cc/td/doc/product/software/ios120/relnote
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Release Notes for Cisco 2600 Series for
Cisco IOS Release 12.0 T

Release Notes for Cisco 2600 Series for
Cisco IOS Release 12.0 T

December 13, 1999

These release notes for the Cisco 2600 series support Cisco IOS Release 12.0 T, up to and including Release 12.0(7)T. These release notes are updated as needed to describe new features, memory requirements, hardware support, software platform deferrals, and changes to the microcode or modem code and related documents.

For a list of the software caveats that apply to Release 12.0(7) T, see Caveats for Cisco IOS Release 12.0 T  that accompanies these release notes. This caveats document is updated for every maintenance release and is also located on Cisco Connection Online (CCO) and the Documentation CD-ROM.

Use these release notes with Cross-Platform Release Notes for Cisco IOS Release 12.0 located on CCO and the Documentation CD-ROM.

Contents

These release notes describe the following topics:

Introduction

Cisco Systems extends enterprise-class and managed services Customer Premises Equipment (CPE) versatility, integration, and power to branch offices with the Cisco 2600 series modular access router family. The widely deployed Cisco 2600 series modular access routers are designed to enable customers to easily adopt future technologies and scale to accommodate network expansion. The Cisco 2600 series shares modular interfaces with the Cisco 1600, Cisco 1700, and Cisco 3600 series, providing a solution to meet today's branch office needs for applications such as:

The Cisco 2600 series modular architecture provides the versatility needed to adapt to changes in network technology as new services and applications become available. Driven by a powerful RISC processor, the Cisco 2600 series supports the advanced Quality of Service (QoS), security, a nd network integration features required in today's evolving enterprise networks.

System Requirements

This section describes the system requirements for Release 12.0(7) T:

Memory Requirements


Table 1: Memory Requirements for the Cisco 2600 Series
Feature Set by Platform Image Name Required
Flash
Memory 		Required
DRAM
Memory 		Runs
From

IP

c2600-i-mz

4 MB

20 MB

RAM

IP Plus

c2600-is-mz

8 MB

32 MB

RAM

IP Plus IPSec 3DES

c2600-ik2s-mz

8 MB

40 MB

RAM

IP/FW/IDS Plus IPSec 3DES

c2600-ik2o3s-mz

16 MB

40 MB

RAM

IP Plus IPSec 56

c2600-is56i-mz

16 MB

40 MB

RAM

IP/FW/IDS

c2600-io3-mz

8 MB

24 MB

RAM

IP/FW/IDS Plus IPSec 56

c2600-io3s56i-mz

16 MB

40 MB

RAM

IP/H323

c2600-ix-mz

8 MB

32 MB

RAM

IP/IPX/AT/DEC

c2600-d-mz

8 MB

24 MB

RAM

IP/IPX/AT/DEC Plus

c2600-ds-mz

8 MB

40 MB

RAM

IP/IPX/AT/DEC/FW/IDS Plus

c2600-do3s-mz

16 MB

40 MB

RAM

Enterprise Plus

c2600-js-mz

16 MB

40 MB

RAM

Enterprise Plus IPSec 3DES

c2600-jk2s-mz

16 MB

40 MB

RAM

Enterprise Plus IPSec 56

c2600-js56i-mz

16 MB

40 MB

RAM

Enterprise/SNASw Plus

c2600-a3js-mz

16 MB

40 MB

RAM

Enterprise/SNASw Plus IPSec 3DES

c2600-a3jk2s-mz

16 MB

40 MB

RAM

Enterprise/SNASw Plus IPsec 56

c2600-a3js56i-mz

16 MB

40 MB

RAM

Enterprise/FW/IDS Plus IPSec 3DES

c2600-jk2o3s-mz

16 MB

40 MB

RAM

Enterprise/FW/IDS Plus IPSec 56

c2600-jo3s56i-mz

16 MB

40 MB

RAM

Remote Access Server

c2600-c-mz

8 MB

20 MB

RAM

Hardware Supported

Cisco IOS Release 12.0 T supports the Cisco 2600 series routers:

For detailed descriptions of the new hardware features for Cisco IOS Release 12.0, see the cross-platform Release Notes for Cisco IOS Release 12.0

Note The 1- or 2-port 10baseT/100baseT Ethernet LAN interface for the Cisco 2621 and Cisco 2621 series routers is available in Cisco IOS Release 12.0 XC and later. The ISDN BRI Voice over IP Voice Interface Card is available in Cisco IOS Release 12.0 XD and 12.0(3)T and later releases.


Table 2: Supported Interfaces on the Cisco 2600 Series
Interface, Network Module, or Data Rate1 Platforms Supported
LAN Interfaces2

1- or 2-port Ethernet (10BaseT)

All Cisco 2600 series platforms

1-port Token Ring (RJ-45)

Cisco 2612, Cisco 2613

1- or 2-port 10/100Mbps Ethernet

Cisco 2620, Cisco 2621

LAN Network Modules

1-port Ethernet

All Cisco 2600 series platforms

4-port Ethernet

All Cisco 2600 series platforms

1-port ATM-25 RJ-45 interface

All Cisco 2600 series platforms

Serial Network Modules

16- or 32-port Asynchronous

All Cisco 2600 series platforms

4- or 8-port Asynchronous/ Synchronous Serial low speed
(128 kbps max)

All Cisco 2600 series platforms

Multiport T1/E1 ATM Network Modules with Inverse Multiplexing over ATM (IMA)3

4-port T1 ATM network module with IMA (NM-4T1-IMA)

All Cisco 2600 series platforms

4-port E1 ATM network module with IMA (NM-4E1-IMA)

All Cisco 2600 series platforms

8-port T1 ATM network module with IMA (NM-8T1-IMA)

All Cisco 2600 series platforms

8-port E1 ATM network module with IMA (NM-8E1-IMA)

All Cisco 2600 series platforms

Digital T1 Packet Voice Trunk Network Modules and Spare Components

1-port, 24-channel T1 voice/fax module, supports 24 channels of medium-complexity codecs: G.729a/b, G.726, G.711 and fax or 12 channels of G.726, G.729, G.723.1, G.728, G.729a/b, G.711, and fax. Consists of one NM-HDV, two PVDM-12s, and one VWIC-1MFT-T14. Part number: NM-HDV-1T1-24

All Cisco 2600 series platforms

1-port, enhanced 24-channel T1 voice/fax module, supports 24 channels of high- and medium-complexity codecs: G.729a/b, G.726, G.729, G.728, G.723.1, G.711, and fax. Consists of one NM-HDV, four PVDM-12s, and one VWIC-1MFT-T14. Part number: NM-HDV-1T1-24E

All Cisco 2600 series platforms

2-port, 48-channel T1 voice/fax module, supports add/drop multiplexing (drop and insert); 48 channels of medium-complexity codecs: G.729a/b, G.726,G.711, and fax; or 24 channels of G726, G729, G723.1, G.728, G729a/b, G711, and fax. Consists of one NM-HDV, four PVDM-12, and one VWIC-2MFT-T1-DI4. Part number: NM-HDV-2T1-48

All Cisco 2600 series platforms

High-density voice/fax network module spare (NM-HDV)

Digital T1/E1 Packet Voice Trunk Network Modules spare component

12-channel packet voice DSP module upgrade spare (PVDM-12)

Digital T1/E1 Packet Voice Trunk Network Modules spare component

1-port RJ-48 MultiFlex Trunk - T1 (VWIC-1MFT-T1)4

Digital T1/E1 Packet Voice Trunk Network Modules spare component

2-port RJ-48 MultiFlex Trunk - T1 (VWIC-2MFT-T1)4

Digital T1/E1 Packet Voice Trunk Network Modules spare component

2-port RJ-48 MultiFlex Trunk with drop and insert - T1 (VWIC-2MFT-T1-DI)4

Digital T1/E1 Packet Voice Trunk Network Modules spare component

Dial, ISDN and Channelized Serial Network Modules

1- or 2-port Channelized T1/ISDN PRI

All Cisco 2600 series platforms

1- or 2-port Channelized T1/ISDN PRI with CSU

All Cisco 2600 series platforms

1- or 2-port Channelized E1/ISDN PRI balanced

All Cisco 2600 series platforms

1- or 2-port Channelized E1/ISDN PRI unbalanced

All Cisco 2600 series platforms

4-or 8-port ISDN BRI S/T interface

All Cisco 2600 series platforms

4- or 8-port ISDN BRI U (NT1) interface

All Cisco 2600 series platforms

8- or 16-port Analog modems

All Cisco 2600 series platforms

T1/E1 Multiflex Voice/WAN Interface Cards5

1-Port T1 multiflex trunk interface (VWIC-1MFT-T1)

All Cisco 2600 series platforms

1-Port E1 multiflex trunk interface (VWIC-1MFT-E1)

All Cisco 2600 series platforms

2-Port T1 multiflex trunk interface (VWIC-2MFT-T1)

All Cisco 2600 series platforms

2-Port E1 multiflex trunk interface (VWIC-2MFT-E1)

All Cisco 2600 series platforms

2-Port T1 multiflex trunk interface with Drop and Insert (VWIC-2MFT-T1-DI)

All Cisco 2600 series platforms

2-Port E1 multiflex trunk interface with Drop and Insert (VWIC-2MFT-E1-DI)

All Cisco 2600 series platforms

Voice/Fax Interface Cards

1- or 2- Voice interface card slots

All Cisco 2600 series platforms

1-slot high-density T1/E1 voice interface card slots6

All Cisco 2600 series platforms

2-port FXS Voice/Fax interface card7

All Cisco 2600 series platforms with Voice/Fax network modules

2-port E&M Voice/Fax interface card3

All Cisco 2600 series platforms with Voice/Fax network modules

2-port FXO Voice/Fax interface card3

All Cisco 2600 series platforms Voice/Fax network modules

WAN Interface Cards

1-port ISDN BRI S/T interface (requires external NT1)

All Cisco 2600 series platforms

1-port ISDN BRI (NT1) U

All Cisco 2600 series platforms

1-port 56/64-kbps DSU/CSU

All Cisco 2600 series platforms

1-port T1/Fractional T1 with DSU/CSU

All Cisco 2600 series platforms

1-port High-Speed Serial (up to 2.048 Mbps)

All Cisco 2600 series platforms

2-port Dual High-speed Serial (up to 2.048 Mbps; Asynchronous/ Synchronous support)

All Cisco 2600 series platforms

2-port Asynchronous/ Synchronous (up to 128 kbps)

All Cisco 2600 series platforms

Advanced Integration Module

Data Compression AIM (up to 8.192 Mbps)

All Cisco 2600 series platforms

1The Voice/Fax and ATM-25 network modules require Cisco IOS Plus feature sets.
2The 1- or 2-port 10/100 Ethernet LAN interface for the Cisco 2621 and Cisco 2621 series routers is only available in Cisco IOS Release 12.0 XC and later.
3Requires the Cisco IOS Plus feature sets.
4See T1/E1 Multiflex Voice/WAN Interface Cards in this table.
5T1 Multiflex Voice/WAN Interface Cards can be used in a chassis slot or installed in a Digital T1 Packet Voice Trunk Module. E1 Multiflex Voice/WAN Interface Cards can be installed in a chassis slot.
6Uses the VWIC-MFT T1/E1 interface cards.
7Requires the NM-1V or NM-2V network module.

Determining the Software Version

To determine the version of Cisco IOS software running on a Cisco 2600 series router, log in to the router and enter the show version EXEC command:

router>show version
Cisco Internetwork Operating System Software
IOS (tm) 2600 Software (c2600-i-mz), Version 12.0(7)T, RELEASE SOFTWARE

Upgrading to a New Software Release

For information about upgrading to a new software release, see the product bulletin Cisco IOS Software Release 12.0 T Upgrade Paths and Packaging Simplification (#819 1/99) on CCO at:

Service & Support: Software Center: Cisco IOS Software: Product Bulletins: Software

Other Firmware Code

The latest version of analog modem firmware for the Cisco 2600 series supports the internal analog modems (both NM-16AM and NM-8AM) in a wide range of countries, starting with Cisco IOS Release 11.3(5)T and later releases. The latest firmware (version 1.2.0) also supports dial-out and fax-out.

On CCO, beginning under the Service & Support heading:

Technical Documents: Documentation Home Page: Access Servers and Access Routers: Modular Access Routers: Cisco 2600 Series Routers: Analog Modem Firmware

On the Documentation CD-ROM at:

Cisco Product Documentation: Access Servers and Access Routers: Modular Access Routers: Cisco 2600 Series Routers: Analog Modem Firmware

Feature Set Tables

Cisco IOS software is packaged in feature sets consisting of software images---depending on the platform. Each feature set contains a specific set of Cisco IOS features.


Table 3: Feature Sets Supported by the Cisco 2600 Series
Feature Sets Feature Set Matrix Term Software Image Platforms
IP Standard
Feature Sets

IP

  • Basic

c2600-i-mz

All Cisco 2600 series platforms

IP Plus

  • Basic

  • Plus

c2600-is-mz

All Cisco 2600 series platforms

IP Plus IPSec 3DES

  • Plus

  • Plus IPSec 3DES

c2600-ik2s-mz

All Cisco 2600 series platforms

IP Plus IPSec 56

  • Plus

  • Plus IPSec 56

c2600-is56i-mz

All Cisco 2600 series platforms

IP/FW/IDS

  • Basic

  • FW

  • IDS

c2600-io3-mz

All Cisco 2600 series platforms

IP/FW/IDS Plus IPSec 3DES

  • Basic

  • FW Plus

  • IDS Plus

  • Plus IPSec 3DES

c2600-ik2o3s-mz

All Cisco 2600 series platforms

IP/FW/IDS Plus IPSec 56

  • Basic

  • FW Plus

  • IDS Plus

  • Plus IPSec 56

c2600-io3s56i-mz

All Cisco 2600 series platforms

IP H.323

  • Basic

  • H.323 V2

c2600-ix-mz

All Cisco 2600 series platforms

IP/IPX/AppleTalk/
DEC Standard
Feature Sets

IP/IPX/AT/DEC

  • Basic

c2600-d-mz

All Cisco 2600 series platforms

IP/IPX/AT/DEC Plus

  • Basic

  • Plus

c2600-ds-mz

All Cisco 2600 series platforms

IP/IPX/AT/DEC/FW/IDS Plus

  • Basic

  • FW Plus

  • IDS Plus

c2600-do3s-mz

All Cisco 2600 series platforms

Enterprise Standard
Feature Sets

Enterprise Plus

  • Plus

c2600-js-mz

All Cisco 2600 series platforms

Enterprise Plus IPSec 3DES

  • Plus

  • Plus IPSec 3DES

c2600-jk2s-mz

All Cisco 2600 series platforms

Enterprise Plus IPSec 56

  • Plus

  • Plus IPSec 56

c2600-js56i-mz

All Cisco 2600 series platforms

Enterprise/FW/IDS Plus IPSec 56

  • FW Plus

  • IDS Plus

  • Plus IPSec 56

c2600-jo3s56i-mz

All Cisco 2600 series platforms

Enterprise/FW/IDS Plus IPSec 3DES

  • FW Plus

  • IDS Plus

  • Plus IPSec 3DES

c2600-jk2o3s-mz

All Cisco 2600 series platforms

Enterprise/SNASw Standard
Feature Sets

Enterprise/SNASw Plus

  • Plus

c2600-a3js-mz

All Cisco 2600 series platforms

Enterprise/SNASw Plus IPSec 3DES

  • Plus

  • Plus IPSec 3DES

c2600-a3jk2s-mz

All Cisco 2600 series platforms

Enterprise/SNASw Plus IPSec 56

  • Plus

  • Plus IPSec 56

c2600-a3js56i-mz

All Cisco 2600 series platforms

Remote Access Server Feature Set

Remote Access Server

  • Basic

c2600-c-mz

All Cisco 2600 series platforms

Caution Cisco IOS images with strong encryption (including, but not limited to 168-bit (3DES) data encryption feature sets) are subject to United States government export controls and have limited distribution. Strong encryption images to be installed outside the United States are likely to require an export license. Customer orders may be denied or subject to delay due to United States government regulations. When applicable, you must obtain local import and use authorizations for all encryption strengths. Please contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com.

Tables 4 and 5 list the features and feature sets supported by the Cisco 2600 series in Cisco IOS Release 12.0(7)T and use the following conventions:

Note These feature set tables only contain a selected list of features. The tables are not cumulative---nor do they list all the features in each image.


Table 4: Feature List by Feature Set for the Cisco 2600 Series---Part 1 of 2
Features Feature Sets
In IP IP/
FW IDS 		IP/
FW/ IDS Plus IPSec
56 		IP H323 IP/
IPX/
AT/
DEC 		IP
Plus 		IP
Plus
IPSec
3DES 		IP
Plus
IPSec
56 		IP/
FW/ IDS
Plus
IPSec
3DES 		IP/
IPX/
AT/
DEC
Plus 		IP/
IPX/
AT/
DEC/
FW/ IDS Plus
Connectivity
1FE2P Network Module

No

No

No

No

No

No

No

No

No

No

No

Fast Ethernet (10baseT/100baseT Mbps) Network Ports1

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Layer 2 Tunneling Protocol (L2TP)

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

L2TP Dial Out

(5)

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

RIP Enhancements

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IBM Support
APPN High-Performance Routing

No

No

No

No

No

No

No

No

No

No

No

APPN MIB Enhancements

No

No

No

No

No

No

No

No

No

No

No

APPN Modularity Enhancements

No

No

No

No

No

No

No

No

No

No

No

APPN over Ethernet LAN Emulation

No

No

No

No

No

No

No

No

No

No

No

APPN Scalability Enhancements

No

No

No

No

No

No

No

No

No

No

No

BAN for SNA Frame Relay support

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Bisync Enhancements, include:

  • Bisync 3780 Support

  • BSC Extended Addressing

  • Block Serial Tunneling (BSTUN) over Frame Relay

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Bridging Code Rework

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Caching and filtering

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

DLSw+ Enhancements, include:

  • Backup Peer Extensions for Encapsulation Types

  • DLSw+ Border Peer Caching

  • DLSw+ MIB Enhancements

  • DLSw+ SNA Type of Service

  • LLC2-to-SDLC Conversion between PU4 Devices

  • NetBIOS Dial-on-Demand Routing

  • RIF Passthru

  • UDP Unicast Enhancement

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

DLSw+ Load Balancing Enhancements

(3)

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

DLSw+ Peer Group Cluster

(3)

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

DLSw+ RSVP

(3)

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Downstream PU concentration (DSPU)

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Frame Relay SNA support (RFC 1490)

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

FRAS Enhancements, include:

  • FRAS Boundary Network Node Enhancement

  • FRAS Dial Backup over DLSw+

  • FRAS DLCI Backup

  • FRAS Host

  • FRAS MIB

  • SRB over Frame Relay

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

IBU Modularity Enhancements

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Native Client Interface Architecture (NCIA) Server

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

NetView Native Service Point

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Polled asynch (ADT, ADPLEX)

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

QLLC

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Response Time Reporter (RTR)

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

RIF Passthru in DLSw+

No

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SDLC integration

No

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SDLC transport (STUN)

No

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SDLC-to-LAN conversion (SDLLC)

No

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SNA and NetBIOS WAN optimization via local acknowledgment

No

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SNA Switching Services

(7)

No

No

No

No

No

No

No

No

No

No

No

SRB/RSRB

No

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SRT

No

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

TG/COS

No

No

No

No

No

No

No

No

No

No

No

TN3270

No

No

No

No

No

No

No

No

No

No

No

Tunneling of Asynchronous Security Protocols

No

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IP/IPX Routing
Airline Product Set Enhancements

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Async over UDP

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

BGP

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

BGP4

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Data Compression Advanced Interface Module (AIM)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Easy IP Phase 2-DHCP Server

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

EGP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Enhanced IGRP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Enhanced IGRP Optimizations

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

ES-IS

No

No

No

No

No

No

No

No

No

No

No

Flow-based WRED

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Hot Standby Router Protocol (HSRP) over ISL in Virtual LAN Configurations

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IP Enhanced IGRP Route Authentication

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IP Precedence for GRE Tunnels (GRE VPN)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IP RTP Priority

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IP Type of Service and Precedence for GRE Tunnels

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IS-IS

No

No

No

No

No

No

No

No

No

No

No

IS-IS Multiarea Support

(5)

No

No

No

No

No

No

No

No

No

No

No

Mobile IP

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Multiple Hot Standby Router Protocol (M-HSRP)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Named IP Access Control List

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

NetFlow Policy Routing

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Network Address Translation (NAT)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

NHRP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

On Demand Routing (ODR)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

OS_IFSS

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

OSPF

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

OSPF Not-So-Stubby-Areas (NSSA)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

OSPF On Demand Circuit (RFC 1793)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

OSPF Packet Pacing

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

PGM Router Assist

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Policy-based routing

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Protocol-Independent Multicast (PIM) Version 2

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Response Time Reporter (RTR) Enhancements

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

RTR Enhancements

(4)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

RIP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

RIP Version 2

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Service Assurance Agent (formerly RTR) Enhancements

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

TCP Selective Acknowledgments and Timestamps

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Web Cache Communications Protocol V2 (WCCPv2)

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

LAN Support
Apollo Domain

No

No

No

No

No

No

No

No

No

No

No

AppleTalk 1 and 21

No

No

No

No

Yes

No

No

No

No

Yes

Yes

AppleTalk Access List Enhancements

No

No

No

No

Yes

No

No

No

No

Yes

Yes

Banyan VINES

No

No

No

No

No

No

No

No

No

No

No

Concurrent routing and bridging

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

DECnet Accounting

No

No

No

No

Yes

No

No

No

No

Yes

Yes

DECnet IV

No

No

No

No

Yes

No

No

No

No

Yes

Yes

DECnet V

No

No

No

No

Yes

No

No

No

No

Yes

Yes

Integrated Routing and Bridging (IRB)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IPX Named Access Lists

No

No

No

No

Yes

No

No

No

No

Yes

Yes

IPX SAP-after-RIP

No

No

No

No

Yes

No

No

No

No

Yes

Yes

LAN Extension Host

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Multiring

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

NLSP Enhancements

No

No

No

No

No

No

No

No

No

No

No

NLSP Multicast Support

No

No

No

No

No

No

No

No

No

No

No

Novell IPX

No

No

No

No

Yes

No

No

No

No

Yes

Yes

OSI

No

No

No

No

No

No

No

No

No

No

No

Transparent and translational bridging

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

XNS

No

No

No

No

No

No

No

No

No

No

No

Management
AutoInstall

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Automatic modem configuration

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Cisco Call History MIB Command-Line Interface

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Cisco IOS Internationalization

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

CNS Client for Cisco IOS (IPSec Policy Agent II)

(5)

No

No

Yes

No

No

No

No

Yes

Yes

No

No

Entity MIB (Phase I)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

HTTP Server

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

ISDN MIB RFC 2127

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Multicast Routing Monitor

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Process MIB

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

ROMMON Events and Alarms

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SNMP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SNMP Inform Request

No

No

No

No

No

No

No

No

No

No

No

SNMP Version 3

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Subnet Bandwidth Manager

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Telnet

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Virtual Profiles

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

VPDN MIB and Syslog Facility

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Multimedia and Quality of Service
CLI String Search

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Gateway Support for Alternate Gatekeeper

(7)

No

No

No

Yes

No

No

No

No

No

No

No

Generic traffic shaping

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Express RTP and TCP Header Compression

(7)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

H.235 Accounting and Security Enhancements for Cisco Gateways

(7)

No

No

No

Yes

No

No

No

No

No

No

No

H.323 Version 2

(5)

No

No

No

Yes

No

No

No

No

No

No

No

H.323 Multizone Enhancements

(7)

No

No

No

Yes

No

No

No

No

No

No

No

IP Multicast Load Splitting across Equal-Cost Paths

Yes

Yes

No

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

IP Multicast over ATM Point-to-Multipoint Virtual Circuits

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

IP Multicast over Token Ring LANs

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IP to ATM Class of Service (CoS

(7)

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

PIM Version 2

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Random Early Detection (RED)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Resource Reservation Protocol (RSVP)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

RTP Header Compression

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Stub IP Multicast Routing

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Other Routing
AURP

No

No

No

No

Yes

No

No

No

No

Yes

Yes

IPX RIP

No

No

No

No

Yes

No

No

No

No

Yes

Yes

NLSP

No

No

No

No

Yes

No

No

No

No

Yes

Yes

RTMP

No

No

No

No

Yes

No

No

No

No

Yes

Yes

SMRP

No

No

No

No

Yes

No

No

No

No

Yes

Yes

SRTP

No

No

No

No

Yes

No

No

No

No

Yes

Yes

Protocol Translation
LAT

No

No

No

No

No

No

No

No

No

No

No

PPP7

No

No

No

No

No

No

No

No

No

No

No

Rlogin

No

No

No

No

No

No

No

No

No

No

No

Telnet

No

No

No

No

No

No

No

No

No

No

No

TN3270

No

No

No

No

No

No

No

No

No

No

No

X.25

No

No

No

No

No

No

No

No

No

No

No

Remote Node
ARAP 1.0/2.0

No

No

No

No

Yes

No

No

No

No

Yes

Yes

Asynchronous master interfaces

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

ATCP

No

No

No

No

Yes

No

No

No

No

Yes

Yes

CPPP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

CSLIP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

DHCP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IP pooling

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IPX and ARAP on virtual asynch interfaces

No

No

No

No

No

No

No

No

No

No

No

IPXCP

No

No

No

No

Yes

No

No

No

No

Yes

Yes

MacIP

No

No

No

No

Yes

No

No

No

No

Yes

Yes

NASI

No

No

No

No

No

No

No

No

No

No

No

NetBEUI over PPP

No

No

No

No

No

No

No

No

No

No

No

PPP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SLIP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Scalability
Airline Product Set (ALPS)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Cisco IOS File System

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Entity MIB

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Expression MIB

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

OSPF Point to Multipoint

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Per Port Debugging (Conditionally Triggered Debugging)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SNMP Manager

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Security
3DES Network Security

(2)

No

No

No

No

No

No

Yes

Yes

Yes

No

No

Access lists

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Access security

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Additional Vendor-Proprietary RADIUS Attributes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Authenticating ACLs

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Automated Double Authentication

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Certificate Authority Interoperability

No

No

Yes

No

No

No

Yes

Yes

Yes

No

No

Cisco Secure Integrated Software

(7)

No

Yes

Yes

No

No

No

No

No

Yes

No

Yes

Encrypted Kerberized Telnet

No

No

No

No

No

No

No

No

No

No

No

Extended access lists

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Firewall Feature Set

No

Yes

Yes

No

No

No

No

No

Yes

No

Yes

Firewall Feature Set Enhancements

(5)

No

Yes

Yes

No

No

No

No

No

Yes

No

Yes

HTTP Security

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Internet Key Exchange Security Protocol

No

No

Yes

No

No

No

Yes

Yes

Yes

No

No

IPSec Network Security

No

No

Yes

No

No

No

Yes

Yes

Yes

No

No

Kerberized login

No

No

No

No

No

No

No

No

No

No

No

Kerberos V client support

No

No

No

No

No

No

No

No

No

No

No

Lock and key

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

MAC security for hubs

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

MD5 routing authentication

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

MS-CHAP Support

No

No

No

No

No

No

No

No

No

No

No

Named Method Lists for AAA Authentication & Accounting

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Network layer encryption (export controlled 56-bit DES)

No

No

Yes

No

No

No

Yes

Yes

Yes

No

No

Per-User Configuration

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Reflexive Access Lists

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Router authentication

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Subblock Phase 1

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

TACACS+

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

TCP Intercept

No

No

No

No

No

No

No

No

No

No

No

Vendor-Proprietary RADIUS Attributes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Switching
AppleTalk Routing over ISL and IEEE 802.10 in Virtual LANs

No

No

Yes

No

No

No

No

Yes

No

No

No

CLNS and DECnet Fast Switching over PPP

No

No

No

No

No

No

No

No

No

No

No

DECnet/VINES/XNS over ISL, includes:

  • Banyan VINES Routing over ISL Virtual LANs

  • DECnet Routing over ISL Virtual LANs

  • XNS Routing over ISL Virtual LANs

No

No

No

No

No

No

No

No

No

No

No

Enhanced ATM VC Configuration and Management

No

No

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Fast-Switched Policy Routing

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IOS STP Enhancements

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IPX Routing over ISL Virtual LANs

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Multiple ISDN Switch Types

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Terminal Services
LAT

No

No

No

No

No

No

No

No

No

No

No

Rlogin

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Telnet

No

No

No

No

No

No

No

No

No

No

No

TN3270

No

No

No

No

No

No

No

No

No

No

No

Virtual Templates for Protocol Translation

No

No

No

No

No

No

No

No

No

No

No

X.25 PAD

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Xremote

No

No

No

No

No

No

No

No

No

No

No

Voice
1- and 2-Port T1/E1 Multiflex VWICs

(7)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Busyout Monitor

(7)

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

BRI Voice over IP: VIC-2BRI-S/T-TE

(3)

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Digital T1 Packet Voice Trunk Network Modules

(7)

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Interactive Voice Response for Cisco Access

(7)

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Voice over Frame Relay Enhancements (FRF.11 and FRF.12)

(4)

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Voice over IP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

WAN Optimization
ATM PVC Management

No

No

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Bandwidth-on-demand

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Class-Based Weighted Fair Queueing

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Custom and priority queuing

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Dial backup

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Dial-on-demand

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

DRP Server Agent

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Header, link and payload compression

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

PAD Enhancements

No

No

No

No

No

No

No

No

No

No

No

PAD Subaddressing

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Snapshot routing

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Weighted fair queuing

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

WAN Services
802.1Q Support and ISL VLAN1

(3)

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Always On/ Dynamic ISDN (AO/DI)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Annex G (X.25) over Frame Relay

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

ATM LAN emulation: DECnet routing and Banyan VINES support

No

No

No

No

Yes

No

No

No

No

Yes

Yes

ATM LAN emulation: Hot Standby Router Protocol (HSRP) and Simple Server Redundancy Protocol (SSRP)

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

ATM LAN emulation: Rate queues for SVC per subinterface

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

ATM LAN emulation: UNI 3.1 signaling for ATM

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Bandwidth Allocation Control Protocol (BACP)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Combinet Packet Protocol (CPP)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Debit Card for Packet Telephony

(7)

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Dialer Profiles

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Dialer Watch

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

DNS-Based X.25 Routing

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Enhanced Local Management Interface (ELMI)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Frame Relay

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Frame Relay End-to-End Keepalive

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Frame Relay Enhancements

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Frame Relay MIB Extensions

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Frame Relay Router ForeSight

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Frame Relay SVC Support (DTE)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Frame Relay traffic shaping

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Half bridge/half router for CPP and PPP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

HDLC

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Interface Name Modularity

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IOS IEEE 802.1Q Support

No

No

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

IPXWAN 2.0

No

No

No

No

Yes

No

No

No

No

Yes

Yes

ISDN

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

ISDN Advice of Charge

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

ISDN Caller ID Callback

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

ISDN Dynamic Multiple Encaps for Dial-in

(4)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

ISDN Dynamic Multiple Encaps for Dial-in with Frame Relay Support

(7)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

ISDN Multiple Switch Type

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Layer 2 Forwarding---Fast Switching

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Leased-Line ISDN at 128 kbps

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Yes

Yes

Microsoft Point-to-Point Compression (MPPC)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Mobile IP

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

MS Callback

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Multicast Source Discovery Protocol (MSDP)

(7)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Multichassis Multilink PPP (MMP)

No

No

No

No

No

No

No

No

No

No

No

Multiport T1/E1 ATM Network Module with Inverse Multiplexing over ATM

(5)

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

National ISDN Switch Types

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

New and Changed Show Commands for the Cisco 2600 Series Routers

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Packet Telephony Settlement

(7)

No

No

No

No

No

No

No

No

No

No

No

PPP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

PPP over Frame Relay

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SMDS

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Stackable Home Gateway

No

No

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Switched 56

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Telnet Extensions for Dialout

No

No

No

No

No

No

No

No

No

No

No

Time-based Access Lists

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Virtual Private Dial-up Network (VPDN)

No

No

No

No

Yes

No

No

No

No

Yes

Yes

VPN Tunnel Management

(7)

No

No

No

No

Yes

No

No

No

No

Yes

Yes

X.25

(7)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

X.25 Closed User Groups

(7)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

X.25 Load Balancing

(3)

No

No

No

No

No

No

No

No

No

No

No

X.25 Local Acknowledgment

(7)

No

No

No

No

No

No

No

No

No

No

No

X.25 on ISDN B-Channel

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

X.25 on ISDN D-Channel

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

X.25 Protocol Engine

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

X.25 Remote Failure Detection

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

X.25 Switching between PVCs and SVCs

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

X.25 Switch Local Acknowledgment

(7)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

X.28 Emulation

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

1Cisco 2620 and 2621 only


Table 5: Feature List by Feature Set for the Cisco 2600 Series---Part 2 of 2
Features Feature Sets
In Enter-
prise
Plus 		Enter-
prise
Plus
IPSec
3DES 		Enter-
prise
Plus
IPSec
56 		Enter-
prise/
SNASw Plus 		Enter-
prise/
SNASw
Plus
IPSec
3DES 		Enter-
prise/
SNASw
Plus IPSec
56 		Enter-
prise
/FW/IDS
Plus
IPSec
3DES 		Enter-
prise
/FW/IDS
Plus
IPSec
56 		Remote Access Server
Connectivity
1FE2P Network Module

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Fast Ethernet (10/100 Mbps) Network Ports1

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Layer 2 Tunneling Protocol (L2TP)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

L2TP Dial Out

(5)

No

Yes

Yes

Yes

No

Yes

Yes

Yes

No

RIP Enhancements

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IBM Support
APPN High-Performance Routing

No

No

No

Yes

No

No

No

No

No

APPN MIB Enhancements

No

No

No

Yes

No

No

No

No

No

APPN Modularity Enhancements

No

No

No

Yes

No

No

No

No

No

APPN over Ethernet LAN Emulation

No

No

No

Yes

No

No

No

No

No

APPN Scalability Enhancements

No

No

No

Yes

No

No

No

No

No

BAN for SNA Frame Relay support

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Bisync Enhancements, include:

  • Bisync 3780 Support

  • BSC Extended Addressing

  • Block Serial Tunneling (BSTUN) over Frame Relay

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Bridging Code Rework

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Caching and filtering

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

DLSw+ Enhancements, include:

  • Backup Peer Extensions for Encapsulation Types

  • DLSw+ Border Peer Caching

  • DLSw+ MIB Enhancements

  • DLSw+ SNA Type of Service

  • LLC2-to-SDLC Conversion between PU4 Devices

  • NetBIOS Dial-on-Demand Routing

  • RIF Passthru

  • UDP Unicast Enhancement

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

DLSw+ Load Balancing Enhancements

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

DLSw+ Peer Group Cluster

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

DLSw+ RSVP

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Downstream PU concentration (DSPU)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Frame Relay SNA support (RFC 1490)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

FRAS Enhancements, include:

  • FRAS Boundary Network Node Enhancement

  • FRAS Dial Backup over DLSw+

  • FRAS DLCI Backup

  • FRAS Host

  • FRAS MIB

  • SRB over Frame Relay

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

IBU Modularity Enhancements

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Native Client Interface Architecture (NCIA) Server

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

NetView Native Service Point

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Polled asynch (ADT, ADPLEX)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

QLLC

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Response Time Reporter (RTR)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

RIF Passthru in DLSw+

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

SDLC integration

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

SDLC transport (STUN)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

SDLC-to-LAN conversion (SDLLC)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

SNA and NetBIOS WAN optimization via local acknowledgment

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

SNA Switching Services

(7)

No

No

No

Yes

Yes

Yes

No

No

No

SRB/RSRB

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

SRT

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

TG/COS

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

TN3270

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Tunneling of Asynchronous Security Protocols

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

IP/IPX Routing
Airline Product Set Enhancements

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Async over UDP

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

BGP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

BGP4

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Data Compression Advanced Interface Module (AIM)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Easy IP Phase 2-DHCP Server

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

EGP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Enhanced IGRP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Enhanced IGRP Optimizations

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

ES-IS

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Flow-based WRED

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Hot Standby Router Protocol (HSRP) over ISL in Virtual LAN Configurations

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

IP Enhanced IGRP Route Authentication

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IP Precedence for GRE Tunnels (GRE VPN)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IP RTP Priority

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IP Type of Service and Precedence for GRE Tunnels

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IS-IS

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

IS-IS Multiarea Support

(5)

No

No

No

No

No

No

No

No

No

Mobile IP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Multiple Hot Standby Router Protocol (M-HSRP)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Named IP Access Control List

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

NetFlow Policy Routing

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Network Address Translation (NAT)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

NHRP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

On Demand Routing (ODR)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

OS_IFSS

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

OSPF

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

OSPF Not-So-Stubby-Areas (NSSA)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

OSPF On Demand Circuit (RFC 1793)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

OSPF Packet Pacing

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

PGM Router Assist

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Policy-based routing

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Protocol-Independent Multicast (PIM) Version 2

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Response Time Reporter Enhancements

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

RTR Enhancements

(4)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

RIP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

RIP Version 2

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Service Assistance Agent (formerly RTR) Enhancements

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

TCP Selective Acknowledgments and Timestamps

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Web Cache Communications Protocol V2 (WCCPv2)

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

LAN Support
Apollo Domain

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

AppleTalk 1 and 21

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

AppleTalk Access List Enhancements

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Banyan VINES

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Concurrent routing and bridging

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

DECnet Accounting

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

DECnet IV

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

DECnet V

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Integrated Routing and Bridging (IRB)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IPX Named Access Lists

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IPX SAP-after-RIP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

LAN Extension Host

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Multiring

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

NLSP Enhancements

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

NLSP Multicast Support

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Novell IPX

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

OSI

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Transparent and translational bridging

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

XNS

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Management
AutoInstall

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Automatic modem configuration

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Cisco Call History MIB Command-Line Interface

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Cisco IOS Internationalization

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

CNS Client for Cisco IOS (IPSec Policy Agent II)

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Entity MIB (Phase I)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

HTTP Server

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

ISDN MIB RFC 2127

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Multicast Routing Monitor

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Process MIB

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

ROMMON Events and Alarms

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SNMP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SNMP Inform Request

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

SNMP Version 3

(4)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Subnet Bandwidth Manager

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Telnet

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Virtual Profiles

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

VPDN MIB and Syslog Facility

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Multimedia and Quality of Service
CLI String Search

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Gateway Support for Alternate Gatekeeper

(7)

No

No

No

No

No

No

No

No

No

Generic traffic shaping

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Express RTP and TCP Header Compression

(7)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

H.235 Accounting and Security Enhancements for Cisco Gateways

(7)

No

No

No

No

No

No

No

No

No

H.323 Version 2

(5)

No

No

No

No

No

No

No

No

No

H.323 Multizone Enhancements

(7)

No

No

No

No

No

No

No

No

No

IP Multicast Load Splitting across Equal-Cost Paths

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IP Multicast over ATM Point-to-Multipoint Virtual Circuits

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

IP Multicast over Token Ring LANs

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IP to ATM Class of Service (CoS

(7)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

PIM Version 2

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Random Early Detection (RED)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Resource Reservation Protocol (RSVP)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

RTP Header Compression

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Stub IP Multicast Routing

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Other Routing
AURP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IPX RIP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

NLSP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

RTMP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SMRP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

SRTP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Protocol Translation
LAT

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

PPP7

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Rlogin

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Telnet

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

TN3270

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

X.25

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Remote Node
ARAP 1.0/2.0

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Asynchronous master interfaces

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

ATCP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

CPPP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

CSLIP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

DHCP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IP pooling

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IPX and ARAP on virtual asynch interfaces

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IPXCP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

MacIP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

NASI

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

NetBEUI over PPP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

PPP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SLIP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Scalability
Airline Product Set (ALPS)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Cisco IOS File System

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Entity MIB

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Expression MIB

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

OSPF Point to Multipoint

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Per Port Debugging (Conditionally Triggered Debugging)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SNMP Manager

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Security
3DES Network Security

(2)

No

No

Yes

No

Yes

No

Yes

No

No

Access lists

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Access security

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Additional Vendor-Proprietary RADIUS Attributes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Authenticating ACLs

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Automated Double Authentication

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Certificate Authority Interoperability

No

Yes

Yes

Yes

Yes

No

Yes

Yes

No

Cisco Secure Integrated Software

(7)

No

No

No

Yes

Yes

No

No

No

No

Encrypted Kerberized Telnet

No

No

No

No

No

Yes

No

No

No

Extended access lists

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Firewall Feature Set

No

No

No

Yes

Yes

No

No

No

No

Firewall Feature Set Enhancements

(5)

No

No

No

No

No

No

Yes

Yes

No

HTTP Security

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Internet Key Exchange Security Protocol

No

Yes

Yes

Yes

Yes

No

Yes

Yes

No

IPSec Network Security

No

Yes

Yes

Yes

Yes

No

Yes

Yes

No

Kerberized login

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Kerberos V client support

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Lock and key

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

MAC security for hubs

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

MD5 routing authentication

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

MS-CHAP Support

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Named Method Lists for AAA Authentication & Accounting

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Network layer encryption (export controlled 56-bit DES)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Per-User Configuration

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Reflexive Access Lists

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Router authentication

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Subblock Phase 1

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

TACACS+

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

TCP Intercept

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Vendor-Proprietary RADIUS Attributes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Switching
AppleTalk Routing over ISL and IEEE 802.10 in Virtual LANs

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

CLNS and DECnet Fast Switching over PPP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

DECnet/VINES/XNS over ISL, includes:

  • Banyan VINES Routing over ISL Virtual LANs

  • DECnet Routing over ISL Virtual LANs

  • XNS Routing over ISL Virtual LANs

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Yes

Enhanced
ATM VC Configuration and Management

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Fast-Switched Policy Routing

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IOS STP Enhancements

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

IPX Routing over ISL Virtual LANs

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Multiple ISDN Switch Types

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Terminal Services
LAT

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Rlogin

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Telnet

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

TN3270

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Virtual Templates for Protocol Translation

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

X.25 PAD

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Xremote

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Voice
1- and 2-Port T1/E1 Multiflex VWICs

(7)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Busyout Monitor

(7)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

BRI Voice over IP:
VIC-2BRI-ST-TE

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Digital T1 Packet Voice Trunk Network Modules

(7)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Interactive Voice Response for Cisco Access

(7)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Voice over Frame Relay Enhancements (FRF.11 and FRF.12)

(4)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Voice over IP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

WAN Optimization
ATM PVC Management

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Bandwidth-on-demand

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Class-Based Weighted Fair Queueing

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Custom and priority queuing

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Dial backup

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Dial-on-demand

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

DRP Server Agent

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Header, link and payload compression

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

PAD Enhancements

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

PAD Subaddressing

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Snapshot routing

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Weighted fair queuing

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

WAN Services
802.1Q Support and ISL VLAN1

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Always On/ Dynamic ISDN (AO/DI)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Annex G (X.25) over Frame Relay

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

ATM LAN emulation: DECnet routing and Banyan VINES support

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

ATM LAN emulation: Hot Standby Router Protocol (HSRP) and Simple Server Redundancy Protocol (SSRP)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

ATM LAN emulation: Rate queues for SVC per subinterface

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

ATM LAN emulation: UNI 3.1 signaling for ATM

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Bandwidth Allocation Control Protocol (BACP)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Combinet Packet Protocol (CPP)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Debit Card for Packet Telephony

(7)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Dialer Profiles

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Dialer Watch

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

DNS-Based X.25 Routing

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Enhanced Local Management Interface (ELMI)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Frame Relay

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Frame Relay End-to-End Keepalive

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Frame Relay Enhancements

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Frame Relay MIB Extensions

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Frame Relay Router ForeSight

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Frame Relay SVC Support (DTE)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Frame Relay traffic shaping

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Half bridge/half router for CPP and PPP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

HDLC

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Interface Name Modularity

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IOS IEEE 802.1Q Support

No

Yes

Yes

Yes

No

Yes

Yes

Yes

No

IPXWAN 2.0

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

ISDN

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

ISDN Advice of Charge

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

ISDN Caller ID Callback

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

ISDN Dynamic Multiple Encaps for Dial-in

(4)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

ISDN Dynamic Multiple Encaps for Dial-in with Frame Relay Support

(7)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

ISDN Multiple Switch Type

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Layer 2 Forwarding---Fast Switching

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Microsoft Point-to-Point Compression (MPPC)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Mobile IP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

MS Callback

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Multicast Source Discovery Protocol (MSDP)

(7)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Multichassis Multilink PPP (MMP)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Multiport T1/E1 ATM Network Module with Inverse Multiplexing over ATM

(5)

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

National ISDN Switch Types

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

New and Changed Show Commands for the Cisco 2600 Series Routers

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Packet Telephony Settlement

(7)

No

No

Yes

No

No

No

No

No

No

PPP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

PPP over Frame Relay

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SMDS

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Stackable Home Gateway

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Switched 56

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Telnet Extensions for Dialout

No

No

No

No

No

No

No

No

Yes

Time-Based Access List

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Virtual Private Dial-up Network

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

VPN Tunnel Management

(7)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

X.25

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

X.25 Closed User Groups

(7)

No

No

No

No

No

No

No

No

No

X.25 Load Balancing

(3)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

X.25 Switch Local Acknowledgment

(7)

No

No

No

No

No

No

No

No

No

X.25 on ISDN B-Channel

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

X.25 on ISDN D-Channel

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

X.25 Protocol Engine

Yes

No

No

Yes

No

No

No

No

Yes

X.25 Remote Failure Detection

(5)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

X.25 Switching between PVCs and SVCs

Yes

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

X.28 Emulation

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

1Cisco 2620 and 2621 only

New and Changed Information

The following sections list the new hardware and software features supported by the Cisco 2600 series for Release 12.0 T.

Note The Cisco 2620 and Cisco 2621 series routers are only available with Cisco IOS Release 12.0 XC and Cisco IOS Release 12.0(3)T and later releases. The ISDN BRI Voice over IP Voice Interface Card is only available in Cisco IOS Release 12.0 XD and later releases.

New Hardware Features in Cisco IOS Release 12.0(7)T

Release 12.0(7)T supports the following new hardware features for the Cisco 2600 series.

1- and 2-Port T1/E1 Multiflex Voice/WAN Interface Cards on Cisco 2600 and 3600 Series Routers

Cisco T1/E1 Multiflex Voice/WAN interface cards (VWICs) support voice and data applications in the Cisco 2600 and 3600 series routers. The VWICs offer the WAN interface card (WIC) and the voice interface card (VIC) functionality in a variety of applications for enterprises and for service providers who supply customer premises equipment.

Multiflex VWICs support the following applications:

The following Multiflex VWICs are available:

Multiflex VWIC features include:

Per-channel T1/E1 data rates of 64 or 56 kbps for WAN services (Frame Relay or leased line)

For details, see the online feature module .

Digital T1 Packet Voice Trunk Network Modules on Cisco 2600 and 3600 Series Routers

Digital T1 packet voice trunk network modules for the Cisco 2600 and 3600 series routers allow enterprises or service providers, who supply the equipped routers as customer premises equipment, to deploy digital voice and fax relay. These modules receive constant bit-rate telephony information over T1 interfaces and can convert that information into a compressed format, so that the information can be transmitted as voice over IP.

The following high-density T1 network modules are available:

T1 digital voice over IP includes the following functionality:

For details, see the online feature module .

New Software Features in Cisco IOS Release 12.0(7)T

Release 12.0(7)T supports the following new software features for the Cisco 2600 series.

Busyout Monitor on Cisco 2600 and 3600 Series Routers

The Busyout Monitor feature is one aspect of Call Admission Control (CAC) that allows network administrators to use both a data network and the public switched telephone network (PSTN) to provide the best possible quality for Voice over IP (VoIP) calls. Although voice calls are routed across the data network whenever possible to take advantage of the cost savings provided by integrated applications, the Busyout Monitor allows network administrators to provide voice services through the PSTN in the event of a network interface failure.

If a locally connected LAN or WAN interface on a VoIP gateway fails, it busies out voice ports. This means that a connected private-branch exchange (PBX) or key system reroutes the call through the local PSTN.

For details, see the online feature module .

Cisco H.235 Accounting and Security Enhancements for Cisco Gateways

The Cisco H.323 gateway now supports the use of CryptoH323Tokens for authentication.

The CryptoH323Token Is defined in H.225 Version 2 and supports the following features:

With this release, Cisco H.323 gateways support three levels of authentication:

You can configure the level of authentication for the gateway by using the Cisco IOS software command line interface.

CryptoTokens for registration requests (RRQ), unregistration request (URQ), disengage request (DRQ) and the terminating side of admission request (ARQ) messages contain information about the gateway that generated the token, including the gateway ID (which is the H.323 ID configured on the gateway) and the gateway password.

CryptoTokens for the originating side ARQ messages contain information about the user who is placing the call, including the user ID, and personal identification number (PIN).

Cisco H.323 Multizone Enhancements

Cisco H.323 Multizone enhancements allow a Cisco gateway to provide information to the gatekeeper with additional fields in the RAS (registration, admission, and status) messages.

Previously, the source gateway attempted to set up a call to a destination IP address as provided by the gatekeeper in an Admission Confirm (ACF) message. If the gatekeeper was unable to resolve the destination E.164 phone number to an IP address, the incoming call was terminated.

This version of the H.323 software adds support to allow a gatekeeper to provide additional destination information and modify the destinationInfo field in the ACF. The gateway includes the canMapAlias associated destination information in setting up the call to the destination gateway.

With the canMapAlias functionality, this version includes support for the gatekeeper to indicate to the gateway that the call should be sent to a new E.164 number. The gatekeeper indicates this by sending an Admission Confirm message with an IP address of 0.0.0.0 in the destCallSignalAddress field and the new destination E.164 phone number in the destinationInfo field.

The gateway receiving such an ACF falls back to routing the call based on this new E.164 address and performing a new lookup of the gateway's configured dial plan. This can result in the call being routed back to the PSTN or to an H.323 endpoint.

Cisco Secure Integrated Software H.323 V2 and RTSP Protocol Inspection

Cisco Secure Integrated Software (Cisco Secure IS, previously known as the Cisco IOS Firewall Feature Set) enhancements provide audio, video, and multimedia application support.

The Cisco Secure IS H.323 V2 and Real-Time Streaming Protocol (RTSP) inspection feature provides firewall support for multimedia applications that require delivery of data with real-time properties such as audio and videoconferencing.

Cisco Secure IS has been enhanced to inspect these multimedia application protocols:

RTSP
H.323
H.323 V2

Debit Card for Packet Telephony on Cisco Access Platforms

The Debit Card feature provides:

Dynamic Multiple Encapsulations for Dial-In over ISDN with Frame Relay Support

The Dynamic Multiple Encapsulations feature allows incoming calls over ISDN to be assigned an encapsulation type such as Frame Relay, PPP, and X.25 based on calling line identification (CLID) or DNIS. It also allows various encapsulation types and per-user configurations on the same ISDN B channel at different times according to the type of incoming call.

The Dynamic Multiple Encapsulations feature allows per-user configuration for each dial-in caller on any ingress ISDN B channel on which encapsulation can be run independently from other B channels on the same ISDN link. The caller is identified by CLID (caller ID) or DNIS to ensure that only incoming calls with authorization and valid user profiles are accepted. When PPP is used, authentication and profile binding can also be done by PPP name.

In addition, a large set of user profiles can be stored in dialer profiles locally or on a remote AAA server. (For large scale dial-in, storing user-specific configurations on a remote server becomes necessary for enhancing expandability and local memory efficiency.) However, whether stored locally or on a remote AAA server, the user-specific encapsulation and configuration can be applied to individual B channels dynamically and independently.

Dynamic multiple encapsulation is especially important in Europe where ISDN is relatively inexpensive and maximum use of all 30 B channels on the same ISDN link is desirable. Further, the feature removes the need to statically dedicate channels to a particular encapsulation and configuration type, and improves channel usage.

Express RTP and TCP Header Compression

Formerly, if compression of TCP or Real-Time Transport Protocol (RTP) headers was enabled, compression was performed in the process-switching path. That meant that packets traversing interfaces that had TCP or RTP header compression enabled, were queued and passed up to the process to be switched. This procedure slowed down transmission of the packet; therefore, some users preferred to fast switch uncompressed TCP and RTP packets.

Now, if TCP or RTP header compression is enabled, compression occurs by default in the fast-switched path or the Cisco Express Forwarding-switched (CEF-switched) path, depending on which switching method is enabled on the interface. Furthermore, the number of TCP and RTP header compression connections was increased to a thousand connections each.

If neither fast switching nor CEF switching is enabled and TCP or RTP header compression is enabled, compression occurs in the process-switched path as before.

Gateway Support for Alternate Gatekeeper

The Alternate Gatekeeper feature provides redundancy for a gatekeeper in a system where gatekeepers are used. This enhancement allows a gateway to use up to two alternate gatekeepers as a backup in case a primary gatekeeper failure.

A gatekeeper manages H.323 endpoints in a consistent manner, allowing the endpoints to register with the gateway and to locate another gatekeeper.

The gatekeeper provides logic variables for proxies or gateways in a call path to:

You can configure multiple gatekeepers to communicate with one another either by integrating their addresses into the Domain Naming System (DNS) or by using Cisco IOS configuration options.

Interactive Voice Response for Cisco Access

Cisco is building voice gateways to connect more traditional telephone networks to voice over IP (VoIP) networks. Customers who are installing VoIP networks often need a mechanism at the gateway to present a customized interface to the caller. The Interactive Voice Response (IVR) feature was first made available to customers with Cisco IOS Release 11.(3)NA2 with the Service Provider VoIP feature set. IVR, with the addition of scripts using Tool Command Language (TCL), is being introduced with Cisco IOS Release 12.0(4)XH. These TCL IVR scripts are the default scripts that must be used with the IVR application in Cisco IOS Release 12.0(4)XH and future releases.

IVR consists of simple voice prompting and digit collection to gather caller information for authenticating the user and identifying the destination. IVR provides the ability to:

IP to ATM Class of Service (CoS)

The IP to ATM Class of Service feature maps quality of service (QoS) characteristics between IP and ATM, using network modules on the Cisco 2600 and 3600 series routers. The resulting feature makes it possible to support different service classes (sometimes termed "differential service classes") in network service provider environments.

IP to ATM CoS is designed to provide a true working solution to class-based services, without the investment of new ATM network infrastructures. Now networks can offer different services across the entire wide-area network, not just the routed portion. Mission-critical applications can be given exceptional service during periods of high network usage and congestion. In addition, noncritical traffic can be restricted in its network usage, which ensures greater QoS for more important traffic and user types.

IP to ATM CoS supports configuration of both a single ATM virtual circuit (VC) and VC bundles

Single ATM VC Support and Management

IP to ATM CoS support for a single ATM VC allows network managers to use existing features, such as committed access rate (CAR) or policy-based routing to classify and mark different IP traffic by modifying the IP Precedence field in the IPv4 packet header (PBR). Subsequently, Weighted Random Early Detection (WRED) can be configured on a per-VC basis so that the IP traffic is subject to different drop probabilities (and therefore priorities) as IP traffic coming into a router competes for bandwidth on a particular VC.

The Cisco 2600 and 3600 series ATM network modules provide the ability to shape traffic on each VC according to the ATM service category and traffic parameters employed. When you use the IP to ATM CoS feature, congestion is managed entirely at the IP layer by WRED running on the routers at the edge of the ATM network.

ATM VC Bundle Support and Management

ATM VC bundle management allows users to:

Each VC in a bundle has its own ATM traffic class and ATM traffic parameters. You can apply attributes and characteristics to discrete VC bundle members or you can apply them collectively at the bundle level.

Using VC bundles, you can:

To determine which bundled VC should forward a packet to its destination, the ATM VC bundle management software matches precedence levels between packets and VCs in the following way:

Note The ATM VC bundle management feature allows you to configure how traffic will be redirected in the event that the VC to which a packet was directed goes down.

The support of multiple parallel ATM VCs allows you to create stronger service differentiation at the IP layer. For instance, you might want to provide IP traffic belonging to real-time CoS (such as Voice over IP traffic) on an ATM VC with strict constraints constant bit rate (CBR) or variable bit rate (VBR-rt PVC, for example), while transporting traffic other than real-time traffic over a more elastic ATM available bit rate (ABR) permanent virtual circuit (PVC). Using a configuration like this allows you to fully utilize your network capacity. You could also elect to transport best-effort IP traffic over a uncommitted bit rate (UBR) PVC---UBR is effectively ATM's version of best-effort service.

Benefits
Restrictions

The IP to ATM CoS feature is supported on both the 2600 and 3600 series routers with the following restrictions:

Prerequisites

The IP to ATM CoS feature requires ATM PVC management and Cisco Express Forwarding (CEF) switching functionality. It also requires that the remote router run a version of Cisco IOS software that supports IP to ATM CoS with VC bundle management.

To use this feature, you should be familiar with the following QoS features:

Per-VC WRED applies the WRED algorithm independently to each per-VC queue. The WRED parameters are configurable on a per-VC basis so that congestion management can be configured as appropriate for each VC. Per-VC WRED statistics maintain per-flow and per-VC statistics based on IP Precedence.
Per-VC Class-Based WFQ (CBWFQ) allows you to apply CBWFQ functionality, normally applicable at the interface or subinterface levels only, to an individual VC configured for IP to ATM CoS. You can use this extension to IP to ATM CoS to apply either class-based WFQ (CBWFQ) or flow-based WFQ on a per-VC basis.
CBWFQ extends the flow-based WFQ functionality to provide support for user-defined classes. CBWFQ allows you to define traffic classes that are based on certain match criteria such as access control lists, input interfaces names, protocols, and quality of service (QoS) labels. Once a class has been defined according to its match criteria, you can assign it characteristics. To characterize a class, you assign it bandwidth, weight, and maximum packet limit. The bandwidth assigned to a class is the minimum bandwidth delivered to the class during congestion. Also, to characterize a class, you specify the queue limit for that class, which is the maximum number of packets allowed to accumulate in its queue. Packets belonging to a class are subject to the bandwidth and queue limits that characterize the class.
After you define traffic classes, you can configure one or more of them in a policy map to be attached as a service policy. CBWFQ allows you to create policy maps and attach them to interfaces or subinterfaces as service policies. The IP to ATM CoS, per-VC WFQ and CBWFQ feature allows you to create a policy map using standard CBWFQ, then apply the map to a VC to be used as a service policy for that VC. For complete information on CBWFQ, see the Cisco IOS Release 12.0(5)T feature module titled Class-Based Weighted Fair Queueing .

Documentation for these features can be found on the Documentation CD-ROM and on Cisco Connection Online (CCO).

Low Latency Queueing (CSCdm84810)

The Low-Latency Queueing (LLQ) featurette brings strict priority queueing to Class-Based Weighted Fair Queueing (CBWFQ). Strict priority queueing allows delay-sensitive data, such as voice, to be dequeued and sent first (before packets in other queues are dequeued), giving delay-sensitive data preferential treatment over other traffic.

Without LLQ, CBWFQ provides weighted fair queueing based on defined classes with no strict priority queue available for real-time traffic. CBWFQ allows you to define traffic classes and then assign characteristics to that class. For example, you can designate the minimum bandwidth delivered to the class during congestion. This scheme poses problems for voice traffic, which is largely intolerant of delay---especially variation in delay. The delay introduces irregularities of transmission manifesting as jitter in the heard conversation.

The LLQ feature provides strict priority queueing for CBWFQ, reducing jitter in voice conversations. Configured by using the priority command, LLQ enables use of a single, strict priority queue within CBWFQ at the class level, allowing you to direct traffic belonging to a class to the CBWFQ strict priority queue.

Although it is possible to enqueue various types of real-time traffic to the strict priority queue, we strongly recommend that you direct only voice traffic to it. Voice traffic is well-behaved, whereas other types of real-time traffic are not. Furthermore, voice traffic requires that delay be nonvariable in order to avoid jitter. Real-time traffic, such as video, can introduce variation in delay, thereby thwarting the steadiness of delay required for successful voice traffic transmission.

When the bandwidth has been exceeded during congestion, policing is used to drop packets. Voice traffic enqueued to the priority queue is UDP-based; therefore it is not adaptive to the early packet drop characteristic of Weighted Random Early Detection (WRED).

When congestion occurs, traffic destined for the priority queue is metered to ensure that the bandwidth allocation configured for the class to which the traffic belongs is not exceeded.

Multicast Source Discovery Protocol

Multicast Source Discovery Protocol (MSDP):

Each PIM-SM domain uses its own RPs and does not depend on RPs in other domains. An RP runs MSDP over TCP to discover multicast sources in other domains.
An RP in a PIM-SM domain has an MSDP peering relationship with MSDP-enabled routers in another domain. The peering relationship occurs over a TCP connection where primarily a list of sources sending to multicast groups is exchanged. The TCP connections between RPs are achieved by the underlying routing system. The receiving RP uses the source lists to establish a source path.
The purpose of this topology is to have domains discover multicast sources in other domains. If the multicast sources are of interest to a domain that has receivers, multicast data is delivered over the normal source-tree building mechanism in PIM-SM.

Packet Telephony Settlement

Open Settlement Protocol (OSP) Clearinghouse solution for Cisco Packet Telephony Gateway allows similar service providers to exchange traffic with other service providers without establishing multiple bilateral peering agreements.

SNA Switching Services

SNASw provides an easier way than earlier methods to design and implement networks with Systems Network Architecture (SNA) routing requirements. Previously, this network design was accomplished using Advanced Peer-to-Peer Networking (APPN) with full network node (NN) support in the Cisco router. This type of support provided the SNA routing functionality needed, but was inconsistent with the trends in Enterprise networks today. The corporate intranet is replacing the SNA WAN. Enterprises are replacing their traditional SNA network with an IP infrastructure that supports traffic from a variety of clients, using a variety of protocols, requiring access to applications on a variety of platforms, including SNA applications on Enterprise servers.

While SNA routing is still required when multiple servers must be accessed, the number of nodes required to perform this function is decreasing as the IP infrastructure grows and as the amount of native SNA traffic in the network decreases.

SNASw enables an enterprise to develop their IP infrastructure, while meeting SNA routing requirements.

TCLWare

The Debit Card for Packet Telephony on Cisco Access Platforms feature requires the use of both Audio Files and TCL Scripts. Unzip and download the files to your TFTP server.

In addition, download the audio files and TCL scripts from the Access Products Service and Support site on CCO at the following "TCLWare" location:

http://www.cisco.com/kobayashi/sw-center/sw-access.shtml

X.25 Closed User Groups

The X.25 specification for Closed User Groups (CUG):

Note Previously, Cisco supported only the ability to specify the CUG value but did not enforce restriction. Cisco currently enforces this security restriction.

X.25 Switch Local Acknowledgment

Cisco offers an X.25 switch function that creates virtual connections (VC) by connecting channels between X.25 class services.

The following X.25 class services are supported:

The current Cisco implementation provides end-to-end acknowledgment, which means that flow control or window and packet size acknowledgment is between the originating and terminating data terminal equipment (DTE).

Acknowledgment is not local to the DTE and data communications equipment (DTE), and the overall effect is low throughput.

VPN Tunnel Management (CSCdk51134 and CSCdm52604)

The Virtual Private Network (VPN) Tunnel Management feature provides network administrators with two new functions for managing VPN tunnels:

These functions can be used on either end of a VPN tunnel---the Network Access Server (NAS)---or on the home gateway.

When this feature is enabled, Multichassis Multilink PPP (MMP) Layer 2 Forwarding (L2F) tunnels can still be created and established.

New Hardware Feature in Cisco IOS Release 12.0(5)T

The following new hardware feature is supported by the Cisco 2600 series for Release 12.0(5)T.

Multiport T1/E1 ATM Network Modules with Inverse Multiplexing over ATM on Cisco 2600 and 3600 Series Routers

Four- and eight-port T1 and E1 Inverse Multiplexing for ATM (IMA) network modules for the Cisco 2600 and 3600 series routers provide four or eight T1 or E1 ATM links that can be combined to appear as a single physical link. Aggregation of multiple T1/E1 links by IMA increases bandwidth inexpensively to allow WAN uplinks at high speeds, ranging to 12.288 Mbps for T1, and to 15.36 Mbps for E1.

The Multiport T1/E1 ATM IMA network modules support the following features:

New Software Features in Cisco IOS Release 12.0(5)T

The following new software features are supported by the Cisco 2600 series for Release 12.0(5)T.

AAA Server Group

The AAA server-group feature introduces a way to group the existing server hosts. The server-group feature allows the user to select a subset of the configured server hosts and use them for a particular service.

A server-group is a list of server hosts of a particular type. Currently supported server host types are Remote Authentication Dial In User Service (RADIUS) server hosts and Terminal Access Controller Access Control System+ (TACACS+) server hosts. Server-group is used in conjunction with a global server host list. The server-group lists the IP addresses of the selected server hosts.

Airline Product Set Enhancements

The Airline Product Set Enhancements feature, ALPS phase III, provides support for Mapping of Airline Traffic over Internet Protocol (MATIP). MATIP is an industry standard protocol for transporting airline protocol traffic across a TCP/IP network. This feature enables the end-to-end delivery of ALC and UTS data streams between a Cisco router and the mainframe using TCP/IP. This feature removes the X.25 (AX.25 or EMTOX) requirements for communication with the host reservation system by enabling TCP/IP communication between the router and the airline host reservation system.

Asynchronous Serial Traffic over UDP

The Asynchronous Serial Traffic over UDP feature provides the ability to encapsulate asynchronous data into UDP packets and unreliably send this data without establishing a connection with a receiving device.

You load the data you want to send through an asynchronous port, and then send it, optionally, as a multicast or a broadcast. The receiving device(s) can then receive the data whenever it wants. If the receiver ends reception, the transmission is unaffected.

This process is referred to as UDP Telnet (UDPTN), although it does not (and cannot) use the Telnet protocol. UDPTN is similar to Telnet in that both are used to send data, but UDPTN is unique in that it does not require a connection with a receiving device.

Class-Based Weighted Fair Queuing

The Class-Based Weighted Fair Queuing (CBWFQ) feature extends the standard WFQ functionality to provide support for user-defined traffic classes. For CBWFQ, you define traffic classes based on match criteria including protocols, access control lists (ACLs), and input interfaces. Packets satisfying the match criteria for a class constitute the traffic for that class. A queue is reserved for each class, and traffic belonging to a class is directed to the queue of that class.

CNS Client for Cisco IOS Software

Cisco Networking Services (CNS) Client feature for Cisco IOS software enables authenticated directory access. CNS Client for Cisco IOS software includes the following components:

LDAP V.3 client functionality enables Cisco IOS software-based applications to securely authenticate to a CNS for Active Directory (CNS/AD) server using Kerberos V.5 as security protocol to retrieve or store information such as policy and configuration data. Cisco IOS software-based applications publish or subscribe to events using CNS event services client, enabling external applications using the application programming interface (API) features of CNS to receive events or publish events to the Cisco IOS device. This Cisco IOS software-based device will use CNS locator services client to locate the nearest directory server using Domain Name System. The administrator need not configure the device to locate the nearest directory server.

All the above-mentioned functionality is intended for use by internal Cisco IOS application developers. CNS IPSec VPN provisioning agent enables the router to retrieve IPSec policies stored in the CNS/AD server and configure itself, automating the provisioning of customer premises equipment devices for IPSec VPN. CNS provisioning agent enables Cisco IOS device to be provisioned using CNS event services.

DLSw+ Ethernet Redundancy

The DLSw+ Ethernet Redundancy feature provides redundancy in an Ethernet environment. It enables DLSw+ to support parallel paths between two points in an Ethernet environment, ensuring resiliency in the case of a router failure and providing load balancing for traffic load.

DLSw+ could provide redundancy prior to this feature in a Token Ring environment or via backup peers. When an end station on an Ethernet LAN had multiple active paths into a DLSw+ network, problems occurred.

Redundancy is not possible in an Ethernet environment because, unlike Token Ring, it does not have a RIF field in its packet. The RIF notifies a router of the path a packet has traveled by tracking each ring number and bridge it travels along a path. If a bridge notices that the next ring matches a ring already in the RIF, then the frame is not copied on to that ring. The RIF prevents unreliable local reachability information, circuit contention, and undetected looping explorers.

DNS-Based X.25 Routing

Managing a large TCP/IP network requires accurate and up-to-date maintenance of IP addresses and X.121 address mapping information on each router database in the network. Currently, this data is managed manually. Because these addresses are constantly being added and removed in the network, the routing table of every router frequently needs to be updated, which is a time-consuming and error-prone task.

X.25 has long operated over an IP network, specifically by using Transmission Control Protocol (TCP) as a reliable transport mechanism. This method is known as X.25 over TCP (XOT). However, large networks and financial legacy environments experienced problems with the amount of route configuration that needed to be performed manually because each router switching calls over TCP needed every destination configured. Every destination from the host router needed a static IP route statement, and for larger environments, these destinations could be as much as several thousand per router. Until now, the only way to map X.121 addresses and IP addresses was on a one-to-one basis by using the x25 route x121address xot ipaddress command.

The solution to this problem was to centralize route configuration that routers could then access for their connectivity needs. This centralization is the function of the DNS-Based X.25 Routing feature because the DNS server is a database of all domains and addresses on a network.

Dynamic Multiple Encapsulations for Dial-In over ISDN

The Dynamic Multiple Encapsulations feature adds Frame Relay Support and includes the following capabilities:

Dynamic multiple encapsulation is especially important in Europe where ISDN is relatively inexpensive and maximum use of all 30 B channels on the same ISDN link is desirable.

Firewall Feature Set Enhancements

The Cisco IOS Firewall feature set, available for a wide range of Cisco router platforms, adds more depth and flexibility to existing Cisco IOS software security capabilities, enriching features such as authentication, encryption, and failover with robust firewall functionality and intrusion detection. A Cisco IOS software-based, integrated firewall solution scales to meet the bandwidth and performance requirements of any network. It also maximizes a Cisco router investment by combining multiprotocol routing functionality with sophisticated security policy enforcement throughout the network.

The Cisco IOS Firewall feature set delivers cost-effective perimeter security packaged with advanced features like stateful, application-based filtering, dynamic per-user authentication and authorization, defense against network attacks, Java blocking, and real-time alerts. Because it is completely interoperable with Cisco IOS software features including NAT, VPN tunneling protocols, Cisco Express Forwarding (CEF), AAA extensions, Cisco encryption technology, and Cisco IOS IPSec, it is a complete, integrated VPN solution.

Frame Relay End-to-End Keepalive

The Frame Relay End-to-End Keepalive feature enables the router to keep track of permanent virtual circuit (PVC) status, independent of the switches in the Frame Relay network. The routers at both ends of a PVC in a Frame Relay network engage in a keepalive session where one router issues keepalive messages and the router at the other end of the PVC connection responds. The time interval for the keepalive is configurable and is enabled on a per-PVC basis. As long as the keepalive-issuing router receives response messages, the PVC status is up. When response messages are not received (because of line failure, a faulty switch in the Frame Relay network, or a router failure), the PVC is down. This mechanism enables bidirectional communication of PVC status to both routers at the ends of a PVC connection.

H.323 Version 2 Support (Gatekeeper and Proxy Features)

The H.323 Version 2 Support feature upgrades Cisco IOS software to comply with the mandatory requirements in the version 2 specification. This upgrade enhances the existing Voice over IP (VoIP) Gateway, the Multimedia Conference Manager (gatekeeper and proxy), and the DTMF digital relay using H.245.

DTMF is the tone generated on a touch-tone telephone when you press keypad digits. The tones are compressed into a single stream at one end of a call and decompressed at the other end by using H.245 messages. However, this compression and decompression can lead to distortion, depending upon the codec used. Thus, the DTMF-relay is used to configure one of three methods to transport DTMF tones generated after the call is established out-of-band. The three methods are:

H.323 Version 2 defines a lightweight registration procedure that requires full registration for initial registration, but uses an abbreviated renewal procedure to update the gatekeeper and minimize overhead. Lightweight registration requires each endpoint to specify a Time To Live (TTL) value in its Registration Request (RRQ) message.

The H.323 Version 2 gateway supports the registration of fully qualified E.164 numbers with the gatekeeper for telephones connected directly to the gateway. Tunneling through H.225 User-to-User Information Element (UUIE) facilitates transparent handling of supplementary services between two endpoints through a VoIP network. This tunneling eliminates the need to interpret various supplementary signaling messages in the VoIP gateways.

H.323 Version 2 Gatekeeper selects a destination gateway by choosing from among all gateways registered in a zone by allowing you to assign selection priorities to these gateways based on the dialed prefix. Gateway resource reporting allows the gateway to notify the gatekeeper when H.323 resources are getting low. The gatekeeper uses this information to determine which gateway it will use to complete a call. The gatekeeper maintains a separate gateway list, ordered by priority, for each of its zone-prefixes.

IP RTP Priority

The new IP RTP Priority feature provides a strict priority queueing scheme for delay-sensitive data such as voice. Voice traffic can be identified by its Real-Time Transport Protocol (RTP) port numbers and classified into a priority queue configured by using the ip rtp priority command. The result is that voice is serviced as strict priority in preference to other nonvoice traffic.

This feature extends and improves on the functionality offered by the IP RTP Reserve feature by allowing you to specify a range of UDP/RTP ports whose voice traffic is guaranteed strict priority service over any other queues or classes using the same output interface. Strict priority means that if packets exist in the priority queue, they are dequeued and sent first---that is, before packets in other queues are dequeued. It is recommended that you use the ip rtp priority command instead of the ip rtp reserve command for voice configurations.

ISDN Cause Code Override

the ISDN Cause Code Override function overrides cause codes that are sent to ISDN applications. Currently, the Cisco IOS software contains ISDN cause codes that handle specific functions such as modem availability and resource pooling. The ISDN Cause Code Override feature is more general in its functionality and will override the specific ISDN cause codes.

When the command associated with this feature is implemented, the configured cause codes are sent to the switch; otherwise, default cause codes of the application are sent.

To override an ISDN cause code, enter the following command:

isdn disconnect-cause {cause-code-number | busy | not-available}

where cause-code-number is a cause code number from 1 to 127.

IS-IS Multiarea Support

As IS-IS networks grow, they are usually organized into a backbone area (Level 2) connected to local areas (Level 1). Routers establish Level 1 adjacencies to perform local area routing and Level 2 adjacencies to perform routing between Level 1 areas. Previously, a Cisco router could route between the backbone (Level 2) area and at most a single Level 1 area.

The IS-IS Multiarea Support feature supports configuration of multiple Level 1 IS-IS areas on a single router. This configuration is especially useful in networks where devices support only Level 1 routing and are organized in a number of small Level 1 areas that cannot be aggregated for performance reasons.

Layer 2 Tunneling Protocol Dial-Out

The Layer 2 Tunneling Protocol (L2TP) Dial-Out feature enables L2TP Network Servers (LNSs) to tunnel dial-out VPDN calls using L2TP as the tunneling protocol. This feature enables a centralized network to efficiently and inexpensively establish a virtual point-to-point connection with any number of remote offices.

Using the L2TP Dial-Out feature, Cisco routers can carry both dial-in and dial-out calls in the same L2TP tunnels.

Previously, only dial-in VPDN calls were supported.

L2TP dial-out involves two devices: an LNS and an L2TP Access Concentrator (LAC). When the LNS wants to perform L2TP dial-out, it negotiates an L2TP tunnel with the LAC. The LAC then places a PPP call to the client(s) the LNS wants to dial-out to.

Maximum User Links

This feature provides a method to limit the number of inbound connections a user can establish with a device. This maximum connection limit is only imposed on links that have name authnetication configured. Each PPP multilink connection is counted as one connection.

The User Maxlink features enables ISPs to limit the number of inbound connections a user can establish so that they can provide various levels of subscriptions at different costs. Users who desire more bandwidth can be charged a higher rate to establish multiple connections, while users who require only a single connection can be charged a discounted rate.

Multicast Routing Monitor

The Multicast Routing Monitor (MRM) feature is a management diagnostic tool that provides network fault detection and isolation in a large multicast routing infrastructure. It is designed to notify a network administrator of multicast routing problems in near real time.

MRM has three components that play different roles: the Manager, the Test Sender, and the Test Receiver. The Manager can reside on the same device as the Test Sender or Test Receiver. You can test a multicast environment by using test packets (perhaps before an upcoming multicast event), or you can monitor existing IP multicast traffic.

You create a test based on various test parameters, name the test, and start the test. The test runs in the background and the command prompt returns. If the Test Receiver detects an error (such as packet loss or duplicate packets), it sends an error report to the router configured as the Manager. The Manager immediately displays the error report. Also, by issuing a certain show command, you can see the error reports, if any. You then troubleshoot your multicast environment as normal, perhaps by using the mtrace command from the source to the Test Receiver. If using the show command displays no error reports, the Test Receiver is receiving test packets without loss or duplicates from the Test Sender.

