cc/td/doc/product/software/ios123/123relnt
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table Of Contents

Release Notes for the Cisco 800 Series Routers for Cisco IOS Release 12.3(2)XC3

Contents

System Requirements

Memory Requirements

Hardware Supported

Determining the Software Version

Upgrading to a New Software Release

Feature Set Tables

New and Changed Information

New Software Features in Release 12.3(2)XC3

New Software Features in Release 12.3(2)XC2

New Software Features in Release 12.3(2)XC1

New Software Features in Release 12.3(2)XC

New Software Features in Release 12.3(2)T

Caveats

Resolved Caveats - Release 12.3(2)XC3

Resolved Caveats - Release 12.3(2)XC2

Resolved Caveats - Release 12.3(2)XC1

Resolved Caveats - Release 12.3(2)XC

Open Caveats - Release 12.3(2)XC

Related Documentation

Release-Specific Documents

Platform-Specific Documents

Obtaining Documentation

Cisco.com

Documentation DVD

Ordering Documentation

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Obtaining Technical Assistance

Cisco Technical Support Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information


Release Notes for the Cisco 800 Series Routers for Cisco IOS Release 12.3(2)XC3


February 7, 2005

These release notes describe new features and significant software components for the Cisco 827-4V, 828, 831, 836, 837, SOHO 91, SOHO 96, and SOHO 97 routers that support Cisco IOS Release 12.3 T, up to and including Release 12.3(2)XC3. These release notes are updated as needed to describe new memory requirements, new features, new hardware support, software platform deferrals, microcode or modem code changes, related document changes, and any other important changes. Use these release notes with the Cross-Platform Release Notes for Cisco IOS Release 12.3(2)T located on Cisco.com.

For a list of the software caveats that apply to Release 12.3(2)XC3, see the "Caveats" section, and refer to the online Caveats for Cisco IOS Release 12.3(2)T document. The caveats document is updated for every 12.3 T maintenance release and is located on Cisco.com.

Contents

These release notes provide information about the following topics:

System Requirements

New and Changed Information

Caveats

Related Documentation

Obtaining Documentation

Documentation Feedback

Cisco Product Security Overview

Obtaining Technical Assistance

Obtaining Additional Publications and Information

System Requirements

This section describes the system requirements for Release 12.3(2)XC3 and includes the following sections:

Memory Requirements

Hardware Supported

Determining the Software Version

Upgrading to a New Software Release

Feature Set Tables

Memory Requirements

This section describes the memory requirements for the Cisco IOS feature sets that are supported by Cisco IOS Release 12.3(2)XC3 on the Cisco 827-4V, 828, 831, 836, 837, SOHO 91, SOHO 96, and SOHO 97 routers.

Table 1 Recommended Memory for the Cisco 828, 831, 836, and 837 Routers  

Platform
Image Name
Feature Set
Image
Flash Memory
DRAM
Mini-
mum
Recom- mended1
Mini-
mum
Recom- mended

Cisco 827-4V

Cisco 827-4V Series IOS IP/Voice

IP/Voice

c820-v6y6-mz

12 MB

12 MB

32 MB

48 MB

Cisco 827-4V Series IOS IP/Voice Plus

IP/Voice Plus

c820-sv6y6-mz

12 MB

12 MB

48 MB

48 MB

Cisco 827-4V Series IOS IP/FW/Voice

IP/FW/Voice

c820-ov6y6-mz

12 MB

12 MB

48 MB

48 MB

Cisco 827-4V Series IOS IP/FW/Voice Plus 3DES

IP/FW/Voice Plus 3DES

c820-k9osv6y6-mz

12 MB

12 MB

48 MB

48 MB

Cisco 828

Cisco 828 Series IOS IP

IP

c828-y6-mz

8 MB

8 MB

20 MB

32 MB

Cisco 828 Series IOS IP/FW

IP/FW

c828-oy6-mz

8 MB

8 MB

20 MB

32 MB

Cisco 828 Series IOS IP Plus

IP Plus

c828-sy6-mz

8 MB

8 MB

24 MB

32 MB

Cisco 828 Series IOS IP/FW Plus 3DES

IP/FW Plus 3DES

c828-k9osy6-mz

8 MB

8 MB

32 MB

32 MB

Cisco 831

Cisco 831 Series IOS IP/FW IPSec 3DES

IP/FW2/IPSec 3DES

c831-k9o3y6-mz

8 MB

12 MB

32 MB

48 MB

Cisco 831 Series IOS IP/FW Plus IPSec 3DES

IP Plus/FW2/IPSec 3DES

c831-k9o3sy6-mz

8 MB

12 MB

48 MB

48 MB

Cisco 836

Cisco 836 Series IOS IP/FW IPSec 3DES

IP/FW2/IPSec 3DES

c836-k9o3y6-mz

8 MB

12 MB

32 MB

48 MB

Cisco 836 Series IOS IP/FW Plus IPSec 3DES

IP Plus/FW2/IPSec 3DES

c836-k9o3sy6-mz

8 MB

12 MB

48 MB

48 MB

Cisco 836 Series IOS IP/FW/Dial Backup Plus IPSec 3DES

IP Plus/FW2/Dial Backup IPSec 3DES

c836-k9o3s8y6-mz

8 MB

12 MB

48 MB

48 MB

Cisco 837

Cisco 837 Series IOS IP/FW IPSec 3DES

IP/FW2/IPSec 3DES

c837-k9o3y6-mz

8 MB

12 MB

32 MB

48 MB

Cisco 837 Series IOS IP/FW Plus IPSec 3DES

IP Plus/FW2/IPSec 3DES

c837-k9o3sy6-mz

8 MB

12 MB

48 MB

48 MB

1 Recommended memory is the memory required considering future expansions.


Hardware Supported

Cisco IOS Release 12.3(2)XC3 supports the following routers:

Cisco 827-4V router

Cisco 828 router

Cisco 831 router

Cisco 836 router

Cisco 837 router

Cisco SOHO 91 router

Cisco SOHO 96 router

Cisco SOHO 97 router

For detailed descriptions of new hardware features and which features are supported on each router, see the "New and Changed Information" section. For descriptions of existing hardware features and supported modules, see the hardware installation guides, configuration and command reference guides, and additional documents specific to the Cisco 827-4V, 828, 831, 836, 837, SOHO 91, SOHO 96, and SOHO 97 routers, which are available on Cisco.com at the following location:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/800/index.htm 

This URL is subject to change without notice. If it changes, point your web browser to Cisco.com, and click the following path:

Cisco Product Documentation: Access Servers and Access Routers: Fixed AccessCisco 800 Series Routers: <platform_name>

Determining the Software Version

To determine which version of the Cisco IOS software is currently running on your Cisco 827-4V, 828, 831, 836, 837, SOHO 91, SOHO 96, or SOHO 97 router, log in to the router, and enter the show version EXEC command. The following sample output from the show version command indicates the version number on the second output line.

router> show version
Cisco Internetwork Operating System Software
IOS (tm) C836 Software (C836-K9O3SY6-M), Version 12.3(2)XC, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Synched to technology version 12.3(1.6)T

Upgrading to a New Software Release

For general information about upgrading to a new software release, see the Software Installation and Upgrade Procedures, which are located at http://www.cisco.com/warp/public/130/upgrade_index.shtml.

Feature Set Tables

Cisco IOS software is packaged in feature sets consisting of software images, depending on the platform. Each feature set contains a specific set of Cisco IOS features.Cisco IOS Release 12.3(2)XC3 supports the same feature sets as Cisco IOS Releases 12.3 and 12.3(2)T, but Cisco IOS Release 12.3(2)XC includes new features that are supported by the Cisco 827-4V, 828, 831, 836, 837, SOHO 91, SOHO 96, and SOHO 97 routers.


Caution Cisco IOS images with strong encryption (including, but not limited to 168-bit [3DES] data encryption feature sets) are subject to United States government export controls and have limited distribution. Strong encryption images to be installed outside the United States will likely require an export license. Customer orders can be denied or subject to delay due to United States government regulations. When applicable, the purchaser/user must obtain local import and use authorizations for all encryption strengths. Please contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com.

Table 2 through Table 9 list the features and feature sets that are supported in Cisco IOS Release 12.3(2)XC.

The table uses the following conventions:

Yes—The feature is supported in the software image.

No—The feature is not supported in the software image.

In—The number in the "In" column indicates the Cisco IOS release in which the feature was introduced. For example, "12.3(2)XC" indicates that the feature was introduced in Cisco IOS Release 12.3(2)XC. If a cell in this column is empty, the feature was included in a previous release or in the initial base release.


Note These feature set tables contain only a selected list of features, which are cumulative for Release 12.3(2)nn early deployment releases only (nn identifies each early deployment release). The tables do not list all features in each image—additional features are listed in the Cross-Platform Release Notes for Cisco IOS Release 12.3(2)T and Release 12.3 T Cisco IOS documentation.


Table 2 Feature Set Table for the Cisco 827-4V Router 

Feature
In
Feature Set
IP/Voice
IP/FW/Voice
IP/Voice Plus
IP/FW/Voice Plus 3DES

Managed LAN Switch

12.3(2)XC

No

No

No

No

IP CEF and Policy-Based Routing for VoIP RTP Payload on 827-4V

12.3(2)XC

Yes

Yes

Yes

Yes

TACACS+

 

Yes

Yes

Yes

Yes

CISCO-CONFIG-MAN-MIB

12.3(2)XC

No

No

No

No

BGP and BGP MIB

12.3(2)XC

No

No

No

No

Dial Backup over Console Port

12.3(2)XC

No

No

No

No

X.25 over ISDN Support

12.3(2)XC

No

No

No

No

OSPF and OSPF MIB

12.3(2)XC

No

No

No

No

Class-Based Traffic Policing with CLP Tagging

12.3(2)XC

No

No

Yes

Yes

URPF

12.3(2)XC

No

No

No

No

Client-Initiated L2TP support

12.3(2)XC

No

No

No

No

DNS Proxy

 

Yes

Yes

Yes

Yes


Table 3 Feature Set Table for the Cisco 828 Router 

Feature
In
Feature Set
 
IP
IP FW
IP Plus
IP/FW Plus 3DES

Managed LAN Switch

12.3(2)XC

No

No

No

No

IP CEF and Policy-Based Routing for VoIP RTP Payload on 827-4V

12.3(2)XC

No

No

No

No

TACACS+

 

Yes

Yes

Yes

Yes

CISCO-CONFIG-MAN-MIB

12.3(2)XC

No

No

No

No

BGP and BGP MIB

12.3(2)XC

No

No

No

No

Dial Backup over Console Port

12.3(2)XC

No

No

No

No

X.25 over ISDN Support

12.3(2)XC

No

No

No

No

OSPF and OSPF MIB

12.3(2)XC

No

No

No

No

Class-Based Traffic Policing with CLP Tagging

12.3(2)XC

No

No

Yes

Yes

URPF

12.3(2)XC

Yes

Yes

Yes

Yes

Client-Initiated L2TP support

12.3(2)XC

No

No

No

No

DNS Proxy

 

Yes

Yes

Yes

Yes


Table 4 Feature Set Table for the Cisco 831 Router 

Feature
In
Feature Set
IP/FW 3DES
IP/FW Plus 3DES

Managed LAN Switch

12.3(2)XC

Yes

Yes

IP CEF and Policy-Based Routing for VoIP RTP Payload on 827-4V

12.3(2)XC

No

No

TACACS+

 

Yes

Yes

CISCO-CONFIG-MAN-MIB

12.3(2)XC

Yes

Yes

BGP and BGP MIB

12.3(2)XC

No

Yes

Dial Backup over Console Port

 

Yes

Yes

X.25 over ISDN Support

12.3(2)XC

No

No

OSPF and OSPF MIB

12.3(2)XC

No

Yes

Class-Based Traffic Policing with CLP Tagging

12.3(2)XC

No

No

URPF

12.3(2)XC

Yes

Yes

Client-Initiated L2TP support

12.3(2)XC

Yes

Yes

DNS Proxy

12.3(2)XC

Yes

Yes


Table 5 Feature Set Table for the Cisco 836 Router 

Feature
In
Feature Set
IP/FW 3DES
IP/FW Plus 3DES
IP Plus/FW/
ISDN Dial Backup IPSec 3DES

Managed LAN Switch

12.3(2)XC

Yes

Yes

Yes

IP CEF and Policy-Based Routing for VoIP RTP Payload on 827-4V

12.3(2)XC

No

No

No

TACACS+

12.3(2)XC

Yes

Yes

Yes

CISCO-CONFIG-MAN-MIB

12.3(2)XC

Yes

Yes

Yes

BGP and BGP MIB

12.3(2)XC

No

Yes

Yes

Dial Backup over Console Port

 

Yes

Yes

Yes

X.25 over ISDN Support

12.3(2)XC

No

Yes

Yes

OSPF and OSPF MIB

12.3(2)XC

No

Yes

Yes

Class-Based Traffic Policing with CLP Tagging

12.3(2)XC

No

Yes

Yes

URPF

12.3(2)XC

Yes

Yes

Yes

Client-Initiated L2TP support

12.3(2)XC

Yes

Yes

Yes

DNS Proxy

12.3(2)XC

Yes

Yes

Yes


Table 6 Feature Set Table for the Cisco 837 Router 

Feature
In
Feature Set
IP/FW 3DES
IP/FW Plus 3DES

Managed LAN Switch

12.3(2)XC

Yes

Yes

IP CEF and Policy-Based Routing for VoIP RTP Payload on 827-4V

12.3(2)XC

No

No

TACACS+

12.3(2)XC

Yes

Yes

CISCO-CONFIG-MAN-MIB

12.3(2)XC

Yes

Yes

BGP and BGP MIB

12.3(2)XC

No

Yes

Dial Backup over Console Port

 

Yes

Yes

X.25 over ISDN Support

12.3(2)XC

No

No

OSPF and OSPF MIB

12.3(2)XC

No

Yes

Class-Based Traffic Policing with CLP Tagging

12.3(2)XC

No

Yes

URPF

12.3(2)XC

Yes

Yes

Client-Initiated L2TP support

12.3(2)XC

Yes

Yes

DNS Proxy

12.3(2)XC

Yes

Yes


Table 7 Feature Set Table for the Cisco SOHO 91 Router 

Feature
In

Feature Set

IP/FW 3DES

Managed LAN Switch

12.3(2)XC

No

IP CEF and Policy-Based Routing for VoIP RTP Payload on 827-4V

12.3(2)XC

No

TACACS+

 

Yes

CISCO-CONFIG-MAN-MIB

12.3(2)XC

Yes

BGP and BGP MIB

12.3(2)XC

No

Dial Backup over Console Port

12.3(2)XC

No

X.25 over ISDN Support

12.3(2)XC

No

OSPF and OSPF MIB

12.3(2)XC

No

Class-Based Traffic Policing with CLP Tagging

12.3(2)XC

No

URPF

12.3(2)XC

Yes

Client-Initiated L2TP support

12.3(2)XC

No

DNS Proxy

12.3(2)XC

Yes


Table 8 Feature Set Table for the Cisco SOHO 96 Router 

Feature
In

Feature Set

IP/FW 3DES

Managed LAN Switch

12.3(2)XC

No

IP CEF and Policy-Based Routing for VoIP RTP Payload on 827-4V

12.3(2)XC

No

TACACS+

12.3(2)XC

Yes

CISCO-CONFIG-MAN-MIB

12.3(2)XC

Yes

BGP and BGP MIB

12.3(2)XC

No

Dial Backup over Console Port

12.3(2)XC

No

X.25 over ISDN Support

12.3(2)XC

No

OSPF and OSPF MIB

12.3(2)XC

No

Class-Based Traffic Policing with CLP Tagging

12.3(2)XC

No

URPF

12.3(2)XC

Yes

Client-Initiated L2TP support

12.3(2)XC

No

DNS Proxy

12.3(2)XC

Yes


Table 9 Feature Set Table for the Cisco SOHO 97 Router 

Feature
In

Feature Set

IP/FW 3DES

Managed LAN Switch

12.3(2)XC

No

IP CEF and Policy-Based Routing for VoIP RTP Payload on 827-4V

12.3(2)XC

No

TACACS+

12.3(2)XC

Yes

CISCO-CONFIG-MAN-MIB

12.3(2)XC

Yes

BGP and BGP MIB

12.3(2)XC

No

Dial Backup over Console Port

12.3(2)XC

No

X.25 over ISDN Support

12.3(2)XC

No

OSPF and OSPF MIB

12.3(2)XC

No

Class-Based Traffic Policing with CLP Tagging

12.3(2)XC

No

URPF

12.3(2)XC

Yes

Client-Initiated L2TP support

12.3(2)XC

No

DNS Proxy

12.3(2)XC

Yes


New and Changed Information

The following sections list the new software features supported by the Cisco 827-4V, 828, 831, 836, 837, SOHO 91, SOHO 96, and SOHO 97 routers for Release 12.3(2)XC.

New Software Features in Release 12.3(2)XC3

The Cisco IOS Release 12.3(2)XC3 supports the same software features that are supported in the Cisco IOS Release 12.3(2)XC.

New Software Features in Release 12.3(2)XC2

The Cisco IOS Release 12.3(2)XC2 supports the same software features that are supported in the Cisco IOS Release 12.3(2)XC.

New Software Features in Release 12.3(2)XC1

The Cisco IOS Release 12.3(2)XC1 supports the same software features that are supported in the Cisco IOS Release 12.3(2)XC.

New Software Features in Release 12.3(2)XC

The following sections describe the new software features supported by the Cisco 827-4V, 828, 831, 836, 837, SOHO 91, SOHO 96, and SOHO 97 routers for Release 12.3(2)XC.

Managed LAN Switch

The Managed LAN Switch feature enables control of the four switch ports in Cisco 831, 836, and 837 routers. Each switch port is associated with a Fast Ethernet interface. The show controller fastEthernet <1-4> command output displays the status of the selected switch port.

Switch Port Support

The Managed LAN Switch feature allows setting and display of following parameters for each switch port:

Speed

Duplex

It also allows display of the link state of a switch port—that is, whether a device is connected to that port or not.

The Managed LAN Switch feature allows configuration of duplex and speed settings on the Fast Ethernet interfaces.

Table 10 lists the recommended configuration settings for duplex mode.

Table 10 Recommended Duplex Configuration Settings

Switch
Attached Device

Auto

Auto

Full

Full

Half

Half

Auto

Half


Table 11 lists the configuration settings that are not recommended for duplex mode.

Table 11 Duplex Configuration Settings Not Recommended

Switch
Attached Device

Auto

Full

Half

Full

Full

Auto

Full

Half


If the switch is connected to a non-autonegotiating device, that is not capable of autonegotiation, the switch will do the following:

Use the operating speed of the other device

Use half-duplex mode

However, if the connected non-autonegotiating device can run in full-duplex mode, the following might occur:

The throughput of the connection might be less than what is expected.

Although both the switch and the non-autonegotiating device can run in full-duplex mode, the switch uses a default of half-duplex mode. You might expect full duplex to be the mode used and be surprised that the throughput is less than that associated with full-duplex mode.

Excessive collisions.

If a non-autonegotiating device is running in full-duplex mode, it might attempt to transmit data at the same time that the switch is attempting to transmit data, thereby causing data collisions.

To prevent these problems, Cisco recommends that you set the duplex mode on the non-autonegotiating device to half-duplex mode.


Note While performing fixed configuration tasks like configuring duplex full/speed 100 or duplex full/speed 10 or duplex half/speed 100 on Cisco 831, 836, or 837 router, as well in the attached device, the link may not come up with few devices. For example, 3COM 3C920 integrated Dell Latitude laptop. This is due to different type of implementation being followed for setting duplex/speed by different vendors. To overcome these problems, configure duplex auto/speed auto in the Cisco 831, 836 and 837 routers. This feature also allows to disable/enable the four switch ports using the shutdown/no shutdown command under the corresponding fast Ethernet interface. When an existing user migrates to Cisco IOS image with Managed LAN Switch feature, the new fast Ethernet interfaces will be brought up. If the fast Ethernet interface configuration is saved to startup configuration, and if router is rebooted, the fast Ethernet interface will have the configuration according to the startup configuration. The fast Ethernet interfaces will be in up state unless the user changes the configuration and saves it to startup configuration.


For more details on Managed LAN Switch feature, refer to the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_2/mlans.htm

IP CEF and Policy-Based Routing for VoIP RTP Payload on Cisco 827-4V Router

This feature enables Cisco Express Forwarding (CEF) switching for voice traffic and policy-based routing (PBR) for locally generated voice packets. On the Cisco 827-4V router, the voice packets are currently fast switched. The existing design is such that the voice path is hardcoded to use a fast-switching path. This feature removes the hardcoded fast-switching path and modifies the existing design to allow CEF switching of voice packets.

For more details, refer to the CEF technical documentation located at the following URL:

http://www.cisco.com/en/US/tech/tk827/tk831/tk102/tech_protocol_home.html

For more details on PBR, refer to the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t11/ft_cef26.htm#1074951

TACACS+

Terminal Access Controller Access Control System Plus (TACACS+) is a security application that provides centralized validation of users attempting to gain access to a router or network access server. TACACS+ services are maintained in a database on a TACACS+ daemon running, typically, on a Unix or Windows NT workstation. TACACS+ provides for separate and modular authentication, authorization, and accounting (AAA) facilities.

For more details, refer TACACS+ technical documentation located at the following URL:

http://www.cisco.com/en/US/tech/tk583/tk642/tech_technical_documentation.html

CISCO-CONFIG-MAN-MIB

The CISCO-CONFIG-MAN-MIB (Configuration Management MIB) feature provides a history of the manipulation of the configuration data. The MIB maintains data on general events, but does not keep a history of individual actions performed on either the startup config or the running config (for example, configuration commands). All the objects in this MIB are read-only; therefore, the management data cannot be modified via Simple Network Management Protocol (SNMP).

For more details on this MIB, refer to the following URL:

http://www.cisco.com/pcgi-bin/Support/Mibbrowser/mibinfo.pl?mn=CISCO-CONFIG-MAN-MIB

BGP and BGP MIB

The Border Gateway Protocol (BGP) provides loop-free interdomain routing between autonomous systems. It exchanges network information with other BGP systems by creating a TCP connection to its peers and exchanging routing updates over this connection, including information about the list of autonomous system paths. (An autonomous system [AS] is a set of routers that operate under the same administration.) This information can be used to construct a graph of autonomous system connectivity from which routing loops can be pruned and with which autonomous system-level policy decisions can be enforced. BGP is often run among the networks of Internet service providers (ISPs).

For more details, refer to the BGP technical documentation located at the following URL:

http://www.cisco.com/en/US/tech/tk365/tk80/tech_technical_documentation.html

Dial Backup over Console Port

This feature enables virtual auxiliary port capability on the Cisco 836 router console port. In this case, either asymmetric digital subscriber line (ADSL) over ISDN or ISDN interface will be the primary link, and the virtual console/auxiliary port will be the backup interface that will be connected through a modem.


Note The auxiliary dial backup capability is available on all images, but the ISDN dial backup capability is available only in the c836-k9o3s8y6-mz image.


X.25 over ISDN Support

This feature enables the X.25 over D-channel feature on the Cisco 836 routers.

BRI is an ISDN interface, and it consists of two B-channels (B1 and B2) and one D-channel. The B-channels are used to transfer data, voice, and video. The D-channel controls the B-channels. ISDN uses the D-channel to carry signal information. This feature also enables ISDN to use D-channel in a BRI to carry X.25 packets. The D-channel has a capacity of 16 kbps, and the X.25 over D-channel can utilize up to 9.6 kbps.

X.25-over-D-Channel Logical Interface

When X.25 on ISDN is configured, a separate X.25-over-D-channel logical interface is created. You can set its parameters without disrupting the original ISDN interface configuration. The original BRI interface will continue to represent the D, B1, and B2 channels.

Because some end-user equipment uses static terminal endpoint identifiers (TEIs) to access this feature, static TEIs are supported. The dialer understands the X.25-over-D-channel calls and initiates them on a new interface.

X.25 traffic over the D channel can be used as a primary interface where low-volume, sporadic interactive traffic is the normal mode of operation. Supported traffic includes the Internet Protocol Exchange (IPX), AppleTalk, transparent bridging, Xerox Network Systems (XNS), DECnet, and IP.

This feature is not supported on the ISDN PRI.

For more details, refer to the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fdial_c/fnsprt3/dcdxisdn.htm

OSPF and OSPF MIB

Open Shortest Path First (OSPF) is an Interior Gateway Protocol (IGP) developed by the OSPF working group of the Internet Engineering Task Force (IETF). OSPF is a link-state routing protocol that does the following:

Provides network topology discovery within a group of routers and networks called an autonomous system (AS)

Calculates the shortest path to destinations within the AS

Because OSPF is a link-state protocol, routers flood any change in routing information throughout the network. This action differs from that of a distance vector protocol, such as RIP, which periodically exchanges routing information only with neighboring devices.

Within an AS, each OSPF router builds and synchronizes a database of the AS network topology. The routers synchronize their databases by requesting information from other AS routers. Each router sends its information as link-state advertisements (LSAs) that include information about the state of each router and link in the AS. A link is an interface on the router. The state of the link is the description of the interface, including the router's IP address and subnet mask, and its relationship to the neighboring router.

Then, the router uses its database and the Shortest Path First (SPF) algorithm to calculate the shortest path to every destination in the AS and stores this information in a dynamic table. When changes occur, the router calculates new paths.

The router with OSPF provides the following:

Intra-area route support for routing in a single area between other OSPF routers

Inter-area route support for routing between multiple OSPF areas

Route summarization between areas, as an Area Border Router (ABR)

Stub area and AS boundary router support

Redistribution of local, RIP, static, and firewall routes into an OSPF domain

Advertisement of Versatile Interface Processor (VIP) addresses for content as AS external routes

Simple authentication

Because it is designed for IP networks, OSPF supports IP subnetting and tagging of externally derived routing information. OSPF also allows packet authentication and uses IP multicast when sending and receiving packets.

For more details, refer to the following URL:

http://www.cisco.com/warp/public/104/1.html

Class-Based Traffic Policing with CLP Tagging

When configured on the router Class-Based Traffic Policing with Cell Loss Priority (CLP) Tagging polices the flow of cells in the forward (into the network) direction of a virtual connection. The traffic policing mechanism determines whether received cells comply with the negotiated traffic management values and tag the cell with a CLP bit value of 1. The purpose of this feature is to mark traffic that does not meet the traffic management values so that packets that exceed the set values can be dropped by the network if the network is congested.

For more details on Class-Based Policing, refer to the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s26/fspolic.htm

For more details on CLP Tagging, refer to the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt1/qcfcbmrk.htm

Unicast Reverse Path Forwarding

The Unicast Reverse Path Forwarding (URPF) feature helps to mitigate problems that are caused by the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a verifiable IP source address. For example, a number of common types of denial-of-service (DoS) attacks, including Smurf and Tribe Flood Network (TFN), can take advantage of forged or rapidly changing source IP addresses to allow attackers to thwart efforts to locate or filter the attacks. For Internet service providers (ISPs) that provide public access, Unicast RPF deflects such attacks by forwarding only packets that have source addresses that are valid and consistent with the IP routing table. This action protects the network of the ISP, its customer, and the rest of the Internet.

For more details on how to configure URPF, refer to the following URLs:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/secure.htm#1021668

http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/122sy/cmdref/i1.htm#81185

Client-Initiated L2TP Support

Layer 2 Tunneling Protocol (L2TP) is one of the key building blocks for virtual private networks that use dial access. L2TP is endorsed by Cisco and combines the best of Cisco's Layer 2 Forwarding (L2F) protocol and Microsoft's Point-to-Point Tunneling Protocol (PPTP).

Voluntary tunneling or Client-Initiated L2TP support helps customer premises equipment to initiate L2TP sessions with the L2TP Network Servers (LNS) situated on the network. The Point-to-Point Protocol (PPP) session will be terminated on the LNS.

For more details, refer to the following URLs:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_2/gtvoltun.htm

http://www.cisco.com/warp/public/cc/so/neso/vpn/unvpnst/2tpv3_an.htm

DNS Proxy

In virtual private network (VPN), Point-to-Point Protocol over Ethernet (PPPOE), etc. PCs connected to the LAN may get Dynamic Host Configuration Protocol (DHCP) parameters including the IP addresses of the Domain Name System (DNS) server prior to the router connecting to the WAN to get the information over IP Control Protocol (IPCP). The objective with Proxy DNS (or caching-only name server) enables the router to receive DNS queries on behalf of the real DNS servers and proxy for the hosts on the LAN connected users. This enables the DHCP server to immediately send the hosts the router's own LAN address in lieu of the DNS server's IP address. The router forwards the DNS queries from local users to real DNS servers after the WAN connection comes up and caches the DNS records in response. Over the time, cache includes the DNS information most often requested by the local resolvers and this can reduce the overhead of packets to the WAN.

The router must obtain the correct DNS server information from the WAN in order for it to function as a proxy DNS server.

The global configuration command ip dns server enables DNS proxy server functionality on the router, and causes it to forward DNS queries to the actual DNS servers. The global configuration command dns-server address causes the router to respond to DNS queries with its own IP address.

New Software Features in Release 12.3(2)T

For information regarding the features supported in Cisco IOS Release 12.3 T, refer to the Cross-Platform Release Notes and New Feature Documentation links at the following location on Cisco.com:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123relnt/xprn123/index.htm 

This URL is subject to change without notice. If it changes, point your web browser to Cisco.com, and click the following path:

Service & Support: Technical Documents: Cisco IOS Software: Release 12.3: Release Notes:  Cross-Platform Release Notes (Cisco IOS Release 12.3 T) 

Caveats

Caveats describe unexpected behavior or defects in Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.

Caveats in Release 12.3 T are also in Release 12.3(2)XC. For information on caveats in Cisco IOS Release 12.3 T, refer to the Caveats for Cisco IOS Release 12.3(2)T document. This document lists severity 1 and 2 caveats; the documents are located on Cisco.com.


Note If you have an account with Cisco.com, you can also use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com, and click Service & Support: Technical Assistance Center: Tool Index: Bug Toolkit. Another option is to go to http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl


Resolved Caveats - Release 12.3(2)XC3

This section describes unexpected behavior that is fixed in Cisco IOS Release 12.3(2)XC3. Only severity level 1 through level 3 are listed.

CSCed03333

CBAC FTP-data sessions remain in SIS_CLOSING state.

Workaround

Lowering the inspect FTP timeout and disabling CEF will reduce exposure. Bump certain out-of-order packets to process path for catch-up and then drop packets if unsuccessful.

CSCee47441

CBAC inspection causes software-forced reload.

When the Cisco IOS Firewall CBAC is configured, the router may have a software-forced reload caused by one of the inspections processed. This symptom is observed when the router is part of a DMVPN hub-spoke with a Cisco VoIP phone solution deployed on it, and the router is connected to the central office over the Internet. The Cisco VoIP phone runs the SKINNY protocol.

Workaround

None.

CSCef48336

Corrupted OSPF Hello packets cause software-forced crash.

The router may crash on watchdog timeout while validating the OSPF Hello/DBD packets with corrupted LLS data.

CSCdz32659

%SYS-2-MALLOCFAIL: -Process= CDP Protocol.

Memory allocation failure (MALLOCFAIL) messages may occur for a Cisco Discovery Protocol (CDP) process:

%SYS-2-MALLOCFAIL: Memory allocation of -1732547824 bytes failed from x605111F0, pool Processor, alignment 0
-Process= "CDP Protocol", ipl= 0, pid= 42
-Traceback= 602D5DF4 602D78A0 605111F8 60511078 6050EC88 6050E684 602D0E2C 602D0E18

Workaround

To prevent the symptom from occurring again, disable CDP by entering the no cdp run global configuration command.

CSCdz84583

Cisco IOS fw allows forged packets for a session initiated from inside.

A vulnerability in the TCP specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer), and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, the attack vector does not directly compromise data integrity or confidentiality.

All Cisco products which contain a TCP stack are susceptible to this vulnerability.

This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml,
and it describes this vulnerability as it applies to Cisco products that do not run Cisco IOS® software.

A companion advisory that describes this vulnerability for products that run Cisco IOS software is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml.

CSCeb16876

Bad getbuffer, crash, tag input, fragmentation.

The router may generate a "SYS-2-GETBUF" message during the "Tag Input" process and may subsequently reload unexpectedly. This symptom is observed when the router fragments a MultiProtocol Label Switching (MPLS) packet.

Workaround

None.

CSCeb52066

NAT: Provide an API to get the pre-natted TCP Seq/Ack Numbers.

A vulnerability in the TCP specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer), and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, the attack vector does not directly compromise data integrity or confidentiality.

All Cisco products which contain a TCP stack are susceptible to this vulnerability.

This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml,
and it describes this vulnerability as it applies to Cisco products that do not run Cisco IOS® software.

A companion advisory that describes this vulnerability for products that run Cisco IOS software is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml.

CSCeb56909

Crafted packet causes reload on Cisco routers.

Routers running Cisco IOS software that supports MPLS are vulnerable to a Denial of Service (DoS) attack on MPLS disabled interfaces.

More details can be found in the security advisory which is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml

CSCeb88239

const2:crash RIPv6_input after sending 1 packet to FF02::9 M/cast Ad.

A router that runs RIPng may crash after receiving a malformed RIPng packet, causing a DoS on the device. This symptom is observed when the ipv6 debug rip command is enabled on the router. Malformed packets can normally be sent locally. However, when the ipv6 debug rip command is enabled, the crash can also be triggered remotely. Note that RIP for IPv4 is not affected by this vulnerability.

Workaround

None.

CSCec16481

Software-forced crash when router receives corrupted OSPF Hello.

A device running Cisco IOS and enabled for the OSPF Protocol is vulnerable to a DoS attack from a malformed OSPF packet. The OSPF protocol is not enabled by default.

Further details and the workarounds to mitigate the effects are explained in the Security Advisory which is available at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml

CSCec25430

Cisco IOS may reload from specific packet.

A Cisco device reloads on receipt of a corrupt CDP packet. This symptom is observed when an empty "version" field exists in the output of the show cdp entry * command for at least one entry. One possible scenario is:

Reloading a faulty Cisco IP conference station 7935 or 7936 may cause a connected Cisco switch or router to reload. A CDP message may appear on the terminal, such as the following one:

%CDP-4-DUPLEX_MISMATCH duplex mismatch discovered on FastEthernet5/1 (not half duplex), with SEP00e0752447b2 port 1 (half duplex).

Workaround

Disable CDP by entering the no cdp run global configuration command.

First Alternate Workaround: Disable CDP on the specific (sub-)interface(s) whose corresponding neighbor(s) has or have an empty "version" field in the output of the show cdp entry * command.

Second Alternate Workaround: Disconnect the 7935 or 7936 phone, in the case of the specific symptom that is described above.

CSCec59206

Bus error in nat translating RSHELL packets.

A router may reload unexpectedly because of a bus error when it accesses a low address during the translation of TCP port 514. This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(5) and that is configured for Network Address Translation (NAT).

Workaround

Prevent the translation of TCP port 514.

CSCec86420

Undebug All stops traffic with IPsec+GRE+CEF (also see CSCeb56909).

Routers running Cisco IOS software that supports MPLS are vulnerable to a DoS attack on MPLS disabled interfaces. This is a complementary fix to CSCeb56909 which addresses this vulnerability.

More details can be found in the security advisory which is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml

CSCed35253

Router may crash due to corrupted data in list with Cisco IOS-firewall.

A router may reload unexpectedly after it attempts to access a low memory address. This symptom is observed after ACLs have been updated dynamically or after the router has responded dynamically to an IDS signature.

Workaround

Disable IP Inspect and IDS.

CSCed40563

Malicious cfg reload neighbor routers by <show cdp entry * protocol>.

Depending upon configuration, issuing the show cdp entry * protocol command may cause a reload of the device. This symptom occurs on Cisco products that are speaking CDP with configurable interface MTU.

Workaround

Disable CDP, avoid issuing the command under given circumstances, or upgrade to a fixed version of software.

CSCed40933

Multiple crafted IPv6 packets cause reload.

Cisco IOS software is vulnerable to a DoS attack from crafted IPv6 packets when the device has been configured to process IPv6 traffic. This vulnerability requires multiple crafted packets to be sent to the device which may result in a reload upon successful exploitation. More details can be found in the Security Advisory which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml.

CSCed68575

Reload triggered in SNMP process.

Cisco IOS software release 12.3T may contain a vulnerability in processing SNMP requests which, if exploited, could cause the device to reload. The vulnerability is only present in certain Cisco IOS releases on routers and switches. This behavior was introduced via a code change and is resolved with CSCed68575. This vulnerability can be remotely triggered. A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a DoS. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml

CSCed93836

Modifications needed to syn rst packet response.

A vulnerability in the TCP specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml,
and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.

A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.

CSCee08584

ITS/CME: aberrant data may trigger reload.

When configured for the Cisco IOS Telephony Service (ITS), Cisco CallManager Express (CME), or Survivable Remote Site Telephony (SRST), Cisco IOS release 12.3 T may contain a vulnerability in processing certain malformed control protocol messages. A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a DoS.

Cisco has made free software upgrades available to address this vulnerability for all affected customers. There are workarounds available to mitigate the effects of the vulnerability. Please see the advisory available at
http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml

CSCee67450

BGP error msg trackback.

A device running Cisco IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a DoS attack from a malformed BGP packet. Only devices with the command bgp log-neighbor-changes configured are vulnerable. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.

Cisco has made free software available to address this problem. Please see the advisory available at
http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml

CSCef46191

Unable to telnet.

A specifically crafted TCP connection to a telnet or reverse telnet port of a device running Cisco IOS may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected. All other device services will operate normally.

User-initiated, specially crafted TCP connection to a telnet or reverse telnet port results in blocking further telnet sessions, however, services such as packet forwarding, routing protocols, and all other communication to and through the device remain unaffected.

Workaround

Please see the advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml

CSCef67682

IPv6 msg may cause trackback.

CSCef68324

ICMPv6 pkt trackback.

CSCin67568

Memory leak in CDP process with long host names.

A Cisco device experiences a memory leak in the CDP process when the device sending CDP packets sends a hostname that is 256 or more characters. There are no problems with a hostname of 255 or fewer characters.

Workaround

Configure the neighbor device to use less than a 256 character hostname, or disable the CDP process with the global command no cdp run.

CSCuk53918

CSCef68324 missing break statement.

Resolved Caveats - Release 12.3(2)XC2

This section describes unexpected behavior that is fixed in Cisco IOS Release 12.3(2)XC2. Only severity level 1 through level 3 are listed.

CSCec00345

Adjustments of tones in accordance with Spanish and ITU-T standards.

When Phone1 goes on hook and Phone2 stays up after the conversation is over, user on Phone2 can hear the OFFHOOK_NOTICE which is not defined in ITU-T E.180 or in National Spanish standards.

Workaround

Define the custom tone table.

CSCed50319

Enable ip qos dscp CLI in base images of Cisco 820 router.

CSCed50556

Memory leak in Crypto IKMP.

The memory that Crypto Internet Key Management Protocol (IKMP) process holds increases. That memory is not freed and after some time may take all the memory.

Workaround

None.

CSCed34050

Cisco 837 router: Middle buffers and HIFN79xx buffers issues.

A Cisco 837 router may encounter memory allocation failures in I/O memory.

Workaround

None.

CSCed76042

Adding Policy-Based Routing (PBR) support for Cisco SOHO 97 router.

CSCed27956

TCP checks should verify ack sequence number.

A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.

A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.

CSCed38527

TCP checks should verify syn sequence number.

A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.

A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.

Resolved Caveats - Release 12.3(2)XC1

This section describes unexpected behavior that is fixed in Cisco IOS Release 12.3(2)XC1. Only severity level 1 through level 3 are listed.

CSCed02145

Caller ID in Spain not working on all phones.

Some phones that display caller ID on the PSTN in Spain do not display caller ID on Foreign Exchnage Station (FXS) ports on the Cisco 827 router.

CSCed00310

Managed Switch: Backout CSCeb45932 to go for advertisement setting.

CSCec77078

Packet delay over IPSec tunnel when HW crypto used.

Workaround

Disable hardware encryption with no crypto engine accelerator command.

CSCeb79675

SNMP reply packets do not use the correct source address.

A SNMP request sent to the loopback interface of a Cisco router will have the wrong source address in the reply.

Workaround

Send the SNMP request to the IP address of a physical interface.

CSCdz27562

snmpwalk on loopbacks gets no response.

Executing an snmpwalk command on loopback interface does not yield any results.

Workaround

Execute the snmpwalk command on the physical interface.

CSCeb22276

Delay in processing some SNMP requests.

Some SNMP packets may stay in the input queue while being processed. However, the packets do drain on their own without any intervention from the user. This fix allows those packets to be removed from the queue more quickly.

Workaround

Protect your SNMP community strings with good password management.

Permit SNMP traffic only from trusted devices.

CSCec36893

Multiple PPPoE client sessions are not created.

When multiple pppoe-client and dial-pool-number commands are configured on the interface, only one session is created after reloading the router.

Workaround

None.

CSCec00345

Adjustments of tones in accordance with Spanish and ITU-T standards.

When the phone connected to FXS port of the Cisco 827-4V router goes on hook, the receiver on the otehr end can hear off hook notice. This is not defined in ITU-T E.180 or in National Spanish standards.

Workaround

Define the custom tone table.

CSCeb70171

MPLS-QoS: Spurious memory access occurs with MLPPPoFR and WRED.

An alignment traceback may occur when a router is configured for Multilink PPP over Frame Relay (MLPoFR) and weighted random early detection (WRED).

Workaround

Remove or modify the service-policy map to prevent WRED from running on MLPPPoFR interfaces.

Resolved Caveats - Release 12.3(2)XC

This section describes unexpected behavior that is fixed in Cisco IOS Release 12.3(2)XC. Only severity level 1 through level 3 are listed.

CSCeb41084

Routing loop issue with DHCP and Dynamic Multipoint VPN (DMVPN).

CSCeb42787

DHCP static routes are not being removed.

Workaround

After configuration change, save the configuration, and reload the router.

CSCeb08445

Default route learned via DHCP overrides static default route.

Workaround

Configure the command ip dhcp-client default-router distance to be the same as the statically configured route distance. This way, the DHCP learned route will overwrite the configured route but with the same information.

CSCea78615

Software forced crash at "mgd_timer_first_running" related to Next Hop Resolution Protocol (NHRP).

The Cisco router running NHRP may reload due to a software forced crash.

Workaround

None.

CSCea64214

Potential scalability issue with dot1x and Windows 2000 client.

CSCec03928

Cannot see running configuration when Cisco Networking Services (CNS) configuration is downloaded.

Workaround

Hook-up the console.

CSCeb56827

When of Easy VPN client is rebooted, unknown transform error is displayed.

Workaround

Disable VPN card, or remove and re-apply the crypto map from the interface.

CSCec06005

Memory leaks in NHRP and tunnel protection.

CSCeb71671

NHRP on multi-point generic routing encapsulation (GRE) tunnel interface causes router to crash.

Workaround

None.

CSCec25744

IOS image reloads when connecting spoke to spoke.

Workaround

Disable all spoke-to-spoke connections.

CSCea90932

SIP call does not go through when port 1024 is used in Via header.

Workaround

Attempt another call. Call works when port number in Via header is greater than 1024.

CSCeb46738

If VPN group is not cleared immediately, it leads to invalid attribute reuse.

Workaround

Wait till all the Internet Security Association and Key Management Protocol (ISAKMP) security association table is flushed and try again. The tunnel will not come up and it will show an error.

CSCuk43613

CNS syntax checker fails on encapsulation aal5snap command.

Workaround

Disable the syntax checker when trying to apply configuration with the encapsulation aal5snap command.

CSCeb87159

CNS sends keepalive values to tibgate incorrectly.

Workaround

None.

CSCec15351

CNS configuration agent modifies the configuration without persisting it.

Workaround

Ensure there is no concurrent access to the router.

CSCeb44999

CNS configuration notify extensible markup language (XML) output needs to handle control and carriage return characters.

Workaround

None.

CSCeb45670

Multi-line banner command is not correctly applied by CNS configuration agent.

Workaround

None.

Open Caveats - Release 12.3(2)XC

The following sections list the open caveats for the Cisco IOS release 12.3(2)XC.

CSCeb87091

The Cisco 7200 series router will not perform BGP update in PPPoE with IP CEF enabled.

Workaround

Disable IP CEF on the dialer interface by using the command no ip route-cache cef.

CSCin52746

PBR does not work for two policy set under route-map.

CSCin56511

PPPoE client does not send PPPoE Active Discovery Terminate when clear/shutdown commands are given on dialer interface.

Related Documentation

The following sections describe the documentation available for the Cisco 827-4V, 828, 831, 836, 837, SOHO 91, SOHO 96, and SOHO 97 routers. Typically, these documents consist of hardware and software installation guides, Cisco IOS configuration and command references, system error messages, feature modules, and other documents. Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online on Cisco.com.

Use these release notes with the documents listed in the following sections:

Release-Specific Documents

Platform-Specific Documents

Release-Specific Documents

The following documents are specific to Release 12.3 and apply to Release 12.3(2)XC3. They are located on Cisco.com :

To reach the Cross-Platform Release Notes for Cisco IOS Release 12.3(2)T, click this path:

Technical Documents: Cisco IOS Software: Release 12.3: Release Notes: Cisco IOS  Release 12.3 T 

To reach product bulletins, field notices, and other release-specific documents, click this path:

Technical Documents: Product Bulletins 

To reach the Caveats for Cisco IOS Release 12.3 and Caveats for Cisco IOS Release 12.3 T documents, which contain caveats applicable to all platforms for all maintenance releases of Release 12.3, click this path:

Technical Documents: Cisco IOS Software: Release 12.3: Caveats 


Note If you have an account with Cisco.com, you can also use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com, and click Service & Support: Technical Assistance Center: Tool Index: Bug Toolkit. Another option is to go to http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl


Platform-Specific Documents

Hardware installation guides, configuration and command reference guides, and additional documents specific to the Cisco 827-4V, 828, 831, 836, 837, SOHO 91, SOHO 96, and SOHO 97 routers are available on Cisco.com at the following location:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/800/index.htm 

This URL is subject to change without notice. If it changes, point your web browser to Cisco.com, and click the following path:

Cisco Product Documentation: Access Servers and Access Routers: Fixed Access RoutersCisco 800 Series Routers: <platform_name>

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/univercd/home/home.htm

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Documentation DVD

Cisco documentation and additional literature are available in a Documentation DVD package, which may have shipped with your product. The Documentation DVD is updated regularly and may be more current than printed documentation. The Documentation DVD package is available as a single unit.

Registered Cisco.com users (Cisco direct customers) can order a Cisco Documentation DVD (product number DOC-DOCDVD=) from the Ordering tool or Cisco Marketplace.

Cisco Ordering tool:

http://www.cisco.com/en/US/partner/ordering/

Cisco Marketplace:

http://www.cisco.com/go/marketplace/

Ordering Documentation

You can find instructions for ordering documentation at this URL:

http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm

You can order Cisco documentation in these ways:

Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:

http://www.cisco.com/en/US/partner/ordering/

Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 1 800 553-NETS (6387).

Documentation Feedback

You can send comments about technical documentation to bug-doc@cisco.com.

You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Cisco Product Security Overview

Cisco provides a free online Security Vulnerability Policy portal at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

From this site, you can perform these tasks:

Report security vulnerabilities in Cisco products.

Obtain assistance with security incidents that involve Cisco products.

Register to receive security information from Cisco.

A current list of security advisories and notices for Cisco products is available at this URL:

http://www.cisco.com/go/psirt

If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:

http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a vulnerability in a Cisco product, contact PSIRT:

Emergencies —  security-alert@cisco.com

Nonemergencies —  psirt@cisco.com


Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product to encrypt any sensitive information that you send to Cisco. PSIRT can work from encrypted information that is compatible with PGP versions 2.x through 8.x.

Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one that has the most recent creation date in this public key server list:

http://pgp.mit.edu:11371/pks/lookup?search=psirt%40cisco.com&op=index&exact=on


In an emergency, you can also reach PSIRT by telephone:

1 877 228-7302

1 408 525-6532

Obtaining Technical Assistance

For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.

Cisco Technical Support Website

The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year, at this URL:

http://www.cisco.com/techsupport

Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do


Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support Website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.


Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447

For a complete list of Cisco TAC contacts, go to this URL:

http://www.cisco.com/techsupport/contacts

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

http://www.ciscopress.com

Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/packet

iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

World-class networking training is available from Cisco. You can view current offerings at this URL:

http://www.cisco.com/en/US/learning/index.html


hometocprevnextglossaryfeedbacksearchhelp

Posted: Thu Mar 2 19:49:59 PST 2006
All contents are Copyright © 1992--2006 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.