|
|
December 13, 2000
These release notes for the Cisco 7000 family of routers support Cisco IOS Release 12.0 T, up to and including Release 12.0(7)T. These release notes are updated as needed to describe new features, memory requirements, hardware support, software platform deferrals, and changes to the microcode or modem code and related documents.
For a list of the software caveats that apply to Cisco IOS Release 12.0 T, see the Caveats for Cisco IOS Release 12.0 T document that accompanies these release notes. The caveats document is updated for every maintenance release and is located on Cisco Connection Online (CCO) and the Documentation CD-ROM.
Use these release notes with the Cross-Platform Release Notes for Cisco IOS Release 12.0 on Cisco Connection Online (CCO) and the Documentation CD-ROM. Because Release 12.0 T is based on Release 12.0, all features and caveats in Release 12.0 are also in Release 12.0 T.
These release notes describe the following topics:
This section describes the system requirements for Release 12.0 T and includes the following sections:
Table 1 describes the memory requirements for the feature sets for the Cisco 7000 family of routers for Cisco IOS Release 12.0 T.
Cisco 7200 series routers, Cisco 7500 series routers, and Cisco 7000 series routers with the RSP7000 and RSP7000CI are shipped with a 16- or 20-MB Flash memory card.
All feature sets for Cisco 7500 series and Cisco 7000 series routers with the RSP7000 and RSP7000CI include VIP support.
| Platforms | Feature Sets | Image Name | Software Image | Required Flash Memory | Required DRAM Memory | Runs From |
|---|---|---|---|---|---|---|
| Cisco 7200 Series | IP Standard Feature Set | IP | c7200-is-mz | 16 MB | 64 MB | RAM |
IP 40 | c7200-is40-mz | 16 MB | 64 MB | RAM | ||
IP IPSec 56 | c7200-is56i-mz | 16 MB | 64 MB | RAM | ||
IP IPSec 3DES | c7200-ik2s-mz | 16 MB | 64 MB | RAM | ||
IP Firewall Standard Feature Set | IP/FW/IDS | c7200-io3s-mz | 16 MB | 64 MB | RAM | |
IP/FW/IDS IPSec 56 | c7200-io3s56i-mz | 16 MB | 64 MB | RAM | ||
IP/FW/IDS IPSec 3DES | c7200-ik2o3s-mz | 16 MB | 64 MB | RAM | ||
Enterprise Standard Feature Set | Enterprise | c7200-js-mz | 16 MB | 64 MB | RAM | |
Enterprise 40 | c7200-js40-mz | 16 MB | 64 MB | RAM | ||
Enterprise IPSec 56 | c7200-js56i-mz | 16 MB | 64 MB | RAM | ||
Enterprise IPSec 3DES | c7200-jk2s-mz | 16 MB | 64 MB | RAM | ||
Enterprise Firewall Standard Feature Set | Enterprise/FW/IDS | c7200-jo3s-mz | 16 MB | 64 MB | RAM | |
Enterprise/FW/IDS IPSec 56 | c7200-jo3s56i-mz | 16 MB | 64 MB | RAM | ||
Enterprise/FW/IDS IPSec 3DES | c7200-jk2o3s-mz | 16 MB | 64 MB | RAM | ||
Enterprise/SNASW Feature Set | Enterprise/SNASW | c7200-a3js-mz | 16 MB | 64 MB | RAM | |
Enterprise/SNASW IPSec 56 | c7200-a3js56i-mz | 16 MB | 64 MB | RAM | ||
Enterprise/SNASW IPSec 3DES | c7200-a3jk2s-mz | 16 MB | 64 MB | RAM | ||
Desktop/IBM Standard Feature Set | Desktop/IBM | c7200-ds-mz | 16 MB | 64 MB | RAM | |
Desktop/IBM 40 | c7200-ds40-mz | 16 MB | 64 MB | RAM | ||
Desktop/IBM IPSec 56 | c7200-ds56i-mz | 16 MB | 64 MB | RAM | ||
Desktop/IBM Firewall Standard Feature Set | Desktop/IBM/FW/IDS | c7200-do3s-mz | 16 MB | 64 MB | RAM | |
Desktop/IBM/FW/IDS IPSec 56 | c7200-do3s56i-mz | 16 MB | 64 MB | RAM | ||
Desktop/IBM/FW/IDS IPSec 3DES | c7200-dk2o3s-mz | 16 MB | 64 MB | RAM | ||
Network Layer 3 Switching | Network Layer 3 Switching | c7200-inu-mz | 16 MB | 64 MB | RAM | |
| Cisco 7500 Series | IP Standard Feature Set | IP | rsp-isv-mz | 16 MB | 64 MB | RAM |
IP 40 | rsp-isv40-mz | 16 MB | 64 MB | RAM | ||
IP IPSec 56 | rsp-isv56i-mz | 16 MB | 64 MB | RAM | ||
IP IPSec 3DES | rsp-ik2sv-mz | 16 MB | 64 MB | RAM | ||
Enterprise Standard Feature Set | Enterprise | rsp-jsv-mz | 16 MB | 64 MB | RAM | |
Enterprise 40 | rsp-jsv40-mz | 16 MB | 64 MB | RAM | ||
Enterprise IPSec 56 | rsp-jsv56i-mz | 16 MB | 64 MB | RAM | ||
Enterprise IPSec 3DES | rsp-jk2sv-mz | 16 MB | 64 MB | RAM | ||
Enterprise/SNASW Feature Set | Enterprise/SNASW | rsp-a3jsv-mz | 16 MB | 64 MB | RAM | |
Enterprise/SNASW IPSec 56 | rsp-a3jsv56i-mz | 16 MB | 64 MB | RAM | ||
Enterprise/SNASW IPSec 3DES | rsp-a3jk2sv-mz | 16 MB | 64 MB | RAM | ||
Desktop/IBM Standard Feature Set | Desktop/IBM | rsp-dsv-mz | 16 MB | 64 MB | RAM | |
Desktop/IBM 40 | rsp-dsv40-mz | 16 MB | 64 MB | RAM | ||
Desktop/IBM IPSec 56 | rsp-dsv56i-mz | 16 MB | 64 MB | RAM | ||
| Cisco 7100 Series | Enterprise Standard Feature Set | Enterprise | c7100-js-mz | 16 MB | 64 MB | RAM |
Enterprise IPSec 56 | c7100-js56i-mz | 16 MB | 64 MB | RAM | ||
Enterprise IPSec 3DES | c7100-jk2s-mz | 16 MB | 64 MB | RAM | ||
Enterprise/FW Standard Feature Set | Enterprise/FW | c7100-jo3s-mz | 16 MB | 64 MB | RAM | |
Enterprise/FW IPSec 56 | c7100-jo3s56i-mz | 16 MB | 64 MB | RAM | ||
Enterprise/FW IPSec 3DES | c7100-jk2o3s-mz | 16 MB | 64 MB | RAM | ||
IP Standard Feature Set | IP | c7100-is-mz | 16 MB | 64 MB | RAM | |
IP IPSec 56 | c7100-is56i-mz | 16 MB | 64 MB | RAM | ||
IP IPSec 3DES | c7100-ik2s-mz | 16 MB | 64 MB | RAM | ||
IP/FW Standard Feature Set | IP/FW | c7100-io3s-mz | 16 MB | 64 MB | RAM | |
IP/FW IPSec 56 | c7100-io3s56i-mz | 16 MB | 64 MB | RAM | ||
IP/FW IPSec 3DES | c7100-ik2o3s-mz | 16 MB | 64 MB | RAM |
Cisco IOS Release 12.0 T supports the following platforms:
For detailed descriptions of the new hardware features, see the "New and Changed Information" section.
To determine the version of Cisco IOS software running on your Cisco 7000 family router, log in to the Cisco 7000 family router and enter the show version EXEC command:
router>show version Cisco Internetwork Operating System Software IOS (tm) 7200 Software (C7200-JS-M), Version 12.0(7)T, RELEASE SOFTWARE
For information on upgrading to a new software release, see the product bulletin Cisco IOS Software Release 12.0 T Upgrade Paths and Packaging Simplification (#819: 1/99) on CCO at:
Service & Support: Technical Documents: Product Bulletins: Software
Under Cisco IOS 12.0, click Cisco IOS Software Release 12.0 T Upgrade (#819: 1/99).
Microcode software images are bundled with the system software image—with the exception of the Channel Interface Processor (CIP) microcode (all system software images). Bundling eliminates the need to store separate microcode images. When the router starts, the system software unpacks the microcode software bundle and loads the proper software on all the interface processor boards. Table 2 lists the current microcode versions for the Cisco 7000 family of routers.
| Processor or Module | Current Bundled RSP Microcode Version | Minimum Version Required |
AIP (ATM Interface Processor) | 20.18 | 20.13 |
EIP (Ethernet Interface Processor) | 20.6 | 20.3 |
FEIP (Fast Ethernet Processor) | 20.8 | 20.7 |
FIP (FDDI Interface Processor) | 20.4 | 20.4 |
FSIP (Fast Serial Interface Processor) | 20.9 | 20.9 |
HIP (HSSI Interface Processor) | 20.2 | 20.2 |
MIP (MultiChannel Interface Processor) | 22.3 | 22.3 |
TRIP (Token Ring Interface Processor) | 20.2 | 20.2 |
VIP2/VIP2C (Versatile Interface Processor) | 22.20 | 22.20 |
The Cisco IOS software is packaged in feature sets consisting of software images—depending on the platform. Each feature set contains a specific set of Cisco IOS features.
Release 12.0 T supports the same feature sets as Cisco IOS Release 12.0, but Release 12.0 T can include new features supported by the Cisco 7000 family of routers.
| Feature Sets | Image Name | Software Image | Platforms |
|---|---|---|---|
IP Standard Feature Set | IP | c7200-is-mz rsp-isv-mz c7100-is-mz | Cisco 7200 series Cisco 7500 series Cisco 7100 series |
IP 40 | c7200-is40-mz rsp-isv40-mz | Cisco 7200 series Cisco 7500 series | |
IP IPSec 56 | c7200-is56i-mz rsp-isv56i-mz c7100-is56i-mz | Cisco 7200 series Cisco 7500 series Cisco 7100 series | |
IP IPSec 3DES | c7200-ik2s-mz rsp-ik2sv-mz c7100-ik2s-mz | Cisco 7200 series Cisco 7500 series Cisco 7100 series | |
IP Firewall Standard Feature Set | IP/FW/IDS | c7200-io3s-mz c7100-io3s-mz | Cisco 7200 series Cisco 7100 series |
IP/FW/IDS IPSec 56 | c7200-io3s56i-mz c7100-io3s56i-mz | Cisco 7200 series Cisco 7100 series | |
IP/FW/IDS IPSec 3DES | c7200-ik2o3s-mz c7100-ik2o3s-mz | Cisco 7200 series Cisco 7100 series | |
Enterprise Standard Feature Set | Enterprise | c7200-js-mz rsp-jsv-mz c7100-js-mz | Cisco 7200 series Cisco 7500 series Cisco 7100 series |
Enterprise 40 | c7200-js40-mz rsp-jsv40-mz | Cisco 7200 series Cisco 7500 series | |
Enterprise IPSec 56 | c7200-js56i-mz rsp-jsv56i-mz c7100-js56i-mz | Cisco 7200 series Cisco 7500 series Cisco 7100 series | |
Enterprise IPSec 3DES | c7200-jk2s-mz rsp-jk2sv-mz c7100-jk2s-mz | Cisco 7200 series Cisco 7500 series Cisco 7100 series | |
Enterprise Firewall Standard Feature Set | Enterprise/FW/IDS | c7200-jo3s-mz c7100-jo3s-mz | Cisco 7200 series Cisco 7100 series |
Enterprise/FW/IDS IPSec 56 | c7200-jo3s56i-mz c7100-jo3s56i-mz | Cisco 7200 series Cisco 7100 series | |
Enterprise/FW/IDS IPSec 3DES | c7200-jk2o3s-mz c7100-jk2o3s-mz | Cisco 7200 series Cisco 7100 series | |
Enterprise/SNASW Standard Feature Set | Enterprise/SNASW | c7200-a3js-mz rsp-a3jsv-mz | Cisco 7200 series Cisco 7500 series |
Enterprise/SNASW IPSec 56 | c7200-a3js56i-mz rsp-a3jsv56i-mz | Cisco 7200 series Cisco 7500 series | |
Enterprise/SNASW IPSec 3DES | c7200-a3jk2sv-mz rsp-a3jk2s-mz | Cisco 7200 series Cisco 7500 series | |
Desktop/IBM Standard Feature Set | Desktop/IBM | c7200-ds-mz rsp-dsv-mz | Cisco 7200 series Cisco 7500 series |
Desktop/IBM 40 | c7200-ds40-mz rsp-dsv40-mz | Cisco 7200 series Cisco 7500 series | |
Desktop/IBM IPSec 56 | c7200-ds56i-mz rsp-dsv56i-mz | Cisco 7200 series Cisco 7500 series | |
Desktop/IBM Firewall Standard Feature Set | Desktop/IBM/FW/ IDS | c7200-do3s-mz | Cisco 7200 series |
Desktop/IBM/FW/ IDS IPSec 56 | c7200-do3s56i-mz | Cisco 7200 series | |
Desktop/IBM/FW/ IDS IPSec 3DES | c7200-dk2o3s-mz | Cisco 7200 series | |
Network Layer 3 Switching | Network Layer 3 Switching | c7200-inu-mz | Cisco 7200 series |
Cisco IOS images with strong encryption (including, but not limited to 168-bit [3DES] data encryption feature sets) are subject to United States government export controls and have limited distribution. Strong encryption images to be installed outside the United States are likely to require an export license. Customer orders may be denied or subject to delay due to United States government regulations. When applicable, purchaser/user must obtain local import and use authorizations for all encryption strengths. Please contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com.
Table 4 through Table 8 list the features and feature sets supported by the Cisco 7000 family of routers in Cisco IOS Release 12.0 T and use the following conventions:
| Feature Set | |||||||
|---|---|---|---|---|---|---|---|
| Features | In1 | Desktop/ IBM | Desktop/ IBM 40 | Desktop/IBM IPSec 56 | Desktop/ IBM/FW/IDS | Desktop/ IBM/FW/IDS IPSec 56 | Desktop/ IBM/FW/IDS IPSec 3DES |
| Connectivity |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| IBM Support |
|
|
|
|
|
|
|
|
| No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| Internet |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| IP Routing |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| Management |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | Yes | No | Yes | Yes |
|
| No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| Protocols |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | No |
|
| No | No | No | No | No | No |
| Quality of Service |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| Scalability |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | No |
| Security |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | Yes | No | Yes | Yes |
|
| No | No | Yes | No | Yes | Yes |
|
| No | No | Yes | No | Yes | Yes |
|
| No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | Yes | Yes | Yes |
|
| No | No | No | Yes | Yes | Yes |
|
| No | No | No | Yes | Yes | Yes |
|
| No | No | No | No | No | Yes |
|
| No | No | No | No | No | No |
|
| No | No | No | No | No | No |
|
| No | No | No | No | No | No |
| Switching |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| WAN Services |
|
|
|
|
|
|
|
|
| No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| Voice and Multimedia |
|
|
|
|
|
| |
|
| Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| 1Indicates the maintenance release in which the feature was introduced. |
| Feature Set | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Features | In1 | Enter- prise | Enter- prise 40 | Enter- prise IPSec 56 | Enter- prise IPSec 3DES | Enter- prise/ FW/IDS | Enter- prise/ FW/IDS IPSec 56 | Enter- prise/ FW/IDS IPSec 3DES | Enter- prise/SNA SW | Enter-prise/SNASW IPSec 56 | Enter- prise/ SNA SW IPSec 3DES |
| Connectivity |
|
|
|
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| IBM Support |
|
|
|
|
|
|
|
|
|
|
|
|
| No | No | No | No | No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Internet |
|
|
|
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| IP Routing |
|
|
|
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Management |
|
|
|
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | No | No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Protocols |
|
|
|
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Quality of Service |
|
|
|
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Scalability |
|
|
|
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Security |
|
|
|
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | Yes | Yes | No | Yes | Yes | No | Yes | Yes |
|
| No | No | Yes | Yes | No | Yes | Yes | No | Yes | Yes |
|
| No | No | Yes | Yes | No | Yes | Yes | No | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | No | Yes | Yes | Yes | No | No | No |
|
| No | No | No | No | Yes | Yes | Yes | No | No | No |
|
| No | No | No | No | Yes | Yes | Yes | No | No | No |
|
| No | No | No | Yes | No | No | Yes | No | No | Yes |
|
| Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Switching |
|
|
|
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| WAN Services |
|
|
|
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Voice and Multimedia |
|
|
|
|
|
|
|
|
|
| |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| 1Indicates the maintenance release in which the feature was introduced. |
| Feature Set | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| Features | In1 | IP | IP 40 | IP IPSec 56 | IP IPSec 3DES | IP/FW/ IDS | IP/FW/IDS IPSec 56 | IP/FW/IDS IPSec 3DES | Network Layer 3 Switching |
| Connectivity |
|
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
|
| No | No | No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| IBM Support |
|
|
|
|
|
|
|
|
|
|
| No | No | No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Internet |
|
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| IP Routing |
|
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Management |
|
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
|
| No | No | No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | Yes | Yes | No | Yes | Yes | No |
|
| No | No | No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Protocols |
|
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
|
| No | No | No | No | No | No | No | No |
| Quality of Service |
|
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Scalability |
|
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Security |
|
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | Yes | Yes | No | Yes | Yes | No |
|
| No | No | Yes | Yes | No | Yes | Yes | No |
|
| No | No | Yes | Yes | No | Yes | Yes | No |
|
| No | No | No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | No | Yes | Yes | Yes | No |
|
| No | No | No | No | Yes | Yes | Yes | No |
|
| No | No | No | No | Yes | Yes | Yes | No |
|
| No | No | No | Yes | No | No | Yes | No |
|
| No | No | No | No | No | No | No | No |
|
| No | No | No | No | No | No | No | No |
|
| No | No | No | No | No | No | No | No |
| Switching |
|
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | No | No | No | No | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| WAN Services |
|
|
|
|
|
|
|
|
|
|
| No | No | No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Voice and Multimedia |
|
|
|
|
|
|
|
| |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| 1Indicates the maintenance release in which the feature was introduced. |
| Feature Set | ||||||||
|---|---|---|---|---|---|---|---|---|
| Feature | In1 | Enter- prise | Enter- prise 40 | Enter- prise IPSec 56 | Enter- prise IPSec 3DES | Enterprise SNASW | Enterprise SNASW IPSec 56 | Enterprise SNASW IPSec 3DES |
| Connectivity |
|
|
|
|
|
|
|
|
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| IBM Support |
|
|
|
|
|
|
|
|
|
| No | No | No | No | No | No | No |
|
| No | No | No | No | No | No | No |
|
| No | No | No | No | No | No | No |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Internet |
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| IP Routing |
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| LAN Support |
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Management |
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (4) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (7) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (7) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Multimedia |
|
|
|
|
|
|
|
|
|
| No | No | No | No | No | No | No |
| Protocols |
|
|
|
|
|
|
|
|
|
| No | No | No | No | No | No | No |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Quality of Service |
|
|
|
|
|
|
|
|
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Scalability |
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Security |
|
|
|
|
|
|
|
|
|
| No | No | No | No | No | No | No |
|
| No | No | No | No | No | No | No |
|
| No | No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | No | No | No | No |
|
| No | No | No | No | No | No | No |
|
| No | No | No | No | No | No | No |
|
| No | No | No | No | No | No | No |
| (3) | No | No | No | No | No | No | No |
| (3) | No | No | No | Yes | No | No | No |
| (5) | Yes | Yes | No | No | Yes | No | No |
| (5) | Yes | Yes | No | No | Yes | No | No |
| Switching |
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| WAN Optimization |
|
|
|
|
|
|
|
|
|
| No | No | No | No | No | No | No |
| WAN Services |
|
|
|
|
|
|
|
|
|
| No | No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | No | No | No | No |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | No | No | No | No |
|
| No | No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | Yes | No | No | Yes |
|
| No | No | No | No | No | No | No |
|
| No | No | No | No | No | No | No |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | No | No | No | No |
| (7) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| 1Indicates the maintenance release in which the feature was introduced. |
| Feature Set | ||||||||
|---|---|---|---|---|---|---|---|---|
| Feature | In1 | Desk-
top/ IBM | Desk-top/ IBM 40 | Desk-top/ IBM IPSec 56 | IP | IP 40 | IP IPSec 56 | IP IPSec 3DES |
| Connectivity |
|
|
|
|
|
|
|
|
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | No | No | No | No | No | No | No |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| IBM Support |
|
|
|
|
|
|
|
|
|
| Yes | No | No | No | No | No | No |
|
| No | No | No | No | No | No | No |
|
| Yes | No | No | No | No | No | No |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Internet |
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| IP Routing |
|
|
|
|
|
|
|
|
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| LAN Support |
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Management |
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (4) | No | No | Yes | Yes | Yes | No | No |
| (5) | No | No | No | No | No | No | No |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | No | No | No | No | No | No | No |
| (7) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (7) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Multimedia |
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | No | No | No | No |
| Protocols |
|
|
|
|
|
|
|
|
|
| Yes | No | No | No | No | No | No |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | No | No | No | No | No | No | No |
| Quality of Service |
|
|
|
|
|
|
|
|
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Scalability |
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Security |
|
|
|
|
|
|
|
|
|
| Yes | No | No | No | No | No | No |
|
| Yes | Yes | Yes | No | No | No | No |
|
| Yes | Yes | Yes | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | No | No | No | No | No | No |
|
| Yes | No | No | No | No | No | No |
|
| Yes | Yes | Yes | No | No | No | No |
|
| Yes | Yes | Yes | No | No | No | No |
| (3) | No | No | No | No | No | No | No |
| (3) | Yes | No | No | No | No | No | Yes |
| (5) | No | No | No | No | No | No | No |
| (5) | No | No | No | No | No | No | No |
| Switching |
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (3) | No | No | No | No | No | No | No |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (5) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| WAN Optimization |
|
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | No | No | No | No |
| WAN Services |
|
|
|
|
|
|
|
|
|
| Yes | No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | No | No | No | No |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | No | No | No | No |
|
| Yes | Yes | Yes | No | No | No | No |
|
| No | No | No | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | No | No | No | No |
|
| Yes | Yes | Yes | No | No | No | No |
|
| Yes | No | No | No | No | No | No |
| (1) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | No | No | No | No | No | No |
| (7) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| 1Indicates the maintenance release in which the feature was introduced. |
| Feature Set | |||||||
|---|---|---|---|---|---|---|---|
| Features | In1 | Enterprise | Enterprise IPSec 56 | Enter- prise IPSec 3DES | Enter- prise/ FW | Enter- prise/ FW IPSec 56 | Enterprise/FW IPSec 3DES |
| Connectivity |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| IBM Support |
|
|
|
|
|
|
|
|
| No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| Internet |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| IP Routing |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| LAN Support |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| Management |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| Quality of Service |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| Scalability |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| Security |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | Yes | Yes | No | Yes | Yes |
|
| No | Yes | Yes | No | Yes | Yes |
|
| No | Yes | Yes | No | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | Yes | Yes | Yes |
|
| No | No | Yes | No | Yes | Yes |
| Switching |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| WAN Services |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| Voice and Multimedia |
|
|
|
|
|
| |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| 1Indicates the maintenance release in which the feature was introduced. |
| Feature Set | |||||||
|---|---|---|---|---|---|---|---|
| Features | In1 | IP | IP IPSec 56 | IP IPSec 3DES | IP/FW | IP/FW IPSec 56 | IP/FW IPSec 3DES |
| Connectivity |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| IBM Support |
|
|
|
|
|
|
|
|
| No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| Internet |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| IP Routing |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| LAN Support |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| Management |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | Yes | Yes | No | Yes | Yes |
| Quality of Service |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| Scalability |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| Security |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | Yes | Yes | No | Yes | Yes |
|
| No | Yes | Yes | No | Yes | Yes |
|
| No | Yes | Yes | No | Yes | Yes |
|
| No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| No | No | No | Yes | Yes | Yes |
|
| No | No | Yes | No | No | No |
| Switching |
|
|
|
|
|
|
|
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| WAN Services |
|
|
|
|
|
|
|
|
| No | No | No | No | No | No |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| Voice and Multimedia |
|
|
|
|
|
| |
|
| Yes | Yes | Yes | Yes | Yes | Yes |
| 1Indicates the maintenance release in which the feature was introduced. |
The following section lists the new features supported by the Cisco 7000 family of routers for Cisco IOS Release 12.0 T.
The following new hardware features are supported by the Cisco 7000 family of routers for Cisco IOS Release 12.0(7)T.
The Cisco 7100 Series VPN Router is a full-featured, high-end, integrated Virtual Private Network (VPN) solution melding high-speed, industry-leading routing with a comprehensive suite of VPN services. The Cisco 7100 Series VPN Router integrates key features of VPNs—tunneling, data encryption, security, firewall, advanced bandwidth management, and service level validation—to provide secure, scalable VPN platforms to better and more cost-effectively accommodate remote-access, remote-office, and extranet connectivity using public data services. The Cisco 7100 Series VPN Router offers specific hardware configurations optimized for VPN applications and network topologies. Embedded WAN and Fast Ethernet interfaces combined with high-performance routing and rich VPN services provide turnkey VPN routing solutions.
The Cisco 7100 series consists of two VPN routers, the Cisco 7120 and the Cisco 7140. The Cisco 7120 is the entry-level Cisco 7100 series VPN router, integrating high-performance, industry-leading routing with scalable VPN security and bandwidth management to provide cost-effective, comprehensive VPN solutions for larger regional offices and headquarters. The Cisco 7120 comes in six different models defined by WAN interface. The Cisco 7140 series provides superior routing and VPN services performance for the most demanding VPN deployments, as well as dual WAN interfaces and power supplies for increased VPN solution reliability. The Cisco 7140 comes in five different models defined by WAN interface.
The PA-GE is a single-port port adapter that, when combined with the appropriate optical fiber cable and a Gigabit Interface Converter (GBIC), provides one Gigabit Ethernet (GE) interface that is compliant with the IEEE 802.3z specification. The GE interface on a PA-GE operates in full-duplex mode. The PA-GE is supported by the Cisco 7200 VXR routers. Please note that this port adapter is not currently supported by the fourth-generation Versatile Interface Processor (VIP4). See the following document for further information:
http://www.cisco.com/univercd/cc/td/doc/product/core/7200vx/72vxpa/7188page/index.htm
Two-port versions of the Multichannel DS1/PRI and Multichannel E1/PRI port adapters are now available for Cisco IOS Release 12.0(7)T.
The following new software features are supported by the Cisco 7000 family of routers for Cisco IOS Release 12.0(7)T.
The Memory Scan feature for Cisco 7500 series router Route Switch Processor (RSP) modules adds a low-priority background process that searches all installed DRAM for possible parity errors. The process runs every 60 seconds and can be controlled and monitored with new command line interface commands.
Cisco Secure Integrated Software (Cisco Secure IS, previously known as the Cisco IOS Firewall Feature Set) enhancements provide audio, video, and multimedia application support.
The Cisco Secure IS H.323 V2 and RTSP inspection feature provides firewall support for multimedia applications that require delivery of data with real-time properties such as audio and video conferencing. Cisco Secure IS has been enhanced to inspect these multimedia application protocols:
RTSP is the IETF standards-based protocol (RFC 2326) for controlling the delivery of real-time data, such as audio and video streams. It is useful for large-scale broadcasts and audio or video on-demand streaming and is supported by a variety of vendors of streaming audio and video multimedia, including Cisco IP/TV, RealNetworks RealAudio G2 Player, and Apple QuickTime 4 software.
H.323 is an International Telecommunications Union (ITU) recommendation that sets standards for multimedia communications including audio and videoconferencing. Cisco Secure IS supports H.323 inspection, including H.323 Version 2 and H.323 Version 1. H.323 V2 provides additional options over H.323 V1, including a "fast start" option. H.323 V2 inspection is backward compatible with H.323 V1.
The Cisco Transaction Connection (CTRC) software feature provides the following functionality:
The Dynamic Multiple Encapsulations feature allows incoming calls over ISDN to be assigned an encapsulation type such as Frame Relay, PPP, or X.25 based on calling line identification (CLID) or DNIS. It also allows various encapsulation types and per-user configurations on the same ISDN B channel at different times according to the type of incoming call.
The Dynamic Multiple Encapsulations feature allows per-user configuration for each dial-in caller on any ingress ISDN B channel on which encapsulation can be run independently from other B channels on the same ISDN link. The caller is identified by CLID (caller ID) or DNIS to ensure that only incoming calls with authorization and valid user profiles are accepted. When PPP is used, authentication and profile binding can also be done by PPP name.
In addition, a large set of user profiles can be stored in dialer profiles locally or on a remote AAA server. (For large scale dial-in, storing user-specific configurations on a remote server becomes necessary for enhancing expandability and local memory efficiency.) However, whether stored locally or on a remote AAA server, the user-specific encapsulation and configuration can be applied to individual B channels dynamically and independently.
Dynamic multiple encapsulation is especially important in Europe where ISDN is relatively inexpensive and maximum use of all 30 B channels on the same ISDN link is desirable. Further, the feature removes the need to statically dedicate channels to a particular encapsulation and configuration type, and improves channel usage.
Formerly, if compression of TCP or Real-Time Transport Protocol (RTP) headers was enabled, compression was performed in the process-switching path. That meant that packets traversing interfaces that had TCP or RTP header compression enabled were queued and passed up to the process to be switched. This procedure slowed down transmission of the packet, and therefore some users preferred to fast-switch uncompressed TCP and RTP packets.
Now, if TCP or RTP header compression is enabled, compression occurs by default in the fast-switched path or the Cisco Express Forwarding-switched (CEF-switched) path, depending on which switching method is enabled on the interface. Furthermore, the number of TCP and RTP header compression connections is increased to a thousand connections each.
If neither fast switching nor CEF switching is enabled and TCP or RTP header compression is enabled, compression occurs in the process-switched path as before.
The Interface MIB Implementation for ATM Subinterfaces feature involves the implementation of the Interface MIB (RFC 2233) for ATM subinterfaces. Network managers can now query for the MIB variables on a per-subinterface basis. Because the implementation of this feature is in platform-independent code, this feature is supported on all Cisco ATM interfaces and port adapters on which speeds are at or above OC-3.
The Low Latency Queueing feature brings strict priority queueing to Class-Based Weighted Fair Queueing (CBWFQ). Strict priority queueing allows delay-sensitive data, such as voice, to be dequeued and sent first (before packets in other queues are dequeued), giving delay-sensitive data preferential treatment over other traffic.
Without Low Latency Queueing, CBWFQ provides weighted fair queueing based on defined classes with no strict priority queue available for real-time traffic. CBWFQ allows you to define traffic classes and then assign characteristics to that class. For example, you can designate the minimum bandwidth delivered to the class during congestion.
For CBWFQ, the weight for a packet belonging to a specific class is derived from the bandwidth you assigned to the class when you configured it. Therefore, the bandwidth assigned to the packets of a class determines the order in which packets are sent. All packets are serviced fairly based on weight; no class of packets may be granted strict priority.This scheme poses problems for voice traffic that is largely intolerant of delay, especially variation in delay. For voice traffic, variations in delay introduce irregularities of transmission manifesting as jitter in the heard conversation.
The Low Latency Queueing feature provides strict priority queueing for CBWFQ, reducing jitter in voice conversations. Configured by the priority command, Low Latency Queueing enables use of a single, strict priority queue within CBWFQ at the class level, allowing you to direct traffic belonging to a class to the CBWFQ strict priority queue.
In the event of congestion, when the bandwidth is exceeded, policing is used to drop packets. Voice traffic enqueued to the priority queue is UDP-based and therefore not adaptive to the early packet drop characteristic of Weighted Random Early Detection (WRED).
When congestion occurs, traffic destined for the priority queue is metered to ensure that the bandwidth allocation configured for the class to which the traffic belongs is not exceeded.
MPLS Virtual Private Networks (VPNs) now support switching and accounting of Inter-Switch Link (ISL) encapsulated MPLS packets on Fast Ethernet port adapters.
Multiprotocol Label Switching (MPLS) traffic engineering software does the following tasks:
The Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) enhancements provide increased BGP functionality which enables users to manage and route traffic within a VPN. These MPLS VPN enhancements allow users to perform the following tasks:
Multicast Source Discovery Protocol (MSDP) connects multiple Protocol Independent Multicast (PIM) sparse-mode (SM) domains. MSDP allows multicast sources for a group to be known to all rendezvous points (RPs) in different domains. Each PIM-SM domain uses its own RPs and need not depend on RPs in other domains. An RP runs MSDP over TCP to discover multicast sources in other domains.
An RP in a PIM-SM domain has an MSDP peering relationship with MSDP-enabled routers in another domain. The peering relationship occurs over a TCP connection, where primarily a list of sources sending to multicast groups is exchanged. The TCP connections between RPs are achieved by the underlying routing system. The receiving RP uses the source lists to establish a source path.
The purpose of this topology is to have domains discover multicast sources in other domains. If the multicast sources are of interest to a domain that has receivers, multicast data is delivered over the normal, source-tree building mechanism in PIM-SM.
MSDP is also used to announce sources sending to a group. These announcements must originate at the domain's RP.
MSDP depends heavily on (M)BGP for interdomain operation. You should run MSDP in your domain's RPs that act as sources, sending to global groups for announcement to the Internet.
The Offload Alias feature allows multihomed IP addresses for offload devices. This feature enables dispatch-based load-balancing access to mainframe hosts through TCP/IP offload devices that are configured on a CMCC adapter. The Offload Alias feature supports load-balancing access to multiple hosts by allowing you to configure multiple real IP addresses to an offload device on a CMCC adapter. Each of the real IP addresses is associated with a common single virtual IP address, or alias, for client access.
RPM diagnostics can now be run at start up, from the command line, or from the Scheduler.
SNASw provides an easier way than earlier methods to design and implement networks with Systems Network Architecture (SNA) routing requirements. Previously, this network design was accomplished using Advanced Peer-to-Peer Networking (APPN) with full network node (NN) support in the Cisco router. This type of support provided the SNA routing functionality needed but was inconsistent with the trends in enterprise networks today. The corporate intranet is replacing the SNA WAN. Enterprises are replacing their traditional SNA network with an IP infrastructure that supports traffic from a variety of clients, using a variety of protocols, requiring access to applications on a variety of platforms, including SNA applications on enterprise servers.
Although SNA routing is still required when multiple servers must be accessed, the number of nodes required to perform this function is decreasing as the IP infrastructure grows and as the amount of native SNA traffic in the network decreases.
SNASw enables an enterprise to develop its IP infrastructure while meeting SNA routing requirements.
The X.25 specification for Closed User Groups (CUG):
This feature permits X.25 local acknowledgment on any router and allows switching between devices with unmatched window and data packet sizes---asymmetrical flow control.
With this feature, Cisco IOS software now supports local acknowledgment in addition to end-to-end acknowledgment, asymmetrical window and packet sizes, and further enhancements to flow control parameter negotiation.
Prior to this feature, end-to-end acknowledgment was the only option. This condition resulted in lower overall throughput and restrictive performance because an endpoint could only have a maximum number of its packets in transit at any given time. It could not send more packets until all had been acknowledged by the transmission and receipt of the delivery confirming packet containing the D-bit.
Window size dictates the number of packets that can be sent before the window closes. At this point, no more packets can be sent until a local acknowledgment is transmitted by the router. Packet size is the maximum size of packets a router can send or receive.
The X.25 Switch Local Acknowledgment feature applies to all switched services such as X.25, CMNS, XOT, and Annex G, and may be used wherever X.25 routing is configured. The main components of this feature are local acknowledgment, flow control parameter negotiation, and asymmetrical windows and packets.
The Virtual Private Network (VPN) Tunnel Management feature provides network administrators with two new functions for managing VPN tunnels:
These functions can be used on either end of a VPN tunnel—the Network Access Server (NAS) or on the home gateway.
When this feature is enabled, Multichassis Multilink PPP (MMP) Layer 2 Forwarding (L2F) tunnels can still be created and established.
In past Cisco IOS releases, RADIUS hosts were uniquely identified by their IP address; therefore, only one definition of a RADIUS server per IP address was allowed. The Configuring RADIUS for Multiple UDP Ports feature expands RADIUS implementation so that RADIUS security servers are identified on the basis of their IP address and specific UDP port numbers. The combination of the IP address and UDP port number creates a unique identifier, allowing different ports to be individually defined as RADIUS hosts providing a specific AAA service. In other words, this unique identifier enables RADIUS requests to be sent to different UDP ports on a server at the same IP address. If two different host entries on the same RADIUS server are configured for the same service---for example, accounting---the second host entry configured acts as fail-over backup to the first one. Using this example, if the first host entry fails to provide accounting services, the network access server will try the second host entry configured on the same device for accounting services. (The RADIUS host entries will be tried in the order they are configured.)
The Configuring RADIUS for Multiple UDP Ports feature also applies to RADIUS server groups---server groups can now include multiple service definitions for host entries for the same server, as long as each entry has a unique identifier.
In past Cisco IOS releases, authentication and accounting services (otherwise referred to as AAA services) have been implemented in one of the following methods:
With Cisco IOS Release 12.0(6)T, you can now select a AAA server group (to which authentication and accounting requests will be sent) using DNIS. Using this new Selecting AAA Server Groups Based on DNIS feature, you can specify the same server group for AAA services or a separate server group for each AAA service. You can now configure authentication and accounting on different physical devices and provide fail-over backup support.
This feature obsoletes the previous Cisco IOS Release 12.0(2)T AAA DNIS Map feature.
Routing policies for a peer include all the configurations such as route-map, distribute-list, prefix-list, and filter-list that may impact inbound or outbound routing table updates. Whenever there is a change in the routing policy, the BGP session must be cleared, or reset, for the new policy to take effect. There are two types of reset, hard reset and soft reset.
Clearing a BGP session using a hard reset invalidates the cache and results in a negative impact on the operation of networks as the information in the cache becomes unavailable.
Soft reset is recommended because it allows routing tables to be reconfigured and activated without clearing the BGP session. Soft reset is done on a per-neighbor basis. There are two types of soft reset:
Previously, in order to perform a soft reset for inbound routing table updates, the neighbor soft-reconfiguration command directed the Cisco IOS software in the local BGP router to store all received (inbound) routing policy updates without modification. This method is memory-intensive and not recommended unless absolutely necessary. (Outbound updates have never required the extra memory and are not affected by this feature.)
With this software release, the BGP Soft Reset Enhancement feature provides automatic support for dynamic soft reset of inbound BGP routing table updates that is not dependent upon stored routing table update information. The new method requires no preconfiguration (as with the neighbor soft-reconfiguration command) and requires much less memory than the previous soft reset method for inbound routing table updates.
The IP Summary Address for RIP feature enables Cisco routers running RIPv2 to advertise a summarized local IP address pool on a network access server so that the address pool can be provided to dialup clients. For example, if a local IP address pool of 10.1.1.1 to 10.1.1.254 is configured on the network access server, you could configure the ip summary-address rip 10.1.1.0 255.255.255.0 command on the network access server port that provides addresses to dialup clients to cause the router to advertise 10.1.1.0/24 routes to dialup clients. Because a summary route is advertised, advertisement of the /32 host routes (installed when the dialup client connects) is suppressed so that the router does not advertise these routes to the network access server interface.
When RIP determines that a summary address is required in the RIP database, a summary entry is created in the RIP routing database. As long as there are "child" routes (routes that are created for any combination of the individual IP addresses contained within a summary address), this summary address, the address remains in the routing database. When the last child route is removed, the summary entry also is removed from the database. This method of handling database entries reduces the number of entries in the database because each child route is not listed in an entry, and the aggregate entry itself is removed when there are no longer any valid child routes for it. RIPv2 route summarization requires that the lowest metric of the "best route" of an aggregated entry, or the lowest metric of all current child routes, be advertised.
The best metric for aggregated summarized routes is calculated at route initialization or when there are metric modifications of specific routes at advertisement time, and not at the time the aggregated routes are advertised.
The Cisco H.323 gateway now supports the use of CryptoH323Tokens for authentication. The CryptoH323Token is defined in H.225 Version 2 and is used in a "password-with-hashing" security scheme as described in section 10.3.3 of the H.235 specification.
A cryptoToken can be included in any RAS message and is used to authenticate the sender of the message. You can use a separate database for user ID and password verification.
With this release, Cisco H.323 gateways support three levels of authentication:
CryptoTokens for registration requests (RRQ), unregistration request (URQ), disengage request (DRQ) and the terminating side of admission request (ARQ) messages contain information about the gateway that generated the token, including the gateway ID (which is the H.323 ID configured on the gateway) and the gateway password. CryptoTokens for the originating side ARQ messages contain information about the user that is placing the call, including the user ID and personal identification number (PIN).
This feature enables the Cisco gateway to provide information to the gatekeeper with the use of additional fields in the RAS (registration, admission, and status) messages.
Previously, the source gateway attempted to set up a call to a destination IP address as provided by the gatekeeper in an Admission Confirm (ACF) message. If
the gatekeeper was unable to resolve the destination E.164 phone number to an IP address, the incoming call was terminated.
This version of the H.323 software adds support to allow a gatekeeper to provide additional destination information and modify the destinationInfo field in the ACF.
The gateway will include the canMapAlias associated destination information in setting up the call to the destination gateway.
In conjunction with the canMapAlias functionality, this version includes support for the gatekeeper to indicate to the gateway that the call should be destined to a new E.164 number. The gatekeeper indicates this by sending an Admission Confirm message with an IP address of 0.0.0.0 in the destCallSignalAddress field and the new destination E.164 phone number in the destinationInfo field.
The gateway receiving such an ACF will fall back to routing the call based on this new E.164 address and performing a re-lookup of the gateway's configured dial plan. This might result in the call being routed back to the PSTN or to an H.323 endpoint.
The Alternate Gatekeeper feature provides redundancy for a gatekeeper in a system where gatekeepers are used. This enhancement allows a gateway to use up to two alternate gatekeepers as a backup in the case of a primary gatekeeper failure.
A gatekeeper manages H.323 endpoints in a consistent manner, allowing them to register with the gateway and to locate another gatekeeper. The gatekeeper provides logic variables for proxies or gateways in a call path, to provide connectivity with the public switched telephone network (PSTN), to improve Quality of Service (QoS), and to enforce security policies. Multiple gatekeepers may be configured to communicate with one another, either by integrating their addressing into Domain Naming System (DNS) or using Cisco IOS configuration options.
The Multicast BGP (MBGP) feature adds capabilities to BGP to enable multicast routing policy throughout the Internet and to connect multicast topologies within and between BGP autonomous systems. That is, MBGP is an enhanced BGP that carries IP multicast routes. BGP carries two sets of routes, one set for unicast routing and one set for multicast routing. The routes associated with multicast routing are used by the Protocol Independent Multicast (PIM) to build data distribution trees.
It is possible to configure BGP peers that exchange both unicast and multicast network layer reachability information (NLRI).
MBGP is useful when you want a link dedicated to multicast traffic, perhaps to limit which resources are used for which traffic. Perhaps you want all multicast traffic exchanged at one network access point (NAP). MBGP allows you to have a unicast routing topology different from a multicast routing topology. Thus, you have more control over your network and resources.
Prior to MBGP, the only way to perform interdomain multicast routing was to use the BGP infrastructure that was in place for unicast routing. If those routers were not multicast capable, or you had differing policies where you wanted multicast traffic to flow, you could not support it.
Internet Key Exchange (IKE) Mode Configuration, as defined by the Internet Engineering Task Force (IETF), allows a gateway to download an IP address (and other network level configuration) to the client as part of an IKE negotiation. Using this exchange, the gateway gives IP addresses to the IKE client to be used as an "inner" IP address encapsulated under IPSec. This provides a known IP address for the client which can be matched against Internet Protocol Security (IPSec) policy.
This feature implements IKE Mode Configuration into existing Cisco IOS IPSec software images. Using IKE Mode Configuration, you can configure a Cisco access server to download an IP address to a client as part of an IKE transaction.
The logging event command has been enhanced to enable or disable logging data-link connection identifier (DLCI) Change and subinterface UPDOWN console messages on Cisco 7200 and Cisco 7500 series routers. The logging event dlci-status-change and logging event subif-link-status commands are used to enable logging.
The display on the show frame-relay pvc command has been enhanced on Cisco 7200 and Cisco 7500 series routers to include a table showing the number of PVCs in their various states.
There are no new hardware features supported by the Cisco 7000 family of routers for Cisco IOS Release 12.0(5)T.
The following new software features are supported by the Cisco 7000 family of routers for Cisco IOS Release 12.0(5)T.
To improve the ATM LAN Emulation (LANE) Simple Server Redundancy Protocol (SSRP), Cisco has introduced the ATM LANE Fast Simple Server Redundancy Protocol (FSSRP). FSSRP differs from LANE SSRP in that all configured LANE servers of an emulated LAN (ELAN) are always active. FSSRP-enabled LANE clients have VCs linked to up to four LANE server broadcast-and-unknown servers (BUSs). If a LANE server goes down, the LANE client quickly switches over to a new LANE server and BUS resulting in no data or LE-ARP table entry losses and no extraneous signalling.
The Class-Based Weighted Fair Queueing (CBWFQ) feature extends the standard WFQ functionality to provide support for user-defined traffic classes. For CBWFQ, you define traffic classes based on match criteria including protocols, access control lists (ACLs), and input interfaces. Packets satisfying the match criteria for a class constitute the traffic for that class. A queue is reserved for each class, and traffic belonging to a class is directed to the queue of that class.
Cisco Networking Services (CNS) Client feature for Cisco IOS software enables authenticated directory access. CNS Client for Cisco IOS software includes the following components:
LDAP V.3 client functionality enables Cisco IOS software-based applications to securely authenticate to a CNS for Active Directory (CNS/AD) server using Kerberos V.5 as security protocol to retrieve or store information such as policy and configuration data. Cisco IOS software-based applications publish or subscribe to events using CNS event services client, enabling external applications using the application programming interface (API) features of CNS to receive events or publish events to the Cisco IOS device. This Cisco IOS software-based device will use CNS locator services client to locate the nearest directory server using Domain Name System. The administrator need not configure the device to locate the nearest directory server.
All the above-mentioned functionality is intended for use by internal Cisco IOS application developers. CNS IPSec VPN provisioning agent enables the router to retrieve IPSec policies stored in the CNS/AD server and configure itself, automating the provisioning of customer premises equipment devices for IPSec VPN. CNS provisioning agent enables Cisco IOS device to be provisioned using CNS event services.
Managing a large TCP/IP network requires accurate and up-to-date maintenance of IP addresses and X.121 address mapping information on each router database in the network. Currently, this data is managed manually. Because these addresses are constantly being added and removed in the network, the routing table of every router frequently needs to be updated, which is a time-consuming and error-prone task.
X.25 has long operated over an IP network, specifically using Transmission Control Protocol (TCP) as a reliable transport mechanism. This method is known as X.25 over TCP (XOT). However, large networks and financial legacy environments experienced problems with the amount of route configuration that needed to be performed manually because each router switching calls over TCP needed every destination configured. Every destination from the host router needed a static IP route statement, and for larger environments, these destinations could be as much as several thousand per router. Until now, the only way to map X.121 addresses and IP addresses was on a one-to-one basis using the x25 route x121address xot ipaddress command.
The solution to this problem was to centralize route configuration that routers could then access for their connectivity needs. This centralization is the function of the DNS-Based X.25 Routing feature, because the DNS server is a database of all domains and addresses on a network.
The Cisco IOS Firewall feature set, available for a wide range of Cisco router platforms, adds greater depth and flexibility to existing Cisco IOS software security capabilities, enriching features such as authentication, encryption, and failover with robust firewall functionality and intrusion detection. A Cisco IOS software-based, integrated firewall solution scales to meet the bandwidth and performance requirements of any network. It also maximizes a Cisco router investment by combining multiprotocol routing functionality with sophisticated security policy enforcement throughout the network.
The Cisco IOS Firewall feature set delivers cost-effective perimeter security packaged with advanced features like stateful, application-based filtering, dynamic per-user authentication and authorization, defense against network attacks, Java blocking, and real-time alerts. Because it is completely interoperable with Cisco IOS software features including NAT, VPN tunneling protocols, Cisco Express Forwarding (CEF), AAA extensions, Cisco encryption technology, and Cisco IOS IPSec, It is a complete, integrated VPN solution.
The Frame Relay End-to-End Keepalive feature enables the router to keep track of permanent virtual circuit (PVC) status, independent of the switches in the Frame Relay network. The routers at both ends of a PVC in a Frame Relay network engage in a keepalive session where one router issues keepalive messages and the router at the other end of the PVC connection responds. The time interval for the keepalive is configurable and is enabled on a per-PVC basis. As long as the keepalive-issuing router receives response messages, the PVC status is up. When response messages are not received (because of line failure, a faulty switch in the Frame Relay network, or a router failure), the PVC is down. This mechanism enables bidirectional communication of PVC status to both routers at the ends of a PVC connection.
The IP Multicast Multilayer Switching (MLS) feature provides high-performance, hardware-based, Layer 3 switching of IP multicast traffic for routers connected to Catalyst 5000 series LAN switches.
An IP multicast flow is a unidirectional sequence of packets between a multicast source and the members of a destination multicast group. Flows are based on the IP address of the source device and the destination IP multicast group address.
The packet forwarding function is moved onto the connected Layer 3 switch whenever a supported path exists between a source and members of a multicast group. Packets that do not have a supported path to reach their destinations are still forwarded in software by routers. Protocol Independent Multicast is used for route determination.
The new IP RTP Priority feature provides a strict priority queueing scheme for delay-sensitive data such as voice. Voice traffic can be identified by its Real-Time Transport Protocol (RTP) port numbers and classified into a priority queue configured by the ip rtp priority command. The result is that voice is serviced as strict priority in preference to other nonvoice traffic.
This feature extends and improves on the functionality offered by the IP RTP Reserve feature by allowing you to specify a range of UDP/RTP ports whose voice traffic is guaranteed strict priority service over any other queues or classes using the same output interface. Strict priority means that if packets exist in the priority queue, they are dequeued and sent first—that is, before packets in other queues are dequeued. It is recommended that you use the ip rtp priority command instead of the ip rtp reserve command for voice configurations.
The IPX Multilayer Switching (IPX MLS) feature provides high-performance, hardware-based, Layer 3 switching for Catalyst 5000 series LAN switches. IPX data packet flows are switched between networks, off-loading processor-intensive packet routing from network routers.
Whenever a partial or complete switched path exists between two hosts, packet forwarding occurs on Layer 3 switches. Packets without such a path are still forwarded by routers to their destinations. Standard routing protocols—such as Routing Information Protocol, Enhanced Interior Gateway Protocol, and NetWare Link Services Protocol—are used for route determination.
IPX MLS also allows you to debug and trace flows in your network. Use MLS explorer packets to identify which switch is handling a particular flow. These packets aid you in path detection and troubleshooting.
As IS-IS networks grow, they are usually organized into a backbone area (Level 2) connected to local areas (Level 1). Routers establish Level 1 adjacencies to perform local area routing, and Level 2 adjacencies to perform routing between Level 1 areas. Previously, a Cisco router could route between the backbone (Level 2) area and at most a single Level 1 area.
The IS-IS Multiarea Support feature supports configuration of multiple Level 1 IS-IS areas on a single router. This configuration is especially useful in networks where devices support only Level 1 routing and are organized in a number of small Level 1 areas that cannot be aggregated for performance reasons.
The Layer 2 Tunneling Protocol (L2TP) Dial-Out feature enables L2TP Network Servers (LNSs) to tunnel dial-out VPDN calls using L2TP as the tunneling protocol. This feature enables a centralized network to efficiently and inexpensively establish a virtual point-to-point connection with any number of remote offices.
Using the L2TP Dial-Out feature, Cisco routers can carry both dial-in and dial-out calls in the same L2TP tunnels.
Previously, only dial-in VPDN calls were supported.
L2TP dial-out involves two devices: an LNS and an L2TP Access Concentrator (LAC). When the LNS wants to perform L2TP dial-out, it negotiates an L2TP tunnel with the LAC. The LAC then places a PPP call to the client(s) the LNS wants to dial-out to.
The LU Pooling (ASSOCIATE) and Response Time MIB feature contains several TN3270 server configuration enhancements:
The Multiprotocol Label Switching (MPLS) Class of Service (CoS) feature enables network administrators to provide differentiated types of service across an MPLS network. Differentiated service satisfies a range of requirements by supplying for each packet sent the particular kind of service specified for that packet by its CoS. Service can be specified in different ways, for example, through use of the IP precedence bit settings in IP packets or in source and destination addresses.
The Multiprotocol Label Switching (MPLS) IP Virtual Private Network (VPN) feature for allows a Cisco IOS network to deploy scalable IPv4 Layer 3 VPN backbone services. An IP VPN is the foundation companies use for deploying or administering value-added services such as applications and data hosting network commerce, and telephony services to business customers.
In private LANs, IP-based intranets have fundamentally changed the way companies conduct their business. Companies are moving their business applications to their intranets to extend over a WAN. Companies are also embracing the needs of their customers, suppliers, and partners by using extranets (an intranet that encompasses multiple businesses). With extranets, companies reduce business process costs by facilitating supply-chain automation, electronic data interchange, and other forms of network commerce. To take advantage of this business opportunity, service providers must have an IP VPN infrastructure that delivers private network services to businesses over a public infrastructure.
The Multicast Routing Monitor (MRM) feature is a management diagnostic tool that provides network fault detection and isolation in a large multicast routing infrastructure. It is designed to notify a network administrator of multicast routing problems in near real time.
MRM has three components that play different roles: the Manager, the Test Sender, and the Test Receiver. The Manager can reside on the same device as the Test Sender or Test Receiver. You can test a multicast environment using test packets (perhaps before an upcoming multicast event), or you can monitor existing IP multicast traffic.
You create a test based on various test parameters, name the test, and start the test. The test runs in the background and the command prompt returns. If the Test Receiver detects an error (such as packet loss or duplicate packets), it sends an error report to the router configured as the Manager. The Manager immediately displays the error report. Also, by issuing a certain show command, you can see the error reports, if any. You then troubleshoot your multicast environment as normal, perhaps using the mtrace command from the source to the Test Receiver. If the show command displays no error reports, the Test Receiver is receiving test packets without loss or duplicates from the Test Sender.
The Network Director Forwarding Agent feature is an IOS-based packet redirector component of Cisco Network Director, the latest offering in the Cisco family of load balancing solutions. The Network Director Forwarding Agent feature implements two new architectures, the Cisco Applications and Services Architecture and the Cisco patented Multinode Load Balancing Architecture.
Each Forwarding Agent "learns" the destination of specific connection requests and forwards packets between the appropriate client and chosen destination. When a Forwarding Agent receives a connection request, the request is forwarded to the Services Manager, the LocalDirector-based component of Cisco Network Director. The Services Manager makes the load balancing decision and instructs the Forwarding Agents with the optimal destination. After destination selection, session data is forwarded directly to the destination without further Services Manager participation. There is no limit to the number of Forwarding Agents that can be configured in the Network Director solution.
The PGM Router Assist feature allows Cisco routers to support the optimal operation of Pragmatic General Multicast (PGM). The PGM Reliable Transport Protocol itself is implemented on the hosts of the customer.
PGM is a reliable multicast transport protocol for applications that require ordered, duplicate-free, multicast data delivery from multiple sources to multiple receivers. PGM guarantees that a receiver in a multicast group either receives all data packets from transmissions and retransmissions, or can detect unrecoverable data packet loss. PGM is intended as a solution for multicast applications with basic reliability requirements. It is network-layer independent; The Cisco implementation of the PGM Router Assist feature supports PGM over IP.
The Service Assurance (SA) Agent is both an enhancement to and a new name for the Response Time Reporter (RTR) feature that was introduced in Cisco IOS Release 11.2. The feature allows you to monitor network performance by measuring key Service Level Agreement metrics such as response time, network resources, availability, jitter, connect time, packet loss, and application performance.
With Cisco IOS Release 12.0(5)T, the SA Agent provides new capabilities that enable you to:
Resource Reservation Protocol (RSVP) is a signalling mechanism that supports request of specific levels of service such as reserved bandwidth from the network. RSVP and its service class definitions are largely independent of the underlying network technologies. This independence requires that a user define the mapping of RSVP onto subnetwork technologies.
The Subnetwork Bandwidth Manager (SBM) feature answers this requirement for RSVP in relation to IEEE 802-based networks. SBM specifies a signalling method and protocol for LAN-based admission control for RSVP flows. SBM allows RSVP-enabled routers and Layer 2 and Layer 3 devices to support reservation of LAN resources for RSVP-enabled data flows. The SBM signalling method is similar to that of RSVP itself. SBM protocol entities have the following features:
Static routes are used over a packet-switched data network in order to reduce volume-based costs of the network. Until now, if two routers were connected via multiple X.25 links (a primary and a secondary), a router could not detect failure of the primary link. If a failure occurred, the data was not transferred to the second link because X.25 was unable to determine whether remote links were up or down. Therefore X.25 could not use an alternate connection to a destination.
The X.25 Remote Failure Detection feature is important for X.25 users because now, after a primary link failure, the router can establish a secondary link and continue sending data. This feature is a way for the router to detect a call failure and to use a secondary route to send subsequent packets to the remote destination, at the same time as making periodic attempts to reconnect to its primary link.
The following new hardware features are supported by the Cisco 7000 family of routers in Cisco IOS Release 12.0(4)T.
The PA-A3 ATM port adapters (PA-A3-T3, PA-A3-E3, PA-A3-OC3MM, PA-A3-OC3SMI, and PA-A3-OC3SML) available on Cisco 7500 series routers now support the following new features:
The PA-A3 ATM port adapters support multiplexing of one or more virtual circuits (VCs) over a virtual path (VP) that is shaped at a constant bandwidth. To use this feature, you configure a permanent virtual path (PVP) with a specific virtual path identifier (VPI). Any VCs that are created subsequently with the same VPI are multiplexed onto this VP; the traffic parameters of individual VCs are ignored.
The PA-A3 port adapters were introduced in Cisco IOS Release 11.1(19)CC. With Release 12.0(4)T, they now support Basic Cisco LAN Emulation (LANE) support based on ATM Forum LANE Specification 1.0. This basic LANE support includes IP and IPX protocols only. This LANE support does not include IOS Release 11.2 or 11.3 Cisco ATM or LANE features such as UNI 3.1, SSRP, HSRP, and so forth. Extended AppleTalk is not supported over LANE in this release.
The following new software features are supported by the Cisco 7000 family of routers in Cisco IOS Release 12.0(4)T.
The Voice over Frame Relay (VoFR) capabilities that were introduced on the Cisco MC3810 multiservice access concentrator beginning with Cisco IOS Release 11.3 are now extended to the Cisco 2600 series, 3600 series, and 7200 series router platforms. The following additional functionality is being supported in Release 12.0(4)T:
When VoFR is implemented on a Cisco router, the router is able to carry voice traffic, such as telephone calls and faxes, over a Frame Relay network.
This feature also adds support for full FRF.11 and FRF.12 compliance to the Cisco MC3810, and is backward-compatible with earlier versions of the Cisco MC3810, which used a fragmentation format based on an early draft version of FRF.12.
The compress interface configuration command has been modified to provide added functionality for Link Access Procedure Balanced (LAPB), Point-to-Point Protocol(PPP), and High Level Data Link Control (HDLC) encapsulations on Cisco 7000 series routers with RSP7000, Cisco 7200 series, and Cisco 7500 series routers. The compress command enhancements allow users to configure LAPB, PPP, and HDLC encapsulations based on throughput versus compression ratios. The ratio command adjusts throughput versus compression ratios.
The following new software features are supported by the Cisco 7000 family of routers in Cisco IOS Release 12.0(3)T.
The Cisco IOS Firewall feature set extends the security technology currently available in Cisco IOS software to provide firewall-specific capabilities. In Cisco IOS Release 12.0(3)T, support for the firewall feature set has been extended to Cisco 7200 series routers.
Annex G (X.25 over Frame Relay) facilitates the migration from an X.25 backbone to a Frame Relay backbone by permitting encapsulation of CCITT X.25/X.75 traffic within a Frame Relay connection. Annex G has developed to accommodate the many Cisco customers in Europe, where X.25 still is a popular protocol. With Annex G, the process of transporting X.25 over Frame Relay has been simplified by allowing direct X.25 encapsulation over a Frame Relay network.
This simple process is largely achieved using X.25 profiles (similar to dialer profiles), which were created to streamline the configuration of X.25 on a per data-link connection identifier (DLCI) basis. X.25 profiles can contain any existing X.25 command and, once created and named, can be simultaneously associated with more than one Annex G DLCI connection by using the profile name.
Cisco Multipath Channel+ (CMPC+) is Cisco's implementation of IBM's MPC+ feature. The CMPC+ feature in Cisco IOS Release 12.0(3)T supports MPC+ features and protocols necessary to support IP. CMPC+ enables High Performance Data Transfer (HPDT). It allows TCP/IP connections to the host through Cisco Mainframe Channel Connection (CMCC) adapters, using either the TCP/IP stack or the High Speed Access Services (HSAS) IP stack.
