 Feedback
|
Table Of Contents
Release Notes for Cisco AS5x00 Universal Gateways with Cisco IOS Release 12.4(11)XJ
Determining the Software Version
Upgrading to a New Software Release
New Hardware Features in Cisco IOS Release 12.4(11)XJ4
New Software Features in Cisco IOS Release 12.4(11)XJ4
New Hardware Features in Cisco IOS Release 12.4(11)XJ3
New Software Features in Cisco IOS Release 12.4(11)XJ3
New Hardware Features in Cisco IOS Release 12.4(11)XJ2
New Software Features in Cisco IOS Release 12.4(11)XJ2
New Hardware Features in Cisco IOS Release 12.4(11)XJ
New Software Features in Cisco IOS Release 12.4(11)XJ
VRF-Aware H.323 and SIP for Voice Gateways
Open Caveats - Cisco IOS Release 12.4(11)XJ6
Resolved Caveats - Cisco IOS Release 12.4(11)XJ6
Open Caveats - Cisco IOS Release 12.4(11)XJ4
Resolved Caveats - Cisco IOS Release 12.4(11)XJ4
Open Caveats - Cisco IOS Release 12.4(11)XJ3
Resolved Caveats - Cisco IOS Release 12.4(11)XJ3
Open Caveats - Cisco IOS Release 12.4(11)XJ2
Resolved Caveats - Cisco IOS Release 12.4(11)XJ2
Open Caveats - Cisco IOS Release 12.4(11)XJ
Resolved Caveats - Cisco IOS Release 12.4(11)XJ
Open Source License Acknowledgements
Cisco IOS Software Documentation Set
Obtaining Documentation, Obtaining Support, and Security Guidelines
Release Notes for Cisco AS5x00 Universal Gateways with Cisco IOS Release 12.4(11)XJ
March 26, 2008Cisco IOS Release 12.4(11)XJ6OL-14429-01 Third ReleaseLast Updated: September 24, 2008These release notes describe new features and significant software components for the Cisco AS5350, Cisco AS5350XM, Cisco AS5400, Cisco AS5400HPX, Cisco AS5400XM, and Cisco AS5850-ERSC universal gateways that support the Cisco IOS Release 12.4(11)XJ releases. These release notes are updated as needed to describe new memory requirements, new features, new hardware support, changes to the microcode or modem code, and any other important changes. Use these release notes with Cross-Platform Release Notes for Cisco IOS Release 12.4T located on Cisco.com.
For a list of the software caveats that apply to Cisco IOS Release 12.4(11)XJ, see the "Caveats" section and see the online Caveats for Cisco IOS Release 12.4T. The caveats document is updated for every 12.4T maintenance release and is located on Cisco.com.
Contents
•
Open Source License Acknowledgements
•
Introduction
The Cisco AS5350XM, Cisco AS5400XM, and Cisco AS5850 universal gateways are the only 1-rack unit, 2-, 4-, or 8-PRI gateway that provides universal services—data, voice, and fax services on any service, any port. The Cisco AS5350XM, Cisco AS5400XM, and Cisco AS5850 universal gateways offer high performance and high reliability in a compact, modular design. This cost-effective platform is ideally suited for Internet service providers (ISPs) and enterprises that require innovative universal services.
System Requirements
This section describes the system requirements for Cisco IOS Cisco IOS Release 12.4(11)XJ4 and includes the following sections:
•
•
Memory Requirements
Table 1, Table 2, and Table 3 describe the memory requirements for the Cisco IOS feature sets that are supported by Cisco IOS Cisco IOS Release 12.4(11)XJ on the Cisco AS5350XM, Cisco AS5400XM, and Cisco AS5850 universal gateways.
Supported Hardware
Cisco IOS Cisco IOS Release 12.4(11)XJ supports the following Cisco AS5x00 platforms:
•
•
•
•
•
•
For detailed descriptions of new hardware features and which features are supported on each router, see the "New and Changed Information," page 6. For descriptions of existing hardware features and supported modules, see the hardware installation guides, configuration and command reference guides, and additional documents specific to the Cisco 870 series routers, which are available on Cisco.com at the following location:
http://www.cisco.com/en/US/products/hw/iad/tsd_products_support_category_home.html
This URL is subject to change without notice. If it changes, point your web browser to Cisco.com, and follow this path:
Cisco Product Documentation: Access Servers and Access Routers: Access Servers: <platform_name>
Determining the Software Version
To determine the version of Cisco IOS software running on your Cisco AS5350XM, Cisco AS5400XM, and Cisco AS5850 universal gateways, log in to the router and enter the show version EXEC command:
router> show versionCisco Internetwork Operating System SoftwareIOS (tm) 12.4 Software (c5350-is-mz), Version 12.4(11)XJ, RELEASE SOFTWAREUpgrading to a New Software Release
For information about selecting a new Cisco IOS software release, please see How to Choose a Cisco IOS Software Release at the following location:
http://www.cisco.com/warp/public/130/choosing_ios.shtml
For Cisco IOS Upgrade Ordering Instructions, see the document at the following location:
http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/957_pp.htm
To choose a new Cisco IOS software release by comparing feature support or memory requirements, use Cisco Feature Navigator. Cisco Feature Navigator is a web-based tool that enables you to determine which Cisco IOS and Catalyst OS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or by feature set (software image). Under the release section, you can compare Cisco IOS software releases side by side to display both the features unique to each software release and the features that the releases have in common.
Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:
http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
To choose a new Cisco IOS software release based on information about defects that affect that software, use the Bug Toolkit at:
http://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl.
Feature Set Tables
The Cisco IOS software is packaged in feature sets consisting of software images, depending on the platform. Each feature set contains a specific set of Cisco IOS features. Cisco IOS Cisco IOS Release 12.4(11)XJ supports the same feature sets as Releases 12.4 and 12.4(11)T. Cisco IOS Cisco IOS Release 12.4(11)XJ is a rebuild of Release 12.4(11)XJ and includes only bug fixes, it does not include any new features.
Caution
Cisco IOS software images are subject to deferral. Cisco recommends that you view the deferral notices at the following location to determine if your software release is affected:
http://www.cisco.com/public/sw-center/sw-ios-advisories.shtml
Table 4 lists the new features and feature sets supported by the Cisco AS5350XM and Cisco AS5400XM universal gateways in Cisco IOS Cisco IOS Release 12.4(11)XJ.
The table uses the following conventions:
•
•
Table 4 New Feature List for Cisco AS5350XM and Cisco AS5400XM Universal Gateways
12.4(11)XJ
New and Changed Information
•
•
•
•
•
•
•
•
New Hardware Features in Cisco IOS Release 12.4(11)XJ4
There are no new hardware features in this release.
New Software Features in Cisco IOS Release 12.4(11)XJ4
There are no new software features in this release.
New Hardware Features in Cisco IOS Release 12.4(11)XJ3
There are no new hardware features in this release.
New Software Features in Cisco IOS Release 12.4(11)XJ3
There are no new software features in this release.
New Hardware Features in Cisco IOS Release 12.4(11)XJ2
There are no new hardware features in this release.
New Software Features in Cisco IOS Release 12.4(11)XJ2
There are no new software features in this release.
New Hardware Features in Cisco IOS Release 12.4(11)XJ
There are no new hardware features in this release.
New Software Features in Cisco IOS Release 12.4(11)XJ
The following new software is supported in this release:
•
CME SIP Features
MoH, Dialing, Line Updates, Presence with BLF, Provisioning New Phones
A presence service, as defined in RFC 2778 and RFC 2779, is a system for finding, retrieving, and distributing presence information from a source, called a presence entity (presentity), to an interested party called a watcher. When you configure presence in a Cisco Unified CME or Cisco Unified SRST system with a SIP WAN connection, a phone user, or watcher, can monitor the real-time status of another user at a directory number, the presentity.
http://www.cisco.com/en/US/docs/ios/voice/sip/configuration/guide/sip_cg-roadmap.html
SIP REFER
Outside the Scope of a Dialog Created with an INVITE
Out-of-dialog REFER (OOD-R) allows remote applications to establish calls by sending a REFER message to a SIP gateway without an initial INVITE.
http://www.cisco.com/en/US/docs/ios/voice/sip/configuration/guide/sip_cg-roadmap.html
VRF-Aware H.323 and SIP for Voice Gateways
VPN routing and forwarding (VRF) divides a physical router into multiple logical routers, each having its own set of interfaces and routing and forwarding tables. Adding VRF-awareness to voice gateways allows a voice gateway to exist in the same router as a customer edge (CE) or provider edge (PE) WAN router.
The VRF-Aware H.323 and SIP for Voice Gateways feature adds single voice VRF support to session-initiated protocol (SIP), H.323, and IP-to-IP gateways and to Cisco Survivable Remote Site Telephony routers. For more information, see the following link on Cisco.com:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124newft/124limit/124x/124xj11/vrfawvgw.htm
Limitations and Restrictions
There are no known limitations or restrictions in this release.
Deferrals
Cisco IOS software images are subject to deferral. Cisco recommends that you view the deferral notices at the following location to determine if your software release is affected:
http://www.cisco.com/public/sw-center/sw-ios-advisories.shtml
Field Notices and Bulletins
For general information about the types of documents listed in this section, see the following document:
http://www.cisco.com/en/US/partner/products/sw/voicesw/ps752/prod_field_notices_list.html
•
•
•
•
Caveats
Caveats describe unexpected behavior or defects in the Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels. Caveats of all three levels are listed below.
Caveats in Release 12.4T are also in Cisco IOS Release 12.4(11)XJ. For information on caveats in Cisco IOS Release 12.4T, see the Caveats for Cisco IOS Release 12.4T document. This document lists severity 1 and 2 caveats; the documents are located on Cisco.com.
Note
•
•
•
•
•
•
•
•
•
•
Open Caveats - Cisco IOS Release 12.4(11)XJ6
There are no open caveats in this release.
Resolved Caveats - Cisco IOS Release 12.4(11)XJ6
CSCsh12480Cisco IOS software configured for Cisco IOS firewall Application Inspection Control (AIC) with a HTTP configured application-specific policy are vulnerable to a Denial of Service when processing a specific malformed HTTP transit packet. Successful exploitation of the vulnerability may result in a reload of the affected device.
Cisco has released free software updates that address this vulnerability.
A mitigation for this vulnerability is available. See the "Workarounds" section of the advisory for details.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosfw.shtml.
CSCsg91306Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS that can be exploited remotely to trigger a memory leak or to cause a reload of the Cisco IOS device.
Cisco has released free software updates that address these vulnerabilities. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities addressed in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to provide voice over IP services.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml.
Open Caveats - Cisco IOS Release 12.4(11)XJ4
There are no open caveats in this release.
Resolved Caveats - Cisco IOS Release 12.4(11)XJ4
Miscellaneous Caveats
•
A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.
Cisco is providing fixed software to address this issue. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml.
•
Certain Cisco Catalyst 6500 Series and Cisco 7600 Router devices that run branches of Cisco IOS based on 12.2 can be vulnerable to a denial of service vulnerability that can prevent any traffic from entering an affected interface. For a device to be vulnerable, it must be configured for Open Shortest Path First (OSPF) Sham-Link and Multi Protocol Label Switching (MPLS) Virtual Private Networking (VPN). This vulnerability only affects Cisco Catalyst 6500 Series or Catalyst 7600 Series devices with the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720) or Route Switch Processor 720 (RSP720) modules. The Supervisor 32, Supervisor 720, Supervisor 720-3B, Supervisor 720-3BXL, Route Switch Processor 720, Route Switch Processor 720-3C, and Route Switch Processor 720-3CXL are all potentially vulnerable.
OSPF and MPLS VPNs are not enabled by default.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml.
•
Cisco IOS contains multiple vulnerabilities in the Data-link Switching (DLSw) feature that may result in a reload or memory leaks when processing specially crafted UDP or IP Protocol 91 packets.
Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtml
•
A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.
•
Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution.
The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The second vulnerability may consume all interface descriptor blocks on the affected device because those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly exploited, the memory and/or interface resources of the attacked device may be depleted.
Cisco has made free software available to address these vulnerabilities for affected customers.
There are no workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml
•
Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution.
The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The second vulnerability may consume all interface descriptor blocks on the affected device because those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly exploited, the memory and/or interface resources of the attacked device may be depleted.
Cisco has made free software available to address these vulnerabilities for affected customers.
There are no workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
CSCsi60004Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
CSCsi80749Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
Open Caveats - Cisco IOS Release 12.4(11)XJ3
There are no open caveats in this release.
Resolved Caveats - Cisco IOS Release 12.4(11)XJ3
There are no resolved caveats in this release.
Open Caveats - Cisco IOS Release 12.4(11)XJ2
There are no open caveats in this release.
Resolved Caveats - Cisco IOS Release 12.4(11)XJ2
CSCec12299Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and using Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider Edge (PE) devices may permit information to propagate between VPNs.
Workarounds are available to help mitigate this vulnerability.
This issue is triggered by a logic error when processing extended communities on the PE device.
This issue cannot be deterministically exploited by an attacker.
Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-vpn.shtml.
CSCsf08998Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
CSCsd85587A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password).
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
The vulnerable cryptographic library is used in the following Cisco products:
–
–
–
–
–
This vulnerability is also being tracked by CERT/CC as VU#754281.
Cisco has made free software available to address this vulnerability for affected customers. There are no workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
Note
Open Caveats - Cisco IOS Release 12.4(11)XJ
There are no open caveats in this release.
Resolved Caveats - Cisco IOS Release 12.4(11)XJ
CSCse89321: DTMF path not getting confirmed in sip media forking callSymptom There is no end-to-end DTMF path confirmation.
Workaround
CSCsf26561: User portion of Diversion header is incorrect when calling through AASymptom Tests on customer setup have revealed that PSTN to AA --> tx to SCCP phone--> CFWD to CUE/PSTN has an issue. The 302 Moved Temporarily from CME to BroadSoft has a Diversion header whose user portion is the private extension #, not the expanded DID # due to which the subsequent call fails.
Workaround
CSCsf32028: Host portion of Refer-To: header must be an Address of RecordSymptom SIP trunking environments (for example, Cbeyond) need the URIs to carry Address of Record [AOR] in many SIP headers.
Workaround
CSCsg17289: DNS-SRV issues for SIP registrationsSymptom Registrar, both the dial-peers would try to send a REGISTER request sequentially. When first Dial-peer (D1) is sending REGISTER Request, the registrar cache is empty. It first sends a DNS query (SRV). After getting the DNS Response, it updates the Registrar cache and sends the REGISTER request to Registrar R1. dns_count variable here is set to SIP_DNS_MODE.
When second dial-peer is sending REGISTER request, it finds the resolved IP address in registrar cache (R1) so it sends the REGISTER request to R1. dns_count variable here is set to SIP_NON_DNS_MODE. But both the REGISTER request fails as R1 is down.
As D1 is set to SIP_DNS_MODE, D1 would send a DNS query again with incremented dns_count to get any alternate Registrar and it gets R2. It sends REGISTER request to R2 and gets successfully registered. As D2 is set to SIP_NON_DNS_MODE, it does not retry the DNS query and simply backs off for period REG_EXPIRES/20.
Workaround
CSCsg18902: Blind transfer is not working on SIP trunkSymptom Blind transfer failed on SCCP endpoint over SIP trunk
Conditions
Workaround
CSCsg30101:CME: dtmf-relay force rtp-nte CLI does not workSymptom The voice-class sip dtmf-relay force rtp-nte command does not work.
Conditions
As a result, rfc2833 is not negotiated and hence DTMF is sent raw inband. When PSTN caller presses DTMF digits after being prompted by AA, nothing works, since the CME cannot convert raw-inband DTMF to NOTIFY. With 12.4-4T3 the CME replied to the PSTN gw with g711u and rfc2833(PT=101).
Workaround
CSCsg39750: Spurious mem access/traceback while resetting sip phone with presenceSolution
Workaround
CSCsg46362: contact header incorrect in 302 message using sip-srst redirect modeSymptom The contact header ip address is incorrect in the 302 message sent by SIP SRST in redirect mode. As the result basic call fails in this mode. B2b mode is working okay.
Workaround
CSCsg46411: CME does not send a REFER over SIP trunk for calls involving AASymptom CME fails to send a REFER over the SIP trunk for calls coming into the CUE-AA and being transferred to a local extension.
Conditions
Workaround
CSCsg51244: CME does not send 3xx messages for transfer --> forward scenariosSymptom CME does not send a 3xx message during call fwd if there was a call-transfer invoked before the call-forward happens.
Conditions
Workaround
CSCsg51259: DTMF stops working after consult transfer to called party mailboxSymptom PSTN connects to extension A, A transfers to B, B's CUE voicemail answers due to CFNA, A does a full consult transfer to B's CUE voicemail.
Conditions
Workaround
CSCek61666: Ephone DNs get stuck in SEIZE state under certain conditionsSymptom Ephone DNs gets stuck in seize state under certain conditions, particularly under the following sequence:
1. phone-A has multiple trunk-DNs configured.2. Call comes in on one of trunk-DN, say DN1. Call is answered and thetransfer button is pressed and another extension (DN3) is dialed.The dialed extension answers the call.3. At this time, the user on phone-A goes offhook on another trunk DN(say DN2), and dials one digit.4. The PSTN user who is connected to DN1 hangs up and so does DN3The above sequence gets both channels of DN1 into SEIZE state.
Conditions
Workaround
CSCek37305: Cisco 7200 router crashes at get_hwidb_if_sameSymptom Router crashes on unconfiguring T1 controller with interface configured for RTP priority.
Conditions
Workaround
CSCek39470: Router memory leak due to pak subblock chunk leaking with crypto+BVISymptom Cisco IOS router running 12.4 may experience per packet memory leak due to pak subblock leak in Process memPool (not in IO mem pool). The symptom is: show proc mem 1 output seeing the first allocator's memory count is keep growing, and never decrease.
Conditions
Workaround
•
Symptom NAT overloading from inside source address to an outside interface may fail.
Conditions
Workaround
•
Symptom The ephone DN may get stuck in SEIZED state and one-way audio would occur afterwards.
Conditions
Workaround
•
Symptom When PPP Multilink is enabled over a PPP over Ethernet (PPPoE) session, outbound packets are incorrectly sent without PPPoE headers. This causes them to be dropped.
Conditions
Workaround
CSCir00074: Router crashes when casnDisconnect is set to true for pppoe sessionSymptom A router crashes when the casnDisconnect object is set to "true" for a PPPoE session.
Conditions
Workaround
CSCir00530: CJ-Ph2:Entry missing in cefcModuleTable for a CJ PA in Escort slotSymptom Entry for Crackerjack PA missing from cefcModuleTable.
Conditions
Workaround
CSCsc48536: A router may reload unexpected due to bus error at ipnat_lock_natSymptom A Cisco router may reload unexpectedly with a bus error exception.
Conditions
Workaround
CSCsd50476: When channel-group configured serial interface goes down CSCse35510 OER misidentifying overlapping prefixesSymptom A serial link goes down.
Conditions
Workaround
CSCse46648: IP Address Getting Removed From Interface On Deleting Crypto ConfigSymptom IP address removal from a physical interface
Conditions
Workaround
CSCse88584: Router proposes the default ISKMP policy if configured one does not matcSymptom Router is proposing the default ISAKMP policy if the configured one does not match
Workaround
CSCsf16536: IOSIPS - router crashes at tw_timer_start with sig action denyFlowInlineSymptom A Cisco IOS router may experience a unexpected reload.
Conditions
Workaround
CSCsf27796: 1841 router reloads at retparticle with %SYS-2-BADSHARE errorSymptom A 1841 router may reload at retparticle with %SYS-2-BADSHARE errors.
Conditions
Workaround
CSCsg02881: MLP: Bandwidth of down MLP group should be sum of member bandwidthsSymptom The bandwidth of a multilink group interface that is down does not reflect the actual bandwidths of the links that are configured as members of the multilink group. In Cisco IOS Release 12.4(8) and later, the multilink interface bandwidth reflects the bandwidth of the last link in the bundle prior to going down. In earlier versions, the bandwidth is restored to 100000 Kbps.
Conditions
Workaround
CSCsg10159: Successive Default route ctrl fails on different link but on same routerSymptom Default route withdrawn message is send from BR immediately after successful control of default roue. And prefix goes to DEFAULT state.
Conditions
Workaround
CSCsg12813: Speech loss after receiving MDCX from PGWSymptom A Cisco AS5400 gateway may change it's RTP sequence numbers after receiving a MDCX command. The RTP Stream SSRC is always the same but the Sequence Number seems to be randomly initiated again.
Conditions
Workaround
CSCsg16186: SCMabort Event crash seen on NPE-G2Symptom System may crash during bootup.
Conditions
Workaround
Further Problem Description: You should see SCM Abort message in the crash info file.
CSCsg16748: ABR deletes OSPF type 3 LSA after it received max-aged type 2 LSASymptom In the situation ABR has both type 2 LSA and type 1 LSA for a prefix, ABR deletes type 3 LSA if it received max-aged type 2 LSA.
Workaround
CSCsg33172: IPS 5.0: Provide more informational error message XML and namesSymptom A few inconsistent error message.
Conditions
Workaround
•
Symptom Under some conditions redistributed static routes are sent out with metric 16
Conditions
Workaround
•
Symptom When EZVPN client is configured with "acl" keyword, the tunneled (vpn) traffic also gets NATed.
Conditions
Example:
crypto ipsec client ezvpn hwclientconnect autogroup cisco key cisco123mode network-extensionpeer 10.1.1.1acl 103access-list 103 permit ip 192.168.100.0 0.0.0.255 192.168.1.0 0.0.0.255
This occurs when the following is true:
1) ezvpn client is configured
2) interesting tunnel traffic is defined using the "acl" keyword under global ezvpn configuration
3) NAT is configured
Workaround
CSCsg39961: crash sending pki request to CA CSCsg43460 Improve NPE-G2 ENVM handlingSymptom A router may unexpectedly reload when trying to send a PKI request to a CA.
Conditions
Workaround
CSCsg46546: Erroneous alerting during pickup with CSCek58324 scenarioSymptom Pickup will result in alerting from the pickup target instead of connected.
Conditions
Workaround
CSCsg47834: NACK is observed for Open voice channel commandSymptom NACK message may be received from 5510 DSP in response to Open Voice Channel command sent by the Cisco IOS software.
2568288: Oct 24 13:11:33.240: //-1/xxxxxxxxxxxx/HPI/[]/hpi_tx_global_debug_info:DSP 3/0x3 port INVALID_CHANNEL_STATE(85), info 0x01(1)DSP 3/0x00000003 port mode CLOSED(1), state UNDEFINED(133), NACKed message 74/0x4A @0DSP message header 0008 0003 004A 0001 Payload: 0x0000 0x0000 0xFFFF 0x0000Conditions
Workaround
1) Disable Transcoding
(or)
2) Make sure that the Transoding and Voice Termination are on different DSP(s).
This can be performed by configuring the maximum number of transcoding sessions to a value such that it would require a multiple of 240 DSP credits.
Example 1:
In the following configuration each transcoding session (complexity=high) will require 40 DSP credits. In order to use a multiple of 240 credits, we need to set the maximum transcoding sessions to 6 (6 * 40 = 240) or any multiple of 6.
dspfarm profile 1 transcodecodec g711ulawcodec g729r8associate application SCCPRouter(conf-t)#dspfarm profile 1 transcodeRouter(config-dspfarm-profile)#maximum sessions 6Example 2:
In the following configuration each transcoding session (complexity=medium) will require 30 DSP credits. In order to use a multiple of 240 credits, we need to set the maximum transcoding sessions to 8 (8 * 30 = 240) or any multiple of 8.
dspfarm profile 2 transcodecodec g711ulawcodec g711alawcodec g729ar8codec g729abr8associate application SCCPRouter(conf-t)#dspfarm profile 2 transcodeRouter(config-dspfarm-profile)#maximum sessions 8Use show voice dsp group all command to verify DSP resource allocation.
Note: Each 5510 DSP has 240 Credits. This work-around cannot be implemented if the router has only one PVDM2-16 which has only one DSP.
CSCsg48183: Unforeseen ARP request send from all interfacesSymptom A router may unexpectedly send an ARP request from all its active interfaces to the nexthop of the network of an SNMP server.
Conditions
–
–
–
Workaround
CSCsg57228: IPS5.0: c871 reloads using IOS-S222 package fileSymptom Router crashes loading the IOS signature package file
Conditions
Workaround
CSCsg68199: Trunk DN offhook is not propagated to a phone already in dial out modeSymptom Two IP Phones A and B are registered with Cisco CallManager Express; these phones share two trunk DNs 1 & 2. If Phone-A goes offhook on DN-1 and Phone-B immediately goes offhook on DN-2. This condition should show the DN-2 button on Phone-A as busy which is not happening.
Conditions
Workaround
CSCsg68711: Incoming call in background does not audibly ring after transfer commitSymptom Phone does not ring for the second incoming call after committing transfer at alert for the first call.
Conditions
Workaround
CSCsg70221: DTMF through the hairpin of a trunk DN does not workSymptom DTMF tones are being suppressed to prevent duplicate DTMF tones from being extended to an SCCP controlled VG224 port. This problem is direct result of a fix implemented for correct CSCsf98754. The lack of DTMF prevents IVR devices from working correctly
Conditions
A call comes into a FXO port that is part of a trunk group and gets transferred to an extension that is hanging off of a vg224. DTMF is not relayed to the end point
Workaround
CSCsg70355: Adopt new default summer-time rules from Energy Policy Act of 2005Symptom Starting in calendar year 2007, daylight savings summer-time rules may cause Cisco IOS to generate timestamps (such as in syslog messages) that are off by one hour.
Conditions
Workaround
clock summer-time PDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00(this example is for the US/Pacific time zone)
CSCsg73806: Runaway debugs: AFW_Module_ObjectCount pCallIndSsSymptom A router may display the following message to the console repeatedly:
AFW_Module_ObjectCount pCallIndSs 1This is a cosmetic error. With the fix, this message will only be seen with debugs enabled.
Conditions
Workaround
CSCsg78801: 4.x MinHits or 5.0 event-count not summarizing correctlySymptom Min hit or event count not resetting correctly
Conditions
Workaround
CSCsg90212: VSA: Add code to handle CRNG failure interruptSymptom When VSA encounters a Continual RNG failure, the IOS will print the message
VSA encountered CRNG failureWorkaround
Additional References
The following sections describe the documentation available for the Cisco AS5350XM, Cisco AS5400XM, and Cisco AS5850 universal gateways. Typically, these documents consist of hardware and software installation guides, Cisco IOS configuration and command references, system error messages, feature modules, and other documents. Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online on Cisco.com in pdf or html form.
Use these release notes with the documents listed in the following sections:
Release-Specific Documents
The following documents are specific to Release 12.4 and apply to Cisco IOS Cisco IOS Release 12.4(11)XJ. They are located on Cisco.com:
To reach the Cross-Platform Release Notes for Cisco IOS Release 12.4(11)T, follow this path:
Technical Documents: Cisco IOS Software: Release 12.4: Release Notes
•
Technical Documents: Product Bulletins
•
Technical Documents: Cisco IOS Software: Release 12.4: Caveats
Platform-Specific Documents
Hardware installation guides, configuration and command reference guides, and additional documents specific to the Cisco AS5350XM, Cisco AS5400XM, and Cisco AS5850 universal gateways are available on Cisco.com at the following location:
http://www.cisco.com/en/US/products/hw/routers/tsd_products_support_category_home.html
This URL is subject to change without notice. If it changes, point your web browser to Cisco.com, and follow this path:
Technical Support & Documentation: Documentation: Access Servers and Access Routers: Access Servers: <platform_name>
Cisco Feature Navigator
Cisco Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a particular set of features and which features are supported in a particular Cisco IOS image. Cisco Feature Navigator is available 24 hours a day, 7 days a week.
To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, e-mail the Contact Database Administration group at cdbadmin@cisco.com. If you do not have an account on Cisco.com, go to http://www.cisco.com/register and follow the directions to set up an account.
To use Cisco Feature Navigator, you must have a JavaScript-enabled web browser such as Netscape 3.0 or later, or Internet Explorer 4.0 or later. Internet Explorer 4.0 always has JavaScript enabled. To enable JavaScript for Netscape 3.x or Netscape 4.x, follow the instructions provided with the web browser. For JavaScript support and enabling instructions for other browsers, check with the browser vendor.
Feature Navigator is updated when major Cisco IOS software releases and technology releases occur. You can access Feature Navigator at the following URL:
http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
Open Source License Acknowledgements
The following notices pertain to this software license.
OpenSSL/Open SSL Project
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
This product includes software written by Tim Hudson (tjh@cryptsoft.com).
License Issues
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.
OpenSSL License:
Copyright © 1998-2007 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1.
2.
3.
4.
5.
6.
"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS"' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).
Original SSLeay License:
Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
The implementation was written so as to conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).
Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1.
2.
3.
"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)".
The word `cryptographic' can be left out if the routines from the library being used are not cryptography-related.
4.
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].
Cisco IOS Software Documentation Set
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents that are shipped with your order in electronic form.
Documentation Modules
Each module in the Cisco IOS documentation set consists of one or more configuration guides and one or more corresponding command references. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference.Cisco IOS Software Documentation is available in html or pdf form.
Select your release and click the command references, configuration guides, or any other Cisco IOS documentation you need.
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feed-back, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Use this document in conjunction with the documents listed in the "Additional References" section.
CCVP, the Cisco logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networking Academy, Network Registrar, Packet, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0705R)
© 2007, Cisco Systems, Inc. All rights reserved.
