Table of Contents
Release Notes for Cisco 6400 Universal Access Concentrator (UAC) for NRP Cisco IOS Release 11.3(7) DB
January 18, 1999
This release note describes new features and caveats for the Cisco 6400 Universal Access Concentrator (UAC) node route processor (NRP) supported in Cisco IOS Release11.3(7) DB.
Use this release note in conjunction with the cross-platform Release Notes for Cisco IOS Release 11.3 located on Cisco Connection Online (CCO) and the Documentation CD-ROM.
For a list of software caveats that apply to this release, refer to the "Caveats" section later in this document.
These release notes discuss the following:
The Cisco 6400 Universal Access Concentrator (UAC) is the first of a new generation of broadband concentrators that support Cisco System's end-to-end ATM transmission services, PPP termination services, and tunneling services. The NRP is the routing processor for the Cisco 6400 UAC, it receives traffic from interfaces connected to one or more node switch processor (NSP) switch ports, reassembles the ATM cells into packets, routes packets, segments routed packets, and sends them back to the ATM switch for output to the network.
Detailed software configuration information on the new features and Cisco IOS commands supported by Release 11.3 are available on the Documentation CD-ROM and on the Web at http://www.cisco.com. For more information, refer to the "Related Documentation" section later in this document.
This release note does not describe features that are available in IOS Release 11.3. For more information about features in IOS Release 11.3, refer to Release Notes for Cisco IOS Release 11.3.
This section describes the system requirements for the Cisco 6400 NRP1 and includes the following sections:
Table 1 describes the memory requirements for the Cisco 6400 NRP.
Table 1: Cisco 6400 NRP Memory Requirements
| Feature Set
| Image Name
| Minimum Required Flash Disk
| Required Main Memory
| Runs from
|
|---|
Cisco 6400 NRP1
| c6400r-p5-mz
| 16 MB Flash
| 64 MB DRAM
| Flash
|
Table 2 lists the hardware platforms and devices supported by the Cisco 6400 NRP.
Table 2: Cisco 6400 NRP Hardware Platform and Devices
| Platform
|
c6400r-p5-mz software image
|
| Devices
|
Single-port ATM SAR connecting internally to the Cisco 6400 ATM switch fabric
|
Ethernet
|
Fast Ethernet
|
The Cisco IOS software is packaged in feature sets (also called software images) depending on the platform. Each feature set contains a specific set of Cisco IOS features. The following section lists the feature set matrix and the features supported by each feature set. The Cisco 6400 NRP1 can only use a single image called c6400r-p5-mz. Table 3 lists the features supported by the Cisco 6400 NRP image.
Note This feature set table contains only a selected list of features. This table is not a cumulative or complete list of all the features in this image.
Table 3: Feature List for the Cisco 6400 NRP
| Layer 2 and Layer 3 Protocols
|
ARP
|
IPCP
|
IP forwarding
|
IP host
|
IP multicast
|
PPP/ATM
|
TCP
|
Telnet
|
TFTP
|
UDP
|
Transparent bridging
|
VLAN
|
| Layer 3 Routing Protocols
|
EIGRP
|
IS-IS
|
OSPF
|
PIM
|
RIP
|
| Network Management, Security
|
AAA
|
CHAP
|
FTP
|
RADIUS
|
SNMP
|
TACACS
|
| LAN Interfaces
|
ATM
|
Ethernet (10BaseT)
|
Fast Ethernet (100BaseTX)
|
To determine the version of Cisco IOS software currently running on your router, log on to the Cisco 6400 NRP and enter the show version EXEC command:
router> show version
An output appears similar to the following. The Cisco IOS version appears in the second line.
Cisco Internetwork Operating System Software
IOS (tm) 6400 Software (C6400r-p5-mz), Version 11.3(7)DB.......
The output includes additional information including processor revision numbers, memory amounts, hardware IDs, and partition information. To upgrade to a new software release, see the "Cisco Connection Online" section.
This section contains open and resolved caveats for the current Cisco 6400 NRP release only.
Caveats in Cisco IOS Release 11.3(7) also apply to Release 11.3(7)DB. For information about caveats in the Cisco IOS Release 11.3(7), refer to the "Caveats" sections in the Cross-Platform Release Notes for Cisco IOS Release 11.3 document located on CCO and the Documentation CD-ROM.
The most significant caveat in this release is the fact that L2TP/L2F should not be used. Layer 2 tunnels and the PPP sessions over these tunnels may become unstable. For more information, refer to NRP specific caveats CSCdk66630, CSCdk40185, CSCdk42466, and CSCdk41077.
Other caveats include the following:
- L2TP tunnels are unstable, they cannot be used with PPP sessions.
- L2TP tunnel formation often requires shut/no shut or reboot commands. A configuration change is required to fix a tunnel or data path. To work around this issue, enter the shut/no shut command on one or all of the subinterfaces in this data path.
- Occasionally, 1 in 20 VPDN tunnels fails to start. Duplicate of CSCdk42151.
- When more than one L2TP or L2F tunnel is coming up, subsequent tunnels can take appreciably more time to connect.
- During sub-interface configuration, any change in the VC class using the vc-class command on a PVC causes the subinterface state to go down.
- Example:
interface atm0.1 point-to-point
pvc 0/100
class class1
vc-class atm class1
encapsulation aal5ciscoppp virtual-template1
inarp 60
broadcast
vbr-nrt 7511 4511 12 6555 3890 8
ilmi manage
oam-pvc 555
oam retry 400 500 1
- Under certain conditions an OSPF adjacent relationship established through an L2F tunnel configured over the NRP ATM interface may fail to properly exchange OSPF routes. To work around this issue, shut down the tunnel and brought it back up.
- Receiving a multicast group prune message prevents the router from forwarding multicast packets to that destination group over the interface. However, the status of the multicast group appears incorrect in the output of the show ip mroute command.
- Using an access list on a Web Cache Control Protocol (WCCP) enabled interface stops all WCCP cache redirection. A WCCP access list with an explicit deny statement denies all clients.
- OSPF adjacency may not form over an ATM subinterface. The OSPF neighbor adjacency can be reestablished by issuing the shut /no shut command on the affected interface.
- EIGRP routes may not always propagate over ISL subinterfaces on the NRP Fast Ethernet interface. To propagate EIGRP routes, enter the shut/no shut command on the interface.
- In the NRP show int atm 0/0/0 command, the number of output packets is not equal to the number of input packets less the number of output queue drops. This condition is limited to bridged virtual interfaces.
- A large number of PPP sessions (approximately 1000) may display a "memory exhaustion" error message if each session is carrying heavy traffic. The memory is recovered eventually, just slowly. This is an expected and temporary result of heavy traffic with large number of PPP sessions.
- Enabling IRB on atm0/0/0 and Pinging this bridged interface fails. However, when you Ping from atm0/0/0 to the connected bridged interface, the Ping succeeds. Pinging from the ATM interface to the bridged interface allows all subsequent pings in either direction. To work around this issue, enter the clear arp command on the atm0/0/0 router.
- If you have heavy traffic in a "router-on-a-stick" configuration, the CPUHOG message on the NRP with heavy bridging traffic may show the "ATM Periodic" process as the offending task.
- When configuring xDSL subscriber interfaces to bridge, with the BVI interface on redundant NRPs as their default gateway, a switchover between redundant NRPs could result in the new primary NRP having a different BVI MAC address. In this case, subscribers will use the old MAC address and will get no response.
- To work around this issue, statically configure the MAC address of BVI interfaces so that both NRPs use the same address.
- When creating a subscriber policy with more than 10 subscribers, multicast and unknown destination options are not executed correctly. To work around this issue, create subscriber policies with less than 10 subscribers.
- With 1000 VCs configured, a SYS-2-MALLOCFAIL message "Memory allocation problem with the pool manager process" may appear.
- You cannot configure two VC's on the same VPI that differ by 1024. For example, if VCI 100 exists with a VPI of 10 and you add VCI 1124, the router refused to create that VC. To work around this issue, use a different VPI/VCI combination for the VC. For example, use a VPI of 11 and a VCI of 100.
- Using a definitive IP address for the peer default ip address command in a virtual-template does not work. To work around this problem, enter the peer default ip address pool name command and then create a local IP pool using the ip local pool name <start_address_range> <end_address_range> command.
- The NME interface on an NRP reports its status and linestat as up when there is no cable attached.
- Portions of the NRP running configuration file may not be saved to the startup configuration file when issuing a write config command. Under investigation.
- Occasionally, after receiving high rates of traffic over the ATM PVC between the NSP and NRP, the NRP counters may show incorrect packet counts.
- The 6400 NRP console might stop displaying messages when the NRP processes a large configuration file. To work around this problem, do one of the following:
- Reduce the configuration file as much as possible.
- If you are using xterm, kill the xterm process and start a new one.
- Select the VT option in the xterm window of NRP console, by pressing <Ctrl> key and middle mouse button, then select Do Soft Reset. If this works you will not need to close and reopen another xterm.
- A bus error can result when changing traffic shaping parameters on an ATM PVC, while traffic is being transmitted over the VC. To work around this issue, change traffic shaping parameters when no traffic is being transmitted on the selected VC.
All the caveats in this section are resolved in Release 11.3(7)DB. This section describes severity 1, 2, and selected severity 3 caveats.
- External NMS may experience SNMP timeouts when the NRP target router is heavily loaded.
- The maximum number of VCIs for a single VPI is selectable with a maximum of 1024. This VCI range is the difference between the lowest VCI and the highest VCI. If a VCI outside of this range is used, the PVC configuration is accepted and silently dropped. An error message should be generated but it is not.
- Duplicate of CSCdk67251. In the following Cisco 6400 NRP configuration the NRP may boot the wrong image after a forced switchover of redundant NRPs:
- NRPs are configured as redundant.
- Config-register is 0x2 (boot from flash:device)
- IOS images reside on both the bootflash: and flash: devices
- Upon cut over, the NRP might reload the wrong IOS image from the bootflash: device (instead of reloading the IOS image from the flash: device, as configured). To work around this issue, configure the NRP to reload the IOS image from the bootflash: device.
- The Cisco 6400 primary NRP might reload with a memory allocation error when configured for redundant NRP operation. To work around this issue, turn off NRP redundancy configuration.
- Resolved with the 12.0(2)DB NSP image. ILMI PVC discovery may not operate after rebooting the NSP.
- The NSP shows the NRP atm0/0/0 port is down, while the NRP console shows the port is up. This occurs with heavy traffic after the secondary NRP has been reset by a keepalive failure. This is a side effect of CSCdk67251.
- A PPP-over-ATM connection may be unusable if any PPP timeout is configured.
- If a User Datagram Protocol (UDP) packet with an invalid length is sent to port 514 (the "syslog" port) on an IOS device, the device is likely to reload. In this situation, a stack trace might not be saved. Such packets are sent by the popular nmap port scanning program.
- You can work around this vulnerability by preventing any affected Cisco IOS device from receiving or processing UDP datagrams addressed to its port 514. This can be done either using packet filtering on surrounding devices, or by using input access list filtering on the affected IOS device itself.
- If you use an input access list, that list should be applied to all interfaces to which attackers may be able to send datagrams. This includes not only physical LAN and WAN interfaces, but virtual subinterfaces of those physical interfaces, as well as virtual interfaces and/or interface templates corresponding to GRE, L2TP, L2F, and other tunnelling protocols.
- The input access list must block traffic destined for any of the Cisco IOS device's own IP addresses, as well as for any broadcast or multicast addresses on which the Cisco IOS device may be listening. It's important to remember to block old-style "all-zeroes" broadcasts as well as new-style "all-ones" broadcasts.
- There is no single input access list that will work in all configurations. It is very important that you understand the effect of your access list in your specific configuration before you activate the list.
- The following example shows a possible access list for a three-interface router, along with the configuration commands needed to apply that access list. The example assumes no need for input filtering other than as a work around for this vulnerability.
! Deny all multicasts, and all unspecified-net broadcasts, to port 514
access-list 101 deny udp any 224.0.0.0 31.255.255.255 eq 514
! Deny old-style unspecified-net broadcasts
access-list 101 deny udp any host 0.0.0.0 eq 514
! Deny network-specific broadcasts. This example assumes that all of
! the local interfaces are on the class B network 172.16.0.0, subnetted
! everywhere with mask 255.255.255.0. This will differ from network
! to network. Note that we block both new-style and old-style broadcasts.
access-list 101 deny udp any 172.16.0.255 0.0.255.0 eq 514
access-list 101 deny udp any 172.16.0.0 0.0.255.0 eq 514
! Deny packets sent to the addresses of our own network interfaces.
access-list 101 deny udp any host 172.16.1.1 eq 514
access-list 101 deny udp any host 172.16.2.1 eq 514
access-list 101 deny udp any host 172.16.3.3 eq 514
! Permit all other traffic (default would be to deny)
access-list 101 permit ip any any
! Apply the access list to the input side of each interface
interface ethernet 0
ip address 172.16.1.1 255.255.255.0
ip access-group 101 in
interface ethernet 2
ip address 172.16.2.1 255.255.255.0
ip access-group 101 in
interface ethernet 3
ip address 172.16.3.3 255.255.255.0
ip access-group 101 in
- It can be complicated to list all possible addresses, and especially all possible broadcast addresses, to which attack packets might be sent. If you do not expect to receive any legitimate syslog traffic on an interface, you may wish to simply block all syslog traffic arriving on that interface. Remember that this will affect traffic routed through the Cisco IOS device as well as traffic destined to the device.
- Input access lists have an impact on system performance, and should be installed with a degree of caution, especially on systems that are running very near their capacity limits.
The documents listed in Table 4 are available for the Cisco 6400 UAC. These documents are also available online at Cisco Connection Online (CCO) and on the Documentation CD-ROM.
To access Cisco 6400 documentation on CCO, follow this path:
Products and Ordering: Documentation: Cisco Documentation: Cisco Product Documentation: DSL Products: Cisco 6400
To access Cisco 6400 documentation on the Documentation CD-ROM, follow this path:
DSL Products: Cisco 6400
Table 4: Platform Documents for the Cisco 6400 Universal Access Concentrator
| Book
| Chapter Topics
|
|---|
Cisco 6400 UAC Hardware Installation Guide
| About This Manual
Hardware Description
Preparing for Installation
Installing the Cisco 6400
Troubleshooting
Maintaining the Cisco 6400
System Specifications
Glossary
Configuration Worksheets
Installing the AC-Input Power Shelf and Power Supply
|
Cisco 6400 UAC Command Reference Guide
| This guide describes all of the commands specific to the Cisco 6400, organized in alphabetic order.
|
Cisco 6400 UAC Site Planning Guide
| About This Guide
Cisco 6400 Overview
Site Planning Considerations
System Specifications
Cabling Specifications
Glossary
|
Regulatory Compliance and Safety Information for the Cisco 6400
| Overview of the Cisco 6400 Universal Access Concentrator
General Documentation Information
Agency Approvals
Translated Safety Warnings
Cisco Connection Online
|
Release Notes for Cisco 6400 UAC NRP for Cisco IOS Release 11.3(5)DB
| Release information for the previous Cisco IOS release version for the NRP.
|
Release Notes for Cisco 6400 UAC NSP for Cisco IOS Release 12.(2)DB
| Release information for the current Cisco IOS release version for the NSP.
|
Cisco 6400 UAC Software Configuration Guide
| About This Manual
Understanding the Command Line Interface for the Cisco 6400 UAC
Configuring Terminal Lines and Modem Support
Using the Cisco 6400 Web Console Application for System Configuration
Initially Configuring the Cisco 6400
Configuring Redundancy and SONET APS
Configuring Interfaces
Configuring the NRP
Configuring Virtual Connections
Configuring System Management Functions
Configuring Operation, Administration, and Maintenance
Configuring Resource Management
Configuring ILMI
Configuring ATM Routing and PNNI
Using Access Control
Configuring IP-Over-ATM and LAN Emulation
Configuring ATM Accounting and ATM RMON
Configuring Tag Switching
Configuring Signaling Features
Configuring Special Features
PNNI Migration Examples
Cisco 6400 MIB Information
Resolving Error Messages
Glossary
|
Cisco 6400 FRU Installation and Replacement
| Tools and Equipment Required
General Safety Precautions and Maintenance Guidelines
Replacing the Front Cover
Powering Down the System
Backing Up the PCMCIA Card
Maintaining the Air Filter
Replacing an NSP Module
Replacing an NRP Module
Installing or Replacing a Half-Height NLC
Replacing a PEM
Replacing the Blower Module and Fans
Verifying Plug-In Module and Component Installation
|
For service and support for a product purchased directly from Cisco, use CCO.
For service and support for a product purchased from a reseller, contact the reseller. Resellers offer a wide variety of Cisco service and support programs, which are described in the section "Service and Support" in the information packet shipped with your product.
Note If you purchased your product from a reseller, you can access CCO as a guest. CCO is the primary real-time support channel for Cisco Systems. Your reseller offers programs that include direct access to CCO services.
The following URL contains links to access helpful tips on configuring your Cisco products:
http://www.cisco.com/public/serv_tips.shtml
This URL is subject to change without notice. If it changes, point your web browser to http://www.cisco.com/, and follow this path: Software & Support, Technical Support, Technical Tips.
The following sections are provided from the Technical Tips page:
- Access Dial Cookbook---Contains common configurations or recipes to configure various access routers and dial technologies.
- Field Notices---Designed to provide notification of any critical issues regarding Cisco products. These include problem descriptions, safety or security issues, and hardware defects.
- FAQs---Collection of the most frequently asked questions about Cisco hardware and software.
- Hot Tips---Popular tips and hints gathered from the Cisco Technical Assistance Center (TAC). Most of these documents are available from the TAC FAX-on-demand service. To access FAX-on-demand and receive documents at your FAX machine from the USA, call 888-50-CISCO (888-502-4726). From other areas, call 415-596-4408.
- Hardware---Technical Tips related to specific hardware platforms.
- Internetworking Features---Tips on using and deploying Cisco IOS software features and services.
- Sample Configurations---Actual configuration examples complete with topology and annotations.
- Software Products---MultiNet & Cisco Suite 100, Network Management, Cisco IOS Software Bulletins, and CiscoPro Configurations.
- Special Collections---Other Helpful Documents, Frequently Asked Questions, Security Advisories, References & RFCs, Case Studies, and the CiscoPro Documentation CD-ROM.
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can access CCO in the following ways:
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
Note If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact the Cisco Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com. To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526-7208, or cs-rep@cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.
Posted: Fri Mar 10 13:20:21 PST 2000
Copyright 1989 - 2000©Cisco Systems Inc.
