, the RADIUS attribute Connect-Info for the HDLC call that is brought up after the analog call, contains information from the previous analog call on that port. Workaround: There is no workaround.
CSCdy28353	Symptom: An incorrect cause code is received on the E1 R2 side when a gateway receives an admission rejection (ARJ) for a gatekeeper. Conditions: This symptom is observed on a Cisco AS5300 universal gateway. Workaround: There is no workaround.
CSCdy33338	A NAS might display wrong value of radius-server unique-ident as 255 when it is configured as 254. Workaround: There is no workaround. However, this problem manifests only when the value 254 is configured or starting with 1 (as is the normal case), the router is reloaded 253 times. Recommendation is to use radius-server unique-ident 1.
CSCdy51116	In Cisco IOS Release 12.2(12.5)T or later a router which does not have AAA configured may unexpectedly reload when a user attempts to telnet from the router to another device. Workaround: Enable AAA.
CSCdy52592	Incorrect value of cisco-nas-port vsa is being passed in accounting records when an Async Multilink PPP Call is made through a Win2K client into Cisco AS5400 UUT. This was working in Cisco IOS Release 12.2(2)XB6 but is broken in Cisco IOS Release 12.2(2)XB7. Workaround: There is no workaround.
CSCdy57470	VPDN Syslog messages are generated for calls terminated due to only some types of failures. There should be VPDN syslog messages generated for all failure types. Workaround: There is no workaround.
CSCdy60455	Cisco AS5400 server is timing out on receiving A-5 as this signal is not defined in the Indonesia R2 implementation of 5xxx platforms. Workaround: There is no workaround.
CSCdy62975	extra stop record can be generated for session failure in which the session is not allocated ip address because of exhaustion of ip address from the pool. Workaround: There is no workaround. Right now there is no workaround.
CSCdy66067	Attribute 195 in accounting records can be reported as "no reason" when there is a WinNT Client Disconnect for an Async Call into Cisco AS5400 running Cisco IOS Release 12.2(2)XB07 7.1.0 build. Workaround: There is no workaround.
CSCdy69192	Cisco AS5300 server encounters system crash when RADIUS authentication is used for authenticating asynchronous call. Workaround is to use Local or TACACS+ authentication.
CSCdy71629	The task_id attribute in AAA accounting record might be wrong if the task_id is greater then 9999. Workaround: There is no workaround.
CSCdy75466	Problem: On the Cisco AS5400 platform running a Cisco IOS Release 12.2(11)T image when the router is coldbooted the relevant snmp coldStart trap is not being sent. The problem is also seen on mainline Cisco IOS Release 12.2 and Cisco IOS Release 12.2(2)XB8 images. Workaround: There is no workaround.
CSCdz05294	Symptom: While making L2F calls onto the Cisco AS5400 UUT tracebacks may occur at l2x_aaa_update_session_progress and system hangs. Workaround: The problem is fixed in the latest Cisco IOS Release 12.2(2)XB image.

Open Caveats—Cisco IOS Release 12.2(2)XB7

This section documents possible unexpected behavior by Cisco IOS Release 12.2(2)XB7 and describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 13 Open Caveats for Cisco IOS Release 12.2(2)XB7
DDTS ID Number	Description
CSCdu36976	The line command modem dialout controller is not available on the Cisco AS5350 universal gateway and Cisco AS5400 universal gateway, and, on the Cisco AS5300 universal gateway, the command does not work. Workaround: There is no workaround.
CSCdx31265	Conditions: Dial FTP downlink degrade by 18% Cause: Nextport Async modem interface can send out mal-formatted packets on the PPP dial-up link which causes retransmits on TCP based client applications which delays the throughput. Workaround: There is no workaround.
CSCdx59302	Under load or stress conditions for Voice calls with E1R2 signaling, the following NAKS are observed on TGW. `Jan 1 17:46:22.299 UTC: %NP-3-NAKRSP: NAK Response Received - command 0x1500, result code 0x8005, msgid 0x15FF, session id 0x1EB, msg tag 0x0, slot/port 4/59` `Jan 1 17:46:23.991 UTC: %NP-3-NAKRSP: NAK Response Received - command 0x1500, result code 0x8005, msgid 0x15FF, session id 0x2C2, msg tag 0x0, slot/port 6/58` `Overall effect on CSR is around 1% or less.`
CSCdx92615	Traceback when mgcp-dial call is made with AAA accounting. Workaround: There is no workaround.
CSCdy02488	CSCdx70479 has led to regression. As a result, analog MMP and analog VPDN calls are broken due to missing CLID/DNIS AVPs in L2TP and L2F exchanges and results in RADIUS rejects. Workaround: There is no workaround.
CSCdy04978	CSCdx70479 has led to regression. Using c5400-is-mz.122-2.XB6.dx70479-comindico.XB6, if an E1 controller is administratively shutdown or layer 1 connectivity is lost (cable pull) when mgcp digital calls were active on that E1, the RM state is not cleared. This does not happen with mgcp analog calls. This problem does not exist in Cisco IOS Release 12.2(2)XB5 CCO or Cisco IOS Release 12.2(2)XB6 CCO. Workaround: There is no workaround except for reloading the NAS to clear RM states.
CSCdy14689	In Cisco IOS Release 12.2(2)XB, Cisco IOS Release 12.2(4)T, and later Cisco IOS codes, the router does not send RADIUS connection accounting attribute 46 for TCP clear calls or for any outbound telnet connections from the router. The is issue is only with telnet connections. Regular PPP calls accounting records do contain this attribute. Workaround: There is no workaround.
CSCdy25116	When analog and HDLC calls are mixed on CSMV6, the RADIUS attribute Connect-Info for the HDLC call that is brought up after the analog call, contains information from the previous analog call on that port. Workaround: There is no workaround.
CSCuk34949	A Cisco router may generate a large number of alignment errors when TCP Header Compression is configured in conjunction with L2TP and Multilink PPP. Workaround: Disable header compression, both in the local configuration (use the interface command no ip rtp header-compression) and in any RADIUS/AAA database.
CSCuk35508	Symptom: End to end delay for Cisco AS5400 universal gateway is measured to be greater than VISM. Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.2(2)XB7

All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB7. This section describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 14 Resolved Caveats for Cisco IOS Release 12.2(2)XB7
DDTS ID Number	Description
CSCdk31736	PPP authentication requests with no username are not forwarded to the TACACS+/RADIUS server. This may prevent you from authenticating people by Caller ID.
CSCdv21918	A router may reload if netflow-data is exported to a multicast address. Workaround: Do not configure a multicast address; use a unicast address instead.
CSCdv27734	New PPP configuration commands are provided which provide control over the negotiation and application of the LCP configuration options for HDLC Address and Control Field Compression (ACFC) and PPP Protocol Field Compression (PFC).
CSCdw00055	The non-variable-length dial-plan matching character `$' permits a user to force a match on a destination-pattern consisting of a fixed number of digits. For example, use the following configuration: `!` `dial-peer voice 1 voip` `destination-pattern 01152....$` `session target ipv4:IP_ADDR_RTR1` `ip precedence 5` `!` `dial-peer voice 2 voip` `destination-pattern 01152......` `session target ipv4:IP_ADDR_RTR2` `ip precedence 5` `!` The user in this situation has calls to phone numbers which share the same first set of prefix digits but whose complete set of digits are different in number. In the example above, calls to RTR1 have nine digits starting with `01152' while calls to RTR2 have 11 digits starting with `01152'. To eliminate the ambiguity as to which dial-peer to match, the `$' is used so that a call to RTR2 will not match on dial-peer 1. This configuration works in Cisco IOS Release 12.1 images which support the `$' dial-peer matching character and Cisco IOS Release 12.2(1a). Starting in Cisco IOS Release 12.2(1.1) and in Cisco IOS Release 12.2(2)T, the dial-plan no longer permits a destination-pattern terminated with the `$' character to be matched at all, and hence no calls using that dial-peer will complete. Workaround: Configure the destination-patterns which end in `$' to end in `T?$': `!` `dial-peer voice 1 voip` `destination-pattern 01152....T?$` `session target ipv4:IP_ADDR_RTR1` `ip precedence 5` `!` `dial-peer voice 2 voip` `destination-pattern 01152......` `session target ipv4:IP_ADDR_RTR2` `ip precedence 5` `!`
CSCdw87887	With continuous traffic and the calls being cleared regularly, over a period of time outgoing calls fail.
CSCdw93050	The problem is transparent to the customer and is involved with the IOS MLP/PPP architecture.
CSCdx03701	With no TCP/IP header compression enabled on the Group-Async interface and the Framed-Compression attribute being passed in Access-Accept packets, TCP/IP header compression should revert back to the (default configured) disabled on async interfaces when LCP_DOWN state is reached. Instead, ip tcp header-compression may be present on physical async interfaces on which it was not configured, with the result that VJ header compression may be negotiated unexpectedly. Workaround: Configure the router always to terminate async calls on a virtual-access interface, through no virtual-profile if-needed and virtual-profile virtual-template <n>. R-comments: The fix for this is to always apply this attribute to a virtual-access interface. If this attribute is received for an async interface and it has virtual-profile if-needed configured, a virtual-access interface is created to apply this attribute. In the long term, using Common Configuration Architecture CCA for this configuration would be most useful.
CSCdx08652	During stress test, the system may crash because there are invalid parameters passed from the NextPort module. Workaround: There is no workaround.
CSCdx15859	Calltracker, show call calltracker active, and ... history commands display extraneous comma after authentication time.
CSCdx33166	During LSDOCallback, the sessions on the server side go down due to which callback already exists debugs can be seen in the logs inhibiting callback from occurring. Workaround: There is no workaround.
CSCdx41454	Symptom: Router applies the ip tacacs source-interface configuration only to the first tacacs server in the server list and fails to use the IP address for other configured servers. Conditions: When the primary TACACS server is not available, the router will attempt for the next TACACS server in the list. While connecting to the secondary TACACS server, the router ignores the ip tacacs source-interface configuration and it uses the IP address of the outgoing interface. The router is expected to use the IP address configured through ip tacacs source-interface command as source address, while connecting to the TACACS server, including the secondaries. Workaround: A workaround is possible using NAT. The user can apply NAT for the TACACS packets by the following configuration. `interface outbound interface to the tacacs server` `ip nat outside` `!` `ip nat inside source list 102 interface Loopback0 overload` `access-list 102 permit tcp any any eq tacacs`
CSCdx50798	Symptom: RM authorization of digital VPDN calls is skilled. VPDN configuration parameters in RM are not applied to call. Workaround: Terminate digital VPDN calls on HDLC resources
CSCdx54866	Symptom: VPDN ignores the configured source ip address and defaults it to the primary ip address of the tunneling interface. Conditions: This behavior is seen when VPDN is configured locally on the gateway. Workaround: There is no workaround.
CSCdx60225	A Cisco AS5400-HPX configured for VPDN might show following errors: `May 14 18:42:16.775: %ALIGN-3-SPURIOUS: Spurious memory access made at 0x6116FF1C reading 0x0` `May 14 18:42:16.775: %ALIGN-3-TRACE: -Traceback= 6116FF1C 60C64104 60C64850 60C5B0A4 60C5B8A8 60C5B6A0 6064187C 606419C8` At the same time show align might show an increasing count for the associated Traceback: `AS5400#sh align` `Alignment data for:` `5400 Software (C5400-IS-M), Version 12.2(2)XB5, EARLY DEPLOYMENT RELEASE SOFTWARE (fc2)` `TAC Support: http://www.cisco.com/tac` `Compiled Sun 12-May-02 21:36 by liha` `No alignment data has been recorded.` `Total Spurious Accesses 6, Recorded 1` `Address Count Traceback` `0 6 0x6116FF1C 0x60C64104 0x60C64850 0x60C5B0A4` `0x60C5B8A8 0x60C5B6A0 0x6064187C 0x606419C8` Workaround: There is no workaround.
CSCdx70479	Symptom: After the RADIUS servers are reloaded the resource manager state \is not set to idle and no calls can be received. Conditions: RADIUS server needs to be reloaded
CSCdx81130	Microsoft Callback negotiation may fail with particular clients. This is due to a minor difference between Cisco's implementation of the Microsoft Callback server and the original implementation by Microsoft in a detail that is not clearly specified in the draft RFC. While this particular problem does not seem to impact Microsoft Windows clients requesting for callback, it has been observed with a 3Com OfficeConnect LAN modem that failed to negotiate MS callback with a Cisco NAS. Workaround: There is no workaround.
CSCdx93324	The H.323 gateway may crash accessing invalid memory location. Workaround: There is no workaround.
CSCdy01787	When MTU configuration is manually overridden the EAP proxy client may not be able to appropriately size frames for the client's MRU. Workaround: Do not adjust the MTU on the router.
CSCdy05296	The port information provided on a Cisco AS5350 universal gateway, Cisco AS5400 universal gateway, or Cisco AS5850 universal gateway on modems within RADIUS attribute 5 using either nas-port format a or b for async calls provide the true port information (as in slot/port) and not the TTY line number of the modem which previous generation dial platforms provided. This is causing problems for service providers using a variety of Cisco dial platforms as they are inconsistent in the information being relayed on the various platforms Cisco sells. Workaround: There is no workaround.
CSCdy32948	Symptom: RADIUS NAS-Port attribute (attr 5) does not report the TTY number of the Async interface used for the call. This is the default value which should be reported as per format a definition described on CCO for any Async call. Conditions: radius-server nas-port format a (default) is configured and AAA is tracking a modem based call. Workaround: There is no workaround.
CSCdy33286	Symptom: Relatively light load on Cisco AS5400 running Cisco IOS Release 12.2(2)XB6.4 showing IOMEM leakage leading to MALLOC failures. Conditions: This was seen in the interim Cisco IOS Release 12.2(2)XB6.4 only. Workaround: There is no workaround.
CSCuk36415	Symptom: RTP packets queued from the fast switching path will be sent uncompressed. Workaround: There is no workaround.

Open Caveats—Cisco IOS Release 12.2(2)XB6

This section documents possible unexpected behavior by Cisco IOS Release 12.2(2)XB6 and describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 15 Open Caveats for Cisco IOS Release 12.2(2)XB6
DDTS ID Number	Description
CSCds37794	Router crash due to memory corruption with compression in T1-CAS env Symptom: System may reload due to memory corruption when having traffic. Conditions: when TCP header compression and predictor compression are enabled. Tearing down calls from the caller side. Workaround: There is no workaround.
CSCdw08683	Router crashes in dial-peer routine Symptom: Router may reload while running T.37 end-to-end bi-directional traffic over E1R2.Conditions: The reload may happen only when more than one outbound POTS dial-peers are configured with the same destination pattern but different ISDN ports. Example: dial-peer voice 1 pots destination-pattern 6666666 port 7/0:0 prefix 7777777 ! dial-peer voice 2 pots destination-pattern 6666666 port 7/1:0 prefix 7777777 ! dial-peer voice 3 pots destination-pattern 6666666 port 7/2:0 prefix 7777777 Workaround: Shut or remove all dial-peers but one (dial-peers 2 and 3 for example).
CSCdw66146	DLCX and NTFY messages incorrectly send The DLCX is sent out without the hostname There is no workaround for this. The NTFY has no req id. happens if the req id len len hits max. Workaround: There is no workaround.
CSCdw87887	Outdial digital calls terminated on NextPort fail over time With continuous traffic and the calls being cleared regularly, over a period of time outgoing calls fail.
CSCdx15393	5350 changes connection Id for MGC NAS call when COT is requested in The voice leg creates a Conn id and then the mode is changed to m:nas/data with a mdcx. The nas pkg creates a new conn_id and sends it back with the ack. Workaround: There is no workaround..
CSCdx20211	Terminating GW crashed with rtcp_construct voip_rtcp_server Symptom: this problem occurred after running stress traffic for approximately 3 days. Workaround: There is no workaround.
CSCdx41056	Reload brings shut serial interface up Reload may bring the manually shut down serial D interface up and active on reload.
CSCdx48096	startup-config file open failed (Device or resource busy) when wr Unable to write to NVRAM with "radius-server unique x" configured after upgrading from Cisco IOS Release 12.1(5)XM8 to Cisco IOS Release 12.2(2)XB5. Workaround: There is no workaround.
CSCdx50119	UUT returns to rommon after resetting the commserver This defect is seen on the UUT after resetting the commserver. Workaround is to power cycle the UUT.
CSCdx50317	memory leak in xcsp calls in cdapi We see memory allocation problems if the box encounters AAA authentication timeouts and dsp resources are overbooked. It is due to some dangling calls which are not cleaned properly when a call is rejected. Workaround: There is no workaround.
CSCdx62789	guard timer does not clear the call (mgcp-dial) When the guard timer expires xcsp clears the call by sending a disconnect. Since the call is not fully up, cdapi expects a Release complete Workaround: There is no workaround.
CSCdx63602	crash after traceback in xcsp_ppp_event_proc Traceback or crash happens if xcsp_ppp_event_proc is called without a hwidb. Workaround: There is no workaround.
CSCdx68562	COMindico: T.38 fax broken when default mgcp codec is g729r8 When attempting to make a fax call between 2 Cisco AS5400's if the default mgcp codec is set to g711a pack period = 20 then the fax works via T.38 without problems. If the default mgcp codec is set to g729r8 pack period = 20 then the fax does not work. Workaround: Use g711 default mgcp codec.
CSCdx70479	RM state not cleared after RADIUS switch over to secondary Symptom: After the RADIUS servers are reloaded the resource manager state \is not set to idle and no calls can be recived. Conditions: RADIUS server needs to be reloaded
CSCdx77395	Severe memory leak while running voice calls with E1PRI Severe memory leak happens redering the system useless after running voice calls under load conditions (16 E1 worth) for 20+ hours. Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.2(2)XB6

All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB6. This section describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 16 Resolved Caveats for Cisco IOS Release 12.2(2)XB6
DDTS ID Number	Description
CSCdv36894	Throughput for ISDN MLPPP calls is generally slow and highly erratic Symptom: About 20 percent of number of calls terminated on NextPort, thoughput will be lower than calls terminated on Freedm (HDLC hardware controller). Workaround: Configure Serial D-channels with the following additional command ppp multilink queue depth fifo 4
CSCdx07849	radius_saveident should use CSCdw51651 method to avoid write_memory An attempt to update the startup-config file (via the exec "write memory" command or equivalent) may fail with the following error: router#write memory startup-config file open failed (Device or resource busy) This problem can be caused by a process that is attempting to update NVRAM getting stuck for some reason. To track down the offending process, use the command "show file descriptors": router#show file descriptors File Descriptors: FD Position Open PID Path 0 0 430A 157 nvram: Now, using "show process", find the process with the offending PID. If the PID belongs to a process called "radius nvwrite", then this DDTS is the problem. Workaround: Save the current running config to a temporary file in flash or on a TFTP server. Reload. Immediately after reloading, copy the saved configuration to nvram:startup-config .
CSCdx57179	DS0 info missing in AAA accounting Symptom: DS0 information not reported in AAA accounting Workaround: There is no workaround.
CSCdx57653	aaa new-model command necessary to bring up local VPDN Call NAS will fail to forward calls to VPDN when aaa authorization is configured locally on the NAS and aaa new-model is not configured. Workaround: add aaa new-model to the config.
CSCdx68556	pack period not set in line with CRCX value When the mgcp default codec on a Cisco AS5400 is set to g711a pack = 20 the codec bytes for the RTP stream is 160. When the mgcp default codec is g711a pack = 10 the codec bytes for the RTP stream is 80. The NAS ignores the CRCX SDP parameters, i.e. the codec bytes appear to use 10 when the CRCX says 20 and default is 10. This results in poor quality/garbled voice. Workaround: Use G.711 default codec with pack period 20.
CSCdx81388	Memory leak in PPP Events after stress test Memory Leak is seen in PPP Events after stress test on Cisco AS5400 running Cisco IOS Release 12.2(02)XB06 pre-fcs 5.3.0 build. Workaround: There is no workaround.
CSCdw03288	UP324 card crash while handing over in handover-split mode Symptom: While handing over UP324 board from one RSC to another using the redundancy hand-over mode and reloading the RSC which was handling the UP324, the CPU util of the UP324 goes upto 100% and the board crashes when its handed to the other RSC. Conditions: This affects platforms which have redundancy hand-over mode support. Workaround: There is no workaround.

Open Caveats—Cisco IOS Release 12.2(2)XB5

This section documents possible unexpected behavior by Cisco IOS Release 12.2(2)XB5 and describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 17 Open Caveats for Cisco IOS Release 12.2(2)XB5
DDTS ID Number	Description
CSCds37794	Router crash due to memory corruption with compression in T1-CAS env Predictor compression on ppp interfaces is broken and can not be used in Cisco IOS Release 12.1(3)T.
CSCdu79111	TCL APP processes take too much cpu when making +7cps debicard calls. Symptom: When system running debitcard application with bursty traffic of 15+ call per second back-to-back, IVR processes such as TCL APP take too much cpu causing a high overall cpu utilization. Workaround: Control incoming calls to avoid bursty traffic and turn on Call Admission Control to prevent catastrophic errors at high cpu utilization.
CSCdv36894	Throughput for ISDN MLPPP calls is generally slow and highly erratic The throughput for ISDN MLPPP calls has been found to be generally slow and highly erratic.Same for analog calls also.
CSCdv70676	SPE went to Bad state with incoming modem calls and 100% COT. With modem calls and 100% COT transponder, SPEs on a Cisco AS5400 OGW would transition to BAD state one by one. Executing the clear spe command or the would reset the SPEs back to normal state but after a few more modem calls, the SPEs would come back to BAD state. Test port modem back to back also bring the SPEs back to normal state.
CSCdw08683	Router crashes in dial-peer routine The crash may happen only when more than one outbound POTS dial-peers are configured with the same destination pattern but different ISDN ports. Example: dial-peer voice 1 pots destination-pattern 6666666 port 7/0:0 prefix 7777777 ! dial-peer voice 2 pots destination-pattern 6666666 port 7/1:0 prefix 7777777 ! dial-peer voice 3 pots destination-pattern 6666666 port 7/2:0 prefix 7777777 Workaround: The workaround is to shut or remove all of those dial-peers but one (dial-peers 2 and 3 for example).
CSCdw59798	IPCP fails with 760 CPE client when using static routes via RADIUS Symptom: A Cisco AS5400 universal gateway using Cisco IOS Release 12.2(2)XB version when a non Multilink call is made from 760 CPE client using Cisco IOS Release 12.1(11), to which static routes are applied at the NAS via RADIUS, it results in IPCP failure. Workaround: There is no workaround.
CSCdw66146	DLCX and NTFY messages incorrectly send The DLCX is sent out without the hostname. The NTFY has no req id. happens if the req id len len hits max. Workaround: There is no workaround.
CSCdw80521	RPM does not unbind dynamic template when call disconnects early If a gateway is configured for resource-pooling with customer profile templates, a short, abnormal call may cause the next call on that modem/interface to bind to multiple profiles causing the configuration for the next call to be different than intended. Workaround: A workaround which works under some circumstances (but not all) is to make sure that each customer profile template explicitly specifies every configuration item which may be different on other customer profile templates to make sure the configuration items on the intended template overrides any configuration items on other templates which may be unexpectedly bound. The workaround does not work when multiple short, abnormal calls land on the same port consecutively.
CSCdw83849	APS-B-BPX: AnxB: Lockout doesnt keep selector position. Conditions: Force switch WS1->WS2 on AXSM/B, Lockout on BXM side. Workaround: There is no workaround.
CSCdw84263	%SYS-3-HARIKARI: Process Exec top-level routine exited A Cisco AS5400 universal gateway running Cisco IOS Release 12.1(5)XM6 may experience the following error: -Process= "Exec", ipl= 0, pid= 176 -Traceback= 602E3748 60328DC8 6038594C 60385938 Feb 25 00:02:27.781: %SYS-3-HARIKARI: Process Exec top-level routine exited Feb 25 00:02:53.125: %SYS-3-HARIKARI: Process Exec top-level routine exited Workaround: There is no workaround.
CSCdw84263	%SYS-3-HARIKARI: Process Exec top-level routine exited A Cisco AS5400 universal gateway running Cisco IOS Release 12.1(5)XM6 may experience the following error: -Process= "Exec", ipl= 0, pid= 176 -Traceback= 602E3748 60328DC8 6038594C 60385938 Feb 25 00:02:27.781: %SYS-3-HARIKARI: Process Exec top-level routine exited Feb 25 00:02:53.125: %SYS-3-HARIKARI: Process Exec top-level routine exited Workaround: There is no workaround.
CSCdw87887	Outdial digital calls - fail overtime With continuous traffic and the calls being cleared regularly, over a period of time outgoing calls fail.
CSCdx03069	Memory leak on GW if AltEP present in ACF with dCSA 0.0.0.0 Memory leak on the H323 voice gateways noticed. If the Gatekeeper of the Gateway sends an Admission Confirm (ACF) message with the destination Call Signal Address (dCSA) field set to 0.0.0.0 and if the alternate Endpoint field is present in the message. Workaround: There is no workaround.
CSCdx06424	MGCP voice calls with G723 yielded low CSR When running with G723, call success rate might be lower than expected due to "no dial" tone available. Workaround: Use G711 or G729.
CSCdx07948	Traceback seen at rm_author_local_vpdn_session_request Whenever a call is setup, the following messages are seen on console `Mar 16 03:48:19 1.2.62.35 15981: Mar 16 12:01:09.772: %RM-3-NORESP: No response-code from local RM` `Mar 16 03:48:19 1.2.62.35 15982: -Traceback= 6023F218 603CA408 603C9A20 603C9984 603CBE84 603CBE70`
CSCdx07948	Traceback seen at rm_author_local_vpdn_session_request Symptom: Whenever a call is setup, the following messages are seen on console `Mar 16 03:48:19 1.2.62.35 15981: Mar 16 12:01:09.772: %RM-3-NORESP: No response-code from local RM` `Mar 16 03:48:19 1.2.62.35 15982: -Traceback= 6023F218 603CA408 603C9A20 603C9984 603CBE84 603CBE70` This occurs when there are 400 digital and modem calls brought up, and then a script is run which tears down and setup calls at 2 calls per second.
CSCdx13190	Hearing Loud pitch (1Khz) Tone with e&m-fgb mf dnis. Workaround: There is no workaround.
CSCdx15393	5350 changes connection Id for MGC NAS call when COT is requested in Symptom: The voice leg creates a Conn id and then the mode is changed to m:nas/data with a mdcx. The nas pkg creates a new conn_id and sends it back with the ack Workaround: There is no workaround.
CSCdx16314	as5400/5350 fax are not passing through although chg of codec happen Symptom: Fax passthrough is not working with Cisco AS5350 and Cisco AS5400.
CSCdx17074	Multichassis multilink PPP session RADIUS accounting Symptom: Multichassis multilink PPP sessions to report RADIUS accounting based on the respective NAS serving the B-channel.
CSCdx19436	Overlap receiving does not work if no INFO digits after SETUP Symptom: Overlap calls fail in certain situations. Conditions: If no additional digits are received in ISDN INFO messages after the initial SETUP, the call is rejected even though an outgoing dial-peer exists to route the call using the called-number in the SETUP. Workaround: There is no workaround..
CSCdx26331	SIP: Connect Timestamp missing in CallHistory when ACK is missing. Symptom: The Call History information generated by the SIP call leg does not have a valid (non-zero) duration while the POTS Call History for the same call has a non-zero duration. Conditions: This will happen when the ACK fails to reach the TGW following an answer (200 OK response). Workaround: There is no workaround.
CSCdx26961	Nas pkg - spurious access at xcsp_release_ind Symptom: When tear down too many modems and digital calls abruptly, spurious memory access might happen. Workaround: Bring down a few calls at a time.
CSCdx28409	CSM_VOICE-3-NOVDEVINFO:CSM null voice resource info Following error message received after running the system under voice stress for a long duration (25 hours) UTC: %CSM_VOICE-3-NOVDEVINFO: CSM null voice resource info
CSCdx28498	NAKs under E1R2 voice stress Following NAK messages will be observed under voice stress conditions for E1R2 signaling. *Jan 5 05:39:57.958 UTC: %NP-3-NAKRSP: NAK Response Received - command 0x1500, result code 0x8005, msgid 0x15FF, session id 0x30D, msg tag 0x0
CSCdx29261	Fast Switching into Tunnel Failed l2tp tunnel is not established from Slave NAS to Master NAS in MMPPP in Cisco IOS Release 12.2(02)XB05 4.7.0 build image. Workaround: There is no workaround.
CSCdx29746	Offramp fax call fail when light page is transmitted Offramp T.37 fax call fail with a light 1 page fax/tiff. The tiff is generated by the tiff writer on 5400. If only one e-mail with this tiff is send, the transmission always fails. If multiple e-mails (23 for example) are sent simultaneously the FSR is ~ 60%. The problem is seen with all images after Cisco IOS Release 12.2(2)XB. It doesn't exist with XB. The problem is seen only with PTE testbed, but not with fax machines.
CSCdx33161	Increasing number of E1/R2 timeslots go out of service A Cisco AS5400 with E1/R2 lines might periodically have an increasing number of timeslots which go out of service. For these timeslots, show controllers e1 x timeslots will always display Channel State signaling: E1 2/0 is up: `Loopback: NONE DS0 Type Modem <-> Service Channel Rx Tx State State A B C D A B C D --------------------------------------------------------------------------- ... 2 cas - - insvc signaling 0 0 0 1 1 0 0 1 ...` Workaround: - configure shutdown/no shutdown on the controller e1 - clear the blocked E1 timeslots on the E1/R2 switch
CSCdx34038	System crashed at pm_spe_create_capability_mask When the Cisco AS5400 has a bad NextPort module, system may crash during boot up. Workaround: There is no workaround.
CSCdx34513	System reloaded at free(0x603d2da0)+0x84 at boot time This problem manifested itself when the Cisco AS5400 was loaded with the XB3 image. The Cisco AS5400 in question has two octal E1 modules and five NP-108 modules. The offending NP-108 was being in slot 5. Workaround: The workaround for this forced reload is to remove the offending NP-108 from the router.
CSCdx35770	SGBP calls fail when using RPMS2.0 aaa proxy functionality Symptom: NAS configured for RPMS 2.0 fails to join SGBP group. Workaround: Do not use AAA to authenticate the SGBP group username and password.
CSCdx36467	%NP_SSM-3-RUNTIME_ERROR after maintenance period. A Cisco AS5400 UUT may experience %NP_SSM-3-RUNTIME_ERROR on the SPEs after maintenance period. Workaround: There is no workaround.
CSCdx36496	%SYS-3-HARIKARI messages observed after clear spe On a Cisco AS5400 running Cisco IOS Release 12.2(2)XB05, %SYS-3-HARIKARI messages may be seen after "clear spe". Workaround: There is no workaround.
CSCdx36967	Cloning of VI fails with large per-user AAA Session-Timeout attribut When a virtual profile is used through authentication, authorization, and accounting (AAA) to configure a RADIUS timeout absolute minutes [seconds] interface configuration command with a value that is greater than 35,790 minutes (2,147,483 seconds or 24 days), the cloning of the virtual access interface may fail. This behavior prevents the virtual interface from being used for another call even if the virtual interface uses a small timeout value. Workaround: Do not attempt to configure RADIUS session timeout values that lie outside the valid range. This caveat entry changes the session timeout to use a 64-bit timer, which increases the maximum value of the timeout absolute minutes [seconds] interface configuration command to approximately 71,582,787 minutes (136 years).
CSCdx41056	Reload brings shut serial interface up Reload may bring the manually shut down serial D interface up and active on reload. Workaround: There is no workaround.
CSCdx42998	sig_info is NULL:CID AFCA (##) s4/p54 u1/c255 event 3 Following error seen under voice stress conditions for E1R2 *Jan 2 09:18:49.219: from Trunk(2): sig_info is NULL: CID AFCA(##) s4/p54 u1/c255 event 3 No other side effects. Workaround: There is no workaround.
CSCdx44718	sh isdn active shows disconnected calls sh isdn active may display some disconnected calls as active and increment their Seconds Used counter. Workaround: There is no workaround.
CSCdx46416	RADIUS Access Reject and traceback In a mixed call environment RADIUS access-requests start failing for no apparent reason, at which time the access-requests are continually retried in a loop until dialer idle time-out expires or the call is manually cleared. Tracebacks at rm_author_local_vpdn_session_request are continously generated and cpu process usage increases. This problem is seen only on isdn non-vpdn calls and on 5800 and 5400 platforms. This problem was not seen with modem calls. Workaround: There is no workaround.
CSCdx47420	Traceback seen when bringing up VPDN calls The following tracebacks are seen while bringing up a VPDN call and also while booting the NAS. *May 1 18:16:22.467: %SYS-3-MGDTIMER: Timer has parent, timer link, timer = 61FE4600. -Process= "VPDN call manager", ipl= 4, pid= 117 -Traceback= 603E1E60 603E6CD4 60F97C40 603CD584 603CD570 Workaround: There is no workaround.
CSCdx48036	Attribute 77 not supported on nextport Attribute 77 in accounting for async calls not supported on Cisco AS5400. Workaround: There is no workaround.
CSCdx48096	startup-config file open failed (Device or resource busy) when wr Customer is seeing a problem on Cisco AS5400 where they are unable to write to NVRAM. Workaround: There is no workaround.
CSCdx50119	UUT console hangs after power off/on This defect is seen on the UUT when the it is power cycled. The console might hang after returning to rommon mode. Workaround: Cycle the power to the commserver.
CSCdx50196	SIP: Different error responses for same SIP Request URI - app issue Under certain conditions, the IOS SIP Gateway may receive a SIP INVITE Request for a unknown SIP Request-URI in which the Gateway may send different SIP error Responses (ie. 404 Not Found or 484 Address Incomplete). The Gateway is returning different disconnect cause codes for the call failures. The SIP Error responses are mapped to the PSTN disconnect cause codes.
CSCdx50498	Local RPM CLI commands for VPDN profiles stripped out at bootup Symptom: The resource pooling VPDN CLI commands in startup config is not recognized by 5400 when it boots up. Workaround: Manually enter that in the configuration after bootup.
CSCdx50498	Local RPM CLI commands for VPDN profiles stripped out at bootup Symptom: The resource pooling VPDN CLI commands in startup config is not recognized by 5400 when it boots up. Workaround: Manually enter that in the config after bootup.
CSCdx50798	RM authorization skipped for digital VPDN calls on Nextport Symptoms RM authorization of digital VPDN calls is skilled. VPDN configuration parameters in RM are not applied to call. Workaround: Terminate digital VPDN calls on HDLC resources
CSCdx50873	Traceback from dscc4_pak_to_txring when WFQ configured Symptom: Following Tracebacks seen on console May 6 08:00:49.229 ACST: -Traceback= 60273A9C 60275248 60D08E28 602CFC70 602D0218 6025BA88 6025C480 60255F6C 6025EBC8 6019B74C 6044B35C 8040A080 May 6 08:00:49.229 ACST: ASSERTION FAILED: file "../src-7k-as5400/if_as5400_dscc4_isr.c", line 401 May 6 08:00:49.229 ACST: -Traceback= 60273A9C 60275248 60D08E28 602CFC70 602D0218 6025BA88 6025C480 60255F6C 6025EBC8 6019B74C 6044B35C 8040A080 Scenario: When running MLPPP calls and fair queueing is configured. Workaround: There is no workaround.
CSCdx52323	VPDN user reported as PPP user with IP Address assigned A NAS running Cisco IOS Release 12.2(02)XB05 image may experience some of its VPDN users to be reported as normal PPP Users with IP address assigned. Workaround: There is no workaround.
CSCdx52334	Named Access Lists disappears from the running config A NAS running Cisco IOS Release 12.2(02)XB05 image may report absence of access list once it is rebooted. Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.2(2)XB5

All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB5. This section describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 18 Resolved Caveats for Cisco IOS Release 12.2(2)XB5
DDTS ID Number	Description
CSCdu14530	If the IP address is removed from a the PPP interface of a 7500, running Cisco IOS Release 12.1E IOS, and then the IP address is added, this change is not reflected immediately in CEF. This results in 50% packet loss until the background CEF process updates the adjacency. Workaround: •shut / no shut the PPP interface. or •disable CEF (not an option as the 7500 is a PE router).
CSCdu56218	MOH does not suspend idle timers When the modem is on hold or shortly after coming off of hold the call will be disconnected if the idle times expire. Workaround: Increase the timers beyond the maximum on hold time allowed.
CSCdv38563	Client code does not add attributes 90 & 91 for the LAC Network access server (NAS) may fail to include attributes 90 and 91 when a router hostname is used as the tunnel ID and when the tunnel ID is not included in the user profile. Workaround: There is no workaround.
CSCdv54127	Missing Acct-Output-Packets & Acct-Input-Packets in STOP rec The Acct-Output-Packets and Acct-Input-Packets attributes are missing in the STOP record while testing network accounting, even though they are seen in the debug output.
CSCdv66747	Traceback at l2tp_fixup_cached_header Tracebacks occur with vpdn in Cisco IOS Release 12.2(02)XB, Cisco IOS Release 12.2(03)PI, & Cisco IOS Release 12.2.T.
CSCdv71454	l2tp_process_unsent_queue may cause CPUHOG In Cisco IOS Release 12.2 T, "L2TP mgmt daemon" may cause CPUHOG if there are lots of packets in unsentQ.
CSCdw00924	MLP bundle transmit may jam when link departs bundle On a PPP multilink bundle that has multiple links, if one of the links departs from the bundle while data is enqueued for output at the bundle interface, the output mechanism on the bundle may stall, halting any further output from that bundle. The output queue on the bundle becomes full, causing packets that are forwarded to that bundle to be dropped and the affected bundle to stop transmitting packets. Workaround: There is no workaround.
CSCdw06038	RPM:no profile found for call-type digital Symptom: With Resource Pooling and Resource Pooling AAA accounting configured, a customer profile may not be found for a particular DNIS group. Conditions: The gateway may have a problem with incoming calls finding the customer profile depending on the order, size and value of the dnis entered; results may vary depending on whether the DNIS is manually entered or whether the wavl is set up from reload via the start-up config. Workaround: There is no workaround.
CSCdw17116	show user command shows wrong idle time for dialer interfaces The "show users" display for async interface users with dialer in-band configured SHOULD show, in the idle time column, the time since the last interesting packet (as determined by the dialer-list.) Instead, it shows time since the interface came up. The command "show caller line" has the same problem. Example: `Router#show user` `Line User Host(s) Idle Location` `tty 1/00 user185 Async interface 04:31:37 PPP: 10.3.1.2` `Router#show caller line tty 216` `Active Idle` `Line User Service Time Time` `tty 1/00 user185 Async 04:33:15 04:33:06` Workaround: Use the command "show caller timeouts" instead, and examine the output for the async interface: `JS54U7#show caller timeouts \| i 1\/00 tty 1/00 user185 - - - As1/00 user185 00:02:00 00:01:59 Dialer idle`
CSCdw24449	NAS Package does not send RADIUS Attribute 30 (Called Number) When pre-authentication is configured for mgcp-dial on a RPMS server it fails Workaround: Use merit ar dataquant RADIUS server
CSCdw39083	Calls being disconnected by gateway with cause code 47(resource una) When running test calls in a ThunderVoice environment a small percentage of the calls are being rejected by the originating gateway with cause code 47 (resource unavailable, unspecified). Workaround: There is no workaround.
CSCdw44334	isdn-overlapping receive is not working if dial-peers are up The ISDN overlapping receive feature does not work if the dial peers are up. Workaround: There is no workaround.
CSCdw45584	Cisco-AV pair lcp:send-secret=cisco not supported in XB VPDN authorization fails when "lcp:send-secret=xxxx" is sent in the access accept packet from RADIUS.
CSCdw62064	IKE Keepalives being dropped with MLPPP fragmentation On Cisco 7200 running Cisco IOS Release 12.2.6, it is seen that with T1 links combined in a Multilink PPP bundle, and MLPPP fragmentation enabled; ISAKMP keepalives are not being received by the box, even though the remote peer is sending out the keepalive messages. As a result each end thinks its peer is dead and deletes the IKE & IPSEC SA's. They then re-negotiate IKE and IPSEC and create new SA's. As a result, IKE and IPSEC are re-negotiated at each IKE keepalive interval and there is some traffic drop during this re-negotiation phase. Workaround: •Disable hardware crypto acceleration. With software crypto, this problem is not seen. •Disable MLPPP fragmentation. Without fragmentation, the IKE keepalives are received by the peers (even with hardware crypto)
CSCdw65439	RADIUS MOH attribute has no effect for Exec and L2TP users The RADIUS MOH per user attribute has no effect for EXEC and L2TP users. The attribute is discarded. It is working for PPP users. Workaround : Use modemcap to define a default setting for all EXEC and L2TP users.
CSCdw66146	DLCX and NTFY messages incorrectly send The DLCX is sent out without the hostname Workaround: There is no workaround. The NTFY has no req id. happens if the req id len len hits max. Workaround: There is no workaround.
CSCdw67239	POD client need more info on termination of users POD client need more specific information on termination. In addition to Ack and Nak msgs more specific info on termination required.
CSCdw68757	Caller hear second dial-tones CHOM noise from Nortel PBX. Caller on original GW of CAS hear the second dial-tone CHOM from the far end router which connected to Nortel PBX. This is only for CAS case. Workaround: There is no workaround.
CSCdw80687	ip tcp compression-header passive is always compressing ppp traffic Symptom: Packets are process switched on an interface with fast switching configured. This can result in high CPU usage. Conditions: Header-compression must be configured, but only on one side. For example, in a dial-in situation, where header-compression is configured on the central switch, but not on the box that is dialling in. Also, the interface must not support FAST switched header-compression, e.g. most dial-in interfaces are currently not supported. Workaround: Remove header-compression from the configuration. Note If header-compression is configured on both sides of a link, and the interface does not support fast-switched header-compression, then process switching is normal and required for successful operation of the header-compression feature.
CSCdw85178	OJ:VSA incorrectly billing ip hops Genuity is not able to bill multiple customers off of one proxy. Workaround: There is no workaround.
CSCdw88228	Sync calls termed on NP reported as ASYNC on Microsoft IAS Server Digital calls should be reported as port type "isdn sync", but some digital calls are reported as port type "async" incorrectly. This only affects digital calls which terminate on DSP. There is no workaround.
CSCdw89455	PPP authen failure with fourth method All PPP Auth methods will not work with MSCHAP V2.
CSCdw91279	L2TP ZLB ACK not processed correctly (regress CSCdk57040) A Cisco router that is running Cisco IOS Release 12.2(5.7)T or a later release and that is acting as a Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC) or L2TP network server (LNS) may fail to process valid L2TP Zero-Length Body Acknowledgement (ZLB ACK) packets. This behavior may cause sessions and tunnels to drop. Workaround: There is no workaround.
CSCdw94403	g/w fails call with endpoint in transient state if rx RQNT after 200 Calls from H323 via HSI and PGW are failed by the gateway of G723 is used. The gateway fails the RQNT asking for DTMF information after a successful MDXC/200 exchange. MGCP fails with 'endpoint in transient state' . Workaround: There is no workaround, other than Call Agent retrying the RQNT command again.
CSCdx02102	Memory corruption with MPPE when MTU exceeds 8K A Cisco router may experience memory corruption when configured with software encryption (MPPE) if the MTU size is greater than 8K (and if there are actually packets of length greater than 8K). Workaround: Configure MTU less than 8K when doing software encryption (MPPE).
CSCdx04271	RADIUS attribute 137 support To direct the NAS to send the client DNS server address during the connection negotiation through RADIUS , Attribute 137 should be supported.
CSCdx05704	MSCB won't propose the skip CB option to peer with dialer profiles When a user dials in, requests MSCB and is bound to a dialer profile, after authentication (problem won't happen if the profile is bound before PPP starts) then IOS does not propose the option to skip callback during CBCP even if we are configured for it (ppp callback accept and user has empty callback dial string). If the user opts to skip the callback anyway, we will drop the call because we did not propose that option, which is correct behaviour but has only been enforced since CSCdu55093, which is why this bug has been relatively hidden up until recently.
CSCdx06024	MGCP Modem call failed to generate accounting Call will connected successfully but accounting won't be generated. Workaround:Do not set accounting in the config.
CSCdx06768	Router crash after 2 hours stress test n 5400HPX, router crash after 2 hours of stress test with voice VXML applications. PTE->SS7 calls -> 5400HPX 648 voice channel call, call rate = 10cps.
CSCdx09410	Local RPM CLI commands for VPDN profiles stripped out at bootup Symptom: A CLI command in startup config is not recognized by Cisco AS5800 when it boots up. Workaround: Manually enter that in the config after bootup.
CSCdx10690	%SYS-2-BADSHARE: Tracebacks on Async Modem Calls Symptom: Tracebacks, NAKS and Log messages indicating ports are being set for recovery Conditions: High stress 644 calls 35pps cycling calls 9cps •More calls than Nextport resources available •Async modem calls Workaround: Have sufficient NP108s for traffic loads.
CSCdx11607	Enable pre-auth breaks digital calls AAA Pre-auth causes digital calls to break, because resource allocation fails. Workaround: There is no workaround.
CSCdx12498	include dispatcher subsystem for Cisco AS5350 Symptom: mgcp-dial modem calls will not work on the Cisco AS5350 platform since the dispatcher subsystem is not included. Other platforms will be OK. Workaround: There is no workaround.
CSCdx15938	Router not able to load a script over 100k
CSCdx16474	Traceback at dscc4_pak_to_txring
CSCdx19436	Overlap receiving does not work if no INFO digits after SETUP Symptom: Overlap calls fail in certain situations. Conditions: If no additional digits are received in ISDN INFO messages after the initial SETUP, the call is rejected even though an outgoing dial-peer exists to route the call using the called-number in the SETUP. Workaround: There is no workaround..
CSCdx20563	Missing CallTracker Disconnect Reasons from PPP PPP has improved VPDN disconnect reason support. This information needs to be reflected in CallTracker to make the tool more useful.
CSCdx22886	SGBP functionality broken SGBP forwarding does not work if VPDN is disabled. Workaround: A temporary workaround for this problem is to enable VPDN (issue the command 'vpdn enable') and then disable it immediately (issue 'no vpdn enable') on all the SGBP stack group members. This allocates the resources required to do SGBP, and at the same time does not require VPDN to be kept enabled.
CSCdx24167	AS5400 crashes when clearing d-channels of the caller Cisco AS5400 may reload unexpectedly when ISDN calls are disconnected abnormally from the client side. This may be service impacting. Workaround: There is no workaround.
CSCdx26331	SIP: Connect Timestamp missing in CallHistory when ACK is missing Symptom: The Call History information generated by the SIP call leg does not have a valid (non-zero) duration while the POTS Call History for the same call has a non-zero duration. Conditions: This will happen when the ACK fails to reach the TGW following an answer (200 OK response). Workaround: There is no workaround.
CSCdx32788	%SGBP-1-DIFFERENT: Master NAS leaves/enters SGBP grp periodically This defect is seen on the Master and Slave NAS running MMPPP. Master NAS leaves/enters the SGBP member group periodically. This defect is not seen with XM releases. Workaround: Delete and then reconfigure the SGBP group, or not specify a 'sgbp source-ip <address>'.
CSCdx34038	System crashed at pm_spe_create_capability_mask When the Cisco AS5400 has a bad NextPort module, system may crash during boot up. Workaround: There is no workaround.
CSCdx40546	No ANI Infomation for T37 offramp fax For T.37 offramp fax, the ANI information is currently available only from the message envelope of the email. But in the case that the mail has to be bounced (such as invalid fax machine number), the mail cannot be bounced back to the correct account. The call cannot be billed in this case.
CSCin03065	New L2TP Tunnel created with existing Tunnel to same LNS. When an attempt is made to create an additional session that has similar tunnel parameters that are defined by a RADIUS profile (for the same domain, the same user, or a different user), instead of creating a session under the existing tunnel, a new tunnel and a session are created. This condition is observed in Cisco IOS Release 12.2(7.4)T and occurs if the tunnel parameters are defined by RADIUS without either of the following definitions: •Cisco-Avpair vpdn:tunnel-id = "xyz" •Tunnel-Client-Auth-ID = "xyz" Workaround: Define one of the following definitions under a RADIUS profile when tunnel parameters are defined: •Cisco-Avpair vpdn:tunnel-id = "xyz" •Tunnel-Client-Auth-ID = "xyz"
CSCin06313	RM/AUTH: Process (22) failed to register to VPDN message while boot Cisco AS5850 pops out the following error message after boot up: 00:00:38: RM/AUTH: Process (22) failed to register to VPDN This message is seen with c5850-p9-mz-v122_2_xb_throttle_flo_t.0.4.0 image. Workaround: There is no workaround.
CSCuk32311	PPP: Only allow punt adjacencies to be installed until IPCP is open When Cisco Express Forwarding (CEF) is enabled, adjacencies are erroneously added for sessions that have been forwarded using a tunnelling protocol such as L2TP or PPPoE. Adjacencies should only be added for sessions that terminate on the router, and only after the IP Control Protocl (IPCP) has been negotiated. Workaround: There is no workaround.
CSCuk33327	RADIUS fail during EAP should trigger LCP restart After RADIUS failover, during EAP, the NAS would try to failover to a new RADIUS server. However, this is forbidden midway through authentication. As such, the NAS was required to restart the authentication process from scratch and allow the user another attempt to authenticate.

Open Caveats—Cisco IOS Release 12.2(2)XB4

All the caveats listed in this section are open in Cisco IOS Release 12.2(2)XB4. This section describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 19 Open Caveats for Cisco IOS Release 12.2(2)XB4
DDTS ID Number	Description
CSCds37794	Predictor compression on ppp interfaces is broken.
CSCdv38563	Network access server (NAS) may fail to include attributes 90 and 91 when a router hostname is used as the tunnel ID and when the tunnel ID is not included in the user profile. Workaround: There is no workaround.
CSCdv39727	Symptom: While running Debit Card Application, under heavy load for a long period of time the router crashed. Workaround: Enable Call Admistion Control to reject the call when the CPU is more than 92%
CSCdw04845	Whil testing with G.729, PAMS scores showed poor voice quaility with this codec. Workaround: Disable non-linear processor on the Voice-port. Example: `voice-port 3/0:D` `no non-linear` `compand-type a-law` `cptone GB`
CSCdw17116	The "show users" display for async interface users with dialer in-band configured SHOULD show, in the idle time column, the time since the last interesting packet (as determined by the dialer-list.) Instead, it shows time since the interface came up. The command "show caller line" has the same problem. Example: `Router#show user` `Line User Host(s) Idle Location` `tty 1/00 user185 Async interface 04:31:37 PPP: 10.3.1.2` `Router#show caller line tty 216` `Active Idle` `Line User Service Time Time` `tty 1/00 user185 Async 04:33:15 04:33:06` Workaround: Use the command show caller timeouts instead, and examine the output for the async interface: `JS54U7#show caller timeouts \| i 1\/00` `tty 1/00 user185 - - -` `As1/00 user185 00:02:00 00:01:59 Dialer idle`
CSCdw23733	When using a AAA preauthentication config preventing ppp authentication for a particular user, combined with virtual-profiles, IPCP fails to complete. Workaround: There is no workaround.
CSCdw24682	Only the first CAS call doesnot connect. Rest of the calls work perfectly fine. This bug doesnot effect the function of the system Workaround: Just ping the AAA server before starting the calls on cold start.
CSCdw27357	Symptom: Using a Hub connecting the members of SGBP group can cause interface resets on the FastEthernet of Cisco AS5400 leading to drop or reordering of packets. This can lead to droping of 2B Multi Chassis MLP bundles running compression. Workaround: To use a Switch connecting the SGBP members.
CSCdw52270	The problem seems to be with the number of dial-peer that are configured on the router. According to the developer when a specific call has to hunt through over 128 dial-peer the ip call leg does not get released and therefore the rtcp socket are not getting released.
CSCdw58869	A dialup modem call may fail during IP Control Protocol (IPCP) authorization because of a framed routing attribute in the user RADIUS profile. Workaround: Remove the framed routing attribute from the user profile or configure the async default routing interface configuration command under the group asynchronous configuration of the network access server (NAS).
CSCdw59332	When CEF is enabled, per-user access-lists might not work when they are applied for dialup users. Workaround: Disable CEF.
CSCdw82172	Using Cisco IOS Release 12.2(2)XB5 , when RADIUS 'non-standard' is configured and with pool numbers passed in Ascend-IP-Pool (218) attribute that do not match locally and get an reject from RADIUS, IPCP fails to fallback and allocate an address from the local default pool configured on the interface. This fallback works fine with Cisco IOS Release 12.2(7.4).
CSCin00405	No RADIUS accounting start or stop record is sent by the NAS when ppp multilink and aaa accounting delay-start are configured. Workaround: Remove one of these two commands.

Resolved Caveats—Cisco IOS Release 12.2(2)XB4

All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB4. This section describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 20 Resolved Caveats for Cisco IOS Release 12.2(2)XB4
DDTS ID Number	Description
CSCdr47232	Set operation is not implemented for a few dsx1 specific MIB objects like dsx1LineType, dsx1LineCoding etc.
CSCdr85436	Description: This command can be used in the global config mode, to enable sending RADIUS attribute 32 (NAS-Identifier) in the accounting request. By default fully qualified domain name (FQDN) is sent in the attribute when the format is not specified. Syntax: `[no] radius-server attribute 32 include-in-accounting-req {format <A string that may have %i, %h or %d.>}` `%i = IP address` `%h = Hostname` `%d = Domain name` FQDN is sent by default if the format string is not configured. Examples: `manly(config)#radius-server attribute 32 include-in-accounting-req format cisco %h.%d %i` Following string will be sent in NAS-identifier as a part of accounting record. `cisco manly.nlab.cisco.com 10.0.1.67`
CSCdr93141	The user-maxlinks feature (see http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/maxlink.htm) does not work when configured on a VPDN LNS/HGW.
CSCdt63321	An IP route entry may fail to be updated properly when one-step and two-step translations are performed using the Serial Line Internet Protocol (SLIP). Workaround: There is no workaround.
CSCdu19432	Attribute Acct-Session-Time [46] in Exec Acct. Stop Record is zero. Workaround: There is no workaround.
CSCdu35843	IP access lists are not installed when they are received from a RADIUS server. This condition is observed in Cisco IOS Release 12.2(1.2)PI.
CSCdu36862	A system accounting record needs to be sent when a RADIUS server is added or deleted. This will be committed in latest Cisco IOS Release 12.2 branch and will also be committed in latest 6400 branch.
CSCdu40402	On Cisco AS5400, Cisco AS5800, and Cisco AS5850 universal gateways running Cisco IOS Release 12.2 XB, executing the command show tdm mapping will not show resource s that are used for CAS calls. Workaround: There is no workaround.
CSCdu40615	Some clients may fail to successfully complete IP Control Protocol (IPCP) negotiations when thousands of PPP sessions are simultaneously reestablished, as is the case when an interface with many links is recycled. All Layer 2 Tunneling Protocol (L2TP) sessions are established, but some client virtual access interfaces may not get a negotiated IP address. The missing IP address results in lost IP connectivity on that link. Workaround: There is no workaround.
CSCdu43689	Currently, the Per-User Request buffer is limited to 600 bytes. If the user profile has more than 600 bytes of configuration information, the Per-User attributes are not processed, which results in rejecting the user. Workaround: There is no workaround.
CSCdu64847	CISCO-AAA-SESSION-MIB user disconnect feature doesn't work for vpdn connections on the LNS.
CSCdu67010	Some TACACS+ attribute string names and attribute string values have changed slightly, e.g. "nas_rx_speed" is now "nas-rx-speed". This may cause problems for backend accounting applications trying to process records or authorization failures.
CSCdu74728	No accounting records are generated for outbound Telnet sessions after connection accounting is configured. Workaround: There is no workaround.
CSCdu84692	When using Cisco IOS Release 12.2(2.x) and Cisco IOS Release 12.2(3.x)PI code, local VPDN authorization does not failover to the next method in the method list if the domain/dnis profile is not found. The workaround is to only use RADIUS/TACACS+ vpdn authorization.
CSCdu86243	The RADIUS attributes Ascend-Client-Primary-DNS and Ascend-Client-Secondary-DNS do not work in Cisco IOS Release 12.2(3.4)T or later. The Cisco-AVPair ip:dns-server also does not work. Workaround: There is no workaround.
CSCdv01412	Conditions under which the problem occurs: `FXS FastEthernet FXS(LoopBack)` `[Pots A]--------[1750_r1]--------\|-------[1750_r2]` `dial-peer voice 1 voip dial-peer voice 2 voip` `destination-pattern 300 destination-pattern 300` `session target ipv4:100.0.0.2 session target loopback:rtp` When A calls 300, no voice loopback occurs. Symptoms of the problem: silent. Workaround: There is no workaround.
CSCdv01555	Spurious access may been seen when TACACS+ is enabled in Cisco IOS Release 12.2(3.4)T or later. Workaround: There is no workaround.
CSCdv02732	A router that is running Cisco IOS Release 12.2(3.4) T or a later release may reload unexpectedly after the Terminal Access Controller Access Control System (TACACS+) command accounting is enabled and a config net privileged EXEC command is executed. Workaround: There is no workaround.
CSCdv03076	A Cisco router running Cisco IOS Release 12.2(3.4)T or later will not process Ascend RADIUS server attributes even if "non-standard" is part of the RADIUS-server host configuration statement if the RADIUS-server is referenced through a aaa server group. Workaround: Do not use a server-group and use group RADIUS instead.
CSCdv03689	If a Point to Point Protocol (PPP) Multilink bundle interface goes down while data is flowing through it, a Cisco router may reload. Workaround: There is no workaround.
CSCdv04999	The username, accounting record type, and service attributes in the command accounting record is do not have appropriate value. Workaround: There is no workaround.
CSCdv13634	AAA Accounting is not done for the additional links added to Multilink PPP bundle when "aaa accounting delay-start" is configured. Workaround: There is no workaround.
CSCdv19031	Currently with RADIUS debugging turned on customers see a lot of debugs describing attributes in the packets sent and received. In order to reduce the amount of spewed out on the console a new option of 'brief' needs to be added the 'debug radius' command. This option will only indicate I/O transactions with some packet header information. Customers not turning on debugging or, not doing RADIUS wont see this problem.
CSCdv19928	When the Idle-Timeout attribute is received from RADIUS on an asynchronous interface, a vaccess interface is created and the timeout is not applied directly to the asynchronous interface. The Idle-Timeout attribute still works. The only side effect is that there is an extra vaccess created that is bound to the asynchronous interface. Workaround: There is no workaround.
CSCdv20977	Incoming Multilink Point-to-Point Protocol (MLP) packets from an ATM interface are getting process switched when a virtual template is used for the MLP bundle configuration.
CSCdv26709	Certain values for Ascend-Disconnect-Cause and Ascend-Connect-Progress are recorded inaccurately in Stop messages. This is mainly observed in 122T train. This problem is observed with PPP sessions when using RADIUS Accounting. Workaround: There is no workaround.
CSCdv29468	If a PPP client does not authenticate after agreeing to do so during LCP negotiation, the PPP session will continue to stay open in this limbo state until the client disconnects the session.
CSCdv33270	Under certain conditions, resources may be associated with a virtual private dialup network (VPDN) group even when there are no active calls. Workaround: There is no workaround.
CSCdv33313	When network accounting is performed for PPP over ATM (PPPoA) sessions, RADIUS "start" or "stop" accounting records may occasionally fail to be sent. Workaround: There is no workaround. Under certain conditions on a LAC, if the session is a VPDN forwarded session and the connection to the LAC is a dedicated serial line, memory can be leaked because AAA misses the stop record, so it never cleans up the AAA data for the session. This will happen if the connection continuously tries to renegotiate then attempt forwarding, which never succeeds. Eventually, the client sends a TERMREQ which restarts the session, but AAA does not get a NET STOP event so memory is leaked.
CSCdv34768	A Cisco router running IOS may show the following traceback when using "local-case" authentication: `00:05:16: %AAA-3-BADMETHOD: Cannot process authentication method 2160756888` `-Process= "AAA Server", ipl= 0, pid= 26` `-Traceback= 8016F170 8016A6C8 8016AED0 8016B048 8019A94C` Workaround: There is no workaround.
CSCdv35240	When a Simple Network Management Protocol (SNMP) set shutdown command or no shutdown command is sent to the T1 or T3 controller on a Cisco AS5400 universal gateway, a blank description command is added to the configuration for the controller that received the set command. The configuration for the controller does not change if the controller already has a description defined. Workaround: There is no workaround.
CSCdv40729	In a plain bri-pri (Peer - NAS) scenario, when a call is disconnected with the command 'clear in serial0:23' on the NAS, the Ascend-Disconnect-Cause value generated is '0' (No-Reason). When the call is brought down by clearing the interface on the peer, it is given a value(63). If brought down by doing 'shutdown' on peer/NAS value 11 is generated. The problem occurs only with by doing clear interface on the NAS.
CSCdv40116	Reverse-access Authorization fails if the method used is RADIUS. RADIUS mandatory attribute "port" is not properly obtained causing this authorization failure. Workaround: There is no workaround.
CSCdv41871	Ping fails when non-mlppp call is up on B-channel previously used to terminate mlppp call.
CSCdv43136	We may see some unexpected debug information during call suspend. Those debug information doesn't cause any side effect beside displaying unexpected debug information.
CSCdv43856	aaa attr debug does not show the tag added. This is seen in Cisco IOS Release 12.2(4.2)PI. This is just a problem in debug and will not affect any other functionality.
CSCdv54349	When running Cisco IOS Release 12.2(5.2)T and later IOS images, you may be unable to do local AAA authentication. Workaround: There is no workaround. Either do AAA to a remote server or downgrade to an earlier release of code.
CSCdv54466	The non-standard RADIUS attributes 201 (Ascend-Require-Auth) and attr 231 (Ascend-Send-Auth) are not supported.
CSCdv62649	The command ip tacacs source-interface doesn't work properly. If configured to use loopback interface for tacacs packets, router may still use interface address.
CSCdv64668	The first PAP authentication after a PPP renegotiation triggered by a CONFREQ from the client will fail even though the RADIUS/TACACS+ server returns a success. Workaround: There is no workaround.
CSCdv67009	The following error message may be seen on a Cisco voice gateway running the Session Initiation Protocol (SIP): `Nov 24 20:24:12: %SIP-3-BADPAIR: Unexpected event 14 (SIPSPI_EV_CC_CALL_CONNECT) in state 8 (STATE_DISCONNECTING) substate 0 (SUBSTATE_NONE)` `-Traceback= 60DAD08C 60DAD7AC 6040ACD4 6040ACC0.` This indicates that the call was cancelled while it was in the process of being brought up. This message can be safely ignored.
CSCdv76649	When the customer tries to use ^C to abort the copy operation when he prompted for confirmation, he can't break out of the copy process.
CSCdv78693	Spurious memory access messages appear on gatekeepers when an URQ without a call signal address in it is sent to Gateway. Workaround: There is no workaround.
CSCdv79210	A Cisco router gradually looses memory when Media Gateway Control Protocol (MGCP) calls are originated on the router. Workaround: There is no workaround.
CSCdv83040	When using Ascend RADIUS attribute 242, IP protocols of 50 and 51 will not be accepted. This will cause users with these IPsec protocols set in their profile to be disconnected. Workaround: There is no workaround.
CSCdv83402	A PPPoE/PPPoA aggregation router may unexpectedly reload when many PPP events happen in a short amount of time. The router will display a STACKLOW message before reloading. Workaround: There is no workaround.
CSCdv87754	Symptom: A Cisco AS5850 Route Switch Controller incorrectly attempts to repeatedly netboot a Cisco IOS image if it cannot find the specified boot system image on its compact flash. The system interprets the full path of the configured boot image that failed as the image it should netboot. Messages similar to the following are observed: `Sleeping for 2 secs before next netboot attempt` `%SYS-6-READ_BOOTFILE_FAIL: disk0:c5850-p9-mz File boot failed -- File not` `accessible.` The correct behavior for a bootloader if it cannot find any specified boot images at reload time is to fall back and request the system to run the first image it can find off disk0: or bootflash: Conditions: Cisco AS5850 Route Switch Controllers with Cisco IOS Release 12.2(2)XB1 or Cisco IOS Release 12.2(2)XB2 bootloaders may experience this problem at reload time if the boot system image configuration points to a file on disk0: that does not exist. Workaround: Ensure that the boot system image configuration points to an existing and valid image on disk0:, provide additional correct boot image locations in the configuration, or use a bootloader of version Cisco IOS Release 12.1(5)XV3.
CSCdw00019	Although SGBP tunnels will still be up, SGBP bidding itself might stop working after a router has been up for sometime. This problem only occurs if two routers in the stack group receive two links of a bundle at the same time. Workaround: Removing, and reapplying the SGBP config was sufficient to get things working again.
CSCdw01726	A Simple Network Management Protocol version 3 (SNMPv3) user is created using message digest 5 (MD5) authentication using the following commands: •snmp group groupy v3 auth • snmp user abcdefghij groupy v3 auth md5 abcdefghij An SNMP walk is performed, the configuration is saved, and the router is reloaded. `newhope:~/src/wccp2# snmpwalk -v 3 -u abcdefghij -A abcdefghij -a MD5 -l` `AuthNoPriv 194.12.224.11` It is working and a debug snmp header shows this: `Incoming SNMP packet` `: v3 packet security model: v3 security level: auth` `username: abcdefghij` A second SNMP walk is performed: `newhope:~/src/wccp2# snmpwalk -v 3 -u abcdefghij -A abcdefghij -a MD5 -l` `AuthNoPriv 194.12.224.11` After the second SNMP walk is performed, the command does not return any output and the debug snmp headers show this: `Incoming SNMP packet` `: v3 packet security model: v3 security level: noauth` `: username: abcdefghij` Workaround: There is no workaround.
CSCdw02945	Symptom: Incoming calls may fail to create a virtual profile even though the router is configured for this. Conditions: This problem may occur in a dial up environment where a virtual profile virtual template is defined but where no AAA authorization has been enabled This issue only occurs in Cisco IOS Release 12.2 T. Workaround: A workaround is to configure AAA authorization e.g., aaa authorization network default local
CSCdw03257	Outgoing e&m-immediate-start voice call setup may fail because the terminating side may miss one or more digits on the called-number. Workaround: There is no workaround.
CSCdw06322	The following error message may be seen on a Cisco voice gateway running the Session Initiation Protocol (SIP): `Nov 24 20:24:12: %SIP-3-BADPAIR: Unexpected event 14 (SIPSPI_EV_CC_CALL_CONNECT) in state 8 (STATE_DISCONNECTING) substate 0 (SUBSTATE_NONE)` `-Traceback= 60DAD08C 60DAD7AC 6040ACD4 6040ACC0.` This indicates that the call was cancelled while it was in the process of being brought up. This message can be safely ignored.
CSCdw09542	Before this fix, per-user authorization required a service type of Outbound in the RADIUS profile.
CSCdw09805	When a virtual profile that is cloned from an authentication, authorization, and accounting (AAA) server is used with a Cisco AS5350 or Cisco AS5400 universal gateway for modem users, the successfully cloned virtual access interface may pass traffic only once. The virtual access interface will stop subsequent attempts to pass traffic. This condition affects link control protocol (LCP) echo requested (REQ) keepalives. Workaround: Do not use virtual profiles for modem calls. Remove the virtual-profile virtual-template numberglobal configuration command or configure the virtual-profile if-needed global configuration command (to limit the number of cases in which virtual access interfaces will be created) and remove per-user idle-timeout values and virtual profile attributes that are defined using RADIUS or TACACS.
CSCdw11765	PPP Link Control Protocol (LCP) is not accepting sent CONFACK negotiated on a asynchronous interface for a virtual profile. Workaround: There is no workaround.
CSCdw13432	When the called party is busy in a two-stage call scenario, the calling party may not hear a busy tone and the call terminates immediately. This behavior is observed with Cisco IOS Release 12.2(2)XB, Release 12.2(7), and some earlier Cisco IOS Release 12.2 releases. Workaround: There is no workaround.
CSCdw18785	When a 302 redirect is received after a 18x with a Contact header the outgoing INVITE will have the request uri of the Contact in the 18x. It should use the Contact of the 302. Workaround: Disable rel1xx on the router.
CSCdw20082	An inability to push different accounting records to different server groups prevents a customer from properly segregating vendor-specific callers from other callers. This capability is already supported for EXEC and network accounting and other accounting types but not for resource accounting using method lists. Workaround: There is no workaround.
CSCdw23836	When a 18x is received which was sent reliably, a PRACK needs to be sent. Subsequent 18x's received that match the previous one's call leg do not receive a PRACK. A workaround is to disable reliable provisional responses.
CSCdw25746	Symptom: Cisco Voice Gateways may experience a reload especially when running high levels of traffic. Conditions: This problem may be experienced in Cisco IOS Release 12.2(2)XB2 and Cisco IOS Release 12.2 mainline releases. Workaround: There is no workaround.
CSCdw28786	When the customer tries to use ^C to abort the copy operation when he prompted for confirmation, he can't break out of the copy process.
CSCdw30994	When downloading IP pools from a AAA server, there is no way to define a non-contiguous range of addresses using multiple statements like this: `"ip:pool-def#1=aol-pool 192.168.232.0 192.168.237.255",` `"ip:pool-def#2=aol-pool 192.168.238.1 192.168.238.160"` When those statements are applied, the second pool-def overwrites the first one. Defining the pools on the command line yields the expected result. This only happens in Cisco IOS Release 12.2(2)XB ED release train. Cisco IOS Release 12.1/Cisco IOS Release 12.2 does not exhibit this behavior.
CSCdw35046	A Cisco router may reload when proxied RADIUS is used for authentication and accounting. Workaround: There is no workaround.
CSCdw35930	The command aaa authentication attempts login <n> appears in the configuration if the command tacacs-server attempts <n> is present in the configuration. Changes to either command will be reflected in the other. Also, the number of attempts granted is actually one less than the number configured. The workaround is to configure one more attempt than the number you actually want.
CSCdw43862	For some devices that are not conforming to V.110 async to sync padding requirements, this cli command allow the users to disable the padding.
CSCdw46065	A Cisco router that is used as a gateway may reload if one of multiple record routes that are received on the gateway is invalid. Workaround: There is no workaround.
CSCdw53243	In a Cisco Signaling System 7 (SS7) Interconnect for Voice Gateways solution, if a Cisco AS5400 universal access gateway receives an incoming time-division multiplexing (TDM) call (NI-2, PRI, channel-associated signaling [CAS]) with a called number that does not match a configured dial-peer, the call will be connected to a modem, and a modem tone will be played back to the calling party. This is normal behavior, however there is no configurable option for such to be rejected instead of being treated as a modem call.
CSCdw53071	If a second call is made after the first call is completely disconnected (by hanging up the phone instead of using the flash feature to switch between two calls), the second call may fail. Workaround: There is no workaround.
CSCdw62969	A network access server (NAS) that is running Cisco IOS Release 12.2(02)XB3 or Release 12.2(8)T may reload when Layer 2 forwarding (L2F) virtual private dial-up network (VPDN) calls are placed using an authentication, authorization, and accounting (AAA) VPDN user profile that does not contain the RADIUS class (25) attribute. Workaround: Configure a dummy RADIUS class (25) attribute in the VPDN user profile on the AAA server.
CSCdw66251	SIP gateway midcall INVITE requests in the called to calling party direction will have the Route header constructed incorrectly. ACK requests in the called to calling party direction will have the request URI constructed incorrectly. This could cause some operations such as T.38 fax relay to fail. This problem can occur only if two or more SIP proxies are in the SIP signaling path and the Record Route feature is enabled. Workaround: There is no workaround.
CSCdw68658	The gateway will reject a mid-call Invite with hold sdp where the connection information (c line) is set to 0.0.0.0 and the port number of the media description (m line) is also set to 0. Instead of responding with a 200 OK response, the gateway will return a 488 Media Unacceptable response. The problem will not occur if the user agent placing the gateway on hold, sets the port number to a value other than 0. Workaround: There is no workaround.
CSCdw77524	When rtp payload-type cisco-codec-fax-ind is changed from 96 to 99 then we ingress an invite with sdp rtp payload type 96 nte the gateway responds with an rtp payload type 97. These 2 payload types are chosen for the proprietary implementation of Cisco fax-relay. Per RFC2833, the gateway should not be doing this. This affects all Cisco fax gateways which support Cisco fax-relay. Workaround: Use the rtp payload-type command on the Cisco gateway to change the assignment of the payload types, but this command is broken.
CSCuk25642	When using callin authentication on a LSDO call with RADIUS, PPP sends multiple authorization requests to AAA. This will slow down call setup but have no functional impact.
CSCuk25721	RADIUS CLID attribute was missing for large scale dialout accounting.
CSCuk25947	If PPP authentication is configured on an interface and if a user negotiates a callback during a Link Control Protocol (LCP) operation, the call will fail if the user does not have any callback information configured. Workaround: There is no workaround.
CSCuk26562	AAA id debugging was not clear and displayed far too much information.
CSCuk26642	RADIUS calls with a non-RFC supported value were accepted when they should be rejected.
CSCuk27924	send-auth would not be applied on the NAS, but rather the value of auth-type would be used instead.
CSCuk28445	We now store a generic 'wrapper' record which holds information in the tree, generic to all accounting records. This way, we are not impacted by the life-span of any one accounting record.

Open Caveats—Cisco IOS Release 12.2(2)XB3

There are no open caveats specific to Cisco IOS Release 12.2(2)XB3 that require documentation in the release notes.

Resolved Caveats—Cisco IOS Release 12.2(2)XB3

All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB3. This section describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 21 Resolved Caveats for Cisco IOS Release 12.2(2)XB3
DDTS ID Number	Description
CSCdw65903	An error can occur with management protocol processing. Please use the following URL for further information: http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903

Open Caveats—Cisco IOS Release 12.2(2)XB2

All the caveats listed in this section are open in Cisco IOS Release 12.2(2)XB2. This section describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 22 Open Caveats for Cisco IOS Release 12.2(2)XB2
DDTS ID Number	Description
CSCdv56605	ECM with packet loss fails on fax relay. CSCdv56605 consolidates CSCdu43160 and CSCdu44339. Low FSR on packet loss is comparable to what has been observed on the 5300 platform.
CSCdv61415	Description: On a Cisco AS5400 configured in a Cisco SS7 Interconnect for Voice Gateways solution, a show cot request x/y:z might caused the 5400 GW to crash if a voice call is active on the DS0. This problem is fairly repeatable. Cot type is 100% transponder or loop. Conditions: Cisco IOS Release 12.2(2)XA and Cisco IOS Release 12.2(2)XB images can exhibit this problem. Workaround: Do not use this command where a particular channel is specified.
CSCdv66079	Symptom: The following message will appear in the router console: `%CALL_CONTROL-6-CALL_LOOP: The incoming call has a global identifier already present in the list of currently handled calls` and the incoming h323 voip call gets rejected. Conditions: This problem can occur in a Cisco IOS Release 12.2 image when the incoming h323 calls include back-to-back calls from the same originating gateway, bearing the same global identifier (GUID). Further Problem Description: This appears to be a problem on the originating side. When the calls are originated by a VXML application, there is no way for the application writer to specify that a new GUID should be used for each subsequent call. This problem will be fixed by providing a new attribute "cisco-nagged" for the "transfer" tag.
CSCdw00521	Symptom: When creating MGCP hairpinned connections (i.e., using "nt:LOCAL" in the local connection options for a CRCX or MDCX), a DLCX * sent to that gateway will cause a reload if and only if the hairpinned connections are not yet in the active state. If all connections are active then DLCX * does not reload the router. In this context, an "active" connection is one in which voice is being passed through the hairpinned connection. Workaround: Either do not use "nt:LOCAL", do not use "DLCX ", or only send "DLCX " when there are no hairpinned connections or when all hairpinned connections are already individually deleted.
CSCdw09805	When using virtual-profile to be cloned from the AAA server on Cisco AS5350 for dialer users, the successfully cloned Virtual-access interface pass traffic once, but afterwards it doesn't pass any traffic at all including the LCP ECHO REQ "keepalives".

Resolved Caveats—Cisco IOS Release 12.2(2)XB2

All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB. This section only describes severity 1 and 2 caveats:

•CSCdw17239

Symptom: The decoded information in the NAS-port attribute for an incoming call does not match the trunk/timeslot on which the call is connected.

Conditions: This problem occurs when using NAS-port formats A - C and E for calls using CAS & R2 signaling.

Workaround: There is no workaround for these conditions.

CAS calls using NAS Port formats A through C can result in having incorrect or incomplete information provided. This is a result of the fact that no real interface exists (other than the Async) for a CAS call. This results in the AAA code either rejecting the interface information (format C) or not displaying the interface type (formats A and B), resulting in a backward compatibility problem.

Open and Resolved Caveats—Cisco IOS Release 12.2(2)XB1

Cisco IOS Release 12.2(2)XB1 does not support the Cisco AS5400 universal gateways.

Open Caveats—Cisco IOS Release 12.2(2)XB

This section documents possible unexpected behavior by Cisco IOS Release 12.2(2)XB15 and describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 23 Open Caveats for Cisco IOS Release 12.2(2)XB
DDTS ID Number	Description
CSCdv46685	Second Stage Dialing Broken on MGCP Gateways Symptom: Back-to-back MGCP second stage dialing calls may fail. The second (and all subsequent) requests for digit detection may not receive NTFY messages containing the detected digits so the Call Agent will not know that the gateway received the digits. In MGCP, if the following happens: 1. An RQNT is sent from the Call Agent requesting digits and then a NTFY is sent by the gateway indicating that the requested digit map has been satisfied 2. A "DLCX" is sent with NO "X:" parameter and no other messages between a) and b) are sent which include an empty "R:" parameter 3. A second RQNT is sent from the Call Agent requesting digits then the digits detected for the second RQNT will NOT be sent in a NTFY. No digits will be detected on that endpoint until either a DLCX WITH an "X:" parameter is sent OR any message with an empty "R:" parameter is sent. Conditions: This problem has been reproduced on 5400 universal gateways but will be present for any MGCP gateway. Workaround: There are two possible workarounds. Both involve modifications to the messages sent from a Call Agent: 1. If the Call Agent sends any MGCP message with an empty "R:" parameter to that endpoint between the initial RQNT and the later RQNT (either before or after the DLCX) then the second RQNT will get NTFY'ed as expected. 2. If the Call Agent includes an "X:" parameter in the DLCX then the second RQNT will get NTFY'ed as expected.
CSCdv58141	When doing DTMF Relay tone testing, Nextport presents a power level difference between the two frequencies of each digit (1234567890ABCD*#). This problem happens with Inband Signaling DTMF Relay method RTP-NTE generating and detecting digits.

Resolved Caveats—Cisco IOS Release 12.2(2)XB

All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)XB. This section only describes severity 1 and 2 caveats:

•CSCdv59848

Workaround: Do not use loopback interface.

Symptom: Memory leakage on CAS signaling, PRI does not have this symptom

Conditions: With Pre-Authentication in configuration causes memory leak in:

–RM PROCESS PID 17

–Preauthen Event PID 59

Workaround: Do not turn on PreAuthentication for CAS signaling.

Table 24 Cisco IOS Release 12.2 Documentation Set
Books	Major Topics
•Cisco IOS Configuration Fundamentals Configuration Guide •Cisco IOS Configuration Fundamentals Command Reference	Cisco IOS User Interfaces File Management System Management
•Cisco IOS Bridging and IBM Networking Configuration Guide •Cisco IOS Bridging and IBM Networking Command Reference, Volume 1 of 2 •Cisco IOS Bridging and IBM Networking Command Reference, Volume 2 of 2	Transparent Bridging SRB Token Ring Inter-Switch Link Token Ring Route Switch Module RSRB DLSW+ Serial Tunnel and Block Serial Tunnel LLC2 and SDLC IBM Network Media Translation SNA Frame Relay Access NCIA Client/Server Airline Product Set DSPU and SNA Service Point SNA Switching Services Cisco Transaction Connection Cisco Mainframe Channel Connection CLAW and TCP/IP Offload CSNA, CMPC, and CMPC+ TN3270 Server
•Cisco IOS Dial Technologies Configuration Guide: Dial Access •Cisco IOS Dial Technologies Configuration Guide: Large-Scale Dial Applications •Cisco IOS Dial Technologies Command Reference, Volume 1 of 2 •Cisco IOS Dial Technologies Command Reference, Volume 2 of 2	Dial Access Modem and Dial Shelf Configuration and Management ISDN Configuration Signaling Configuration Point-to-Point Protocols Dial-on-Demand Routing Dial Backup Dial Related Addressing Service Network Access Solutions Large-Scale Dial Solutions Cost-Control Solutions Internetworking Dial Access Scenarios
•Cisco IOS Interface Configuration Guide •Cisco IOS Interface Command Reference	LAN Interfaces Serial Interfaces Logical Interfaces
•Cisco IOS IP Configuration Guide •Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services •Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols •Cisco IOS IP Command Reference, Volume 3 of 3: Multicast	IP Addressing IP Services IP Routing Protocols IP Multicast
•Cisco IOS AppleTalk and Novell IPX Configuration Guide •Cisco IOS AppleTalk and Novell IPX Command Reference	AppleTalk Novell IPX
•Cisco IOS Apollo Domain, Banyan VINES, DECnet, ISO CLNS, and XNS Configuration Guide •Cisco IOS Apollo Domain, Banyan VINES, DECnet, ISO CLNS, and XNS Command Reference	Apollo Domain Banyan VINES DECnet ISO CLNS XNS
•Cisco IOS Voice, Video, and Fax Configuration Guide •Cisco IOS Voice, Video, and Fax Command Reference	Voice over IP Call Control Signaling Voice over Frame Relay Voice over ATM Telephony Applications Trunk Management Fax, Video, and Modem Support
•Cisco IOS Quality of Service Solutions Configuration Guide •Cisco IOS Quality of Service Solutions Command Reference	Packet Classification Congestion Management Congestion Avoidance Policing and Shaping Signaling Link Efficiency Mechanisms
•Cisco IOS Security Configuration Guide •Cisco IOS Security Command Reference	AAA Security Services Security Server Protocols Traffic Filtering and Firewalls IP Security and Encryption Passwords and Privileges Neighbor Router Authentication IP Security Options Supported AV Pairs
•Cisco IOS Switching Services Configuration Guide •Cisco IOS Switching Services Command Reference	Cisco IOS Switching Paths NetFlow Switching Multiprotocol Label Switching Multilayer Switching Multicast Distributed Switching Virtual LANs LAN Emulation
•Cisco IOS Wide-Area Networking Configuration Guide •Cisco IOS Wide-Area Networking Command Reference	ATM Frame Relay SMDS X.25 and LAPB
•Cisco IOS Mobile Wireless Configuration Guide •Cisco IOS Mobile Wireless Command Reference	General Packet Radio Service
•Cisco IOS Terminal Services Configuration Guide •Cisco IOS Terminal Services Command Reference	ARA LAT NASI Telnet TN3270 XRemote X.28 PAD Protocol Translation
•Cisco IOS Configuration Guide Master Index •Cisco IOS Command Reference Master Index •Cisco IOS Debug Command Reference •Cisco IOS Software System Error Messages •New Features in 12.2-Based Limited Lifetime Releases •New Features in Release 12.2 T •Release Notes (Release note and caveat documentation for 12.2-based releases and various platforms)

Obtaining Documentation

These sections explain how to obtain documentation from Cisco Systems.

World Wide Web

You can access the most current Cisco documentation on the World Wide Web at this URL:

http://www.cisco.com

Translated documentation is available at this URL:

http://www.cisco.com/public/countries_languages.shtml

Documentation CD-ROM

Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which is shipped with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual subscription.

Ordering Documentation

You can order Cisco documentation in these ways:

•Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Networking Products MarketPlace:

http://www.cisco.com/cgi-bin/order/order_root.pl

•Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store:

http://www.cisco.com/go/subscription

•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, U.S.A.) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).

Documentation Feedback

You can submit comments electronically on Cisco.com. In the Cisco Documentation home page, click the Fax or Email option in the "Leave Feedback" section at the bottom of the page.

You can e-mail your comments to bug-doc@cisco.com.

You can submit your comments by mail by using the response card behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain online documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site.

Cisco.com

Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.

Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you with these tasks:

•Streamline business processes and improve productivity

•Resolve technical issues with online support

•Download and test software packages

•Order Cisco learning materials and merchandise

•Register for online skill assessment, training, and certification programs

If you want to obtain customized information and service, you can self-register on Cisco.com. To access Cisco.com, go to this URL:

http://www.cisco.com

Technical Assistance Center

The Cisco Technical Assistance Center (TAC) is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two levels of support are available: the Cisco TAC Web Site and the Cisco TAC Escalation Center.

Cisco TAC inquiries are categorized according to the urgency of the issue:

•Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration.

•Priority level 3 (P3)—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.

•Priority level 2 (P2)—Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available.

•Priority level 1 (P1)—Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available.

The Cisco TAC resource that you choose is based on the priority of the problem and the conditions of service contracts, when applicable.

Cisco TAC Web Site

You can use the Cisco TAC Web Site to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to this URL:

http://www.cisco.com/tac

All customers, partners, and resellers who have a valid Cisco service contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to this URL to register:

http://www.cisco.com/register/

If you are a Cisco.com registered user, and you cannot resolve your technical issues by using the Cisco TAC Web Site, you can open a case online by using the TAC Case Open tool at this URL:

http://www.cisco.com/tac/caseopen

If you have Internet access, we recommend that you open P3 and P4 cases through the Cisco TAC Web Site.

Cisco TAC Escalation Center

The Cisco TAC Escalation Center addresses priority level 1 or priority level 2 issues. These classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer automatically opens a case.

To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to this URL:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled: for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). When you call the center, please have available your service agreement number and your product serial number.

Table Of Contents

Release Notes for Cisco AS5400 Universal Gateways for Cisco IOS Release 12.2(2)XB15

Contents

Introduction

System Requirements

Memory Recommendations

Supported Hardware

Determining the Software Version

Feature Set Tables

New and Changed Information

New Hardware and Software Features in Cisco IOS Release 12.2(2)XB6 to Cisco IOS Release 12.2(2)XB15

New Hardware Features in Cisco IOS Release 12.2(2)XB5

New Software Features in Cisco IOS Release 12.2(2)XB5

EAP RADIUS Support

MS CHAP Version 2

New Hardware and Software Features for Cisco IOS Release 12.2(2)XB3 to Cisco IOS Release 12.2(2)XB4

New Hardware Features in Cisco IOS Release 12.2(2)XB2

New Software Features in Cisco IOS Release 12.2(2)XB2

Fax Relay Packet Loss Concealment

T.37 Fax and Store Forward Enhancement to the T.37/T.38 Fax Gateway Feature

New Hardware and Software Features in Cisco IOS Release 12.2(2)XB1

New Hardware Features in Cisco IOS Release 12.2(2)XB

Cisco AS5400HPX

New Software Features in Cisco IOS Release 12.2(2)XB

Call Transfer Capabilities Using Refer

Configurable PSTN Cause Code to SIP Response Mapping

DTMF Relay Using NTE

Reliable DTMF Relay

SIP Phone Support

Full Functionality Long Pound

ISDN and V.120 Support For NextPort DSPs

MGCP 1.0 with NCS 1.0 and TGCP 1.0 Profiles

MGCP-Based Fax (T.38) and DTMF Relay

MGCP VoIP Call Admission Control

NAS Package for MGCP

Particle Drivers

ECC Error Correction and Dual Watchdog Timers

PRI/Q.931 Signaling Backhaul for Call Agent Applications

RADIUS Packet of Disconnect

RFC2782 Compliance for DNS SRV

SIP Gateway Support for Bind Command

SIP Gateway Support of RSVP and "tel" URL

RSVP

Telephone URL Format in SIP Messages

Interaction with Forking Proxies

SIP Hairpinning

Reliability of SIP Provisional Responses

Configurable Screening Indicator

RFC2782 Compliance (Style of DNS SRV Queries)

SIP INVITE Request with Malformed Via Header

SIP T.38 Fax Relay

V.44 LZJH Compression

V.92 Modem on Hold

V.92 Quick Connect

MIBs

Current MIBs

Deprecated and Replacement MIBs

Limitations and Restrictions

Important Notes

Building Integrated Timing Supply (BITS) Interface Port Clock Reference

H.323 and SIP Coexistence

H.323 Features

SIP Features

Other Features

FastEthernet Interface Configuration Issues

Field Notices and Bulletins

Caveats for Cisco IOS Release 12.2 XB

Open Caveats—Cisco IOS Release 12.2(2)XB15

Resolved Caveats—Cisco IOS Release 12.2(2)XB15

Open Caveats—Cisco IOS Release 12.2(2)XB14

Resolved Caveats—Cisco IOS Release 12.2(2)XB14

No Caveats—Cisco IOS Release 12.2(2)XB13

Open Caveats—Cisco IOS Release 12.2(2)XB12

Resolved Caveats—Cisco IOS Release 12.2(2)XB12

Open Caveats—Cisco IOS Release 12.2(2)XB11

Resolved Caveats—Cisco IOS Release 12.2(2)XB11

Open Caveats—Cisco IOS Release 12.2(2)XB10

Resolved Caveats—Cisco IOS Release 12.2(2)XB10

Open Caveats—Cisco IOS Release 12.2(2)XB9

Resolved Caveats—Cisco IOS Release 12.2(2)XB9