Multimedia Conference Manager Enhancements

Multimedia Conference Manager provides gatekeeper and proxy capabilities required for service provisioning and management of H.323-compliant networks. It conforms to the H.323 standard (version 1) for transmitting audio, video, and data conferencing data on an IP-based internetwork. The Multimedia Conference Manager Enhancements feature provides additional functionality for the gatekeeper endpoint. It provides:

PAD French Enhancement

Extended dialog mode for packet assembler/disassembler (PAD) service signals is now available in the French language as well as English with the PAD French Enhancement. The French language service signals will be maintained in a table. When configured for French language via PAD parameter 6, the PAD service signals will map to this table, giving the appropriate French equivalent output. The internal table maintenance will be based upon the contents of the Annex-C/X.28 standard. Section 3.5/X.28 outlines Parameter 6 and how it relates to extended mode dialog in multiple languages.

PGM Router Assist

The PGM Router Assist feature allows Cisco routers to support the optimal operation of Pragmatic General Multicast (PGM). The PGM Reliable Transport Protocol itself is implemented on the hosts of the customer.

PGM is a reliable multicast transport protocol for applications that require ordered, duplicate-free, multicast data delivery from multiple sources to multiple receivers. PGM guarantees that a receiver in a multicast group either receives all data packets from transmissions and retransmissions, or that it can detect unrecoverable data packet loss. PGM is intended as a solution for multicast applications with basic reliability requirements. It is network-layer independent; The Cisco implementation of the PGM Router Assist feature supports PGM over IP.

Service Assurance Agent

The Service Assurance (SA) Agent is both an enhancement to and a new name for the Response Time Reporter (RTR) feature that was introduced in Cisco IOS Release 11.2. The feature allows you to monitor network performance by measuring key Service Level Agreement metrics, such as response time, network resources, availability, jitter, connect time, packet loss, and application performance.

With Cisco IOS Release 12.0(7)T, the SA Agent provides new capabilities that enable you to:

Subnetwork Bandwidth Manager

Resource Reservation Protocol (RSVP) is a signaling mechanism that supports request of specific levels of service, such as reserved bandwidth from the network. RSVP and its service class definitions are largely independent of the underlying network technologies. This independence requires that a user define the mapping of RSVP onto subnetwork technologies.

The Subnetwork Bandwidth Manager (SBM) feature answers this requirement for RSVP in relation to IEEE 802-based networks. SBM specifies a signalling method and protocol for LAN-based admission control for RSVP flows. SBM allows RSVP-enabled routers and Layer 2 and Layer 3 devices to support reservation of LAN resources for RSVP-enabled data flows. The SBM signaling method is similar to that of RSVP itself. SBM protocol entities have the following features:

Tunnel Endpoint Discovery

IP Security Protocol (IPSec) requires a peer router to be statically configured before initiating an Internet Key Exchange (IKE). An IKE is necessary to encrypt and decrypt packets. The Cisco router crypto maps require the capability to dynamically determine the IPSec peer. The Tunnel Endpoint Discovery protocol automatically discovers remote tunnel endpoints and enables secure IPSec communications.

Dynamic Tunneling Endpoint Discovery allows IPSec to scale to larger networks by reducing the multiple encryptions, reducing the setup time, and allowing for simple configurations on participating peer routers. Each node has a simple configuration that defines the local network that the router is protecting and the IPSec transforms required, if any.

Voice over Frame Relay Queuing Enhancement

When there are multiple sets of flows being handled by weighted fair queueing (WFQ), the algorithm provides the low weight/reserved queued voice packets with higher priority but only until some of the other data packets have waited enough time and therefore it is now their turn to be dequeued. Even if interleaving is active, the WFQ algorithm will not dequeue a voice packet until these data packets are transmitted. This causes voice quality problems.

The solution consists of adding a special queue at the PVC level where all VoFR packets will be queued. This special queue runs in parallel to the WFQ and is serviced before any of the WFQs.

As of this release, reserved queues are no longer required to support VoFR.

VPDN Group Reorganization

The virtual private dialup network (VPDN) Group Reorganization feature organizes the VPDN group commands into a new hierarchy.

Along with one of the four VPDN services, VPDN groups can now suppor the following LNS VPDN services:

VPDN groups can now suppor the following LAC VPDN services:

A VPDN group can act as either an LNS or a LAC, but not both. But individual routers can have both LNS VPDN groups and LAC VPDN groups.

To facilitate this reorganization, the VPDN group now includes four new command modes to support the service. These new command modes are accessed from VPDN group mode and are generically called VPDN subgroups.

VPDN Per-User Configuration

In a VPDN that uses remote AAA, when a user dials in, the access server that receives the call forwards information about the user to its remote AAA server. With basic VPDN, the access server only sends the user's domain name (when performing domain name-based authentication) or the telephone number the user dialed in from (when performing DNIS-based authentication).

The VPDN Per-User Configuration feature sends the entire structured username to the AAA server the first time the router contacts the AAA server. This enables the Cisco IOS software to customize tunnel attributes for individual users who use a common domain name or dialed number identification service (DNIS).

Previously, Cisco IOS sent only the domain name or DNIS to determine VPDN tunnel attribute information. Then, if no VPDN tunnel attributes were returned, Cisco IOS sent the entire username string. Because of this behavior, there was no way to define specific tunnel attributes for a particular user within a domain. It also limited the types of connections that were possible in a RADIUS proxy VPDN roaming environment. All VPDN users were forwarded to the tunnel endpoint, even if they just needed generic Internet access.

X.25 Remote Failure Detection

Static routes are used over a packet-switched data network in order to reduce volume-based costs of the network. Until now, if two routers were connected through multiple X.25 links (a primary and a secondary), a router could not detect failure of the primary link. If a failure occurred, the data was not transferred to the second link because X.25 was unable to determine whether remote links were up or down. Therefore X.25 could not use an alternate connection to a destination.

The X.25 Remote Failure Detection feature is important for X.25 users because after a primary link failure the router can establish a secondary link and continue sending data. This feature is a way for the router to detect a call failure and to use a secondary route to send subsequent packets to the remote destination; at the same time, it makes periodic attempts to reconnect to its primary link.

New Software Features in Cisco IOS Release 12.0(4)T

The following new software features are supported by the Cisco 2600 series for Release 12.0(4)T.

Dynamic Multiple Encapsulations for Dial-in over ISDN

The Dynamic Multiple Encapsulations feature has the following capabilities:

Voice over Frame Relay Using FRF.11 and FRF.12

The Voice over Frame Relay (VoFR) capabilities that were introduced on the Cisco MC3810 multiservice access concentrator beginning with Cisco IOS Release 11.3 are now extended to the Cisco 2600 series, 3600 Series, and 7200 series router platforms. The following additional functionality is supported in Release 12.0(4)T:

When VoFR is implemented on a Cisco router, the router is able to carry voice traffic, such as telephone calls and faxes, over a Frame Relay network.

This feature also adds support for full FRF.11 and FRF.12 compliance to the Cisco MC3810 and is backward-compatible with earlier versions of the Cisco MC3810, which used a fragmentation format based on an early draft version of FRF.12.

Note By using this feature, the Cisco 7200 series routers can only serve as tandem routers in the Frame Relay environment and cannot originate or terminate calls.

New Software Features in Cisco IOS Release 12.0(3)T

The following new software features are supported by the Cisco 2600 series for Release 12.0(3)T.

Annex G (X.25 over Frame Relay)

Annex G (X.25 over Frame Relay) facilitates the migration from an X.25 backbone to a Frame Relay backbone by permitting encapsulation of CCITT X.25/X.75 traffic within a Frame Relay connection. Annex G has developed to accommodate the many Cisco customers in Europe, where X.25 still is a popular protocol. With Annex G, the process of transporting X.25 over Frame Relay has been simplified, by allowing direct X.25 encapsulation over a Frame Relay network.

This simple process is largely achieved using X.25 profiles (similar to dialer profiles), which were created to streamline the configuration of X.25 on a per DLCI basis. X.25 profiles can contain any existing X.25 command and, once created and named, can be simultaneously associated with more than one Annex G DLCI connection, just using the profile name.

CDP Additions for Cisco IOS

The Cisco Discovery Protocol (CDP) is a media-independent device discovery protocol that runs on all Cisco-manufactured equipment, including routers, bridges, access servers, and switches. Each device sends periodic messages to a multicast address. Each device listens to the periodic messages sent by others in order to learn about neighboring devices and determine when their interfaces to the media go up or down. With CDP, network management applications can learn the device type and the SNMP agent address of neighboring devices. This process enables applications to send SNMP queries to neighboring devices.

CDP runs on all media that support Subnetwork Access Protocol (SNAP), including local-area network (LAN), Frame Relay, and Asynchronous Transfer Mode (ATM) media. CDP runs over the data link layer only. Therefore, two systems that support different network-layer protocols can learn about each other.

Each device configured for CDP sends periodic messages to a multicast address. Each device advertises at least one address at which it can receive SNMP messages. The advertisements also contain time-to-live, or holdtime, information, which indicates the time a receiving device should hold CDP information before discarding it.

Additions for Cisco Discovery Protocol (CDP) include the following:

The benefits include, transparent support of X.25 encapsulation over the Frame Relay network; direct X.25 configurations on a per DLCI basis; multiple Annex G DLCIs can use the same X.25 profile; multiple logical X.25 SVCs per Annex G link, and the fact that Cisco routers already contain the functionality necessary to perform the framing and frame removal required by Annex G.

DLSw+ Enhanced Load Balancing

In a network with multiple capable paths, the Data Link Switch Plus (DLSw+) Load Balancing Enhancements feature improves traffic load balancing between peers by distributing new circuits based on existing loads and the desired ratio.

For each capable peer (peers that have the lowest or equal cost specified), the DLSw+ Load Balancing feature calculates the difference between the desired and the actual ratio of circuits being used on a peer. It detects the path that is underloaded in comparison to the other capable peers and assigns new circuits to that path until the desired ratio is achieved.

DLSw+ Peer Clusters

The DLSw+ Peer Clusters feature reduces the explorer packet replication that typically occurs in a large DLSw+ Peer Group design, where there are multiple routers connected to the same LAN.

The DLSw+ Peer Clusters feature associates DLSw+ peers (that are connected to the same LAN) into logical groups. Once the multiple peers are defined in the same peer group cluster, the DLSw+ Border Peer recognizes that it does not have to forward explorers to more than one member within the same peer group cluster.

DLSw+ RSVP Bandwidth Reservation

The DLSw+ Resource Reservation Protocol (RSVP) feature allows DLSw+ to reserve network bandwidth for the DLSw+ Transmission Control Protocol (TCP) connection between DLSw+ peers.

Although it has been possible in the past to reserve bandwidth for a particular existing DLSw+ peer connection through the RSVP Command-Line Interface (CLI) support in Cisco IOS software, the CLI required prior knowledge of the TCP ports for which the reservation was being made. Because DLSw+ uses one well-known port and one randomly assigned port, the reservation could not be made until after the peer connection was active.

The DLSw+ RSVP feature permits new DLSw+ peer connections to automatically request bandwidth reservations upon connection, thereby removing the need for user intervention after the peer is connected. This feature assures the reservation will survive a network or device failure and that the DLSw+ traffic carried over a TCP connection is not affected by congestion.

Fast Ethernet (10/100 Mbps) Network Ports

The new Cisco 2620 and 2621 routers include built-in 10/100 Mbps ports on the main board. The Cisco 2620 provides one 10/100 Mbps port, and the Cisco 2621 provides two 10/100 Mbps ports. When used with a Cisco IOS "Plus" feature set, the 10/100 Mbps ports include virtual LAN (VLAN) support and the Inter-Switch Link (ISL), Token Ring Inter-Switch Link (TR-ISL) encapsulation feature as part of the VLAN sub-system.

The autosensing feature automatically senses and selects the correct port speed for the network. You can override this feature by using the speed [10|100] command using the full-duplex command allows you to force the interface to full duplex; the default is to negotiate the duplex mode.

Flow-Based WRED

This feature provides a mechanism to penalize the flows that do not respond to Weighted Random Early Detection (WRED) drops. This feature is provided as an extension to the existing WRED functionality and can be turned on after WRED is turned on.

Flow-WRED ensures that no single flow can hog all the buffer resources at the output interface queue. With WRED alone, this can occur in the presence of traffic sources that do not back off during congestion. Flow-WRED maintains minimal information about the buffer occupancy per flow. Whenever a flow exceeds its share of the output interface buffer resource the packets of the flow are penalized by increasing the probability of their drop (by WRED).

NetFlow Policy Routing

IP policy routing now works with Cisco Express Forwarding (CEF), Distributed CEF (DCEF), NetFlow, and NetFlow with flow acceleration. IP policy routing was formerly supported only in fast-switching and process-switching. Now that policy routing is integrated into CEF, policy routing can be deployed on a wide scale and on high-speed interfaces.

Process MIB

The addition of the CISCO-PROCESS-MIB and changes to the CISCO-MEMORY-POOL-MIB allow the retrieval of additional CPU and memory statistics for Simple Network Management Protocol (SNMP) reporting and analysis. The CISCO-PROCESS-MIB provides CPU 5-second, 1-minute, and 5-minute statistics. In addition, this Management Information Base (MIB) provides CPU utilization and memory allocation/deallocation statistics for each process on each CPU listed in the CISCO-PROCESS-MIB.

The CISCO-PROCESS-MIB is enabled when the first SNMP command is configured. The background statistics collection for Versatile Interface Processor (VIP) cards and the master CPU occurs even if the SNMP subsystem is not initialized.

Response Time Reporter Enhancements

The Response Time Reporter (RTR) feature allows you to monitor network performance, network resources, and applications by measuring response times and availability. RTR statistics can be used to perform troubleshooting, problem notifications, and pre-problem analysis. The RTR enhancements extend IP support, such as Type of Service, and allow you to measure various types of IP traffic, such as User Datagram Protocol (UDP), TCP, and Hypertext Transfer Protocol (HTTP).

Web Cache Communications Protocol Version 2 (WCCPv2)

The Web Cache Communications Protocol enables Cisco IOS routing platforms to transparently redirect content requests (for example, web requests) from clients to a locally connected Cisco Cache Engine (or Cache Cluster) instead of the intended origin server. When a Cache Engine receives such a request, it attempts to service it from its own local cache if the requested information is present. If not, the Cache Engine issues its own request to the originally requested origin server to get the required information. When the Cache Engine retrieves the requested information, it forwards it to the requesting client and caches it to fulfill future requests, thus maximizing download performance and significantly reducing WAN transmission costs.

WCCPv2 provides enhancements to WCCPv1, including:

New Software Feature in Cisco IOS Release 12.0(2)T

The following new software feature is supported by the Cisco 2600 series for Release 12.0(2)T.

Triple DES Encryption

IPSec supports the Triple Data Encryption Standard (3DES) encryption algorithm (168-bit) in addition to 56-bit encryption. Triple DES is a strong form of encryption that allows sensitive information to be transmitted over untrusted networks. It enables customers, particularly in the finance industry, to utilize network layer encryption.

New Hardware Feature in Cisco IOS Release 12.0(1)T

The following new hardware is supported by the Cisco 2600 series for Release 12.0(1)T.

Data Compression Advanced Interface Module (AIM)

The Data Compression Advanced Interface Module (AIM) provides hardware-based compression and decompression of packet data transmitted and received on the serial network interfaces of Cisco 2600 series routers without occupying the Port Module Slot that can otherwise be used for additional customer network ports. Supported are the industry standard Limpel Zif Stac (LZS) and Microsoft Point-to-Point Compression (MPPC) compression algorithms. The Data Compression AIM requires Cisco IOS Release 12.0(1) T or later 12.0 T releases.