The Multilink Point to Point Protocol (MLP) Inverse Multiplexer feature allows you to combine multiple T1/E1 lines in a Versatile Interface Processor (VIP) T1/E1 interface into a bundle that has the combined bandwidth of the multiple T1/E1 lines. This is done by using a VIP MLP link. You choose the number of bundles and the number of T1/E1 lines in each bundle. This allows you to increase the bandwidth of your network links beyond that of a single T1/E1 line without having to purchase a T3 line.
The addition of the CISCO-PROCESS-MIB and changes to the CISCO-MEMORY-POOL-MIB allow the retrieval of additional CPU and memory statistics and their reporting by Sample Network Management Protocol (SNMP). The CISCO-PROCESS-MIB provides CPU 5-second, 1-minute, and 5-minute statistics. In addition, this MIB provides CPU utilization and memory allocation and deallocation statistics for each process on each CPU listed in the CISCO-PROCESS-MIB.
The CISCO-PROCESS-MIB is enabled when the first SNMP command is configured. The background statistics collection for VIP cards and the master CPU occurs even if the SNMP subsystem is not initialized.
The Response Time Reporter (RTR) feature allows you to monitor network performance, network resources, and applications by measuring response times and availability. RTR statistics can be used to perform troubleshooting, problem notifications, and pre-problem analysis. The RTR enhancements extend IP support, such as Type of Service, and allow you to measure various types of IP traffic, such as User Datagram Protocol (UDP), Transmission Control Protocol (TCP), and HTTP.
Simple Network Management Protocol version 3 (SNMPv3) addresses issues related to the large-scale deployment of SNMP for configuration, accounting and fault management. Currently SNMP is predominantly used for monitoring and performance management. The primary goal of SNMPv3 is to define a secure version of the SNMP protocol. SNMPv3 also facilitates remote configuration of the SNMP entities that make remote administration of SNMP entities a much simpler task. SNMPv3 builds on top of SNMPv1 and SNMPv2 to provide a secure environment for the management of systems and networks.
SNMPv3 provides an identification strategy for SNMP devices to facilitate communication only between known SNMP strategy. Each SNMP device has an identifier called the SNMP EngineID which is a copy of SNMP. Each SNMP message contains an SNMP EngineID. SNMP communication is possible only if an SNMP entity knows the identity of its peer SNMP device.
SNMPv3 also contains a security model or security strategy that exists between an SNMP user and the SNMP group to which the user belongs. A security model may define the security policy within an administrative domain or a intranet. The SNMPv3 protocol consists of the specification for the User based Security Model (USM).
Definition of security goals where the goals of message authentication service includes the following protection strategies:
Token Ring Multiprotocol over ATM (MPOA) allows Token Ring hosts in an ATM network to communicate over alternate paths (called shortcuts) through the ATM network, which bypasses intermediate router hops that would otherwise be encountered in the default path.
Token Ring MPOA is an extension to LAN Emulation (LANE). Using the Next Hop Resolution Protocol (NHRP), and MPOA server (MPS) on the router, and MPO clients (MPCs) on the ATM edge devices, a direct virtual channel connection (VCC) between the ingress and egress edge devices is established. Token Ring MPOA allows Token Ring LANE clients to forward unicast IP packets between subnets to other Token Ring LANE clients through this shortcut VCC path on the ATM network.
The Web Cache Communications Protocol allows Cisco IOS routing platforms to transparently redirect content requests (for example, web requests) from clients to a locally connected Cisco Cache Engine (or Cache Cluster) instead of to the intended origin server. When a Cache Engine receives such a request, it attempts to service it from its own local cache if the requested information is present. If not, the Cache Engine issues its own request to the originally requested server to get the required information. When the Cache Engine retrieves the requested information, it forwards it to the requesting client and caches it to fulfill future requests, thus maximizing download performance and significantly reducing WAN transmission costs.
WCCPv2 provides enhancements to WCCPv1, including:
As the number of users accessing the same host has grown, competition for these application resources has become a problem. Internet service providers (ISPs) have had to increase the number of users they could support by increasing the number of X.25 lines to the host.
In order to support a large number of virtual circuits (VCs) to a particular destination, configuration of more than one serial interface to that destination was needed. When a serial interface is configured to support X.25, there is a fixed number of VCs available for use.
Using a facility called "hunt-group" (the method for X.25 load balancing), a switch is able to view a pool of X.25 lines going to the same host as one address and assign VCs on an "idle logical channel" basis. With this feature, X.25 calls can be load-balanced among all configured outgoing interfaces to fully use and balance all managed lines. The benefits include the choice of two load-balancing distribution methods (rotary or vc-count) and improved performance of serial lines.
The Cisco Discovery Protocol (CDP) is a media-independent device discovery protocol that runs on all Cisco-Manufactured equipment, including routers, bridges, access servers, and switches. Each device sends periodic messages to a multicast address. Each device listens to the periodic messages sent by others in order to learn about neighboring devices and determine when their interfaces to the media go up or down. With CDP, network management applications can learn the device type and the SNMP agent address of neighboring devices. This process enables applications to send SNMP queries to neighboring devices.
CDP runs on all media that support Subnetwork Access Protocol (SNAP), including local-area network (LAN), Frame Relay, and Asynchronous Transfer Mode (ATM) media. CDP runs over the data link layer only. Therefore, two systems that support different network-layer protocols can learn about each other.
Each device configured for CDP sends periodic messages to a multicast address. Each device advertises at least one address at which it can receive SNMP messages. The advertisements also contain time-to-live, or holdtime, information, which indicates the time a receiving device should hold CDP information before discarding it.
Additions for Cisco Discovery Protocol (CDP) include the following:
The benefits include, transparent support of X.25 encapsulation over the Frame Relay network; direct X.25 configurations on a per DLCI basis; use of multiple Annex G DLCIs use the same X.25 profile; multiple logical X.25 SVCs per Annex G link, and the fact that Cisco routers already contain the functionality necessary to perform the framing and frame removal required by Annex G.
The SLIP-PPP Banner section of this feature enables you to configure the banner that is displayed when making a SLIP connection. This improves compatibility with non-Cisco SLIP dial-up software.
The Banner Tokens section of this feature introduces the use of tokens to all existing banner commands. Tokens allow you to display current information from the configuration, such as the router's hostname, IP address, encapsulation type, and MTU size.
This feature provides a mechanism to penalize the flows that do not respond to Weighted Random Early Detection (WRED) drops. This feature is provided as an extension to the existing WRED functionality and can be turned on after WRED is turned on.
Flow-WRED ensures that no single flow can hog all the buffer resources at the output interface queue. With WRED alone, this can occur in the presence of traffic sources that do not back off during congestion. Flow-WRED maintains minimal information about the buffer occupancy per flow. Whenever a flow exceeds its share of the output interface buffer resource the packets of the flow are penalized by increasing the probability of their drop (by WRED).
This feature comprises the second phase of the IP to ATM Class of Service (CoS) feature made available with Release 11.1(22)CC. IP to ATM CoS with VC Bundle Management carries forward support for all commands and functionality provided by the first released phase of the feature, extending that support to operation on the Cisco 7200 series routers and enhancing it to include support for ATM VC bundle management.
ATM VC Bundle Management allows you to configure multiple permanent virtual circuits (PVCs) that have different quality of service (QoS) characteristics between any pair of ATM-connected routers. These VCs are grouped together in a bundle and are referred to as bundle members.
You define an ATM VC bundle and add VCs to it. Each VC of a bundle has its own ATM traffic class and ATM traffic parameters.You can apply attributes and characteristics to discrete VC bundle members or you can apply them collectively at the bundle level.
Using VC bundles, you can create differentiated service by flexibly distributing IP precedence levels over the different VC bundle members. You can map a single precedence level or a range of levels to each discrete VC in the bundle thereby enabling individual VCs in the bundle to carry packets marked with different precedence levels. You can use WRED to further differentiate service across traffic that has different IP precedence but that uses the same VC in a bundle.
The RSVP-ATM QoS networking feature provides support for Controlled Load Services using RSVP over an ATM core network. This feature requires the ability to signal for SVCs across the ATM cloud in response to RSVP reservation messages. To meet this requirement, RSVP over ATM supports mapping of RSVP sessions to ATM nonbroadcast multi-access (NBMA) switched virtual circuits (SVCs).
RSVP over ATM allows you to configure an interface or subinterface to dynamically create SVCs in response to RSVP reservation requests. To ensure defined quality of service (QoS), these SVCs are established having QoS profiles consistent with the mapped RSVP flowspecs. To further support QoS, this feature allows you to configure the IP Precedence and ToS values to be used for packets that conform to or exceed QoS profiles. Moreover, it allows you to attach DWRED group definitions to the (PA-A3 ATM port adapter) interface to support per-VC DWRED drop policy, which ensures that if packets must be dropped, then best-effort packets are dropped first and not those that conform to the appropriate QoS determined by the RSVP's token bucket.
IP policy routing now works with Cisco Express Forwarding (CEF), Distributed CEF (DCEF), NetFlow, and NetFlow with flow acceleration.
IP policy routing was formerly supported only in fastswitching and process-switching. Furthermore, support in fastswitching was limited. This was because the routing table sometimes had to be consulted before packets could be policy-routed, which was too expensive or impossible in the fast-switching path.
In a network with multiple capable paths, the Data Link Switching Plus (DLSw+) Load Balancing Enhancements feature improves traffic load balancing between peers by distributing new circuits based on existing loads and the desired ratio.
For each capable peer (peers that have the lowest or equal cost specified), the DLSw+ Load Balancing feature calculates the difference between the desired and the actual ratio of circuits being used on a peer. It detects the path that is underloaded in comparison to the other capable peers and assigns new circuits to that path until the desired ratio is achieved.
The DLSw+ Peer Clusters feature reduces the explorer packet replication that typically occurs in a large DLSw+ Peer Group design, where there are multiple routers connected to the same LAN.
The DLSw+ Peer Clusters feature associates DLSw+ peers (that are connected to the same LAN) into logical groups. Once the multiple peers are defined in the same peer group cluster, the DLSw+ Border Peer recognizes that it does not have to forward explorers to more than one member within the same peer group cluster.
The DLSw+ RSVP Bandwidth Reservation feature allows DLSw+ to reserve network bandwidth for the DLSw+ TCP connection between DLSw+ peers.
Although it has been possible in the past to reserve bandwidth for a particular existing DLSw+ peer connection through the RSVP command line interface (CLI) support in Cisco IOS software, the CLI required prior knowledge of the TCP ports for which the reservation was being made. Because DLSw+ uses one well-known port and one randomly assigned port, the reservation could not be made until after the peer connection was active.
The DLSw+ RSVP feature permits new DLSw+ peer connections to automatically request bandwidth reservations upon connection, thereby removing the need for user intervention after the peer is connected. This feature ensures that the reservation will survive a network or device failure and that the DLSw+ traffic carried over a TCP connection is not affected by congestion.
The following new hardware features are supported by the Cisco 7000 family of routers in Cisco IOS Release 12.0(3)T.
The Cisco 7576, an extension of the industry-leading Cisco 7500 series router, is designed to meet the price and performance requirements of service provider and enterprise customers. It features greater density, performance, and system availability, while maintaining compatibility with the existing set of Cisco 7500 router interface processors.
Both routers within the Cisco 7576 are fully autonomous, and function as independent routers. This separation is achieved through a split backplane design, with each half supporting a separate set of independent Route Switch Processors (RSP-4), interface processors, port adapters, and Cisco IOS software images. The chassis's arbiter is logically separated, and the Cisco 7576 power supply system load shares across both backplanes in a fully redundant configuration.
Because both routers within Cisco 7576 are totally independent, there is no software dependency between them. This allows customers to install and test updated versions of Cisco IOS software on one router before deployment.
All existing Cisco 7500 series Interface Processor modules, Versatile Interface Processor modules, and their port adapters are fully compatible with the Cisco 7576 router.
Cisco IOS Release 12.0(3)T supports the Channelized E3 Port Adapter for the Cisco 7200 and 7500 series routers. The CE3 PA divides the E3 channel into four channelized E2 data channels and further into 16 E1 channels, all of which are compliant with the CCITT/ITU G.703 physical layer standard.
Cisco IOS Release 12.0(3)T supports the Channelized T3 (CT3) Port Adapter for the Cisco 7200 and 7500 series routers. The CT3 PA divides the DS3 channel into 28 individual T1 data channels. Each of the T1 channels can use the whole T1 bandwidth, a portion of the T1 bandwidth (Fractional T1) or use the T1 in channelized form for data transmission. Usable bandwidths for each fractional T1 are (N * 56K) or (N * 64K), where N is a number from 1 to 24. Channelized T1 allows up to 24 time slots (64 kbps or 56 kbps) per T1.
The Tag Switch Controller (TSC) is a tag switch router (TSR) that controls the operation of a separate ATM switch. Together, the router and ATM switch function as a single ATM Tag Switching router (ATM-TSR). A Cisco 7200 or 7500 series router acts as the TSC and a Cisco BPX 8600 Service Node (8620 wide area switch or 8650 IP+ATM switch) or a partner's switch acts as the VSI-controlled ATM switch. The TSC controls the ATM switch using the Cisco Virtual Switch Interface (VSI), which runs over an ATM link connecting the two.
There are no new features supported by the Cisco 7000 family of routers in Cisco IOS Release 12.0(2)T.
The following new features are supported by the Cisco 7000 family of routers in Cisco IOS Release 12.0(1)T. For easy online access, the feature descriptions are linked to the applicable Cisco IOS feature module if one exists. Click on the link to open the feature module.
The ATM PVC Trap Support feature provides Simple Network Management Protocol (SNMP) notification for permanent virtual circuit (PVC) failures, and it provides SNMP access to PVC status tables.
Normally, a management station is not notified when an Asynchronous Transfer Mode (ATM) PVC goes down. The ATM PVC Trap Support feature enables an agent to send the required PVC traps for this notification. It also provides support for these PVC status tables: atmCurrentlyFailingPVclTable and atmInterfaceExtTable.
The Command Line Interface (CLI) String Search feature allows you to search or filter the output of any show or more command. This is useful when you need to sort though large amounts of output, or if you want to exclude output that you do not need to see. CLI String Search also allows for searching and filtering at --More-- paging prompts.
With the search function, you can begin unfiltered output at the first line that contains a regular expression you specify. You can specify a maximum of one filter per command to either include or exclude output lines that contain the specified regular expression.
A regular expression is any word, phrase, number, and the like that appears in show or more command output.
With the introduction of Easy IP Phase 2, Cisco IOS software also supports Intelligent DHCP Relay functionality. A DHCP Relay Agent is any host that forwards DHCP packets between clients and servers. A DHCP Relay Agent enables the client and server to reside on separate subnets. If the Cisco IOS DHCP server cannot satisfy a DHCP request from its own database, it can forward the DHCP request to one or more secondary DHCP servers defined by the network administrator using standard Cisco IOS IP helper-address functionality.
Point-to-Point Protocol (PPP) over Asynchronous Transfer Mode (ATM) is now available on an ATM CES port adapter in a Cisco 7200-series router.
In previous releases of PPP over ATM, you configured permanent virtual circuits (PVCs) for PPP over ATM on point-to-point subinterfaces. In this release, each PPP over ATM connection no longer requires two interfaces, a virtual access interface and ATM subinterface. Instead, you can configure multiple PVCs for PPP over ATM on multipoint subinterfaces, thereby providing a significant increase in the number of PPP over ATM sessions per router. Also in this release, PPP over ATM is enhanced to support virtual circuit (VC) multiplexed encapsulation and complies with the Internet Engineering Task Force (IETF) draft on multiplexed encapsulation titled PPP over AAL5. The previous version of PPP over ATM supported only the Frame Forwarding data encapsulation (aal5ciscoppp).
This release of the PPP over ATM feature provides support for IETF-compliant PPP over ATM and significantly increases the maximum number of PPP over ATM sessions running on a router. The maximum number of PPP over ATM sessions supported on a platform depends on available system resources such as memory and CPU speed.
Cisco IOS IEEE 802.1Q provides support for IEEE 802.1Q encapsulation for virtual LANs (VLANs). Use this feature for VLANs consisting of IEEE 802.1Q-compliant switches.
IOS Spanning-Tree Protocol enhancements broaden the original IOS STP implementation with increased port identification capability, improved path cost determination, and support for a new VLAN bridge spanning-tree protocol.
The new Integrated Services Digital Network (ISDN) Management Information Base (MIB) RFC2127 has been designed to provide useful information in accordance with the IETF's new standard for the management of ISDN interfaces. It controls all aspects of ISDN interfaces. RFC2127 provides information on the physical Basic Rate Interfaces (BRIs), control and statistical information for B (bearer) and D (signaling) channels, terminal endpoints, and directory numbers.
Layer Two Tunneling Protocol (L2TP) is an emerging Internet Engineering Task Force (IETF) standard that combines the best features of two existing tunneling protocols: Cisco Layer Two Forwarding (L2F) and Microsoft Point-to-Point Tunneling Protocol (PPTP). L2TP is an extension to the Point-to-Point Protocol (PPP), which is an important component for Access Virtual Private Networks (VPNs). Access VPNs allow mobile users to connect to their corporate intranets or extranets, thus improving flexibility and reducing costs.
Traditional dial-up networking services only supported registered IP addresses, which limited the types of applications that could be implemented over Virtual Private Networks (VPNs). L2TP supports multiple protocols and unregistered and privately administered IP addresses over the Internet. This allows the existing access infrastructure, such as the Internet, modems, access servers, and ISDN terminal adapters (TAs), to be used.
L2TP can be initiated wherever PPTP or L2F is currently deployed and can be operated as a client initiated tunnel, such as PPTP, or a network access server (NAS)-initiated tunnel, such as L2F.
Mobile IP provides users the freedom to roam beyond their home subnet while consistently maintaining their home IP address. This enables transparent routing of IP datagrams to mobile users during their movement, so that data sessions can be initiated to them while they roam; it also enables sessions to be maintained in spite of physical movement between points of attachment to the Internet or other networks. Cisco's implementation of Mobile IP is fully compliant with the Internet Engineering Task Force (IETF) proposed standard defined in Request for Comments (RFC) 2002.
The former OSPF implementation for sending update packets needed to be more efficient. Some update packets were getting lost in cases where the link was slow, a neighbor could not receive the updates fast enough, or the router was out of buffer space. For example, packets might be dropped if either of these topologies existed:
OSPF update packets are now automatically paced by a delay of 33 milliseconds. Pacing is also added between retransmissions to increase efficiency and minimize lost retransmissions.
OSPF update and retransmission packets are sent more efficiently. Also, you can display the LSAs waiting to be sent out an interface.
Triggered extensions to IP Routing Information Protocol (RIP) increase the efficiency of RIP on point-to-point, serial interfaces.
Routers are used on connection-oriented networks to allow potential connectivity to many remote destinations. Circuits on the WAN are established on demand and are relinquished when the traffic subsides. Depending on the application, the connection between any two sites for user data could be short and relatively infrequent.
There were two problems using RIP to connect to a WAN:
To overcome these limitations, triggered extensions to RIP cause RIP to send information on the WAN only when there has been an update to the routing database. Periodic update packets are suppressed over the interface on which this feature is enabled.
It is now possible to implement access lists based on the time of day. To do so, you create a time range that defines specific times of the day and week. The time range is identified by a name, and then referenced by a function, so that those time restrictions are imposed on the function itself.
Currently, IP and IPX extended access lists are the only functions that can use time ranges. The time range allows the network administrator to define when the permit or deny statements in the access list are in effect. Prior to this feature, access list statements were always in effect once they were applied. Both named or numbered access lists can reference a time range.
The following new hardware features are supported by the Cisco 7000 family of routers in Cisco IOS Release 12.0(1)T.
The Gigabit Ethernet Interface Processor (GEIP) is a single-port fixed configuration interface processor that, when combined with the appropriate optical fiber cable, provides one 1000-Mbps Gigabit Ethernet interface that complies with IEEE 802.3z specifications. The Gigabit Ethernet interface operates in full-duplex mode at 1000 Mbps for transmit (TX) and receive (RX) directions.
The GEIP is available on all Cisco 7500 series routers and Cisco 7000 series routers with the 7000 Series Route Switch Processor (RSP7000) and 7000 Series Chassis Interface (RSP7000CI).
The maximum Ethernet frame size is 1518 bytes, but GEIP supports MTU size up to 4470 bytes in full-duplex mode for point-to-point links. The mtu interface command (maximum transmission unit) is supported to allow you to specify an MTU size up to 4470 bytes.
The following sections contain important notes about Cisco IOS Release 12.0 T and can apply to the Cisco 7000 series routers.
Cisco IOS Release 12.0(7)T boot images for Cisco 7200 series routers have been deferred due to the following caveat:
CSCdm85656—Reduce size of boothelper image c7200-boot-mz
Cisco IOS Release 12.0(7)T for the 7200 boot images (c7200-boot-mz-*) have outgrown the FLASH SIMM used to store the boot image on the Input/Output Controllers used in the Cisco 7200 series routers. Although the present released images are below 4MB, the available space after formatting the 4MB FLASH SIMM is 3.25MB. Cisco utilizes the FLASH SIMM to not only store the boot image but also to store crashinfo files. After providing 300KB for up to two crashinfo files, only 2.96MB is available for the boot image. Using an oversized boot image would not allow space for crashinfo files into the FLASH SIMM. In some cases, the boot image itself may not fit in the FLASH SIMM.
Cisco IOS Release 12.0(7)T has been replaced with Cisco IOS Release 12.0(12)S which is available on CCO.
For more information about this deferral refer to the Field Notice located at the following URL:
http://www.cisco.com/warp/customer/770/fn7771.shtml
or on CCO at:
Service & Support: Technical Assistance Center: Documents: Field Notices
Although previous documentation suggested that the PA-VXC-2TEI port adapter on Cisco IOS Release 12.0(7)T, the PA-VXC-2TE1 port adapter is no longer supported on Cisco IOS Release 12.0(7)T. The PA-VXC port adapter experienced the following caveat:
The PA-VXC-2TE1 will not be supported on Cisco IOS Release 12.0 T.
The last maintenance release of the Cisco IOS Release 12.0T train is Release 12.0(7)T. The migration path for customers needing bug fixes for Release 12.0T features is the Release 12.1 mainline train. The Release 12.1 mainline train has the complete feature content of 12.0T and will eventually reach General Deployment (GD).
The last maintenance release was renamed from 12.0(6)T to 12.0(7)T to reflect that Release 12.0(7)T has all the bug fixes from the Release 12.0(7) mainline. 12.0T is a superset of the 12.0 mainline; hence any defect fixed in the Release 12.0 mainline train is also fixed in the Release 12.0T train. The set of features for Release 12.0(6)T is the same as that for Release 12.0(7)T. There was no change in the feature content of the release. The release was renamed so that the releases would be consistent with Cisco's release process.
Certain software images for Cisco IOS Release 12.0(5)T might be deferred, including images for Cisco 7200 and 7500 platforms. For information on possible 12.0 T deferrals, login to CCO and refer to the What's Hot for Cisco IOS Release 12.0 document. To locate What's Hot for Cisco IOS Release 12.0 on CCO, click the following path:
Service and Support: Software Center: Cisco IOS Software: Cisco IOS 12.0: What's Hot for Cisco IOS Software Release 12.0
Certain versions of Cisco IOS software can fail when they receive invalid User Datagram Protocol (UDP) packets sent to their syslog ports (port 514). At least one commonly used Internet scanning tool generates packets that cause such problems. This fact has been published on public Internet mailing lists, which are widely read both by security professionals and by security crackers. This information should be considered in the public domain.
Attackers can cause Cisco IOS devices to repeatedly fail and reload, resulting in a completely disabled Cisco IOS device that needs to be reconfigured by its administrator. Some Cisco IOS devices can hang instead of failing when attacked. These devices do not recover until they are manually restarted by reset or power cycling. An administrator must visit the device to restart it, even if the attacker is no longer actively sending any traffic. Some devices have failed without providing stack traces; some devices indicate that they were "restarted by power-on," even when that was not the case.
Assume that any potential attacker knows the existence of this problem and the ways to exploit it. An attacker can use tools available to the public on the Internet and does not need to write any software to exploit the vulnerability. Minimal skill is required, and no special equipment is required.
Despite Cisco specifically inviting such reports, Cisco has received no actual reports of malicious exploitation of this problem.
This vulnerability notice was posted on Cisco's World Wide Web site:
http://www.cisco.com/warp/public/770/iossyslog-pub.shtml
This information was also sent to the following e-mail and USENET news recipients:
Table 11 describes hardware and software that are affected by this problem. Affected versions include Releases 11.3 AA, 11.3 DB, and all 12.0 versions (including 12.0 mainline, 12.0 S, 12.0 T, and any other regular released version whose number starts with 12.0), up to the repaired releases listed in Table 11. Cisco is correcting the problem in certain special releases, will correct it in future maintenance and interim releases, and intends to provide fixes for all affected IOS variants. See Table 11, Affected and Repaired Software Releases for details.
No particular configuration is needed to make a Cisco IOS device vulnerable. It is possible to filter out attack traffic by using access lists. See the "Workarounds" section for techniques. However, except at Internet firewalls, the appropriate filters are not common in customer configurations. Carefully evaluate your configuration before assuming that any filtering you have protects you against this attack.
The most commonly used or asked-about products are listed below. If you are unsure whether your device is running Cisco IOS software, log in to the device and enter the show version command. Cisco IOS software will identify itself simply as "IOS" or "Internetwork Operating System Software." Other Cisco devices do not have the show version command and identify themselves differently in their output. The most common Cisco devices that run Cisco IOS software include the following:
Affected software versions, which are relatively new, are not necessarily available on every device listed above. If you are not running Cisco IOS software, you are not affected by this problem.
The following Cisco devices are not affected:
This vulnerability has been assigned Cisco bug ID CSCdk77426.
Cisco offers free software updates to correct this vulnerability for all affected customers—regardless of their contract status. However, because this vulnerability information has been disseminated by third parties, Cisco has released this notice before updates are available for all software versions. Table 11 gives Cisco's projected fix dates.
Make sure that your hardware has adequate RAM to support the new software before installing it. The amount of RAM is seldom a problem when you upgrade within a major release, for example, from 11.2[11]P to 11.2[17]P, but it is often a factor when you upgrade between major releases, for example, from 11.2 P to 11.3 T.
Because fixes will be available for all affected releases, this vulnerability will rarely, if ever, require you to upgrade to a new major release. Cisco recommends that you carefully plan for any upgrade between major releases. Make certain no known bugs will prevent the new software from working properly in your environment.
Further upgrade planning assistance is available on Cisco's World Wide Web site at:
If you have service contracts, you can obtain new software through your regular update channels (generally through Cisco's World Wide Web site). You can upgrade to any software release, but you must remain within the boundaries of the feature sets you have purchased.
If you do not have service contracts, you can upgrade to only obtain the bug fixes; free upgrades are restricted to the minimum upgrade required to resolve the defects. You can only upgrade to the software described in one row of Table 11—except when no upgrade within the same row is available in a timely manner.
Obtain updates by contacting one of the following Cisco Technical Assistance Centers (TACs):
Give the URL of this notice (http://www.cisco.com/warp/public/770/iossyslog-pub.shtml) as evidence for a free update. Customers with no contracts must request free updates through the TAC. For software updates, please do not contact either "psirt@cisco.com" or "security-alert@cisco.com."
You can work around this vulnerability by preventing any affected Cisco IOS device from receiving or processing UDP datagrams addressed to port 514. You can do this by either using packet filtering on surrounding devices, or by using input access list filtering on the affected IOS device itself.
If you use an input access list, apply it to all interfaces to which attackers can send datagrams. Interfaces include not only physical LAN and WAN interfaces but also virtual subinterfaces of those physical interfaces—as well as virtual interfaces and interface templates corresponding to GRE, L2TP, L2F, and other tunneling protocols.
The input access list must block traffic destined for UDP port 514 at any of the Cisco IOS device's own IP addresses—as well as at any broadcast or multicast addresses on which the Cisco IOS device may be listening. Be sure to block both old-style "all-zeros" broadcasts and new-style "all-ones" broadcasts. It is not necessary to block traffic being forwarded to other hosts—only traffic actually addressed to the Cisco IOS device.
No single input access list works in all configurations. Be sure you know the effect of your access list in your specific configuration before activating it.
The following example shows a possible access list for a three-interface router, along with the configuration commands needed to apply the list. The example assumes input filtering is not needed—other than as a workaround for this problem:
! Deny all multicasts, and all unspecified-net broadcasts, to port 514 access-list 101 deny udp any 224.0.0.0 31.255.255.255 eq 514 ! Deny old-style unspecified-net broadcasts access-list 101 deny udp any host 0.0.0.0 eq 514 ! Deny network-specific broadcasts. This example assumes that all of ! the local interfaces are on the class B network 172.16.0.0, subnetted ! everywhere with mask 255.255.255.0. This will differ from network ! to network. Note that we block both new-style and old-style broadcasts. access-list 101 deny udp any 172.16.0.255 0.0.255.0 eq 514 access-list 101 deny udp any 172.16.0.0 0.0.255.0 eq 514 ! Deny packets sent to the addresses of our own network interfaces. access-list 101 deny udp any host 172.16.1.1 eq 514 access-list 101 deny udp any host 172.16.2.1 eq 514 access-list 101 deny udp any host 172.16.3.3 eq 514 ! Permit all other traffic (default would be to deny) access-list 101 permit ip any any ! Apply the access list to the input side of each interface interface ethernet 0 ip address 172.16.1.1 255.255.255.0 ip access-group 101 in interface ethernet 2 ip address 172.16.2.1 255.255.255.0 ip access-group 101 in interface ethernet 3 ip address 172.16.3.3 255.255.255.0 ip access-group 101 in
Listing all possible addresses—especially all possible broadcast addresses—to which attack packets can be sent is complicated. If you do not need to forward any legitimate syslog traffic received on an interface, you can block all syslog traffic arriving on that interface. Remember that blocking will affect traffic routed through the Cisco IOS device—as well as traffic destined to the device. If the IOS device is expected to forward syslog packets, you will have to filter in detail. Because input access lists impact system performance, install them with caution—especially on systems running very near their capacity.
Many Cisco software images have been or will be specially reissued to correct this vulnerability. For example, regular released Cisco IOS version 12.0(2) is vulnerable, as are interim versions 12.0(2.1) to 12.0(2.3). The first fixed interim version of Release12.0 mainline software is Release12.0(2.4). However, a special release, 12.0(2a), contains only the fix for this vulnerability and does not include any other bug fixes from later 12.0 interim releases.
If you are running Release 12.0(2) and want to fix this problem without risking possible instability presented by installing the 12.0(2.4) interim release, you can upgrade to Release 12.0(2a). Release 12.0(2a) is a "code branch" from the Release 12.0(2) base, which will merge back into the Release 12.0 mainline at Release 12.0(2.4).
Special releases, like 12.0(2a), are one-time spot fixes, and they will not be maintained. Thus, the upgrade path from Release 12.0(2a) is to Release 12.0(3).
| Cisco IOS Major Release | Description | Special Fix1 | First Fixed Interim Release2 | Fixed Maintenance Release3 |
|---|---|---|---|---|
| Unaffected Releases | ||||
11.2 and earlier—all variants | Unaffected early releases (no syslog server) | Unaffected | Unaffected | Unaffected |
11.3, 11.3T, 11.3DA, 11.3MA, 11.3NA, 11.3WA, 11.3(2)XA | 11.3 releases without syslog servers | Unaffected | Unaffected | Unaffected |
| Releases based on 11.3 |
|
|
|
|
11.3AA | 11.3 early deployment for AS58xx | 11.3(7)AA2, 8-JAN-19994 | 11.3(7.2)AA | 11.3(8)AA, 15-FEB-1999 |
11.3DB | 11.3 for Cisco NRP routing blade in Cisco 6400 xDSL DSLAM |
|
| 11.3(7)DB2, 18-JAN-1999 |
| Releases based on 12.0 | ||||
12.0 | 12.0 Mainline | 12.0(2a), 8-JAN-1999 | 12.0(2.4) | 12.0(3), 1-FEB-1999 |
12.0T | 12.0 new technology early deployment | 12.0(2a)T1, 11-JAN-1999 | 12.0(2.4)T | 12.0(3)T, 15-FEB-1999 |
12.0S | ISP support; 7200, RSP, GSR |
| 12.0(2.3)S, 27-DEC-1998 | 12.0(2)S5, 18-JAN-1999 |
12.0DB | 12.0 for Cisco 6400 universal access concentrator node switch processor (lab use) |
|
| 12.0(2)DB, 18-JAN-1999 |
12.0(1)W | 12.0 for Catalyst 8500 and LS1010 | 12.0(1)W5(5a) and 12.0(1a)W5(5b) (LS1010 platform only) | 12.0(1)W5(5.15) | 12.0(1)W5(6) (platform support for Catalyst 8540M will be in 12.0(1)W5(7)) |
12.0(0.6)W5 | One-time early deployment for CH-OC12 module in Catalyst 8500 series switches. | Unaffected; one-time release | Unaffected | Unaffected; general upgrade path is via 12.0(1)W5 releases. |
12.0(1)XA3 | Short-life release; merged to 12/0T at 12.0(2)T | Obsolete | Merged | Upgrade to 12.0(2a)T1 and/or to 12.0(3)T. |
12.0(1)XB | Short-life release for Cisco 800 series; merged to 12.0T and 12.0 (3)T | 12.0(1)XB1 | Merged | Upgrade to 12.0(3)T. |
12.0(2)XC | Short-life release for new features in Cisco 2600, Cisco 3600, ubr7200, ubr900 series; merged to 12.0T at 12.0(3)T. | 12.0(2)XC1, 7-JAN-1999 | Merged | Upgrade to 12.0(3)T |
12.0(2)XD | Short-life release for ISDN voice features; merged to 12.0T at 12.0(3)T. | 12.0(2)XD1, 18-JAN-1999 | Merged | Upgrade to 12.0(3)T |
12.0(1)XE | Short-life release | 12.0(2)XE, 18-JAN-1999 | Merged | Upgrade to 12.0(3)T |
Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.
For information on caveats in Cisco IOS Release 12.0 T, see Caveats for Cisco IOS Release 12.0 T.
All caveats in Release 12.0 are also in Release 12.0 T.
For information on caveats in Cisco IOS Release 12.0, see Caveats for Cisco IOS Release 12.0 , which lists severity 1 and 2 caveats, and is located on CCO and the Documentation CD-ROM.
The following sections describe the documentation available for the Cisco 7000 family of routers. These documents consist of hardware and software installation guides, Cisco IOS configuration and command references, system error messages, feature modules, and other documents.
Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online on CCO and the Documentation CD-ROM.
Use these release notes with these documents:
The following documents are specific to Release 12.0 and are located on CCO and the Documentation CD-ROM:
These documents are available for the Cisco 7000 family on CCO and the Documentation CD-ROM:
On CCO at:
Service & Support: Technical Documents: Documentation Home Page: Core/High-End Routers
On the Documentation CD-ROM at:
Cisco Product Documentation: Core/High-End Routers
Feature modules describe new features supported by Release 12.0 T and are an update to the Cisco IOS documentation set. Feature modules consist of a brief overview of the feature, benefits, configuration tasks, and a command reference. As updates, the features modules are available online only. The feature module information is included in the next printing of the Cisco IOS documentation set.
On CCO at:
Service and Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: New Feature Documentation: New Features in Release 12.0 T
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Cisco IOS 12.0T New Features: New Feature Documentation: New Features in Release 12.0 T
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents, which are shipped with your order in electronic form on the Documentation CD-ROM—unless you specifically ordered the printed versions.
Each module in the Cisco IOS documentation set consists of two books: a configuration guide and a corresponding command reference. Chapters in a configuration guide describe protocols, configuration tasks, Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference.
On CCO and the Documentation CD-ROM, two master hot-linked documents provide information for the Cisco IOS software documentation set.
On CCO at:
Service & Support: Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Configuration Guides and Command References
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Configuration Guides and Command References
Table 12 describes the contents of the Cisco IOS Release 12.0 software documentation set, which is available in electronic form and in printed form upon request.
On CCO at:
Service & Support: Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0
| Books | Chapter Topics |
|---|---|
| Configuration Fundamentals Overview |
| Transparent Bridging |
| X.25 over ISDN |
| Interface Configuration Overview |
| IP Overview |
| AppleTalk |
| Network Protocols Overview |
| AAA Security Services |
| Switching Services |
| Wide-Area Network Overview |
| Voice over IP |
| Policy-Based Routing |
|
|
For service and support for a product purchased from a reseller, contact the reseller, who offers a wide variety of Cisco service and support programs described in the "Service and Support" section of the Cisco Information Packet shipped with your product.
For service and support for a product purchased directly from Cisco, use CCO.
If you have a CCO login account, you can access the following URL, which contains links and helpful tips on configuring your Cisco products:
http://www.cisco.com/kobayashi/serv_tips.shtml
This URL is subject to change without notice. If it changes, point your Web browser to CCO and click on this path: Products & Technologies: Products: Technical Tips.
The following sections are provided from the Technical Tips page:
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can reach CCO in the following ways:
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.
Posted: Fri Sep 1 15:02:04 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.