Mailing List Archive

Hi Jamie,

I would probably recommend going to 12.3 mainline. On the 5300, a
concern I might have there is this widely encountered but never really
figured out bug:

CSCei63851
Externally found moderate defect: Unreproducible (U)
mica modems randomly marked as bad in any version afer 12.3(6)

So 12.3(6f) might be a good call for a 5300 (this also affects 36/3700
with MICA.) Allegedly this CSCei63851 problem is also not seen in
12.3(17a) and above, so 12.3(17b) or 12.3(18) might also be OK.

As far as your Tacacs+ problem with anything beyond 12.2(2)XA5 ... your
issue likely has to do with the fact that we did a complete rewrite of
the AAA subsystem ("Papapa") in 12.2(4)T. There should be virtually no
user-visible behavior difference (other than better performance), but
there are some corner-case changes (typically having to do with security
holes being patched.) You should not have lost any compatibility,
although perhaps some reconfiguration may be necessary.

The "reference" Tacacs+ server is to be found at
ftp://ftpeng.cisco.com/pub/tacacs/ .

Cheers,

Aaron

------------------------------------------------------------------------

>
> Hi,
> I have a 5300 and 2 5350s that have been running the same version
> of IOS and SPE code for quite some time (12.2(2)XA5 and 0.7.9.0
> respectively). I believe the SPE code came bundled with the IOS.
> We've stayed with this version as we have a home grown version of
> TACACS+ and moving to anything newer broke TACACS+. It's been quite
> stable however, I've been informed that we're making mods. to our
> TACACS+ as it's moving to a new platform so now would be a good time
> to upgrade our a-server IOS as well. Any recommendations?
>
> Also....I'm told that there was some sort of TACACS+ reference server
> on the TAC web-site that we used to be able to look at. It was used
> as the base for our customized TACACS+ code. Does any such thing
> still exist?.......haven't been able to locate it if it does.
>
> ............thanks in advance...................Jamie
>
>
> James Savage York University
> Senior Communications Tech. 108 Steacie Building
> jsavage@yorku.ca 4700 Keele Street
> ph: 416-736-2100 ext. 22605 Toronto, Ontario
> fax: 416-736-5701 M3J 1P3, CANADA
> ------------------------------------------------------------------------
>
> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
>

_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas

We had some issues with the DS0 counters (sh contr e1 call) on the last 12.3 we tried. This also
affected our snmp graphs of active calls (cpmDS1ActiveDS0s).
12.3(18.8) seems to solve the problem, so it might be a good idea to wait for 12.3(19), if you need
this kind of monitoring.

Aaron Leonard wrote on 30/3/2006 9:30 ìì:
> Hi Jamie,
>
> I would probably recommend going to 12.3 mainline. On the 5300, a
> concern I might have there is this widely encountered but never really
> figured out bug:
>
> CSCei63851
> Externally found moderate defect: Unreproducible (U)
> mica modems randomly marked as bad in any version afer 12.3(6)
>
> So 12.3(6f) might be a good call for a 5300 (this also affects 36/3700
> with MICA.) Allegedly this CSCei63851 problem is also not seen in
> 12.3(17a) and above, so 12.3(17b) or 12.3(18) might also be OK.
>
> As far as your Tacacs+ problem with anything beyond 12.2(2)XA5 ... your
> issue likely has to do with the fact that we did a complete rewrite of
> the AAA subsystem ("Papapa") in 12.2(4)T. There should be virtually no
> user-visible behavior difference (other than better performance), but
> there are some corner-case changes (typically having to do with security
> holes being patched.) You should not have lost any compatibility,
> although perhaps some reconfiguration may be necessary.
>
> The "reference" Tacacs+ server is to be found at
> ftp://ftpeng.cisco.com/pub/tacacs/ .
>
> Cheers,
>
> Aaron
>
> ------------------------------------------------------------------------
>
>> Hi,
>> I have a 5300 and 2 5350s that have been running the same version
>> of IOS and SPE code for quite some time (12.2(2)XA5 and 0.7.9.0
>> respectively). I believe the SPE code came bundled with the IOS.
>> We've stayed with this version as we have a home grown version of
>> TACACS+ and moving to anything newer broke TACACS+. It's been quite
>> stable however, I've been informed that we're making mods. to our
>> TACACS+ as it's moving to a new platform so now would be a good time
>> to upgrade our a-server IOS as well. Any recommendations?
>>
>> Also....I'm told that there was some sort of TACACS+ reference server
>> on the TAC web-site that we used to be able to look at. It was used
>> as the base for our customized TACACS+ code. Does any such thing
>> still exist?.......haven't been able to locate it if it does.
>>
>> ............thanks in advance...................Jamie
>>
>>
>> James Savage York University
>> Senior Communications Tech. 108 Steacie Building
>> jsavage@yorku.ca 4700 Keele Street
>> ph: 416-736-2100 ext. 22605 Toronto, Ontario
>> fax: 416-736-5701 M3J 1P3, CANADA
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> cisco-nas mailing list
>> cisco-nas@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nas
>>
>
> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas

Hey,

We recently found out that 12.3(17a) has been DF and not recommended for
release any longer. You would need to look at the (17b) release or move up
into 12.3(18). We're currently in the VERY early phase of testing against
the (18) release in our LAB.

Charles

At 12:30 PM 3/30/2006, Aaron Leonard wrote:
>Hi Jamie,
>
>I would probably recommend going to 12.3 mainline. On the 5300, a
>concern I might have there is this widely encountered but never really
>figured out bug:
>
>CSCei63851
>Externally found moderate defect: Unreproducible (U)
>mica modems randomly marked as bad in any version afer 12.3(6)
>
>So 12.3(6f) might be a good call for a 5300 (this also affects 36/3700
>with MICA.) Allegedly this CSCei63851 problem is also not seen in
>12.3(17a) and above, so 12.3(17b) or 12.3(18) might also be OK.
>
>As far as your Tacacs+ problem with anything beyond 12.2(2)XA5 ... your
>issue likely has to do with the fact that we did a complete rewrite of
>the AAA subsystem ("Papapa") in 12.2(4)T. There should be virtually no
>user-visible behavior difference (other than better performance), but
>there are some corner-case changes (typically having to do with security
>holes being patched.) You should not have lost any compatibility,
>although perhaps some reconfiguration may be necessary.
>
>The "reference" Tacacs+ server is to be found at
>ftp://ftpeng.cisco.com/pub/tacacs/ .
>
>Cheers,
>
>Aaron
>
>------------------------------------------------------------------------
>
> >
> > Hi,
> > I have a 5300 and 2 5350s that have been running the same version
> > of IOS and SPE code for quite some time (12.2(2)XA5 and 0.7.9.0
> > respectively). I believe the SPE code came bundled with the IOS.
> > We've stayed with this version as we have a home grown version of
> > TACACS+ and moving to anything newer broke TACACS+. It's been quite
> > stable however, I've been informed that we're making mods. to our
> > TACACS+ as it's moving to a new platform so now would be a good time
> > to upgrade our a-server IOS as well. Any recommendations?
> >
> > Also....I'm told that there was some sort of TACACS+ reference server
> > on the TAC web-site that we used to be able to look at. It was used
> > as the base for our customized TACACS+ code. Does any such thing
> > still exist?.......haven't been able to locate it if it does.
> >
> > ............thanks in advance...................Jamie
> >
> >
> > James Savage York University
> > Senior Communications Tech. 108 Steacie Building
> > jsavage@yorku.ca 4700 Keele Street
> > ph: 416-736-2100 ext. 22605 Toronto, Ontario
> > fax: 416-736-5701 M3J 1P3, CANADA
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > cisco-nas mailing list
> > cisco-nas@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nas
> >
>
>_______________________________________________
>cisco-nas mailing list
>cisco-nas@puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nas


_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas