The Remote Access to Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) solution integrates dial, Digital Subscriber Line (DSL), and cable remote access technologies into an MPLS VPN. For more information about the Remote Access to MPLS VPN integration solution, refer to the Cisco Remote Access to MPLS VPN Integration 2.0 Overview and Provisioning Guide:

http://www.cisco.com/univercd/cc/td/doc/product/vpn/solution/rampls2/ovprov/index.htm

The documentation set also includes:

Troubleshooting Cisco Remote Access to MPLS VPN Integration 2.0:

http://www.cisco.com/univercd/cc/td/doc/product/vpn/solution/rampls2/trblsht/index.htm

Cisco Remote Access to Multiprotocol Label Switching Virtual Private Networking 1.0 Release Notes:

http://www.cisco.com/univercd/cc/td/doc/product/vpn/solution/rampls/ravpnrn.htm

About the FOA Release Schedule

These release notes apply to the first office availability (FOA) 1 release of the solution.

Internal testing is in progress for additional features and platforms upcoming in FOA2 and FOA3, which are summarized below. New architectures, features, and platforms in this release are described in "New In This Release".

Upcoming in FOA2

New architecture:
- Support for large-scale dial-out (LSDO) remote access to MPLS VPN integration.
New features:
- The RADIUS framed route attribute will be VRF aware.
- On-demand address pools (ODAP), allowing a central server, either a RADIUS server (AR) or DHCP server (CNR) to manage a block of addresses for each customer.
- Option 82 for DSL routed bridge encapsulation remote access.
New platforms for DSL routed bridge encapsulation remote access:
- Cisco 7500
- Cisco MGX 8850 with route processor module (RPM-PR)

Upcoming in FOA3

New feature:
- Per VRF AAA. Per VRF AAA allows the service provider to partition AAA services based on VRF, eliminating the need for proxy AAA. The VHG/PE is able to communicate directly with an AAA RADIUS server associated with the user's VPN.

System Requirements

The hardware and software components required depend on the remote access architecture you are implementing. This section lists the various architectures supported in this release, followed by the hardware and software requirements for each one.

For more detailed requirements for your particular implementation, please contact your account system engineer.

This release of Remote Access to MPLS VPN Solution supports the following architectures:

Dial-in to MPLS VPN integration with multilink PPP
- L2TP dial-in
- Direct ISDN PE dial-in
Dial-out to MPLS VPN integration
- L2TP dial-out
- Direct ISDN PE dial-out
L2TP dial-in backup
DSL RFC 1483 to MPLS VPN integration
DSL RFC 1483 routed bridge encapsulation (RBE) to MPLS VPN integration
DSL Remote Access PPPoX with Service Selection Gateway (SSG) to MPLS VPN integration
DSL Remote Access PPPoX to MPLS VPN integration
DSL L2TP to MPLS VPN integration
Cable CPE (DOCSIS 1.0 SID) to MPLS VPN Integration

Hardware and Software Requirements for Dial Architectures

Hardware and Software Requirements for L2TP Dial Architectures

This section describes hardware and software requirements for L2TP dial-in (including dial backup), and dial-out architectures. All L2TP dial architectures require both a virtual home gateway/provider edge router (VHG/PE) and a network access server (NAS).

Virtual Home Gateway/Provider Edge Platforms

The platform requirements for the VHG/PE are listed in Table 1.

Table 1: Network Access Servers, IOS Release, and Memory Requirements

Platform	IOS Release	Flash Memory Recommended	DRAM Memory Recommended

For dial-in and dial-out
Cisco 7200 NPE-300/NPE-400 series routers	12.2(8)T or higher	20 MB	256 MB
For dial-in only
Cisco 6400 NRP1/NRP2 universal access concentrator	12.2(2)B3 or higher	16 MB	128 MB
Cisco 7500 RSP4 and RSP8 series routers	12.2(8)T or higher	16 MB	256 MB

Network Access Server Platforms

The platform requirements for the NAS are listed in Table 2.

Table 2: Network Access Servers, IOS Release, and Memory Requirements

Platform	IOS Release	Flash Memory Recommended	DRAM Memory Recommended

For dial-in and dial-out
Cisco 36x0 series router Cisco 3640 series router: 60 ISDN ports or 48 POTS ports Cisco 3660 series router: 120 ISDN ports or 96 POTS ports	12.2(8)T or higher	16 MB 16 MB	128 MB 256 MB
For dial-in only
Cisco AS5300 universal access server: up to 8 T1/E1/ISDN PRI interfaces (up to 192/240 ports)	12.2(6) or higher	16 MB	128 MB
Cisco AS5400 universal access server	12.2(6) or higher	32 MB	256 MB
Cisco AS5800 universal access server: up to 48 T1/E1/ISDN PRI interfaces (up to 1152/1440 ports) or up to two T3 interfaces (up to 1344 ports)	12.2(6) or higher	16 MB	256 MB

Hardware and Software Requirements for Direct ISDN PE Dial Architectures

This section describes hardware and software requirements for direct ISDN PE dial-in and dial-out architectures, where a single router serves as network access server and provider edge router (NAS/PE).

Network Access Server/Provider Edge Platforms

The platform requirements for the NAS/PE are listed in Table 3.

Table 3: Network Access Servers, IOS Release, and Memory Requirements

Platform

IOS Release

Flash Memory Recommended

DRAM Memory Recommended

Cisco 36x0 series router

Cisco 3640 series router: 60 ISDN ports or 48 POTS ports
Cisco 3660 series router: 120 ISDN ports or 96 POTS ports

12.2(8)T or higher

16 MB

128 MB

256 MB

Cisco 7200 NPE-300/NPE-400 series routers

12.2(8)T or higher

20 MB

256 MB

Hardware and Software Requirements for DSL Architectures

Platform requirements for DSL architectures are listed in Table 4.

Table 4: Platforms, IOS Release, and Memory Requirements

Platform	IOS Release	Flash Memory Recommended	DRAM Memory Recommended

Cisco 6400 NRP1 universal access concentrator	12.2(3)B3 or higher	16 MB	128 MB
Cisco 6400 NRP2 universal access concentrator	12.2(3)B3 or higher	16 MB	512 MB
Cisco 7200 NPE-300 series routers	12.2(8)T or higher	20 MB	256 MB
Cisco 7200 NPE-400 series routers	12.2(8)T or higher	20 MB	512 MB
Cisco MGX 8850 with route processor module (RPM-PR)	12.2(8)T or higher	16 MB	512 MB

Hardware and Software Requirements for Cable Architecture

Platform requirements for cable architecture are listed in Table 5.

Table 5: Virtual Home Gateway, IOS Release, and Memory Requirements

Platform	IOS Release	Flash Memory Recommended	DRAM Memory Recommended

Cisco uBR7246 VXR with NPE-300 processor	12.1(10)EC or higher	16 MB	512 MB

Determining Software Versions

Cisco IOS

To determine the version of Cisco IOS software currently running, log in to the router and enter the show version EXEC command. The following sample output from the show version command indicates the version number on the second output line:

Router> show version

Cisco Internetwork Operating System Software 
IOS (tm) 12.1 Software c5300-i-mz, Version 12.2(5), RELEASE SOFTWARE

New In This Release

This FOA1 release adds support for new remote access architectures, new platforms, and new features. See "About the FOA Release Schedule" for features that will be included in subsequent FOAs.

New Remote Access Architectures

This release adds support for the following remote access architectures:

Dial-in to MPLS VPN integration, with multilink PPP
- Direct ISDN PE dial-in
Dial-out to MPLS VPN integration
- L2TP dial-out
- Direct ISDN PE dial-out
L2TP dial-in backup
DSL RFC 1483 routed-bridge encapsulation (RBE) integration (with the Cisco 7200 and Cisco 6400 series routers)

For an explanation of these architectures, refer to the Cisco Remote Access to MPLS VPN Integration 2.0 Overview and Provisioning Guide:

http://www.cisco.com/univercd/cc/td/doc/product/vpn/solution/rampls2/ovprov/index.htm

In addition, testing has verified DSL Release 1 remote access MPLS VPN integration with quality of service (QoS) for the Cisco 7200 NPE-300 and NPE-400 and Cisco MGX 8850 RPM-PR platforms.

New Platforms

This release adds support for the following new platforms:

New VHG/PE platforms supported for L2TP dial architectures:
- Cisco 6400 NRP2
- Cisco 7200 NPE-400
- Cisco 7500 RSP8
New NAS/PE platforms supported for direct ISDN PE architectures:
- Cisco 7200 NPE-300 and NPE-400
- Cisco 36x0
New platform supported for DSL architectures:
- Cisco MGX 8850 with route-processor module (RPM-PR)

New Features

Table 6 summarizes the new features provided in this release. For a description of the features, refer to the Cisco Remote Access to MPLS VPN Integration 2.0 Overview and Provisioning Guide:

http://www.cisco.com/univercd/cc/td/doc/product/vpn/solution/rampls2/ovprov/index.htm

Table 6: New Features in the Cisco Remote Access to MPLS VPN Solution

Feature	Used With These Architectures	Platform	Cisco IOS Release Introduced In

Multilink PPP	Dial: L2TP dial-in and dial-out, direct ISDN PE dial-in and dial-out, L2TP dial backup	Cisco 6400	12.2(2)B2 or higher (dial-in only)
		Cisco 7200	12.2(8)T or higher
		Cisco 7500	12.2(8)T or higher (dial-in only)
Multichassis Multilink PPP	Dial: L2TP dial-in and dial-out, direct ISDN PE dial-in and dial-out, L2TP dial backup	Cisco 7200	12.2(8)T or higher
Multichassis Multilink PPP		Cisco 7500	12.2(8)T or higher (dial-in only)
Dial-on-demand routing (DDR)	Dial-out architectures	Cisco 7200	12.2(8)T or higher
Use of VPNSC 2.1 templates for provisioning	DSL architectures	—	—

Caveats

FOA1 supports Cisco IOS Release 12.2(8)T.

Note Please note that later rebuilds (12.2(8)T1, 12.2(8)T2, and so forth) are functionally equivalent and may resolve critical caveats listed below. We recommend that you use the latest 12.2(8)T rebuild available.

Open Caveats To Be Resolved in FOA2

In the next release of Remote Access to MPLS VPN Integration (FOA2), the supported IOS version, IOS 12.2(11)T, resolves the caveats listed in this section.

CSCdw82397

Small ping packets on the VHG/PE are dropped with ISL turned on. pings from a remote access to MPLS VPN dial in PPP session with a packet size \> 40 bytes get a response but small ping packets between 36 and 40 bytes do not get a response packet back from the remote PE/CE IP destination. The reply packet is dropped when the tagged packet is received on the VHG/PE and should be sent out to a LAC via L2TP. To reproduce the problem, the interface on the VHG/PE used to connect to the LAC must be configured to use a second layer encapsulation like ISL when sending out the L2TP packets. There is no problem when ISL encapsulation is not used.

With debug mpls packet on on the VHG/PE, small ping packets have no problem. There is also no problem with MLPPP on the PPP sessions.

Workaround:

1) Enable debug mpls packet on the VHG/PE.

2) Enable multilink PPP on the PPP session.

3) Configure no ISL encapsulation in the L2TP packet being sent from the VHG/PE to LAC.

CSCdw91279

(Resolved in 12.2(8)T1) In 12.2(5.7)T and later, a Cisco router acting as an L2TP access concentrator or L2TP network access server may fail to process valid L2TP ZLB (Zero Length Block) Acknowledgement packets. This can cause sessions and tunnels to drop. This caveat applies to the VPN, not to remote access integration.

CSCdx20920

Crash when testing L2TP dial-out using dialer profiles under medium load. Calls are set up at a rate higher than 2 calls per second. Executing commands such as show run may crash the router at an even lower call rate.