New Software Features in Cisco IOS Release 12.0(1)T

The following new software features are supported by the Cisco 2600 series for Release 12.0(1)T.

Cisco IOS Firewall Feature Set Platform Support

The Cisco IOS Firewall feature set extends the security technology currently available in Cisco IOS software to provide firewall specific capabilities:

The Cisco IOS Firewall feature set adds advanced filtering capabilities to existing security functionality in Cisco routers. Some existing Cisco IOS security features include packet filtering by using access control lists (ACLs), Network Address Translation (NAT), network-layer encryption, and TACACS+ authentication.

Cisco IOS IEEE 802.1Q Support

Cisco IOS IEEE 802.1Q provides support for IEEE 802.1Q encapsulation for Virtual LANs (VLANs). Use this feature for VLANs consisting of IEEE 802.1Q compliant switches.

Cisco IOS STP Enhancements

Cisco IOS Spanning Tree Protocol enhancements broaden the original Cisco IOS STP implementation with increased port identification capability, improved path cost determination, and support for a new VLAN bridge spanning-tree protocol.

CLI String Search

The command line interface (CLI) String Search feature allows you to search or filter any show or more command's output. This is useful when you need to sort though large amounts of output, or if you want to exclude output that you do not need to see. CLI String Search also allows for searching and filtering at --more-- paging prompts.

With the search function, you can begin unfiltered output at the first line that contains a regular expression you specify. You can specify a maximum of one filter per command to either include or exclude output lines that contain the specified regular expression.

A regular expression is any word, phrase, number, or other component that appears in show or more command output.

Easy IP Phase 2-DHCP Server

With the introduction of Easy IP Phase 2, Cisco IOS software also supports Intelligent DHCP Relay functionality. A DHCP Relay Agent is any host that forwards DHCP packets between clients and servers. A DHCP Relay Agent enables the client and server to reside on separate subnets. If the Cisco IOS DHCP server cannot satisfy a DHCP request from its own database, it can forward the DHCP request to one or more secondary DHCP servers defined by the network administrator using standard Cisco IOS ip helper-address functionality.

ISDN MIB RFC 2127

The new Integrated Services Digital Network (ISDN) Management Information Base (MIB) RFC2127 has been designed to provide useful information in accordance with the IETF's new standard for the management of ISDN interfaces. RFC2127 provides information on the physical Basic Rate interfaces, control and statistical information for B (bearer) and D (signaling) channels, terminal endpoints, and directory numbers.

The ISDN MIB RFC 2127 controls all aspects of ISDN interfaces. It consists of five groups:

The ISDN MIB RFC2127 enables you to use any commercial SNMP network management application to support ISDN call processing in Cisco IOS software. You can integrate management of dial access products using ISDN with your existing network management systems.

Layer Two Tunneling Protocol (L2TP)

Layer Two Tunneling Protocol (L2TP) is an emerging Internet Engineering Task Force (IETF) standard that combines the best features of two existing tunneling protocols: Cisco's Layer Two Forwarding (L2F) and Microsoft's Point-to-Point Tunneling Protocol (PPTP). L2TP is an extension to the Point-to-Point Protocol (PPP), which is an important component for Access Virtual Private Networks (VPNs). Access VPNs allow mobile users to connect to their corporate intranets or extranets, thus improving flexibility and reducing costs.

Traditional dial-up networking services only supported registered IP address, which limited the types of applications that could be implemented over Virtual Private Networks (VPNs). L2TP supports multiple protocols and unregistered and privately administered IP addresses over the Internet. This allows the existing access infrastructure, such as the Internet, modems, access servers, and ISDN terminal adaptors (TAs), to be used.

L2TP can be initiated wherever PPTP or L2F is currently deployed and can be operated as a client initiated tunnel, such as PPTP, or a network access server (NAS) initiated tunnel, such as L2F.

Mobile IP

Mobile IP provides users the freedom to roam beyond their home subnet while consistently maintaining their home IP address. This enables transparent routing of IP datagrams to mobile users during their movement, so that data sessions can be initiated to them while they roam; it also enables sessions to be maintained in spite of physical movement between points of attachment to the Internet or other networks. Cisco's implementation of Mobile IP is fully compliant with the Internet Engineering Task Force's (IETF's) proposed standard defined in Request for Comments (RFC)  2002.

OSPF Packet Pacing

The former OSPF implementation for sending update packets needed to be more efficient. Some update packets were getting lost in cases where the link was slow, a neighbor could not receive the updates fast enough, or the router was out of buffer space. For example, packets might be dropped if either of these topologies existed:

PPP Over Frame Relay

The PPP over Frame Relay feature allows a router to establish end-to-end Point-to-Point Protocol (PPP) sessions over Frame Relay. IP datagrams are transported over the PPP link using RFC 1973 compliant Frame Relay framing. This feature is useful for remote users running PPP to access their Frame Relay corporate networks.

PPP over Frame Relay provides the following benefits:

R2 Signaling

R2 signaling is an international signaling standard that is common to channelized E1 networks. However, there is no single signaling standard for R2. The ITU-T Q.400-Q.490 recommendation defines R2, but a number of countries and geographic regions implement R2 in entirely different ways. Cisco Systems addresses this challenge by supporting many localized implementations of R2 signaling in its Cisco IOS software.

RIP Enhancements

Triggered extensions to IP RIP increase efficiency of RIP on point-to-point, serial interfaces. Routers are used on connection-oriented networks to allow potential connectivity to many remote destinations. Circuits on the WAN are established on demand and are relinquished when the traffic subsides. Depending on the application, the connection between any two sites for user data could be short and relatively infrequent.

There were two problems with using RIP to connect to a WAN:

To overcome these limitations, triggered extensions to RIP cause RIP to send information on the WAN only when there has been an update to the routing database. Periodic update packets are suppressed over the interface on which this feature is enabled.

Time-Based Access Lists

Time-Based Access Lists allow you to implement access lists based on the time of day. To do so, you create a time range that defines specific times of the day and week. The time range is identified by a name, and then referenced by a function, so that those time restrictions are imposed on the function itself.

Currently, IP and IPX extended access lists are the only functions that can use time ranges, which allow the network administrator to define when the permit or deny statements in the access list are in effect. Prior to this feature, access list statements were always in effect once they were applied. Both named or numbered access lists can reference a time range.

X.25 Over ISDN D-Channel

Basic Rate Interface (BRI) is an Integrated Systems Digital Network (ISDN) interface, consisting of two B channels (B1 and B2) and one D channel. The B channels are used to transfer data, voice, and video. The D channel controls the B channels.

ISDN uses the D channel to carry signal information, and can also use the D channel in a BRI to carry X.25 packets. The D channel has a capacity of 16 kbps, and the X.25 over D channel can use up to 9.6 kbps.

You can set the parameters of the X.25-over-D-channel interface without disrupting the original ISDN interface configuration. In a normal ISDN BRI interface, the D and B channels are bundled together and represented as a single interface. The original BRI interface continues to represent the D, B1, and B2 channels.

Because some end-user equipment uses static terminal endpoint identifiers (TEIs) to access this feature, static TEIs are supported. The dialer recognizes the X.25-over-D-channel calls and initiates them on a new interface.

X.25 traffic over the D channel can be used as a primary interface where low-volume, sporadic interactive traffic is the normal mode of operation. Supported traffic includes IPX, AppleTalk, transparent bridging, XNS, DECnet, and IP.

OSPF update packets are now automatically paced by a delay of 33 milliseconds. Pacing is also added between retransmissions to increase efficiency and minimize lost retransmissions.

OSPF update and retransmission packets are sent more efficiently. Also, you can display the LSAs waiting to be sent out an interface.

Important Notes

This section contains important information about use of your Cisco IOS Release 12.0 T software.

The last maintenance release of the 12.0T release train is 12.0(7)T. The migration path for customers needing bug fixes for the 12.0 T features is 12.1 Mainline. 12.1 Mainline has the complete feature content of 12.0T and this release will eventually reach General Deployment (GD).

The last maintenance release was renamed from 12.0(6)T to 12.0(7)T to reflect that 12.0(7)T has all the bug fixes of 12.0(7) mainline. 12.0T is a superset of 12.0 mainline, hence any defect fixed in 12.0 mainline is also fixed in 12.0 T. The set of features for 12.0(6)T is the same as that of 12.0(7)T. There was no change in the feature content of the release. The release was renamed so that the releases would be consistent with Cisco's release process.

Cisco IOS Syslog Failure

Certain versions of Cisco IOS software may fail or hang when they receive invalid UDP packets sent to their syslog ports (port 514). At least one commonly-used Internet scanning tool generates packets, which can cause such problems. This fact has been published on public Internet mailing lists, which are widely read both by security professionals and by security crackers. This information should be considered in the public domain.

Attackers can cause Cisco IOS devices to repeatedly fail and reload, resulting in a completely disabled Cisco IOS device that needs to be reconfigured by its administrator. Some Cisco IOS devices have been observed to hang instead of failing when attacked. These devices do not recover until they are manually restarted by reset or power cycling. An administrator must personally visit an attacked, hung device to restart it, even if the attacker is no longer actively sending any traffic. Some devices have failed without providing stack traces; some devices may indicate that they were "restarted by power-on," even when that is not the case.

Assume that any potential attacker is likely to know about this problem and the ways to exploit it. An attacker can use tools available to the public on the Internet and does not need to write any software to exploit the problem. Minimal skills and no special equipment is required.

Despite Cisco specifically inviting such reports, Cisco has received no actual reports of malicious exploitation of this problem.

This problem was posted on Cisco's World Wide Web site:

http://www.cisco.com/warp/public/770/iossyslog-pub.shtml

This information was also sent to the following e-mail and Usenet news recipients:

Affected Devices and Software Versions

Vulnerable devices and software versions are specified in Table 6. Affected versions include 11.3AA, 11.3DB, and all 12.0 versions (including 12.0 mainline, 12.0S, 12.0T, and any other regular releases whose number starts with 12.0), up to the repaired releases listed in Table 6. Cisco is correcting the problem in certain special releases and will correct it in future maintenance and interim releases. See "Software Versions and Fixes,", for details. Cisco intends to provide fixes for all affected Cisco IOS variants.

No particular configuration is needed to make a Cisco IOS device vulnerable. It is possible to filter out attack traffic by using access lists. See "Workarounds,", for techniques. However, except at Internet firewalls, the appropriate filters are not common in customer configurations. Carefully evaluate your configuration before assuming that any filtering protects you against this attack.

The most commonly used or asked-about products are listed below. If you are unsure whether your device is running classic Cisco IOS software, log in to the device and issue the show version command. Cisco IOS software identifies itself simply as "IOS" or "Internetwork Operating System Software." Other Cisco devices do not have the show version command, or they identify themselves differently in their output. The most common Cisco devices that run Cisco IOS software include the following equipment:

Affected software versions, which are relatively new, are not necessarily available on every device listed above. If you are not running Cisco IOS software, you are not affected by this problem.

The following Cisco devices are not affected:

This problem has been assigned Cisco caveat ID CSCdk77426.

Solution

Cisco offers free software updates to correct this problem for all affected customers---regardless of their contract status. However, because this vulnerability information has been disseminated by third parties, Cisco has released this notice before updates are available for all software versions. Table 6 gives Cisco's projected fix dates.

Make sure your hardware has adequate RAM to support the new software before installing it. The amount of RAM is seldom a problem when upgrading within a major release (say, from 11.2(11)P to 11.2(17)P), but it is often a factor when you upgrade between major releases (say, from 11.2 P to 11.3 T).

Because fixes will be available for all affected releases, this problem will rarely, if ever, require an upgrade to a new major release. Cisco recommends very careful planning for any upgrade between major releases. Make certain no known bugs will prevent the new software from working properly in your environment.

Further upgrade planning assistance is available on Cisco's World Wide Web site at:

http://www.cisco.com

If you have a service contract, you can obtain new software through your regular update channels (generally through Cisco's Worldwide Web site). You can upgrade to any software release, but you must remain within the boundaries of the feature sets you have purchased.

If you do not have a service contract, you can upgrade to obtain only the bug fixes; Cisco is not offering upgrades to versions newer than the versions required to resolve the defects. In general, you will be restricted to upgrading to a version represented within a single row of Table 6. However, Cisco will make an exception to this policy when no upgrade within the same row is available in a timely manner. Obtain updates by contacting one of the following Cisco Technical Assistance Centers (TACs):

Give the URL of this notice (http://www.cisco.com/warp/public/770/iossyslog-pub.shtml) as evidence for a free update. Non-contract customers must request free updates through the TAC. Please do not contact either "psirt@cisco.com" or "security-alert@cisco.com" for software updates.

Workarounds

You can work around this problem by preventing any affected Cisco IOS device from receiving or processing UDP datagrams addressed to its port 514. This can be done either using packet filtering on surrounding devices, or by using input access list filtering on the affected Cisco IOS device itself.

If you use an input access list, apply that list to all interfaces to which attackers may be able to send datagrams. Interfaces include---not only physical LAN and WAN interfaces---but virtual subinterfaces of those physical interfaces, as well as virtual interfaces and interface templates corresponding to GRE, L2TP, L2F, and other tunneling protocols.

The input access list must block traffic destined for UDP port 514 at any of the Cisco IOS device's own IP addresses, as well as at any broadcast or multicast addresses on which the Cisco IOS device may be listening. Be sure to block both old-style "all-zeros" broadcasts and new-style "all-ones" broadcasts. It is not necessary to block traffic being forwarded to other hosts; only traffic actually addressed to the Cisco IOS device is of interest.

No single input access list works in all configurations. Know the effect of your access list in your specific configuration before activating it.

The following example shows a possible access list for a three-interface router, along with the configuration commands needed to apply the list. The example assumes input filtering is not needed, other than as a workaround for this problem:

! Deny all multicasts, and all unspecified-net broadcasts, to port 514
access-list 101 deny udp any 224.0.0.0 31.255.255.255 eq 514
! Deny old-style unspecified-net broadcasts
access-list 101 deny udp any host 0.0.0.0 eq 514
! Deny network-specific broadcasts. This example assumes that all of
! the local interfaces are on the class B network 172.16.0.0, subnetted
! everywhere with mask 255.255.255.0. This will differ from network
! to network. Note that we block both new-style and old-style broadcasts.
access-list 101 deny udp any 172.16.0.255 0.0.255.0 eq 514
access-list 101 deny udp any 172.16.0.0   0.0.255.0 eq 514
! Deny packets sent to the addresses of our own network interfaces.
access-list 101 deny udp any host 172.16.1.1 eq 514
access-list 101 deny udp any host 172.16.2.1 eq 514
access-list 101 deny udp any host 172.16.3.3 eq 514
! Permit all other traffic (default would be to deny)
access-list 101 permit ip any any
 
! Apply the access list to the input side of each interface
interface ethernet 0
ip address 172.16.1.1 255.255.255.0
ip access-group 101 in
 
interface ethernet 2
ip address 172.16.2.1 255.255.255.0
ip access-group 101 in
 
interface ethernet 3
ip address 172.16.3.3 255.255.255.0
ip access-group 101 in

Listing all possible addresses---especially all possible broadcast addresses---to which attack packets can be sent is complicated. If you do not need to forward any legitimate syslog traffic received on an interface, you can block all syslog traffic arriving on that interface. Remember that blocking will affect traffic routed through the Cisco IOS device as well as traffic destined to the device; if the IOS device is expected to forward syslog packets, you will have to do the detailed filtering. Because input access lists impact system performance, install them with caution---especially on systems running very near their capacity.

