Полезная информация

cc/td/doc/product/software/ios120/relnote
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Release Notes for Cisco 3600 Series for
Cisco  IOS Release 12.0

Release Notes for Cisco 3600 Series for
Cisco  IOS Release 12.0

February 8, 1999

These release notes describe new features and significant software components for the Cisco 3600 series routers that support Cisco  IOS Release  12.0, up to and including Release 12.0(3). Cisco IOS Release 12.0(3) is based on Cisco  IOS Release  12.0.

These release notes are updated as needed to accommodate:

For a list of software caveats that apply to Release 12.0(3), refer to the document Caveats for Cisco IOS Release 12.0   that accompanies these release notes. The caveats document is updated for every maintenance release. The caveats document is also located on Cisco Connection Online (CCO)  and the Documentation CD-ROM. For more information about software caveats, refer to the "Caveats" section of this document.

Use these release notes in conjunction with the cross-platform document Release Notes for Cisco IOS Release 12.0  located on Cisco Connection Online (CCO)  and the Documentation CD-ROM.

Contents

These release notes discuss the following topics:

Introduction

The Cisco 3600 series includes the Cisco  3620 and Cisco  3640 routers. As modular solutions, the Cisco  3620 and Cisco 3640 enable corporations to increase dial-up intensity and take advantage of current and emerging WAN technologies and networking capabilities. The Cisco 3600 series routers are fully supported by Cisco IOS software, which includes dial-up connectivity, LAN-to-LAN routing, data and access security, WAN optimization, and multimedia features.

System Requirements

This section describes the system requirements for Release 12.0 and includes the following sections:

Memory Requirements

Table 1 describes the memory requirements for the Cisco  3600 series routers for Release 12.0.


Table 1: Memory Requirements for the Cisco  3600 Series
Feature Set by Platform Image Name Required Flash Memory Required DRAM Memory Runs from
Cisco 3620

IP

c3620-i-mz

4 MB Flash

24 MB DRAM

RAM

IP Plus

c3620-is-mz

8 MB Flash

32 MB DRAM

RAM

IP Plus 40

c3620-is40-mz

8 MB Flash

32 MB DRAM

RAM

IP Plus IPSec 56

c3620-is56i-mz

8 MB Flash

32 MB DRAM

RAM

IP/IPX/AT/DEC

c3620-d-mz

8 MB Flash

24 MB DRAM

RAM

IP/IPX/AT/DEC Plus

c3620-ds-mz

8 MB Flash

32 MB DRAM

RAM

Enterprise Plus

c3620-js-mz

8 MB Flash

48 MB DRAM

RAM

Enterprise Plus 40

c3620-js40-mz

8 MB Flash

48 MB DRAM

RAM

Enterprise Plus IPSec 56

c3620-js56i-mz

8 MB Flash

48 MB DRAM

RAM

Enterprise/APPN Plus

c3620-ajs-mz

16 MB Flash

48 MB DRAM

RAM

Enterprise/APPN Plus 40

c3620-ajs40-mz

16 MB Flash

48 MB DRAM

RAM

Enterprise/APPN Plus IPSec 56

c3620-ajs56i-mz

16 MB Flash

48 MB DRAM

RAM

Cisco  3640

IP

c3640-i-mz

4 MB Flash

32 MB DRAM

RAM

IP Plus

c3640-is-mz

8 MB Flash

32 MB DRAM

RAM

IP Plus 40

c3640-is40-mz

8 MB Flash

32 MB DRAM

RAM

IP Plus IPSec 56

c3640-is56i-mz

8 MB Flash

32 MB DRAM

RAM

IP/System Controller

c3640-c2is-mz

16 MB Flash

32 MB DRAM

RAM

IP/IPX/AT/DEC

c3640-d-mz

8 MB Flash

24 MB DRAM

RAM

IP/IPX/AT/DEC Plus

c3640-ds-mz

8 MB Flash

32 MB DRAM

RAM

Enterprise Plus

c3640-js-mz

8 MB Flash

48 MB DRAM

RAM

Enterprise Plus 40

c3640-js40-mz

8 MB Flash

48 MB DRAM

RAM

Enterprise Plus IPSec 56

c3640-js56i-mz

8 MB Flash

48 MB DRAM

RAM

Enterprise/APPN Plus

c3640-ajs-mz

16 MB Flash

48 MB DRAM

RAM

Enterprise/APPN Plus 40

c3640-ajs40-mz

16 MB Flash

48 MB DRAM

RAM

Enterprise/APPN Plus IPSec 56

c3640-ajs56i-mz

16 MB Flash

48 MB DRAM

RAM

Hardware Supported

Cisco IOS Release 12.0 supports the Cisco 3600 series routers:

For detailed descriptions of the new hardware features for Release 12.0, refer to the cross-platform Release Notes for Cisco IOS Release 12.0 .  


Table 2: Supported Interfaces on the Cisco 3600 Series
Interface, Network Module, or Data Rate Platforms Supported
Dial Access Network Modules

16- and 32-port Asynchronous network module

All Cisco 3600 series platforms

6- to 30-port Integrated Digital Modems network module

All Cisco 3600 series platforms

8- or 16-port Integrated Analog network module

All Cisco 3600 series platforms

LAN Interfaces

1- and 4-port Ethernet (AUI and 10BaseT)

All Cisco 3600 series platforms

4/16 Mbps Token Ring

All Cisco 3600 series platforms

Fast Ethernet (100BaseTX and 100BaseFX)

All Cisco 3600 series platforms

Mixed Media Network Modules

Single port 10/100BaseTX with 1-port Channelized/PRI E1 balanced mode

All Cisco 3600 series platforms

Single port 10/100BaseTX with 1-port Channelized/PRI E1 unbalanced mode

All Cisco 3600 series platforms

Single port 10/100BaseTX with 1-port Channelized/PRI T1

All Cisco 3600 series platforms

Single port 10/100BaseTX with 1-port Channelized/PRI T1 with CSU

All Cisco 3600 series platforms

Single port 10/100BaseTX with 2-port Channelized/PRI E1 balanced mode

All Cisco 3600 series platforms

Single port 10/100BaseTX with 2-port Channelized/PRI E1 unbalanced mode

All Cisco 3600 series platforms

Single port 10/100BaseTX with 2-port Channelized/PRI T1

All Cisco 3600 series platforms

Single port 10/100BaseTX with 2-port Channelized/PRI T1 with CSU

All Cisco 3600 series platforms

Voice/Fax Interfaces and Network Modules1

1- and 2-port Voice/Fax network module

All Cisco 3600 series platforms with Voice/Fax network module

2-port E&M Voice interface card

All Cisco 3600 series platforms

2-port FXO Voice interface card

All Cisco 3600 series platforms with Voice/Fax network module

2-port FXS Voice interface card

All Cisco 3600 series platforms with Voice/Fax network module

WAN Data Rates

48/56/64 kbps

All Cisco 3600 series platforms

1.544/2.048 Mbps

All Cisco 3600 series platforms

Up to 8 Mbps on 4-port Serial network module

All Cisco 3600 series platforms

52 Mbps max using High Speed Serial Interface (HSSI) network module

All Cisco 3600 series platforms

WAN Interfaces and Network Modules2

1- and 2-port Channelized T1 and E1 network module

All Cisco 3600 series platforms

1-port ATM-25 network modules for the Cisco 3600 series

All Cisco 3600 series platforms

1-port BRI with NT or S/T WAN interface card

All Cisco 3600 series platforms

1-Port High Speed Serial Interface network module (HSSI)

All Cisco 3600 series platforms

4- and 8-port BRI network module with NT1

All Cisco 3600 series platforms

4- and 8-port BRI network module with S/T interface

All Cisco 3600 series platforms

4- and 8-port Synchronous/Asynchronous

All Cisco 3600 series platforms

4-port Serial

All Cisco 3600 series platforms

56/64 kbps DSU/CSU

All Cisco 3600 series platforms

T1 WAN interface card for Cisco 3600, Cisco 2600, and Cisco 1600 series

All Cisco 3600 series platforms

T1 with Integrated DSU/CSU for the Cisco  3600, Cisco 2600, and Cisco 1600 series

All Cisco 3600 series platforms

1The Voice/Fax network modules require Cisco IOS Plus feature sets.
2The ATM-25 network modules require Cisco IOS Plus feature sets.

Determining Your Cisco  IOS Software Release

To determine the version of Cisco IOS software currently running on a Cisco  3600 series router, log into the router and use the show version EXEC command. The following is sample output from the show version command. The version number is indicated on the second line as shown below:

Cisco Internetwork Operating System Software
IOS (tm) 3620 Software (C3620-JS-MZ), Version 12.0(3), RELEASE SOFTWARE
 

Additional command output lines include more information, such as processor revision numbers, memory amounts, hardware IDs, and partition information.

Updating to a New Software Release

For general information about upgrading to a new software release, refer to the Cisco IOS Software Release 11.3 Upgrade Paths and Packaging Simplification (#703: 12/97) product bulletin located on CCO.

From the CCO home page, click on this path:

Service & Support: Product Bulletins: Software: Cisco  IOS 11.3: Cisco IOS Software Release 11.3 Upgrade Paths (#703: 12/97).

This product bulletin does not contain information specific to Cisco IOS Release 12.0 but provides generic upgrade information that may apply to Cisco IOS Release 12.0.


Note If you have an account on CCO, you can access the Cisco IOS Software Release 12.0 Upgrade Paths and Packaging Simplification product bulletin at the following URL: http://www.cisco.com/kobayashi/library/12.0/120MigrPaths.pdf

Feature Set Tables

Cisco IOS software is packaged in feature sets (also called software images) depending on the platform. Each feature set contains a specific set of Cisco IOS features. This section lists the feature set matrix and the features supported by each feature set.

Table 3 lists the Cisco IOS software feature sets available for the Cisco  3600 series in Release  12.0.


Table 3: Feature Sets Supported by the Cisco  3600 Series
Feature Set Feature Set Matrix Term Software Image Platforms

IP Standard
Feature Sets

IP

Basic1

c3620-i-mz c3640-i-mz

Cisco  3620 Cisco  3640

IP Plus

Plus2

c3620-is-mz c3640-is-mz

Cisco  3620 Cisco  3640

IP Plus 40

Plus, Plus  403

c3620-is40-mz c3640-is40-mz

Cisco  3620 Cisco  3640

IP Plus IPSec 56

Plus, IPSec  564

c3620-is56i-mz c3640-is56i-mz

Cisco  3620 Cisco  3640

IP/System Controller

Basic

c3640-c2is-mz

Cisco  3640

IP/IPX/AppleTalk/
DEC
Standard
Feature Sets

IP/IPX/AppleTalk/
DEC

Basic

c3620-d-mz
c3640-d-mz

Cisco  3620 Cisco  3640

IP/IPX/AppleTalk/
DEC Plus

Basic, Plus

c3620-ds-mz
c3640-ds-mz

Cisco  3620 Cisco  3640

Enterprise Standard
Feature Sets

Enterprise Plus

Plus

c3620-js-mz c3640-js-mz

Cisco  3620 Cisco  3640

Enterprise Plus 40

Plus, Plus  40

c3620-js40-mz c3640-js40-mz

Cisco  3620 Cisco  3640

Enterprise Plus IPSec 56

Plus, IPSec  56

c3620-js56i-mz c3640-js56i-mz

Cisco  3620 Cisco  3640

Enterprise/APPN
Standard
Feature Set

Enterprise/APPN Plus

Plus

c3620-ajs-mz c3640-ajs-mz

Cisco  3620 Cisco  3640

Enterprise/APPN Plus 40

Plus, Plus  40

c3620-ajs40-mz c3640-ajs40-mz

Cisco  3620 Cisco  3640

Enterprise/APPN Plus IPSec 56

Plus, IPSec  56

c3620-ajs56i-mz c3640-ajs56i-mz

Cisco  3620 Cisco  3640

1This feature set is offered in the basic feature set.
2This feature set is offered in the Plus feature set.
3This feature set is offered in the encryption feature sets which consist of 40-bit (Plus 40) data encryption feature sets.
4This feature set is offered in the encryption feature sets which consist of IPSec 56-bit (Plus IPSec 56) data encryption feature sets.

Caution
Cisco IOS images with strong encryption (including, but not limited to, 56-bit data encryption feature sets) are subject to U.S. government export controls, and have a limited distribution. Images to be installed outside the U.S. require an export license. Customer orders might be denied or subject to delay due to U.S. government regulations. Contact your sales representative or distributor for more information, or send e-mail to export@cisco.com.

Table 4, Table 5, and Table 6 list the features and feature sets supported by the Cisco  3600 series in Cisco IOS Release  12.0. All tables use the following conventions to identify features:

To determine the features that are available with each feature set for the entire Cisco  3000 series, see Table 4. To determine the additional features that are available with each feature set for the Cisco  3640 only, see Table 5 and Table 6.


Note These feature set tables contain only selected lists of features. These tables are not cumulative or complete lists of all the features in each image.


Table 4: Feature List by Feature Set for the Cisco 3600 Series
Feature Set
Features IP IP Plus IP Plus 40 IP Plus IPSec 56 IP/IPX/AT/
DEC
IP/IPX/AT/
DEC Plus
Enter-prise Plus Enter-prise Plus 40 Enter-prise Plus IPSec 56 Enter-prise/APPN Plus Enter-prise/APPN Plus 40 Enter-prise/APPN Plus IPSec
56
IBM Support
Bridging Code Rework

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

RIF Passthru in DLSw+

No

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IP Routing
IP Type of Service and Precedence for GRE Tunnels (GRE VPN)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

OSPF Point to Multipoint

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Management
Cisco IOS File System

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Entity MIB

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Expression MIB

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Conditionally Triggered Debugging

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SNMP Inform Request

No

No

No

No

No

No

Yes

Yes

Yes

Yes

Yes

Yes

SNMP Manager

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Multimedia
Protocol-Independent Multicasts (PIM) Version 2

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Scalability
Airline Products Set (ALPS)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Security
Additional Vendor-Proprietary RADIUS Attributes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Authenticating ACLs

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Automated Double Authentication

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Certificate Authority Interoperability

No

No

No

Yes

No

No

No

No

Yes

No

No

Yes

Internet Key Exchange Security Protocol

No

No

Yes

Yes

No

No

No

Yes

Yes

No

Yes

Yes

IPSec Network Security

No

No

No

Yes

No

No

No

No

Yes

No

No

Yes

MS-CHAP Support

No

No

No

No

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Named Method Lists for AAA Authentication & Accounting

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Subblock Phase 1

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Switching
Enhanced ATM VC Configuration and Management

No

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

WAN Optimization
DRP Server Agent

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

WAN Services
Always On/Dynamic ISDN (AO/DI)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Dialer Watch

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Microsoft Point-to-Point Compression (MPPC)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

MS Callback

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

X.25 over ISDN D  Channel

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Multiple ISDN Switch Types

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

National ISDN Switch Types

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Stackable Home Gateway

No

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes


Table 5: Feature List by Feature Set for the Cisco 3640 Series Routers only---Part 1 of 2
Feature Set
Features IP IP
Plus
IP
Plus
40
IP
Plus
IPSec
56
IP/
IPX/
AT/
DEC
IP/
IPX/
AT/
DEC
Plus
IP/
System Controller
IP Routing
IP Type of Service and Precedence for GRE Tunnels (GRE VPN)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

OSPF Point to Multipoint

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Management
Cisco IOS File System

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Disk Logging

No

No

No

No

No

No

Yes

Entity MIB

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Expression MIB

Yes

Yes

Yes

Yes

Yes

Yes

Yes

FTP Server

No

No

No

No

No

No

Yes

Health Monitor

No

No

No

No

No

No

Yes

Performance Data Collection

No

No

No

No

No

No

Yes

Conditionally Triggered Debugging

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Shelf Discovery/
Autoconfiguration

No

No

No

No

No

No

Yes

SNMP Manager

Yes

Yes

Yes

Yes

Yes

Yes

Yes

System Controller/
5300

No

No

No

No

No

No

Yes

Virtual Console

No

No

No

No

No

No

Yes

VPDN MIB and Syslog Facility

Yes

Yes

Yes

Yes

Yes

Yes

Yes


Table 6: Feature List by Feature Set for the Cisco 3640 Series Routers only---Part 2 of 2
Feature Set
Features Enter-
prise
Plus
Enter-
prise
Plus
40
Enter-
prise
Plus
IPSec
56
Enter-
prise/
APPN
Plus
Enter-
prise/
APPN
Plus
40
Enter-
prise/
APPN
Plus
IPSec
56
IP Routing
IP Type of Service and Precedence for GRE Tunnels (GRE VPN)

Yes

Yes

Yes

Yes

Yes

Yes

OSPF Point to Multipoint

Yes

Yes

Yes

Yes

Yes

Yes

Management
Cisco IOS File System

Yes

Yes

Yes

Yes

Yes

Yes

Disk Logging

No

No

No

Yes

No

No

Entity MIB

Yes

Yes

Yes

Yes

Yes

Yes

Expression MIB

Yes

Yes

Yes

Yes

Yes

Yes

FTP Server

No

No

No

Yes

No

No

Health Monitor

No

No

No

Yes

No

No

Performance Data Collection

No

No

No

Yes

No

No

Conditionally Triggered Debugging

Yes

Yes

Yes

Yes

Yes

Yes

Shelf Discovery/
Autoconfiguration

No

No

No

Yes

No

No

SNMP Manager

Yes

Yes

Yes

Yes

Yes

Yes

System Controller/
5300

No

No

No

Yes

No

No

Virtual Console

No

No

No

Yes

No

No

New and Changed Information

This section lists some of the features available for the Cisco 3600 in Cisco IOS Release 12.0 software. For more information about these features, refer to the cross-platform Release Notes for Cisco IOS Release 12.0   located on Cisco Connection Online (CCO) and the Documentation CD-ROM.

Important Notes

This section contains important information about use of your Cisco IOS Release 12.0 software.

Cisco IOS Syslog Failure

Certain versions of Cisco IOS software can fail or hang when they receive invalid User Datagram Protocol (UDP) packets sent to their syslog ports (port 514). At least one commonly-used Internet scanning tool generates packets that can cause such problems. This fact has been published on public Internet mailing lists, which are widely read both by security professionals and by security crackers. This information should be considered in the public domain.

Attackers can cause Cisco IOS devices to repeatedly fail and reload, resulting in a completely disabled Cisco IOS device that will need to be reconfigured by its administrator. Some Cisco IOS devices have been observed to hang instead of failing when attacked. These devices do not recover until they are manually restarted by reset or power cycling. An administrator must personally visit an attacked, hung device to restart it, even if the attacker is no longer actively sending any traffic. Some devices have failed without providing stack traces; some devices might indicate that they were "restarted by power-on," even when that is not the case.

Assume that any potential attacker is likely to know about this problem and the ways to exploit it. An attacker can use tools available to the public on the Internet. An attacker does not need to write any software to exploit the problem. Minimal skills and no special equipment are required.

Despite Cisco specifically inviting such reports, Cisco has received no actual reports of malicious exploitation of this problem.

This vulnerability notice was posted on Cisco's World Wide Web site:

http://www.cisco.com/warp/public/770/iossyslog-pub.shtml  
 

This information was also sent to the following e-mail and Usenet news recipients:

Affected Devices and Software Versions

Vulnerable devices and software versions are specified in Table 7. Affected versions include 11.3AA, 11.3DB, and all 12.0 versions (including 12.0 mainline, 12.0 S, 12.0 T, and any other regular releases whose number starts with 12.0), up to the repaired releases listed in Table 7. Cisco is correcting the problem in certain special releases and will correct it in future maintenance and interim releases. See the "Software Versions and Fixes" section for details. Cisco intends to provide fixes for all affected Cisco IOS variants.

No particular configuration is needed to make a Cisco IOS device vulnerable. It is possible to filter out attack traffic by using access lists. See the "Workarounds" section for techniques. However, except at Internet firewalls, the appropriate filters are not common in customer configurations. Carefully evaluate your configuration before assuming that any filtering protects you against this attack.

The most commonly used or asked-about products are listed below. If you are unsure whether your device is running classic Cisco IOS software, log in to the device and issue the show version command. Cisco IOS software will identify itself simply as "IOS" or "Internetwork Operating System Software". Other Cisco devices will not have the show version command, or they will identify themselves differently in their output. The most common Cisco devices that run Cisco IOS software include the following:

Affected software versions, which are relatively new, are not necessarily available on every device listed above. If you are not running Cisco IOS software, you are not affected by this problem.

The following Cisco devices are not affected:

This problem has been assigned Cisco caveat ID CSCdk77426.

Solution

Cisco offers free software updates to correct this problem for all affected customers---regardless of their contract status. However, because this vulnerability information has been disseminated by third parties, Cisco has released this notice before updates are available for all software versions. Table 7 gives Cisco's projected fix dates.

Make sure your hardware had adequate RAM to support the new software before installing it. The amount of RAM is seldom a problem when you upgrade within a major release (say, from 11.2(11)P to 11.2(17)P), but it is often a factor when you upgrade between major releases (say, from 11.2 P to 11.3 T).

Because fixes will be available for all affected releases, this problem will rarely, if ever, require an upgrade to a new major release. Cisco recommends very careful planning for any upgrade between major releases. Make certain no known bugs will prevent the new software from working properly in your environment.

Further upgrade planning assistance is available on Cisco's World Wide Web site at:

http://www.cisco.com  
 

If you have a service contract, you should obtain new software through your regular update channels (generally via Cisco's World Wide Web site). You can upgrade to any software release, but you must remain within the boundaries of the feature sets you have purchased.

If you do not have a service contract, you may upgrade to obtain only the bug fixes; Cisco is not offering upgrades to versions newer than the versions required to resolve the defects. In general, you will be restricted to upgrading to a version represented within a single row of Table 7, However, Cisco will make an exception to this policy when no upgrade within the same row is available in a timely manner. Obtain updates by contacting one of the following Cisco Technical Assistance Centers (TACs):

Give the URL of this notice (http://www.cisco.com/warp/public/770/iossyslog-pub.shtml) as evidence for a free update. Non-contract customers must request free updates through the TAC. Please do not contact either "psirt@cisco.com" or "security-alert@cisco.com" for software updates.

Workarounds

You can work around this problem by preventing any affected Cisco IOS device from receiving or processing UDP datagrams addressed to its port 514. This can be done either using packet filtering on surrounding devices, or by using input access list filtering on the affected Cisco IOS device itself.

If you use an input access list, apply that list to all interfaces to which attackers might be able to send datagrams. Interfaces include---not only physical LAN and WAN interfaces---but virtual subinterfaces of those physical interfaces, as well as virtual interfaces and interface templates corresponding to GRE, L2TP, L2F, and other tunneling protocols.

The input access list must block traffic destined for UDP port 514 at any of the Cisco IOS device's own IP addresses, as well as at any broadcast or multicast addresses on which the Cisco IOS device might be listening. Be sure to block both old-style "all-zeros" broadcasts and new-style "all-ones" broadcasts. It is not necessary to block traffic being forwarded to other hosts; only traffic actually addressed to the Cisco IOS device is of interest.

No single input access list works in all configurations. Know the effect of your access list in your specific configuration before activating it.

The following example shows a possible access list for a three-interface router, along with the configuration commands needed to apply the list. The example assumes input filtering is not needed, other than as a workaround for this problem:

! Deny all multicasts, and all unspecified-net broadcasts, to port 514
access-list 101 deny udp any 224.0.0.0 31.255.255.255 eq 514
! Deny old-style unspecified-net broadcasts
access-list 101 deny udp any host 0.0.0.0 eq 514
! Deny network-specific broadcasts. This example assumes that all of
! the local interfaces are on the class B network 172.16.0.0, subnetted
! everywhere with mask 255.255.255.0. This will differ from network
! to network. Note that we block both new-style and old-style broadcasts.
access-list 101 deny udp any 172.16.0.255 0.0.255.0 eq 514
access-list 101 deny udp any 172.16.0.0   0.0.255.0 eq 514
! Deny packets sent to the addresses of our own network interfaces.
access-list 101 deny udp any host 172.16.1.1 eq 514
access-list 101 deny udp any host 172.16.2.1 eq 514
access-list 101 deny udp any host 172.16.3.3 eq 514
! Permit all other traffic (default would be to deny)
access-list 101 permit ip any any
 
! Apply the access list to the input side of each interface
interface ethernet 0
ip address 172.16.1.1 255.255.255.0
ip access-group 101 in
 
interface ethernet 2
ip address 172.16.2.1 255.255.255.0
ip access-group 101 in
 
interface ethernet 3
ip address 172.16.3.3 255.255.255.0
ip access-group 101 in
 

Listing all possible addresses--- especially all possible broadcast addresses--- to which attack packets can be sent is complicated. If you do not need to forward any legitimate syslog traffic received on an interface, you can block all syslog traffic arriving on that interface. Remember that blocking will affect traffic routed through the Cisco IOS device as well as traffic destined to the device; if the IOS device is expected to forward syslog packets, you will have to do the detailed filtering. Because input access lists impact system performance, install them with caution---especially on systems running very near their capacity.

Software Versions and Fixes

Many Cisco software images have been or will be specially reissued to correct this problem. For example, Release 12.0(2) is vulnerable, as are interim Releases 12.0(2.1) through 12.0(2.3). The first fixed interim version of Release 12.0 mainline software is Release 12.0(2.4). However, a special Release 12.0(2a), contains only the fix for this problem and does not include any other bug fixes from later 12.0 interim releases.

If you are running Release 12.0(2) and want to fix this problem without risking possible instability presented by installing the Release 12.0(2.4) interim release, you can upgrade to Release 12.0(2a). Release 12.0(2a) is a "code branch" from the Release 12.0(2) base, which will merge back into the 12.0 mainline at Release 12.0(2.4).

Special releases, like Release 12.0(2a), are one-time, spot fixes, and they will not be maintained. Thus, the upgrade path from Release 12.0(2a) is to 12.0(3).

Table 7 specifies information about affected and repaired software versions.


Note All dates within this table are subject to change.


Table 7: Affected and Repaired Software Versions
Cisco IOS Major Release Description Special Fix1 First Fixed Interim Release2 Fixed Maintenance Release3
 Unaffected Releases

11.2 and earlier---all variants

Unaffected early releases (no syslog server)

Unaffected

Unaffected

Unaffected

11.3, 11.3T, 11.3DA, 11.3MA, 11.3NA, 11.3WA, 11.3(2)XA

11.3 releases without syslog servers

Unaffected

Unaffected

Unaffected

Releases based on 11.3

11.3AA

11.3 early deployment for Cisco  AS58xx

11.3(7)AA2, 8-JAN-19994

11.3(7.2)AA

11.3(8)AA, 15-FEB-1999

11.3DB

11.3 for Cisco NRP routing blade in Cisco 6400 xDSL DSLAM

11.3(7)DB2, 18-JAN-1999

 Releases based on 12.0

12.0

12.0 Mainline

12.0(2a), 8-JAN-1999

12.0(2.4)

12.0(3), 1-FEB-1999

12.0 T

12.0 new technology early deployment

12.0(2a)T1, 11-JAN-1999

12.0(2.4)T

12.0(3)T, 15-FEB-1999

12.0S

ISP support; Cisco 7200, RSP, GSR

12.0(2.3)S, 27-DEC-1998

12.0(2)S5, 18-JAN-1999

12.0DB

12.0 for Cisco 6400 universal access concentrator node switch processor (lab use)

12.0(2)DB, 18-JAN-1999

12.0(1)W

12.0 for Catalyst 8500 and LS1010

12.0(1)W5(5a) and 12.0(1a)W5(5b) (LS1010 platform only)

12.0(1)W5(5.15)

12.0(1)W5(6) (platform support for Catalyst 8540M will be in 12.0(1)W5(7))

12.0(0.6)W5

One-time early deployment for CH-OC12 module in Catalyst 8500 series switches

Unaffected; one-time release

Unaffected

Unaffected; general upgrade path is via 12.0(1)W5 releases

12.0(1)XA3

Short-life release; merged to 12/0 T at 12.0(2)T

Obsolete

Merged

Upgrade to 12.0(2a)T1 and/or to 12.0(3)T

12.0(1)XB

Short-life release for Cisco 800 series; merged to 12.0 T and 12.0(3)T

12.0(1)XB1

Merged

Upgrade to 12.0(3)T

12.0(2)XC

Short-life release for new features in Cisco 2600, Cisco 3600, ubr7200, ubr900 series; merged to 12.0 T at 12.0(3)T

12.0(2)XC1, 7-JAN-1999

Merged

Upgrade to 12.0(3)T

12.0(2)XD

Short-life release for ISDN voice features; merged to 12.0 T at 12.0(3)T

12.0(2)XD1, 18-JAN-1999

Merged

Upgrade to 12.0(3)T

12.0(1)XE

Short-life release

12.0(2)XE, 18-JAN-1999

Merged

Upgrade to 12.0(3)T

1A special fix is a one-time release that provides the most stable immediate upgrade path.
2Interim releases are tested less rigorously than regular, maintenance releases; interim releases might contain serious bugs.
3Fixed maintenance releases are on a long-term upgrade path. Other long-term upgrade paths also exist.
4All dates in this table are estimates, subject to change.
5This entry is not a misprint. Release12.0(2.3)S is available before Release 12.0(2)S in which the problem is fixed.

Deprecated MIBs

Older Cisco Management Information Bases (MIBs) will be replaced in a future release. OLD-CISCO-* MIBS are currently being migrated into more scalable MIBs, without affecting existing Cisco IOS products or NMS applications. Application developers should update from deprecated MIBs to the replacement MIBs as shown in Table 8 below.


Table 8: Deprecated MIBs
Deprecated MIB Replacement

OLD-CISCO-APPLETALK-MIB

RFC1243-MIB

OLD-CISCO-CHASSIS-MIB

ENTITY-MIB

OLD-CISCO-CPUK-MIB

In Development

OLD-CISCO-DECNET-MIB

OLD-CISCO-ENV-MIB

CISCO-ENVMON-MIB

OLD-CISCO-FLASH-MIB

CISCO-FLASH-MIB

OLD-CISCO-INTERFACES-MIB

IF-MIB CISCO-QUEUE-MIB

OLD-CISCO-IP-MIB

OLD-CISCO-MEMORY-MIB

CISCO-MEMORY-POOL-MIB

OLD-CISCO-NOVELL-MIB

NOVELL-IPX-MIB

OLD-CISCO-SYS-MIB

(Compilation of other OLD* MIBS)

OLD-CISCO-SYSTEM-MIB

CISCO-CONFIG-COPY-MIB

OLD-CISCO-TCP-MIB

CISCO-TCP-MIB

OLD-CISCO-TS-MIB

OLD-CISCO-VINES-MIB

CISCO-VINES-MIB

OLD-CISCO-XNS-MIB

Caveats

For a list of software caveats that apply to Cisco IOS Release 12.0(3), refer to the Caveats for Cisco IOS Release 12.0  document that accompanies these release notes. This document lists severity 1 and  2 caveats for Cisco IOS Release 12.0. Caveats describe unexpected behavior or defects in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. The caveats document is also located on CCO and the Documentation CD-ROM.


Note See the "Cisco IOS Syslog Failure" section for important information about caveat CSCdk77426.

Note If you have an account with CCO, you can use Bug Navigator II to find caveats of any severity for any release. Bug Navigator II is at http://www.cisco.com/support/bugtools, or from CCO under the Service & Support heading, select Online Technical Support: Software Bug Toolkit.

Related Documentation

The following sections describe the documentation available for the Cisco 3600 series routers. Typically, these documents consist of hardware installation guides, software installation guides, Cisco IOS configuration and command references, system error messages, and feature modules, which are updates to the Cisco IOS documentation. Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online only.

The most up-to-date documentation can be found on the Web via Cisco Connection Online (CCO)  and the Documentation CD-ROM.  These electronic documents might contain updates and modifications made after the hard-copy documents were printed.

Use these release notes in conjunction with the documents listed in these sections:

Release-Specific Documents

CCO and the Documentation CD-ROM contain documents specific to Release 12.0.

To access Release Notes for Cisco IOS Release 12.0, follow this path on CCO:
Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Release Notes
To access the same document on the Documentation CD-ROM, follow this path:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Release Notes
To access these documents on CCO, select Technical Documents under the Service & Support heading.
To access Caveats for Cisco IOS Release 12.0, follow this path on CCO:
Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Caveats: Caveats for Cisco IOS Release 12.0
To access the same document on the Documentation CD-ROM, follow this path:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Caveats: Caveats for Cisco IOS Release 12.0

Platform-Specific Documents

The documents listed below are available for the Cisco 3600 series routers. These documents are also available online at Cisco Connection Online (CCO) and on the Documentation CD-ROM.

To access platform documents on CCO, follow this path:

Service & Support: Documentation Home Page: Access Servers and Access Routers: Modular Access Routers: Cisco 3600 Series

To access platform documents on the Documentation CD-ROM, follow this path:

Cisco Product Documentation: Access Servers and Access Routers: Modular Access Routers: Cisco 3600 Series

Cisco IOS Software Document Set

The Cisco IOS software documentation set consists of the Cisco  IOS configuration guides, Cisco  IOS command references, and several other supporting documents. These documents are shipped with your order in electronic form on the Documentation CD-ROM, unless you specifically ordered the printed versions.

Documentation Modules

Each module in the Cisco IOS documentation set consists of two books: a configuration guide and a corresponding command reference. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Each configuration guide can be used in conjunction with its corresponding command reference.

To access these documentation modules on CCO, follow this path:

Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Cisco IOS Release 12.0 Configuration Guides and Command References

To access these documentation modules on the Documentation CD-ROM, follow this path:

Cisco IOS Software Configuration: Cisco IOS Release 12.0: Cisco IOS Release 12.0 Configuration Guides and Command References

Release 12.0 Documentation Set

Table 9 details the contents of the Cisco  IOS Release 12.0 software documentation set. The document set is available in electronic form, and also in printed form upon request.


Note The most current Cisco IOS documentation can be found on the latest Documentation CD-ROM and on the Web. These electronic documents might contain updates and modifications made after the paper documents were printed.

To access the Cisco IOS documentation set on CCO, follow this path:

Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0

To access the Cisco IOS documentation set on the Documentation CD-ROM, follow this path:

Cisco IOS Software Configuration: Cisco IOS Release 12.0


Table 9: Cisco IOS Software Release 12.0 Documentation Set
Books Chapter Topics

  • Configuration Fundamentals Configuration Guide

  • Configuration Fundamentals Command Reference

Configuration Fundamentals Overview
Cisco IOS User Interfaces
File Management
System Management

  • Bridging and IBM Networking Configuration Guide

  • Bridging and IBM Networking Command Reference

Transparent Bridging
Source-Route Bridging
Token Ring Inter-Switch Link
Remote Source-Route Bridging
DLSw+
STUN and BSTUN
LLC2 and SDLC
IBM Network Media Translation
DSPU and SNA Service Point
SNA Frame Relay Access Support
APPN
Cisco Database Connection
NCIA Client/Server Topologies
Cisco Mainframe Channel Connection
Airline Product Set

  • Dial Solutions Configuration Guide

  • Dial Solutions Command Reference

Dial-In Port Setup
Dial-In Terminal Services
Dial-on-Demand Routing (DDR)
Dial Backup
Dial-Out Modem Pooling
Large-Scale Dial Solutions
Cost-Control Solutions
ISDN
X.25 over ISDN
VPDN
Dial Business Solutions and Examples

  • Cisco IOS Interface Configuration Guide

  • Cisco IOS Interface Command Reference

Interface Configuration Overview

  • Network Protocols Configuration Guide, Part 1

  • Network Protocols Command Reference, Part 1

IP Addressing
IP Services
IP Routing Protocols

  • Network Protocols Configuration Guide, Part 2

  • Network Protocols Command Reference, Part 2

AppleTalk
Novell IPX

  • Network Protocols Configuration Guide, Part 3

  • Network Protocols Command Reference, Part 3

Apollo Domain
Banyan VINES
DECnet
ISO CLNS
XNS

  • Security Configuration Guide

  • Security Command Reference

AAA Security Services
Security Server Protocols
Traffic Filtering and Firewalls
IP Security and Encryption
Passwords and Privileges
Neighbor Router Authentication
IP Security Options

  • Cisco IOS Switching Services Configuration Guide

  • Cisco IOS Switching Services Command Reference

Switching Paths for IP Networks
Virtual LAN (VLAN) Switching and Routing

  • Wide-Area Networking Configuration Guide

  • Wide-Area Networking Command Reference

ATM
Frame Relay
SMDS
X.25 and LAPB

  • Voice, Video, and Home Applications Configuration Guide

  • Voice, Video, and Home Applications Command Reference

Voice over IP
Voice over Frame Relay
Voice over ATM
Voice over HDLC
Video Support
Universal Broadband Features

  • Quality of Service Solutions Configuration Guide

  • Quality of Service Solutions Command Reference

Classification
Scheduling
Packet Drop
Traffic Shaping
ATM QoS
SNA QoS
Line Protocols

  • Cisco IOS Software Command Summary

  • Dial Solutions Quick Configuration Guide

  • System Error Messages

  • Debug Command Reference

Service and Support

For service and support for a product purchased from a reseller, contact the reseller. Resellers offer a wide variety of Cisco  service and support programs, which are described in the section "Service and Support" in the information packet that shipped with your product.


Note If you purchased your product from a reseller, you can access CCO as a guest. CCO is Cisco  Systems' primary real-time support channel. Your reseller offers programs that include direct access to CCO services.

For service and support for a product purchased directly from Cisco, use CCO.

Software Configuration Tips on the Cisco TAC Home Page

For helpful tips on configuring Cisco products, follow this path on CCO, beginning under the Service & Support heading:

Online Technical Support: Technical Tips: Technical Tips Search

"Hot Tips" are popular tips and hints gathered from Cisco's Technical Assistance Center (TAC). Most of these documents are also available from the TAC's Fax-on-Demand service. To access Fax-on-Demand and receive documents at your fax machine, call 888-50-CISCO (888-502-4726). From international areas, call 650-596-4408.

The following sections are provided from the Technical Tips page:

Cisco Connection Online

Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.

Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.

CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.

You can access CCO in the following ways:

For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.


Note If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800  553-2447, 408  526-7209, or tac@cisco.com. To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800  553-6387, 408  526-7208, or cs-rep@cisco.com.

Documentation CD-ROM

Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.

If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.





hometocprevnextglossaryfeedbacksearchhelp
Posted: Thu Feb 4 15:11:42 PST 1999
Copyright 1989-1999©Cisco Systems Inc.