|
|
May 3, 1999
These release notes describe new features that support Cisco IOS Release 12.0(4)XI, for Cisco 1400 series routers. Cisco IOS Release 12.0(4)XI is based on Cisco IOS Release 12.0(4)T.
For a list of the software caveats that apply to Release 12.0(4)XI, refer to the Caveats for
Cisco IOS 12.0 T document that accompanies these release notes. The caveats document is updated for every maintenance release and is located on Cisco Connection Online (CCO) and the Documentation CD-ROM. For more information, refer to the section "Caveats" later in these release notes.
Use these release notes with the mainline Release Notes for Cisco IOS Release 12.0 located on Cisco Connection Online (CCO) and the Documentation CD-ROM. All features and caveats in Release 12.0 and Release 12.0 T are also in Release 12.0(4)XI.
These release notes contain information about Early Deployment (ED) software, which should always be tried in a test network before being deployed in a production network. To maximize network operational stability, use a Release 12.0 mainline software release only.
These release notes discuss the following topics:
This section describes the system requirements for Release 12.0(4)XI and includes the following sections:
Table 1 describes the memory requirements for the Cisco IOS feature sets supported by Cisco IOS Release 12.0(4)XI on Cisco 1400 series routers.
| Platform/Feature Set | Image Name | Minimum Required Code Memory | Required Main Memory | Release 12.0 Runs from |
|---|---|---|---|---|
IP/IPX | c1400-ny-mz | 4 MB Flash | 16 MB DRAM | RAM |
IP/IPX Plus | c1400-nsy-mz | 4 MB Flash | 16 MB DRAM | RAM |
IP/IPX/FW Plus1 | c1400-nosy-mz | 6 MB Flash | 16 MB DRAM | RAM |
IP/FW Plus IPSEC 561 | c1400-osy56i-mz | 6 MB Flash | 16 MB DRAM | RAM |
| 1This image is not available in Release 12.0(4)XI. |
The Cisco 1400 series routers described in the following sections are supported by Cisco IOS Release 12.0(4)XI.
The Cisco1401 router is an ATM-25 router for Digital Subscriber Line (DSL) networks that connects small businesses and remote branch offices to the Internet or to larger, corporate networks. The router features one 10BaseT and one ATM-25 interface to provide a seamless connection from a 10BaseT local area network (LAN) to an ATM network. The ATM-25 interface can be connected to an external, DSL modem to provide a connection of up to 8 Mbps to the Internet or to corporate networks.
Following are some of the key features of the Cisco 1401 router:
For detailed descriptions of new hardware features, refer to the "New and Changed Information" section.
The Cisco1417 router has a built-in Asymmetric Digital Subscriber Line (ADSL) modem that connects small businesses and remote branch offices to the Internet or to larger, corporate networks without the need for an external modem. The router has one 10BaseT interface and one ADSL interface that provide a connection of up to 8 Mbps downstream and 1 Mbps upstream. The router is designed to connect to systems that use an Alcatel DSLAM (DSL Access Multiplexer).
To view the version of Cisco IOS software that is running on your Cisco 1400 series router, log in to the router, and enter the show version user EXEC command:
router> show version
Output from the command is displayed in the second line, as follows:
Cisco Internetwork Operating System Software IOS (tm) 1400 Software (C1400-NY-MZ), Version 12.0(4)XI, RELEASE SOFTWARE
Additional command output lines include more information, such as processor revision numbers, memory amounts, hardware IDs, and partition information.
 | Caution If you are upgrading to Cisco IOS Release 12.0 from an earlier Cisco IOS software release, you should save your current configuration file before configuring your access server with the Cisco IOS Release 12.0(4)XI software. An unrecoverable error could occur during download or configuration. |
Before downloading a software upgrade, read the product bulletin Cisco IOS Software Release 12.0 Upgrade Paths and Packaging Simplification located at the following URL:
http://www.cisco.com/kobayashi/library/12.0/120MigrPaths.pdf
If you do not have an account on CCO, you can access general information about upgrading to a new software release by referring to the product bulletin Cisco IOS Software Release 12.0 T Upgrade Paths and Packaging Simplification (#819: 1/99) . On CCO, click on this path: Service & Support: Product Bulletins: Software. Under the heading Cisco IOS 12.0 click on Cisco IOS Software Release 12.0 T Upgrade (#819: 1/99).
The Cisco IOS software is packaged into "feature sets" (also called "software images"). Each feature set contains a specific subset of features. Available feature sets are determined by hardware platform. Release 12.0(4)XI supports the same feature sets as Release 12.0 and 12.0 T, but Release 12.0(4)XI can include new features supported by Cisco 1400 series routers.
