Полезная информация

cc/td/doc/product/software/ios120/relnote
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Release Notes for Cisco 4000 Series for
Cisco IOS Release 12.0

Release Notes for Cisco 4000 Series for
Cisco IOS Release 12.0

February 8, 1999

These release notes describe new features for the Cisco 4000 Series that support Cisco IOS Release 12.0, up to and including 12.0(3). Cisco IOS Release 12.0(3) is based on Cisco IOS 12.0. These release notes are updated with each maintenance release of the Cisco IOS software, which is typically every 6 weeks.

Use these release notes in conjunction with the mainline Release Notes for Cisco  IOS  Release  12.0 located on Cisco Connection Online (CCO) and the Documentation CD-ROM.

For a list of all the software caveats that apply to Release 12.0(3), refer to the "Caveats" section. Refer also to the Caveats for Cisco IOS Release 12.0  document that accompanies these release notes, also located on CCO and the Documentation CD-ROM.

Contents

These release notes discuss the following topics:

System Requirements

This section describes the system requirements for Release 12.0 and includes the following sections:

Memory Requirements

Table 1 describes the memory requirements of the Cisco IOS feature sets for the Cisco 4000 Series for Release 12.0.


Table 1: Memory Requirements for Cisco  4000 Series
Feature Set by Platform Image Name Required Flash Memory Required DRAM Memory Runs From
Cisco  4000 and Cisco  4000-M

IP

c4000-i-mz

4 MB Flash

16 MB DRAM

RAM

IP Plus

c4000-is-mz

4 MB Flash

16 MB DRAM

RAM

IP Plus 40

c4000-is40-mz

4 MB Flash

16 MB DRAM

RAM

IP Plus IPSec 56

c4000-is56i-mz

4 MB Flash

16 MB DRAM

RAM

IP/IPX/AT/DEC

c4000-d-mz

4 MB Flash

16 MB DRAM

RAM

IP/IPX/AT/DEC Plus

c4000-ds-mz

4 MB Flash

16 MB DRAM

RAM

Enterprise Plus

c4000-js-mz

8 MB Flash

16 MB DRAM

RAM

Enterprise Plus 40

c4000-js40-mz

8 MB Flash

16 MB DRAM

RAM

Enterprise Plus IPSec 56

c4000-js56i-mz

8 MB Flash

16 MB DRAM

RAM

Cisco  4000-M

Enterprise/APPN Plus

c4000-ajs-mz

8 MB Flash

32 MB DRAM

RAM

Enterprise/APPN Plus 40

c4000-ajs40-mz

8 MB Flash

32 MB DRAM

RAM

Enterprise/APPN Plus IPSec 56

c4000-ajs56i-mz

8 MB Flash

32 MB DRAM

RAM

Cisco  4500, Cisco  4500-M, Cisco  4700

IP

c4500-i-mz

4 MB Flash

32 MB DRAM

RAM

IP Plus

c4500-is-mz

8 MB Flash

32 MB DRAM

RAM

IP Plus 40

c4500-is40-mz

8 MB Flash

32 MB DRAM

RAM

IP Plus IPSec 56

c4500-is56i-mz

8 MB Flash

32 MB DRAM

RAM

IP/IPX/AT/DEC

c4500-d-mz

4 MB Flash

32 MB DRAM

RAM

IP/IPX/AT/DEC Plus

c4500-ds-mz

8 MB Flash

32 MB DRAM

RAM

Enterprise Plus

c4500-js-mz

8 MB Flash

32 MB DRAM

RAM

Enterprise Plus 40

c4500-js40-mz

8 MB Flash

32 MB DRAM

RAM

Enterprise Plus IPSec 56

c4500-js56i-mz

8 MB Flash

32 MB DRAM

RAM

Enterprise/APPN Plus

c4500-ajs-mz

8 MB Flash

32 MB DRAM

RAM

Enterprise/APPN Plus 40

c4500-ajs40-mz

8 MB Flash

32 MB DRAM

RAM

Enterprise/APPN Plus IPSec 56

c4500-ajs56i-mz

8 MB Flash

32 MB DRAM

RAM

Enterprise/APPN/
DBCONN

c4500-aejs-mz

8 MB Flash

32 MB DRAM

RAM

Enterprise/APPN/
DBCONN Plus 40

c4500-aejs40-mz

8 MB Flash

32 MB DRAM

RAM

Enterprise/APPN/
DBCONN Plus IPSec 56

c4500-aejs56i-mz

8 MB Flash

32 MB DRAM

RAM

Cisco  4700-M

IP Plus 40

c4500-is40-mz

8 MB Flash

32 MB DRAM

RAM

Enterprise Plus 40

c4500-js40-mz

8 MB Flash

32 MB DRAM

RAM

Enterprise/APPN Plus 40

c4500-ajs40-mz

8 MB Flash

32 MB DRAM

RAM

Enterprise/APPN/
DBCONN

c4500-aejs-mz

8 MB Flash

32 MB DRAM

RAM

Enterprise/APPN/
DBCONN Plus 40

c4500-aejs40-mz

8 MB Flash

32 MB DRAM

RAM

Enterprise/APPN/
DBCONN Plus IPSec 56

c4500-aejs56i-mz

8 MB Flash

32 MB DRAM

RAM

Hardware Supported

Cisco IOS Release 12.0 supports the Cisco 4000 Series routers:

For detailed descriptions of the new hardware features for Release 12.0, refer to the cross-platform Release Notes for Cisco IOS Release 12.0 .  


