1. No category

PDF

Release Notes for SSG-MWAM Release 1.1 with
Cisco IOS Release 12.3(1a)BW
June 16, 2003
Product Numbers:
SC-SVC-SS10—Cisco MWAM Series Service Selection Gateway - Mobile Wireless
SC-SVC-SSP-10=—Service Selection Gateway with Prepaid license
SC-SVC-SSD-10=—Service Selection Gateway Layer 2 Tunneling Protocol dial out license
These release notes include important information and caveats for Cisco SSG-MWAM Release 1.1,
which provides the Service Selection Gateway (SSG) feature on the Multi-processor WAN Application
Module (MWAM) using Cisco IOS Release 12.3(1a)BW.
Cisco IOS Release 12.3(1a)BW is a special release required for Cisco SSG-MWAM Release 1.1 on the
Catalyst 6500/Cisco 7600 series platforms.
Caveats for Cisco IOS Releases 12.3 can be found on CCO at:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123relnt/xprn123/123mcavs.htm
Contents
This release note includes the following topics:
•
Introduction
•
System Requirements
•
Features
•
Configuration Options
•
Installation and Configuration Notes
•
Limitations, Restrictions, and Important Notes
•
Caveats
•
MIBs
Corporate Headquarters:
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
Copyright © 2002. Cisco Systems, Inc. All rights reserved.
Introduction
•
Related Documentation
•
Obtaining Documentation
•
Obtaining Technical Assistance
Introduction
Cisco SSG-MWAM Release 1.1 implements the SSG on the Multi-processor WAN Application Module
(MWAM). Cisco SSG-MWAM Release 1.1 increases session density and enhances interoperability with
other products based on the Catalyst 6500/Cisco 7600 series platform.
Multi-processor WAN Application Module
The MWAM provides three processor complexes with dual processors used in two of the complexes and
a single processor used in the remaining processor complex. This architecture provides five SSGs (see
Figure 1) on one module. In addition, each Catalyst 6500/Cisco 7600 chassis can be populated with
multiple MWAMs to enable a large number of subscribers to access network services under SSG control.
Figure 1
MWAM Architecture
89048
SSG
SSG
SSG
Switch
Fabric
interface
Processor complex
Processor complex
SSG
SSG
Processor complex
Daughter card
Multiprocessor WAN Application Module (base card)
The MWAM does not provide external ports but is connected to the switch fabric in the Catalyst
6500/Cisco 7600 chassis. An internal Gigabit Ethernet port provides an interface between each processor
complex and the Supervisor module. Virtual Local Area Networks (VLANs) direct traffic from external
ports via the Supervisor module to each SSG instance.
The MWAM provides an interface to the IOS image on the Supervisor module. The Supervisor module
software enables a single session to be established to each SSG on the MWAM(s) in the chassis. Each
session is used for configuring, monitoring, and troubleshooting the SSG. For information on
establishing sessions to SSG instances on the MWAM, refer to the Cisco Multi-Processor WAN
Application Module Installation and Configuration Notes:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/cfgnotes/mwam_icn.htm
The software image that provides the SSG feature is downloaded through the Supervisor module and
distributed to each processor complex on the MWAM(s). The same image is installed on all the
processors in the MWAM.
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
2
78-15466-02
System Requirements
Note
In this release, each SSG on the MWAM must be configured individually.
Service Selection Gateway
The SSG is a Cisco IOS software feature module that enables service providers to create new
revenue-generating opportunities by offering on-demand services. The SSG provides Remote
Authentication Dial-in User Service (RADIUS) authentication and accounting for user-interactive
policy routing to different IP destinations. This improves flexibility and convenience for subscribers,
including the ability to log on to multiple services simultaneously, and enables service providers to bill
subscribers based on connection time and services used, rather than charging a flat rate.
Traffic from the mobile user is addressed to an SSG on the MWAM. The request for access is forwarded
to the Authentication, Authorization, and Accounting (AAA) server, and the user is authenticated and
authorized to access the services defined in a user profile. Then data traffic is exchanged between the
user and servers in the service network. Each network is defined with its own VLAN, and all SSGs on
the MWAM access the same VLANs to receive and send data.
For more information about the features available in the SSG, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123limit/index.htm
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/wan_vcg.htm#1000988
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/wan_vcg.htm#1000988
http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guides_list.html
http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guides_list.html
System Requirements
System Requirements
This section describes system requirements for SSG-MWAM Release 1.1.
This section describes system requirements for SSG-MWAM Release 1.1.
Hardware
Hardware
The SSG-MWAM Release 1.1 requires the following hardware components:
The
• Catalyst
SSG-MWAM
6500/Cisco
Release
7600
1.1 series
requires
platform
the following hardware components:
•
Catalyst 6500/Cisco
Supervisor
module with
7600MSFC
series2platform
daughter card
•
Supervisor Engine 2 module with MSFC 2 daughter card
MWAM
A• Hardware-Software
Compatibility Matrix is available on CCO for users with CCO login accounts.
MWAM
This matrix allows users to search for supported hardware components by entering a Cisco platform and
A Hardware-Software Compatibility Matrix is available on CCO for users with CCO login accounts.
IOS Release. The Hardware-Software Compatibility Matrix tool is available at the following URL:
This matrix allows users to search for supported hardware components by entering a Cisco platform and
IOS http://www.cisco.com/cgi-bin/front.x/Support/HWSWmatrix/hwswmatrix.cgi
Release. The Hardware-Software Compatibility Matrix tool is available at the following URL:
http://www.cisco.com/cgi-bin/front.x/Support/HWSWmatrix/hwswmatrix.cgi
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
78-15466-02
3
System Requirements
Software
The SSG-MWAM Release 1.1 requires the following software components:
•
Cisco IOS 12.2(14)ZA2 release (or higher) on the Supervisor module
•
MWAM software, which includes:
– MWAM platform software
– Cisco IOS 12.3(1a)BW release
Cisco IOS Release 12.3(1a)BW is a special release that is developed on Cisco IOS Release 12.3 B train
and provides new SSG features (see Software Features section).
Cisco IOS Release 12.3(1a)BW supports the same features that are in previous Cisco IOS Release 12.3
releases, with the addition of MWAM platform support.
Memory
The MWAM provides two complexes that are equipped with 1 GB memory shared between two
processors (512 MB each). The remaining processor complex, the one with only one processor, is
equipped with 512 MB memory. The total memory capacity for the MWAM is 2.5 GB.
The MWAM memory cannot be configured.
Determining the Software Version
To determine the version of Cisco IOS software running on your MWAM, log in to the router on one of
the MWAM processors and enter the show version EXEC command:
Router# show version
Cisco Internetwork Operating System Software
IOS (tm) MWAM Software (MWAM-G4JS-M), Version 12.3(1a)BW, EARLY DEPLOYMENT RELEASE
SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Upgrading to a New Software Release
For information on upgrading to a new software release, see the product bulletin Cisco IOS Software
Upgrade Ordering Instructions located at:
http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/957_pp.htm
Upgrading IOS Image on MWAM
For information on upgrading SSG images on the MWAM, refer to the Cisco Multi-Processor WAN
Application Module Installation and Configuration Notes:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/cfgnotes/mwam_icn.htm
Note
The image download process loads the IOS image onto the three processor complexes on the MWAM.
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
4
78-15466-02
Features
Upgrading ROMMON Software
The SSG-MWAM R1.1 with Cisco IOS Release 12.3(1a)BW requires a ROMMON software upgrade.
To perform the ROMMON software upgrade, use the procedure provided in the Cisco Multi-Processor
WAN Application Module Installation and Configuration Notes.
Features
This section describes the features associated with the SSG-MWAM Release 1.1.
Hardware Features
The MWAM is built on a base card-to-daughter card configuration (Figure 1 on page 2). It provides three
SiByte (700MHz) processor complexes. Two of the processor complexes enable dual processors while
the third processor complex enables only one processor because of the memory configuration.
Each SiByte complex has a 1 Gigabit Ethernet (GE) interface to the switch fabric. This connection
appears as a GE interface from the Supervisor module.
The MWAM connects to the Catalyst 6500/Cisco 7600 bus for data and control traffic.
Software Features
The SSG-MWAM Release 1.1 introduces the following SSG features on the MWAM platform:
•
Transparent AutoLogon
•
SSG Enhancements
•
TCP Redirect Exclusion List
For more information about these features, refer to the following URL:
http://www.cisco.com/univercd//cc/td/doc/product/software/ios123/123newft/123limit/1231abw
The full description of SSG features is included in the release documentation (in the Service Selection
Gateway chapter):
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/wan_vcg.htm
Cisco IOS Feature Sets
The Cisco IOS software is packaged in feature sets consisting of software images—depending on the
platform. Each feature set contains a specific set of Cisco IOS features.
Cisco IOS Release 12.3(1a)BW supports the same feature sets as Cisco Release 12.3 B, with the
addition of the SSG that is optimized for the MWAM on the Catalyst 6500/Cisco 7600 series platforms.
Caution
Cisco IOS images with strong encryption (including, but not limited to 168-bit (3DES) data encryption
feature sets) are subject to United States government export controls and have limited distribution.
Strong encryption images to be installed outside the United States are likely to require an export license.
Customer orders may be denied or subject to delay due to United States government regulations. When
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
78-15466-02
5
Features
applicable, purchaser/user must obtain local import and use authorizations for all encryption strengths.
Please contact your sales representative or distributor for more information, or send an e-mail to
[email protected].
Performance
Each SSG instance on the MWAM is an individual router. Because the MWAM supports five SSGs, it
provides five times the session density (i.e., number of user sessions) of the NPE 400 7200/7400
platform. In addition, the MWAM processors provide twice the throughput of processors used in the NPE
400 7200/7400 platform. Overall, the MWAM improves SSG throughput by 5-10 times that of the NPE
400 7200/7400 platform.
External Interfaces
External physical interfaces provided by the supported platforms are not visible to the SSG software.
This is an important advantage of the MWAM implementation when compared to the Cisco 7200/7400
platform. The MWAM implementation protects the SSG from interface and link failures. As long as the
platform provides redundant links to other system components (e.g., GGSN, AAA servers), the SSG
configuration is not affected and its operation is maintained.
IP Address Management
The IP address management for the SSG on the MWAM is the same as the Cisco 7200/7400 platform
with one exception: virtual subinterfaces (VLANs) are required for uplink, downlink, and network
management paths.
Each SSG on the MWAM is configured with its own IP addresses including addresses for user traffic,
RADIUS client function, and network management.
Reliability/Availability
This section provides analysis of reliability/availability of the SSG on the MWAM in the Catalyst
6500/Cisco 7600 chassis in context with other Cisco features. The following features are considered:
•
SSG on MWAM
– Five SSGs on each MWAM
– Multiple MWAM cards installed in one chassis
•
RLB on Supervisor module
– Distributes traffic load among SSGs
– Provides SSG switchover
•
FWLB on Supervisor module or CSM—Provides the return traffic path through the same SSG that
forwarded the service request
The Server Load Balancing (SLB) function can be implemented in the Supervisor module to provide
RADIUS Load Balancing (RLB) across the SSGs on one or multiple MWAMs. The Content Switching
Module (CSM) can be used to provide Firewall Load Balancing (FWLB).
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
6
78-15466-02
Features
Note
While the RLB and FWLB features are not part of the SSG-MWAM Release 1.1, they are described here
to demonstrate their use in mobile wireless solutions that include MWAM-based SSGs.
RADIUS Load Balancer
The RLB feature is implemented in the Supervisor module. The RLB feature provides one virtual IP
address for all users accessing services and keeps the list of real IP addresses of all SSGs. The RLB
feature distributes the upstream traffic between SSGs by using the load-balancing mechanism. It keeps
the information about SSG assignment for each user session. When the RLB detects an SSG failure, it
directs traffic to another available SSG.
Firewall Load Balancer
The FWLB feature ensures that the downstream traffic from the network server to the user is sent to the
same SSG that handled the upstream traffic. The FWLB feature tracks all upstream traffic from an SSG
to a network server and links the SSG address with the user session. This information is used when the
downstream traffic from the server is received. The FWLB feature determines which SSG is handling
the user traffic.
The FWLB feature can be implemented in the CSM in the same chassis or in the Supervisor module in
different chassis.
System Modules
Each system module in the configuration provides its own degree of reliability/availability.
Supervisor Module
Two redundant Supervisor modules can be equipped in the same chassis using the Route Processor
Redundancy Plus (RPR+) protocol and the RLB. However, the RLB does not provide stateful failover in
this configuration (i.e., user sessions are lost).
If equipping redundant Supervisor modules in two chassis, the RLB can be configured with Hot Standby
Router Protocol (HSRP) between the two RLBs to provide stateful failover (i.e., user sessions are
maintained).
When configuring the Supervisor module for the FWLB feature, it must be equipped on a different
chassis than the one providing the RLB feature. If two chassis are used, the FWLB feature can be
configured with HSRP and provide stateful failover.
MWAM
One or more MWAMs can be equipped using stateless failover (provided by the RLB feature) between
SSGs. In a stateless failover, when user sessions are lost, the user must re-authenticate, but service access
is not denied.
CSM
Two redundant CSMs can be equipped. The FWLB feature is configured with HSRP to provide stateful
failover. No user sessions or data packets are lost.
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
78-15466-02
7
Features
Other Modules
Other service modules can be installed in the same Catalyst 6500/Cisco 7600 chassis that contains the
MWAM. For example, to provide advanced content billing, install the Content Services Gateway (CSG).
Configuration Options
The SSG-MWAM Release 1.1 can be implemented in a redundant configuration using one or two chassis
with the RLB feature providing the failover mechanism. The MWAM supports the Supervisor module
RPR+ feature. This feature enables the MWAM to continue to operate after the active Supervisor fails
and the secondary Supervisor takes over.
One Chassis Configuration
The following components are used in a typical one-chassis configuration:
•
Multiple MWAMs in the chassis, each module with five SSGs
•
Redundant Supervisor modules (Sup2) running RPR+
•
RLB feature on the Supervisor module to distribute load and provide failover for SSGs
•
Redundant FWLBs on CSMs running CSRP
Figure 2 shows an example of the one-chassis configuration.