The following conventions are used to identify feature sets:
The following list shows which feature sets are supported on the Cisco 1400 series routers. These feature sets only apply to Cisco IOS Release 12.0(4)XI:
| Caution Cisco IOS images with strong encryption (including, but not limited to, 56-bit data encryption feature sets) are subject to U.S. government export controls and have a limited distribution. Images to be installed outside the U.S. require an export license. Customer orders may be denied or subject to delay due to U.S. government regulations. Contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com. |
To determine what features are available with each feature set (software image), see Table 2. The table summarizes the features you can use when running a specific feature set on the Cisco 1400 series routers for Cisco IOS Release 12.0(4)XI. The feature set table uses the following symbol conventions to identify features:
| Feature Set | ||||
|---|---|---|---|---|
| Features | IP/IPX | IP/IPX Plus | IP/IPX/FW Plus1 | IP/FW Plus IPSEC 561 |
| IP Routing |
|
|
|
|
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| LAN Support |
|
|
|
|
| No | Yes | Yes | Yes |
| Management |
|
|
|
|
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| No | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| No | Yes | Yes | Yes |
| Yes | Yes | Yes | No |
| No | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| No | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| No | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Miscellaneous |
|
|
|
|
| Yes | Yes | Yes | Yes |
| Protocols |
|
|
|
|
| No | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| No | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| No | Yes | Yes | Yes |
| No | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | No |
| Yes | Yes | Yes | No |
| Yes | Yes | Yes | No |
| No | Yes | Yes | No |
| No | Yes | Yes | No |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| No | Yes | Yes | Yes |
| No | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Security |
|
|
|
|
| Yes | Yes | Yes | Yes |
| No | No | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| WAN Services |
|
|
|
|
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| No | Yes | Yes | Yes |
| No | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| 1This image is not available in Release 12.0(4)XI. |
The following sections list the new hardware and software features supported by the Cisco 1400 Series for Release 12.0(4)XI.
The following new hardware enhancements are supported by the Cisco Cisco 1400 Series for Release 12.0(4)XI and above. For more information about new hardware, see the "Platform-Specific Documents" section.
Cisco IOS Release 12.0(4)XI includes support for the Cisco 1417 router.
There are no new software features supported by the Cisco 1400 Series in Cisco IOS Release 12.0(4)XI.
There are no new features supported by the Cisco 1400 Series in Cisco IOS Release 12.0(4)T.
The following new hardware enhancements are supported by the Cisco Cisco 1400 Series for Release 12.0(3)T and above. For more information about new hardware, see the "Platform-Specific Documents" section.
The Cisco uBR904 cable modem is a fully functional Cisco IOS router and standards-based Data-Over-Cable Service Interface Specification (DOCSIS) cable modem designed for use in small office/home office data-over-cable applications. It enables the delivery of secure, high-speed connections over small to medium-sized LANs. Downstream speeds up to 27 Mbps are supported using the 64-QAM modulation technique, or 40 Mbps using 256-QAM. On the upstream, the Cisco uBR904 can deliver 5 Mbps using Quadrature Phase-Shift Keying (QPSK) or 10 Mbps using 16-QAM.
The Cisco uBR904 cable modem is a compact device that supports the direct connection of up to four PCs and has the familiar features and programming interface of other routers in Cisco's extensive line of small- and medium-sized business product offerings. The Cisco uBR904 can be configured as a bridge or a router, and provides packet data transport and network address translation for TCP/IP applications between home or office computers and the cable headend.
The Cisco uBR904 cable modem is a compact, easy-to-install device that can receive and transmit digital data over a hybrid fiber-coaxial (HFC) network; the same cable that brings television broadcast transmissions into a cable television (CATV) subscriber's home. With a Cisco uBR904 cable modem, a personal computer can be connected to the HFC cable network for high-speed access to the Internet. The link that enables the transmission of two-way digital data from the HFC network to the Internet is provided by the Cisco uBR7246 universal broadband router installed at the cable headend.
The following new software enhancements are supported by the Cisco Cisco 1400 Series for Release 12.0(3)T and above. For more information about configuring the following new features, see the "Feature Modules" section.
The following subjects are included in this section:
Annex G (X.25 over Frame Relay) facilitates the migration from an X.25 backbone to a Frame Relay backbone by permitting encapsulation of CCITT X.25/X.75 traffic within a Frame Relay connection. Annex G has developed to accommodate the many Cisco customers in Europe, where X.25 still is a popular protocol. With Annex G, the process of transporting X.25 over Frame Relay has been simplified, by allowing direct X.25 encapsulation over a Frame Relay network.
This simple process is largely achieved using X.25 profiles (similar to dialer profiles), which were created to streamline the configuration of X.25 on a per DLCI basis. X.25 profiles can contain any existing X.25 command and, once created and named, can be simultaneously associated with more than one Annex G DLCI connection, just using the profile name.
The Cisco Discovery Protocol (CDP) is a media-independent device discovery protocol that runs on all cisco manufactured equipment, including routers, bridges, access servers, and switches. Each device sends periodic messages to a multicast address. Each device listens to the periodic messages sent by others in order to learn about neighboring devices and determine when their interfaces to the media go up or down. With CDP, network management applications can learn the device type and the SNMP agent address of neighboring devices. This process enables applications to send SNMP queries to neighboring devices.
CDP runs on all media that support Subnetwork Access Protocol (SNAP), including local-area network (LAN), Frame Relay, and Asynchronous Transfer Mode (ATM) media. CDP runs over the data link layer only. Therefore, two systems that support different network-layer protocols can learn about each other.
Each device configured for CDP sends periodic messages to a multicast address. Each device advertises at least one address at which it can receive SNMP messages. The advertisements also contain time-to-live, or holdtime, information, which indicates the time a receiving device should hold CDP information before discarding it.
Additions for Cisco Discovery Protocol (CDP) include the following:
The benefits include, transparent support of X.25 encapsulation over the Frame Relay network; direct X.25 configurations on a per DLCI basis; multiple Annex G DLCIs can use the same X.25 profile; multiple logical X.25 SVCs per Annex G link, and the fact that Cisco routers already contain the functionality necessary to perform the framing and frame removal required by Annex G.
