Table of Contents
Release Notes for Cisco 1600 Series Routers for Cisco IOS Release 11.2 P
July 17, 2000
 |
Note You can find the most current Cisco IOS documentation on Cisco Connection Online (CCO ). These electronic documents may contain updates and modifications made after the hardcopy documents were printed. |
These release notes for the Cisco 1600 series routers describe the enhancements provided in Cisco IOS Release 11.2 P. These release notes are updated as needed.
For a list of the software caveats that apply to Cisco IOS Release 11.2 P, see Caveats for Cisco IOS Release 11.2 P that accompanies these release notes. The caveats document is updated for every maintenance release and is located on Cisco Connection Online (CCO) and the Documentation CD-ROM.
Use these release notes with Cross-Platform Release Notes for Cisco IOS Release 11.2 on CCO and the Documentation CD-ROM.
These release notes describe the following topics:
This section describes the system requirements for Cisco IOS Release 11.2 P:
Table 1: Memory Requirements for Cisco 1600 Series Routers
| Platforms
| Feature Sets
| Image Name
| Software Image
| Recommended Flash Memory
| Recommended DRAM Memory
| Runs from
|
Cisco 1600- Cisco 1604
| IP Feature Sets
| IP
| c1600-y-1
| 4 MB1
| 2 MB2
| Flash
|
IP Plus
| c1600-sy-1
| 6 MB
| 4 MB
| Flash
|
IP Plus 40
| c1600-sy40-1
| 6 MB
| 4 MB
| Flash
|
IP Plus 56
| c1600-sy56-1
| 6 MB
| 4 MB
| Flash
|
IP/IPX
| c1600-ny-1
| 4 MB
| 2 MB
| Flash
|
IP/IPX Plus
| c1600-nsy-1
| 6 MB
| 4 MB
| Flash
|
IP/IPX Plus 40
| c1600-nsy40-1
| 6 MB
| 4 MB
| Flash
|
IP/IPX Plus 56
| c1600-nsy56-1
| 6 MB
| 4 MB
| Flash
|
IP/Appletalk
| c1600-by-1
| 4 MB
| 2 MB
| Flash
|
IP/Appletalk Plus
| c1600-bsy-1
| 6 MB
| 4 MB
| Flash
|
IP/Appletalk Plus 40
| c1600-bsy40-1
| 6 MB
| 4 MB
| Flash
|
IP/Appletalk Plus 56
| c1600-bsy56-1
| 6 MB
| 4 MB
| Flash
|
IP/IPX/Appletalk
| c1600-bny-1
| 6 MB
| 4 MB
| Flash
|
IP/IPX/Appletalk Plus
| c1600-bnsy-1
| 6 MB
| 4 MB
| Flash
|
IP/IPX/Appletalk Plus 40
| c1600-bnsy40-1
| 6 MB
| 4 MB
| Flash
|
IP/IPX/Appletalk Plus 56
| c1600-bnsy56-1
| 6 MB
| 4 MB
| Flash
|
IP/IPX/IBM
| c1600-nr2y-1
| 6 MB
| 4 MB
| Flash
|
IP/IPX IBM Plus
| c1600-nr2sy-1
| 8 MB
| 4 MB
| Flash
|
IP/IPX IBM Plus 40
| c1600-nr2sy40-1
| 8 MB
| 4 MB
| Flash
|
IP/IPX IBM Plus 56
| c1600-nr2sy56-1
| 8 MB
| 4 MB
| Flash
|
IP/Firewall
| c1600-oy-l2 c1600-oy-mz3
| 4 MB
| 2 MB
| Flash
|
IP/IPX/Firewall Plus
| c1600-nosy-l2 c1600-nosy-mz3
| 6 MB
| 4 MB
| Flash
|
IP/IPX/AT/IBM/Firewall Plus 56
| c1600-bnor2sy56-l2 c1600-bnor2sy56-mz3
| 8 MB
| 6 MB
| Flash
|
Cisco 1605-R
| IP Feature Sets
| IP
| c1600-y-1
| 2 MB2
| 8 MB2
| RAM
|
IP Plus
| c1600-sy-1
| 4 MB
| 8 MB
| RAM
|
IP Plus 40
| c1600-sy40-1
| 4 MB
| 8 MB
| RAM
|
IP Plus 56
| c1600-sy56-1
| 4 MB
| 8 MB
| RAM
|
IP/IPX
| c1600-ny-1
| 2 MB
| 8 MB
| RAM
|
IP/IPX Plus
| c1600-nsy-1
| 4 MB
| 8 MB
| RAM
|
IP/IPX Plus 40
| c1600-nsy40-1
| 4 MB
| 10 MB
| RAM
|
IP/IPX Plus 56
| c1600-nsy56-1
| 4 MB
| 10 MB
| RAM
|
IP/Appletalk
| c1600-by-1
| 2 MB
| 8 MB
| RAM
|
IP/Appletalk Plus
| c1600-bsy-1
| 4 MB
| 8 MB
| RAM
|
IP/Appletalk Plus 40
| c1600-bsy40-1
| 4 MB
| 10 MB
| RAM
|
IP/Appletalk Plus 56
| c1600-bsy56-1
| 4 MB
| 10 MB
| RAM
|
IP/IPX/Appletalk
| c1600-bny-1
| 4 MB
| 8 MB
| RAM
|
IP/IPX/Appletalk Plus
| c1600-bnsy-1
| 4 MB
| 10 MB
| RAM
|
IP/IPX/Appletalk Plus 40
| c1600-bnsy40-1
| 4 MB
| 10 MB
| RAM
|
IP/IPX/Appletalk Plus 56
| c1600-bnsy56-1
| 4 MB
| 10 MB
| RAM
|
IP/IPX/IBM
| c1600-nr2y-1
| 4 MB
| 10 MB
| RAM
|
IP/IPX IBM Plus
| c1600-nr2sy-1
| 4 MB
| 12 MB
| RAM
|
IP/IPX IBM Plus 40
| c1600-nr2sy40-1
| 4 MB
| 12 MB
| RAM
|
IP/IPX IBM Plus 56
| c1600-nr2sy56-1
| 4 MB
| 12 MB
| RAM
|
IP/Firewall
| c1600-oy-l4 c1600-oy-mz5
| 2 MB
| 8 MB
| RAM
|
IP/IPX/Firewall Plus
| c1600-nosy-l2 c1600-nosy-mz3
| 4 MB
| 10 MB
| RAM
|
IP/IPX/AT/IBM/ Firewall Plus 56
| c1600-bnor2sy56-l2 c1600-bnor2sy56-mz3
| 4 MB
| 12 MB
| RAM
|
Cisco IOS Release 11.2 P supports the Cisco 1600 series routers:
The Cisco 1600 series routers deliver the next-generation set of features and benefits for small-office Internet and intranet access: WAN flexibility, end-to-end security, end-to-end quality of service, ease of use, deployment, and management. The Cisco 1600 series routers connect small offices with Ethernet LANs to the public Internet and to a company internal intranet or corporate LAN through several WAN connections such as ISDN, asynchronous serial, and synchronous serial.
Cisco 1601 through Cisco 1604 router models include one Ethernet port, one built-in WAN port, and one WAN interface-card expansion slot for additional connectivity and flexibility. The Cisco 1601 includes a built-in serial WAN port; the Cisco 1602 has an onboard 56-kbps four-wire data service unit/channel service unit (DSU/CSU); the Cisco 1603 has an ISDN BRI S/T port; and the Cisco 1601, 1602, and 1605-R include an ISDN BRI U interface with a built-in NT1 device. The Cisco 1605-R has two Ethernet LAN interfaces and one WAN interface card slot.
The following WAN interface cards are supported by the Cisco 1600 series routers:
- 1-port synchronous/asynchronous serial
- 1-port ISDN BRI with S/T interface
- 1-port ISDN BRI with NT1 and U interface
- 1-port ISDN Leased Line BRI S/T WAN interface (Cisco 1603 and Cisco 1604 routers only)
- 1-port 56/64kbps DSU/CSU WAN interface
- 1-port T1/Fractional T1 DSU/CSU WAN interface
To determine the version of Cisco IOS software running on your Cisco 1600 series router, log in to the router and enter the show version EXEC command:
router> show version
Cisco Internetwork Operating System Software
IOS (tm) 11.2 P Software (C1600-NY-L), Version 11.2(23)P, RELEASE SOFTWARE
For general information about upgrading to a new software release, see Cisco IOS Upgrade Ordering Instructions located at:
http://www. cisco.com/warp /public/cc/cisco/ mkt/ios/prodlit /957_pp.htm
The Cisco IOS software is packaged in feature sets consisting of software images--depending on the platform. Each feature set contains a specific set of Cisco IOS features.
Cisco IOS Release 11.2 P supports the same feature sets as Cisco IOS Release 11.2, but Release 11.2 P can include new features supported by the Cisco 1600 series routers.
 |
Caution Cisco IOS images with strong encryption (including, but not limited to 168-bit (3DES) data encryption feature sets) are subject to United States government export controls and have limited distribution. Strong encryption images to be installed outside the United States are likely to require an export license. Customer orders may be denied or subject to delay due to United States government regulations. When applicable, purchaser/user must obtain local import and use authorizations for all encryption strengths. Please contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com. |
Table 2 lists the features and feature sets supported by the Cisco 1600 series routers in Cisco IOS Release 11.2 P and uses the following conventions:
- Basic--The feature is supported in the basic software image.