Figure 2
Basic Configuration—One Chassis
Failure scenarios for the one-chassis configuration include the following:
•
Failed SSG or MWAM—User sessions are lost, but the traffic is redirected to active SSGs and users
can reactivate their sessions
•
Failed Supervisor module—User sessions are lost because the active RLB does not synchronize its
state with its backup
•
Failed FWLB—Stateful failover maintains user sessions
Two Chassis Configuration
For deployments requiring high reliability/availability, multiple MWAMs in two chassis can be used.
The two-chassis configuration uses the following components:
•
Two Supervisor modules in each chassis, configured for RLB
•
Multiple SSGs on multiple MWAMs
•
Οne FWLB/CSM on each chassis
•
Redundancy practices:
– HSRP between RLBs
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
8
78-15466-02
Features
– CSRP between FWLBs
– RPR+ between Supervisor modules in each chassis
– RLB failover for SSGs between modules in the same chassis or in two chassis
Figure 3 shows this configuration.
Figure 3
Primary
(active)
6500/7600
High Availability Configuration—Two-chassis Solution
Sup2
Sup2
SSG
SSG
SSG
FWLB
RLB
RLB
Network
services
CSM
Subscriber
access
HSRP
Standby
6500/7600
Dual
trunks
HSRP
CSRP alias
Sup2
Sup2
FWLB
RLB
RLB
CSM
SSG
SSG
SSG
CSRP
Network
services
89046
Subscriber
access
Failure scenarios for the two-chassis configuration include the following:
•
If one SSG fails, the RLB feature provides failover to another SSG; all sessions on the failed SSG
are lost and users must log in again.
Note
•
The end user may be required to reset the user application.
Failure of the Supervisor on the active chassis causes:
– Supervisor switchover to the standby Supervisor (using RPR+) in the same chassis
– MWAMs remain active
– RLB switchover to the standby RLB (using HSRP) in the second chassis
– All user sessions on MWAMs remain active
•
Failure of active FWLB causes stateful failover to the standby FWLB, maintaining user sessions
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
78-15466-02
9
Installation and Configuration Notes
Installation and Configuration Notes
For information on installing the MWAM, configuring it through the Command Line Interface (CLI),
and loading or upgrading IOS images on the MWAM, refer to the Cisco Multi-Processor WAN
Application Module Installation and Configuration Notes:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/cfgnotes/mwam_icn.htm
Limitations, Restrictions, and Important Notes
When working with the MWAM, observe the following limitations, restrictions, and important notes:
•
Only five instances of the Cisco IOS image 12.3(1a)BW can be loaded onto the MWAM.
•
The same Cisco IOS image is loaded onto all processor complexes on the MWAM.
•
Session console is provided by TCP connection from the Supervisor module (no direct console).
•
Available memory for bootflash for saving crash information files is 500 KB.
•
Only five files can be stored in the bootflash file system.
•
If one processor in a processor complex fails, the second processor also fails, and both processors
must be reset.
•
Cisco IOS image 12.3(1a)BW contains a feature that is not fully functional unless you upgrade the
Supervisor image to 12.2(14)ZA4. This new feature will provide two configuration modes, local
mode and Supervisor mode.
The Supervisor mode provides storage of MWAM configurations on the Supervisor bootflash.
However, if the Supervisor is using an earlier image than 12.2(14)ZA4 and the MWAM is operating
in Supervisor mode, you will encounter the following error messages during copy/write operations:
On the MWAM console:
Writing bootflash:SLOT6PC4.cfg % Connection
Writing bootflash:SLOT6PC4.cfg % Connection
Writing bootflash:SLOT6PC4.cfg % Connection
Writing bootflash:SLOT6PC4.cfg % Connection
% All writes to supervisor failed.
refused
refused
refused
refused
by
by
by
by
remote
remote
remote
remote
host
host
host
host
On the Supervisor console:
1w0d:%RCMD-4-RSHPORTATTEMPT:Attempted
1w0d:%RCMD-4-RSHPORTATTEMPT:Attempted
1w0d:%RCMD-4-RSHPORTATTEMPT:Attempted
1w0d:%RCMD-4-RSHPORTATTEMPT:Attempted
to
to
to
to
connect
connect
connect
connect
to
to
to
to
RSHELL
RSHELL
RSHELL
RSHELL
from
from
from
from
127.0.0.64
127.0.0.64
127.0.0.64
127.0.0.64
To verify that that the MWAM is in the Supervisor mode, establish a session to the MWAM
processor and enter the following commands:
mwam-6-4> enable
mwam-6-4# show mwam config-mode
mwam config-mode supervisor
To recover from this condition, enter the following command:
mwam-6-4# mwam config-mode local
Building configuration...
[OK]
Successfully changed mode:mwam config-mode local
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
10
78-15466-02
Caveats
Note
Issuing the mwam config-mode local command writes the running-config to the
startup-config in the NVRAM.
