2650xm Ios
OL-5071-02These release notes for Cisco 2650, Cisco 2651, Cisco 2650XM, and Cisco 2651XM series routers describe the enhancements provided in the Cisco IOS Release 12.2(25)SW releases. These release notes are updated as needed.For a list of the software caveats that apply to Cisco IOS Release 12.2(25)SW, see the and Caveats for Cisco IOS Release 12.2. The caveats document is updated for every maintenance release and is located on Cisco.com and the Documentation CD-ROM.Use these release notes withCross-Platform Release Notes for Cisco IOS Release 12.2 located on Cisco.com and the Documentation CD-ROM.Cisco recommends that you view the field notices for this release to see if your software or hardware platforms are affected.
If you have an account on Cisco.com, you can find field notices at If you do not have a Cisco.com login account, you can find field notices at IOS Release 12.2(25)SW8 is synchronized with Cisco IOS Release 12.2(20.4)S and contains all of the fixes that are contained in Cisco IOS Release 12.2(20.4)S. Cisco IOS Release 12.2(25)SW8 is the migration path for Cisco IOS Release 12.2(4)MB. ContentsThese release notes describe the following topics:. IntroductionThe Cisco 2650 and Cisco 2651 are part of the Cisco 2600 series modular access router family. With the Cisco 2600 series, Cisco Systems extends enterprise-class and managed-services customer premise equipment (CPE) versatility, integration, and power to branch offices. The widely deployed Cisco 2600 series modular access routers are designed to enable customers to easily adopt future technologies and to scale network expansion.The Cisco 2600 series modular architecture provides the versatility needed to adapt to changes in network technology as new services and applications become available.
Driven by a powerful reduced instruction set computer (RISC) processor, the Cisco 2600 series supports the advanced quality of service (QoS), security, and network integration features required in evolving enterprise networks. System RequirementsThis section describes the system requirements for Cisco IOS Release 12.2(25)SW8 and includes the following sections:.
Memory Recommendations. IOS (tm) C2600 Software (C2600-ITP-M), Version 12.2(25)SW7, EARLY DEPLOYMENT RELEASESOFTWAREUpgrading to a New Software ReleaseFor general information about upgrading to a new software release, refer to located at the following URL:Feature Set TablesCisco IOS software is packaged in feature sets that consist of software images that support specific platforms. The feature sets available for a specific platform depend on which Cisco IOS software images are included in a release.
Each feature set contains a specific set of Cisco IOS features.The Cisco IOS Release 12.2(25)SW releases support the feature set that is found in the Cisco IOS Release 12.2 S IP image. Caution Cisco IOS images with strong encryption (including, but not limited to, 168-bit Triple Data Encryption Standard 3DES data encryption feature sets) are subject to United States government export controls and have limited distribution.
Strong encryption images to be installed outside the United States are likely to require an export license. Customer orders may be denied or subject to delay because of United States government regulations. When applicable, purchaser and user must obtain local import and use authorizations for all encryption strengths. Please contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com.lists the features and feature sets supported by the Cisco 2600 series in the Cisco IOS Release 12.2(25)SW releases. The following conventions are used:. Yes—The feature is supported in the software image. No—The feature is not supported in the software image.
In—The number in the 'In' column indicates the Cisco IOS release in which the feature was introduced. For example, (1)MB1 means a feature was introduced in Cisco IOS Release 12.2(1)MB1. If a cell in this column is empty, the feature was included in the initial base release. An ITP running with the SMSMO Proxy feature may reload if both of the following conditions are met:1) The SMS rules are using MLR result groups, AND2) There are currently no available members within the MLR result group.Workound: The short-term workaround is to create identical SMS result groups and use them explicitly in the SMS rulesets. Release 12.2(25)SW6. CSCsd63762: Network-appearance showing as negative number in ITP configSymptoms: The network-appearance command in AS configuration mode can range from 1 to.
However, when configuring values higher than (2 pow 31-1), the network-appearance shows up as a negative number in the router configuration. Upon reboot, the router will display an error when tries to configure such a network appearance.Workaround: Do not configure network-appearance values higher than. CSCsc78421: ITP: HSL links duplicate sscop retransmissionsSymptoms: An ITP configured with HSL links may sometimes retransmit lost SD PDUs twice instead of just onceConditions: This symptom occurs when a PDU must be transmitted followed by a POLL. The PDU is lost in flight. The remote side responds with a USTAT indicating the missing PDU followed by a STAT in response to the POLL (also indicating the missing PDU). The number 7 is any unused and shutdown port on the IMA PA.
This effectively sets each port to derive its clock from port 7 and then sets it back to source it from line. Release 12.2(25)SW5.
CSCsb91588: ITP SMS MO Proxy dlg fails when adding origin IMSISymtoms: This case exposes a defect introduced when the 'obtain origin IMSI' feature was added in 12.2(25)SW3. The problem is triggered when the origin IMSI is obtained and subsequently inserted into the proxied MO-FORWARD-SM dialogue. The addition of the IMSI is enough to exceed the maximum size that SCCP or MTP3 can transport without segmentation.
Conditions: HSL sscop timer commands are stored in incorrect order.Workaround: There is no workaround. CSCsc02671: ITP: Remote Inhibit Test not sent in ITU CSCsc12670 ITP: wrong effective dest address in show cs7 linkset detailsSymptoms: When the ITP receives a remote inhibit, it is supposed to start MTP3 timer T23. The ITP is supposed to send a Remote Inhibit Test message every T23. This prevents the link from being stuck in inhibit mode if the far-end uninhibits the link, but during this process the uninhibit message is lost.
The ITP is not sending the Remote Inhibit Test message.Conditions: This problem only occurs when the variant is ITU and a remote node inhibits a link.Workaround: Under normal conditions no action is required. When the remote side unihibits the link, this clears the remote inhibit status. The Remote Inhibit Test is designed to catch the case where the remote unihbiit message is lost. Conditions: The problem occurs when upgrading directly from Cisco IOS Release 12.2(4)MB10 or earlier to release 12.2(25)SW4a.Workaround: Upgrade the ITP from Cisco IOS Release 12.2(4)MB10 or earlier to release 12.2(25)SW3, and then upgrade from release 12.2(25)SW3 to release 12.2(25)SW4a. CSCsc62555: ITP SGMP: Binding is active on receiving ITP, inactive on other ITPSymptoms: For this CDETS fix, the logic is that a new binding is established when the ASP is already active on both ITPs.
In this case, the binding is active on the receiving ITP but inactive on the other ITP.Workaround: There is no workaround. Release 12.2(25)SW4 Resolved Caveats Cisco IOS Release 12.2(25)SW4. CSCei61732: Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. CnfFeatureConfigChanges 1.3.6.1.4.1.9.9.99999.1.3.4.1.6Release 12.2(25)SW1 Open Caveats—Cisco IOS Release 12.2(25)SW1.
CSCsa56453: DSMR: detailed show rule cmd needs cdr-service-queue parameterSymptoms: This issue may cause a crash even without the CDR variable because of string buffer overflow. The crash may happen if the maximum values are set for each parameter.Workaround: There is no workaround. Resolved Caveats—Cisco IOS Release 12.2(25)SW1. CSCeg08298: ITP: SCCP dest stuck in congestion when congested link failsSymptom: If a link in a multilink linkset fails while it is congested, and the other links in the linkset are available and not congested, GTT will treat destinations that use the linkset as still being congested, resulting in lost MSUs.Workaround: The problem will clear when the failed link recovers. Deleting and adding back the failed link will also clear the problem. CSCeg37718: ITP: Ordered multihomed address list cause unbalanced load sharingSymptom: The incoming TDM traffic is evenly distributed among the links within the incoming TDM linkset. When he ITP is configured for SCTP multihoming in configurations that balances the IP traffic over multiple IP interfaces, the SCTP traffic is not properly balanced over the IP interfaces.The show interface command statistics for the IP interfaces being used will have a large imbalance between the input and output packet statistics for the sending and receiving interfaces.Conditions: This problem was seen in 12.2(23)SW1.
With a configuration similar to the following. DescriptionCSCef29094ITP: crash during display of sh cs7 gtt configSymptom: ITP may crash during sh cs7 gtt config.Conditions: This crash is caused because of a prompt stuck at the automore state and then the GTT database is modified. If the propmt is continued is there is a smallchance of hitting a crash due to accessing freed memory.Workaround: Whenever the MORE prompt is seen during the display of GTT config, hit Q and re-enter the display command.
Avoid doing show commands while bulk loading or provisioning data.CSCef31588ITP: No response to RCP when summary route is availableSymptom: When summary route exists, and the ITP receives a cluster poll message (RCP orRCR) for a cluster that does not exist in the routing table, but is accessible by the summary route, the ITP does not respond to the poll message with a TCA. This causes the adjacent node to treat the cluster as unavailable when it is accessible.Workaround: Provision the cluster route or provision a full point code that is available within the cluster.For example if a summary route for 4-0-0/8 exists and is available, and the ITP is receiving poll messages for cluster 4-4-0 which does not exist as a provisioned route, the ITP will not respond to the poll. If the user provisions the cluster route 4-4-0/16, the ITP will respond correctly to the poll. Conditions: ITP running m3ua with multiple instances and pc-conversion configured. Malloc failure appears after about 7 minutes at about 2000 MSU/sec.Workaround: NoneCSCef69373ITP stop processing for few sec if write mem is issueSymptom: If a write mem is issued in a ITP router, a pause in the processing of data packets may be observed, possibly leading to lost calls and failed links during times of otherwise high CPU utilization.Workaround: This problem was introduced in 12.2(23)SW. One workaround is to use 12.2(21)SW, if possible.
Another workaround is to avoid issuing the write mem or copy running-config startup-config commands outside of a maintenance window or period of low traffic volume.CSCef95065ITP: route/gtt deploy adds delay to ss7 processingSymptom: During Route or GTT replace DB or Route/GTT deployment via SGM, processing time of SS7 traffic is impacted, causing added delay.Conditions: This could occur whenever the main RP is responsible for both SS7 processing and GTT/Route DB management. For example, this would not occur during VIP forwarding.Workaround: No work around in most circumstances. Best advice until fix is available, is to perform GTT and route management during off peak hours.CSCeg01587ITP: F5 OAM HSL ATM loopback cell transmission brokenSymptom: This caveat occurs on Cisco 7500-based ITP images using High Speed Signaling links when sending and receiving OAM cells.
This issue occurs on all 7500 based ITP images prior to 25SW. The problem only exhibits itself when the far end of the ATM link is configured to generate OAM cells, or the ITP itself is configured to generate OAM cells via the 'oam-pvc' command under the interface.Workaround: The work around is to not use OAM cells on the High Speed Signaling links or disable the pvc state from being tied to the acknowledgment of OAM cells.Typically, the pvc will be shown as 'down' on one or both sides of the link and the ITP may show input errors on the ATM interface.
The HSL link will eventually fail due to link test not being responded. This is due to the fact that the pvc is down and unable to pass traffic.Release 12.2(23)SW1 Open Caveats—Cisco IOS Release 12.2(23)SW1No open caveats specific to Cisco IOS Release 12.2(23)SW1 require documentation in the release notes. Resolved Caveats—Cisco IOS Release 12.2(23)SW1All the caveats listed in this section are resolved in Cisco IOS Release 12.2(23)SW1. This section describes only severity 1 and 2 caveats and select severity 3 caveats. Workaround: There is no workaround.Further Problem Description: It seems to be an issue in the source selection algorithm.CSCee41388ITP will send INIT immediately to second dest.
Address if lowerSymptom: When configuring a SCTP link on the Cisco IP Transfer Point (ITP), the INIT message is sent only to one destination address under certain circumstance.Conditions: This problem happens when there are two destination addresses configured for the SCTP link on the ITP and the second address is lower than the first address. Thus the INIT message will send only to the second destination address.Workaround: Swap the order of IP addresses on the SCTP link to force the order in which the addresses are used in the INIT.CSCee54303ITP: Non-segmented XUDT messages failed with Unequipped SSNSymptom: ITP MAP Proxy application reports Subsystem Number (SSN) unequipped error. Conditions: An extended unitdata (XUDT) message is received carrying the response to the MAP Send Authentication Info message sent by the Cisco IP Transfer Point (ITP).Workaround: Disable sending an XUDT message type to the Cisco ITP in the SS7 network.Further Problem Description: The Cisco ITP performs final Global Title Translation (GTT) for the XUDT message received, and sets the routing indicator (RI) to 'route-on-subsystem'. However, the delivery to the local subsystem fails as specified above.CSCee56986flapping primary address is used to send dataSymptom: The primary address of a multihomed association can fail when the Round Trip Time exceeds RTO for the number of maximum retries.
The Heartbeat exchange marks the primary address available again although the RTT still exceeds RTO, causing the primary address to fail again. CSCef08522ITP: Destinations flapping between Restricted and AllowedSymptom: The Cisco IP Transfer Point (ITP) tries to use the summary route and the Virtual linkset from 1 to 0 as a backup for the full point code (PC) routes in instance 1. Since the full PC is down, the summary route is used to instance 0 and in instance 0, there is a full PC route going back to instance 1.
This created a circular route within the ITP. This causes the destinations to change status rapidly from Restricted to Prohibited and back to Restricted. The ITP is designed to prevent message signal units (MSUs) from looping within the ITP. This means that if a full PC route exists in instance y, the ITP will not use the Virtual Linkset as a backup route. The ITP will use the Virtual Linkset as the primary route for any MSUs whose destination point codes (DPCs) does not match a full PC destination in the route table.Release 12.2(23)SW Open Caveats—Cisco IOS Release 12.2(23)SWNo open caveats specific to Cisco IOS Release 12.2(23)SW require documentation in the release notes.
Resolved Caveats—Cisco IOS Release 12.2(23)SWAll the caveats listed in this section are resolved in Cisco IOS Release 12.2(23)SW. This section describes only severity 1 and 2 caveats and select severity 3 caveats. Consider an M3UA AS that shares the local PC of the ITP in the above figure.Issue 1:If the signaling transfer point (STP) sends a TFR to the ITP with some concerned PC n.c.m (i.e. The destination parameter), then the ITP marks PC n.c.m as restricted in the route-table, but fails to send a DRST to the ASP.Issue 2:If the STP sends a TCR to the ITP with some concerned cluster n.c. (i.e.
2650 Mission St 94110
The destination parameter), then the ITP marks cluster n.c. as restricted in the route-table, but fails to send a DRST to the ASP.In both these cases, the DRST is not sent if the concerned destination on the ITP made a transition from Accessible status to Restricted status. The ITP does send DRST if the destination made a transition from Inaccessible status to Restricted status.Workaround: There is no workaround.Further Problem Description: None.Release 12.2(21)SW Open Caveats—Cisco IOS Release 12.2(21)SWNo open caveats specific to Cisco IOS Release 12.2(21)SW require documentation in the release notes.
Resolved Caveats—Cisco IOS Release 12.2(21)SWAll the caveats listed in this section are resolved in Cisco IOS Release 12.2(21)SW. This section describes only severity 1 and 2 caveats and select severity 3 caveats. DescriptionCSCed27956A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly.
2650 Mosswood Lane
Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.All Cisco products which contain TCP stack are susceptible to this vulnerability.This advisory is available at and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available atCSCed38527A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher.
The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session).
Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). DescriptionCSCec61182High CPU in Virtual exec after privilege configure level 7 cs7Symptom: This symptom is observed that a Cisco Route Switch Processor 8 (RSP8) that is running Cisco IOS Release 12.2(4)MB12 uses 100% of the CPU in the 'Virtual Exec' process, after you enter the privilege configure level 7 cs7 command in a Telnet session.Workaround: There is no workaround.CSCec62567ITP SGM have unusual high values (send Erlang values)Symptom: Sent-link utilization is incorrect in certain configurations.
The cgspLinkL2BytesSent(CISCO-ITP-GSP-MIB.my) and cItpSpLinkL2BytesSent (CISCO-ITP-SP-MIB.my) object provide incorrect values in these situations.This can result in incorrect information for send erlang values in SGM.Conditions: These symptoms may occur when you run routers on Cisco IOS Release 12.2(4)MB10 through Cisco IOS Release MB13, Cisco IOS Release 12.2(18)SW, or Cisco IOS Release 12.2(19)SW images.Workaround: There is no workaround.CSCec69259ITP-S: snmp traceback prior to cs7 configSymptom: Traceback occurs while walking the event table in CISCO-ITP-GSP2-MIB. This may happen with Simple Network Management Protocol (SNMP) configured but without the cs7 command configured.Conditions: These symptoms may occur when you run routers on IP Transfer Point (ITP) images Cisco IOS Release 12.2(4)MB6 through Cisco IOS Release 12.2(4)MB13, Cisco IOS Release 12.2(18)SW, or Cisco IOS Release 12.2(19)SW.After a reboot, a walk of the event table in CISCO-ITP-GSP2.my MIB usingthe getmany command may produce a traceback.Workaround: There is no workaround.CSCec79617ITP: various problems with summary routes and GTTSymptom:1. The show cs7 gtt map stat command shows Global Title Translation (GTT) maps stuck in a congested state.2. DescriptionCSCec44189Response to SST message contains wrong OPCSymptom: Nodes receiving subsystem status test messages (SST) from the IP Transfer Point (ITP) may ignore the status because the ITP obtains the Signaling Connection Control Part (SCCP) management messages (SCMG) from the primary local point code only.Workaround: There is no workaround.Additional ReferencesThe following sections describe the documentation available for the Cisco 2650, Cisco 2651, Cisco 2650XM, and Cisco 2651XM series routers. Typically, these documents consist of hardware and software installation guides, Cisco IOS configuration and command references, system error messages, feature modules, and other documents.
Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online on Cisco.com in pdf or html form.Use these release notes with the documents listed in the following sections:. Release-Specific DocumentsThe following documents are specific to Release 12.2. They are located on. Field Notices: Caveats for Cisco IOS Release 12.2. Platform-Specific DocumentsHardware installation guides, configuration and command reference guides, and additional documents specific to theCisco 2650, Cisco 2651, Cisco 2650XM, and Cisco 2651XM series routers are available on at the following location:Feature ModulesFeature modules describe new features supported by Cisco IOS Release 12.2 and are updates to the Cisco IOS documentation set. A feature module consists of a brief overview of the feature, benefits, configuration tasks, and a command reference.
As updates, the feature modules are available online only. Cisco Feature NavigatorCisco Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a particular set of features and which features are supported in a particular Cisco IOS image.
Cisco Feature Navigator is available 24 hours a day, 7 days a week.To use Cisco Feature Navigator, you must have a JavaScript-enabled web browser such as Netscape 3.0 or later, or Internet Explorer 4.0 or later. Internet Explorer 4.0 always has JavaScript enabled. To enable JavaScript for Netscape 3.x or Netscape 4.x, follow the instructions provided with the web browser. For JavaScript support and enabling instructions for other browsers, check with the browser vendor.Cisco Feature Navigator is updated when major Cisco IOS software releases and technology releases occur. You can access Feature Navigator at the following URL:Cisco IOS Software Documentation SetThe Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents. Documentation ModulesEach module in the Cisco IOS documentation set consists of one or more configuration guides and one or more corresponding command references. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality, and contain comprehensive configuration examples.
Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference.