 Feedback
|
Table Of Contents
Release Notes for Cisco IAD2801 Series Integrated Access Devices with Cisco IOS Release 12.4(11)XJ
Determining the Software Release
Upgrading to a New Software Release
New Hardware Features in Release 12.4(11)XJ4
New Software Features in Release 12.4(11)XJ4
New Hardware Features in Release 12.4(11)XJ3
New Software Features in Release 12.4(11)XJ3
New Hardware Features in Release 12.4(11)XJ2
New Software Features in Release 12.4(11)XJ2
New Hardware Features in Release 12.4(11)XJ1
New Software Features in Release 12.4(11)XJ1
Fixed Configuration Platforms Supporting Specific Cards
Open Caveats - Cisco IOS Release 12.4(11)XJ4
Resolved Caveats - Cisco IOS Release 12.4(11)XJ4
Open Caveats - Cisco IOS Release 12.4(11)XJ3
Resolved Caveats - Cisco IOS Release 12.4(11)XJ3
Open Caveats - Cisco IOS Release 12.4(11)XJ2
Resolved Caveats - Cisco IOS Release 12.4(11)XJ2
Open Caveats - Cisco IOS Release 12.4(11)XJ1
Resolved Caveats - Cisco IOS Release 12.4(11)XJ1
Cisco IOS Software Documentation Set
Open Source License Acknowledgements
Obtaining Documentation, Obtaining Support, and Security Guidelines
Release Notes for Cisco IAD2801 Series Integrated Access Devices with Cisco IOS Release 12.4(11)XJ
March 26, 2008Cisco IOS Release 12.4(11)XJ4OL-12461-03 Fifth ReleaseThese release notes for the Cisco IAD2801 Series Integrated Access Devices Cisco IAD2801 describe the product-related enhancements provided in the Cisco IOS Release 12.4(11)XJ2. These release notes are updated as needed.
For a list of the applicable software caveats, see the "Caveats" section. See also Caveats for Cisco IOS Release 12.4T, which is updated for every maintenance release.
Use these release notes with the Cross-Platform Release Notes for Cisco IOS Release 12.4T.
We recommend that you view the field notices for this release to see if your software or hardware platforms are affected. If you have an account on Cisco.com, you can find field notices at http://www.cisco.com/warp/public/tech_tips/index/fn.html. If you do not have a Cisco.com login account, you can find field notices at http://www.cisco.com/warp/public/tech_tips/index/fn.html.
Contents
These release notes describe the following topics:
•
Open Source License Acknowledgements
•
Introduction
The following Cisco IAD2801 models are supported:
•
•
•
The following cards are supported in the factory configurable HWIC slot on all models:
•
•
•
For information on new features and Cisco IOS commands supported by Cisco IOS Release 12.4(11)XJ, see the "New and Changed Information" section.
System Requirements
This section describes the system requirements for the Cisco IOS Release 12.4(11)XJ releases and includes the following sections:
•
•
Memory Requirements
Table 1 lists the memory requirements for the Cisco IOS feature sets on the Cisco IAD2801 in Cisco IOS Release 12.4(11)XJ. The Cisco IAD2801 uses a 32-MB Flash memory card.
Hardware Supported
Cisco IOS Release 12.4(11)XJ supports the Cisco IAD2801 series IADS.
For detailed descriptions of the new hardware features, see the "New and Changed Information" section.
For information about supported hardware for this platform and release, see the Hardware/Software Compatibility Matrix at http://www.cisco.com/pcgi-bin/front.x/Support/HWSWmatrix/hwswmatrix.cgi
Determining the Software Release
To determine which version of Cisco IOS software is currently running on your Cisco IAD2801, log in to the router and enter the show version command. The following sample output from the show version command indicates the release number.
roIAD2801#sh versionCisco IOS Software, IAD2801 Software (CIAD2801-ADVIPSERVICESK9-M), Version 12.4(11)XJ, RELEASE SOFTWARE (fc1)Synched to technology version 12.4(11)TTechnical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2007 by Cisco Systems, Inc.Compiled Mon 08-Jan-07 21:36 by prod_rel_teamROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)yourname uptime is 0 minutesSystem returned to ROM by reload at 23:28:34 UTC Thu Jan 11 2007System image file is "flash:ciad2801-advipservicesk9-mz.124-11.XJ"12.4(11)XJ"This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by sending email toexport@cisco.com.Cisco IAD2801 (revision 6.0) with 237568K/24576K bytes of memory.Processor board ID FTX1051Z2801 DSL controller2 FastEthernet interfaces4 ISDN Basic Rate interfaces1 Virtual Private Network (VPN) Module1 DSP, 16 Voice resourcesDRAM configuration is 64 bits wide with parity disabled.191K bytes of NVRAM.62720K bytes of ATA CompactFlash (Read/Write)Configuration register is 0x2102Upgrading to a New Software Release
For general information about upgrading to a new software release, see the Software Installation and Upgrade Procedures located at http://www.cisco.com/warp/public/130/upgrade_index.shtml.
Feature Set Tables
Cisco IOS software is packaged in feature sets consisting of software images, depending on the platform. Each feature set contains a specific set of Cisco IOS features. Cisco IOS Release 12.4(11)XJ supports the same feature sets as Releases 12.4 and 12.4(11)T, and Cisco IOS Release 12.4(11)XJ includes new features supported by the Cisco IAD2801. See Cisco Feature Navigator for supported features
New and Changed Information
The following sections list the new hardware products and software features supported by the Cisco IAD2801 in Cisco IOS Release 12.4(11)XJ1:
•
•
•
•
•
•
•
•
•
New Hardware Features in Release 12.4(11)XJ4
There are no new hardware features in this release.
New Software Features in Release 12.4(11)XJ4
There are no new software features in this release.
New Hardware Features in Release 12.4(11)XJ3
There are no new hardware features in this release.
New Software Features in Release 12.4(11)XJ3
There are no new software features in this release.
New Hardware Features in Release 12.4(11)XJ2
There are no new hardware features in this release.
New Software Features in Release 12.4(11)XJ2
There are no new sofrtware features in this release.
New Hardware Features in Release 12.4(11)XJ1
There are no new hardware features in this release.
New Software Features in Release 12.4(11)XJ1
There are no new software features in this release.
New Features in Release 12.4T
For information regarding the features supported in Cisco IOS Release 12.4T, see the Cross-Platform Release Notes and New Feature Documentation links at the following location:
http://www.cisco.com/en/US/products/ps6441/prod_release_notes_list.htmlLimitations and Restrictions
The following limitations and restrictions apply to the Cisco IAD 2801 series
•
Fixed Configuration Platforms Supporting Specific Cards
The IAD2801 series are fixed configuration platforms with each slot supporting specific cards. Supported cards in each model are shown in the table below:
* LTD OPTION (Factory installable or Field Upgradeable)
- HWIC-AP-AG-E and HWIC-AP-G-E
- HWIC-4ESW
- VIC-4FXS/DID
Unsupported Card Message
If any unsupported card is detected during the bootup, the following message appears:
"Card is not supported in slot 2. Please remove it"
This message will appear for each unsupported card detected.
If any cards are not supported and smart-init is enabled, another message appears during bootup:
Smart Init is enabledsmart init is sizing iomemID MEMORY_REQ TYPE0X003AA110 public buffer pools0X00211000 public particle pools0X00020000 Crypto module pools0X00120000 VPM buffer pools0X05B3 0X000034A0 Card in slot 00X04C8 0X00077D00 Card in slot 10X05B3 0X00000000 UNKNOWN Card in slot 20X003A 0X00000000 Card in slot 30X000021B8 Onboard USBCaveats
Caveats describe unexpected behavior or defects in Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.
Caveats in Cisco IOS Release 12.4(11)T are also in Cisco IOS Release 12.4(11)XJ1. For information on caveats in Cisco IOS Release 12.4(11)T, see the Caveats for Cisco IOS Release 12.4(11)T document. This document lists severity 1 and 2 caveats.
Note
This section contains the following caveat information:
•
•
•
•
•
•
•
•
Open Caveats - Cisco IOS Release 12.4(11)XJ4
There are no open caveats in this release.
Resolved Caveats - Cisco IOS Release 12.4(11)XJ4
Miscellaneous Caveats
•
A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.
Cisco is providing fixed software to address this issue. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml.
•
Certain Cisco Catalyst 6500 Series and Cisco 7600 Router devices that run branches of Cisco IOS based on 12.2 can be vulnerable to a denial of service vulnerability that can prevent any traffic from entering an affected interface. For a device to be vulnerable, it must be configured for Open Shortest Path First (OSPF) Sham-Link and Multi Protocol Label Switching (MPLS) Virtual Private Networking (VPN). This vulnerability only affects Cisco Catalyst 6500 Series or Catalyst 7600 Series devices with the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720) or Route Switch Processor 720 (RSP720) modules. The Supervisor 32, Supervisor 720, Supervisor 720-3B, Supervisor 720-3BXL, Route Switch Processor 720, Route Switch Processor 720-3C, and Route Switch Processor 720-3CXL are all potentially vulnerable.
OSPF and MPLS VPNs are not enabled by default.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml.
•
Cisco IOS contains multiple vulnerabilities in the Data-link Switching (DLSw) feature that may result in a reload or memory leaks when processing specially crafted UDP or IP Protocol 91 packets.
Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtml
•
A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.
•
Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution.
The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The second vulnerability may consume all interface descriptor blocks on the affected device because those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly exploited, the memory and/or interface resources of the attacked device may be depleted.
Cisco has made free software available to address these vulnerabilities for affected customers.
There are no workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml
•
Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution.
The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The second vulnerability may consume all interface descriptor blocks on the affected device because those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly exploited, the memory and/or interface resources of the attacked device may be depleted.
Cisco has made free software available to address these vulnerabilities for affected customers.
There are no workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml
CSCsg70474Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
CSCsi60004Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
CSCsi80749Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
CSCsh84171 Memory corruption in IOMEM - block overrun, FPGA ISDN DMA issueSymptom Router is crashing due to memory corruption with following message:
%SYS-3-OVERRUN: Block overrun at 3F379450 (red zone 2A2A2A2A)Conditions
Workaround
CSCsi60919 HWIC-ADSL-B/ST or HWIC-1ADSL Ping Fails After External Shut/No ShutSymptom ADSL stops receiving any more packet after external shut/no shut or ADSL line retrains several times. This is specific to HWIC-1ADSL, HWIC-1ADSLI, HWIC-ADSL-B/ST, and HWIC-ADSLI-B/ST.
Conditions
shut/no shut the ADSL ATM interface.
Workaround
CSCsg03449 Etherswitch module VLAN Trunking Protocol VulnerabilitiesSymptom
* VTP Version field DoS
* Integer Wrap in VTP revision
* Buffer Overflow in VTP VLAN nameConditions
Further Information
On the 13th September 2006, Phenoelit Group posted an advisory containing three vulnerabilities:
* VTP Version field DoS
* Integer Wrap in VTP revision
* Buffer Overflow in VTP VLAN name
These vulnerabilities are addressed by Cisco IDs:
* CSCsd52629/CSCsd34759 -- VTP version field DoS
* CSCse40078/CSCse47765 -- Integer Wrap in VTP revision
* CSCsd34855/CSCei54611 -- Buffer Overflow in VTP VLAN name
* CSCsg03449 -- Etherswitch module VLAN Trunking Protocol Vulnerabilities Cisco's statement and further information are available on the Cisco public web site at:
http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtmlCSCsi45826 When a call is made, display shows its own ephone-dn nameCSCsh89887 One way voice path with h/w conference on ephone-dn w/o preference 0CSCsi46911 MALLOCFAIL failure on 2800,Cause: Mempool corruptSymptom While doing h323 to sip interop, the router is crashing due to Mempool corrupt.
Topology: PhoneA -- CME1 --- SIP --- CME2 -- PhoneB
Call flow:1.
2.
3.
4.
5.
6.
7.
8.
9.
Workaround
CSCsi65535 codec configured under ephone is used by all monitored phone.Symptom The "codec" configuration under a "ephone" which monitors a line ("ephone-dn") with the "m" button configuration command affects the codec of calls involving that "ephone-dn" as if the line was shared in the regular manner (using the ":" button configuration command).
Conditions
under "ephone" is for phones registering over a WAN to the CME router. It directs CME to attempt to use the G.729 codec to save some bandwidth over that WAN segment, in some (non-VoIP) call scenarios. It doesn't restrict the codec of any call in any way. There is no well defined "negotiation" mechanism that makes use of this codec configuration as in H.323/H.245 codec negotiation for example.Workaround
CSCsi79331 Overlay DN gets stuck to BUSY when using loopbacked TCL script invocationSymptom Ephone dn gets stuck in a busy state.
Conditions
Workaround
CSCsi58842 CME: 7960+7914 display select line when conference IP phoneSymptom
1.
2.
3.
4.
5.
6.
7.
Workaround
CSCsi14143 Some phone types not working with trunk monitor linesSymptom The 7920, 7921, and 7985's line icon change does not change in response to a seized trunk line.
Conditions
Workaround
CSCsi04538 Router crash with memory corruption when configure cert-upgrade auth modSymptom A router that is configured as a Cisco Unified Call Manager Express (CUCME) router may crash because of a memory corruption.
Conditions
Workaround
CSCsg38919 Traceback and DSP timeout found after T1/E1 CAS call is establishedCSCek74685 Wrong caller ID showed on XEE after Consult TransferSymptom When SIP phone calls through SIP trunk to (XOR) phone and transfer to another (XTO) phone, the XTO phone shows the XOR caller id.
CSCsf02356 <calling-number local> is broken for hairpin call forwardingSymptom Calling party information is shown wrongly for a forwarded call when using 'calling-number local'.
Conditions
Workaround
CSCsi41401 Spurious memory access at ephone_delete_tftp_binding_by_urlSymptom Spurious memory access seen on startup or after creating cnf files.
Conditions
Workaround
CSCsi29899 Fast busy in CME 4.1 if two conferences completed at same timeSymptom Creator of conference gets a fast busy when trying to complete conference. Other parties of potential conferenced are connected to parties of separate conference
Conditions
Workaround
CSCsg96319 reverse ssh eliminated telnet authentication on VTYSymptom Anyone can have unprivileged Telnet access to a system without being authenticated, when a reverse SSH session is established with valid authentication credentials. This only affects reverse SSH sessions where a connection is made with the ssh -l userid:number ip-address command.
Conditions
used. This enhancement is documented at the following URL:
http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_rev_ssh_enhanmt_external_docbase_0900e4b1805b0676_4container_external_docbase_0900e4b1807b42a5.htmlWorkaround
This configuration is explained at the following URL:
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_q_and_a_item09186a0080267e0f.shtml#newq1
CSCsi56172 CME 4.1 IP phone dropped when trying to complete hardware conferenceSymptom IP phone trying to create an ad-hoc conference is dropped when pressing "Conf" softkey the second time.
Conditions
CSCsg37315 IOS FW on VPN tunnels fail on 12.4(11)T on 87x and 18xx platformsSymptom If CBAC is configured in conjunction with VPN tunnels, TCP connections through the firewall might fail. CBAC ignores the SYN/ACK packets coming from IPsec tunnel and then drops all outbound TCP packets except initial SYN, generating message "Invalid Segment tcp". Outbound TCP connections to the Internet (not over IPSec tunnel) are not affected and work fine with CBAC.
Conditions
Workaround
CSCsi93064 Only One line is available in CME GUI for 7921 instead of SIXSymptom When a 7921 IP Phone is in "registered" status, CME GUI displays only one line instead of six lines.
Conditions
Workaround
CSCsi07340 no call waiting notification for monitored lineCSCsh24266 L2TP connection fails on PPP phase due to invalid UDP port#Symptom L2TP connection fails on PPP phase because the LNS replies PPP frame
within L2TP frame including invalid UDP destination port number, to LAC.Conditions
- This problem only occurs on PPP phase after L2TP setup.
- On L2TP tunnel/session setup phase, LNS uses correct UDP port number.
- source port number which LNS generates is not affected.
- If you use Cisco router as LAC, this problem will not occur.Workaround
CSCsi78162 SNASw %DATACORRUPTION-1-DATAINCONSISTENCY messagesCSCsf96318 QSIG (ISO) Call back fails between 3745 and 1760CSCsi13312 Authentication fails and unable to login to a factory fresh routerSymptom Authentication with Security Device Manager (SDM) 2.3.3 fails, preventing you from logging into the router through HTTPS, HTTP, SSH, Telnet, console, or any management application.
Conditions
Cisco 800 series
Cisco 1700 series
Cisco 1800 series
Cisco 2700 series
Cisco 2800 series
Cisco 3700 series
Cisco 3800 seriesWorkaround
http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.htmlCSCsi39520 CME: SIP MWI relay does not send notify msg after MWI on from UnityCSCsi94745 ISDN call is dropped in due to STATUS message from PBXSymptom Call is dropped from GW in response to STATUS message from PBX.
Conditions
Workaround
CSCse91298 Sharedline and Overlay Phone Calling the Sharedline Cause Port HungSymptom STCAPP port get hung in various state.
Conditions
Workaround
CSCsi76991 incoming sip call transferred local; audio not heard on ip phoneSymptom After the call transfer on alert, audio is not heard on ip phone
Conditions
Workaround
Further Problem Description: During the call transfer, service provider network send slightly different media capabilities on the 200 OK with SDP; capabilities are agreed from CME; but this new capabilities seem to make the issue;CSCsg40567 Memory leak found with malformed tls/ssl packets in http core processSymptom Malformed SSL packets may cause a router to leak multiple memory blocks.
Conditions
Workaround
CSCsi67763 memory leak under simpleudpfuzz attack for port 500Symptom The U.S. Computer Emergency Response Team (US-CERT) has reported a network evasion technique using full-width and half-width unicode characters that affects several Cisco products. The US-CERT advisory is available at the following link: http://www.kb.cert.org/vuls/id/739224.
By encoding attacks using a full-width or half-width unicode character set, an attacker can exploit this vulnerability to evade detection by an Intrusion Prevention System (IPS) or firewall. This may allow the attacker to covertly scan and attack systems normally protected by an IPS or firewall.
Cisco response is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtm
CSCsh86912 HWIC-4SHDSL: Implement CO mode support and line probing (PMMS) configSymptom Need to add a CLI to configure a HWIC-4SHDSL as CO and a CLI to configure the noise margin settings for auto mode.
Workaround
Further Problem Description:
Router(config)#controller shdSL 0/3/0Router(config-controller)#termination ?co termination co (network)cpe termination cpe (customer)Router(config-controller-dsl-group)#shd rate auto pmmsmargin ?current PMMS Current SNR Marginworst PMMS Worst SNR MarginCSCsi11217 HWIC-4SHDSL has issue on IMA interface w/Lucent SHDSL-IMA cardSymptom Some links in IMA group are shown as down though they are active at IMA level.
Conditions
Workaround
CSCsj23569 codec selection issue on incoming SIP trunkSymptom Incoming call on a SIP trunk with G729 as preferred codec sets up but there is no ringback and dtmf is not working.
Conditions
incoming SDP 18 0 8 101!voice class codec 729codec preference 1 g729br8codec preference 2 g729r8codec preference 3 g711ulaw!Workaround
CSCsj03494 I/O Memory corruption crash with IP communicator and 7961 IP PhonesSymptom A 2811 series router may crash due to I/O memory corruption.
Conditions
Workaround
CSCsj18014 Caller ID string received with extra charactersSymptom Caller ID is received with extra characters.
Conditions
Workaround
Open Caveats - Cisco IOS Release 12.4(11)XJ3
There are no open caveats for this release.
Resolved Caveats - Cisco IOS Release 12.4(11)XJ3
There are no resolved caveats for this release.
Open Caveats - Cisco IOS Release 12.4(11)XJ2
CSCsi09530 CME SIP phone failed to register because of authenticate registerSymptom If "authenticate register" is configured under "voice register global", CME SIP failed to registered.
Conditions
Workaround
Further Problem Description: In registrar Functionality, CME challenges an inbound Register request with 401 response If "authenticate register" is configured under "voice register global". The Registering Endpoint then Sends a Register Request with Credentials. GW Stack is not processing this Request and is dropping it.
Resolved Caveats - Cisco IOS Release 12.4(11)XJ2
CSCsf08998Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
CSCsh23992 IAD2801 BRI voice port ISDN status does not come upCsg51259 CME: DTMF stops working after consult transfer to called party's mailboxCSCsg51244 CME: CME does not send 3xx messages for transfer --> forward scenariosCSCsg46411 CME: CME does not send a REFER over SIP trunk for calls involving AACSCsg30101 CME: dtmf-relay force rtp-nte CLI does not workCSCsf32028 CME: Host portion of Refer-To: header must be an Address of RecordCSCsg59037 85x/87x cannot upgrade rommon from IOSSymptom Cisco 851 and 871 routers have no way to remotely upgrade the ROMMON firmware image.
Conditions
Workaround
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124tcr/tcf_r/cf_13ht.htm#wp1032550
CSCsf26561 CME: User portion of Diversion header is incorrect when calling through AAConditions
Workaround
CSCsg46362 contact header incorrect in 302 message using sip-srst redirect modeSymptom The contact header ip address is incorrect in the 302 message sent by sip srst in redirect mode. As the result basic call fails in this mode.B2b mode is working okay.
Workaround
CSCsg17289 DNS-SRV issues for SIP registrationsCSCsg39750 Spurious mem access/traceback while resetting sip phone with presenceCSCsg18902 Blind transfer is not working on SIP trunkSymptom Blind transfer failed on SCCP endpoint over SIP trunk
Conditions
Workaround
CSCse89321 Dtmf path not getting confirmed in sip media forking callCSCsg94873 One way audio for PSTN to AA and calls xferred to SIP phone with G.729CSCsh25511 A router may crash with CPU Vector 300Symptom A router may crash with CPU vector 300
Conditions
Workaround
Further Problem Description:CSCsh45544 Placed call list in 7970 phone always shows unknown numberCSCsh37177 %SDP-3-SDP_PTR_ERROR traceback error when redirecting call to AACSCsg31719 Digits are not relayed correctly when call is not connected.Symptom When onhook dialing or speed dial is performed from CME to an analog port where dialtone is slightly delayed some digits are dropped.
Conditions
Workaround
CSCsh14247 Call transfer fails when initiated from SIP PhoneCSCsg49416 Refer is not sent by CME when Cfwd all is set from TNP phoneCSCsh19990 Traceback= 0x438662AC 0x40BF2BEC with Call Park/Pick Up operationCSCsh37345 DSL Operating-mode `auto tone low' enables ETSI mode onlySymptom The DSL line fails to train with "dsl operating-mode auto tone low" command if the DSLAM does not support ETSI mode.
Conditions
a.
b.
Workaround
CSCsh11146 Memory leak at AFW_SS_SIP_PrepareTransferSetupSymptom Memory leak occurred in transfer scenarios.
Workaround
CSCek67638 include presence feature in c2801 security packageSymptom The 2801 security image does not have presence feature.
CSCsh59469 DTMF is distorted when played from SCCP controlled ATA on CMESymptom DTMF generated by a SCCP controlled ATA registered to CallManager Express may be choppy, broken, or overlapping when multiple digits are pressed, one after another.
Example topology:
IVR---fxs---ATA---sccp---CME---pri---PSTNA user in the PSTN calls the IVR. The digits are not reliably detected by the IVR when pressed by the PSTN user because of the overlapping / choppy output.
Conditions
Workaround
CSCsh55262 Update CME GUI version and new Cisco logoCSCsg95736 MAC address is missing for radio interfaceSymptom IOS image is not reading the mac address for radio interface.
Workaround
CSCsh53808 Transcoder fails after several H.323 transcoded calls to CUECSCsg31559 Spurious memory access at strncmp, skinny_hwconf_check_adhoc_registerCSCsh14101 503 Service Unavailable should be sent to CAC rejected callsCSCsh60218 VG224 continues to ring when first of two ringing shared calls hangs upCSCsh48646 FAC fails for the first time after enabling in certain conditionsCSCsh78605 Need CLI to enable/disable SIP Line incoming dial-peer matchingSymptom For an inbound call across a SIP Trunk, IOS might match an dynamically configured dial-peer instead of the user-defined dial-peer configured with "incoming called-number".
Conditions
Workaround
CSCsh39749 Few objects of hdsl2ShdslSpanStatusTable giving wrong values with ARCHERSymptom MIB value for LineRate (hdsl2ShdslStatusMaxAttainableLineRate) queried through SNMP GET/GETNEXT returns incorrect values. Also hdsl2ShdslInvVendorID displays data in wrong format.
Conditions
Workaround
CSCsh63545 ARCHER IMA MIB modificationsSymptom SNMP walk on imaLinkIntervalTable returns no entries. SNMP get does not work for imaGroupTable.
Conditions
Workaround
CSCsh46622 HDSL2-SHDSL-LINE-MIB:Few tables not populated for ARCHER with CRUSHER onSymptom When HWIC-4SHDSL and WIC-1SHDSL-V2 are present in a router, HDSL2-SHDSL-LINE-MIB entries for HWIC-4SHDSL are not getting displayed.
Conditions
1.
2.
3.
CSCsh41397 SNMP getone gives NO_SUCH_INSTANCE_EXCEPTION error for HWIC-4SHDSLSymptom SNMP GET operation on HDSL2-SHDSL-LINE-MIB objects returns no such instance for HWIC-4SHDSL.
Conditions
Workaround
CSCsh68584 CME MWI notify message not compliant to RFC 3842Symptom MWI lights on 7970 does not glow
Conditions
Workaround
CSCsh68560 CME: sip to sccp to sccp attend transfer fails
Symptom One way audio.
Conditions
Workaround
CSCsh22682 vlan information disappears after router reloadSymptom Devices in data VLAN on MVAP configured port with portfast loose connectivity
Conditions
Workaround
12.4(9)T and earlier releases do not see this problem
Do not use portfast on MVAP port
Further Problem Description: After the router has been reloaded we see an incomplete arp entry. Removing and adding VLAN data fixes this issue for a while. This issue si also resolved If the MVAP port does not have portfast enabled.
CSCsg76281 CME 4.1:PSTN-to-AA, tx to sccp1, then tx to sccp2, cfwd all to CUE failsCSCsg18481 Consult Transfer failed with Call forward busySymptom Consult transfer failed when XTO has call-forward busy
Conditions
Workaround
CSCsh58082 SIP: A router may reload due to SIP trafficSymptom Cisco devices running an affected version of Internetwork Operating System (IOS) which supports Session Initiation Protocol (SIP) are affected by a vulnerability that may lead to a reload of the device when receiving a specific series of packets destined to port 5060. This issue is compounded by a related bug which allows traffic to TCP 5060 and UDP port 5060 on devices not configured for SIP. There are no known instances of intentional exploitation of this issue. However, Cisco has observed data streams that appear to be unintentionally triggering the vulnerability.
Workaround
CSCec12299 Corruption of ext communities when receiving over ipv4 EBGP sessionSymptom EIGRP-specific Extended Community 0x8800 is corrupted and shown as 0x0:0:0.
Conditions
ASBR/PE-1 <----> VRF-to-VRF <----> ASBR/PE-2
Workaround
router bgp 1
address-family ipv4 vrf one
neighbor 1.0.0.1 remote-as 100
neighbor 1.0.0.1 activate
neighbor 1.0.0.1 route-map FILTER in
exit-address-family
!
ip extcommunity-list 100 permit _RT.*_
!
!
route-map FILTER permit 10
set extcomm-list 100 delete
!
CSCsh95740 CME tftp bindings corrupt/erroneous with perphone cnfSymptom On 12.4(11)XJ, performing a 'show tele tftp-bindings' may show corrupted or incorrect output.
Conditions
Workaround
CSCek68607 CallerID not updated with AA CFB call to sip phone over SIP trunkCSCsh90148 SIP UPDATE message sending should be controllable via CME on SIP trunkSymptom UPDATE messages being sent on the SIP trunk cause calls to fail under certain conditions
Conditions
Workaround
CSCsh45568 Alignment errors in classify_packetSymptom Alignment errors may be seen on a Cisco router due to NBAR. High CPU may be seen as well.
Workaround
CSCsf25671 Client with L2TPv2 on Virtual-PPP fails to get ip add from LNSs ip poolSymptom L2TPv2 VPDN sessions are terminated by the client shortly after IPCP negotiation completion
00:00:23.859: Vp1 IPCP: State is Open00:00:23.859: Vp1 IPCP: Install negotiated IP interface address #.#.#.#00:00:23.859: IP-ADDR: ip_new_address(), old 0.0.0.0/0, new #.#.#.#/# onVirtual-PPP100:00:23.859: ACLIB [Vp1, 22]: ac_ppp_voluntary_restore_link_vectors() -Restoring previously saved link00:00:23.859: ACLIB [Vp1, 22]: SW AC interface UNPROVISIONED for PPP interfaceVp100:00:23.859: ACLIB: Unbinding SWSB subblock00:00:23.859: ACLIB [Vp1, 22]: Deleting AC sublock structure.00:00:23.859: ACLIB: ac_ppp_restart_session() - restarting LCP.00:00:23.859: Xconnect[ac:Vp1(PPP)]: provisioning fwder with fwd_type=1,sss_role=200:00:23.859: ACLIB: Setting new AC state to Ac-Provisioning, old state wasAc-Idle00:00:23.859: ACLquest00:00:23.859: IP-ADDR: invoke_ip_address_change() to 0.0.0.0/0, secondaryoff, sense off, on Virtual-PPP100:00:23.859: IP-ADDR: invoke_ip_address_change() to #.#.#.#/#, secondaryoff, sense on, on Virtual-PPP100:00:23.859: IP-ADDR: ipaddr_table_insert() #.#.#.#, in global table onVirtual-PPP1IB [Vp1, 22]: AC attached subblock to Virtual-PPP100:00:23.859: ACLIB ive <Circuit Provisioned> msg00:00:23.863: ACMGR [Vp1, 22]: provision event, FSP down state no chg, actionis ignore[Vp1, 22]: AC provisioned. Bringing down existin00:00:23.863: XC L2TP: Received L2TUN API message <Unprovision>00:00:23.863: XC L2TP: uid:116[#.#.#.#/#] Event <L2TUN Session Unprovision>,state Established -> Established00:00:23.863: XC L2TP: Sending L2TUN message <Disconnect>00:00:23.863: XC L2TP: uid:116[#.#.#.#/#] L2TUN socket teardown:00:00:23.863: XC L2TP: uid:116[#.#.#.#/#] "xconnect destroyed"00:00:23.863: XC L2TP: uid:116[#.#.#.#/#] PW-MGMT: PW peer #.#.#.#, vcid #00:00:23.863: XC L2TP: uid:116[#.#.#.#/#] PW-MGMT: Reason [Unprovisioned]gPPP session on interface Vp100:00:23.859: ACLIB [Vp1, 22]: ac_ppp_voluntary_set_link_vectors() changingvectors for Vp100:00:23.859: ACLIB [Vp1, 22]: SW AC intf PROVISIONED for PPP interface Vp100:00:23.859: Xconnect[unkn:#.#.#.#:#]: provisioning fwder with fwd_type=2,sss_role=100:00:23.859: XC L2TP: XConnect provision re00:00:23.859: Vp1 IPCP: Install route to #.#.#.#00:00:23.863: L2TP:(Tnl#:Sn#)L2X s/w switching session unboun #.#.#.# vcid #,Unprovisioned, VC state UP00:00:23.863: XC L2TP: uid:116[#.#.#.#/#] Tell MIB that PW peer #.#.#.#, vcid1 is UP00:00:23.863: L2TUN APP: uid:116handle/176170Destroying app session00:00:23.863: XC L2TP: Received L2TUN API message <Provision>00:00:23.863: XC L2TP: uid:121[#.#.#.#/#] PW-MGMT: PW peer #.#.#.#, vcid 100:00:23.863: XC L2TP: uid:121[#.#.#.#/#] PW-MGMT: Reason [Provisioned]d00:00:23.863: L2TP #:#:# : Received a SSM L2TP segment down event00:00:23.863: ACMGR [Vp1, 22]: Receive <Circuit Unprovisioned> msg00:00:23.863: ACMGR [Vp1, 22]: unprovision event, SIP state chg both up toend, action is peer service disconnect00:00:23.863: ACMGR [Vp1, 22]: Sent a sip service disconnectConditions
Workaround
CSCse78963 Adopt new default summer-time rules from EPA BADCODE BUGSymptom Starting in calendar year 2007, daylight savings summer-time rules may cause Cisco IOS to generate timestamps (such as in syslog messages) that are off by one hour.
Conditions
Workaround
CSCsi06347 CLI for MOH should be displayed under voice-portSymptom CLI for MOH is hidden
Conditions
Workaround
CSCsh98465 INFO request not generated on hookflashSymptom INFO request messages is generated properly on hookflash
Conditions
Workaround
CSCse24889 Malformed SSH version 2 packets may cause processor memory depletionSymptom Malformed SSH version 2 packets may cause a memory leak, causing the platform to operate under a degraded condition. Under rare circumstances, the platform may reload to recover itself.
Conditions
Workaround
CSCse24889, configure SSH version 1 from the global configuration mode, as in the following example:config tip ssh version 1endAlternate Workaround: Permit only known trusted hosts and/or networks to connect to the router by creating a vty access list, as in the following example:
10.1.1.0/24 is a trusted network thatis permitted access to the router, allother access is deniedaccess-list 99 permit 10.1.1.0 0.0.0.255access-list 99 deny anyline vty 0 4access-class 99 inendFurther Problem Description: For information about configuring vty access lists, see the Controlling Access to a Virtual Terminal Line document.
For information about SSH, see the Configuring Secure Shell on Routers and Switches Running Cisco IOS document:
http://www.cisco.com/warp/public/707/ssh.shtml
CSCse98165 Mid-call invite not sent to OGW with nat symmetric check-media-srcSymptom IPIP gateway does not send an to the Originating gateway when a mid-call invite is received from the terminating gateway The following is configured on the IPIP gateway
sip-ua
nat symmetric check-media-src
Workaround
CSCsh74276 Counter for Lost packet not cumulative during a callSymptom Packet loss counter varies randomly.
Conditions
Workaround
CSCek70160 UDP packet corrupted in SIP->H323 IPIPGW during T38 modeSymptom In fax1 -- OGW --sip--- IPIPGW -- h323 -- TGW --fax2 scenario, T38 fax fails.
Conditions
Workaround
CSCsh67943 7301 fails on a T38 when configured as IPIPGW doing SIP - H323
Symptom In fax1 -- OGW --sip--- IPIPGW -- h323 -- TGW --fax2 scenario, T38 fax fails.
Conditions
Workaround
CSCsi09696 CME SIP missed quotation for aop parameterCSCsi18104 SIP: 400 Bad Request for AA's REFER, and AA's transfer failedSymptom Seeing "400 Bad Request" response for AA's "REFER" request, and AA's semi-attended transfer failed against XJ1 image.
Conditions
Workaround
CSCek56688 Change after-hours login timer to 1 minSymptom The minimum after-hours login timer is 5 mins. It is too long. Customer wants to be able to deactivate the login in 1 min.
Conditions
Workaround
CSCsg31867 Router crashes on large ping pkts with IPSEC/NAT configuredSymptom A Cisco IOS router may experience a unexpected reload.
Conditions
Workaround
CSCsh33057 SPEs in stuck state after stressSymptom SPEs may hang after voice calls have been processed. When you enter the clear SPE command for the affected SPEs, the platform may reload unexpectedly.
Conditions
Workaround
CSCsg46624 Router crashes on applying service policy on the atm subinterfaceSymptom Router crash
Conditions
Workaround
CSCsh16540 Router Crashes when encapsulation dot1Q <VC id is enabledSymptom A router crashes when you enter the encapsulation dot1q vlan-id command.
Conditions
Workaround
CSCsh83836 C1700 Router crashes @ fpm_db_add_aclCSCsg80097 Calling name in Facility sent via CCM Sip trunk does not appear on SIP CMECSCsh11157 Memory leak at DestCaptureCallForwardCSCsg40247 T38 Fax Relay calls are going as Cisco Fax RelayCSCsi15229 No memory available if qos and acl on routerSymptom One or more of the following symptoms may occur. CPU HOGS, crashes, high cpu, and/or memory allocation failures.
Conditions
Workaround
CSCsg14313 Traceback seen while making conference/transcoder co_exist callsCSCsg57002 SIP timer tree corruption is causing SIP gateway crash under loadSymptom The SIP Gateway will crash when handling calls involving DTMF relay.
Conditions
Workaround
1.
2.
CSCsg34501 Traceback from voice_reg_supports_utf8 is seenCSCsb79829 call dropped when incoming invite with alert-info headerCSCsg92387 Calling name in Notify message does not appear on SIP-CME PhoneCSCsh17599 One way audio with Adhoc conference by CCM and 1 participant hangs upCSCsg36224 DSPs not released when conference DN no. is directly dialedCSCsh32714 Spurious memory access traceback at sipSPI_ipip_copy_channelInfo_to_sdpCSCsh57237 router crashes immediately after enabling service policySymptom Router crashes
Conditions
Workaround
CSCsi24620 Enable support for StationUnicodeCapableMsk feature bitSymptom UTF8 localized characters can not display on new generation phones, ex 7970, 7961 and etc.
Conditions
Workaround
Further Problem Description: If the locale on CME requires UTF8 encoding the character will not display correctly with 8.0.x and newer phone loads.
CSCsh11907 Router crashes @ fair_queue_classify_wredSymptom Router crashes after show policy-map command
Workaround
CSCsg03849 Spurious accesses traceback seen @ AFW_Leg_CheckConsultSetup
Open Caveats - Cisco IOS Release 12.4(11)XJ1
There are no open caveats in this release.
Resolved Caveats - Cisco IOS Release 12.4(11)XJ1
CSCsh23992: The ISDN status does not come up for Cisco IAD2801 BRI voice portSymptom : The ISDN status of the voice port VIC2-2BRI-NT/TE-P on the IAD2801 router is always in deactivated state and disallows the link to come up. The interface does not take the isdn layer1-emulate network command (on the network side). Because the link does not come up, the user is unable to make any calls through the BRI ports.
Workaround
Cisco IOS Software Documentation Set
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents.
Documentation Modules
Each module in the Cisco IOS documentation set consists of one or more configuration guides and one or more corresponding command references. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference. Cisco IOS Software Documentation is available in html or pdf form.
Select your release and click the command references, configuration guides, or any other Cisco IOS documentation you need.
Additional References
Use these release notes with the documents listed in the following sections:
•
Release-Specific Documents
The following documents are specific to Release 12.4 and apply to Release 12.4(11)XJ. They are located on Cisco.com:
•
•
Note
Platform-Specific Documents
Hardware installation guides, configuration and command reference guides, and additional documents specific to the Cisco 2800 series routers are available on Cisco.com at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/2800/index.htm
Cisco Feature Navigator
Cisco Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a particular set of features and which features are supported in a particular Cisco IOS image. Feature Navigator is available 24 hours a day, 7 days a week.
To use Feature Navigator, you must have a JavaScript-enabled web browser such as Netscape 3.0 or later, or Internet Explorer 4.0 or later. Internet Explorer 4.0 always has JavaScript enabled. To enable JavaScript for Netscape 3.x or Netscape 4.x, follow the instructions provided with the web browser. For JavaScript support and enabling instructions for other browsers, check with the browser vendor.
Feature Navigator is updated when major Cisco IOS software releases and technology releases occur. You can access Feature Navigator at the following URL:
http://www.cisco.com/go/cfn Use these release notes with appropriate documents for your Cisco configuration.
Open Source License Acknowledgements
The following notices pertain to this software license.
OpenSSL/Open SSL Project
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
This product includes software written by Tim Hudson (tjh@cryptsoft.com).
License Issues
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.
OpenSSL License:
Copyright © 1998-2007 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1.
2.
3.
4.
5.
6.
"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS"' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).
Original SSLeay License:
Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
The implementation was written so as to conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).
Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1.
2.
3.
"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)".
The word `cryptographic' can be left out if the routines from the library being used are not cryptography-related.
4.
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain online documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site.
Use this document in conjunction with the documents listed in the "Additional References" section.
CCVP, the Cisco logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networking Academy, Network Registrar, Packet, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0705R)
© 2007 Cisco Systems, Inc. All rights reserved