If you are equipping a new module for the first time and the Supervisor module has not been
upgraded to 12.2(14)ZA4, use mwam config-mode local to write the configuration for the first time
on each processor. Once the processor is in local mode, additional configuration changes can be
written through the IOS CLI. If an attempt to copy or write the configuration fails, use show mwam
config-mode to check the configuration mode. If the processor is in Supervisor mode, use mwam
config-mode local to write the running-config and return to local mode.
The new feature is documented in the MWAM Installation and Configuration Note:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/cfgnotes/mwam_icn.htm
Caveats
Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most
serious caveats; severity 2 caveats are less serious.
Caveats for Cisco IOS Releases 12.3 can be found on CCO at:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123relnt/xprn123/123mcavs.htm
Note
If you have an account with CCO, you can use Bug Navigator II to find caveats of any severity for any
release. You can reach Bug Navigator II on CCO at Software Center: Cisco IOS Software: Cisco Bug
Toolkit: Cisco Bugtool Navigator II, or at http://www.cisco.com/support/bugtools.
Caveats for 12.2(14)ZA2 (and higher)
For a list of caveats for 12.2(14)ZA2 (and higher), see the release notes at the following URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/prod_release_note09186a0080145494.html
Caveats in Cisco IOS Release 12.3(1a)BW
•
CSCea28131
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a
Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by
default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the
malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject
a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this
advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
78-15466-02
11
Caveats
The following is a list of caveats that are open in the Cisco IOS Release 12.3(1a)BW:
•
CSCec12911
Description: If the connection to the LNS fails because of LNS rebooting or redundant LNS
failover, the SSG sends L2TP Hello packets to tear down the control connection and re-establish the
tunnel to the redundant LNS. This action requires approximately 110 seconds to complete. During
this time, excessive L2TP Hello packets are sent to the LNS.
Workaround: There is no workaround.
•
CSCin52503
Description: The high byte count in the SSG accounting records for connections can be wrong when
there more than 4 GB are accounted for a connection within the interim accounting interval. This
happens when the SSG accounting feature is enabled.
Workaround: Use a shorter interim accounting interval to ensure that traffic from or to a service
for a single host does not exceed 4 GB in that period.
•
CSCin52887
Description: During L2TP tunnel service activation for an SSG user, the last character in the user
name is not sent in the L2TP AVP. This condition does not affect the authentication for tunnel
services.
Workaround: There is no workaround.
•
CSCin54109
Description: A router with the SSG RADIUS proxy feature enabled may reload when a RADIUS
proxy user attempts to log in.
Workaround: Ensure that the correct realm VSA is present in the response.
•
CSCea78894
Description: The final packets (identified by FIN-Flag) of a TCP session through an L2TP tunnel
are not routed through the tunnel. Instead, they are routed normally without NAT. This condition
occurs only when there is a default route (0.0.0.0;0.0.0.0).
Workaround: Configure the default route in the service profile as follows:
R128.0.0.0;128.0.0.0
R64.0.0.0;192.0.0.0
R32.0.0.0;224.0.0.0
R16.0.0.0;240.0.0.0
R8.0.0.0;248.0.0.0
R4.0.0.0;252.0.0.0
R2.0.0.0;254.0.0.0
R1.0.0.0;255.0.0.0
•
CSCeb60723
Description: In RADIUS proxy mode, the SSG is not forwarding the authentication and
authorization RADIUS retry packets from the NAS to the AAA server. Instead, the SSG is sending
retries on behalf of the NAS. This behavior can create some inconsistencies in the subscriber
active/inactive state among the NAS, SSG, and AAA server. In the RADIUS proxy mode, the SSG
should forward RADIUS retry packets from the NAS and proxy the response from the AAA server
back to the NAS.
Workaround: Make the NAS time (RADIUS timeout*Retry) greater than the SSG time (RADIUS
timeout*Retry).
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
12
78-15466-02
Caveats
•
CSCec12923
Description: The SSG supports only the broadcasting of host and service accounting packets to
multiple AAA servers based on the configuration. However, in RADIUS proxy mode, the SSG is not
sending the accounting packets from the NAS to multiple AAA servers.
Workaround: There is no workaround.
•
CSCin45858
Description: The SSG does not forward user traffic to services for certain networks. Upstream
packets from the user toward the service are dropped. The following error message is displayed if
debug ssg data is enabled:
SSG-DATA: CEF-UPST: Unable to find adjacency. Punt (FastEthernet0/0 :
10.0.1.1->10.1.1.1)
SSG-DATA: PROC-UPST : IDB is NULL. Drop (FastEthernet0/0 : 10.0.1.1->10.1.1.1)
This happens when the destination address falls into a service network of 0.0.0.0 with a non-zero
netmask.
Workaround: Replace the service network to ensure that at least one bit matches the destination
address.
•
CSCin52726
Description: The SSG does not send the called-station-id in all RADIUS packets sent to the remote
AAA server. The remote AAA server must be specified by the "S" attribute included in the service
profile.
Workaround: There is no workaround.
Cisco MWAM Caveats for Cisco IOS Release 12.3(1a)BW
The following is a list of Cisco MWAM caveats that are open for Cisco IOS Release 12.3(1a)BW:
•
CSCeb01237
Description: Unable to display the name of the MWAM image from the Supervisor console.
Workaround: Use the show version command to view the IOS image from the MWAM processor.
•
CSCeb38142
Description: MWAM VLAN interfaces stop responding when the Cisco 7609 router is rebooted.
Ping packets sent from the Supervisor to the MWAM fail.
Workaround: Reset the MWAM from the Supervisor using the hw-module module slot reset
command.
•
CSCeb39264
Description: Cannot copy a file to the bootflash of MWAM CPU with an existing name.
An attempt to copy a file to the bootflash:partition of an MWAM processor with a destination
filename that already exists on this partition will fail. A copy cannot be made to a file that already
exists. The following error message is displayed:
%Error opening bootflash:/running-config (File exists)
Workaround: Delete the file before attempting to overwrite an existing file.
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
78-15466-02
13
Caveats
•
CSCeb59614
Description: MWAM traffic shaping does not function with MWAM Gigabit Ethernet interfaces.
Traffic shaping configurations on MWAM gig0/0 interface has no effect. The driver for MWAM
gig0/0 interface does not support traffic shaping.
Workaround: There is currently no known workaround.
•
CSCeb01522
Description: When an MWAM is removed from a slot, the MWAM configuration files remain with
the MWAM. A replacement MWAM in the same slot must then be fully reconfigured. Also, when
an MWAM is moved from one slot to another, the configuration files move with the MWAM instead
of being associated with the original slot.
Workaround: Follow the steps provided below:
a. Whenever you perform the copy running-config startup-config or write memory operation
from an MWAM console, always use the copy startup-config tftp://server_name/file_name to
copy the MWAM configuration file to an external server. Perform this operation for each
MWAM processor.
b. Before moving the MWAM, issue the write erase command at the console of each MWAM
image.
c. After installing the MWAM in its new slot, issue the following commands at the consoles of
each MWAM processor:
copy tftp://server_name/file_name running-config
copy running-config startup-config
Note
•
If a TFTP server is unavailable, any bootflash device (slot0: or disk0:) on the Supervisor
module can store the MWAM configuration files. This alternative requires configuring the
Supervisor for RCP only (not TFTP). It also requires creating empty (i.e., dummy)
configuration files on the Supervisor module. The MWAM configuration files are addressed
to the Supervisor module using the address:128.0.0.x where x is the Supervisor slot (e.g.,
128.0.0.1). The bootflash then becomes the preferred device. Use the file naming convention
SLOTxPCy.cfg, where x is the MWAM slot and y is the MWAM processor number. This
convention facilitates migration to a future MWAM feature that resolves this problem.
CSCeb48018
Description: When traffic is being received at 100% CPU, MWAM processors reload.
Workaround: Reduce the CPU from 100% to 90%.
•
CSCeb58650
Description: When multiple MWAMs are reset at the same time using the hw-module module
slot_number reset command, on rare occasions the MWAM will fail to boot (remain in a PwrDown
state) and the following message will display on the Supervisor console:
SP: oir_disable_notice: slot12: lcp failed to go online
Workaround: If this condition should occur, bring the MWAM back to an operational state by
issuing the hw-module module slot_number reset command.
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
14
78-15466-02
MIBs
•
CSCin51015
Description: SNMP query for CISCO-FLASH-MIB does not populate values. The fields of the
CISCO-FLASH-MIB are currently not populated for the flash devices dedicated to each of the
processors of the MWAM. When the CISCO-FLASH-MIB of a MWAM processor is queried, the
fields of this MIB will incorrectly appear as if there is no flash device for this processor.
Workaround: There is currently no known workaround.
•
CSCin51016
Description: SNMP query for variable chassisType(1.3.6.1.4.1.9.3.6.1) returns -1 for MWAM
module.
Workaround: There is currently no known workaround.
•
CSCin56742
Description: Issuing the copy running-config startup-config command from the MWAM console
fails to write the configuration to the standby Supervisor module.
Workaround: Two workarounds are available:
a. Issue the mwam bootflash access command from the Supervisor console. If a switch-over
occurs or if you reload the standby Supervisor module, you must re-issue the mwam bootflash
access command.
b. Generate the startup-config file, copy it (TFTP) to a location for editing, and add the line mwam
bootflash access. Then copy the file back to startup-config and reload the Supervisor modules.
This action enables mwam bootflash access on reloading. However, if you copy the
running-config to startup-config on the Supervisor, you remove this configuration and must
repeat this workaround.
•
CSCec36798
Description: When a chassis is reloaded and contains multiple MWAMs that are running in the
Supervisor configuration mode (i.e., MWAM configurations stored on the Supervisor bootflash),
some of MWAM processors may not receive their configurations from the Supervisor bootflash.
Workaround: Two workarounds are available:
a. Reset the MWAM from the Supervisor console and verify the configuration on each processor.
If a processor is found to have no configuration file, reload only that processor.
b. Use local configuration mode on the MWAM instead of the Supervisor configuration mode.
MIBs
No new or modified MIBs are supported by the SSG-MWAM Release 1.1 feature.
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules,
go to the Cisco MIB website on Cisco.com at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
78-15466-02
15
Related Documentation
Related Documentation
Except for feature modules, documentation is available as printed manuals or electronic documents.
Feature modules are available online on CCO and the Documentation CD-ROM.
Use these release notes with these documents:
•
Release-Specific Documents, page 16
•
Platform-Specific Documents, page 17
•
Feature Modules, page 17
•
Cisco IOS Software Documentation Set, page 18
Release-Specific Documents
The following documents are specific to Release 12.3 and are located on CCO and the Documentation
CD-ROM:
•
Release Notes for Cisco IOS Release 12.2(14)ZA3 on the Catalyst 6500 Series and Cisco 7600
Series Supervisor Engine and MSFC
•
Cross-Platform Release Notes for Cisco IOS Release 12.3
On CCO at:
Technical Documents: Cisco IOS Software Configuration: Cisco IOS Release 12.3: Release
Notes: Cross-Platform Release Notes
•
Caveats for Cisco IOS Release 12.2 T
See Caveats for Cisco IOS Release 12.2 and Caveats for Cisco IOS Release 12.2T, which contain
caveats applicable to all platforms for all maintenance releases of Release 12.2 and Release 12.2 T.
On CCO at:
Technical Documents: Cisco IOS Software Configuration: Cisco IOS Release 12.2: Caveats
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.2:
Caveats
Note
•
If you have an account with CCO, you can use Bug Navigator II to find caveats of any
severity for any release. You can reach Bug Navigator II on CCO at Software Center:
Cisco IOS Software: Cisco Bug Toolkit: Cisco Bugtool Navigator II, or at
http://www.cisco.com/support/bugtools.
Product bulletins, field notices, and other release-specific documents on CCO at:
Technical Documents
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
16
78-15466-02
Related Documentation
Platform-Specific Documents
These documents are available for the Catalyst 6500/Cisco 7600 series platforms on Cisco.com and the
Documentation CD-ROM:
•
Cisco Multi-Processor WAN Application Module Installation and Configuration Notes
•
Catalyst 6500 Series Switch Documentation:
– Catalyst 6500 Series Switch Module Installation Guide
– Catalyst 6500 Series Switch Installation Guide
– Multi-processor WAN Application Module Installation and Configuration Note
•
Cisco 7600 Series Routers Documentation:
– Cisco 7600 Series Internet Router Installation Guide
– Cisco 7600 Series Internet Router Module Installation Guide
– Cisco 7609 Internet Router Installation Guide
Catalyst 6500 Series Switch Documentation is available at the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/index.htm
Cisco 7600 Series Routers Documentation is available at the following URL:
http://www.cisco.com/en/US/products/hw/routers/ps368/prod_technical_documentation.html
Feature Modules
Feature modules describe new features and are updates to the Cisco IOS documentation set. A feature
module consists of a brief overview of the feature, benefits, configuration tasks, and a command
reference. As updates, the feature modules are available online only. Feature module information is
incorporated in the next printing of the Cisco IOS documentation set.
For more information about SSG, see the following documents:
•
Transparent AutoLogon
•
SSG Enhancements
•
TCP Redirect Enhancements
•
Cisco IOS Wide-Area Networking Configuration Guide, Release 12.3 (chapter on Service Selection
Gateway)
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
78-15466-02
17
Related Documentation
Cisco IOS Software Documentation Set
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS
command references, and several other supporting documents that are shipped with your order in
electronic form on the Documentation CD-ROM, unless you specifically ordered the printed versions.
Documentation Modules
Each module in the Cisco IOS documentation set consists of two books: a configuration guide and a
corresponding command reference. Chapters in a configuration guide describe protocols, configuration
tasks, Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters
in a command reference provide complete command syntax information. Use each configuration guide
with its corresponding command reference.
On CCO and the Documentation CD-ROM, two master hot-linked documents provide information for
the Cisco IOS software documentation set.
On CCO at:
Technical Documents: Cisco IOS Software Configuration: Cisco IOS Release 12.3: Configuration
Guides and Command References
Release 12.3 Documentation Set
You can find the most current Cisco IOS documentation on CCO and the Documentation CD-ROM.
These electronic documents may contain updates and modifications made after the hard-copy documents
were printed.
On CCO at:
Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS
Release 12.3
Note
Cisco Management Information Base (MIB) User Quick Reference is no longer published. If you have
an account with CCO, you can find the current list of MIBs supported by Cisco. To reach the Cisco
Network Management Toolkit, go to CCO, press Login: Technical Support: Software Center:
Network Mgmt Software: Cisco Network Management Toolkit: Cisco MIBs.
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
18
78-15466-02
Obtaining Documentation
Obtaining Documentation
These sections explain how to obtain documentation from Cisco Systems.
World Wide Web
You can access the most current Cisco documentation on the World Wide Web at this URL:
http://www.cisco.com
Translated documentation is available at this URL:
http://www.cisco.com/public/countries_languages.shtml
Ordering Documentation
You can order Cisco documentation in these ways:
•
Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from
the Networking Products MarketPlace:
http://www.cisco.com/cgi-bin/order/order_root.pl
•
Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription
Store:
http://www.cisco.com/go/subscription
•
Nonregistered Cisco.com users can order documentation through a local account representative by
calling Cisco Systems Corporate Headquarters (California, U.S.A.) at 408 526-7208 or, elsewhere
in North America, by calling 800 553-NETS (6387).
Documentation Feedback
You can submit comments electronically on Cisco.com. In the Cisco Documentation home page, click
the Fax or Email option in the “Leave Feedback” section at the bottom of the page.
You can e-mail your comments to [email protected].
You can submit your comments by mail by using the response card behind the front cover of your
document or by writing to the following address:
Cisco Systems
Attn: Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
78-15466-02
19
Obtaining Technical Assistance
Obtaining Technical Assistance
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can
obtain online documentation, troubleshooting tips, and sample configurations from online tools by using
the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access
to the technical support resources on the Cisco TAC Web Site.
Cisco.com
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open
access to Cisco information, networking solutions, services, programs, and resources at any time, from
anywhere in the world.
Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a
broad range of features and services to help you with these tasks:
•
Streamline business processes and improve productivity
•
Resolve technical issues with online support
•
Download and test software packages
•
Order Cisco learning materials and merchandise
•
Register for online skill assessment, training, and certification programs
If you want to obtain customized information and service, you can self-register on Cisco.com. To access
Cisco.com, go to this URL:
http://www.cisco.com
Technical Assistance Center
The Cisco Technical Assistance Center (TAC) is available to all customers who need technical assistance
with a Cisco product, technology, or solution. Two levels of support are available: the Cisco TAC
Web Site and the Cisco TAC Escalation Center.
Cisco TAC inquiries are categorized according to the urgency of the issue:
•
Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities,
product installation, or basic product configuration.
•
Priority level 3 (P3)—Your network performance is degraded. Network functionality is noticeably
impaired, but most business operations continue.
•
Priority level 2 (P2)—Your production network is severely degraded, affecting significant aspects
of business operations. No workaround is available.
•
Priority level 1 (P1)—Your production network is down, and a critical impact to business operations
will occur if service is not restored quickly. No workaround is available.
The Cisco TAC resource that you choose is based on the priority of the problem and the conditions of
service contracts, when applicable.
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
20
78-15466-02
Obtaining Technical Assistance
Cisco TAC Web Site
You can use the Cisco TAC Web Site to resolve P3 and P4 issues yourself, saving both cost and time.
The site provides around-the-clock access to online tools, knowledge bases, and software. To access the
Cisco TAC Web Site, go to this URL:
http://www.cisco.com/tac
All customers, partners, and resellers who have a valid Cisco service contract have complete access to
the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a
Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or
password, go to this URL to register:
http://www.cisco.com/register/
If you are a Cisco.com registered user, and you cannot resolve your technical issues by using the Cisco
TAC Web Site, you can open a case online by using the TAC Case Open tool at this URL:
http://www.cisco.com/tac/caseopen
If you have Internet access, we recommend that you open P3 and P4 cases through the Cisco TAC
Web Site.
Cisco TAC Escalation Center
The Cisco TAC Escalation Center addresses priority level 1 or priority level 2 issues. These
classifications are assigned when severe network degradation significantly impacts business operations.
When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer
automatically opens a case.
To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to this URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
Before calling, please check with your network operations center to determine the level of Cisco support
services to which your company is entitled: for example, SMARTnet, SMARTnet Onsite, or Network
Supported Accounts (NSA). When you call the center, please have available your service agreement
number and your product serial number.
This document is to be used in conjunction with the documents listed in the “Related Documentation” section.
CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks
of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet,
ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo,
Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel,
EtherFast, EtherSwitch, Fast Step, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness
Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing,
Pre-Routing, ProConnect, RateMUX, Registrar, ScriptShare, SlideCast, SMARTnet, StrataView Plus, SwitchProbe, TeleRouter, The Fastest Way to
Increase Your Internet Quotient, TransPath, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and
certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply
a partnership relationship between Cisco and any other company. (0403R)
Copyright © 2004, Cisco Systems, Inc.
All rights reserved.
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
78-15466-02
21
Obtaining Technical Assistance
Release Notes for SSG-MWAM Release 1.1 with Cisco IOS Release 12.3(1a)BW
22
78-15466-02

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz