cc/td/doc/product/software/ios120/relnote
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Release Notes for Cisco AS5200 Universal Access Servers for Cisco IOS Release 12.0 XJ

Release Notes for Cisco AS5200 Universal Access Servers for Cisco IOS Release 12.0 XJ

December 6, 1999

These release notes for Cisco AS5200 universal access servers support Cisco IOS Release 12.0 XJ, up to and including Release 12.0(4)XJ5. These release notes are updated as needed to describe new features, memory requirements, hardware support, software platform deferrals, and changes to the microcode or modem code and related documents.

For a list of the software caveats that apply to Release 12.0(4)XJ5, see the "Caveats" section and . The caveats document is updated for every maintenance release and is located on Cisco Connection Online (CCO) and the Documentation CD-ROM.

Use these release notes with Cross-Platform Release Notes for Cisco IOS Release 12.0 on CCO and the Documentation CD-ROM.

Contents

These release notes describe the following topics:

Introduction

This section contains information about the Cisco AS5200 universal access servers and Early Deployment (ED) Releases for the Cisco AS5200.

Cisco AS5200

The Cisco AS5200 universal access server is a multifaceted data communications platform that provides all the functions of an access server, a router, modems, and terminal adapters (TAs) in a modular chassis. Mid-sized organizations or service providers requiring centralized processing capabilities for mobile users and telecommuters will benefit the most using the Cisco AS5200 universal access server.

With their optimization for high-speed modem access, the Cisco AS5200 universal access servers are ideally suited for all traditional dial-up applications, such as host access, electronic mail, file transfer, and dial-in access to a local area network.

For information on new features and Cisco IOS commands supported by Release 12.0(4)XJ5, see the "New and Changed Information" section and "Related Documentation" section.

Early Deployment Releases

These release notes describe only Release 12.0 XJ for Cisco AS5200 universal access servers and do not describe features that are available in Release 12.0 or other Release 12.0 Early Deployment (ED) releases. Release 12.0(4)XJ5 is an Early Deployment (ED) release based on Release 12.0 and announces fixes to software caveats and support for new Cisco hardware.

For information about features in Release 12.0, see Cross-Platform Release Notes for Cisco IOS Release 12.0  on CCO and the Documentation CD-ROM.

For information about features in other platforms, see Release Notes for Cisco IOS Release  12.0 on CCO  and the Documentation CD-ROM.

System Requirements

This section describes the system requirements for Release 12.0 XJ:

Memory Requirements

Table 1 describes the memory requirements for the Cisco AS5200 platform feature sets supported by Cisco IOS Release 12.0(4)XJ5.


Table 1: Memory Requirements for Cisco AS5200 Series
Feature Sets Image Name Software Image Flash Memory Required DRAM Memory Required Runs from

IP Standard
Feature Set

IP

c5200-i-l

16 MB

8 MB

Flash

IP Plus

c5200-is-l

16 MB

8 MB

Flash

Desktop Standard
Feature Set

IP/IPX/AT/DEC

c5200-d-l

16 MB

8 MB

Flash

IP/IPX/AT/DEC Plus

c5200-ds-l

16 MB

8 MB

Flash

Hardware Supported

Cisco IOS Release 12.0 XJ supports the Cisco AS5200 universal access servers.

The following are LAN interfaces supported on the Cisco AS5200:

The following are WAN data rates supported on the Cisco AS5200:

The following are WAN interfaces supported on the Cisco AS5200:

For detailed descriptions of the new hardware features, see the "New and Changed Information" section.

Determining the Software Version

To determine the version of Cisco IOS software running on your Cisco AS5200, log in to the Cisco AS5200 and enter the show version EXEC command:

router>show version
Cisco Internetwork Operating System Software 
IOS (tm) AS5200 Software c5200-d-l, Version 12.0(4)XJ5, RELEASE SOFTWARE

Upgrading to a New Software Release

For information on upgrading to a new software release, see the product bulletin Cisco IOS Software Release  12.0 T Upgrade Paths and Packaging Simplification (#819: 1/99)   on CCO at:

http://www.cisco.com/warp/public/cc/cisco/mkt/ios/rel/120/prodlit/819_pp.htm

Service & Support: Software Center: Cisco IOS Software: Product Bulletins: Software

Under Cisco IOS 12.0, click Cisco IOS Software Release 12.0 T Upgrade (#819: 1/99).

Microcode and Modem Code Software

Microcode and modem code software images are bundled with the system software image---with the exception of the Channel Interface Processor (CIP) microcode (all system software images). Bundling eliminates the need to store separate microcode and modem code images. When the router starts, the system software unpacks the microcode and/or modem code software bundle and loads the proper software on all the interface processor boards. Table 2 lists the current microcode and modem code versions for the Cisco AS5200 universal access servers.

Note You could have received a later version of modem code than the one bundled with the Cisco IOS software. The modem code in Flash memory is mapped to the modems. Unless you fully understand how Cisco IOS software uses modem code, it is important to keep the factory configuration.

The modem code release notes are on CCO and the Documentation CD-ROM:

You can reach the release notes on CCO at:

Service & Support: Documentation Home Page: Access Servers and Access Routers: Firmware and Portware Information

You can reach the release notes on the Documentation CD-ROM at:

Cisco Product Documentation: Access Servers and Access Routers: Firmware and Portware Information


Table 2: Current Bundled Modem Code Version
Modem Code Module Current Bundled Modem Code Version Cisco IOS Software Releases

Microcom modems

Microcom version 5.1.20

Release 12.0(5)T and later

MICA modems

MICA portware Version 2.7.1.0

Release 12.0(5)T and later

Feature Set Tables

The Cisco IOS software is packaged in feature sets consisting of software images---depending on the platform. Each feature set contains a specific set of Cisco IOS features.

Release 12.0(4)XJ5 supports the same feature sets as Release 12.0(5)T, but Release 12.0(4)XJ5 can include new features supported by the Cisco AS5200 universal access servers.


Table 3: Feature Sets Supported by the Cisco AS5200 Series 
Feature Sets Image Names Feature Set Matrix Term Software Image
IP Standard
Feature Set

IP

Basic1

c5200-i-l

IP Plus

Plus2

c5200-is-l

Desktop Standard
Feature Set

IP/IPX/AppleTalk/DEC

Basic

c5200-d-l

IP/IPX/AppleTalk/DEC Plus

Plus

c5200-ds-l

1This feature set is offered in the basic feature set.
2This feature set is offered in the Plus feature set.

Caution Cisco IOS images with strong encryption (including, but not limited to 168-bit (3DES) data encryption feature sets) are subject to United States government export controls and have limited distribution. Strong encryption images to be installed outside the United States are likely to require an export license. Customer orders may be denied or subject to delay due to United States government regulations. When applicable, purchaser/user must obtain local import and use authorizations for all encryption strengths. Please contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com.

Table 4 lists the features and feature sets supported by the Cisco AS5200 universal access servers in Cisco IOS Release 12.0 XJ and uses the following conventions:

Note This feature set table only contains a selected list of features. This table is not cumulative--- nor does it list all the features in each image.


Table 4: Feature List by Feature Set for the Cisco AS5200 Universal Access Server
Features In1 Software Images by Feature Set
IP IP Plus IP/IPX/
AT/DEC 		IP/IPX/
AT/DEC
Plus
Connectivity
Layer 2 Tunnel Protocol (L2TP)

(1)T

No

Yes

No

Yes

IBM Support
Bridging Code Rework

 

Yes

Yes

Yes

Yes

RIF Passthru in DLSw+

 

No

No

No

No

IP Routing
Easy IP Phase 2-DHCP Server

(1)T

Yes

Yes

Yes

Yes

IP Type of Service and Precedence for GRE Tunnels

 

Yes

Yes

Yes

Yes

OSPF Point to Multipoint

 

Yes

Yes

Yes

Yes

Per User DNS

 

Yes

Yes

Yes

Yes

Management
Cisco IOS File System

 

Yes

Yes

Yes

Yes

Entity MIB

 

Yes

Yes

Yes

Yes

Expression MIB

 

Yes

Yes

Yes

Yes

Conditionally Triggered Debugging

 

Yes

Yes

Yes

Yes

ISDN MIB RFC 2127

(1)T

Yes

Yes

Yes

Yes

Show Caller

 

Yes

Yes

Yes

Yes

SNMP Inform Request

 

No

No

No

No

SNMP Manager

 

Yes

Yes

Yes

Yes

VPDN MIB and Syslog Facility

 

No

Yes

No

Yes

Multimedia
Protocol-Independent Multicasts (PIM) Version 2

 

Yes

Yes

Yes

Yes

Quality of Service
CLI String Search

(1)T

Yes

Yes

Yes

Yes

Scalability
Airline Product Set (ALPS)

 

Yes

Yes

Yes

Yes

Security
Additional Vendor-Proprietary RADIUS Attributes

 

Yes

Yes

Yes

Yes

Authenticating ACLs

 

Yes

Yes

Yes

Yes

Automated Double Authentication

 

Yes

Yes

Yes

Yes

MS-CHAP Support

 

No

No

No

No

Named Method Lists for AAA Authentication & Accounting

 

Yes

Yes

Yes

Yes

Subblock Phase 1

 

Yes

Yes

Yes

Yes

WAN Optimization
DRP Server Agent Enhancement

 

Yes

Yes

No

Yes

WAN Services
Always On/Dynamic ISDN (AO/DI)

 

No

No

No

No

ATM E.164 Auto Conversion

 

Yes

Yes

Yes

Yes

Dialer Watch

 

Yes

Yes

Yes

Yes

Layer 2 Tunneling Protocol

(1)T

No

Yes

No

Yes

Microsoft Point-to-Point (MPPC)

 

Yes

Yes

Yes

Yes

MS Callback

 

Yes

Yes

Yes

Yes

Multiple ISDN Switch Types

 

Yes

Yes

Yes

Yes

National ISDN Switch Types

 

Yes

Yes

Yes

Yes

Signaling System 7

 

No

Yes

No

Yes

Stackable Home Gateway

 

No

Yes

No

Yes

Miscellaneous
Asynch over UDP

(4)

Yes

Yes

Yes

Yes

Cisco SNMP Version 3

(4)

Yes

Yes

Yes

Yes

CNS Client for Cisco IOS Software

(4)

No

No

No

No

Dynamic Multiple Encapsulation for Dial-in over ISDN

(4)

Yes

Yes

Yes

Yes

Flow Random Early Detection (Flow WRED)

(4)

Yes

Yes

Yes

Yes

Generic Filesystem Layer (OS_IFSS)

(4)

Yes

Yes

Yes

Yes

ISDN LAPB-TA

(4)

Yes

Yes

Yes

Yes

Large Scale Dialout

(4)

Yes

Yes

No

No

Multilink Inverse Multiplexor

(4)

Yes

Yes

Yes

Yes

Parse Bookmarks

(4)

Yes

Yes

Yes

Yes

Process MIB

(4)

Yes

Yes

Yes

Yes

Signaling System 7 (SS7)

(4)

No

Yes

No

Yes

SLIP-PPP Banner and Banner Tokens

(4)

No

No

No

No

Virtual Console

(1)

Yes

Yes

Yes

Yes

1This column indicates the maintenance release in which the feature was introduced. If this cell is empty in this column, this feature was introduced in the initial base release.

New and Changed Information

The following sections list the new hardware and software features supported by the Cisco AS5200 universal access servers for Release 12.0(4)XJ5:

No New Features in Release 12.0(4)XJ5

There are no new features supported by the Cisco AS5200 universal access servers in Cisco IOS Release 12.0(4)XJ5.

Important Notes

The following sections contain important notes about Cisco IOS Release 12.0 that can apply to the CiscoAS5200 universal access servers.

Cisco IOS Syslog Failure

Certain versions of Cisco IOS software can fail when they receive invalid User Datagram Protocol (UDP) packets sent to their syslog ports (port 514). At least one commonly used Internet scanning tool generates packets that cause such problems. This fact has been published on public Internet mailing lists, which are widely read both by security professionals and by security crackers. This information should be considered in the public domain.

Attackers can cause Cisco IOS devices to repeatedly fail and reload, resulting in a completely disabled Cisco IOS device that needs to be reconfigured by its administrator. Some Cisco IOS devices can hang instead of failing when attacked. These devices do not recover until they are manually restarted by reset or power cycling. An administrator must visit the device to restart it, even if the attacker is no longer actively sending any traffic. Some devices have failed without providing stack traces; some devices indicate that they were "restarted by power-on," even when that was not the case.

Assume that any potential attacker knows the existence of this problem and the ways to exploit it. An attacker can use tools available to the public on the Internet and does not need to write any software to exploit the vulnerability. Minimal skill is required and no special equipment is required.

Despite Cisco specifically inviting such reports, Cisco has received no actual reports of malicious exploitation of this problem.

This vulnerability notice was posted on Cisco's World Wide Web site:

http://www.cisco.com/warp/public/770/iossyslog-pub.shtml

This information was also sent to the following e-mail and USENET news recipients:

Affected Devices and Software Versions

Table 5 describes hardware and software that are affected by this problem. Affected versions include Releases 11.3 AA, 11.3 DB, and all 12.0 versions (including 12.0 mainline, 12.0 S, 12.0 T, and any other regular released version whose number starts with 12.0), up to the repaired releases listed in Table 5. Cisco is correcting the problem in certain special releases, will correct it in future maintenance and interim releases, and intends to provide fixes for all affected IOS variants. See Table 5, Affected and Repaired Software Versions for details.

No particular configuration is needed to make a Cisco IOS device vulnerable. It is possible to filter out attack traffic by using access lists. See the "Workarounds" section for techniques. However, except at Internet firewalls, the appropriate filters are not common in customer configurations. Carefully evaluate your configuration before assuming that any filtering you have protects you against this attack.

The most commonly used or asked-about products are listed below. If you are unsure whether your device is running Cisco IOS software, log in to the device and enter the show version command. Cisco IOS software will identify itself simply as "IOS" or "Internetwork Operating System Software." Other Cisco devices do not have the show version command and identify themselves differently in their output. The most common Cisco devices that run Cisco IOS software include the following:

Affected software versions, which are relatively new, are not necessarily available on every device listed above. If you are not running Cisco IOS software, you are not affected by this problem.

The following Cisco devices are not affected:

This vulnerability has been assigned Cisco bug ID CSCdk77426.

Solution

Cisco offers free software updates to correct this vulnerability for all affected customers---regardless of their contract status. However, because this vulnerability information has been disseminated by third parties, Cisco has released this notice before updates are available for all software versions. Table 5 gives Cisco's projected fix dates.

Make sure that your hardware has adequate RAM to support the new software before installing it. The amount of RAM is seldom a problem when you upgrade within a major release, for example, from 11.2[11]P to 11.2[17]P, but it is often a factor when you upgrade between major releases, for example, from 11.2 P to 11.3 T.

Because fixes will be available for all affected releases, this vulnerability will rarely, if ever, require you to upgrade to a new major release. Cisco recommends that you carefully plan for any upgrade between major releases. Make certain no known bugs will prevent the new software from working properly in your environment.

Further upgrade planning assistance is available on Cisco's World Wide Web site at:

http://www.cisco.com

If you have service contracts, you can obtain new software through your regular update channels (generally through Cisco's World Wide Web site). You can upgrade to any software release, but you must remain within the boundaries of the feature sets you have purchased.

If you do not have service contracts, you can upgrade to only obtain the bug fixes; free upgrades are restricted to the minimum upgrade required to resolve the defects. You can only upgrade to the software described in one row of Table 5---except when no upgrade within the same row is available in a timely manner.

Obtain updates by contacting one of the following Cisco Technical Assistance Centers (TACs):

Give the URL of this notice (http://www.cisco.com/warp/public/770/iossyslog-pub.shtml) as evidence for a free update. Customers with no contracts must request for free updates through the TAC. For software updates, please do not contact either "psirt@cisco.com" or "security-alert@cisco.com.

Workarounds

You can work around this vulnerability by preventing any affected Cisco IOS device from receiving or processing UDP datagrams addressed to port 514. You can do this by either using packet filtering on surrounding devices, or by using input access list filtering on the affected IOS device itself.

If you use an input access list, apply it to all interfaces to which attackers can send datagrams. Interfaces include not only physical LAN and WAN interfaces but also virtual subinterfaces of those physical interfaces---as well as virtual interfaces and interface templates corresponding to GRE, L2TP, L2F, and other tunneling protocols.

The input access list must block traffic destined for UDP port 514 at any of the Cisco IOS device's own IP addresses---as well as at any broadcast or multicast addresses on which the Cisco IOS device may be listening. Be sure to block both old-style "all-zeros" broadcasts and new-style "all-ones" broadcasts. It is not necessary to block traffic being forwarded to other hosts---only traffic actually addressed to the Cisco IOS device.

No single input access list works in all configurations. Be sure you know the effect of your access list in your specific configuration before activating it.

The following example shows a possible access list for a three-interface router, along with the configuration commands needed to apply the list. The example assumes input filtering is not needed---other than as a workaround for this problem:

! Deny all multicasts, and all unspecified-net broadcasts, to port 514
access-list 101 deny udp any 224.0.0.0 31.255.255.255 eq 514
! Deny old-style unspecified-net broadcasts
access-list 101 deny udp any host 0.0.0.0 eq 514
! Deny network-specific broadcasts. This example assumes that all of
! the local interfaces are on the class B network 172.16.0.0, subnetted
! everywhere with mask 255.255.255.0. This will differ from network
! to network. Note that we block both new-style and old-style broadcasts.
access-list 101 deny udp any 172.16.0.255 0.0.255.0 eq 514
access-list 101 deny udp any 172.16.0.0   0.0.255.0 eq 514
! Deny packets sent to the addresses of our own network interfaces.
access-list 101 deny udp any host 172.16.1.1 eq 514
access-list 101 deny udp any host 172.16.2.1 eq 514
access-list 101 deny udp any host 172.16.3.3 eq 514
! Permit all other traffic (default would be to deny)
access-list 101 permit ip any any
 
! Apply the access list to the input side of each interface
interface ethernet 0
ip address 172.16.1.1 255.255.255.0
ip access-group 101 in
 
interface ethernet 2
ip address 172.16.2.1 255.255.255.0
ip access-group 101 in
 
interface ethernet 3
ip address 172.16.3.3 255.255.255.0
ip access-group 101 in

Listing all possible addresses---especially all possible broadcast addresses---to which attack packets can be sent is complicated. If you do not need to forward any legitimate syslog traffic received on an interface, you can block all syslog traffic arriving on that interface. Remember that blocking will affect traffic routed through the Cisco IOS device---as well as traffic destined to the device. If the IOS device is expected to forward syslog packets, you will have to filter in detail. Because input access lists impact system performance, install them with caution---especially on systems running very near their capacity.

Software Versions and Fixes

Many Cisco software images have been or will be specially reissued to correct this vulnerability. For example, regular released Cisco IOS version 12.0(2) is vulnerable, as are interim versions 12.0(2.1) to 12.0(2.3). The first fixed interim version of Release12.0 mainline software is Release12.0(2.4). However, a special release, 12.0(2a), contains only the fix for this vulnerability and does not include any other bug fixes from later 12.0 interim releases.

If you are running Release 12.0(2) and want to fix this problem without risking possible instability presented by installing the 12.0(2.4) interim release, you can upgrade to Release 12.0(2a). Release 12.0(2a) is a "code branch" from the Release 12.0(2) base, which will merge back into the Release 12.0 mainline at Release 12.0(2.4).

Special releases, like 12.0(2a), are one-time spot fixes, and they will not be maintained. Thus, the upgrade path from Release 12.0(2a) is to Release 12.0(3).

Note All dates within this table are subject to change.


Table 5: Affected and Repaired Software Versions
Cisco IOS Major Release Description Special Fix1 First Fixed Interim Release2 Fixed Maintenance Release3
Unaffected Releases

11.2 and earlier releases---all variants

Unaffected early releases (no syslog server)

Unaffected

Unaffected

Unaffected

11.3, 11.3  T, 11.3 DA, 11.3 MA, 11.3 NA, 11.3 WA, 11.3(2)XA

11.3 releases without syslog servers

Unaffected

Unaffected

Unaffected

Releases Based on 11.3

11.3 AA

11.3 early deployment for AS58xx

11.3(7)AA2, 8-JAN-19994

11.3(7.2)AA

11.3(8)AA, 15-FEB-1999

11.3 DB

11.3 for Cisco NRP routing blade in Cisco 6400 xDSL DSLAM

 

 

11.3(7)DB2, 18-JAN-1999

Releases Based on 12.0

12.0

12.0 Mainline

12.0(2a), 8-JAN-1999

12.0(2.4)

12.0(3), 1-FEB-1999

12.0 T

12.0 new technology early deployment

12.0(2a)T1, 11-JAN-1999

12.0(2.4)T

12.0(3)T, 15-FEB-1999

12.0 S

ISP support; 7200, RSP, GSR

 

12.0(2.3)S, 27-DEC-1998

12.0(2)S5, 18-JAN-1999

12.0 DB

12.0 for Cisco 6400 universal access concentrator node switch processor (lab use)

 

 

12.0(2)DB, 18-JAN-1999

12.0(1)W

12.0 for Catalyst 8500 and LS1010

12.0(1)W5(5a) and 12.0(1a)W5(5b) (LS1010 platform only)

12.0(1)W5(5.15)

12.0(1)W5(6) (platform support for Catalyst 8540M will be in 12.0(1)W5(7))

12.0(0.6)W5

One-time early deployment for CH-OC-12 module in Catalyst 8500 series switches

Unaffected; one-time release

Unaffected

Unaffected; To upgrade use 12.0(1)W5 releases.

12.0(1)XA3

Short-life release; merged to 12/0T at 12.0(2)T

Obsolete

Merged

Upgrade to 12.0(2a)T1 or to 12.0(3)T.

12.0(1)XB

Short-life release for Cisco 800 series; merged to 12.0 T and 12.0 (3)T

12.0(1)XB1

Merged

Upgrade to 12.0(3)T.

12.0(2)XC

Short-life release for new features in Cisco 2600, Cisco 3600, uBR7200, uBR900 series; merged to 12.0 T at 12.0(3)T

12.0(2)XC1, 7-JAN-1999

Merged

Upgrade to 12.0(3)T

12.0(2)XD

Short-life release for ISDN voice features; merged to 12.0 T at 12.0(3)T

12.0(2)XD1, 18-JAN-1999

Merged

Upgrade to 12.0(3)T

12.0(1)XE

Short-life release

12.0(2)XE, 18-JAN-1999

Merged

Upgrade to 12.0(3)T

1A special fix is a one-time release that provides the most stable immediate upgrade path.
2Interim releases are tested less rigorously than regular maintenance releases; interim releases can contain serious bugs.
3Fixed maintenance releases are on a long-term upgrade path. Other long-term upgrade paths also exist.
4All dates in this table are estimates and are subject to change.
5This entry is not a misprint. The 12.0(2.3)S interim release is available before the 12.0(2)S regular release.

MIBs

Old Cisco Management Information Bases (MIBs) will be replaced in a future release. OLD-CISCO-* MIBs are currently migrated into more scalable MIBs---without affecting existing Cisco IOS products or NMS applications. You can update from deprecated MIBs to the replacement MIBs as shown inTable 6:


Table 6: Deprecated and Replacement MIBs
Deprecated MIB Replacement

OLD-CISCO-APPLETALK-MIB

RFC1243-MIB

OLD-CISCO-CHASSIS-MIB

ENTITY-MIB

OLD-CISCO-CPUK-MIB

In development

OLD-CISCO-DECNET-MIB

 

OLD-CISCO-ENV-MIB

CISCO-ENVMON-MIB

OLD-CISCO-FLASH-MIB

CISCO-FLASH-MIB

OLD-CISCO-INTERFACES-MIB

IF-MIB CISCO-QUEUE-MIB

OLD-CISCO-IP-MIB

 

OLD-CISCO-MEMORY-MIB

CISCO-MEMORY-POOL-MIB

OLD-CISCO-NOVELL-MIB

NOVELL-IPX-MIB

OLD-CISCO-SYS-MIB

(Compilation of other OLD* MIBs)

OLD-CISCO-SYSTEM-MIB

CISCO-CONFIG-COPY-MIB

OLD-CISCO-TCP-MIB

CISCO-TCP-MIB

OLD-CISCO-TS-MIB

 

OLD-CISCO-VINES-MIB

CISCO-VINES-MIB

OLD-CISCO-XNS-MIB

 

Caveats

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.

This section only contains open and resolved caveats for the current Cisco IOS maintenance release.

All caveats in Release 12.0 and Release 12.0 T are also in Release 12.0 XJ.

For information on caveats in Cisco IOS Release 12.0, see Caveats for Cisco IOS Release  12.0 .

For information on caveats in Cisco IOS Release 12.0 T, see Caveats for Cisco IOS Release  12.0  T, which lists severity 1 and 2 caveats, and is located on CCO and the Documentation CD-ROM.

Open Caveats---Release 12.0(4)XJ5

This section describes possibly unexpected behavior by Release 12.0(4)XJ5 and describes only severity 1 and 2 caveats:

Basic System Services

SegV Exception in peer_list_sum, NTP related
When utilising ntp pivate mode and control type messages for remote query it is possible to see a router crash or traceback messages .
Using show int accounting with 12.0(3)T the accounting records are updated only when the first system interface is sampled and all interfaces share the accounting record of the first interface.
Cisco IOS may crash when write memory is entered at the router prompt. This happens during nvgen of line command.
Running the latest 12.0T image the router cannot execute boot config commands from flash. This error message appears :
%Error opening nvram:/startup-config (File system is in an inconsistent state)
and no config at all is loaded.

Interfaces and Bridging

A Bridge-Group Virtual Interface (BVI) might become wedged intermittently (approximately monthly).
Workaround: Create a new BVI.
Alignment error messages on dot1q over IPX SAP.
*Jul 8 11:50:37: %ALIGN-3-CORRECT: Alignment correction made at 0x605B8E70 reading 0x63E5A6F1 *Jul 8 11:50:37: %ALIGN-3-TRACE: -Traceback= 605B8E70 60095714 60095700 00000000 00000000 00000000 00000000 00000000
However this alignment errors do not effect the connectivity or cause packet loss.
PA-A1 is subject to rx packets with bad aal5_length field. If the erroneous length is too small, it will corrupt memory sometimes and causes router crash.
A Cisco7206VXR with an NPE-300 crashed with a bus error, running 12.0(6.5)T2

IP Routing Protocols

Same global inside address used for three different inside hosts - using dynamic address translation / 11.2.9 IOS
After a link flap, the summary route might not appear in the routing table even though it appears in the OSPF topology table.
Workaround: Restart the OSPF process, or reload the router.
If the following routes exist: 1. An OSPF external route 2. A floating static route (backup for external), with next-hop interface being OSPF enabled, and if there is a flap in external route, floating static will be installed in the routing table. Floating static route will not get replaced by external route, even when external route comes back up.
Workaround: Issue a clear ip route * .
This DDTS fixes the problem whereby the tableID is not set when iBGP paths are learned before the prefixes from CE. This leads to inconsistency of paths showing up in the VRF table.
NAT might stop creating new entries after running for a while. The workaround is to clear the nat translation table.
When configuring policy routing on a rotary group leader, issuing no ip policy route-map <rmapname> on a Group-Async rotary group member or multiple physical interface rotary group members will cause the router to crash with SYS-2-FREEFREE type error.
When importing is done between 2 VRFs on the same PE, the imported paths will have wrong tableid and set to tableid of the original VRF.
Following entries are added to the running config without NAT being configured in the box.

Miscellaneous

Customer has to issue the command clear interface bri X, where X is the interface number of the 4000 8 port MBRI module that has a layer 2 state of "AWAITING_ESTABLISHMENT" for one Spid and "TEI_ASSIGNED" for the other Spid. The interface that gets stuck in this state is not always the same and it occurs at random times. It is not periodic.
After issuing the clear interface command, the layer 2 of the affected port changes to state "MULTIPLE_FRAME_ESTABLISHED" for both Spids. At this time, another ISDN call is able to be placed.
In Release 11.2P and 11.3 when Fast Ethernet subinterfaces are configured for encryption, if the crypto map is only applied to the main interface and the IP address is configured in the subinterface, the packets could be switched in the clear. In Release 12.0, enabling CEF could cause the packets to get dropped.
When tunneling IPX over an ip tunnel, and when using an extended inbound access list for IP on the tunnel interface, the IPX traffic gets blocked by the access list. As a workaround a permit gre statement could be added in the extended access-list.
If Token Ring is the endpoint of an encrypted tunnel, extra packets are generated.
Symptoms are a high CPU load (mainly taken by the Crypto Engine) and bogus addresses when enabling the debug tunnel command.
The workaround is to use the interface command tunnel sequence-datagrams on both endpoints of the tunnel.
After this ddts, the number of packets that can be queued on the hardware transmit queue can be limited using the tx-queue-limit CLI in the interface configuration. The current tx-queue-limit value can be obtained from the show controllers output. The following line will be displayed.
tx_limited=TRUE tx_queue_limit=2
tx_limited=TRUE means PQ or WFQ is enabled. tx_queue_limit value is displayed only if tx_limited is TRUE. When WFQ/PQ is enabled, the tx_queue_limit is set to 2. To change this value, the tx-queue-limit can be used. For PRI interfaces, the tx-queue-limit is configured to the D-channel interface. This tx-queue-limit will then apply to the B-channels.
For strict priority queueing the tx-queue-limit will have to be set to 1. The drawback of setting the tx-queue-limit to 1 is that the priority queueing code will kick in for each packet so this will have a performance impact. So it's a trade off between strict prioritization and performance.
When changing traffic shaping parameter in presence of traffic going through, NRP may have a software crash. There is already a fix, but not in 11.3(9)DB2. One may choose to shutdown the interface during configuration update as a wrokaround.
Statistics for per atm pvc wred do not propogate from VIP to RSP. This gives the impression the feature is not functioning. However, the feature is executing on the VIP. It is just that the stats are not coming up to the RSP and thus cannot be displayed in the show output.
PVC will fail to transmit if the configuration for that PVC is changed while the outbound rate on that PVC exceeds SCR.
Workaround is to do a clear interface ATMx/y when the problem occurs.
When you enable bridging on a Fast EtherChannel (FEC), the host functionality might not work properly, but bridging functionality is not affected. There is no workaround.
In 12.0T code cef will not work with bundle VC-s if subinterfaces part of the same physical interface are used .
Running a high load using IPsec may cause the router to reload after an indeterminate amount of time (5 minutes to 5 hours or more). There is no workaround.
Whan an entry in the arp table of the MPS change (more specifically when the corrispondance between the MAC address and the IP address change and the change is reflected into the MPS ARP table), some shourtcuts cannot be valid any more.
The MPS should take some initiative to notify the client about that, for example sending a purge.
The situation happens when devices that can "share" the same IP address at different times are connected behind a MPC.
A Cisco L2TP LAC or LNS will not send a ZLB ACK for a retransmitted CDN which could cause the tunnel to drop if the peer doesn't receive a response to its control message.
VIPs may crash when a 2FE is installed during bootup or configuration prior to this release.
If there are more than 35-40 connections active on the same DMM modem card and there is a large volume of unframed (non PPP) data output on the modems, the Router Shelf processor load may go very high and data output to the modems may be lost. There is no workaround.
Compression packets are process switched on the HSSI interface. With ip rtp header-compression and either ip route-cache or ip cef configured on a HSSI interface, packets will take the process path instead of the fast path. There is no workaround.
Compressed packets cannot be fast switched on PA-MC-8E1 card. Fastswitching on packets will not be compressed on the PAMC8E1 card and will only be compressed in the process path. There is no workaround
The problem is that under certain curcumstances when the socket errors condition occur, the H323 process who is one of the process that uses socket event API may spin with 98% to 100% CPU. There is not get around.
The problem can be identify by observe the % CPU utilization of the H323 process and enable the debug ip socket for the following errors.
Nov 22 19:01:45.941: process_get_socket_event(): pid 111, proc_soc 0x6226FD08 fd 3 mask 0x1 sock 0x62779184, sock->next 0x627BA000 *Nov 22 19:01:46.865: process_get_socket_event(): pid 111, proc_soc 0x6226FD08 fd 3 mask 0x1 sock 0x62779184, sock->next 0x627BA000 *Nov 22 19:01:46.865: SOCKET: Read failed: socket 0x62779184 can't read anymore *Nov 22 19:01:46.865: process_get_socket_event(): pid 111, proc_soc 0x6226FD08 fd 2 mask 0x1 sock 0x627BA000, sock->next 0x6260E8B8 *Nov 22 19:01:46.865: SOCKET: Read failed: socket 0x627BA000 can't read anymore 3d18h: %SYS-3-MSGLOST: 47995 messages lost because of queue overflow *Nov 22 19:01:46.941: SOCKET: Read failed: socket 0x62779184 can't read anymore *Nov 22 19:01:47.869: process_get_socket_event(): pid 111, proc_soc 0x6226FD08 fd 3 mask 0x1 sock 0x62779184, sock->next 0x627BA000 *Nov 22 19:01:47.873: SOCKET: Read failed: socket 0x62779184 can't read anymore *Nov 22 19:01:47.873: process_get_socket_event(): pid 111, proc_soc 0x6226FD08 fd 2 mask 0x1 sock 0x627BA000, sock->next 0x6260E8B8 *Nov 22 19:01:47.873: SOCKET: Read failed: socket 0x627BA000 can't read
Before fix, hotswapping a modem card affects certain MIB variables (i.e. upstream and downstream channel information) for that card and all modem cards below that slot. If there is a CM connected to an other modem card, when mibwalk docsIfCmtsObjects which contains docsIfCmtsCmStatusTable, it is possible that UBR will look like it is hanging.
After fix, when hotswapping a modem card, the deletion and addition of ifTable and ifStackTable have being handled correctly and no MIB variables would be missing for that card and all modem cards below that slot and no hanging when mibwalk docsIfCmtsCmtsObjects.
Workaround is to reload the router after OIR.
If Baseline Privacy is active, issuing the command show cable flap-list will crash the router. There is no workaround. This only affects Baseline Privacy ("k1") images.

Wide-Area Networking

The Link Access Procedure, Balanced (LAPB) module will retransmit any outstanding unacknowledged frames when the remote device reports "Receiver Ready" after previously reporting "Receiver Not Ready." If the T1 timer has not expired while the remote device was not ready, the outstanding unacknowledged frames should still be considered outstanding, and the LAPB should not retransmit them. There is no workaround.
The problem seems to happen only when transferring large information (ie: ftp). During that time we see Badsync or Badversion.
When using the interface multilink method for creating MLP bundle super interfaces in release 12.0(7.1)T and greater, a crash may occur intermittently when the member links are removed from the "multilink interface" via the command no multilink-group x. The user should perform a shut on all interfaces, remove each group member, then shut and remove the "multilink interface x"
When interworking with non-ISDN, the default number type and number plan for outgoing QSIG calls should be unknown.
Removal of the RLM GROUP from configuration will cause the serial interface to be removed.

Resolved Caveats---Release 12.0(4)XJ5

All the caveats listed in this section are resolved in release 12.0(4)XJ5.

IBM Connectivity

Removing the client ip ... configuration command may cause the router to unexpectedly restart due to a software forced crash.

Interfaces and Bridging

When you enable bridging on a Fast EtherChannel (FEC), the host functionality might not work properly, but bridging functionality is not affected. There is no workaround.
When a cable is disconnected from a GEIP interface port, the Cisco IOS does not report the "link down" event, and the interface stays up. There is no workaround.
When configuring a new E1 interface on a Port Adapter in a VIP2 based system ALL active E1's will go down.
The E1's don't have to be on the same VIP2
This event has been observed when configuring the following: 1) timeslots on the controller, 2) encapsulation type on the interface.
Currently there is no workaround.
Configuration changes on an E1 controller have to be executed in a maintenance window until this behaviour has been corrected.

IP Routing Protocols

After reloading BGP-3-BADROUTEMAP: Bad parameters in the route-map <name> applied for Dampening is logged every minute on 12.0(5)T (not on 12.0(4)T).
A sho ip bgp dampened-paths shows % dampening reconfiguration in progress
Doing a no bgp dampening route-map <name> bgp makes both issues go away.
BGP will not send the default route to its neighbor when "default-originate" is configured.
In some circumstances, EIGRP will not automatically install and advertise PPP host routes created through dial-in.
Workaround: Perform redistribute connected under EIGRP on the router receiving the dial connections.

LAT

The following line commands are not supported in Cisco IOS Release 12.0(5.5) through Release 12.0(6): the session-limit command, the absolute-timeout command, and online help for the lat command. There is no workaround.

Miscellaneous

The Ascend-Idle-Limit attribute is defined as being a value in seconds.
When this is applied to a client using PPP dedicated mode, the attribute is interpreted correctly and the client is idled out.
When this is applied to a client using PPP interactive mode, the attribute is interpreted and set as a minute value.
In some instances you may see RPM_VIRTUAL_PORT-3-IPCERR indicating that RPM was not able to convey the existing virtual port information to PXM. This situation is more likely to happen after clrallcnf command is executed or card is reset. At this point the connection database get out of sync between RPM and PXM, and RPM experienced a problem in connection resync. However, the connections eventually come up successfully.
If not, the saved config needs to be copied to running config by copy command.
Under some circumstances, the store-and-forward fax SMTP server may return the following message to the SMTP client even though the fax was delivered successfully:
450 4.4.2 Fax protocol delivery error
A Cisco router running MPLS VPN is forwarding ICMP "unreachable" messages into according to the main routing table instead of sending them to the originating VRF.
This prevents IP MTU discovery to work properly.
Workaround: Disable IP MTU discovery on the affected hosts.

Wide-Area Networking

All platforms running MLP may potentially encounter a transient error condition where no links are assigned to a multi-link bundle.
Occassionaly a VIP card may not respond to a RSP boards request for a DBUS transaction. When this occurs the RSP will reset the VIP interface and perform a cbus complex restart (to re-allocate MEMD).
We do have a workaround for this problem now. Please refer to the workaround enclosure.
Router crashes with bus error in xot_cx_transition The stack is not always exactly the same.
While making multiple digital calls to an isdn PRI router, excessive CPU utilization will be given to the Dialer software component. These CPU HOGS will cause an rsp4 with 10 busy PRI's to become unusable.
In 12.0(5)T release of IOS software, LANE clients may use an incorrect value as a SDU size in their setup message to the LES. This can prevent the client from coming up. This would happen only if the mtu on the sub-interface is non-default(greater than 1500). The workaround is to use an MTU of 1500 on those sub-interfaces until this problem is resolved in the next release of IOS software.

Related Documentation

The following sections describe the documentation available for the Cisco AS5200 universal access servers. These documents consist of hardware and software installation guides, Cisco IOS configuration and command references, system error messages, feature modules, and other documents.

Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online on CCO and the Documentation CD-ROM.

Use these release notes with these documents:

Release-Specific Documents

The following documents are specific to Release 12.0 and are located on CCO and the Documentation CD-ROM:

On CCO at:
Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Release Notes: Cross-Platform Release Notes
Service & Support: Technical Documents
On CCO at:
Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Caveats
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Caveats

Platform-Specific Documents

These documents are available for the Cisco AS5200 universal access servers on CCO and the Documentation CD-ROM:

On CCO at:

Technical Documents: Documentation Home Page: Cisco Product Documentation: Access Servers and Access Routers: Access Servers: Cisco AS5200

On the Documentation CD-ROM at:

Cisco Product Documentation: Access Servers and Access Routers: Access Servers: Cisco AS5200

Feature Modules

Feature modules describe new features supported by Release 12.0 XJ and are updates to the Cisco IOS documentation set. A feature module consists of a brief overview of the feature, benefits, configuration tasks, and a command reference. As updates, the feature modules are available online only. Feature module information is incorporated in the next printing of the Cisco IOS documentation set.

On CCO at:

Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: New Feature Documentation

On the Documentation CD-ROM at:

Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: New Feature Documentation

Cisco IOS Software Documentation Set

The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents, which are shipped with your order in electronic form on the Documentation CD-ROM---unless you specifically ordered the printed versions.

Documentation Modules

Each module in the Cisco IOS documentation set consists of two books: a configuration guide and a corresponding command reference. Chapters in a configuration guide describe protocols, configuration tasks, Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference.

On CCO and the Documentation CD-ROM, two master hot-linked documents provide information for the Cisco IOS software documentation set.

You can reach these documents on CCO at:

Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Configuration Guides and Command References

You can reach these documents on the Documentation CD-ROM at:

Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Configuration Guides and Command References

Release 12.0 Documentation Set

Table 7 describes the contents of the Cisco IOS Release 12.0 software documentation set, which is available in electronic form and in printed form upon request.

Note You can find the most current Cisco IOS documentation on CCO and the Documentation CD-ROM. These electronic documents may contain updates and modifications made after the hard-copy documents were printed.

You can reach the Cisco IOS documentation set on CCO at:

Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0

You can reach the Cisco IOS documentation set on the Documentation CD-ROM at:

Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0


Table 7: Cisco IOS Software Release 12.0 Documentation Set
Books Chapter Topics

  • Configuration Fundamentals Configuration Guide

  • Configuration Fundamentals Command Reference

Configuration Fundamentals Overview
Cisco IOS User Interfaces
File Management
System Management

  • Bridging and IBM Networking Configuration Guide

  • Bridging and IBM Networking Command Reference

Transparent Bridging
Source-Route Bridging
Token Ring Inter-Switch Link
Remote Source-Route Bridging
DLSw+
STUN and BSTUN
LLC2 and SDLC
IBM Network Media Translation
DSPU and SNA Service Point
SNA Frame Relay Access Support
APPN
Cisco Database Connection
NCIA Client/Server Topologies
Cisco Mainframe Channel Connection
Airline Product Set

  • Dial Solutions Configuration Guide

  • Dial Solutions Command Reference

X.25 over ISDN
Appletalk Remote Access
Asynchronous Callback, DDR, PPP, SLIP
Bandwidth Allocation Control Protocol
ISDN Basic Rate Service
ISDN Caller ID Callback
PPP Callback for DDR
Channelized E1 & T1
Dial Backup for Dialer Profiles
Dial Backup Using Dialer Watch
Dial Backup for Serial Lines
Peer-to-Peer DDR with Dialer Profiles
DialOut
Dial-In Terminal Services
Dial-on-Demand Routing (DDR)
Dial Backup
Dial-Out Modem Pooling
Large-Scale Dial Solutions
Cost-Control Solutions
Virtual Private Dialup Networks
Dial Business Solutions and Examples

  • Cisco IOS Interface Configuration Guide

  • Cisco IOS Interface Command Reference

Interface Configuration Overview
LAN Interfaces
Logical Interfaces
Serial Interfaces

  • Network Protocols Configuration Guide, Part 1

  • Network Protocols Command Reference, Part 1

IP Overview
IP Addressing and Services
IP Routing Protocols

  • Network Protocols Configuration Guide, Part 2

  • Network Protocols Command Reference, Part 2

AppleTalk
Novell IPX

  • Network Protocols Configuration Guide, Part 3

  • Network Protocols Command Reference, Part 3

Network Protocols Overview
Apollo Domain
Banyan VINES
DECnet
ISO CLNS
XNS

  • Security Configuration Guide

  • Security Command Reference

AAA Security Services
Security Server Protocols
Traffic Filtering and Firewalls
IP Security and Encryption
Passwords and Privileges
Neighbor Router Authentication
IP Security Options

  • Cisco IOS Switching Services Configuration Guide

  • Cisco IOS Switching Services Command Reference

Switching Services
Switching Paths for IP Networks
Virtual LAN (VLAN) Switching and Routing

  • Wide-Area Networking Configuration Guide

  • Wide-Area Networking Command Reference

Wide-Area Network Overview
ATM
Frame Relay
SMDS
X.25 and LAPB

  • Voice, Video, and Home Applications Configuration Guide

  • Voice, Video, and Home Applications Command Reference

Voice over IP
Voice over Frame Relay
Voice over ATM
Voice over HDLC
Frame Relay-ATM Internetworking
Synchronized Clocks
Video Support
Universal Broadband Features

  • Quality of Service Solutions Configuration Guide

  • Quality of Service Solutions Command Reference

Policy-Based Routing
QoS Policy Propagation via BGP
Committed Access Rate
Weighted Fair Queueing
Custom Queueing
Priority Queueing
Weighted Random
Early Detection
Scheduling
Signaling
RSVP
Packet Drop
Frame Relay Traffic Shaping
Link Fragmentation
RTP Header Compression

  • Cisco IOS Software Command Summary

  • Dial Solutions Quick Configuration Guide

  • System Error Messages

  • Debug Command Reference

 

Note Cisco Management Information Base (MIB) User Quick Reference is no longer published. For the latest list of MIBs supported by Cisco, see Cisco Network Management Toolkit on Cisco Connection Online. From CCO, click on the following path: Service & Support: Software Center: Network Mgmt Products: Cisco Network Management Toolkit: Cisco MIB.

Service and Support

For service and support for a product purchased from a reseller, contact the reseller, who offers a wide variety of Cisco service and support programs described in "Service and Support" of Cisco Information Packet that shipped with your product.

Note If you purchased your product from a reseller, you can access CCO as a guest. CCO is Cisco Systems' primary real-time support channel. Your reseller offers programs that include direct access to CCO services.

For service and support for a product purchased directly from Cisco, use CCO.

Software Configuration Tips on the Cisco Technical Assistance Center Home Page

If you have a CCO login account, you can access the following URL, which contains links and tips on configuring your Cisco products:

http://www.cisco.com/kobayashi/serv_tips.shtml

This URL is subject to change without notice. If it changes, point your Web browser to CCO  and click on this path: Products & Technologies: Products: Technical Tips.

The following sections are provided from the Technical Tips page:

Cisco Connection Online

Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.

Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.

CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.

You can reach CCO in the following ways:

For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.

Note If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com. To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526-7208, or cs-rep@cisco.com.

Documentation CD-ROM

Cisco documentation and additional literature are available in a CD-ROM package, which package that ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.

If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.





hometocprevnextglossaryfeedbacksearchhelp
Posted: Fri Dec 3 11:51:43 PST 1999
Copyright 1989-1999©Cisco Systems Inc.