Cisco Multipath Channel+ (CMPC+) is Cisco's implementation of IBM's MPC+ feature. The CMPC+ feature in Cisco IOS Release 12.0(3)T supports MPC+ features and protocols necessary to support IP. CMPC+ enables High Performance Data Transfer (HPDT). It allows TCP/IP connections to the host through Cisco Mainframe Channel Connection (CMCC) adapters, using either the TCP/IP stack or the High Speed Access Services (HSAS) IP stack.
The 12.0(3)T enhancements to the Cisco uBR7246 cable router extend and improve the command line interface (CLI). It supports burst profile, quality of service (QoS), improved parameter configuration, the MC11 modem card, and the MC16 modem card. Downstream QoS handling is compliant with Multimedia Cable Network System (MCNS) requirements, and upstream QoS handling and Spectrum Management have been improved.
The Cisco uBR7246 now supports multicast authentication via RADIUS, and security has been enhanced for baseline privacy (including MCNS Data Over Cable System Interface Specification (DOCSIS) compliance). Also, this cable router now supports Dynamic Host Configuration Protocol (DHCP) Relay Subscriber ID Insertion.
In a network with multiple capable paths, the DLSw+ Load Balancing Enhancements feature improves traffic load balancing between peers by distributing new circuits based on existing loads and the desired ratio.
For each capable peer (peers that have the lowest or equal cost specified), the DLSw+ Load Balancing feature calculates the difference between the desired and the actual ratio of circuits being used on a peer. It detects the path that is underloaded in comparison to the other capable peers and assigns new circuits to that path until the desired ratio is achieved.
The DLSw+ Peer Clusters feature reduces the explorer packet replication that typically occurs in a large DLSw+ Peer Group design, where there are multiple routers connected to the same LAN.
The DLSw+ Peer Clusters feature associates DLSw+ peers (that are connected to the same LAN) into logical groups. Once the multiple peers are defined in the same peer group cluster, the DLSw+ Border Peer recognizes that it does not have to forward explorers to more than one member within the same peer group cluster.
The DLSw+ RSVP Bandwidth Reservation feature allows DLSw+ to reserve network bandwidth for the DLSw+ TCP connection between DLSw+ peers.
Although it has been possible in the past to reserve bandwidth for a particular existing DLSw+ peer connection through the RSVP CLI support in Cisco IOS software, the CLI required prior knowledge of the TCP ports for which the reservation was being made. Because DLSw+ uses one well-known port and one randomly assigned port, the reservation could not be made until after the peer connection was active.
The DLSw+ RSVP feature permits new DLSw+ peer connections to automatically request bandwidth reservations upon connection, thereby removing the need for user intervention after the peer is connected. This feature assures the reservation will survive a network or device failure and that the DLSw+ traffic carried over a TCP connection is not affected by congestion.
This feature provides a mechanism to penalize the flows that do not respond to Weighted Random Early Detection (WRED) drops. This feature is provided as an extension to the existing WRED functionality and can be turned on after WRED is turned on.
Flow-WRED ensures that no single flow can hog all the buffer resources at the output interface queue. With WRED alone, this can occur in the presence of traffic sources that do not back off during congestion. Flow-WRED maintains minimal information about the buffer occupancy per flow. Whenever a flow exceeds it's share of the output interface buffer resource the packets of the flow are penalized by increasing the probability of their drop (by WRED).
Large scale dialout eliminates the need to configure dialer maps on every network access server (NAS) for every destination. Instead, you create remote site profiles containing outgoing call attributes (telephone number, service type, maximum number of links, and so on) on an authentication, authorization, and accounting (AAA) server. The profile is downloaded by the NAS when packet traffic requires a call to be placed to a remote site. Large scale dialout also takes advantage of features previously only available for incoming calls, such as dialer and virtual profiles, Multichassis Multilink PPP (MMP) support, and the ability to use an AAA server to store dial out attributes. MMP allows NASes to be stacked together and appear as a single NAS chassis so that if one NAS fails, another NAS in the stack can accept calls. Additionally, large scale dialout addresses congestion management by seeking an uncongested, alternative NAS when the designated primary NAS experiences port congestion.
The Multilink Point to Point Protocol (MLP) Inverse Multiplexer feature allows you to combine multiple T1/E1 lines in a Versatile Interface Processor (VIP) T1/E1 interface into a bundle that has the combined bandwidth of the multiple T1/E1 lines. This is done by using a VIP MLP link. You choose the number of bundles and the number of T1/E1 lines in each bundle. This allows you to increase the bandwidth of you network links beyond that of a single T1/E1 line without having to purchase a T3 line.
IP policy routing now works with Cisco Express Forwarding (CEF), Distributed CEF (DCEF), NetFlow, and NetFlow with flow acceleration. IP policy routing was formerly supported only in fast-switching and process-switching. Now that policy routing is integrated into CEF, policy routing can be deployed on a wide scale and on high-speed interfaces.
The addition of the CISCO-PROCESS-MIB and changes to the CISCO-MEMORY-POOL-MIB allow the retrieval of additional CPU and memory statistics and their reporting by SNMP. The CISCO-PROCESS-MIB provides CPU 5-second, 1-minute, and 5-minute statistics. In addition, this MIB provides CPU utilization and memory allocation/deallocation statistics for each process on each CPU listed in the CISCO-PROCESS-MIB.
The CISCO-PROCESS-MIB is enabled when the first SNMP command is configured. The background statistics collection for VIP cards and the master CPU occurs even if the SNMP subsystem is not initialized.
The Response Time Reporter (RTR) feature allows you to monitor network performance, network resources, and applications by measuring response times and availability. RTR statistics can be used to perform troubleshooting, problem notifications and pre-problem analysis. The RTR enhancements extend IP support, such as Type of Service, and allow you to measure various types of IP traffic, such as UDP, TCP, and HTTP.
Cisco IOS Release 12.0(3)T supports RFC 1483 and enables the transfer of network interconnect traffic over ATM AAL5 layer, using LLC encapsulation. RFC 1483 defines an encapsulation type for transferring LAN data via ATM networks. All LAN protocols that use the LLC format and run on Ethernet, Token Ring, or ATM networks are encapsulated in LLC data packets transported via ATM networks.
The RSVP-ATM QoS networking feature provides support for Controlled Load Services using RSVP over an ATM core network. This feature requires the ability to signal for SVCs across the ATM cloud in response to RSVP reservation messages. To meet this requirement, RSVP over ATM supports mapping of RSVP sessions to ATM nonbroadcast multiaccess (NBMA) switched virtual circuits (SVCs).
RSVP over ATM allows you to configure an interface or subinterface to dynamically create SVCs in response to RSVP reservation requests. To ensure defined quality of service (QoS), these SVCs are established having QoS profiles consistent with the mapped RSVP flowspecs. To further support QoS, this feature allows you to configure the IP Precedence and ToS values to be used for packets that conform to or exceed QoS profiles. Moreover, it allows you to attach DWRED group definitions to the (PA-A3 ATM port adapter) interface to support per-VC DWRED drop policy, which ensures that if packets must be dropped, then best-effort packets are dropped first and not those that conform to the appropriate QoS determined by the RSVP's token bucket.
The 12.0(3)T Cisco voice service provider features include enhancements made to the functionality and configuration of both the gateway and the Voice over IP (VoIP) gatekeeper. The architecture of these features provides the Quality of Service (QoS), stability, and functionality necessary for carrier class, real-time IP communications services.
This document contains a basic description of the H.323 VoIP gateway in addition to features required to implement the applications to run VoIP in a service provider environment. The features address the service provider needs to offer security, billing, scaling, and reliability.
The Cisco VoIP gateway is a high performance H.323-compliant gateway optimized for VoIP applications. Supporting up to two T1/E1 digital channels, it connects with existing telephones and fax machines through the Public Switched Telephone Network (PSTN), key systems, and PBXs, making the process of placing calls over the IP network transparent to users.
The gateway capability allows the Cisco VoIP gateway to function as an H.323 endpoint. Therefore, the gateway provides admission control, address lookup and translation, and accounting services.
The gatekeeper manages H.323 endpoints in a consistent manner, allowing them to register with the gatekeeper and to locate another gatekeeper. The gatekeeper provides logic variables for proxies or gateways in a call path to provide connectivity with the Public Switched Telephone Network (PSTN), to improve Quality Of Service (QoS), and to enforce security policies. Multiple gatekeepers can be configured to communicate with one another, either by integrating their addressing into Domain Naming System (DNS), or via Cisco I OS configuration options.
The SLIP-PPP Banner section of this feature enables you to configure the banner that is displayed when making a SLIP connection. This improves compatibility with non-Cisco SLIP dial-up software.
The Banner Tokens section of this feature introduces the use of tokens to all existing banner commands. Tokens allow you to display current information from the configuration, such as the router's hostname, IP address, encapsulation type, and MTU size.
Simple Network Management Protocol version 3 (SNMPv3) addresses issues related to the large scale deployment of SNMP for configuration, accounting and fault management. Currently SNMP is predominantly used for monitoring and performance management. The primary goal of SNMPv3 is to define a secure version of the SNMP protocol. SNMPv3 also facilitates remote configuration of the SNMP entities which make remote administration of SNMP entities a much simpler task. SNMPv3 builds on top of SNMPv1 and SNMPv2 to provide a secure environment for the management of systems and networks.
SNMPv3 provides an identification strategy for SNMP devices to facilitate communication only between known SNMP strategy. Each SNMP device has an identifier called the SNMP EngineID which is a copy of SNMP. Each SNMP message contains an SNMP EngineID. SNMP communication is possible only if an SNMP entity knows the identity of its peer SNMP device.
SNMPv3 also contains a security model or security strategy that exists between an SNMP user and the SNMP group to which the user belongs. A security model can define the security policy within an administrative domain or a intranet. The SNMPv3 protocol consists of the specification for the User based Security Model (USM).
Definition of security goals where the goals of message authentication service includes the following protection strategies:
Token Ring Multiprotocol over ATM (MPOA) allows Token Ring hosts in an ATM network to communicate over alternate paths (called shortcuts) through the ATM network, which bypasses intermediate router hops that would otherwise be encountered in the default path.
Token Ring MPOA is an extension to LAN Emulation (LANE). Using the Next Hop Resolution Protocol (NHRP), and MPOA server (MPS) on the router, and MPO clients (MPCs) on the ATM edge devices, a direct virtual channel connection (VCC) between the ingress and egress edge devices is established. Token Ring MPOA allows Token Ring LANE clients to forward unicast IP packets between subnets to other Token Ring LANE clients through this shortcut VCC path on the ATM network.
The Web Cache Communications Protocol enables Cisco IOS routing platforms to transparently redirect content requests (for example, web requests) from clients to a locally connected Cisco Cache Engine (or Cache Cluster) instead of the intended origin server. When a Cache Engine receives such a request, it attempts to service it from its own local cache if the requested information is present. If not, the Cache Engine issues its own request to the originally requested origin server to get the required information. When the Cache Engine retrieves the requested information, it forwards it to the requesting client and caches it to fulfill future requests, thus maximizing download performance and significantly reducing WAN transmission costs.
WCCPv2 provides enhancements to WCCPv1, including:
As the number of users accessing the same host has grown, competition for these application resources becomes a problem. In response, Internet service providers (ISPs) have increased the number of users they could support by increasing the number of X.25 lines to the host.
To support a large number of virtual circuits (VCs) to a particular destination, configuration of more than one serial interface to that destination was needed. When a serial interface is configured to support X.25, there is a fixed number of VCs available for use.
Using a facility called "hunt-group" (the method for X.25 load balancing), a switch is able to view a pool of X.25 lines going to the same host as one address and assign VCs on an "idle logical channel" basis. With this feature, X.25 calls can be load-balanced among all configured outgoing interfaces to fully use and balance all managed lines. The benefits include the choice of two load-balancing distribution methods (rotary or vc-count) and improved performance of serial lines.
The following new hardware enhancements are supported by the Cisco Cisco 1400 Series for Release 12.0(2)T and above. For more information about new hardware, see the "Platform-Specific Documents" section.
Cisco IOS Release 12.0(2)T includes support for the Cisco 1401 router.
There are no new software features in release 12.0(2)T.
The following new software enhancements are supported by the Cisco Cisco 1400 Series for Release 12.0(1)T and above. For more information about configuring the following new features, see the "Feature Modules" section.
The following subjects are included in this section:
Cisco IOS IEEE 802.1Q provides support for IEEE 802.1Q encapsulation for Virtual LANs (VLANs). Use this feature for VLANs consisting of IEEE 802.1Q compliant switches.
Mobile IP provides users the freedom to roam beyond their home subnet while consistently maintaining their home IP address. This enables transparent routing of IP datagrams to mobile users during their movement, so that data sessions can be initiated to them while they roam; it also enables sessions to be maintained in spite of physical movement between points of attachment to the Internet or other networks. Cisco's implementation of Mobile IP is fully compliant with the Internet Engineering Task Force's (IETF's) proposed standard defined in Request for Comments (RFC) 2002.
With the introduction of Easy IP Phase 2, Cisco IOS software also supports Intelligent DHCP Relay functionality. A DHCP Relay Agent is any host that forwards DHCP packets between clients and servers. A DHCP Relay Agent enables the client and server to reside on separate subnets. If the Cisco IOS DHCP server cannot satisfy a DHCP request from its own database, it can forward the DHCP request to one or more secondary DHCP servers defined by the network administrator using standard Cisco IOS ip helper-address functionality.
The former OSPF implementation for sending update packets needed to be more efficient. Some update packets were getting lost in cases where the link was slow, a neighbor could not receive the updates fast enough, or the router was out of buffer space. For example, packets might be dropped if either of these topologies existed:
OSPF update packets are now automatically paced by a delay of 33 milliseconds. Pacing is also added between retransmissions to increase efficiency and minimize lost retransmissions.
OSPF update and retransmission packets are sent more efficiently. Also, you can display the LSAs waiting to be sent out an interface.
It is now possible to implement access lists based on the time of day. To do so, you create a time range that defines specific times of the day and week. The time range is identified by a name, and then referenced by a function, so that those time restrictions are imposed on the function itself.
Currently, IP and IPX extended access lists are the only functions that can use time ranges. The time range allows the network administrator to define when the permit or deny statements in the access list are in effect. Prior to this feature, access list statements were always in effect once they were applied. Both named or numbered access lists can reference a time range.
Triggered extensions to IP RIP increase efficiency of RIP on point-to-point, serial interfaces.
Routers are used on connection-oriented networks to allow potential connectivity to many remote destinations. Circuits on the WAN are established on demand and are relinquished when the traffic subsides. Depending on the application, the connection between any two sites for user data could be short and relatively infrequent.
There were two problems using RIP to connect to a WAN:
To overcome these limitations, triggered extensions to RIP cause RIP to send information on the WAN only when there has been an update to the routing database. Periodic update packets are suppressed over the interface on which this feature is enabled.
The Cisco IOS Firewall feature set is now available on 2600 and 3600 series products.
The Cisco IOS Firewall feature set extends the security technology currently available in Cisco IOS software to provide firewall specific capabilities:
The Cisco IOS Firewall feature set adds advanced filtering capabilities to existing security functionality in Cisco routers. Some existing Cisco IOS security features include packet filtering via access control lists (ACLs), Network Address Translation (NAT), network-layer encryption, and TACACS+ authentication.
IOS Spanning Tree Protocol enhancements broaden the original IOS STP implementation with increased port identification capability, improved path cost determination, and support for a new VLAN bridge spanning-tree protocol.
Layer Two Tunneling Protocol (L2TP) is an emerging Internet Engineering Task Force (IETF) standard that combines the best features of two existing tunneling protocols: Cisco's Layer Two Forwarding (L2F) and Microsoft's Point-to-Point Tunneling Protocol (PPTP). L2TP is an extension to the Point-to-Point Protocol (PPP), which is an important component for Access Virtual Private Networks (VPNs). Access VPNs allow mobile users to connect to their corporate intranets or extranets, thus improving flexibility and reducing costs.
Traditional dial-up networking services only supported registered IP address, which limited the types of applications that could be implemented over Virtual Private Networks (VPNs). L2TP supports multiple protocols and unregistered and privately administered IP addresses over the Internet. This allows the existing access infrastructure, such as the Internet, modems, access servers, and ISDN terminal adaptors (TAs), to be used.
L2TP can be initiated wherever PPTP or L2F is currently deployed and can be operated as a client initiated tunnel, such as PPTP, or a network access server (NAS) initiated tunnel, such as L2F.
Point-to-Point Protocol (PPP) over Asynchronous Transfer Mode (ATM) is now available on an ATM CES port adapter in a Cisco 7200-series router.
In previous releases of PPP over ATM, you configured permanent virtual circuits (PVCs) for PPP over ATM on point-to-point subinterfaces. In this release, each PPP over ATM connection no longer requires two interfaces, a virtual access interface and ATM subinterface. Instead, you can configure multiple PVCs for PPP over ATM on multipoint subinterfaces, thereby providing a significant increase in the number of PPP over ATM sessions per router. Also in this release, PPP over ATM is enhanced to support virtual circuit (VC) multiplexed encapsulation and complies with the Internet Engineering Task Force (IETF) draft on multiplexed encapsulation titled PPP over AAL5. The previous version of PPP over ATM supported only the Frame Forwarding data encapsulation (aal5ciscoppp).
This release of the PPP over ATM feature provides support for IETF-compliant PPP over ATM and significantly increases the maximum number of PPP over ATM sessions running on a router. The maximum number of PPP over ATM sessions supported on a platform depends on available system resources such as memory and CPU speed.
The ATM PVC Trap Support feature provides Simple Network Management Protocol (SNMP) notification for permanent virtual circuit (PVC) failures, and it provides SNMP access to PVC status tables.
Normally, a management station is not notified when an Asynchronous Transfer Mode (ATM) PVC goes down. The ATM PVC Trap Support feature enables an agent to send the required PVC traps for this notification. It also provides support for these PVC status tables: atmCurrentlyFailingPVclTable and atmInterfaceExtTable.
This section provides warnings and cautions about using the Cisco IOS Release 12.0(4)XI software. The following topics are described:
planning assistance is available on Cisco's World Wide Web site at:
http://www.cisco.com
If you have a service contract, you can obtain new software through your regular update channels (generally via Cisco's Worldwide Web site). You can upgrade to any software release, but you must remain within the boundaries of the feature sets you have purchased.
If you don't have a service contract, you can upgrade to obtain only the bug fixes; free upgrades are restricted to the minimum upgrade that is required to resolve the defects. To determine the free upgrades to which you are entitled, first find your current software version in the first column of Table 3. In general, you are restricted to upgrading to the other releases listed in the same row, except when the other releases listed in that row are unavailable. Obtain updates by contacting one of the following Cisco TACs:
If asked for proof of entitlement to a free update, give the URL of this notice (http://www.cisco.com/warp/public/770/iossyslog-pub.shtml). Non-contract customers must request free updates through the TAC. Please do not contact either "psirt@cisco.com" or "security-alert@cisco.com" for software updates.
You can work around this vulnerability by preventing any affected Cisco IOS device from receiving or processing UDP datagrams addressed to its port 514. This can be done either using packet filtering on surrounding devices, or by using input access list filtering on the affected IOS device itself.
If you use an input access list, apply that list to all interfaces to which attackers may be able to send datagrams. Interfaces include---not only physical LAN and WAN interfaces---but virtual subinterfaces of those physical interfaces, as well as virtual interfaces and interface templates corresponding to GRE, L2TP, L2F, and other tunneling protocols.
The input access list must block traffic destined for UDP port 514 at any of the Cisco IOS device's own IP addresses, as well as at any broadcast or multicast addresses on which the Cisco IOS device may be listening. Be sure to block both old-style "all-zeros" broadcasts and new-style "all-ones" broadcasts. It is not necessary to block traffic being forwarded to other hosts---only traffic actually addressed to the Cisco IOS device is of interest.
No single input access list works in all configurations. Know the effect of your access list in your specific configuration before activating it.
The following example shows a possible access list for a three-interface router, along with the configuration commands needed to apply the list. The example assumes input filtering is not needed, other than as a workaround for this vulnerability:
! Deny all multicasts, and all unspecified-net broadcasts, to port 514 access-list 101 deny udp any 224.0.0.0 31.255.255.255 eq 514 ! Deny old-style unspecified-net broadcasts access-list 101 deny udp any host 0.0.0.0 eq 514 ! Deny network-specific broadcasts. This example assumes that all of ! the local interfaces are on the class B network 172.16.0.0, subnetted ! everywhere with mask 255.255.255.0. This will differ from network ! to network. Note that we block both new-style and old-style broadcasts. access-list 101 deny udp any 172.16.0.255 0.0.255.0 eq 514 access-list 101 deny udp any 172.16.0.0 0.0.255.0 eq 514 ! Deny packets sent to the addresses of our own network interfaces. access-list 101 deny udp any host 172.16.1.1 eq 514 access-list 101 deny udp any host 172.16.2.1 eq 514 access-list 101 deny udp any host 172.16.3.3 eq 514 ! Permit all other traffic (default would be to deny) access-list 101 permit ip any any ! Apply the access list to the input side of each interface interface ethernet 0 ip address 172.16.1.1 255.255.255.0 ip access-group 101 in interface ethernet 2 ip address 172.16.2.1 255.255.255.0 ip access-group 101 in interface ethernet 3 ip address 172.16.3.3 255.255.255.0 ip access-group 101 in
Listing all possible addresses---especially all possible broadcast addresses---to which attack packets can be sent is complicated. If you do not need to forward any legitimate syslog traffic received on an interface, you can block all syslog traffic arriving on that interface. Remember that blocking will affect traffic routed through the Cisco IOS device as well as traffic destined to the device; if the IOS device is expected to forward syslog packets, you will have to do the detailed filtering. Because input access lists impact system performance, install them with caution---especially on systems running very near their capacity.
Many Cisco software images have been or will be specially reissued to correct this vulnerability. For example, regular released version 12.0(2) is vulnerable, as are interim versions 12.0(2.1) through 12.0(2.3). The first fixed interim version of 12.0 mainline software is 12.0(2.4). However, a special release, 12.0(2a), contains only the fix for this vulnerability and does not include any other bug fixes from later 12.0 interim releases.
If you are running 12.0(2) and want to fix this problem without risking possible instability presented by installing the 12.0(2.4) interim release, you can upgrade to 12.0(2a). Release 12.0(2a) is a "code branch" from the 12.0(2) base, which will merge back into the 12.0 mainline at 12.0(2.4).
Special releases, like 12.0(2a), are one-time, spot fixes, and they will not be maintained. Thus, the upgrade path from12.0(2a) is to 12.0(3).
Table 2 specifies information about affected and repaired software versions.
| Cisco IOS Major Release | Description | Special Fix1 | First Fixed Interim Release2 | Fixed Maintenance Release3 |
|---|---|---|---|---|
| Unaffected Releases | ||||
11.2 and earlier---all variants | Unaffected early releases (no syslog server) | Unaffected | Unaffected | Unaffected |
11.3, 11.3T, 11.3DA, 11.3MA, 11.3NA, 11.3WA, 11.3(2)XA | 11.3 releases without syslog servers | Unaffected | Unaffected | Unaffected |
| Releases based on 11.3 | ||||
11.3AA | 11.3 early deployment for AS58xx | 11.3(7)AA2, 8-JAN-19994 | 11.3(7.2)AA | 11.3(8)AA, 15-FEB-1999 |
11.3DB | 11.3 for Cisco NRP routing blade in Cisco 6400 xDSL DSLAM |
|
| 11.3(7)DB2, 18-JAN-1999 |
| Releases based on 12.0 | ||||
12.0 | 12.0 Mainline | 12.0(2a), 8-JAN-1999 | 12.0(2.4) | 12.0(3), 1-FEB-1999 |
12.0T | 12.0 new technology early deployment | 12.0(2a)T1, 11-JAN-1999 | 12.0(2.4)T | 12.0(3)T, 15-FEB-1999 |
12.0S | ISP support; 7200, RSP, GSR |
| 12.0(2.3)S, 27-DEC-1998 | 12.0(2)S5, 18-JAN-1999 |
12.0DB | 12.0 for Cisco 6400 universal access concentrator node switch processor (lab use) |
|
| 12.0(2)DB, 18-JAN-1999 |
12.0(1)W | 12.0 for Catalyst 8500 and LS1010 | 12.0(1)W5(5a) and 12.0(1a)W5(5b) (LS1010 platform only) | 12.0(1)W5(5.15) | 12.0(1)W5(6) (platform support for Catalyst 8540M will be in 12.0(1)W5(7)) |
12.0(0.6)W5 | One-time early deployment for CH-OC12 module in Catalyst 8500 series switches. | Unaffected; one-time release | Unaffected | Unaffected; general upgrade path is via 12.0(1)W5 releases. |
12.0(1)XA3 | Short-life release; merged to 12/0T at 12.0(2)T | Obsolete | Merged | Upgrade to 12.0(2a)T1 and/or to 12.0(3)T. |
12.0(1)XB | Short-life release for Cisco 800 series; merged to 12.0 T and 12.0 (3)T | 12.0(1)XB1 | Merged | Upgrade to 12.0(3)T. |
12.0(2)XC | Short-life release for new features in Cisco 2600, Cisco 3600, ubr7200, ubr900 series; merged to 12.0 T at 12.0(3)T. | 12.0(2)XC1, 7-JAN-1999 | Merged | Upgrade to 12.0(3)T |
12.0(2)XD | Short-life release for ISDN voice features; merged to 12.0 T at 12.0(3)T. | 12.0(2)XD1, 18-JAN-1999 | Merged | Upgrade to 12.0(3)T |
12.0(1)XE | Short-life release | 12.0(2)XE, 18-JAN-1999 | Merged | Upgrade to 12.0(3)T |
When using a multipartition flash card, the various flash partitions are referred to as "flash:1:", "flash:2:", etc. If you specify only "flash" in a multipartition flash, the parser assumes "flash:1:." For example, if you type "show flash all" the parser defaults to "show flash:1: all" and only the flash information for the first partition displays. To see information for all flash partitions, type "show flash ?" This will list all of the valid partitions. Then enter "show flash:xx: all" on each valid partition.
On the ATM25 interface of the C1400 there are two types of traffic shaping: hardware-based and software-based. Hardware-based traffic shaping is provided by the ATM SAR chip and is enabled on a per-pvc basis by one of the following IOS PVC configuration commands:
ubr <peak-cell-rate>
ubr+ <peak-cell-rate> <minimum-guaranteed-cell-rate>
vbr-nrt <peak-cell-rate> <sustainable-cell-rate> <maximum-burst-size>
The SAR chip has "rate counters" that control the rate at which the current buffer up for segmentation is going to be transmitted. Ideally, the SAR chip could be programmed with values for all of the above command parameters. Unfortunately, it only has the rate counters, which specify a divisor of the basic line rate of 25 Mbps and which really sets the maximum transmission rate (peak-cell-rate) for the channel. Note that with the "ubr" and "ubr+" commands, the rate counter for the PVC is obtained from the <peak-cell-rate> parameter. With the "vbr-nrt" command, the rate counter is obtained from the <sustainable-cell-rate> parameter. While the <mininum-guaranteed-cell-rate> parameter in the "ubr+" command and the <peak-cell-rate> parameter in the "vbr-nrt" command can be specified by the user, they are ignored by the ATM25 driver.
Software-based traffic shaping is enabled on a per-interface basis via the "traffic-shape" interface configuration command. For performance reasons, and since for ATM interfaces you most likely want to do shaping on a per-pvc basis, the ATM driver does not support software-based traffic shaping while fastswitching. However, if fast-switching is disabled and the "traffic-shape" interface configuration command is enabled, then software traffic shaping will occur. (See CSCdk28377 for more information).
Caveats describe unexpected behavior or defects in Cisco IOS software releases. For a list of software caveats that apply to Cisco IOS Release 12.0(4)XI, refer to the Caveats for
Cisco IOS 12.0 T document that accompanies these release notes. This document lists severity 1 and 2 caveats. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. The caveats document is also located on CCO and the Documentation CD-ROM.
Because Cisco IOS Release 12.0(4)XI is based on Cisco IOS Release 12.0(4), all caveats in Release 12.0(4) are also in Release 12.0(4)XI. For information on caveats in Cisco IOS Release 12.0(4), refer to the Caveats for Cisco IOS Release 12.0 T document, which lists severity 1 and 2 caveats and is located on CCO and the Documentation CD-ROM.
If you have an account with CCO, you can use Bug Navigator II to find caveats of any severity for any release. Bug Navigator II is at http://www.cisco.com/support/bugtools/bugtool.shtml, or from CCO, select Service & Support: Software Bug Toolkit: Bug Navigator II.
The following sections describe the documentation available for the Cisco Cisco 1400 Series. Typically, these documents consist of hardware and software installation guides, Cisco IOS configuration and command references, system error messages, feature modules, and other documents. Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online only.
The most up-to-date documentation can be found on the Web via Cisco Connection Online (CCO) and on the latest Documentation CD-ROM. These electronic documents might contain updates and modifications made after the paper documents were printed. For information on CCO, refer to the "Cisco Connection Online" section later in this document.
Use these release notes with the documents listed in the following sections:
The following documents are related to Release 12.0(4)XI. They are located on CCO and the Documentation CD-ROM:
Hardware documentation for the Cisco 1400 series routers is listed below. These documents ship with the Cisco 1400 series routers.
To access hardware documents on CCO, follow this path:
Service and Support: Technical Documents: Cisco Product Documentation: DSL Products: Cisco 1400 Series Routers
To access hardware documentation on the documentation CD-ROM, follow this path:
Cisco Product Documentation: Cisco Product Documentation: DSL Products: Cisco 1400 Series Routers
The following documents are specific to the Cisco 1400 series routers:
Feature modules describe new features supported by Release 12.0(4)XI and are an update to the Cisco IOS documentation set. Feature modules consist of a brief overview of the feature, benefits, configuration tasks, and a command reference. As updates, the features modules are available online only. The feature module information is included in the next printing of the Cisco IOS documentation set.
To reach the feature modules from CCO, click on this path:
Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: New Feature Documentation
To reach the feature modules on the Documentation CD-ROM, click on this path:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: New Feature Documentation
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents. These documents are shipped with your order in electronic form on the Documentation CD-ROM---unless you specifically ordered the printed versions.
Each module in the Cisco IOS documentation set consists of two books: a configuration guide and a corresponding command reference. Chapters in a configuration guide describe protocols, configuration tasks, Cisco IOS software functionality functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference.
On CCO and the Documentation CD-ROM, two master hot-linked documents provide information for the Cisco IOS software documentation set: configuration guides and command references.
To reach these documents from CCO, click on this path:
Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Configuration Guides and Command References
To reach these documents on the Documentation CD-ROM, click on this path:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Configuration Guides and Command References
Table 2 describes the contents of the Cisco IOS Release 12.0 software documentation set, which is available in electronic form and in printed form upon request.
To reach the Cisco IOS documentation set from CCO, click on this path:
Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0
To reach the Cisco IOS documentation set on the Documentation CD-ROM, click on this path:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0
| Books | Chapter Topics |
|---|---|
| Configuration Fundamentals Overview |
| Transparent Bridging |
| Dial-In Port Setup |
| Interface Configuration Overview |
| IP Addressing |
| AppleTalk |
| Apollo Domain |
| AAA Security Services |
| Switching Paths for IP Networks |
| ATM |
| Voice over IP |
| Classification |
|
|
For service and support for a product purchased from a reseller, contact the reseller. Resellers offer a wide variety of Cisco service and support programs that are described in the "Service and Support" section of the information packet shipped with your product.
For service and support for a product purchased directly from Cisco, use CCO.
If you have a CCO login account, you can access the following URL, which contains links and helpful tips on configuring your Cisco products:
http://www.cisco.com/kobayashi/serv_tips.shtml
This URL is subject to change without notice. If it changes, point your Web browser to CCO and click on this path: Products & Technologies: Products: Technical Tips.
The following sections are provided from the Technical Tips page:
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can access CCO in the following ways:
For a copy of CCO Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.
Posted: Sun May 14 22:34:46 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.