CSCdu61920

DSL: The Cisco MGX 8850 RPM-PR configured as a VHG/PE is dropping packets. With the traffic rate through the RPM-PR at a minimun, the RPM was process switching packets even with CEF switching configured. The problem was resolved by disabling and re-enabling CEF on the RPM-PR.

Workaround: Disable then re-enable CEF globally on the RPM-PR.

CSCdw52946

The IP background task removes a newly IPCP installed route: When a user attempts to dial back in to a remote access MPLS VPN service for L2TP dial-in to either a VHG/PE router or a direct dial-in NAS/PE router, call setup is successful but data cannot be transferred because the virtual access interface is removed from the routing table after the call is set up.

There is no workaround.

CSCdw60489

(duplicate of CSCdw10495; resolved in 12.2(8.5)T) Dial MMP: Spurious memory access in ipfib_pas_fs_tag with SGBP.

CSCdw63402

(Resolved in 12.2(8.5)T) When MLP over ATM (MLPoATM) is configured on an MPLS VPN, packets that are not encapsulated by MLP are dropped on the input side. This condition occurs if the virtual access interface is placed into the VPN routing/forwarding instance (VRF) using RADIUS attributes.

Workaround: Select the VRF by configuring the virtual template using the ip vrf forwarding interface configuration command.

CSCdw89965

An MPLS router that has several VPN or IP version 4 (IPv4) border gateway protocol (BGP) routes may experience a memory leak if the route to the BGP neighbor flaps. The memory leak is about 100 bytes per BGP route for each route flap. High memory consumption in the output of the Tag Forwarding Information Base (TFIB) of the show memory summary tfib EXEC command is an indication of the presence of a memory leak.

CSCdw89981

Memory leak in process "PPP IPCP". Occurs when using AAA per user attributes.

CSCdw91157

(Duplicate of CSCdw10495; resolved in 12.2(8.5)T) While bringing up L2TP sessions on Cisco 7500 router running 12.2(8)T version, the LAC may fail establish connection with LNS.

CSCdx05656

(Resolved in 12.2(9)T) When the "peer default ip address dhcp-pool" command is cloned on a virtual-access interface via aaa per user settings (command defined in the cisco av-pair RADIUS record), the parsing of this command on the virtual-access interface generates the following output:

%Using local DHCP VRF pools for address-pooling.

For the parsing process this informational message is deadly as this gets interpreted as an error generated by applying this command...

Mar 13 14:13:08.292: Vi1 VTEMPLATE: ************* CLONE VACCESS1 ***************

Mar 13 14:13:08.292: Vi1 VTEMPLATE: Clone from AAA

ip vrf forwarding V1.35.com

ip unnumbered Loopback35

peer default ip address dhcp-pool

end

Mar 13 14:13:08.304: Vi1 VTEMPLATE: Messages from (un)cloning ...

%Using local DHCP VRF pools for address-pooling.

Mar 13 14:13:08.308: VTEMPLATE: Receiving vaccess request, id 0x63EA3478, result

Mar 13 14:13:08.308: VP: Vaccess creation unsuccessful \<\<\<\<\<

Mar 13 14:13:08.328: Vi1 PPP: Phase is TERMINATING

Resolved Caveats - Cisco IOS Release 12.2(8)T

CSCdt77557

A Cisco 7500 series router may produce spurious access messages in rsp_ipfib_feature_switch and rsp_ipfib_flow_switch. These messages occur only in centralised RSP-based CEF. They may cause a higher CPU usage than expected.

CSCdt82370

(Duplicate of CSCdt78572) In MMP or MLP L2TP dial-in MPLS-VPN, one cannot ping to the loopback interface in the VRF on the VHG/PE router because reply echo packets are not routable. No workaround.

CSCdu36397

(Duplicate of CSCdp86381) Dial: Memory leak in MLP.

CSCdv05421

When no ip route-cache cef is configured on the virtual-template for the LNS and several tens of thousand packets per second are sent downstream (toward the LAC), packets are dropped at the LAC and the "show controller" command shows an increase in the rx_no_buffer counter.

Workaround: configure ip route-cache cef (the default).

CSCdv43029

(Duplicate of CSCdt97779 ) Traceback messages are observed on an L2TP Network Server (LNS) and on an L2TP access concentrator (LAC) after 2000 sessions and 2000 tunnels are brought up. This is a minor problem, because no session or tunnels drops were observed as a result of these traceback messages.

CSCdv46738

(Duplicate of CSCdw00924 ) When MLP over ATM (MLPoATM) is configured on a Cisco 7200 Route Processor Module (RPM) along with Fancy Queuing and link fragmentation and interleaving (LFI), the output may pause indefinitely and performance may degrade.

Workaround: To prevent the packets from getting queued and stuck at the weighted fair queuing (WFQ) queue, avoid congesting the link.

CSCdv32799

(Duplicate of CSCdt83679) DSL RBE: Unable to pass traffic with RBE with a 28 bit mask.

CSCdv57640

(Resolved in 12.2(9)T) When a virtual-template interface is configured for IP virtual routing and forwarding (VRF) in L2TP dial-in, only about 50 percent of the data packets pass across the tunnel.

Workaround: Disable the ip route-cache cef as well as "ip route-cache" interface configuration commands on the virtual template interface to allow all packets to go through the process-switching. This also fixes the problem with Vaccess counters, observed after CSCdw01642. The problem was that the counters on the Vaccess interfaces used for L2TP sessions (on the LAC and LNS) showed wrong values. That happened only when IP CEF was enabled on high end routers.

CSCdu42456

(Duplicate of CSCdt59038) When MLPoATM is configured, the VC may experience throughput problems and very low link utilization.

CSCdu62885

(Duplicate of CSCdu62885) When RSP is used with MLP, an access alignment error occurs causing a performance problem.

CSCdw49172

(Duplicate of CSCdw45057) In L2TP dial-in, IPCP is rejected because of a AAA problem. Authentication does not start and IPCP is rejected from the VHG/PE. The same test was done without aaa new-model and passed. Direct dial-in works.

CSCdw45491

When RADIUS user profiles contain an "ip:route" VSA which itself contains VRF information, the route is parsed incorrectly. This leads to an error when the route is applied, and causes the call to go down.

CSCdw23475

Subnet allocation option is sent by the DHCP client when it is requesting a subnet from the DHCP Server(ODAP). This option is being sent properly by the client when in SELECTING, REQUESTING or RENEWING states, but not sent when the client is in REBINDING state. This can be checked by enabling "debug dhcp detail" in the client.

CSCdv64583

Spurious memory access might occur on SGBP offload server on.

CSCdv70150

In L2TP dial-out, data packets are transmitted with incorrect encapsulation. This behavior occurs if MLP is not configured on a VHG/PE router that supports MPLS VPN.

CSCdw45622

In L2TP dial-out, returned data may be corrupted.

CSCdv41786

Crash in rsp_optimum_tagswitch accessing null taginfo: A 7500 router running non distributed MPLS may reload when per packet loadsharing is configured. The reload is likely to happen in MPLS VPN environments. This is suspected to be a duplicate of CSCdt04761.

CSCdt04761

MPLS VPN: router crashes when the IGP/LDP label is unavailable.

CSCdv37118

A Cisco router that is running Cisco IOS Release 12.2(3) and that is configured with MPLS, MLP, CEF may record spurious memory accesses and log the following messages:

Router# show log

%ALIGN-3-SPURIOUS: Spurious memory access made at 0x60D8382C reading 0x0

%ALIGN-3-TRACE: -Traceback= 60D8382C 603CC6EC 6035DB70 00000000 00000000

00000000 00000000 00000000

%ALIGN-3-TRACE: -Traceback= 60D8382C 603D111C 6035DB70 00000000 00000000

00000000 00000000 00000000

Router# show align

Alignment data for: RSP Software (RSP-JSV-M), Version 12.2(3), RELEASE SOFTWARE

(fc1) Compiled Wed 18-Jul-01 22:17 by pwade No alignment data has been

recorded.

Total Spurious Accesses 42987261, Recorded 39

Address Count Traceback 0 51527 0x60E6EE50 0x603BB440 0x6035DB70 0 63069

0x60E6F544 0x603BB440 0x6035DB70 0 29961 0x60E6F544 0x603C9A78 0x6035DB70 0

60000 0x60E6F544 0x603C01D0 0x6035DB70 0 62938 0x60E6F544 0x603C4CE4

0x6035DB70

The effect on the router is poor performance and high CPU utilization, even when there is little traffic.

CSCdv36038

ppp_fixup required() does not support multiple fixups for interface: In Cisco IOS Release 12.2 T, Cisco Express Forwarding (CEF) may not function properly with PPP over L2TP in dial-out environments.

Resolved Caveats - Cisco IOS Release 12.2(7)T

CSCdw04203

(Duplicate of CSCdt30297; resolved in 12.2(6.7)T) per user static route is not being added to the VRF routing table. Debugging a working setup on the VHG/PE with 12.2(2.5)T shows that the av pair is accepted, whereas in the same setup with 12.2(4)T on the VHG/PE it is not. With 12.2(4)T, there is no debugging info that shows that the route is implemented into the routing table (debug ip routing vrf V1.1.com):

In 12.2(2.5)T:

Nov 23 12:58:31.730: RT(V1.1.com): add 172.21.104.64/29 via 42.1.1.10, static metric [1/0]

In 12.2(4)T this debugging is not present, nor are there any errors seen. The configuration is the same as on 12.2(2.5)T, so no errors were expected.

CSCdw49355

In dial-out, the MLP header is not added with the MPLS packet.

CSCdv68767

The CEF "receive" entry may not be created in the VRF instance for an imported secondary IP address, causing difficulties in pinging this secondary IP address in the VRF instance. There is no workaround.

CSCdv38127

A Cisco router that is using MLP, VPDN MPLS and has keepalives enabled may reload when the router is attempting to bring up the second link.

Workaround: Disable keepalives.

Resolved Caveats - Cisco IOS Release 12.2(6)T

CSCdv46484

(Duplicate of CSCdv54349; resolved in 12.2(5.7)T) When using the configuration command aaa authentication ppp default local group radius, if a user name does not exist locally on the router, the system does not fail over to the RADIUS AAA server to look up the user name.

Workaround: Use the configuration command aaa authentication ppp default group radius.

CSCdu62885

(Duplicate of CSCdu62885; resolved in 12.2(5.4)T) When RSP is used with MLPPP, an access alignment error occurs causing a performance problem.

CSCdv00143

Border Gateway Protocol (BGP) virtual private network version 4 (VPNv4) address family routes are not being aggregated even though route aggregation is configured. The more specific routes that are supposed to be aggregated are advertised and the less specific aggregate route is not being generated or advertised. There is no workaround.

CSCdu63368

When a local pool is used to assign IP addresses to a PPP user, pings cannot be sent between a PPP user and a Virtual Home Gateway (VHG) or provider edge (PE) router after the PPP user receives an IP address. There is no workaround.

CSCdv46476

In Cisco IOS Release 12.2(5.2)PI and Release 12.2(5.4)T, the access request reports only attribute 31 and contains both the Calling Line ID (CLID) and the dialed number identification service (DNIS). The access request is altered against what is specified in the RFC, which specifies that attributes 30 and 31 are used for reporting information on the DNIS and the CLID. This condition occurs only on an L2TP network server (LNS) when PPP user sessions that are forwarded over an L2TP tunnel are authenticated.

Resolved Caveats - Cisco IOS Release 12.2(5)T

CSCdu42598

When a DHCP proxy client mechanism is used to assign IP address to the remote end of a PPP over ATM connection, that PPPoA connection is not brought down upon expiration of the DHCP lease.

This caveat affects only PPPoA deployment scenarios where PPP is terminated on the access concentrator. It does not affect PPP sessions forwarded to a tunnel, such as an L2TP tunnel.

Workaround: Use a local IP address pool configured on the access concentrator to give the IP address to the remote end of PPPoA connnection.

CSCdu19512

The idle timer is not reset in a direct dial out MPLS-VPN setup using dialer profiles. Disabling CEF on the dialer profile will enable interesting traffic to reset the idle timer.

Resolved Caveats - Cisco IOS Release 12.2(3)T

CSCdu21945

Packets may be dropped when a Cisco Network Services Engine (NSE-1) is used with Parallel eXpress Forwarding (PXF) in an MPLS tag switching environment. This problem affects only PXF in a MPLS switching environment on a Cisco NSE-1.

Workaround: Disable PXF on NSE-1 or use another Network Services Engine.

Resolved Caveats - Cisco IOS Release 12.2(2)T

CSCdt13506

In L2TP the combination of CEF switching, MLP, and VRF (VPN Routing/Forwarding Instance) does not work: CEF switched packets are dropped. All routers that support CEF and all releases have this problem.

Workaround: Disable either CEF or MLP.

CSCdv69266

CEF is stuck in Glean Adjacency when not using 32 bit host rate on the Cisco 6400 router running 12.2(03.06)B03.

Obtaining Documentation

These sections explain how to obtain documentation from Cisco Systems.

World Wide Web

You can access the most current Cisco documentation on the World Wide Web at this URL:

http://www.cisco.com

Translated documentation is available at this URL:

http://www.cisco.com/public/countries_languages.shtml

Documentation CD-ROM

Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which is shipped with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual subscription.

Ordering Documentation

You can order Cisco documentation in these ways:

Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Networking Products MarketPlace:

http://www.cisco.com/public/ordsum.html

Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store:

http://www.cisco.com/go/subscription

Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, U.S.A.) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).

Documentation Feedback

You can submit comments electronically on Cisco.com. In the Cisco Documentation home page, click the Fax or Email option in the "Leave Feedback" section at the bottom of the page.

You can e-mail your comments to bug-doc@cisco.com.

You can submit your comments by mail by using the response card behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain online documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site.

Cisco.com

Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.

Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you with these tasks:

Streamline business processes and improve productivity
Resolve technical issues with online support
Download and test software packages
Order Cisco learning materials and merchandise
Register for online skill assessment, training, and certification programs

If you want to obtain customized information and service, you can self-register on Cisco.com. To access Cisco.com, go to this URL:

http://www.cisco.com

Technical Assistance Center

The Cisco Technical Assistance Center (TAC) is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two levels of support are available: the Cisco TAC Web Site and the Cisco TAC Escalation Center.

Cisco TAC inquiries are categorized according to the urgency of the issue:

Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration.
Priority level 3 (P3)—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.
Priority level 2 (P2)—Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available.
Priority level 1 (P1)—Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available.

The Cisco TAC resource that you choose is based on the priority of the problem and the conditions of service contracts, when applicable.

Cisco TAC Web Site

You can use the Cisco TAC Web Site to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to this URL:

http://www.cisco.com/tac

All customers, partners, and resellers who have a valid Cisco service contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to this URL to register:

http://www.cisco.com/register/

If you are a Cisco.com registered user, and you cannot resolve your technical issues by using the Cisco TAC Web Site, you can open a case online by using the TAC Case Open tool at this URL:

http://www.cisco.com/tac/caseopen

If you have Internet access, we recommend that you open P3 and P4 cases through the Cisco TAC Web Site.

Cisco TAC Escalation Center

The Cisco TAC Escalation Center addresses priority level 1 or priority level 2 issues. These classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer automatically opens a case.

To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to this URL:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled: for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). When you call the center, please have available your service agreement number and your product serial number.

This document is to be used in conjunction with the documents listed in the "Related Documentation" section.

Hierarchical Navigation

Network-Based VPN

Cisco Remote Access to MPLS VPN Integration 2.0 FOA1 Release Notes

Downloads

Table of Contents

First Office Availability 1, April 25, 2002

Virtual Home Gateway/Provider Edge Platforms

Network Access Server Platforms

Network Access Server/Provider Edge Platforms