Software Versions and Fixes

Many Cisco software images have been or will be specially reissued to correct this problem. For example, Release 12.0(2) is vulnerable, as are interim Releases 12.0(2.1) through 12.0(2.3). The first fixed interim version of Release 12.0 mainline software is Release 12.0(2.4). However, a special Release 12.0(2a), contains only the fix for this problem and does not include any other bug fixes from later 12.0 interim releases.

If you are running Release 12.0(2) and want to fix this problem without risking possible instability presented by installing the Release 12.0(2.4) interim release, you can upgrade to Release 12.0(2a). Release 12.0(2a) is a "code branch" from the 12.0(2) base, which will merge back into the 12.0 mainline at Release 12.0(2.4).

Special releases, like Release 12.0(2a), are one-time, spot fixes, and they will not be maintained. Thus, the upgrade path from Release 12.0(2a) is to 12.0(3).

Table 6 specifies information about affected and repaired software versions.

Note All dates within this table are subject to change.


Table 6: Affected and Repaired Software Versions
Cisco IOS Major Release Description Special Fix1 First Fixed Interim Release2 Fixed Maintenance Release3
 Unaffected Releases

11.2 and earlier---all variants

Unaffected early releases (no syslog servers)

Unaffected

Unaffected

Unaffected

11.3, 11.3T, 11.3DA, 11.3MA, 11.3NA, 11.3WA, 11.3(2)XA

11.3 releases without syslog servers

Unaffected

Unaffected

Unaffected

Releases based on 11.3

11.3AA

11.3 early deployment for Cisco AS58xx

11.3(7)AA2, 8-JAN-19994

11.3(7.2)AA

11.3(8)AA, 15-FEB-1999

11.3DB

11.3 for Cisco NRP routing blade in Cisco 6400 xDSL DSLAM

 

 

11.3(7)DB2, 18-JAN-1999

 Releases based on 12.0

12.0

12.0 Mainline

12.0(2a), 8-JAN-1999

12.0(2.4)

12.0(3), 1-FEB-1999

12.0T

12.0 new technology early deployment

12.0(2a)T1, 11-JAN-1999

12.0(2.4)T

12.0(3)T, 15-FEB-1999

12.0S

ISP support; Cisco 7200, RSP, GSR

 

12.0(2.3)S, 27-DEC-1998

12.0(2)S5, 18-JAN-1999

12.0DB

12.0 for Cisco 6400 universal access concentrator node switch processor (lab use)

 

 

12.0(2)DB, 18-JAN-1999

12.0(1)W

12.0 for Catalyst 8500 and LS1010

12.0(1)W5(5a) and 12.0(1a)W5(5b) (LS1010 platform only)

12.0(1)W5(5.15)

12.0(1)W5(6) (platform support for Catalyst 8540M will be in 12.0(1)W5(7))

12.0(0.6)W5

One-time early deployment for CH-OC12 module in Catalyst 8500 series switches.

Unaffected; one-time release

Unaffected

Unaffected; general upgrade path is via 12.0(1)W5 releases

12.0(1)XA3

Short-life release; merged to 12/0T at 12.0(2)T

Obsolete

Merged

Upgrade to 12.0(2a)T1 and/or to 12.0(3)T

12.0(1)XB

Short-life release for Cisco 800 series; merged to 12.0T and 12.0 (3)T

12.0(1)XB1

Merged

Upgrade to 12.0(3)T

12.0(2)XC

Short-life release for new features in Cisco 2600, Cisco 3600, ubr7200, ubr900 series; merged to 12.0T at 12.0(3)T.

12.0(2)XC1, 7-JAN-1999

Merged

Upgrade to 12.0(3)T

12.0(2)XD

Short-life release for ISDN voice features; merged to 12.0T at 12.0(3)T.

12.0(2)XD1, 18-JAN-1999

Merged

Upgrade to 12.0(3)T

12.0(1)XE

Short-life release

12.0(2)XE, 18-JAN-1999

Merged

Upgrade to 12.0(3)T

1A special fix is a one-time release that provides the most stable immediate upgrade path.
2Interim releases are tested less rigorously than regular, maintenance releases; interim releases may contain serious bugs.
3Fixed maintenance releases are on a long-term upgrade path. Other long-term upgrade paths also exist.
4All dates in this table are estimates and are subject to change.
5This entry is not a misprint. Release 12.0(2.3)S is available before Release 12.0(2)S in which the problem is fixed.

Deprecated MIBs

Older Cisco Management Information Bases (MIBs) will be replaced in a future release. OLD-CISCO-* MIBS are currently migrated into more scalable MIBs---without affecting existing Cisco IOS products or NMS applications. You can update from deprecated MIBs to the replacement MIBs as shown in Table 7.


Table 7: Deprecated MIBS
Deprecated MIB Replacement

OLD-CISCO-APPLETALK-MIB

RFC1243-MIB

OLD-CISCO-CHASSIS-MIB

ENTITY-MIB

OLD-CISCO-CPUK-MIB

In Development

OLD-CISCO-DECNET-MIB

 

OLD-CISCO-ENV-MIB

CISCO-ENVMON-MIB

OLD-CISCO-FLASH-MIB

CISCO-FLASH-MIB

OLD-CISCO-INTERFACES-MIB

IF-MIB CISCO-QUEUE-MIB

OLD-CISCO-IP-MIB

 

OLD-CISCO-MEMORY-MIB

CISCO-MEMORY-POOL-MIB

OLD-CISCO-NOVELL-MIB

NOVELL-IPX-MIB

OLD-CISCO-SYS-MIB

(Compilation of other OLD* MIBS)

OLD-CISCO-SYSTEM-MIB

CISCO-CONFIG-COPY-MIB

OLD-CISCO-TCP-MIB

CISCO-TCP-MIB

OLD-CISCO-TS-MIB

 

OLD-CISCO-VINES-MIB

CISCO-VINES-MIB

OLD-CISCO-XNS-MIB

 

Caveats

Caveats describe unexpected behavior or defects in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.

For information on caveats in Cisco IOS Release 12.0(7)T, see Caveats for Cisco IOS Release  12.0 T  that accompanies these release notes. This document lists severity 1 and 2 caveats for Cisco IOS Release 12.0 T.

All caveats in Release 12.0 are also in Release 12.0 T.

For information on caveats in Cisco IOS Release 12.0, see Caveats for Cisco IOS Release 12.0, which lists severity 1 and 2 caveats, and is located on CCO and the Documentation CD-ROM.

Note If you have an account with CCO, you can use Bug Navigator II to find caveats of any severity for any release. Click on this path: Software Center: Cisco IOS Software: Cisco IOS Bug Toolkit: Cisco Bug Navigator II. You can also find Bug Navigator II at
http://www.cisco.com/support/bugtools

The following sections describe the documentation available for the Cisco 2600 series. These documents consist of hardware and software installation guides, Cisco IOS configuration and command references, system error messages, feature modules, and other documents.

Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online on CCO and the Documentation CD-ROM.

Use these release notes with these documents:

Release-Specific Documents

The following documents are specific to or support Cisco IOS Release 12.0(7)T and are located on CCO and the Documentation CD-ROM:

On CCO, beginning under the Service & Support heading:
Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Release Notes: Cross-Platform Release Notes for Cisco IOS Release 12.0
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Release Notes: Cross-Platform Release Notes for Cisco IOS Release 12.0
To reach these documents, refer to the Service & Support section at this path on CCO:
Technical Documents
On CCO, beginning under the Service & Support heading:
Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Caveats: Caveats for Cisco IOS Release 12.0 T
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS 12.0: Caveats: Caveats for Cisco IOS Release 12.0
Note If you have an account with CCO, you can use Bug Navigator II to find caveats of any severity for any release. Click on this path: Software Center: Cisco IOS Software: Cisco IOS Bug Toolkit: Cisco Bug Navigator II. You can also find Bug Navigator II at
http://www.cisco.com/support/bugtools

These documents are available for the Cisco MC3810 on CCO and the Documentation CD-ROM:

On CCO, beginning under the Service & Support heading:

Technical Documents: Documentation Home Page: Access Servers and Access Routers: Modular Access Routers: Cisco 2600 Series Routers

On the Documentation CD-ROM at:

Cisco Product Documentation: Access Servers and Access Routers: Modular Access Routers: Cisco 2600 Series Routers

Feature Modules

Feature modules describe new features supported by Cisco IOS Release 12.0 T, and are updates to the Cisco IOS documentation set. A feature module consists of a brief overview of the feature, benefits, configuration tasks, and a command reference. As updates, the feature modules are available online only. Feature module information is incorporated in the next printing of the Cisco IOS documentation set.

On CCO, beginning under the Service & Support heading:

Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: New Feature Documentation: New Features in Release 12.0T

On the Documentation CD-ROM at:

Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: New Feature Documentation: New Features in Release 12.0T

Cisco IOS Software Documentation Set

The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents which are shipped with your order in electronic form on the Documentation CD-ROM---unless you specifically ordered the printed versions.

Documentation Modules

Each module in the Cisco IOS documentation set consists of two books: a configuration guide and a corresponding command reference. Chapters in a configuration guide describe protocols, configuration tasks, Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference.

On CCO and the Documentation CD-ROM, two master hot-linked documents provide information for the Cisco IOS software documentation set.

On CCO, beginning under the Service & Support heading:

Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Configuration Guides and Command References: Cisco IOS Interface Configuration Guide or Cisco IOS Interface Command Reference

On the Documentation CD-ROM at:

Cisco IOS Software Configuration: Cisco IOS Release 12.0: Configuration Guides and Command References: Cisco IOS Interface Configuration Guide or Cisco IOS Interface Command Reference

Release 12.0 Documentation Set

Table 8 describes the contents of the Cisco IOS Release 12.0 software documentation set, which is available in electronic form and in printed form upon request.

Note You can find the most current Cisco IOS documentation on CCO and the Documentation CD-ROM. These electronic documents may contain updates and modifications made after the hard-copy documents were printed.

You can reach the Cisco IOS documentation set  on CCO, beginning under the Service & Support heading:

Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Configuration Guides and Command References

You can reach the Cisco IOS documentation set on the Documentation CD-ROM at:

Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Configuration Guides and Command References


Table 8: Cisco IOS Software Release 12.0 Documentation Set
Books Chapter Topics

  • Configuration Fundamentals Configuration Guide

  • Configuration Fundamentals Command Reference

Configuration Fundamentals Overview
Cisco IOS User Interfaces
File Management
System Management

  • Bridging and IBM Networking Configuration Guide

  • Bridging and IBM Networking Command Reference

Transparent Bridging
Source-Route Bridging
Token Ring Inter-Switch Link
Remote Source-Route Bridging
DLSw+
STUN and BSTUN
LLC2 and SDLC
IBM Network Media Translation
DSPU and SNA Service Point
SNA Frame Relay Access Support
APPN
Cisco Database Connection
NCIA Client/Server Topologies
Cisco Mainframe Channel Connection
Airline Product Set

  • Dial Solutions Configuration Guide

  • Dial Solutions Command Reference

X.25 over ISDN
Appletalk Remote Access
Asynchronous Callback, DDR, PPP, SLIP
Bandwidth Allocation Control Protocol
ISDN Basic Rate Service
ISDN Caller ID Callback
PPP Callback for DDR
Channelized E1 & T1
Dial Backup for Dialer Profiles
Dial Backup Using Dialer Watch
Dial Backup for Serial Lines
Peer-to-Peer DDR with Dialer Profiles
DialOut
Dial-In Terminal Services
Dial-on-Demand Routing (DDR)
Dial Backup
Dial-Out Modem Pooling
Large-Scale Dial Solutions
Cost-Control Solutions
Virtual Private Dialup Networks
Dial Business Solutions and Examples

  • Cisco IOS Interface Configuration Guide

  • Cisco IOS Interface Command Reference

Interface Configuration Overview
LAN Interfaces
Logical Interfaces
Serial Interfaces

  • Network Protocols Configuration Guide, Part 1

  • Network Protocols Command Reference, Part 1

IP Overview
IP Addressing and Services
IP Routing Protocols

  • Network Protocols Configuration Guide, Part 2

  • Network Protocols Command Reference, Part 2

AppleTalk
Novell IPX

  • Network Protocols Configuration Guide, Part 3

  • Network Protocols Command Reference, Part 3

Network Protocols Overview
Apollo Domain
Banyan VINES
DECnet
ISO CLNS
XNS

  • Security Configuration Guide

  • Security Command Reference

AAA Security Services
Security Server Protocols
Traffic Filtering and Firewalls
IP Security and Encryption
Passwords and Privileges
Neighbor Router Authentication
IP Security Options

  • Cisco IOS Switching Services Configuration Guide

  • Cisco IOS Switching Services Command Reference

Switching Services
Switching Paths for IP Networks
Virtual LAN (VLAN) Switching and Routing

  • Wide-Area Networking Configuration Guide

  • Wide-Area Networking Command Reference

Wide-Area Network Overview
ATM
Frame Relay
SMDS
X.25 and LAPB

  • Voice, Video, and Home Applications Configuration Guide

  • Voice, Video, and Home Applications Command Reference

Voice over IP
Voice over Frame Relay
Voice over ATM
Voice over HDLC
Frame Relay-ATM Internetworking
Synchronized Clocks
Video Support
Universal Broadband Features

  • Quality of Service Solutions Configuration Guide

  • Quality of Service Solutions Command Reference

Policy-Based Routing
QoS Policy Propagation via BGP
Committed Access Rate
Weighted Fair Queueing
Custom Queueing
Priority Queueing
Weighted Random
Early Detection
Scheduling
Signaling
RSVP
Packet Drop
Frame Relay Traffic Shaping
Link Fragmentation
RTP Header Compression

  • Cisco IOS Software Command Summary

  • Dial Solutions Quick Configuration Guide

  • System Error Messages

  • Debug Command Reference

 

Note Cisco Management Information Base (MIB) User Quick Reference is no longer published. For the latest list of MIBs supported by Cisco, see Cisco Network Management Toolkit on Cisco Connection Online. From CCO, click on the following path: Service & Support: Software Center: Network Mgmt Products: Cisco Network management Toolkit: Cisco MIB.

Service and Support

For service and support for a product purchased from a reseller, contact the reseller, who offers a wide variety of Cisco service and support programs described in "Service and Support" of Cisco Information Packet shipped with your product.

Note If you purchased your product from a reseller, you can access CCO  as a guest. CCO is Cisco Systems' primary real-time support channel. Your reseller offers programs that include direct access to CCO services.

For service and support for a product purchased directly from Cisco, use CCO.

Software Configuration Tips on Cisco's Technical Assistance Center Home Page

If you have a CCO login account, you can access the following URL, which contains links and tips on configuring your Cisco products:

http://www.cisco.com/kobayashi/technotes/serv_tips.shtml

This URL is subject to change without notice. If it changes, point your Web browser to CCO  and click on this path: Products & Technologies: Products: Technical Tips.

The following sections are provided from the Technical Tips page:

Cisco Connection Online

Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.

Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.

CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.

You can reach CCO in the following ways:

For a copy of CCO's Frequently Asked Questions (FAQ), contact cco - help@cisco.com.  For additional information, contact cco - team@cisco.com.

Note If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com.  To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526-7208, or cs - rep@cisco.com.

Documentation CD-ROM

Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com,  or http://www-europe.cisco.com.

If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.




Note 

hometocprevnextglossaryfeedbacksearchhelp
Posted: Mon May 1 16:36:22 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.