- Plus--The feature is supported in the Plus software image.
- - (en-dash)--The feature is not supported in the software image.
 |
Note This feature set table only contains a selected list of features. This table is not cumulative-- nor does it list all the features in each image. |
Table 2: Feature List by Feature Set for the Cisco 1600 Routers
|
| Feature Sets
|
| Features
| IP
| IP/IPX
| IP/ Apple- Talk
| IP/IPX/ Apple- Talk
| IP/IPX/ IBM
| IP/ Firewall1
| IP/IPX/ Firewall Plus
| IP/IPX/ AT/IBM/ Firewall Plus 56
|
| LAN Support
|
|
|
|
|
|
|
|
|
AppleTalk 1 and 22
| -
| -
| Basic
| Basic
| -
| -
| -
| Basic
|
Integrated routing and bridging (IRB)3
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
IP
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
Novell IPX4
| -
| Basic
| -
| Basic
| Basic
| -
| Basic
| Basic
|
Transparent bridging
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
| WAN Services
|
|
|
|
|
|
|
|
|
Asynchronous
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
Frame Relay
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
Frame Relay SVC support (DTE)
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
|
Frame Relay traffic shaping
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
HDLC
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
ISDN 5
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
PPP6
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
SMDS
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
Switched 56
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
X.25
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
SLIP asynchronous only
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
| WAN Optimization
|
|
|
|
|
|
|
|
|
Bandwidth-on-demand7
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
Custom and priority queuing
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
Dial backup
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
Dial-on-demand
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
Header, link, and payload compression
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
Header and link compression
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
Snapshot routing
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
Weighted fair queuing
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
IPX and SPX spoofing
| -
| Basic
| -
| Basic
| Basic
| -
| Basic
| Basic
|
| IP Routing
|
|
|
|
|
|
|
|
|
AppleTalk SMRP Multicast
| -
| -
| Plus
| Plus
| -
| -
| -
| Plus
|
Enhanced IGRP
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
IGRP
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
IP Multicast (PIM)
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
|
Network Address Translation (NAT)
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
|
On Demand Routing (ODR)
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
OSPF
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
|
OSPF On Demand Circuit (RFC 1793)
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
|
PIM
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
|
RIP
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
RIP Version 2
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
| Other Routing
|
|
|
|
|
|
|
|
|
IPX RIP
| -
| Basic
| -
| Basic
| Basic
| -
| Basic
| Basic
|
RTMP
| -
| -
| Basic
| Basic
| -
| -
| -
| Basic
|
NLSP
| -
| Plus
| -
| Plus
| Plus
| -
| Plus
| Plus
|
| Multimedia and Quality of Service
|
|
|
|
|
|
|
|
|
Generic traffic shaping
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
|
Random Early Detection (RED)
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
|
Resource Reservation Protocol (RSVP)
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
|
| Management
|
|
|
|
|
|
|
|
|
SNMP
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
Telnet
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
Console port
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
Networking Timing Protocol (NTP)
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
|
Simple Networking Timing Protocol (SNTP)
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
| Security
|
|
|
|
|
|
|
|
|
Access lists
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
Cisco IOS Firewall: Context-Based Access Control
| -
| -
| -
| -
| -
| Basic
| Basic
| Basic
|
Extended access lists
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
TACACS Plus
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
RADIUS
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
|
GRE tunneling
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
Lock and key
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
| Basic
|
Network layer encryption, 40-bit (Plus 40) and 56-bit (Plus 56)
| Encrypt
| Encrypt
| Encrypt
| Encrypt
| Encrypt
| Encrypt
| Encrypt
| Encrypt
|
Virtual Private Dialup Network
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
| Plus
|
1Available only in Cisco IOS Release 11.2(11)P and later releases.
2AppleTalk load balancing is available in Cisco IOS Release 11.2.
3IRB supports IP, IPX, and AppleTalk; it is supported for transparent bridging, but not for SRB; it is supported on all media-type interfaces except X.25 and ISDN bridged interfaces; and IRB and concurrent routing and bridging (CRB) cannot operate at the same time.
4In Cisco IOS Release 11.2, the Novell IPX feature includes Display SAP by Name, IPX Access Control List violation logging, and plain-English IPX access lists.
5ISDN support includes calling line identification (CLI/ANI), ISDN subaddressing, and applicable WAN optimization features.
6PPP includes support for LAN protocols supported by the feature set, address negotiation, PAP and CHAP authentication, and PPP compression. Multilink PPP is included with Cisco IOS Release 11.0(4) and later releases.
7Bandwidth-on-demand means two B-channel calls to the same destination.
|
The following sections list the new hardware and software features supported by the Cisco 1600 series routers for Release 11.2 P.
There are no new software features supported by the Cisco 1600 series routers for Release 11.2(13)P and later.
The following new hardware and software features are supported by the Cisco 1600 series for Release 11.2(12)P.
Context-Based Access Control (CBAC), introduced in Release 11.2(11)P, provides basic Denial-of-Service detection and prevention services. These services are enhanced in Release 11.2(12)P to provide additional controls, configurable with the command new ip inspect tcp-max-incomplete host.
The Cisco T1 data service unit/channel service unit (DSU/CSU) WAN interface card is an integrated, managed, T1 or fractional T1 WAN interface card. It provides nonchannelized data rates of 1 to 24 X 64 kbps or 1 to 24 X 56 kbps and follows ANSI T1.403 and AT&T Publication 62411 standards.
The Cisco T1 DSU/CSU WAN interface management features include the following:
- You can locally perform an initial configuration for the interface using ClickStart, a point-and-click web browser-based interface tool. You can remotely configure the interface using Telnet and the Cisco IOS command-line interface (CLI).
- For monitoring purposes, the router and DSU/CSU are manageable as a single Simple Network Management Protocol (SNMP) entity, using CiscoWorks or CiscoView. DSU/CSU statistics are accessed from the CLI.
- The SNMP agent supports the standard Management Information Base II (MIB II), Cisco integrated DSU/CSU MIB, and T1 MIB (RFC 1406).
- Loopbacks (including a manual button for a network line loopback) and bit error rate tester (BERT) tests are provided for troubleshooting.
- Test patterns, alarm counters, and performance reports are accessible using the CLI.
- The module has carrier detect, loopback, and alarm LEDs.
The following new software features are supported by the Cisco 1600 series for Release 11.2(11)P.
The Cisco IOS Firewall feature set combines existing Cisco IOS firewall technology and the new context-based access control feature to provide an effective, robust firewall.
The Cisco IOS Firewall feature set is designed to prevent unauthorized, external individuals from gaining access to your internal network and to block attacks on your network, while at the same time allowing authorized users to access network resources.
You can use the Cisco IOS Firewall feature set to configure your Cisco IOS device as:
- An Internet firewall or part of an Internet firewall
- A firewall between groups in your internal network
- A firewall providing secure connections to branch offices
- A firewall between your company network and your company partners' networks
The Cisco IOS Firewall feature set provides the following capabilities:
- Protects internal networks from intrusion
- Monitors traffic through network perimeters
- Enables network commerce via the World Wide Web
Context-based access control (CBAC) is a new feature which provides intelligent filtering of packets through the firewall. CBAC creates temporary openings in the firewall to permit packets that are part of a permissible session. (These packets are normally blocked at the firewall.) A permissible session is one that originates from within your protected internal network.
 |
Note In Release 11.2(11)P, the command ip inspect tcp-max-incomplete host is not available. (This command is introduced in 11.2(12)P to enhance CBAC's Denial-of-Service detection and prevention services.) |
The following new software features are supported by the Cisco 1600 series for Release 11.2(10)P.
Virtual private dial-up networks (VPDN) allow separate and autonomous protocol domains to share common access infrastructure including modems, access servers, and ISDN routers. VPDN uses the Level 2 Forwarding protocol (L2F), which permits the tunneling of link level frames.
Using L2F tunneling, an Internet Service Provider (ISP) or other access service can create a virtual tunnel to link a customer remote sites or remote users with corporate home networks. In particular, a network access server at the ISP point of presence (POP) exchanges PPP messages with the remote users and communicates by L2F requests and responses with the customer home gateway to set up tunnels. L2F passes protocol-level packets through the virtual tunnel between endpoints of a point-to-point connection.
Frames from the remote users are accepted by the ISP POP, stripped of any linked framing or transparency bytes, encapsulated in L2F, and forwarded over the appropriate tunnel. The customer home gateway accepts these L2F frames, strips the L2F encapsulation, and processes the incoming frames for the appropriate interface.
 |
Note This implementation of VPDN supports PPP dial-up only. |
Remote Authentication Dial-In User Service (RADIUS) is a distributed client/server system that secures networks against unauthorized access. In the Cisco implementation, RADIUS clients run on Cisco routers and send authentication requests to a central RADIUS server, which contains all user authentication and network service access information. RADIUS is a fully open protocol, distributed in source code format, that can be modified to work with any security system currently available on the market.
