 Feedback
|
Table Of Contents
Release Notes for Cisco 3700 Series Integrated Services Routers with Cisco IOS Release 12.4(11)XW8
Determining the Software Version
Upgrading to a New Software Release
New Hardware Features in Cisco IOS Release 12.4(11)XW8
New Software Features in Cisco IOS Release 12.4(11)XW8
New Hardware Features in Cisco IOS Release 12.4(11)XW7
New Software Features in Cisco IOS Release 12.4(11)XW7
New Hardware Features in Release 12.4(11)XW6
New Software Features in Release 12.4(11)XW6
New Hardware Features in Release 12.4(11)XW5
New Software Features in Release 12.4(11)XW5
New Hardware Features in Release 12.4(11)XW3
New Software Features in Release 12.4(11)XW3
New Hardware Features in Release 12.4(11)XW2
New Software Features in Release 12.4(11)XW2
Cisco Unified Communications Manager Express 4.2
The Media and Signaling Encryption (SRTP/TLS) on DSPFarm Conferencing
Interoperability with Cisco Unified Contact Center Express (Cisco UCCX 5.0)
New Hardware Features in Release 12.4(11)XW1
New Software Features in Release 12.4(11)XW1
New Hardware Features in Release 12.4(11)XW
New Software Features in Release 12.4(11)XW
Universal Voice Transcoding Support for IP-to-IP Gateways
Limitations and Restriction - Release 12.4(11)XW2
Open Caveats - Release 12.4(11)XW10
Resolved Caveats - Release 12.4(11)XW10
Open Caveats - Release 12.4(11)XW8
Resolved Caveats - Release 12.4(11)XW8
Open Caveats - Release 12.4(11)XW7
Resolved Caveats - Release 12.4(11)XW7
Open Caveats - Release 12.4(11)XW6
Resolved Caveats - Release 12.4(11)XW6
Open Caveats - Release 12.4(11)XW5
Resolved Caveats - Release 12.4(11)XW5
Open Caveats - Release 12.4(11)XW3
Resolved Caveats - Release 12.4(11)XW3
Open Caveats - Release 12.4(11)XW2
Resolved Caveats - Release 12.4(11)XW2
Open Caveats - Cisco IOS Release 12.4(11)XW1
Resolved Caveats - Cisco IOS Release 12.4(11)XW1
Open Caveats - Cisco IOS Release 12.4(11)XW
Resolved Caveats - Cisco IOS Release 12.4(11)XW
Cisco IOS Software Documentation Set
Obtaining Documentation, Obtaining Support, and Security Guidelines
Release Notes for Cisco 3700 Series Integrated Services Routers with Cisco IOS Release 12.4(11)XW8
First Released: May 4, 2007Last Revised: June 6, 2008Cisco IOS Release 12.4(11)XW8These release notes describe new features and significant software components for the Cisco 3700 series routers that support the Cisco IOS Release 12.4(11)XW releases. These release notes are updated as needed to describe new memory requirements, new features, new hardware support, software platform deferrals, microcode or modem code changes, related document changes, and any other important changes. Use these release notes with the Cross-Platform Release Notes for Cisco IOS Release 12.4T located on Cisco.com.
For a list of the software caveats that apply to Cisco IOS Release 12.4(11)XW, see the "Caveats" section and Caveats for Cisco IOS Release 12.4(11)T. The online caveats document is updated for every maintenance release and is located on Cisco.com .
Contents
•
Obtaining Documentation, Obtaining Support, and Security Guidelines
System Requirements
This section describes the system requirements for Cisco IOS Release 12.4(11)XW and includes the following sections:
•
•
Memory Requirements
Table 1 describes the memory requirements for the Cisco IOS feature sets supported by Cisco IOS Release 12.4(11)XW on the Cisco 3700 series routers.
Hardware Supported
Cisco IOS Cisco IOS Release 12.4(11)XW supports the following Cisco 3700 series routers:
•
•
For descriptions of existing hardware features and supported modules, see the hardware installation guides, configuration and command reference guides, and additional documents specific to the Cisco 3700 series routers, which are available on Cisco.com at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/3700/index.htm
Determining the Software Version
To determine which version of Cisco IOS software is currently running on your Cisco 3700 series router, log in to the router and enter the show version EXEC command. The following sample output from the show version command indicates the version number.
Router> show versionCisco Internetwork Operating System SoftwareIOS (tm) C3700 Software (c3745-entbasek9-mz), Version 12.4(11)XW, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)Synched to technology version 12.4(11)TUpgrading to a New Software Release
For general information about upgrading to a new software release, refer to the Software Installation and Upgrade Procedures located at http://www.cisco.com/warp/public/130/upgrade_index.shtml.
Feature Set Tables
The Cisco IOS software is packaged in feature sets consisting of software images, depending on the platform. Each feature set contains a specific set of Cisco IOS features. Release 12.4(11)XW supports the same feature sets as Releases 12.4 and 12.4(11)T, but Release 12.4(11)XW includes new features supported by the Cisco 3700 series routers.
Caution
Table 2 lists the feature and feature sets supported in Cisco IOS Release 12.4(11)XW.
The tables use the following conventions:
•
•
•
Note
Table 2 Cisco IOS Release 12.4(11)XW Feature List for Cisco 3700 Routers
12.4(11)XW
See Table 1 for image names.
New and Changed Information
This section contains the following information:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
New Hardware Features in Cisco IOS Release 12.4(11)XW8
There are no new hardware feature in this release.
New Software Features in Cisco IOS Release 12.4(11)XW8
There are no new software features in this release.
New Hardware Features in Cisco IOS Release 12.4(11)XW7
There are no new hardware feature in this release.
New Software Features in Cisco IOS Release 12.4(11)XW7
There are no new software features in this release.
New Hardware Features in Release 12.4(11)XW6
There are no new hardware features in this release.
New Software Features in Release 12.4(11)XW6
There are no new software features in this release.
New Hardware Features in Release 12.4(11)XW5
There are no new hardware features in this release.
New Software Features in Release 12.4(11)XW5
There are no new software features in this release.
New Hardware Features in Release 12.4(11)XW3
There are no new hardware features in this release.
New Software Features in Release 12.4(11)XW3
There are no new software features in this release.
New Hardware Features in Release 12.4(11)XW2
There are no new hardware features in this release.
New Software Features in Release 12.4(11)XW2
Cisco Unified Communications Manager Express 4.2
Media Encryption (SRTP) on Cisco Unified Communications Manager Express feature provides the following secure voice call capabilities: Secure call control signaling and media streams in Cisco Unified Communications Manager Express (Unified CME) networks using Secure Real-Time Transport Protocol (SRTP) and H.323 protocols.
1.
2.
3.
For more information on this feature, go to:
The Media and Signaling Encryption (SRTP/TLS) on DSPFarm Conferencing
The Media and Signaling Encryption (SRTP/TLS) on DSPFarm Conferencing feature provides secure conferencing capability for Cisco Unified Communications Manager networks. The feature provides authentication, integrity and encryption of voice media and related call control signaling to and from the digital signal processor (DSP) farm.
For more information on this feature, go to:
Extension Mobility
Extension Mobility in Cisco Unified CME 4.2 provides the benefit of phone mobility for end users.
Interoperability with Cisco Unified Contact Center Express (Cisco UCCX 5.0)
Enables interoperability between Cisco Unified CME 4.2 and later versions and Cisco Customer Response Solutions (CRS) with Cisco Unified Contact Center Express (Unified CCX 5.0), including Cisco Unified IP IVR, enhanced call processing, device and call monitoring, and unattended call transfers to multiple call center agents and basic extension mobility.
Configuration tasks are published in Cisco Unified CME Administrator Guide at:
New Hardware Features in Release 12.4(11)XW1
There are no new hardware features in this release.
New Software Features in Release 12.4(11)XW1
There are no new hardware features in this release.
New Hardware Features in Release 12.4(11)XW
There are no new hardware features in this release.
New Software Features in Release 12.4(11)XW
The following new software features are supported in this release:
•
•
•
•
Note
H.323 Name Display
Note
Calling name display information may be populated in ISDN messages in the Display Information Element (IE) of a Q.931 Setup or Notify message, or in the Facility IE of a Q.931 Setup or Facility message. The Cisco IOS gateway places this information into the same field of the corresponding H.323 message.
Cisco Unified Communications Manager (CUCM) interprets calling name information (for purposes of name display on IP phones registered with CUCM) only in the Display IE of the H.323 Setup and Notify messages. Name display information delivered in an H.323 Facility message is not interpreted by CUCM. Some ISDN switch types (for example, NI2) send a "name-to-follow" indication in the Q.931 Setup message and deliver the calling name subsequently in the Facility IE of a Q.931 Facility message. When a Cisco IOS gateway is connected to such an ISDN switch, and interoperating with CUCM using the H.323 protocol, CUCM is unable to display calling name on the IP phones.
Beginning with Cisco IOS Release 12.4(11)XW, two new modes of operation are introduced on the Cisco IOS gateways:
•
•
This software operation is transparent to CUCM and works with all releases, although CUCM 4.2 or later is recommended.
To enable the H.323 Display feature without buffering for ISDN trunks that use the Facility message to deliver Name Display information, configure the following:
At the voice service level:voice service voiph323h225 display-ie ccm-compatibleAt the voice class level:
voice class h323 1h225 display-ie ccm-compatible [system]To enable the H.323 Display feature with buffering for ISDN trunks that use the Facility message to deliver Name Display information, additionally configure the following:
interface Serial0/3/0:23no ip addressencapsulation hdlcisdn switch-type primary-niisdn incoming-voice voiceisdn map address *. plan isdn type unknownisdn supp-service name callingisdn bind-l3 ccm-managerno cdp enableSession Border Controller Enhancements for H.323-SIP and SIP-SIP Supplementary Services, Transcoding Optimization, and Firewall Integration
Session Border Controller Enhancements for H.323-to-SIP and SIP-to-SIP Supplementary Services enhances terminating and re-originating both signaling and media between VoIP and Video networks by supporting H.323 (ECS)-to-SIP (Refer/302 & Re-Invite based) Supplementary Service, Transcoder optimization, and RAS message enhancements. For more information on this feature, go to:
Universal Voice Transcoding Support for IP-to-IP Gateways
Universal Transcoding allows transcoding from any supported codec to any other supported codec. For more information, go to:
http://www.cisco.com/en/US/products/ps6706/products_feature_guide09186a008076161a.html
Voice Quality Enhancements
DSP voice quality metrics improve your ability to monitor, analyze, and ultimately meet your quality of service (QoS) objectives for your network. For more information, go to:
http://www.cisco.com/en/US/products/ps6706/products_feature_guide09186a0080756fd1.html
New Features in Release 12.4T
For information regarding the features supported in Cisco IOS Release 12.4T, see the Cross-Platform Release Notes and New Feature Documentation links at the following location on Cisco.com: http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124relnt/xprn124/index.htm
Limitations and Restrictions
Limitations and Restriction - Release 12.4(11)XW2
•
•
•
•
•
•
•
•
•
Caveats
Caveats describe unexpected behavior or defects in the Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.
Caveats in Cisco IOS Release 12.4(11)T are also in Cisco IOS Release 12.4(11)XW. For information on caveats in Cisco IOS Release 12.4(11)T, refer to the Caveats for Cisco IOS Release 12.4(11)T document. This document lists severity 1 and 2 caveats; the documents are located on Cisco.com.
Note
This section contains the following caveat information:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Open Caveats - Release 12.4(11)XW10
There are no open caveats in this release.
Resolved Caveats - Release 12.4(11)XW10
•
Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system.
In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities.
Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml.
•
Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system.
In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities.
Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml.
•
A vulnerability in the handling of IP sockets can cause devices to be vulnerable to a denial of service attack when any of several features of Cisco IOS software are enabled. A sequence of specially crafted TCP/IP packets could cause any of the following results:
–
–
–
–
Workarounds that mitigate this vulnerability are available in the "workarounds" section of the advisory. The advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090325-ip.shtml
•
Devices that are running Cisco IOS Software and configured for Mobile IP Network Address Translation (NAT) Traversal feature or Mobile IPv6 are vulnerable to a denial of service (DoS) attack that may result in a blocked interface.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at the following link http://www.cisco.com/warp/public/707/cisco-sa-20090325-mobileip.shtml
•
Devices that are running Cisco IOS Software and configured for Mobile IP Network Address Translation (NAT) Traversal feature or Mobile IPv6 are vulnerable to a denial of service (DoS) attack that may result in a blocked interface.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at the following link http://www.cisco.com/warp/public/707/cisco-sa-20090325-mobileip.shtml
•
The server side of the Secure Copy (SCP) implementation in Cisco IOS software contains a vulnerability that could allow authenticated users with an attached command-line interface (CLI) view to transfer files to and from a Cisco IOS device that is configured to be an SCP server, regardless of what users are authorized to do, per the CLI view configuration. This vulnerability could allow valid users to retrieve or write to any file on the device's file system, including the device's saved configuration and Cisco IOS image files, even if the CLI view attached to the user does not allow it. This configuration file may include passwords or other sensitive information.
The Cisco IOS SCP server is an optional service that is disabled by default. CLI views are a fundamental component of the Cisco IOS Role-Based CLI Access feature, which is also disabled by default. Devices that are not specifically configured to enable the Cisco IOS SCP server, or that are configured to use it but do not use role-based CLI access, are not affected by this vulnerability.
This vulnerability does not apply to the Cisco IOS SCP client feature.
Cisco has released free software updates that address this vulnerability.
There are no workarounds available for this vulnerability apart from disabling either the SCP server or the CLI view feature if these services are not required by administrators.
This advisory is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20090325-scp.shtml.
•
A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS software that can be exploited remotely to cause a reload of the Cisco IOS device.
Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate the vulnerability apart from disabling SIP, if the Cisco IOS device does not need to run SIP for VoIP services. However, mitigation techniques are available to help limit exposure to the vulnerability.
This advisory is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20090325-sip.shtml.
•
Symptoms: Several features within Cisco IOS software are affected by a crafted UDP packet vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked input queue on the inbound interface. Only crafted UDP packets destined for the device could result in the interface being blocked, transit traffic will not block the interface.
Cisco has released free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are available in the workarounds section of the advisory. This advisory is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090325-udp.shtml.
•
Cisco IOS software contains two vulnerabilities within the Cisco IOS WebVPN or Cisco IOS SSLVPN feature (SSLVPN) that can be remotely exploited without authentication to cause a denial of service condition. Both vulnerabilities affect both Cisco IOS WebVPN and Cisco IOS SSLVPN features:
1.
2.
Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities. This advisory is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090325-webvpn.shtml
•
Symptoms: SSLVPN service stops accepting any new SSLVPN connections.
Conditions: A device configured for SSLVPN may stop accepting any new SSLVPN connections, due to a vulnerability in the processing of new TCP connections for SSLVPN services. If "debug ip tcp transactions" is enabled and this vulnerability is triggered, debug messages with connection queue limit reached will be observed. This vulnerability is documented in two separate Cisco bug IDs, both of which are required for a full fix: CSCso04657 and CSCsg00102.
Open Caveats - Release 12.4(11)XW8
There are no open caveats in this release.
Resolved Caveats - Release 12.4(11)XW8
CSCse70333 CFwdAll erroneously reconfigured after disabling night serviceSymptom CFwdAll incorrectly appears after night service is disabled.
Conditions
Workaround
CSCsj38755 Ping Fails over ATM interface.Symptom Ping fails over the atm interface while applying Quality of Service.
Conditions
Workaround
CSCsl26765 DTMF not detected by CUE if I/C call is txfer to ph with CFDWALL to VMSymptom On CUBE DTMF is not detected to stop prompt playback or record message.
Conditions
Workaround
CSCsm23378 DTMF transcoding from rtp-nte to in-band fails for same codecSymptom DTMF transcoding should be done between call legs if DTMF relay is different, even if voice codecs are the same.
Conditions
Workaround
CSCsm34706 CUBE sends fixed DTMF duration and ignores received H.245 User InputSymptom CUBE sends a fixed 800 time units for every digit pressed (sent via RFC 2833) regardless of what it receives in the duration of a H.245 User Input field.
Conditions
Workaround
CSCsm37093 CME 4.1after security is enabled 7970 will register with US locale.Symptom After security is enabled locale in the phone 7970 cannot be changed.
Conditions
CSCsm64258 ephone-hunt group does NOT present calls to overlaid DNsSymptom When an ephone hunt-group is configured with 'present-call idle-phon', the ephone hunt-group skips the DNs which are configured as overlay.
Conditions
- ephone hunt-group is configured with 'present-call idle-phone'
- DN is configured as overlay
Workaround
CSCsm74560 phone does not look for network locale file for user defined languagesSymptom Wireless IP phone 7920 doesnot download the 7960-tones.xml files when user defined network locale is configure.
Conditions
Workaround
a.
–
–
–
–
b.
c.
d.
e.
In case if you have issue in 'create cnf-file', then ensure to repeat all the steps mentioned above again.
CSCsm88771 CME trunk optimized calls being put on hold automaticallySymptom Answering a trunk call transferred from another phone is automatically put on hold and cannot be resumed.
Conditions
Workaround
CSCsm89158 7921 does not display call park number while the call is parkedSymptom 7921 does not show the parked number when the call is parked .
Conditions
Workaround
CSCso25982 SIP transfer at connect with No AudioSymptom No audio when one SIP extension transfers a call from PSTN side to second SIP extension.
Conditions
Workaround
CSCso26056 SIP Extension unable to transfer at alert to a PSTN numberSymptom SIP(XOR) extension is also UNABLE to retrieve the call to PSTN-A(XEE) (hold state).
PSTN-A(XEE) remains in hold state.
Conditions
Workaround
CSCso27097 One way audio after xferring incoming SIP trunk call with transcoderSymptom One way audio after transfer.
Conditions
Workaround
CSCso36239 wrong primary-phone observed after re-configure primary-dn of the ephoneSymptom Wrong primary-phone observed after re-configure primary-dn of the ephone
Conditions
Workaround
CSCso39201 ephone gets into DND mode while in Connected stateSymptom 7961 and 7941 phones going into DND mode in Connectd state.
Conditions
Workaround
CSCso42145 CCME ephone name config result in called number display issueSymptom IP phone is displaying the calling name in placed of called name for an incoming call from PSTN.
Conditions
Workaround
CSCso45361 High jitter in ringback from CUESymptom External caller gets transferred from CUE to an internal DN number, and the ringback sent to the caller is distorted because of jitter.
Conditions
Workaround
CSCso56824 SCCP OOB-RFC2833 DTMF interworking issue for CME customerSymptom RFC2833 DTMF packets are sent too fast to be processed by IVR systems.
Conditions
Workaround
CSCso64585 redundant CallRemoteMultiLine sccp msg to monitor park DNSymptom Jitter or voice qality issue may occur.
Conditions
Workaround
CSCso67655 S2 CFD: Secure DSPFarm doesn't register after a reload of the routerSymptom After Reolad, Secure Conference profile does not register with Cisco Call Manager.
Conditions
Workaround
CSCso74656 MG2:device-based BLF shown incorrect status for EMCSCso78702 7961 IP Phone acct softkey get "no park number available"Symptom 2851 Version 12.4(15)T4 press the ACCT SoftKey and get "NO PARK NUMBER AVAILABLE".
CSCso95643 sRTP Package missing in c1861Symptom MGCP srtp-package option is not available in c1861 platform.
Conditions
Workaround
Open Caveats - Release 12.4(11)XW7
There are no open caveats in this release.
Resolved Caveats - Release 12.4(11)XW7
•
Cisco IOS software contains two vulnerabilities within the Cisco IOS WebVPN or Cisco IOS SSLVPN feature (SSLVPN) that can be remotely exploited without authentication to cause a denial of service condition. Both vulnerabilities affect both Cisco IOS WebVPN and Cisco IOS SSLVPN features:
1.
2.
Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities. This advisory is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090325-webvpn.shtml
•
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS that can be exploited remotely to trigger a memory leak or to cause a reload of the Cisco IOS device.
Cisco has released free software updates that address these vulnerabilities. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities addressed in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to provide voice over IP services.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml.
•
The Secure Shell server (SSH) implementation in Cisco IOS contains multiple vulnerabilities that allow unauthenticated users the ability to generate a spurious memory access error or, in certain cases, reload the device.
The IOS SSH server is an optional service that is disabled by default, but its use is highly recommended as a security best practice for management of Cisco IOS devices. SSH can be configured as part of the AutoSecure feature in the initial configuration of IOS devices, AutoSecure run after initial configuration, or manually. Devices that are not configured to accept SSH connections are not affected by these vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-1159 has been assigned to this bug.
The Security Advisory for this issue is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080521-ssh.shtml.
CSCsi55685- kron removes recurring tclsh cli after first runSymptom The following recurring kron schedule fails and gets removed after the first run. kron occurrence tcl in 1 recurring policy-list tcl ! kron policy-list tcl cli tclsh disk0:hello.tcl!
Conditions
Workaround
CSCsk25697- unprotected buginf may cause cpuhog under repeated udp traffic to 53Symptom A router with DNS server configured may show CPUHOG tracebacks when it receives repeated crafted udp packets to its port 53. Sample for 3800 router: %SYS-3-CPUHOG: Task is running for (40004)msecs, more than (2000)msecs (5/0),process = DNS Server Input. -Traceback=0x60D68CDC 0x6033D984 0x6180E58C FFFFFFA0 3F 4E 60 0x708DFD18 06 FFFFFFFE FFFFFF88 FFFFFFA5 FFFFFFA3 FFFFFF92 FFFFFFA7 FFFFFF8B 7A 3A FFFFFFF5 17 FFFFFF9B FFFFFFC9 FFFFFF9B FFFFFFA2
Conditions
Workaround
CSCsl48237- incorrect bounding length in sstrncpy() calls in l2tp filesSymptom If a large name string is used when configuring the command "security crypto-profile" under the l2tp-class submode, we could have a buffer overflow which may crash the router.
Conditions
Workaround
CSCsl59294- %DATACORRUPTION-1-DATAINCONSISTENCY at caplog_logger_procSymptom A Cisco router may see the following error once shortly after bootup: *Nov 21 15:16:28 CDT: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error, -PC= 0x416DE178 -Traceback= 0x412593C0 0x41276250 0x412947F4 0x416DE178 0x416DE650 0x423E303C 0x423E3020 *Nov 21 15:16:28 CDT: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error, -PC= 0x416DE188 -Traceback= 0x412593C0 0x41276250 0x412947F4 0x416DE188 0x416DE650 0x423E303C 0x423E3020 No functional impact is seen.
Conditions
Workaround
CSCek41543- Cisco2811 Processor Pool Memory Leak in ISDN and CrashSymptom A Cisco 2811 router running Cisco IOS Release 12.4(7a) may have a memory leak in the ISDN process as has been seen in the show process memory. The leak rate appears to be about 1.20MB/Hour.
Conditions
Workaround
CSCsi21389- One-way multicast traffic over wireless.Symptom Routers that have the ability to use the optional 802.11b/g card, such as the Cisco ISR series do not pass multicast traffic across the wireless interface.
Conditions
Workaround
CSCsi44510- CME multicast audio to the 7921 cuts out on HWIC-APSymptom Multicast audio to the 7921 cuts out after a few seconds and will not resume.
Conditions
Workaround
CSCsj14277- Wrong Calling ID by transfer, only with 7931 - 12.4(4)XC6Symptom The caller id on the transfer-to is not updated with the transferee after the transferor commits the transfer.
Conditions
Workaround
CSCsj34770- Having problem in establishing QSIG Prime callSymptom QSIG PRIME call is not going between slave and master routers
Conditions
Workaround
CSCsj50982- Wrong isdn cause code while making call to wrong destinationSymptom Wrong isdn cause code comming while making call to wrong destination
Conditions
Workaround
CSCsk25697- unprotected buginf may cause cpuhog under repeated udp traffic to 53Symptom A router with DNS server configured may show CPUHOG tracebacks when it receives repeated crafted udp packets to its port 53. Sample for 3800 router: %SYS-3-CPUHOG: Task is running for (40004)msecs, more than (2000)msecs (5/0),process = DNS Server Input. -Traceback= 0x60D68CDC 0x6033D984 0x6180E58C FFFFFFA0 3F 4E 60 0x708DFD18 06 FFFFFFFE FFFFFF88 FFFFFFA5 FFFFFFA3 FFFFFF92 FFFFFFA7 FFFFFF8B 7A 3A FFFFFFF5 17 FFFFFF9B FFFFFFC9 FFFFFF9B FFFFFFA2.
Conditions
Workaround
CSCsk71610- CCSIP_UDP_SOCKET causes high CPU UsageSymptom Incoming and outgoing calls fail due to high CPU Usage.
Conditions
Workaround
CSCsl18024- HWIC Country Code IssueSymptom Error message %DOT11-3-POWERS_INVALID: Interface Dot11Radio0/3/0, no valid power levels available is displayed during boot up.
Conditions
Workaround
CSCsl59294- %DATACORRUPTION-1-DATAINCONSISTENCY at caplog_logger_procSymptom A Cisco router may see the following error once shortly after bootup: *Nov 21 15:16:28 CDT: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error, -PC= 0x416DE178 -Traceback= 0x412593C0 0x41276250 0x412947F4 0x416DE178 0x416DE650 0x423E303C 0x423E3020 *Nov 21 15:16:28 CDT: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error, -PC= 0x416DE188 -Traceback= 0x412593C0 0x41276250 0x412947F4 0x416DE188 0x416DE650 0x423E303C 0x423E3020 No functional impact is seen.
Conditions
Workaround
CSCsm04209- PVDM2-DM fails to initiate calls over EuroISDN BRI while TEI is inactive.Symptom Modem calls fail to establish when 'isdn tei-negotiation firstcall' configured on ISDN interfaces.
Conditions
Workaround
CSCsm45689- UC520 crashed when system test was executed with debug logs enabled.Symptom UC520 crashed when system test was executed with debug logs enabled.
Conditions
Workaround
CSCsm46227- Router crash with CPUHOG for trunk port monitoring.
Symptom Cisco 3845 may crash when there is an incoming trunk call.
Conditions
Workaround
CSCsm49011- VG224 SCCP port plays reorder before CM routes call-IOS interdigit timer.Symptom On an FXS port configured for SCCP usage (such as on a VG224), reorder is heard 10 seconds after the last digit dialed when a number is dialed that requires waiting for interdigit timeout on CallManager.
Conditions
Workaround
CSCsm55045- Crash illegal deallocation of unassigned/in-use memory.Symptom A Cisco router configured with Call Manager Express (CME) may reload due to point to illegal deallocation of unassigned/in-use memory.
Conditions
Workaround
CSCsm50874- CME: calling name in facility IE doesn't display on IP phone.Symptom CME 4.2 does not display calling name when sent in an ISDN facility IE message. The facility is received and interpreted correctly however it doesn't show up on the IP phone display.
Workaround
CSCsm65685- Need to enable vendorConfig parameters on 7912.Symptom After the configuraiton of telephony-service service phone settingsAccess 2 <settingsAccess>2</settingsAccess>" is missing in system:/its/XMLDefault7921.cnf.xml.
Workaround
CSCsm92260- CSKU wrong country code issue.Symptom Error message Feb 28 08:50:28.459: %DOT11-3-POWERS_INVALID: Interface Dot11Radio0/0/0, no valid power levels available seen on router console during router boot up.
Conditions
Workaround
CSCso33776- spurious access error in AFW_M_Destination_Initiate.Symptom Spurious memory access messages may be generated by a router. Mar 28 02:45:02.016: %ALIGN-3-SPURIOUS: Spurious memory access made at 0x41DCE7E0 reading 0x60 Mar 28 02:45:02.016: %ALIGN-3-TRACE: -Traceback= 0x41DCE7E0 0x41DCF674 0x41DD351C 0x41DD6BBC 0x41DA96CC 0x41E0E428 0x41E0F2C4 0x41DF36D4. This issue may be cosmetic in nature.
Conditions
Workaround
Open Caveats - Release 12.4(11)XW6
There are no open caveats in this release.
Resolved Caveats - Release 12.4(11)XW6
CSCsg91306Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS that can be exploited remotely to trigger a memory leak or to cause a reload of the Cisco IOS device.
Cisco has released free software updates that address these vulnerabilities. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities addressed in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to provide voice over IP services.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml.
CSCsi17020A series of segmented Skinny Call Control Protocol (SCCP) messages may cause a Cisco IOS device that is configured with the Network Address Translation (NAT) SCCP Fragmentation Support feature to reload.
Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sccp.shtml.
CSCsj85065A Cisco IOS device may crash while processing an SSL packet. This can happen during the termination of an SSL-based session. The offending packet is not malformed and is normally received as part of the packet exchange.
Cisco has released free software updates that address this vulnerability.
Aside from disabling affected services, there are no available workarounds to mitigate an exploit of this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml.
CSCsk42759Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS that can be exploited remotely to trigger a memory leak or to cause a reload of the Cisco IOS device.
Cisco has released free software updates that address these vulnerabilities. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities addressed in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to provide voice over IP services.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml.
CSCso81854Multiple Cisco products are vulnerable to DNS cache poisoning attacks due to their use of insufficiently randomized DNS transaction IDs and UDP source ports in the DNS queries that they produce, which may allow an attacker to more easily forge DNS answers that can poison DNS caches.
To exploit this vulnerability an attacker must be able to cause a vulnerable DNS server to perform recursive DNS queries. Therefore, DNS servers that are only authoritative, or servers where recursion is not allowed, are not affected.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml.
This security advisory is being published simultaneously with announcements from other affected organizations.
CSCsk61275 no ring on 7941 phone while hunting second overlay numberSymptom The Cisco Unified IP Phone 7941 does not ring while hunting the second overlay number in Call Forward No Answer (CFNA) configuration.
Conditions
Workaround
CSCsk09132 Hotice router crashed with debug parser before-after and session-serverSymptom The router crashes when the maximum permissible number of session-servers are configured for a voice register dn with the command 'session-server 1 2 3 4 5 6 7 8'.
Conditions
Workaround
CSCsj81015 IPIP Gateway crash ccsip_bridgeSymptom Cisco Multiservice IP-to-IP Gateway (IPIPGW) crashes during a stress scenario.
Conditions
Workaround
CSCsk42299 IPIPGW h323 no H.245 TCS with FS-SS interwork call to CCMSymptom Cisco IPIPGW does not establish TCP connection for H.245 on the TCP port suggested by Cisco Unified CallManager (CCM).
Conditions
Workaround
CSCsj27183 Transcoding: Call fails for H323--SIP Fast start callSymptom H323-->SIP interworking fails for a Fast start call when transcoding is enabled on an IPIPGW. Transcoding is done between G711ulaw and G729r8 codecs.
Conditions
Workaround
CSCsl53327 max-ephones and max-dn show wrong range on UC520-48U-SKU.Symptom max-ephones and max-dn show wrong range on UC520-48U-SKU
Conditions
Workaround
CSCsl79588 Router crashes after changing the MOHSymptom Router running Cisco IOS may crash with a bus error.
Conditions
Workaround
CSCsm20994 kron job daily reoccurrences fail after new yearSymptom kron occurrences are not rescheduled properly when the clock is set near the end of a calendar year.
Conditions
Workaround
Open Caveats - Release 12.4(11)XW5
There are no open caveats in this release.
Resolved Caveats - Release 12.4(11)XW5
CSCsk45804 CME speeddials fails after attempting to invalid numberSymptom Pressing a speeddial button on CME does nothing.
Conditions
Workaround
CSCsk65748 If POE 48V fails to come up, we need to retry 3 timesCSCsk60054 Configuration buffer full. Cannot display show runSymptom When certain configuration changes, the running configuration might not be able to be displayed and the following error message might appear:
% Configuration buffer full, can't add command: !%Aborting Save. Compress the config, Save it to flash or Free up space on deviceConditions
Workaround
CSCsk31644 Spurious Access at cmm_crs_proc_tr_call_consult_respSymptom Spurious memory access is seen while executing call forward scenarios.
Conditions
Workaround
CSCsk55078 CME 4.2 Diversion Header issue in chained supplementary serviceCSCsk22265 CME: 7935 and 7936 Corporate Directory Lookup fails in CME 4.1 and 4.2Symptom When attempting to use the Corporate Directory Lookup feature on a Cisco 7935 or 7936 Conference IP Phone, an attempt to search for matching records using a First Name or Last Name query results in the message "Server not found" being returned.
Conditions
Workaround
CSCsk50911 Need to update the max-ephones range for various platformsCSCsk25651 ephone-dn removal does not clean up mwi stateSymptom With Cisco Unity Express (CUE) integrated to Cisco Unified Communication Manager (CUCM) / CallManager utilizing SRST functionality, when the IP phones are registered to the SRST router, the MWI states may be incorrect.
Conditions
Workaround
CSCsj53899 Remove xlate profile from voice register dn removes from dial-peerSymptom Removing voice xlate profile from a voice register dn results in the same xlate profile being removed from a dial-peer.
Conditions
Workaround
CSCsj93762 Resume fails after HOLD for SIP phones regist with voice-class codecCSCsj81363 FRU incorrect and Carrier Set empty on wireless B sku platformsSymptom Under the show controller output for the Dot11 interface, the carrier set field is empty. This should say Americas. This does not affect functionality, all of the correct channels are present. Under the show diag output, the FRU says CISCO1811W-AG-A/K9 instead of CISCO1811W-AG-B/K9. This is just the labeling and does not affect functionality.
Conditions
Workaround
CSCsk42889 SIP call xfer to voicemail fails with DNS Query failed errorSymptom SIP trunk----CME/CUE AA---xfer extension---CFNA---CUE voicemail. Call transfers from AA to extension, CFNA back to CUE voicemail drop.
Conditions
Workaround
CSCsk58359 Update max sip phone range for various platformCSCse14595 call may be connected while being cfna to an PSTN callSymptom CME allows call connect after CFNA timer expire. On the 3745 with IOS 12.4(5)a customer can pick up the phone and get connected to the calling party after the CFNA timer expire.
Conditions
Workaround
CSCsk35315 CME: calledName= displayed garbled charactersSymptom Display on Cisco IP Phone contains corrupted characters when placing outbound PSTN call on an ISDN circuit.
Conditions
This can occur if there is an ISDN Facility message received after the call connects that does not contain display name information; for example an inbound facility message for Advice of Charge (AOC) may trigger this problem.
These messages can be seen on the gateway through the use of debug isdn q931. Caution should be taken when enabling any debugs on a production router/gateway as it can impact performance. Make sure as a minimum to disable console logging on the IOS device before enabling any debug. This issue does not have an impact to the operation or performance of the gateway nor phone.
Workaround
CSCsk16153 Modem won't be disconnected on exitSymptom Modem connection is still active on exit.
Conditions
Workaround
CSCsk73035 dtmf stop working if using connection plar opx immediate on fxo portSymptom dtmf stop working if using connection plar opx immediate on fxo port.
Conditions
pstn--fxo---gw--sip--cue AAIf removing "immediate" from the following config,the dtmf works.voice-port 0/1/0connection plar opx immediate 111caller-id enableWorkaround
CSCsk46424 Authentication fails on main dot11 interface when xconnect configuredCSCsk52683 System crashed when wireless client is trying to associate with APSymptom System crashes when there are clients trying to associate with AP.
Conditions
Workaround
CSCsk17498 Per Port Storm-Control is brokenCSCsj88854 Router crashes when a call is made from Remote Phone registered to CUCMESymptom A call made over a SIP trunk from a remote phone registered to Cisco Unified Call Manager Express 4.1 to a phone registered to a SIP proxy server results in router crash due to memory overrun.
Conditions
Workaround
CSCsj02456 HTTP PUT operation using copy command failedSymptom HTTP PUT operation using copy command failed.
Conditions
Workaround
CSCsk83795 call may be disconnected when resetting other ephoneSymptom Call is disconnected when another ephone is reset or unregisters.
Conditions
Workaround
CSCsj14565 ACL = deny; sa request ignored when crypto local-address is dynamicSymptom After a reboot of the router, or sometimes during normal operation, an IPsec tunnel fails to initiate. When debug crypto ipsec is enabled, the following error can be seen in the debug output: IPSEC(sa_initiate): ACL = deny; sa request ignored.
Conditions
For example:crypto map mycryptomap local-address Dialer0interface Dialer0ip address negotiatedWorkaround
CSCsk74181 SIP DO-DO - Basic Fax call failsSymptom Fax call fails for a SIP DO-DO call.
Conditions
Workaround
CSCsl04993 uc520 devices does not get reload via SNMPSymptom Cisco Unified Communications Series Integrated Services routers are not reloaded through SNMP.
Conditions
Workaround
CSCsj56438 Crafted EAP Response Identity packet may cause device to reloadSymptom This Cisco Bug ID identifies vulnerability in Cisco's implementation of Extensible Authentication Protocol (EAP) that exists when processing a crafted EAP Response Identity packet. This vulnerability affects several Cisco products that have support for wired or wireless EAP implementations.
This vulnerability is documented in the following Cisco bug IDs:
* Wireless EAP - CSCsj56438* Wired EAP - CSCsb45696 and CSCsc55249This Cisco Security Response is available at the following link: http://www.cisco.com/warp/public/707/cisco-sr-20071019-eap.shtml.
CSCsk66907 %SYS-3-CPUHOG: due to Skinny MOH Server processSymptom PU Hog due to Skinny MOH Server causing phones to unregister:
%SYS-3-CPUHOG: Task is running for (xxx)msecs, more than (xxx)msecs(xxxxxx),process = Skinny MOH Server.xConditions
Workaround
CSCsi60392 CME does not send SIP NOTIFY DTMF to CUE-AA after txfer from CUE-VMSymptom No response to DTMF inputs during Auto Attendant session.
Conditions
Workaround
CSCsl12443 CME: TNP phones may experience one way audioSymptom IP phone with FXO trunk config may experience intermittent one way audio. Debug ephone detail will show the following error:
OpenReceiveChannelAck status orcError on socketWorkaround
CSCsj38652 Freddo DTMF/cptone issues for Taiwan, Hong Kong, Singapore ComplianceSymptom DTMF levels are 0.3-0.5 dB below minimum limits for DTMF high/low tone signal power for Taiwan, Hong Kong and Singapore.
Conditions
Workaround
CSCsk83813 sip call will pick up the wrong codec type from voice class codecSymptom When a SIP call is established, the Cisco IOS correctly uses the "codec preference 2" setting (G.711ulaw) that is configured in the voice class codec configuration. When this problem occurs, the tone remote control functionality does not work and voice becomes distorted due to the codec mismatch.
