Terminal Server Software Release Notes 9.0(5) 78-0914-05B0 March 22, 1993 This release note describe the features, modifications, and caveats for Software Release 9.0(5). Refer to the Terminal Server Configuration and Reference document set, dated April 1992, for complete product documentation for Release 9.0. Introduction This release note describes the following topics: * Publicly accessible files * Current software versions * Release 9.0 features * 9.0 software release caveats Publicly Accessible Files Cisco Systems maintains an online directory of documents that are available to customers over the IP Internet via the TCP File Transfer Protocol. This directory contains current Cisco Systems release notes in PostScript format and information and comments contributed by Cisco customers and engineers. To access these files, use the anonymous login convention. The files are located on host name ftp.cisco.com. Log in as user anonymous. When prompted for a password, enter your own electronic mail address. Cisco's FTP server does not accept directory listing requests from anonymous users; retrieve the README file for a list of available files. For security reasons, Cisco's FTP server will only accept anonymous connections from hosts listed in the reverse mapping database of the Internet domain name system. Customers with Cisco maintenance contracts are given access to Cisco's Customer Information Online (CIO) database. All release notes are available through CIO in .txt format. To request an account on CIO, send email to cs-rep@cisco.com or call 1-800-553-NETS. You will be sent a CIO Access Request Form to complete and return. When Cisco receives your request form, an account will be set up and you will be notified of the account name and password and given a copy of the CIO User Guide. Current Software Versions Refer to the Cisco Price List for the version number and ordering instructions for the current 9.0 software release. Release 9.0 Features This section describes the new functions and new features provided in Release 9.0. New Functions New functionality in Release 9.0 of the terminal server software includes the following features: * The terminal server supports the Flash Memory card system image storage and downloading feature with systems that have the MC+ card. This feature allows writing the system image to Flash memory for booting and system upgrades. Configuration commands that support this feature include: boot system rom EXEC commands that support this feature include: copy tftp flash copy flash tftp show flash [all] * An online Telnet help feature displays the list of special Telnet control sequences. * A new option was added to the buffers global configuration command that allows dynamic allocation of the buffer settings. The new option is as follows: buffers huge size number * Optional password verification feature is supported on TACACS logins. The new command that supports this feature is as follows: tacacs-server optional-password * A transport input feature now allows the system administrator to define the protocols to use to connect to a specific line. The new command that supports this feature is as follows: transport input [telnet|lat|pad|none] * The ability to connect to multiple X.25 interface is supported. Regular expressions are accepted for the X.121 address and Call User Data. New commands that support this feature are as follows: [no] x25 route [# position]x121-pattern [cud pattern] interface interface-name [no] x25 route [# position]x121-pattern [cud pattern] ip ip-address [no] x25 route [# position]x121-pattern [cud pattern] alias interface-name * Default SLIP addresses are supported on the slip address dynamic command. * Support is provided for extended Boot Protocol (BootP) requests in SLIP mode The new command that supports this feature is as follows: async-bootp tag [hostname] data ... * LAT access lists for specifying access conditions to LAT groups are supported. Regular expressions are accepted for LAT node names, to simplify configuration. The new command that supports this feature is as follows: lat access-list number {permit|deny} regular-expression * Font download is provided by means of the LAT protocol from DECwindows XRemote sessions, thereby allowing fully operational XRemote over LAT. * The translate command is enhanced. The swap keyword now allows X.3 parameters to be set by the host originating the X.25 call or by an X.29 profile. The unadvertised keyword prevents service advertisements from being broadcast to the network. The pvc keyword specifies that an incoming connection is actually a permanent virtual circuit. New Features New features in Release 9.0(1) of the terminal server software includes the following: * The Trivial File Transfer Protocol (TFTP) server now displays verbose messages during file transfer sessions to help you monitor TFTP sessions. * The terminal server supports protocol translation and the X.3 PAD functionality with appropriate software options on A and M chassis configurations. * The A chassis terminal server configuration supports the CSC/3 processor card for increased processing efficiency. Terminal Server Documentation Enhancements The Release 9.0 Terminal Server Configuration and Reference manual has undergone slight organizational changes to increase its usability and to include the protocol translation options. All user- related tasks and commands are now found in Chapter 3, "Terminal Server User Commands." The chapters are further divided into system configuration and management tasks and transmission protocol configuration and management tasks. The latter are written for a system administrator. Additional interface configuration information is included to support the Token Ring, SMDS, and frame relay media and the serial encapsulation methods available on the terminal server. In addition, a User Quick Reference booklet is available for Release 9.0 that provides quick reference to and examples of the EXEC user commands. The 5 x 8.5-inch booklet was designed as a portable quick reference for use in making connections and starting sessions on the terminal server. 9.0(5) Caveats The following items highlight unexpected behavior of the Cisco terminal server software that is not included in the 9.0(5) release documents. Cisco provides an internal reporting system for tracking modifications and caveats. For reference purposes, following the descriptions of the caveats, we provide the identification numbers from this internal reporting system. Unless otherwise noted, these caveats apply to all 9.0 releases up to and including 9.0(5). IP Host Mode Services * When a TCP connection has a closed window, packets containing valid ACKs are discarded if they also contain any data (since the data is outside of the window). The correct behavior is to continue to process the ACKs for segments with reasonable ACK values. This is especially a problem in the initial stages of a connection, when we send the SYN-ACK with a 0 window. If the ACK to our SYN contains data also, we will not process that ACK, and the connection never gets to ESTABLISHED state. [CSCdi05962] * A terminal server may experience large processing demands for a TCP connection on closure if the TCP protocol exchange for the close is unduly delayed. This was detected and traced in connection with Ciscos X.25-over-TCP implementation where X.25 caused the connection to linger in a half-closed state. The X.25 behavior was reported and fixed as bug report CSCdi05031. [CSCdi05515] * In some netbooting configurations, a client may have multiple interfaces that it could use to traffic data back and forth to the server while it is netbooting. The first thing a client will do if the server is not on the same physical wire as one of its interfaces is broadcast a request for a proxy-arp to get to the server. This is asking a neighbor to help him traffic to the server. Once a neighbor responds, data will be forwarded to the server. In some cases, a second neighbor might step and tell the client HE will act as the proxy-arp. When this happens, the client gets confused as his original path to the server has now changed. It is more common that two or more parallel IEEE media between the client and its only neighbor will also cause this to happen. This will most likely cause an error similar to below: Booting gs3-k.91 from 223.255.254.254: !O.OO.O.......... [timed out] [CSCdi07727] * Static routes that point to destinations reached via a route that has expired are not removed from the routing table. [CSCdi09564] * When initiating a TFTP read request, the system can generate TFTP packets with invalid UDP checksums. This only happens when the request is transmitted out an unnumbered interface. If the TFTP server has UDP checksumming enabled, TFTP read requests via the unnumbered interface will fail. Turning off UDP checksumming at the TFTP server, or restricting TFTP reads to numbered interfaces avoids this problem. [CSCdi09577] * When an interfaces encapsulation is changed via the configuration command encapsulation encapsulation-type, the change is not reflected by most network protocols until the next system reload. In many cases, the original encapsulation continues to be used by these protocols until the system is reloaded. The new encapsulation should take effect immediately. [CSCdi09619] * If a route is known to a network or subnet and a secondary address is configured on a down interface, and the secondary address matches the network or subnet in the routing table, the route will be replaced. The result is a connected route to a down interface. [CSCdi09845] * The system can refuse to allow the user to remove static ARP entries which were specified by the user, with the error message "Cant unset interface address". The system is wrongly confusing the user supplied ARP entry with the system generated ARP entries for its local network interfaces. The correct behavior is to allow the user to remove any ARP entries they added to the ARP table. This can happen when the user explicitly specifies an ARP entry for the local IP address of an interface on which ARP is not running. [CSCdi08523] IP Routing * Configuring RIP when there are no IP addresses in the terminal server will cause the RIP code to fail. The workaround is to remove and re-enter the RIP configuration after assigning an IP address. [CSCdi07765] Miscellaneous * It is possible for system reloads to occur when the nonvolatile configuration memory is manipulated from more than one terminal session. Only one terminal at a time should do commands from the set {show config, write memory (or write with no argument), write erase, config from memory}. [CSCdi03856] * Is it possible for the CPU utilization figures to be unreasonably high. In this case the a negative number will be displayed. [CSCdi05026] * A terminal line configured for flowcontrol will not successfully time out (due to a "session-timeout" configuration) if the line is XOFF at the time of the timeout. [CSCdi09310] * If a attempt is made to either write a read-only object or read a write-only object, the wrong error code is returned. [CSCdi09714] * The stopbits 1.5 command is never written to non-volatile RAM or to remote network configuration files, even for lines which have been configured using it. [CSCdi05124] Protocol Translation * When "login" is specified as an option in a translate command, the user will end up being queried for his password before any telnet option negotiation has been done. Frequently, this will result in echoing the password and double-echoing the username. [CSCdi04686] TN3270 * The Cisco tn3270 implementation partially implements transparent mode. It will pass data in the Yale transparent mode (also known as Series 1 mode), but it does not respond to the "Are you a series1?" query. Because of this, customers wishing to use kermit or other programs that use Yale transparent mode must explicitly tell the program that the controller is a series 1 type controller. For kermit, the command set controller series1 is given to the IBM mainframe kermit program. [CSCdi07845] Uncategorized Items * When receiving routed IP frames on a CSC-R16 or CSC-2R interface, the IP TTL field is decremented twice. This causes the terminal server to appear twice in a traceroute display. This is unexpected behavior of the SBEMON 3.0 and STRMON 1.0 interface firmware. It will be fixed in the next versions of this firmware, but has little user impact. [CSCdi05925] * When the connection for an MC+ flash/NVRAM card is moved between an CSC-2R interface and an MCI-type interface, the system may refuse to use any configuration previously stored in the MC+ card, reporting a configuration checksum error. [CSCdi04613] * With CSC-2R installed the system incorrectly shows 192K bytes of multibus memory. This does not affect the operational behavior. [CSCdi04813] Wide Area Networking * The terminal server does not support X.25 clear request packets which have facilities or call user data attached. These packets are neither accepted on connections terminating at the terminal server nor forwarded by the X.25 switching code. [CSCdi04048] * There is a race condition where if a show dialer command is issued after the idle timer expires, but before the call is disconnected, the output may show a large negative number. Issuing the show dialer command again will show the correct value. [CSCdi06415] * The x25 pvc bridge number interface command is not properly stored in the terminal server's configuration memory. [CSCdi06683] * Issuing a clear x25-vc command for a locally switched PVC or its interface will cause the PVC to be continually RESET. The PVC may be restored to operation by shutting down the interface and re- enabling it. [CSCdi07166] * Under unusual circumstances, a RESET of a Virtual Circuit may not properly discard all in-transit data. This may cause an additional RESET of the VC to occur. [CSCdi07811] * If a map configuration allows more than one VC (by use of the "nvc" option), X.25 only checks the first open VCs before attempting a new CALL. [CSCdi07867] * Under unusual circumstances, the clear x25-vc command may cause the terminal server to reload. [CSCdi06883] * When using a X.25 link between a Sun and a Cisco, if the Sun is configured to negotiated packet length or window size, and the Cisco has not the requested values as default values, and the Sun issues an X.25 call packet, then the Sun expects negotiated values in the call-confirm packet. This will result in X.25 virtual circuit resets. [CSCdi07608] * X.25 does not allow more than one byte of INTERRUPT data. [CSCdi07810] * The Cisco X.25 implementation allows both modulo 8 and modulo 128 Virtual Circuits to co-exist on the same interface; this is non-standard. [CSCdi07812] * The clear counters now also clears LAPB and X.25 counters. [CSCdi06880] * Fixed a problem in the x25 map ip ipaddr broadcast command. All x25 map commands must accept an X.121 address for association with each protocol address mapped to. In this case the broadcast was taken as an X.121 address incorrectly. This fix will force the config. to contain an X.121 address before the broadcast keyword is specified. Regarding the x25 map ip ipaddr broadcast command, all x25 map commands must accept an X.121 address for association with each protocol address mapped to. Rather than having the broadcast taken as an X.121 address incorrectly, the configuration will now contain an X.121 address before the broadcast keyword is specified. [CSCdi08630] * An incoming connection that operates via a translate command must pass BOTH any access-list configured for the vty that happened to be used AND the access-list specified in the "translate" command. The correct behavior is for the "translate" access list to override the vty access list. [CSCdi08824] 9.0(4) Caveats/9.0(5) Modifications This section describes possibly unexpected behavior by release 9.0(4). Unless otherwise noted, these caveats apply to all 9.0 releases up to and including 9.0(4). For additional caveats applicable to release 9.0(4), please see the caveats sections for newer 9.0 releases. The caveats for newer releases precede this section. All the caveats listed in this section are resolved in release 9.0(5). IP Routing * When a system is attempting to tftp boot, it may not know a route to the tftp server. If the system has multiple interfaces by which it might contact the tftp server, it can fail to continue to use the interface on which the tftp transfer was just established. The result is that the tftp boot attempt fails. The system should remember by means of its arp table the interface to use to reach the tftp server. Configuring the systems NVRAM so that it can only reach the server by one interface at boot time avoids this problem. [CSCdi09068] LAT * A LAT protocol translation session can fail to be destroyed properly under some circumstance when output is still in progress as the connection is closed by the remote LAT host. [CSCdi07506] * Run from ROM software (igs-kr or igs-bprx) may not properly advertise LAT services defined in the communication server or protocol translator. [CSCdi08837] Miscellaneous * If "enable use-tacacs" is configured without defining a "tacacs-server host", then ANY username/password combination will allow any user to enable. [CSCdi08070] * On terminal servers without NVRAM, part of the sequence used to determine IP addresses is to send a BOOTP request. The replies to these requests are being ignored. [CSCdi08893] * The lapb hold-queue interface subcommand is not properly stored in the terminal servers configuration memory. [CSCdi08957] * If a terminal server is configured with a username having an encrypted password of invalid format, it is possible that the unit will reload when someone tries to log in using that username. The only way to get an encrypted password is for the cisco unit to create it; users should not enter: username myname password 7 mypassword Since "mypassword" is not a valid format for a type 7 encrypted password. [CSCdi08805] Terminal Service * If a line is configured with session-timeout n output, the "output" part of the command will remain in effect even if a new session-timeout n command is given (without "output" specified). A workaround is to turn off the "output" part explicitly with a no session-timeout 0 ouput command. If a line is configured with session-timeout n output, the "output" part of the command will remain in effect even if a new session- timeout n command is given (without "output" specified). A workaround is to turn off the "output" part explicitly with a no session-timeout 0 ouput command. [CSCdi08625] 9.0(3) Caveats/9.0(4) Modifications This section describes possibly unexpected behavior by release 9.0(3). Unless otherwise noted, these caveats apply to all 9.0 releases up to and including 9.0(3). For additional caveats applicable to release 9.0(3), please see the caveats sections for newer 9.0 releases. The caveats for newer releases precede this section. All the caveats listed in this section are resolved in release 9.0(4). Interfaces and Bridging * Regarding multibus timeouts and RESETFAIL errors: Please note the linkage between the following system versions and the sbemon & strmon token ring firmware versions: FIRMWARE SYSTEM 8.3 SYSTEM 9.0 SYSTEM 9.1 ========= ========== ========== ========== sbemon 3.2 8.3(5.14) 9.0(3.1) 9.1(1.4) strmon 1.2 N/A 9.0(3) 9.1(1.4) It is the firmware that is linked to the system versions and will cause a crash if earlier systems are used. [CSCdi08087] * When a communication server line is configured for modem control and with a session timeout, the session timeout will not be honored if the line is running in SLIP mode. [CSCdi08562] IP Host Mode Services * TCP connections can exhibit long pauses in data delivery if the cisco is attempting to send data faster than the foreign host can use that data. This happens most often in cases of protocol translation, sdlc tunneling, remote source route bridging, and X.25 switching. TCP connections can exhibit long pauses in data delivery if the Cisco is attempting to send data faster than the foreign host can use that data. This happens most often in cases of protocol translation, SDLC tunneling, remote source route bridging, and X.25 switching. [CSCdi07964] * The system does not properly process RARP response packets received where these packets are responses for requests not initiated by the system. The system allows such packets to remain in the input queue, resulting in two user visible problems. First, the network interface input queue can fill up with RARP response packets, causing all subsequent packets destined for the system to be dropped. Second, the system fails to bridge these RARP response packets. The correct behavior is to bridge such packets in the case where the system is configured to bridge RARP packets, otherwise to ignore these packets. [CSCdi08651] * If the subnet mask is changed after a system has been operational, the new subnet mask will not be reflected in the IP routing table. A workaround is to reload the system after changing the subnet mask. [CSCdi05915] * While routing IP, if two ARP style interfaces have the same IP address and one of those interfaces is shut down, the wrong MAC address could get entered into the ARP table. The workaround is to remove the duplicate IP address from the shutdown interface with the no ip address interface subcommand. [CSCdi07036] Miscellaneous * show process memory can be inaccurate due to incorrect accounting of deallocated memory. [CSCdi07586] * The terminal server may experience a software error when the command show memory free is executed, and the command must pause for output at any time in displaying the results of the command. The workaround for this is to ensure that the output does not pause by using the command terminal length 0 before issuing the show memory free command. [CSCdi08368] * entering multiple logging buffered commands without an intervening no logging buffered command can cause meaningless output to be included in the output of the show logging command. [CSCdi08459] * Any attempt to query an unimplemented SNMP MIB variable will cause the system to return the snmpEnableAuthenTraps variable. The correct behavior is to indicate that the variable requested is not available, and this will be corrected in a future release. [CSCdi04806] * debug ? doesn't show serial options if only serial interface type is HSSI. [CSCdi07674] * sysLocation is read-only. As a workaround, the location can be set with the snmp-server location configuration command. [CSCdi07909] TN3270 * Keymaps are not currently parsed correctly. Each keymap consists of the name of the keymap, the terminal types to which it applies, and the various mappings. When parsing the terminal types, only the first one is read correctly. The result is that the keymap will only be selected when the users terminal type matches either the name of the keymap or the first terminal type in the keymap. This will be fixed by changing the software to correctly parse the terminal types in the keymap. [CSCdi05677] * The login-string configuration command is not correctly implemented for tn3270 connections. As currently implemented, it merely sends the ASCII text of the login-string to the host at the other end of the connection. This is fine for Telnet and Rlogin connections, but for tn3270 connections, the login-string must be passed through the tn3270 input path. The problem will be fixed by passing the login-string through the tn3270 input path on tn3270 connections. Additionally, two special escape characters have been added, %t for tab, and %m for carriage return. In order to place a tab in a login-string, one will enter %t. Likewise, one will use %m at the end of the login-string to achieve a carriage return, as normal telnet processing would send an undesirable line feed after the carriage return. [CSCdi08252] * Clear to end of line is currently done by writing spaces. This is very slow and can be painful on low-speed dialup lines. It will be fixed by using two attributes in the ttycap, ms: and cx:. If both attributes are in the terminals ttycap ciscos tn3270 implementation will use the clear to end of line command rather than sending spaces to the terminal. This will be the default behavior. Note that this may not be appropriate when a terminal is in underline mode. Removing the cx: attribute from the termcap will cause ciscos tn3270 to clear to the end of line by sending spaces. [CSCdi08441] Terminal Service * When tn3270 has a buffer of data to send which is exactly the same size as the packet that it is sending it in, the packet is sent without the TCP PUSH flag set. Some host implementations will not act on the data unless the TCP PUSH is set. Connections to these hosts can pause for the session timeout period. This will be fixed by having all tn3270 packets sent with the push flag set. [CSCdi08034] Wide Area Networking * Once enabled, disabling X.25 routing with the no x25 routing command does not disable X.25 call forwarding. [CSCdi06840] 9.0(2) Caveats/9.0(3) Modifications This section describes possibly unexpected behavior by release 9.0(2). Unless otherwise noted, these caveats apply to all 9.0 releases up to and including 9.0(2). For additional caveats applicable to release 9.0(2), please see the caveats sections for newer 9.0 releases. The caveats for newer releases precede this section. All the caveats listed in this section are resolved in release 9.0(3). Interfaces and Bridging * Terminal Server has problems netbooting when there are multiple paths to the remote tftp server. [CSCdi06088] * In a bridge environment ARP entries can be heard for a given node on either a FDDI or an Ethernet. If the node is on FDDI we should keep it there but due to a bug we will hear it on Ethernet later and force it to change which causes communications to not take place. [CSCdi07139] * When there is a single fiber break or the neighbor station sends constant halt line state(HLS), system CPU utilization will reach 100%. [CSCdi07682] * test interfaces command is not working. [CSCdi05977] * The terminal server software decrements the reset counter after some internally generated interface resets, e.g. after the "mac-address" command has been issued. There is no check to see if the reset counter is zero before decrementing it, thus it is possible to decrement the counter to a negative value. Because the value is always displayed as an unsigned positive number, it shows up as a number near 4294967295. [CSCdi06490] * It is possible for the terminal server to reload in the show controller token command. This can only happen if a CSC-R16 or CSC-R16M token ring card is in the reset state. [CSCdi06681] * When the Cisco terminal server receives a IEEE 802.2 TEST and XID frame that contains both a RIF field which indicates that the frame should traverse the Cisco terminal server, and a destination address which indicates the frame should terminate at the Cisco terminal server, the Cisco terminal server chooses to terminate the frame and reply to it, if needed. This is not in compliance with a strict definition of source-route bridging. This is a minor problem that has little, if any, actual functional impact in most source-bridged networks. This problem will be fixed in a future release. [CSCdi07722] * The terminal server will reload if the interface subcommand bandwidth is set to zero. [CSCdi05964] IP Host Mode Services * For the IGS platform, IP crc errors may occur when packets are sent using tcp header compression over a serial line. [CSCdi04783] * service tcp-keepalive only applies to terminal ports and VTYs. [CSCdi05905] * Issuing the command show ip route may cause a reload to occur. [CSCdi06011] * In some cases we are sending tftp ACK responses after an out of order packet has been received by a client while netbooting. If the server is busy, this is quite a possible event. Sending a second ACK response causes the client and server to get into an argument over what packet to send, and in many topologies it will fail. Common cases look like: !!!!!!.O.........[timeout] !!!!!!OOOOOOOOO!OOOOOOOOOO!OOOOOOOOOO!OOOO....[timeout] !!!!!!.!O...... [timeout] [CSCdi06319] * show traffic will display certain fields as negative numbers once the values wrap into the sign bit. [CSCdi06979] * The config command "no ip routing" only deletes the first of the defined static routes from the configuration, when in fact all of them should be deleted. [CSCdi07190] IP Routing * CSCdi05488 caused the terminal server to not send complete RIP updates to explicitly configured RIP neighbors. [CSCdi06285] * An exceedingly rare race condition with IGRP can cause the terminal server to reload. IGRP must simultaneously learn a new route while the routing table is being cleared. [CSCdi07276] * If extended access lists are used on an MCI, SCI or cBus interface, the IP route cache is enabled, and also the established keyword is used, it can be improperly evaluated. This can permit packets which should be filtered and exclude packets which should be permitted. This behavior was first introduced in 8.2. [CSCdi07901] Miscellaneous * Users are starting to find that they are running out of memory (seen by a "buffer overflow" message) on their csc3 processors when netbooting 9.1 images on top of 9.1 roms. Due to ciscos ever expanding software base, the csc3 does not hold enough memory to directly do this. As a work-around, users should try one of the following: 1) consider buying a csc4 which has 16Meg. 2) use the secondary bootstrap by putting a jumper in bit9 on their csc3. 3) netboot a compressed image. This will run just a fast once uncompressed. [CSCdi05751] * Configuring a location string longer than 69 characters can cause the system to reload. After configuring, the system prints out a message saying that the system was configured from and gives the location. If the location is greater than 69 characters in length, it can cause a system reload. The correct behavior would be to truncate the location string and will be implemented in a future release. [CSCdi07834] * The terminal server does not change the source address it uses for syslog messages after the address is no longer valid. The correct behavior is for a new address to be selected. A workaround is to reload the terminal server after a reconfiguration that has invalidated the address the terminal server was using to source syslog messages. [CSCdi04906] * Attempting a LAT connection to a line configured with an extended access list (access list of 100 or greater) will cause an error message to be generated and the connection to fail. [CSCdi05928] * On the 8.3, 9.0, and 9.1 releases, the Ethernet and serial interfaces on the IGS use larger buffers than is required if a Token Ring is configured in the system. This wastes shared (buffer) memory. On the 9.1 release, the Cisco 4000 also uses larger buffers than is required if a Token Ring Network Interface Module (NIM) is configured in the system. This problem will be fixed in a future release. [CSCdi07369] Wide Area Networking * An interface input queue may fill up and not recover if an X.25 provider in the RNR state receives and discards an I Frame and then violates the LAPB protocol by exiting from the RNR state with an RR instead of an REJ frame. The symptom is that the serial interface pauses indefinitely and ceases transmission. [CSCdi05957] * The X.25 PAD code will return a list of ALL X.3 parameters if we received an x.29 "read request" message with more than one parameter requested. This is improper, and will cause some X.25 implementations to clear the connection. The X.25 PAD code will return a list of ALL X.3 parameters if we received an x.29 "read request" message with more than one parameter requested. This is improper, and will cause some X.25 implementations to clear the connection. [CSCdi06432] * The error message and traceback: %X25-3-INTIMEQ Interface [chars], LCN [dec] already in timer queue, new time [dec] is used as a diagnostic aid; although an unexpected condition was detected and reported, the operation of the terminal server and the X.25 protocol are not affected. If this message is produced, contact Cisco Systems; include the text and traceback of this message as well as the information from the show version command. [CSCdi07238] * If a Virtual Circuit is established in order to forward a packet, the packet may not be forwarded immediately on receipt of the CALL CONFIRM. [CSCdi07560] * When a switch is re-configured to use a different DLCI to reach the same end address, the terminal server doesn't flush the "deleted" map entry and attempt to learn a new mapping. [CSCdi03757] * TCP header compression over X.25 does not work in the initial release of 9.0(1). [CSCdi03839] * The system does not reset the sequence counters used for the LMI keepalive information element when the LMI type is changed. This behavior occurs if the LMI type is changed (from Cisco to ANSI Annex D or vice versa) after the system has been in operation for some period of time. This behavior has no impact on operation but does not conform to the detail of the specification. [CSCdi07649] 9.0(1) Caveats/9.0(2) Modifications This section describes possibly unexpected behavior by release 9.0(1). Unless otherwise noted, these caveats apply to all 9.0 releases up to and including 9.0(1). For additional caveats applicable to release 9.0(1), please see the caveats sections for newer 9.0 releases. The caveats for newer releases precede this section. All the caveats listed in this section are resolved in release 9.0(2). Interfaces and Bridging * Very high average output rates can result in overflows in the computation of the five-minute data rates in the show interface display. This manifests itself as the appearance of nonsensically large values. [CSCdi04665] * Older HP probe clients (notably old versions of OfficeShare) require support for the "where is gateway" packet. This feature is not supported. [CSCdi04667] * When an IP packet with options and a time-to-live field of one is received on a fast-switching interface, the packet is erroneously treated as having an IP header checksum error. This is most noticeable when a "traceroute" program is being used with source-routing options. [CSCdi04830] * Specifying ring-speed 4 actually results in ring-speed 16 and vice versa. [CSCdi05224] * When issuing the command show interface token 0 the bia is displayed as 0000.0000.0000. The correct behavior is for the actual burned in address of the board to be displayed. [CSCdi05404] * If the frame relay map command is issued before the encapsulation frame relay command, then no action is taken. This is the correct behavior. So although no action is taken no error message is generated. Not generating an error message in this case was incorrect, an error message is now generated. [CSCdi04576] * The dialer fast-idle command ignores parameters. [CSCdi05002] IP Host Mode Services * Under some obscure conditions (TCP connection receives a RST packet while the connection is closing and we are waiting for data to go to the terminal) TCP does not release all buffers. Eventually this causes the interface input queue to fill up. The terminal server must be reloaded in order to clear up this condition. This problem is not so serious because the condition occurs infrequently. [CSCdi04957] * Under rare circumstances, it is believed to be possible for a proxy ARP reply to be processed incorrectly, resulting in incorrect entries in the ARP table. These entries will give valid MAC addresses for incorrect IP addresses. This behavior has never actually been observed in the field, and should occur only when the interface on which the original proxy ARP reply is received undergoes an up-to-down state transition immediately after the packet arrives. [CSCdi05169] * The success rate for the ping command may incorrectly report a low success if ping is run for a very long time. The counter containing the successful ping count overflows. [CSCdi05163] IP Routing * If a network broadcast address and a default subnet are configured, the cisco will erroneously route a network broadcast to the default subnet. This can lead to routing table instabilities. A workaround is to specify the broadcast address of 255.255.255.255. [CSCdi05052] * Attempts to create IP static interface routes through interfaces which do not have IP addresses assigned will fail. [CSCdi04898] * If two interfaces have the same IP address and one of them is shut down, the other interface will not respond to an IP ping. [CSCdi04913] * The no ip routing command does not stop IP routing processes. [CSCdi05157] * Configuring "ip route 0.0.0.0 Null 0" will result in the route showing up multiple times in the routing table. [CSCdi05754] * No IP flash routing updates are sent (with any routing protocol) when an interface is administratively shut down. This may result in connected terminal servers being slow to react to the loss of the newly shut-down path. [CSCdi05794] * ICMP Information requests do not cause entries to be made in the ARP table. Instead an ARP request is broadcast before sending the ICMP reply. This can cause problems with devices that need to learn the subnet portion of their IP address from the ICMP Reply. [CSCdi04328] * If an IP address is removed from an interface using the no ip address, all routes using that interface are deleted from the IP routing table. This is sometimes unnecessary when there is an additional path to the target. [CSCdi04396] LAT * Enabling debug lat-packet may cause a system reload to occur. [CSCdi05100] * Certain LAT error messages do not give sufficient data to actually tell what it wrong. In particular, the "% Reach limit of struct" message didn't give any indication of which struct was involved. [CSCdi05178] Miscellaneous * Under unusual circumstance when an SNMP packet is received some memory will be lost, over time this could use up all system memory. Two things must be true for this to happen; a bad community name is in the snmp request resulting in an authentication trap, and the snmp request must have over 14 variables in it. [CSCdi06309] * If a user connected via TELNET to a terminal server leaves the show process display at the "--more--" prompt, and the virtual terminal session idle timer expires, a system reload may occur. [CSCdi05633] * Setting the SNMP tsMsgIntervaltim variable to zero prevents any issuance of the message. The correct behavior is for the message to be issued at intervals decided by the system itself. [CSCdi04860] * Setup does not exit automatically when modem disconnect is detected. At this point the user must type control c to exit from setup. [CSCdi04940] * The protocol translation option of the IGS terminal server software fails to properly initialize the allowed transport outputs to include X.25 PAD service. This will result in messages of the form "% pad connections not permitted from this terminal" when a user attempts to create a PAD connection. Outgoing PAD connections configured via translate commands will operate correctly. A workaround is to configure the virtual terminals on the IGS to explicitly include the PAD capability by using the command transport output lat pad telnet. [CSCdi05115] * On very heavily loaded systems, the CPU utilization percentages given by the show process, and show cpu commands, and the interface utilization percentages given by the show interface command, may fail to decay properly, or may be displayed as impossible values. [CSCdi05168] * Any "authenticated" extended tacacs request will change the users access class (if the field is set in the packet, the tacacs server supplied leaves it 0 for everything except login and slip address). This should only happen for responses to login requests. [CSCdi05175] * Enabling debugging for the OSPF protocol may result in a loss of neighbors. This is caused by the logging process running at too high a priority. Note, logging messages may now be delayed due to this change in behavior. [CSCdi05202] * The command show flash is not currently supported on terminal servers and protocol translators. The command show flash is not currently supported on communication servers and protocol translators. [CSCdi05506] * When setup is used to configure a terminal server, the router igrp command is removed from the configuration file on reload. The workaround is to modify the configuration file by hand and add back the missing command. [CSCdi04641] TN3270 * This problem is caused by the IBM host sending a SET BUFFER ADDRESS command for a 132 column terminal. The IBM 3278-2 terminal (and ciscos implementation of tn3270) does not support 132 columns. In releases prior to 8.3(4), sending a SET BUFFER ADDRESS command that was out of range could cause the terminal server to pause indefinitely. [CSCdi05323] * Transparent mode is not supported. Applications that depend on the passthrough function of this mode will not work correctly. Some applications known to use this mode are kermit, SAS graphics stuff, and a serial printing application called TPRINT. [CSCdi04645] Terminal Service * Login strings do not work properly. If a connection is made to a host for which a login string has been defined, the login string is not sent, and a "bad login string" message is issued on the system console. There is no workaround. [CSCdi05791] Uncategorized Items * Under some circumstances, primarily involving a non-zero hold queue on an ethernet interface, the use of the HP probe feature may cause the terminal server to lose memory. [CSCdi05186] * ARP requests generated on FDDI by systems which are bridging IP are sent using the common FDDI SNAP encapsulation. Other systems on the FDDI ring will not bridge these packets onto Ethernets which may be connected to them, and ARP table entries will therefore never be learned for systems on those Ethernets. The correct behavior is to use the Ethernet-over-FDDI encapsulated bridging format for ARP packets generated on FDDI by units bridging IP. [CSCdi05482] Wide Area Networking * Attempting to issue a clear x25-vc command to remove idle X.25 SVCs may cause the terminal server to reload. [CSCdi05037] * On the IGS platform only, transparent bridging over Frame Relay does not work. [CSCdi05664] * With X25 TCP enabled, if data continues to be sent to a TCP connection in the CLOSEWAIT state after the X25 connection has been removed, then the terminal server may reload. [CSCdi05031] * When configured for ANSI ANNEX D frame relay, the terminal server incorrectly uses dlci 1023. This causes the line protocol to be declared down. The correct behavior is to use dlci 0. The workaround is to disable keepalives on a particular interface. [CSCdi05280] * If more than 22 parameter/value pairs are entered in an x29 profile command, memory will become corrupted, leading to a possible system failure. [CSCdi05307] * When an X.25 PAD connection receives an "indication of break" packet, that indication is not forwarded into the data stream of any possible outgoing connection. [CSCdi04908] * AppleTalk phase I fails to route over serial links configured for SMDS encapsulation. [CSCdi04914] * The show interface and show X25 vc commands did not indicate when the window at packet level(x25) and/or frame level(lapb) was closed. The show interface and show X25 vc commands have been modified to display this message "Window is closed" For the show x25 vc command the above message indicates the VC is packet is level flow controlled and the window is closed. For the show interface command the above message indicates the interface is frame level flow controlled and the window is closed. [CSCdi04981] * Issuing the command no dialer fast-idle incorrectly resets the dialer idle-timeout instead of the dialer fast-idle timeout. [CSCdi05041] * The OUI fields of outgoing SMDS packets may contain "random" data. This may interfere with communication with nodes that do very strict packet checking. The correct behavior is to zero these fields. [CSCdi05119] * X.25 virtual circuits over which no data have ever been sent are not closed when the configured idle time has passed. If any traffic whatsoever is sent over a virtual circuit, the idle timer will be applied thereafter. [CSCdi05123] * When a frame relay interface transitions from up to down and vice versa, the system variables are updated but no SNMP trap is generated. This is incorrect behavior. The correct behavior is to generate the SNMP trap. [CSCdi05198] * The no x25 facility throughput command does not work. There is no way to remove this facility. [CSCdi05217] * If more than one X25 facility is configured, and the x25 rpoa wan command is one of those facilities, then disabling the rpoa facility may cause the terminal server to reload. [CSCdi05219] * Additional calls cannot be made if all available VCs are open and the first VC is busy even if the remaining VCs are idle. The correct behavior is to check all VCs and not just the first one on the list. [CSCdi05374] * The frame relay encapsulation code doesn't correctly check the status of a DLCI. The result is that packets can be sent on a DLCI which the frame relay switch has indicated as deleted via the LMI messages. This problem shows up if a terminal server is misconfigured such that a mismatch exists between the terminal servers DLCI and those defined in the frame relay switch. The workaround is to configure the terminal server with the correct DLCIs. [CSCdi05481] * There are instances where the frame relay initialization does not clear the loopback flag. An interface will incorrectly report that it is in loopback if the interface is in loopback mode with HDLC encapsulation, then reconfigured for frame relay encapsulation without shutting down the interface. The workaround is to administratively shut the interface and then reinitialize it. [CSCdi05483] * If two no dialer commands are issued in a row, there is a high probability that the terminal server may reload. [CSCdi05594] XRemote * XDM will not allow a user to abort a session being set up (with the ^x sequence) once a host has been selected. This can cause the session to hang if the TCP connection to actually start the session is never made. [CSCdi05184] This document is to be used in conjunction with the Protocol Translator Configuration and Reference publication. ciscoBus, Cisco Systems, CiscoWorks, CxBus, Netscape, The Packet, and SMARTnet are trademarks, and the Cisco logo is a registered trademark of Cisco Systems, Inc. All other products or services mentioned in this document are the trademarks, service marks, registered trademarks, or registered service marks of their respective owners. Copyright © 1993, Cisco Systems, Inc. All rights reserved. Printed in USA. *