Cisco supports RADIUS under its authentication, authorization, and accounting (AAA) security paradigm. RADIUS can be used with other AAA security protocols, such as TACACS+, Kerberos, or local username lookup. RADIUS has been implemented in a variety of network environments that require high levels of security while maintaining network access for remote users.
Use RADIUS in the following network environments that require access security:
- Networks with multiple-vendor access servers, each supporting RADIUS--For example, access servers from several vendors use a single RADIUS server-based security database. In an IP-based network with multiple vendor's access servers, dial-in users are authenticated through a RADIUS server that has been customized to work with the Kerberos security system.
- Turn-key network security environments in which applications support the RADIUS protocol--For example, in an access environment that uses a "smart card" access control system. In one case, RADIUS has been used with Enigma's security cards to validate users and grant access to network resources.
- Networks already using RADIUS--You can add a Cisco router with RADIUS to the network. This might be the first step when you transition to a Terminal Access Controller Access Control System (TACACS+).
- Networks in which a user must only access a single service--Using RADIUS, you can control user access to a single host, to a single utility such as Telnet, or to a single protocol such as Point-to-Point Protocol (PPP). For example, when a user logs in, RADIUS identifies this user as having authorization to run PPP using IP address 1.2.3.4 and access-list N is started.
- Networks that require resource accounting--You can use RADIUS accounting independently of RADIUS authentication or authorization. The RADIUS accounting functions allow data to be sent at the start and end of services, indicating the amount of resources (such as time, packets, bytes, and so on) used during the session. An Internet service provider (ISP) might use a freeware-based version of RADIUS access control and accounting software to meet special security and billing needs.
RADIUS is not suitable in the following network security situations:
- Multiprotocol access environments--RADIUS does not support the following protocols:
- AppleTalk Remote Access Protocol (ARAP)
- NetBIOS Frame Protocol Control Protocol (NBFCP)
- NetWare Asynchronous Services Interface (NASI)
- X.25 PAD connections
- Router-to-router situations--RADIUS does not provide two-way authentication. RADIUS can be used to authenticate from one router to a non-Cisco router if the non-Cisco router requires RADIUS authentication.
- Networks using a variety of services--RADIUS generally binds a user to one service model.
The following new hardware and software features are supported by the Cisco 1600 series for Release 11.2(9)P.
This new router provides two Ethernet LAN interfaces and one WAN interface card slot. One Ethernet interface can be dedicated to an internal LAN while a second perimeter LAN allows users from an untrusted network (such as the Internet) to access resources such as Web and FTP servers.
This card is supported on Cisco 1603 and 1604 routers. The card provides an additional ISDN 64-kbps leased-line on the B1 channel that supports Frame Relay encapsulation, PPP encapsulation, and PPP compression.
This 4-wire, SNMP-manageable DSU/CSU card supports 56- or 64-kbps Digital Data Service (DDS) and Leased Line and Switched 56 kbps. The following synchronous serial WAN services/protocols are supported: Frame Relay, SMDS, X.25, PPP, LAPB, and HDLC. Card diagnostics can be retrieved using Telnet or the console port.
The following new hardware and software features are supported by the Cisco 1600 series for Release 11.2(1)P. They are divided into the following categories:
IP Protocol and Feature Enhancements
The following new IP protocol software features are available:
- On Demand Routing--On Demand Routing (ODR) is a mechanism that provides minimum-overhead IP routing for stub sites. The overhead of a general dynamic routing protocol is avoided, without incurring the configuration and management overhead of using static routing.
- A stub router is the peripheral router in a hub-and-spoke network topology. Stub routers commonly have a WAN connection to the hub router and a small number of LAN network segments (stub networks) that are connected directly to the stub router. To provide full connectivity, the hub routers can be statically configured to recognize that a particular stub network is reachable via a specified access router. However, if there are multiple hub routers, many stub networks, or asynchronous connections between hubs and spokes, the overhead required to statically configure knowledge of the stub networks on the hub routers becomes too great.
- ODR simplifies installation of IP stub networks in which the hub routers dynamically maintain routes to the stub networks. This is accomplished without requiring the configuration of an IP routing protocol at the stub routers. With ODR, the stub advertises IP prefixes corresponding to the IP networks that are configured on its directly connected interfaces. Because ODR advertises IP prefixes, rather than IP network numbers, ODR is able to carry Variable Length Subnet Mask (VLSM) information.
- Once ODR is enabled on a hub router, the router begins installing stub network routes in the IP forwarding table. The hub router can also be configured to redistribute these routes into any configured dynamic IP routing protocols. IP does not need to be configured on the stub router. With ODR, a router is automatically considered to be a stub when no IP routing protocols have been configured on it.
- The routing protocol that ODR generates is propagated between routers using Cisco Discovery Protocol (CDP). Thus, ODR is partially controlled by the configuration of CDP. Specifically,
- If CDP is disabled, the propagation of ODR routing information ceases.
- By default, CDP sends updates every 60 seconds. This update interval might not be frequent enough to provide fast reconvergence of IP routers on the hub-router side of the network. A faster reconvergence rate might be necessary if the stub connects to several hub routers via asynchronous interfaces (such as modem lines).
- ODR might not work well with dial-on-demand routing (DDR) interfaces, as CDP packets do not cause a DDR connection to be made.
- It is recommended that IP filtering be used to limit the network prefixes that the hub router permits to be learned dynamically through ODR. If the interface has multiple logical IP networks configured (via the IP secondary command), only the primary IP network is advertised through ODR.
Open Shortest Path First (OSPF) Enhancements
The following features have been added to Cisco OSPF software:
- OSPF On-Demand Circuit--OSPF On-Demand Circuit is an enhancement to the OSPF protocol, as described in RFC 1793, that allows efficient operation over demand circuits such as ISDN, X.25 SVCs, and dial-up lines. Previously, the period nature of OSPF routing traffic mandated that the underlying data-link connection needed to be open constantly, resulting in unwanted usage charges. With this feature, OSPF Hellos and the refresh of OSPF routing information is suppressed for on-demand circuits (and reachability is presumed), allowing the underlying data-link connections to be closed when not carrying application traffic.
- The feature allows the consolidation on a single routing protocol and the benefits of the OSPF routing protocol across the entire network, without incurring excess connection costs.
- If the router is part of a point-to-point topology, only one end of the demand circuit needs to be configured for OSPF On-Demand Circuit operation. In point-to-multipoint topologies, all appropriate routers must be configured with OSPF On-Demand Circuit. All routers in an area must support this feature--that is, be running Cisco IOS Software Release 11.2 or greater.
- OSPF Not-So-Stubby Areas (NSSA)--As part of the OSPF protocol support for scalable, hierarchical routing, peripheral portions of the network can be defined as "stub" areas, so that they do not receive and process external OSPF advertisements. Stub areas are generally defined for low end routers with: a limited memory and CPU, low-speed connections, and a default route configuration.
- OSPF Not-So-Stubby-Areas (NSSA) defines a more flexible, hybrid method, whereby stub areas can import external OSPF routes in a limited fashion, so that OSPF can be extended across the stub to backbone connection.
- NSSA enables OSPF to be extended across a stub area to backbone area connection to become logically part of the same network.
Border Gateway Protocol version 4 (BGP4) Enhancements
The following features have been added to Cisco BGP4 software:
- BGP4 Soft Configuration--BGP4 soft configuration allows BGP4 policies to be configured and activated without clearing the BGP session, hence without invalidating the forwarding cache. This enables policy reconfiguration without causing short-term interruptions to traffic being forwarded in the network.
- BGP4 Multipath Support-- BGP4 Multipath Support provides BGP load balancing between multiple Exterior BGP (EBGP) sessions. If there are multiple EBGP sessions between the local autonomous system (AS) and the neighboring AS, multipath support allows BGP to load balance among these sessions. Depending on the switching mode, per packet or per destination load balancing is performed. BGP4 Multipath Support can support up to six paths.
- BGP4 Prefix Filtering with Inbound Route Maps--This feature allows prefix-based matching support to the inbound neighbor route map. This feature allows an inbound route map to be used to enforce prefix-based policies.
Network Address Translation
Network Address Translation (NAT) provides a mechanism for a privately addressed network to access registered networks, such as the Internet, without requiring a registered subnet address. This eliminates the need for host renumbering and allows the same IP address range to be used in multiple intranets.
With NAT, the privately addressed network (designated as "inside") continues to use its existing private or obsolete addresses. These addresses are converted into legal addresses before packets are forwarded onto the registered network (designated as "outside"). The translation function is compatible with standard routing; the feature is required only on the router connecting the inside network to the outside domain.
Translations can be static or dynamic. A static address translation establishes a one-to-one mapping between the inside network and the outside domain. Dynamic address translations are defined by describing the local addresses to be translated and the pool of addresses from which to allocate outside addresses. Allocation is done in numeric order and multiple pools of contiguous address blocks can be defined.
NAT Benefits:
- NAT eliminates the need to readdress all hosts that require external access, saving time and money.
- With NAT, internal hosts can share a single registered IP address for all external communications. In this type of configuration, relatively few external addresses are required to support many internal hosts, thus conserving IP addresses.
- Because private networks do not advertise their addresses or internal topology, they remain reasonably secure when used in conjunction with NAT to gain controlled external access.
Because the addressing scheme on the inside network might conflict with registered addresses already assigned within the Internet, NAT can support a separate address pool for overlapping networks and translate as appropriate.
Applications that use raw IP addresses as a part of their protocol exchanges are incompatible with NAT. Typically, these are less common applications that do not use fully qualified domain names.
Named IP Access Control List
The Named IP Access Control List (ACL) feature gives network managers the option of using names for their access control lists. Named IP ACL function similarly to their numbered counter-parts, except that they use names instead of numbers. This feature also includes a new configuration mode, which supports addition and deletion of single lines in a multiline access control list.
This feature eliminates some of the confusion associated with maintaining long access control lists. Meaningful names can be assigned, making it easier to remember which service is controlled by which access control list. Moreover, this feature removes the limit of 100 extended and 99 standard access control lists, so that additional IP access control lists can be configured.
The new configuration feature allows a network manager to edit access control lists, rather than re-creating the entire list. Currently, only packet and route filters can use Named IP ACL. Also, named IP ACLs are not backward-compatible with earlier releases of Cisco IOS software. Named IP ACLs are not currently supported with Distributed Fast Switching.
Multimedia and Quality of Service
The following features have been added to Cisco multimedia and quality of service software:
- Resource Reservation Protocol--Resource Reservation Protocol (RSVP) enables applications to dynamically reserve necessary network resources from end-to-end for different classes of service. An application, which acts as a receiver for a traffic stream, initiates a request for reservation of resources (bandwidth) from the network, based on the required quality of service of the application. The first RSVP-enabled router that receives the request informs the requesting host whether the requested resources are available or not. The request is forwarded to the next router, towards the sender of the traffic stream. If the reservations are successful, an end-to-end pipeline of resources is available for the application to obtain the required quality of service. RSVP enables applications with real-time traffic needs, such as multimedia applications, to coexist with bursty applications on the same network. RSVP works with both unicast and multicast applications.
- RSVP requires both a network implementation and a client implementation. Applications need to be RSVP-enabled to take advantage of RSVP functionality. Currently, Precept provides an implementation of RSVP for Windows-based PCs. Companies such as Sun and Silicon Graphics have demonstrated RSVP on their platforms. Several application developers are planning to take advantage of RSVP in their applications.
- Random Early Detection--Random Early Detection (RED) helps eliminate network congestion during peak traffic loads. RED uses the characteristics of a robust transport protocol (TCP) to reduce transmission volume at the source when traffic volume threatens to overload a router buffer resources. RED is designed to relieve congestion on TCP/IP networks.
- RED is enabled on a per-interface basis. It "throttles back" lower-priority traffic first, allowing higher-priority traffic (as designated by an RSVP reservation or the IP precedence value) to continue unabated. RED works with RSVP to maintain end-to-end quality of service during peak traffic loads. Congestion is avoided by selectively dropping traffic during peak load periods. This is performed in a manner designed to damp out waves of sessions going through TCP slow start.
- Existing networks can be upgraded to better handle RSVP and priority traffic. Additionally, RED can be used in existing networks to manage congestion more effectively on higher-speed links where fair queuing is expensive.
- Exercise caution when enabling RED on interfaces that support multiprotocol traffic (in addition to TCP/IP), such as IPX or AppleTalk. RED is not designed for use with these protocols and could have deleterious affects. RED is a queuing technique; it cannot be used on the same interface as other queuing techniques, such as Standard Queuing, Custom Queuing, Priority Queuing, or Fair Queuing.
- Generic Traffic Shaping--Generic Traffic Shaping (also called Interface Independent Traffic Shaping) helps reduce the flow of outbound traffic from a router interface into a backbone transport network when congestion is detected in the downstream portions of the backbone transport network or in a downstream router. Unlike the Traffic Shaping over Frame Relay features which are specifically designed to work on interfaces to Frame Relay networks, Generic Traffic Shaping works on interfaces to a variety of Layer 2 data-link technologies (including Frame Relay, SMDS, Ethernet, and so on.)
- Topologies that have high-speed links feeding into lower-speed links--such as a central site to a remote or branch sites--often experience bottlenecks at the remote end because of the speed mismatch. Generic Traffic Shaping helps eliminate the bottleneck situation by throttling back traffic volume at the source end.
- Routers can be configured to transmit at a lower bit rate than the interface bit rate. Service providers or large enterprises can use the feature to partition, for example, T1 or T3 links into smaller channels to match service ordered by customers.
- Generic Traffic Shaping implements a Weighted Fair Queuing (WFQ) on an interface or subinterface to allow the desired level of traffic flow. The feature consumes router memory and CPU resources, so it must be used judiciously to regulate critical traffic flows while not degrading overall router performance.
Multiprotocol Routing
The following enhancement has been made to Cisco multiprotocol routing:
- Enhanced IGRP Optimizations--With the wide-scale deployment of Enhanced Interior Gateway Routing Protocol (Enhanced IGRP) in increasingly large and complex customer networks, Cisco has been able to continuously monitor and refine Enhanced IGRP operation, integrating several key optimizations. Optimizations have been made in the allocation of bandwidth, use of processor and memory resources, and mechanisms for maintaining information about peer routers, as described below.
- Intelligent Bandwidth Control: In network congestion scenarios, packet loss, especially the dropping of routing protocol messages, adversely affects convergence time and overall stability. To prevent this problem, Enhanced IGRP now takes into consideration the available bandwidth (at a granularity of per subinterface/virtual circuit if appropriate) when determining the rate at which it transmits updates. Interfaces can also be configured to use a certain (maximum) percentage of the bandwidth, so that even during routing topology computations, a defined portion of the link capacity remains available for data traffic.
- Improved Processor and Memory Utilization: Enhanced IGRP derives the distributed routing tables from topology databases that are exchanged between peer routers. This CPU computation has now been made significantly more efficient as has the protocol queuing algorithm, resulting in improved memory utilization. The combination of these factors further increases the suitability of Enhanced IGRP for deployment, particularly on low-end routers.
- Implicit Protocol Acknowledgments: Enhanced IGRP running within a router maintains state and reachability information about other neighboring routers. This mechanism has been modified so that it no longer requires explicit notifications to be exchanged but rather accepts any traffic originating from a peer as a valid indication that the router is operational. This provides greater resilience under extreme load.
- IPX Service Advertisement Interleaving: Large IPX environments are typically characterized by many Service Advertisements, which can saturate lower-speed links at the expense of routing protocol messages. Enhanced IGRP now employs an interleaving technique to ensure that both traffic types receive sufficient bandwidth in large IPX networks.
- These enhancements are particularly applicable in networking environments having many low-speed links (typically in hub-and-spoke topologies); in Non-Broadcast-Multiple-Access (NBMA) wide-area networks such as Frame Relay, ATM, or X.25 backbones; and in highly redundant, dense router-router peering configurations. It should be noted that the basic Enhanced IGRP routing algorithm that exhibits very fast convergence and guaranteed loop-free paths has not changed, so there are no backwards compatibility issues with earlier versions of Cisco IOS software.
Switching Features
The following feature has been added to Cisco switching software:
- Integrated Routing and Bridging--Integrated routing and bridging (IRB) delivers the functionality to extend VLANs and Layer 2 bridged domains across the groups of interfaces on Cisco IOS software-based routers and interconnect them to the routed domains within the same router.
- The ability to route and bridge the same protocol on multiple independent sets of interfaces of the same Cisco IOS software-based router makes it possible to route between these routed and the bridged domains within that router. IRB provides a scalable mechanism for integration of Layer 2 and Layer 3 domains within the same device.
- Integrated routing and bridging provides:
- Scalable, efficient integration of Layer 2 and Layer 3 domains: The IRB functionality allows you to extend the bridge domains or VLANs across routers while maintaining the ability to interconnect them to the routed domains through the same router.
- Layer 3 address conservation: You can extend the bridge domains and the VLAN environments across the routers to conserve the Layer 3 address space and still use the same router to interconnect the VLANs and bridged domains to the routed domain.
- Flexible network reconfiguration: Network administrators gain the flexibility of being able to extend the bridge domain across router interfaces to provide temporary solution for moves, adds, and changes. This can be useful during migration from a bridged environment to a routed environment or when making address changes on a scheduled basis.
- Note that:
- Currently, IRB supports three protocols: IP, IPX, and AppleTalk, in both fast-switching and process-switching modes.
- IRB is supported for transparent bridging, but not for source-route bridging.
- IRB is supported on all media-type interfaces except X.25 and ISDN bridged interfaces.
- IRB and concurrent routing and bridging (CRB) cannot operate at the same time.
AppleTalk Features
The following feature has been added to Cisco AppleTalk software:
- AppleTalk Load Balancing--This feature allows AppleTalk data traffic to be distributed more evenly across redundant links in a network. AppleTalk load balancing can reduce network costs by allowing more efficient use of network resources. Network reliability is improved because the chance that network paths between nodes becomes overloaded is reduced. For convenience, load balancing is provided for networks using native AppleTalk routing protocols such as Routing Table Maintenance Protocol (RTMP) and Enhanced IGRP. AppleTalk load balancing operates with process and fast switching.
Novell Features
The following features have been added to Cisco Novell software:
- Display SAP by Name--This feature allows network managers to display Service Advertisement Protocol (SAP) entries that match a particular server name or other specific value. The current command that displays IPX servers has been extended to allow the use of any regular expression (including supported special characters) for matching against the router SAP table.
- IPX Access Control List Violation Logging--With this feature, routers can use existing router logging facilities to log IPX access control list (ACL) violations whenever a packet matches a particular access-list entry. The first packet to match an entry is logged immediately; updates are sent at approximately 5-minute intervals.
- This feature allows logging of:
- Source and destination addresses
- Source and destination socket numbers
- Protocol (or packet) type (for example, IPX, SPX, or NCP)
- Action taken (permit/deny)
- Matching packets and logging-enabled ACLs are sent at the process level. Router logging facilities use the IP protocol.
- Plain English IPX access list--Through the use of this feature, the most common protocol and socket numbers used in IPX extended ACLs can be specified by either name or number instead of only numbers, as required previously. Protocol types supported include RIP, SAP, NCP, and NetBIOS. Supported socket types include Novell Diagnostics Packet Enhanced IGRP and NLSP. Plain English IPX Access Lists greatly reduce the complexity and increase the readability of IPX extended access control lists, reducing network management expense by making it easier to build and analyze the access control mechanisms used in IPX networks.
ISDN/DDR Enhancements
The following features have been added to Cisco ISDN and DDR software:
- Multichassis Multilink PPP (MMP)--Multichassis Multilink Point-to-Point Protocol (MMP) extends Multilink PPP (MLP) by providing a mechanism to aggregate B-channels transparently across multiple routers or access servers. MMP defines the methodology for sharing individual links in a MLP bundle across multiple, independent platforms. The primary application for MMP is the ISDN dial-up pool; however, it can also be used in a mixed technology environment.
- MMP is based on the concept of a stack group--a group of routers or access servers that operate as a group when receiving MLP calls. Any member of the stack group can answer any call into the single access number applied to all WAN interfaces. Typically, the access number corresponds to a telco hunt group. Cross-platform aggregation is performed via tunneling between members of a stack group using the Level 2 Forwarding (L2F) protocol, a draft IETF standard.
- MMP is flexible and scalable. Because the L2F protocol is IP based, members of a stack group can be connected over many types of LAN or WAN media. stack group size can be increased by increasing the bandwidth available to the L2F protocol--for example, by moving from shared to switched Ethernet.
- With Multichassis Multilink PPP:
- New devices can be added to the dial-up pool at any time.
- The load for reassembly and resequencing can be shared across all devices in the stack group. MMP is less CPU-intensive than MLP.
- MMP provides an interoperable multivendor solution because it does not require any special software capabilities at the remote sites. The only remote requirement is support for industry-standard MLP (RFC 1717).
 |
Note This feature is documented in the PPP for wide-area networking chapters of the Wide-Area Networking Configuration Guide and the Wide-Area Networking Command Reference. |
- Virtual Private Dial-up Network-- Virtual Private Dial-up Network (VPDN) allows users from multiple disparate domains to gain secure access to their corporate home gateways via public networks or the Internet. This functionality is based on the Layer 2 Forwarding (L2F) specification that Cisco has proposed as an industry standard to the Internet Engineering Task Force (IETF).
- Service providers who wish to offer private dial-up network services can use VPDN to provide a single telephone number for all their client organizations. A customer can use dial-up access to a local point of presence where the access server identifies the customer by PPP username. The PPP username is also used to establish a home gateway destination. When the home gateway is identified, the access server builds a secure tunnel across the service provider backbone to the customer home gateway. The PPP session is also transported to this home gateway, where local security measures can ensure the person is allowed access to the network behind the home gateway. Of special interest to service providers is the independence of VPDN from WAN technology. Because L2F is TCP/IP-based, it can be used over any type of service provider backbone network.
 |
Note This feature is documented in the PPP for wide-area networking chapters of the Wide-Area Networking Configuration Guide and the Wide-Area Networking Command Reference. |
- Dialer Profiles--Dialer profiles allow the user to separate the network layer, encapsulation, and dialer parameters portion of the configuration from that of the interface used to place or receive calls. Dialer profile extends the flexibility of current dial-up configurations. For example, on a single ISDN PRI or PRI rotary group, it is now possible to allocate separate profiles for different classes of user. These profiles might define normal DDR usage or backup usage.
- Each dialer profile uses an Interface Descriptor Block (IDB) distinct from the IDB of the physical interface used to place or receive calls. When a call is established, both IDBs are bound together so that traffic can flow. As a result, dialer profiles use more IDBs than normal DDR. This initial release of dialer profiles does not support Frame Relay, X.25, or Link Access Procedure Balance (LAPB) encapsulation on DDR links or Snapshot Routing capabilities.
- Combinet Packet Protocol (CPP) Support--Combinet Packet Protocol (CPP) is a proprietary encapsulation used by legacy Combinet products for data transport. CPP also defines a methodology for performing compression and load sharing across ISDN links. The Cisco IOS software implementation of CPP supports both compression and load sharing using this proprietary encapsulation.
- A large installed base of early Combinet product users cannot upgrade to later software releases that support interoperability standards such as PPP. With CPP support, these users can integrate their existing product base into new Cisco IOS software-based internetworks.
- CPP does not provide many of the functions available in the Cisco implementation of the PPP standards. These functions include address negotiation and support for protocols like AppleTalk. Where possible, Cisco recommends that customers migrate to software that supports PPP.
- Half Bridge/Half Router for Combinet Packet Protocol (CPP) and PPP--Half bridge/half router allows low-end, simply configured bridge devices to bridge either PPP or Combinet Packet Protocol (CPP)-encapsulated data to a Cisco IOS core network router. Half bridge/half router is designed for networks that have small-remote Ethernet segments, each with a single PPP- or CPP-compatible bridging device connected to a core network. The serial or ISDN interface on the core network router appears as a virtual Ethernet port to the network. Layer 3 data packets transported across this type of link are first encapsulated within an Ethernet encapsulation. A PPP or CPP bridging header is then added. This facility allows bridged traffic arriving at the core device to be routed from that point on. This feature is process switched.
Frame Relay Enhancements
The following features have been added to Cisco Frame Relay software:
- Frame Relay SVC Support (DTE)--Currently, access to Frame Relay networks is through private leased lines at speeds ranging from 56 kbps to 45 Mbps. Bandwidth within the Frame Relay network is permanently committed to providing permanent virtual circuits (PVCs) between the endpoints. Switched virtual circuits (SVCs) allow access through a Frame Relay network by setting up a path to the destination endpoints only when the need arises. This is similar to X.25 SVCs, which allow connections to be set up and torn down based upon data traffic requirements. Although SVCs entail overhead for setting up and tearing down links, the VC is only established when data must be transferred, so the number of VCs is proportional to the number of actual conversations between sites rather than the number of sites.
- Frame Relay SVCs offer cost savings via usage-based pricing instead of fixed pricing for a PVC connection, dynamic modification of network topologies with any-to-any connectivity, dynamic network bandwidth allocation or bandwidth-on-demand for large data transfers such as FTP traffic, backup for PVC backbones, and conservation of resources in private networks.
- To use Frame Relay SVCs, Frame Relay SVC must be supported by the Frame Relay switches used in the network. Also, a Physical Local Loop Connection, such as a leased or dedicated line, must exist between the router (DTE) and the local Frame Relay switch.
- Traffic Shaping over Frame Relay
 |
Note Traffic shaping over Frame Relay is not available in Release 11.2(1). Refer to software defect ID CSCdi60734. |
- The Frame Relay protocol defines several parameters that are useful for managing network traffic congestion. These include Committed Information Rate (CIR), Forward/Backward Explicit Congestion Notification (FECN/BECN), and Discard Eligibility (DE) bit. Cisco already provides support for FECN for DECnet and OSI, BECN for Systems Network Architecture (SNA) traffic using direct LLC2 encapsulation via RFC 1490, and DE bit support. The Frame Relay Traffic Shaping feature builds upon this support by providing the following three capabilities:
- Rate Enforcement on a per virtual circuit (VC) basis: A peak rate can be configured to limit outbound traffic to either the CIR or some other defined value such as the Excess Information Rate (EIR).
- Generalized BECN support on a per VC basis: The router can monitor BECNs and throttle traffic based upon BECN marked packet feedback from the Frame Relay network.
- Priority/Custom/First In, First Out Queuing (PQ/CQ/FIFO) support at the VC level: This allows for finer granularity in the prioritization and queuing of traffic, providing more control over the traffic flow on an individual VC.
- Frame Relay Traffic Shaping:
- Eliminates bottlenecks in Frame Relay network topologies with high-speed connections at the central site and low-speed connections at the branch sites. Rate Enforcement can be used to limit the rate at which data is sent on the VC at the central site.
- Provides a mechanism for sharing media by multiple VCs. Rate Enforcement allows the transmission speed used by the router to be controlled by criteria other than line speed, such as the CIR or EIR. The Rate Enforcement feature can also be used to pre-allocate bandwidth to each VC, creating a Virtual Time Division Multiplexing network.
- Dynamically throttles traffic, based on information contained in BECN-tagged packets received from the network. With BECN-based throttling, packets are held in the router buffers to reduce the data flow from the router into the Frame Relay network. The throttling is done on a per VC basis and the transmission rate is adjusted based on the number of BECN-tagged packets received.
- Defines queuing at the VC or subinterface level. Custom Queuing with the Per VC Queuing and Rate Enforcement capabilities enable Frame Relay VCs to be configured to carry multiple traffic types (such as IP, SNA and IPX), with bandwidth guaranteed for each traffic type.
- The three capabilities of the Traffic Shaping for Frame Relay feature require the router to buffer packets to control traffic flow and compute data rate tables. Because of this router memory and CPU utilization, these features must be used judiciously to regulate critical traffic flows while not degrading overall Frame Relay performance.
The following new IBM software features are available:
- Native Client Interface Architecture (NCIA) Server--The Native Client Interface Architecture (NCIA) server, introduced by Cisco Systems for access of IBM SNA applications over routed internetworks, has been enhanced to be more flexible and scalable. The NCIA Client, implemented in the client workstation, encapsulates the full SNA stack inside TCP/IP packets. These packets are sent to the NCIA Server implemented in Cisco IOS software. The NCIA Server de-encapsulates the TCP/IP packet and sends the LLC data to the host processor via RSRB or DLSw+.
- The NCIA Server supports SNA and NetBIOS sessions over a variety of LAN and WAN connections, including dial-up connections. The NCIA architecture supports clients with full SNA stacks--providing all advanced SNA capabilities, unlike some split-stack solutions.
- NCIA Server enhancements provide:
- Simplified client configuration: It is no longer necessary to predefine ring numbers, and the NCIA Server supports optional dynamic assignment of MAC addresses. There is no Logical Link Control, type 2 (LLC2), at the client. The client is configured as an end station, not a router peer.
- Scalability: The limit is based on the number of LLC connections in the central site router rather than RSRB peer connections.
- Note that each client is a full SNA PU with one or more LUs. As such, each device requires one LLC connection at the central site router.
- Response Time Reporter--The Response Time Reporter (RTR) feature allows you to monitor network performance, network resources, and applications by measuring response times and availability. RTR statistics can be used to perform troubleshooting, problem notifications, and pre-problem analysis. RTR offers enhanced functionality over a similar IBM product, NetView Performance Monitor.
- RTR enables the following functions to be performed:
- Troubleshoot problems by checking the time delays between devices (such as a router and a MVS host) and the time delays on the path from the source device to the destination device at the protocol level.
- Send SNMP traps and/or SNA Alerts/Resolutions when one of the following has occurred: a user-configured threshold is exceeded, a connection is lost and reestablished, or a timeout occurs and clears. Thresholds can also be used to trigger additional collection of time-delay statistics.
- Perform pre-problem analysis by scheduling the RTR and collecting the results as history and accumulated statistics. The statistics can be used to model and predict future network topologies.
- The RTR feature is currently available only with feature sets that include IBM support. A CiscoWorks Blue network management application is available to support the RTR feature. Both the CiscoWorks Blue network management application and the router use the Cisco Round Trip Time Monitor (RTTMON) MIB. This MIB is also available with Release 11.2.
The following features have been added to Cisco DLSw+ software. These features had previously been available with Remote Source-Route Bridging (RSRB). To provide these features for DLSw+, the Cisco IOS software uses a component known as Virtual Data Link Control (VDLC) that allows one software component to use another software component as a data link.
- LAN Network Manager (LNM) over DLSw+--LAN Network Manager (LNM) over DLSw+ allows DLSw+ to be used in Token Ring networks that are managed via IBM LNM software.
- With this feature, LNM can be used to manage Token Ring LANs, Control Access Units (CAUs), and Token Ring attached devices over a DLSw+ network. All management functions continue to operate as they would in an RSRB network or source-route bridged network.
- Native Service Point (NSP) over DLSw+--Native Service Point (NSP) over DLSw+ allows Cisco NSP feature to be used in conjunction with DLSw+ in the same router.
- With this feature, NSP can be configured in remote routers, and DLSw+ can provide the path for the remote service point PU to communicate with NetView. This allows full management visibility of resources from a NetView 390 console, while concurrently offering the value-added features of DLSw+ in an SNA network.
- Down Stream Physical Unit (DSPU) over DLSw+--Down Stream Physical Unit (DSPU) over DLSw+ allows the Cisco DSPU feature to operate in conjunction with DLSw+ in the same router. DLSw+ can be used either upstream (towards the mainframe) or downstream (away from the mainframe) of DSPU.
- DSPU concentration consolidates the appearance of up to 255 physical units into a single PU appearance to VTAM, minimizing memory and cycles in central site resources (VTAM, NCP, and routers) and speeding network startup. Used in conjunction with DLSw+, network availability and scalability can be maximized.
New Features
- Router Authentication and Network-Layer Encryption--This feature provides a mechanism for secure data transmission. It consists of two components:
- Router Authentication: Prior to passing encrypted traffic, two routers perform a one-time, two-way authentication by exchanging Digital Signature Standard (DSS) public keys. The hash signatures of these keys are compared to authenticate the routers.
- Network-Layer Encryption: For IP payload encryption, the routers use Diffie-Hellman key exchange to securely generate a DES 40- or 56-bit session key. New session keys are generated on a configurable basis. Encryption policy is set by crypto-maps that use extended IP Access Lists to define which network, subnet, host, or protocol pairs are to be encrypted between routers.
- This feature can be used to build multiprotocol Virtual Private Networks (VPNs), using encrypted Generic Routing Encapsulation (GRE) tunnels. It can also be used to deploy secure telecommuting services, intranet privacy, and virtual collaborative or community-of-interest networks.
- All components of this feature are subject to U.S. Department of Commerce export regulations. Encryption is currently IP only, though it does support multiprotocol GRE tunnels. This feature is most appropriately deployed in a relatively small number of routers, with a logically flat or star-shaped encryption topology. Load-sharing of the encryption/decryption function is not supported. Without a Certification Authority (CA), the one-time authentication effort increases exponentially with the number of routers. Router authentication requires the network administrator to compare the hashes produced by the routers once during initial configuration. This version of encryption is not IPSEC compliant.
- Kerberos V Client Support--This feature provides full support of Kerberos V client authentication, including credential forwarding. Systems with existing Kerberos V infrastructures can use their Key Distribution Centers (KDCs) to authenticate end users for network or router access. This is a client implementation, not a Kerberos KDC. Kerberos is generally considered a legacy security service and is most beneficial in networks already using Kerberos.
TACACS+ Enhancements
The following features have been added to Cisco Terminal Access Controller Access Control System (TACACS)+ software:
- TACACS+ Single Connection--Single Connection is an enhancement to the network access server that increases the number of transactions per second supported. Prior to this enhancement, separate TCP connections would be opened and closed for each of the TACACS+ services: authentication, authorization, and accounting. This became a bottleneck for improving throughput on authentication services for large networks.
- Single Connection is an optimization whereby the network access server maintains a single TCP connection to one or more TACACS+ daemons. The connection is maintained in an open state for as long as possible, instead of being opened and closed each time a session is negotiated. It is expected that Single Connection yields performance improvements on a suitably constructed daemon.
- Currently, only the CiscoSecure daemon V1.0.1 supports Single Connection. The network access server must be explicitly configured to support a Single Connection daemon. Configuring Single Connection for a daemon that does not support this feature generates errors when TACACS+ is used.
- TACACS+ SENDAUTH Function--SENDAUTH is a TACACS+ protocol change to increase security. SENDAUTH supersedes SENDPASS. SENDAUTH and SENDPASS are documented in Version 1.63 of the TACACS+ protocol specification, which is available from CCO or via anonymous FTP from ftp-eng.cisco.com.
- The network access server can support both SENDAUTH and SENDPASS simultaneously. It detects if the daemon is able to support SENDAUTH and, if not, uses SENDPASS instead. This negotiation is virtually transparent to the user, with the exception that the down-rev daemon can log the initial SENDAUTH packet as unrecognized. SENDAUTH functionality requires support from the daemon, as well as from the network access server.
New Features
- ClickStart--ClickStart is a powerful Web-based software solution for configuring a Cisco router in minutes. ClickStart enables Cisco 1000 series ISDN access routers to be accessed by any Web browser on any desktop platform including MS Windows, Windows 95, Windows NT, UNIX and, MacOS. The easy-to-use Web-based interface guides users through the router installation process. By completing an initial setup form, a user can easily configure the router and bring up the ISDN network connection. The router is then manageable from a central location so that fine-tuning and upgrades can be performed remotely.
MIBs Supported
The following MIB support has been added:
- APPN DLUR MIB
- RTTMON Support
- Cisco IP Encryption MIB
- Cisco Modem Management MIB
- Cisco SYSLOG MIB
- Cisco TN3270 Server MIB
The following sections contain important notes about Cisco IOS Release 11.2 P that can apply to the Cisco 1600 series routers.
Traffic shaping over Frame Relay is available only in Release 11.2(8) and above. Refer to software defect ID CSCdi60734 and CSCdi88662.
The LAN extension interface does not function correctly in Release 11.2(1). The behavior is that the LAN extension NCP negotiates and sets the LAN extension interface state to "up" and the show controller lex number command displays the message "No inventory message received from LAN Extender." Turning on the LAN extension RCMD debugging shows that every remote command is being rejected with the message "LEX-RCMD: encapsulation failure." There is no workaround. Refer to software defect ID CSCdi66478. This defect is fixed in software Release 11.2(2) and above.
The Token Ring interface is reset whenever IPX routing is enabled on that interface.
Our implementation of AppleTalk does not forward packets with local-source and destination network addresses. This behavior does not conform to the definition of AppleTalk in the Apple Computer Inside AppleTalk publication. However, this behavior is designed to prevent any possible corruption of the AppleTalk Address Resolution Protocol (AARP) table in any AppleTalk node that is performing MAC-address gleaning.
Cisco is conducting an internal review of the build and distribution processes associated with its 40-bit Cisco IOS cryptographic products. So that we can provide you with seamless access to Cisco IOS 40-bit encryption capability, Cisco provides access to the most current 40-bit encryption images, beginning with 11.2 (12), 11.2(12)P, and 11.3(2). The following 40-bit encryption images are indefinitely unavailable: 11.2(1) - 11.2(11.2), 1.2(2)P - 11.2(11.1)P, 11.2(1)F - 11.2(4)F, 11.3(1).
This review is not related to any new or previously unreported bugs. The information gathered in the review is used to implement new automated development and to order processing applications.
Cisco IOS software releases 11.2(7) and 11.2(7)P were deferred due to two severe defects. It was determined that these caveats were significant enough to merit a software rebuild. The rebuild includes the caveat fixes and is renumbered to 11.2(7a).
These defects are bugs CSCdj24132 and CSCdj21944 and are described as follows:
- A router crashes every time it receives an ISDN Q.931 DISCONNECT message. This problem only affects net3 switch types.
- A router might also crash if the clear interface bri command is issued. This problem only affects net3, vn2/vn3, and ts013 switch types. [CSCdj24132]
- A memory allocation error occurs after a large number of modem calls are placed to an AS5200 configured for PRI ISDN. After the AS5200 starts to generate a number of these memory allocation error messages, calls cannot be answered.
- The following are indicators that can be used to determine if the AS5200 is encountering this problem:
- When the AS5200 runs out of memory, MALLOC Failure messages similar to the one shown are displayed:
%SYS-2-MALLOCFAIL: Memory allocation of 1056 bytes failed from 0x2214E776, pool Processor, alignment 0
-Process= "Net Periodic", ipl= 0, pid= 34
-Traceback= 2214D3E0 2214E542 2214E77E 2214BEC6 2214C12A 22159466 2215E86E 22140BDE 2213B688 2213B6E0
- If there is no ISDN process in the output from the show process command, and you start to see "%SYS-2-MALLOCFAIL" error messages, then the memory leak was caused by this bug.
- If there are more than 46 entries marked "Active" in the output from the show isdn history command, the memory leak was caused by this bug.
- [CSCdj21944]
Release 11.2(7a) and all subsequent releases of Cisco IOS software include the fix for these caveats.
Cisco IOS software releases 11.2(10) and 11.2(10)P were deferred due to two severe defects. It was determined that these caveats were significant enough to merit a software rebuild. The rebuild includes the caveat fixes and is renumbered to 11.2(10a).
These defects are bugs CSCdj58676 and CSCdj60533 and are described as follows:
- With EIGRP routing configured, redistribution of the following type of routes into the EIGRP process do not work correctly:
- A directly connected route
- A static route with the next hop set to an interface
- A static route with the next hop set to a dynamically learned route
- The nature of the defect is that it only occurs after a dynamic event. If redistribution is manually configured, EIGRP initially reflects correct information in the topology table. However, after any sort of dynamic event, the topology table becomes invalid, and routing updates sent are inaccurate. [CSCdj58676]
 |
Note The code changes committed by CSCdj58676 resolved some issues but created the symptoms reported in CSCdj65737. The code changes for CSCdj58676 were only committed to releases 11.2(10a), 11.2(10a)BC and 11.2(10a)P; therefore, they are the only ones affected by CSCdj65737. See the section "Release 11.2(11) Reintroduces Caveat CSCdj28874" for more information related to CSCdj58676 and CSCdj65737. |
- The ARP lookup routine might suspend, causing unexpected behaviors for IP protocols. For example, if the OSPF routing process is traversing a list of neighbors to send LSA packets and the ARP routine is called, the ARP routine suspension could cause a system reset. [CSCdj60533]
CSCdj65737 was introduced by code changes associated with CSCdj58676. The issue is that routes are not being redistributed into EIGRP from other routing protocols if both protocols are routing for the same major network.
The code changes for CSCdj58676 were only applied to 11.2(10a), 11.2(10a)BC and 11.2(10a)P releases; therefore, those releases are the only ones impacted by CSCdj65737. The fix to CSCdj65737 is to back out the code changes committed by CSCdj58676 and CSCdj28874. That change has the effect of reintroducing the behavior reported by CSCdj28874, which is described as follows:
- When a network is included in the EIGRP routing process because it is specified with the network x.x.x.x command and that same network is redistributed into EIGRP via the redistribute connected command, there are two entries for the network in the EIGRP topology table.
- If the interface connecting that network goes down, only one of the two entries are removed from the topology table. The entry learned via redistribution remains in the topology table and is advertised, even though it is no longer valid. [CSCdj28874]
The code back-outs of CSCdj65737 and reintroduction of CSCdj28874 appears in the following releases:
- 11.2: 11.2(11), 11.2(11)BC, 11.2(11)P
- 11.1: 11.1(16), 11.1(16)AA, 11.1(16)CA, 11.1(16)IA
All defect resolution information pertaining to CSCdj58676 is superseded by the details relating to CSCdj65737.
The symptoms of CSCdj28874 can be avoided by not using the redistributed connected command and instead specifying the individual networks to be redistributed into Enhanced IGRP.
After the release of Cisco IOS Release 11.2(15) and 11.2(15) P, a serious defect (caveat CSCdk33475) was identified that impacts Enhanced IGRP for Cisco IOS Releases 11.2(14.1) through 11.2(15.2) and Releases 11.2(14.1)P through 11.2(15.2)P. It was determined that this defect was significant enough to merit a software rebuild. The rebuild includes the caveat fix and is renumbered to 11.2(15a) and 11.2(15a)P.
Caveat CSCdk33475 causes a router to fail after the command show ip eigrp events is issued. While this show command is not required for normal operation, it is used often enough by TAC personnel and customers to cause major havoc to customers who are running images with this defect.
Release 11.2(15a) and 11.2(15a)P and all subsequent releases of Cisco IOS software include the fix for this caveat.
Beginning with Cisco IOS Release 11.2(15) and 11.2(15)P, all subsequent 11.2 and 11.2 P releases switch to Long-Cycle Maintenance Releases. A new 11.2 and 11.2 P maintenance release is scheduled to be available every thirteen weeks during the Long-Cycle Maintenance Release period. Interim builds will be available approximately every three weeks.
Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.
For information on caveats in Cisco IOS Release 11.2 P, see Caveats for Cisco IOS Release .
All caveats in Cisco IOS Release 11.2 are also in Cisco IOS Release 11.2 P.
For information on caveats in Cisco IOS Release 11.2, see the caveats sections in Cross-Platform Release Notes for Cisco IOS Release 11.2, which list severity 1 and 2 caveats.
 |
Note If you have an account with CCO, you can use Bug Navigator II to find caveats of any severity for any release. To reach Bug Navigator II, go to CCO and press Login. Then go to Software Center: Cisco IOS Software: Cisco Bugtool Navigator II. Another option is to go to http://www.cisco.com/support/bugtools. |
The following sections describe the documentation available for the Cisco 1600 series routers. These documents consist of hardware and software installation guides, Cisco IOS configuration and command references, system error messages, feature modules, and other documents.
Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online on CCO and the Documentation CD-ROM.
Use these release notes with these documents:
The following documents are specific to Cisco IOS Release 11.2 and are located on CCO and the Documentation CD-ROM:
- On CCO at:
- Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 11.2: Product Specific Release Notes for Cisco IOS Release 11.2: Cross-Platform Release Notes for Cisco IOS Release 11.2
- On the Documentation CD-ROM at:
- Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 11.2: Product Specific Release Notes for Cisco IOS Release 11.2: Cross-Platform Release Notes for Cisco IOS Release 11.2
- Product bulletins, field notices, and other release-specific documents on CCO at:
- Technical Documents
- Caveats for Cisco IOS Release 11.2 and 11.2 P
- See the caveats sections in Cross-Platform Release Notes for Cisco IOS Release 11.2 and the entire Caveats for Cisco IOS Release 11.2 P document, which contain caveats applicable to all platforms for all maintenance releases of Cisco IOS Release 11.2 and Release 11.2 P.
- On CCO at:
- Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 11.2: Product Specific Release Notes for Cisco IOS Release 11.2
- On the Documentation CD-ROM at:
- Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 11.2: Product Specific Release Notes for Cisco IOS Release 11.2
 |
Note If you have an account with CCO, you can use Bug Navigator II to find caveats of any severity for any release. To reach Bug Navigator II, go to CCO and press Login. Then go to Software Center: Cisco IOS Software: Cisco Bugtool Navigator II. Another option is to go to http://www.cisco.com/support/bugtools. |
These individual and groups of documents are available for the Cisco 1600 series routers on CCO and the Documentation CD-ROM:
- Quick Start Guides
- Cisco 1600 Series Hardware Installation Guide
- Cisco 1600 Series Software Configuration Guide
- Cisco 1600 series router configuration notes
- Release notes for Cisco 1600 series routers
- Regulatory compliance and safety information for the Cisco 1600 series
- WAN Interface Cards Hardware Installation Guide
- Cisco 1600 Fast Step Quick Start Guide
- On CCO at:
- Technical Documents: Documentation Home Page: Cisco Product Documentation: Access Servers and Access Routers: Modular Access Routers: Cisco 1600 Series Routers
- On the Documentation CD-ROM at:
- Cisco Product Documentation: Access Servers and Access Routers: Modular Access Routers: Cisco 1600 Series Routers
Feature modules describe new features supported by Cisco IOS Release 11.2 P and are updates to the Cisco IOS documentation set. A feature module consists of a brief overview of the feature, benefits, configuration tasks, and a command reference. As updates, the feature modules are available online only. Feature module information is incorporated in the next printing of the Cisco IOS documentation set.
On CCO at:
Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 11.2: Feature Guide for Cisco IOS Release 11.2 P
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 11.2: Feature Guide for Cisco IOS Release 11.2 P
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents that are shipped with your order in electronic form on the Documentation CD-ROM--unless you specifically ordered the printed versions.
Each module in the Cisco IOS documentation set consists of two books: a configuration guide and a corresponding command reference. Chapters in a configuration guide describe protocols, configuration tasks, Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference.
On CCO and the Documentation CD-ROM, two master hot-linked documents provide information for the Cisco IOS software documentation set.
On CCO at:
Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 11.2: Cisco IOS Release 11.2 Configuration Guides/Command References
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 11.2: Cisco IOS Release 11.2 Configuration Guides/Command References
Table 3 describes the contents of the Cisco IOS Release 11.2 software documentation set, which is available in electronic form and in printed form ordered.
 |
Note You can find the most current Cisco IOS documentation on CCO and the Documentation CD-ROM. These electronic documents may contain updates and modifications made after the hard-copy documents were printed. |
On CCO at:
Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 11.2
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 11.2
Table 3: Cisco IOS Release 11.2 Documentation Set
| Books
| Chapter Topics
|
- Configuration Fundamentals Configuration Guide
- Configuration Fundamentals Command Reference
| Access Server and Router Product Overview
User Interface
System Images and Configuration Files
Using ClickStart, AutoInstall, and Setup
Interfaces
System Management
|
- Security Configuration Guide
- Security Command Reference
| Network Access Security
Terminal Access Security
Accounting and Billing
Traffic Filters
Controlling Router Access
Network Data Encryption with Router Authentication
|
- Access Services Configuration Guide
- Access Services Command Reference
| Terminal Lines and Modem Support
Network Connections
AppleTalk Remote Access
SLIP and PPP
XRemote
LAT
Telnet
TN3270
Protocol Translation
Configuring Modem Support and Chat Scripts
X.3 PAD
Regular Expressions
|
- Wide-Area Networking Configuration Guide
- Wide-Area Networking Command Reference
| ATM
Dial-on-Demand Routing (DDR)
Frame Relay
ISDN
LANE
PPP for Wide-Area Networking
SMDS
X.25 and LAPB
|
- Network Protocols Configuration Guide, Part 1
- Network Protocols Command Reference, Part 1
| IP
IP Routing
|
- Network Protocols Configuration Guide, Part 2
- Network Protocols Command Reference, Part 2
| AppleTalk
Novell IPX
|
- Network Protocols Configuration Guide, Part 3
- Network Protocols Command Reference, Part 3
| Apollo Domain
Banyan VINES
DECnet
ISO CLNS
XNS
|
- Bridging and IBM Networking Configuration Guide
- Bridging and IBM Networking Command Reference
| Transparent Bridging
Source-Route Bridging
Remote Source-Route Bridging
DLSw+
STUN and BSTUN
LLC2 and SDLC
IBM Network Media Translation
DSPU and SNA Service Point Support
SNA Frame Relay Access Support
APPN
NCIA Client/Server Topologies
IBM Channel Attach
|
- Cisco IOS Software Command Summary
- Access Services Quick Configuration Guide
- System Error Messages
- Debug Command Reference
- Cisco Management Information Base (MIB) User Quick Reference
|
|
 |
Note Cisco Management Information Base (MIB) User Quick Reference is no longer published. If you have an account with CCO, you can find the current list of MIBs supported by Cisco. To reach the Cisco Network Management Toolkit, go to CC, press Login, and click to Software Center: Network Mgmt Products: Cisco Network Management Toolkit: Cisco MIB. |
You can access the most current Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly. Therefore, it is probably more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.
Registered CCO users can order the Documentation CD-ROM and other Cisco Product documentation through our online Subscription Services at http://www.cisco.com/cgi-bin/subcat/kaojump.cgi.
Nonregistered CCO users can order documentation through a local account representative by calling Cisco's corporate headquarters (California, USA) at 408 526-4000 or, in North America, call 800 553-NETS (6387).
Cisco provides Cisco Connection Online (CCO) as a starting point for all technical assistance. Warranty or maintenance contract customers can use the Technical Assistance Center. All customers can submit technical feedback on Cisco documentation using the web, e-mail, a self-addressed stamped response card included in many printed documents, or by sending mail to Cisco.
Cisco continues to revolutionize how business is done on the Internet. Cisco Connection Online is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.
CCO's broad range of features and services helps customers and partners to streamline business processes and improve productivity. Through CCO, you will find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online support services, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on CCO to obtain additional personalized information and services. Registered users may order products, check on the status of an order and view benefits specific to their relationships with Cisco.
You can access CCO in the following ways:
- WWW: www.cisco.com
- Telnet: cco.cisco.com
- Modem using standard connection rates and the following terminal settings: VT100 emulation; 8 data bits; no parity; and 1 stop bit.
- From North America, call 408 526-8070
- From Europe, call 33 1 64 46 40 82
You can e-mail questions about using CCO to cco-team@cisco.com.
The Cisco Technical Assistance Center (TAC) is available to warranty or maintenance contract customers who need technical assistance with a Cisco product that is under warranty or covered by a maintenance contract.
To display the TAC web site that includes links to technical support information and software upgrades and for requesting TAC support, use www.cisco.com/techsupport.
To contact by e-mail, use one of the following:
Language
| E-mail Address
|
English
| tac@cisco.com
|
Hanzi (Chinese)
| chinese-tac@cisco.com
|
Kanji (Japanese)
| japan-tac@cisco.com
|
Hangul (Korean)
| korea-tac@cisco.com
|
Spanish
| tac@cisco.com
|
Thai
| thai-tac@cisco.com
|
In North America, TAC can be reached at 800 553-2447 or 408 526-7209. For other telephone numbers and TAC e-mail addresses worldwide, consult the following web site: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml.
If you have a CCO log-in account, you can access the following URL, which contains links and tips on configuring your Cisco products:
http://www.cisco.com/kobayashi/technotes/serv_tips.shtml
This URL is subject to change without notice. If it changes, point your Web browser to CCO, press Login, and click on this path: Technical Assistance Center: Technical Tips.
The following sections are provided from the Technical Tips page:
- Access Dial Cookbook--Contains common configurations or recipes for configuring various access routes and dial technologies.
- Field Notices--Notifies you of any critical issues regarding Cisco products and includes problem descriptions, safety or security issues, and hardware defects.
- Frequently Asked Questions--Describes the most frequently asked technical questions about Cisco hardware and software.
- Hardware--Provides technical tips related to specific hardware platforms.
- Hot Tips--Describes popular tips and hints gathered from the Cisco Technical Assistance Center (TAC). Most of these documents are available from the TAC Fax-on-demand service. To reach Fax-on-demand and receive documents at your fax machine from the United States, call 888-50-CISCO (888-502-4726). From other areas, call 650-596-4408.
- Internetworking Features--Lists tips on using Cisco IOS software features and services.
- Sample Configurations--Provides actual configuration examples that are complete with topology and annotations.
If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.
You can e-mail your comments to bug-doc@cisco.com.
To submit your comments by mail, for your convenience many documents contain a response card behind the front cover. Otherwise, you can mail your comments to the following address:
Cisco Systems, Inc.
Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate and value your comments.








Posted: Mon Aug 7 20:55:46 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.