Conditions
voice class codec 1codec preference 1 g729r8codec preference 2 g711ulawdial-peer voice 9191916 potsdescription #1/1:16#0# INUSE 163destination-pattern 19900001429191916port 1/1:16dial-peer voice 555 voiprtp payload-type lmr-tone 107rtp payload-type nte-tone 108voice-class codec 1session protocol sipv2incoming called-number.dtmf-relay rtp-nteno vadUsing 2811Cisco IOS versions: 12.4(17.4)PI1b and 12.4(17.4)PI1aWorkaround
CSCsk63037 CME 4.2 has broken caller ID featureSymptom Calling name is corrupted for ISDN calls on CME.
Conditions
Workaround
CSCsk95708 10 to 30 sec delay in starting media in secure meet-me conferenceSymptom SCCP messages are delayed by a few seconds for secure calls, this could effect secure dspfarm secure analog endpoints.
Conditions
Workaround
CSCsk42180 Few Objects of CISCO-LICENSE-MGMT-MIB giving wrong values during SNMP waCSCsj94818 C877: ADSL2+ AnnexM: PVC goes to INAC after QoS is appliedSymptom On C877 device for VC which is configured with vbr-nrt and PCR rate higher that VC bandwidth, when changes are introduced (e.g. QoS applied), VC goes in INAC status due to the fact that PCR is higher than physical bandwidth.
Conditions
Workaround
CSCsk06443 SIP TGW sends 183 response even though no response from ISDNSymptom IOS Gateway is sending 183 Response upon receiving retransmission of Invite Request.
Conditions
Workaround
CSCsk36600 Router crashes when ExtACL has mixed of tcp host and tcp net with QoSSymptom Router might crash when Extended ACL is applied with mixed of tcp permit statements with host and networks and this acl is applied in the class-map.
Conditions
Workaround
CSCsj80906 Router crashes on changing ACL linked to service policySymptom A Cisco router may crash due to a bus error.
Conditions
Workaround
CSCsl17037 CME: Local Directory IssueSymptom Directory numbers that are configured in local directory of CME are not being shown in received calls directory. The number and name shows while call in ringing state but is not showing during connected state.
Conditions
Workaround
CSCsl04115 CM call to CME when Put on Hold, CME Hears FastBusy instead of TOHSymptom Cisco IP Phone placed on hold hears fast busy instead of tone-on-hold.
Conditions
IPPhoneA---CM---H323---CME---IpPhoneB- Phone A calls Phone B- Phone A puts Phone B on Hold.- Instead of playing Tone On Hold, Phone B user hears a fast busy tone.Workaround
CSCsk72582 Call in B-ACD drops if answered after hunting second time roundSymptom Calls in B-ACD on CME router drops if the first round hunting is done through the hunt group lines. If the call is not answered, the caller is placed in the queue and hears an announcement with "all agents busy please hold " and so on. When the script hunts again after a timeout and this time, the call is answered, it drops the call completely. All phones in the hunt group will see a display of 1 call in queue for a few seconds before clearing.
Conditions
Workaround
Open Caveats - Release 12.4(11)XW3
There are no open caveats in this release.
Resolved Caveats - Release 12.4(11)XW3
CSCsj97535 BACD functionality broken on freddoCSCsi50316 Fixed linux builds for RDO toolsCSCsh74385 EEM fails to register with the redundancy framework (RF)Symptom It is not possible to configure event manager (EEM) applets for redundancyframework (RF) events:
nms-7206vxr(config)#event manager applet testappnms-7206vxr(config-applet)#event ?application Application specific eventcli CLI eventcounter Counter eventinterface Interface eventioswdsysmon IOS WDSysMon eventnone Manually run policy eventoir OIR eventresource Resource eventsnmp SNMP eventsyslog Syslog eventtimer Timer eventtrack Tracking object eventnms-7206vxr(config-applet)#The keyword for RF is missing as EEM has not registered with RF.
Workaround
CSCsj25470 EEM hostnames over 20 characters causes CLI actions to hangSymptom The Cisco Embedded Event Manager may hang and tie up virtual terminal (vty) lines if the devices host name is longer than 20 characters.
Conditions
Workaround
Open Caveats - Release 12.4(11)XW2
There are no open caveats in this release.
Resolved Caveats - Release 12.4(11)XW2
CSCsg70474Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
CSCsi60004Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
CSCek78645 Analog phones cannot register with CMESymptom Analog phones when configured as SCCP phones cannot register with CCME.
Conditions
Workaround
CSCsj29857 xfer to ICD failed after conference AASymptom Occurs when an incoming PSTN call to ICD is routed to an agent and the agent conferences AA. If the agent stays in the conference and tries to transfer the AA to ICD, the call sticks there.
Conditions
Workaround
Open Caveats - Cisco IOS Release 12.4(11)XW1
There are no open caveats in this release.
Resolved Caveats - Cisco IOS Release 12.4(11)XW1
CSCsi13312 Authentication fails and unable to login to a factory fresh routerSymptom Authentication with Security Device Manager (SDM) 2.3.3 fails, preventing you from logging into the router through HTTPS, HTTP, SSH, Telnet, console, or any management application.
Conditions
Cisco 800 series
Cisco 1700 series
Cisco 1800 series
Cisco 2700 series
Cisco 2800 series
Cisco 3700 series
Cisco 3800 series
Workaround
http://www.cisco.com/en/US/products/ps5855/products_field_notice09186a0080809c8e.shtml
CSCsg62638 CPU usage reaches 99% after nmap scan on port 53Symptom Scan of a router when DNS server is enabled can cause high CPU usage of DNS process itself. Overall performance of the device can deteriorate to some extent.
Solution
Workaround
CSCsi56172 CME 4.1 IP phone dropped when trying to complete hardware conferenceSymptom IP phone trying to create an ad-hoc conference is dropped when pressing "Conf" softkey the second time.
Conditions
CSCsi58842 CME: 7960+7914 display select line when conference IP phoneSymptom
1.
2.
3.
4.
5.
6.
7.
Workaround
Open Caveats - Cisco IOS Release 12.4(11)XW
There are no open caveats in this release.
Resolved Caveats - Cisco IOS Release 12.4(11)XW
CSCec12299Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and using Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider Edge (PE) devices may permit information to propagate between VPNs.
Workarounds are available to help mitigate this vulnerability.
This issue is triggered by a logic error when processing extended communities on the PE device.
This issue cannot be deterministically exploited by an attacker.
Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-vpn.shtml.CSCsi01470A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.
CSCek61570 Trunk dn stuck in seize/seize state and does not recoverSymptom The ephone DN may get stuck in SEIZED state and one-way audio would occur afterwards.
Conditions
Workaround
CSCek67866 xcodemsp.c Static Analysis Found IssueCSCek70830 $$TS: cme crashed during call to ICD routept running 124-11.3.4.PIA1CSCsg36112 In xcoding, SCCP sessions not cleared immediately after abrupt call endSymptom When the calls are terminated/disconnected ungracefully or abruptly on an IPIP GW while doing large number of transcoding sessions, some of the sccp and rtp connection of that calls are not cleared immediately on IPIP Gw.
Conditions
Workaround
CSCsg40567 Memory leak found with malformed tls/ssl packets in http core processSymptom Malformed SSL packets may cause a router to leak multiple memory blocks.
Conditions
Workaround
CSCsg69022 c1700 router crash @ nv_write_internalSymptom When a user configures the no telephony-service command, router crashes at running configuration generation.
Conditions
Workaround
CSCsh65321 Phones fail to do secure authentication in 12.4(12.12)PI6Symptom Non-7921 phones will not register securely to CME.
Conditions
Workaround
CSCsh73754 SmartPorts: PC connected to an IP phone cannot connect to WANCSCsh80217 No Audio Path after REFER from xto to xee in a Meetingplace scenarioSymptom No audio heard on Caller IP phone
Conditions
Workaround
CSCsh81876 Traceback & crash if guest mode and multiple vlansSymptom In case the platform supported number of BSSIDs is 8 then configuring any ssid which comes in the 9th to 16th order in "sh run" as "guest-mode" results in a software crash. In general, if the platform supported BSSIDs considered as X and the maximum supported SSIDs considered as Y then configuring any ssid which comes in the X+1 to Y order(in "sh run") as "guest-mode" results in crash. Problem is not seen on platforms on which supported number of BSSIDs is 16.
Workaround
CSCsh89887 One way voice path with h/w conference on ephone-dn w/o preference 0CSCsi03314 test ecdsa display-stats command not displaying outputCSCsi04538 Router crash with memory corruption when configure cert-upgrade auth modSymptom A CUCME (Cisco Unified Call Manager Express) router may crash with memory corruption when voice calls are made involving a transcoder.
Conditions
Workaround
CSCsi09530 CME SIP phone failed to register because of authenticate registerSymptom If "authenticate register" is configured under "voice register global", CME SIP failed to registered.
Conditions
Workaround
Further Problem Description: In registrar Functionality, CME challenges an inbound Register request with 401 response. If "authenticate register" is configured under "voice register global". The Registering Endpoint then Sends a Register Request with Crdentials. GW Stack is not processing this Request and is dropping it.
CSCsi15740 Memory leak in basic ICD callCSCsi22430 B-ACD Crashes CME 4.2Symptom CME could crash when running B-ACD script while call monitoring is enabled.
Conditions
Workaround
CSCsi27400 Memory leak in TGW for basic SRTP-TLS SIP callSymptom When a basic SIP call with SRTP using TLS is established between OGW and TGW, a memory leak is observed at the TGW.
Conditions
Workaround
CSCsi31667 SIP Registrations sent to Service Provider Proxy for Internal extentionsCSCsi34163 Restore: Radar Detection for non-European regions.CSCsi42596 router crash when using MeetMe conference with 13 participantsCSCsi44268 $$TS SIP trunk to AA to SIP phone disconnectedProblem Description: Call from sip-trunk to CRS/AA sip-phone, call disconnected after 19 seconds.
Symptom The issues observed after V124_11_3_8_PI1A onwards. there was a major ida_t_pi1_atg sync to PI6 occurred in this label.
1.
2.
Root Cause: In Xfering_SetupDone() when case of CS_ACTIVE, remove calling AFW_Leg_Resume() again when handling special delayDisconnect call-info in REFER. This code is no longer needed since AFW now unhold the sip XEE before shelbourne hairpin.
Workaround
CSCsi44465 change CME version from 4.1 to 4.2Symptom Change CME product version from 4.1 to 4.2
Workaround
CSCsi44549 Router crashes during pings when QoS+NAT+FW+IPSEC+GRE are configuredCSCsi47359 Crash seen in AFW_Process at the customer siteCSCsi48062 H323--H323--SIP call fails with media transcoder high-densitySymptom On the IPIPGW, an H.323-to-H.323 call fails to complete call setup.
Conditions
Workaround
CSCsi51441 uclient cannot ping to gateway via non-native vlanPlease refer Release-note enclosure attached to the DDTS CSCsg58791.CSCsi52410 Add version 6.0 to the available CCM version on dspfarmCSCsi53006 Router crash in cmm_crs_proc_tr_call_trans_reqSymptom CME with UCCX integration could crash at the following function:
cmm_crs_proc_tr_call_trans_req()Conditions
Workaround
CSCsi69819 Line protocol down when no auto speed and duplex negotiate on onboard FE
Additional References
The following sections describe the documentation available for the Cisco 3700 series routers. Typically, these documents consist of hardware and software installation guides, Cisco IOS configuration and command references, system error messages, feature modules, and other documents. Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online on Cisco.com and the Documentation CD.
Use these release notes with the documents listed in the following sections:
Release-Specific Documents
The following documents are specific to Release 12.4 and apply to Cisco IOS Release 12.4(11)XW. They are located on Cisco.com:
•
Technical Documents: Cisco IOS Software: Release 12.4: Release Notes: Cisco IOS Release 12.4(15)T
•
Technical Documents: Product Bulletins
•
Technical Documents: Cisco IOS Software: Release 12.4: Caveats
Note
Platform-Specific Documents
Hardware installation guides, configuration and command reference guides, and additional documents specific to the Cisco 3700 series routers are available on Cisco.com at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/3700/index.htm
Feature Navigator
Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a particular set of features and which features are supported in a particular Cisco IOS image. Feature Navigator is available 24 hours a day, 7 days a week.
To access Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, e-mail the Contact Database Administration group at cdbadmin@cisco.com. If you do not have an account on Cisco.com, go to http://www.cisco.com/register and follow the directions to set up an account.
To use Feature Navigator, you must have a JavaScript-enabled web browser such as Netscape 3.0 or later, or Internet Explorer 4.0 or later. Internet Explorer 4.0 always has JavaScript enabled. To enable JavaScript for Netscape 3.x or Netscape 4.x, follow the instructions provided with the web browser. For JavaScript support and enabling instructions for other browsers, check with the browser vendor.
Feature Navigator is updated when major Cisco IOS software releases and technology releases occur. You can access Feature Navigator at the following URL:
Cisco IOS Software Documentation Set
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents.
Documentation Modules
Each module in the Cisco IOS documentation set consists of one or more configuration guides and one or more corresponding command references. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference. Cisco IOS Software Documentation is available in html or pdf form.
Select your release and click the command references, configuration guides, or any other Cisco IOS documentation you need
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
Use this document in conjunction with the documents listed in the "Additional References" section.
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco StadiumVision, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn is a service mark; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0804R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2008, Cisco Systems, Inc. All rights reserved.