Table 2: Supported Interfaces for the Cisco 4000 Series
Interface, Network Module, or Data Rate Platforms Supported
LAN Interfaces

ATM DS-3

Cisco  4500 and Cisco  4700

ATM E3

Cisco  4500 and Cisco  4700

ATM Interface

All Cisco  4000 Series platforms

ATM OC-3c

Cisco  4500 and Cisco  4700

Channelized E1/T1 ISDN PRI

All Cisco  4000 Series platforms

Ethernet

All Cisco  4000 Series platforms

Fast Ethernet

Cisco  4500 and Cisco  4700

FDDI

All Cisco  4000 Series platforms

HSSI

Cisco  4500 and Cisco  4700

ISDN BRI

All Cisco  4000 Series platforms

Serial

All Cisco  4000 Series platforms

Token Ring

All Cisco  4000 Series platforms

WAN Data Rates

48/56/64 kbps

All Cisco  4000 Series platforms

1.544/2.048 Mbps

All Cisco  4000 Series platforms

WAN Interfaces and Network Modules

56K/64K DSU/CSU

All Cisco  4000 Series platforms

Channelized E1

All Cisco  4000 Series platforms

Channelized T1

All Cisco  4000 Series platforms

E1-G.703/G.704

All Cisco  4000 Series platforms

EIA-530

All Cisco  4000 Series platforms

EIA/TIA-232

All Cisco  4000 Series platforms

EIA/TIA-449

All Cisco  4000 Series platforms

EIA/TIA-613 (HSSI)

All Cisco  4000 Series platforms

ISDN BRI

All Cisco  4000 Series platforms

ISDN PRI

All Cisco  4000 Series platforms

MultiChannel Interface (Channelized E1/T1)

All Cisco  4000 Series platforms

Serial

All Cisco  4000 Series platforms

V.35

All Cisco  4000 Series platforms

X.21

All Cisco  4000 Series platforms

Determining Your Cisco IOS Software Release

To determine the version of Cisco IOS software currently running on a Cisco 4000 Series router, log in to the router and use the show version EXEC command. The following is sample output from the show version command. The version number is indicated on the second output line as shown below:

router> show version
Cisco Internetwork Operating System Software
IOS (tm) 4000 Software (C4000-JS-MZ), Version 12.0(3), RELEASE SOFTWARE
 

Additional command output lines include more information, such as processor revision numbers, memory amounts, hardware IDs, and partition information.

Upgrading to a New Release

For general information about upgrading to a new software release, refer to the Cisco IOS Software Release 11.3 Upgrade Paths and Packaging Simplification (#703: 12/97) product bulletin located on CCO.

From the CCO home page, click on this path:

Service & Support: Product Bulletins: Software: Cisco  IOS 11.3: Cisco IOS Software Release 11.3 Upgrade Paths (#703: 12/97).

This product bulletin does not contain information specific to Cisco IOS Release 12.0 but provides generic upgrade information that may apply to Cisco IOS Release 12.0.


Note If you have an account on CCO, you can access the Cisco IOS Software Release 12.0 Upgrade Paths and Packaging Simplification product bulletin at the following URL: http://www.cisco.com/kobayashi/library/12.0/120MigrPaths.pdf

Feature Set Tables

Cisco IOS software is packaged in feature sets (also called software images) depending on the platform. Each feature set contains a specific set of Cisco IOS features. The following section lists the feature set matrix and the features supported by each feature set.

Table 5 lists the Cisco IOS software feature sets available for Cisco IOS Release 12.0(3). Release 12.0 supports the same feature sets as Release 12.0T but it may also have new features supported by Release 12.0(3).


Table 3: Feature Sets Supported by the Cisco  4000 Series
Feature Set Feature Set Matrix Term Software Image Platforms Supported
IP Standard Feature Sets

IP

Basic1

c4000-i-mz

Cisco  4000/4000-M

c4500-i-mz

Cisco  4500/4500-M, Cisco  4700

IP Plus

Plus2

c4000-is-mz

Cisco  4000/4000-M

c4500-is-mz

Cisco  4500/4500-M, Cisco  4700

IP Plus 40

Plus, Plus  403

c4000-is40-mz

Cisco  4000/4000-M

c4500-is40-mz

Cisco  4500/4500-M, Cisco  4700/4700-M

IP Plus IPSec 56

Plus, Plus  IPSec  564

c4000-is56i-mz

Cisco  4000, Cisco  4000-M

c4500-is56i-mz

Cisco  4500/4500-M, Cisco  4700

IP/IPX/
AppleTalk/
DEC
Standard
Feature Sets

IP/IPX/AppleTalk/DEC

Basic

c4000-d-mz,

Cisco  4000/4000-M

c4500-d-mz

Cisco  4500/4500-M, Cisco  4700

IP/IPX/AppleTalk/DEC Plus

Plus

c4000-ds-mz

Cisco  4000/4000-M

c4500-ds-mz

Cisco  4500/4500-M, Cisco  4700

Enterprise Standard
Feature Sets

Enterprise Plus

Plus

c4000-js-mz

Cisco  4000/4000-M

c4500-js-mz

Cisco  4500/4500-M, Cisco  4700

Enterprise Plus 40

Plus, Plus  40

c4000-js40-mz

Cisco  4000/4000-M

c4500-js40-mz

Cisco  4500/4500-M, Cisco  4700/4700-M

Enterprise Plus IPSec 56

Plus, Plus  IPSec 56

c4000-js56i-mz

Cisco  4000/4000-M

c4500-js56i-mz

Cisco  4500/4500-M, Cisco  4700

Enterprise/
APPN
Standard Feature Set

Enterprise/APPN Plus

Plus

c4000-ajs-mz

Cisco  4000-M

c4500-ajs-mz

Cisco  4500/4500-M, Cisco  4700/4700-M

Enterprise/APPN Plus 40

Plus, Plus  40

c4000-ajs40-mz

Cisco  4000-M

c4500-ajs40-mz

Cisco  4500/4500-M, Cisco  4700/4700-M

Enterprise/APPN Plus IPSec 56

Plus, Plus  IPSec 56

c4000-ajs56i-mz

Cisco  4000-M

c4500-ajs56i-mz

Cisco  4500/4500-M, Cisco  4700

Enterprise/
APPN/
DB Conn Standard Feature Set

Enterprise/APPN/DB Conn

Basic

c4500-aejs-mz

Cisco  4500/4500-M, Cisco  4700/4700-M

Enterprise/APPN/DB Conn Plus 40

Plus, Plus 40

c4500-aejs40-mz

Cisco  4500/4500-M, Cisco  4700/4700-M

Enterprise/APPN/DB Conn Plus IPSec 56

Plus, Plus IPSec 56

c4500-aejs56i-mz

Cisco  4500/4500-M, Cisco  4700/4700-M

1This feature set is offered in the basic feature set.
2This feature set is offered in the plus feature set.
3This feature set is offered in the encryption feature sets which consist of 40-bit (Plus 40) data encryption feature sets.
4This feature set is offered in the encryption feature sets which consist of IPSec 56-bit (Plus IPSec 56) data encryption feature sets.

Caution
Cisco IOS images with strong encryption (including, but not limited to, 56-bit data encryption feature sets) are subject to U.S. government export controls, and have a limited distribution. Images to be installed outside the U.S. require an export license. Customer orders may be denied or subject to delay due to U.S. government regulations. Contact your sales representative or distributor for more information, or send e-mail to export@cisco.com.

Tables 4 and 5 list the features and feature sets supported by the Cisco IOS Release 12.0 for the Cisco 4000 Series.

All tables use the following conventions to identify features:


Note The following feature set tables contain only selected lists of features. These tables are not cumulative or complete lists of all the features in each image.


Table 4: Feature List by Feature Set for the Cisco 40001 and Cisco 4000-M
Feature Set
Features IP IP
Plus
IP
Plus
40
IP
Plus
IPSec
56
IP/
IPX/
AT/
DEC
IP/
IPX/
AT/
DEC
Plus
Enter-
prise
Plus
Enter-
prise
Plus
40
Enter-
prise
Plus
IPSec
56
Enter-
prise/
APPN
Plus2
Enter-
prise/
APPN
Plus
403
Enter-
prise/
APPN
Plus
IPSec 564
IBM Support
Bridging Code Rework

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

RIF Passthru in DLSw+

No

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IP Routing
IP Type of Service and Precedence for GRE Tunnels (GRE VPN)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

OSPF Point to Multipoint

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Management
Cisco IOS File System

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Entity MIB

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Expression MIB

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Conditionally Triggered Debugging

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SNMP Inform Request

No

No

No

No

No

No

No

Yes

Yes

Yes

Yes

Yes

SNMP Manager

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

VPDN MIB and Syslog Facility

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Multimedia
Protocol-Independent Multicasts (PIM) Version 2

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Scalability
Airline Product Set (ALPS)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Security
Named Method Lists for AAA Authentication & Accounting

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Additional Vendor-Proprietary RADIUS Attributes

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Authenticating ACLs

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Automated Double Authentication

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

MS-CHAP Support

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Certificate Authority Interoperability

No

No

No

No

No

No

No

Yes

No

No

No

No

Internet Key Exchange Security Protocol

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Yes

Yes

IPSec Network Security

No

No

No

Yes

No

No

No

No

Yes

No

No

Yes

Subblock Phase 1

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

WAN Optimization
DRP Server Agent Enhancements

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

WAN Services
Always On/Dynamic ISDN (AO/DI)

No

No

No

No

No

No

Yes

Yes

Yes

Yes

Yes

Yes

ATM E.164 Auto Conversion

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Dialer Watch

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

MS Callback

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Microsoft Point-to-Point Compression (MPPC)

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Multiple ISDN Switch Types

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Multiprotocol over ATM

No

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

National ISDN Switch Types

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

NHRP Enhancements

No

No

No

No

No

No

No

No

No

No

No

No

Stackable Home Gateway

No

Yes

Yes

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

1The Cisco 4000 platform does not support the Enterprise/APPN Plus, Enterprise/APPN Plus 40, and Enterprise/APPN Plus IPSec 56 feature sets.
2The Enterprise/APPN feature set is not supported on the Cisco 4000 platform, but it is supported on the Cisco 4000-M platform.
3The Enterprise/APPN Plus feature set is not supported on the Cisco 4000 platform, but it is supported on the Cisco 4000-M platform.
4The Enterprise/APPN Plus IPSec 56 feature set is not supported on the Cisco 4000 platform, but it is supported on the Cisco 4000-M platform.


Table 5: Feature List by Feature Set for the Cisco 4500, Cisco 4500-M, Cisco 4700, and Cisco 4700-M1 Series Routers
Feature Set
Features IP IP
Plus
IP
Plus
40
IP
Plus
IPSec
|56
IP/
IPX/
AT/
DEC
IP/
IPX/
AT/
DEC
Plus
Enter-
prise
Plus
Enter-
prise
Plus
40
Enter-
prise
Plus
IPSec
56
Enter-
prise/
APPN
Plus
Enter-
prise/
APPN
Plus
40
Enter-
prise/
APPN
Plus
IPSec
56
Enter-
prise/
APPN/
DB-
CONN
Enter-
prise/
APPN/
DB-
CONN
40
Enter-
prise/
APPN/
DB
CONN
IPSec
56
IBM Support
Bridging Code Rework

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Cisco Database Connection

No

No

No

No

No

No

No

No

No

No

No

No

Yes

Yes

Yes

RIF Passthru in DLSw+

Yes

No

Yes

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IP Routing
IP Type of Service and Precedence for GRE Tunnels (GRE VPN)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

OSPF Point to Multipoint

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

No

Management
Cisco IOS File System

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

No

Entity MIB

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

No

Expression MIB

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

No

Conditionally Triggered Debugging

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

No

SNMP Inform Requests

No

No

No

No

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SNMP Manager

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

No

Multimedia
Protocol-
Independent Multicast (PIM)
Version 2

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Scalability
Airline Product Set (ALPS)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Security
Additional Vendor-
Proprietary RADIUS Attributes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Authenticating ACLs

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Automated Double Authentication

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Certificate Authority Inter-
operability

No

No

No

No

No

No

Yes

No

No

No

No

Yes

No

No

Yes

Internet Key Exchange Security Protocol

No

No

No

No

No

No

Yes

No

No

No

No

Yes

No

No

Yes

IPSec Network Security

No

No

No

Yes

No

No

No

No

Yes

No

No

Yes

No

No

Yes

MS-CHAP Support

No

No

No

No

No

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Named Method Lists for AAA Authentication & Accounting

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Subblock
Phase 1

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Switching
Enhanced ATM VC Configuration and Management

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

WAN Optimization
DRP Server Agent Enhancements

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

WAN Services
Always On/Dynamic ISDN (AO/DI)

No

No

No

No

No

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

ATM E.164 Auto Conversion

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Dialer Watch

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Microsoft Point-to-Point Compression (MPPC)

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

MS Callback

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Multiple ISDN Switch Types

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Multiprotocol over ATM

No

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

National ISDN Switch Types

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

PPP over Frame Relay

No

No

No

No

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

WAN Services
Stackable Home Gateway

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

VPDN MIB Feature

Yes

No

Yes

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

1Cisco 4700-M supports the IP Plus 40, Enterprise Plus 40, Enterprise/APPN Plus 40, Enterprise/APPN/DBConn, Enterprise/APPN/DBConn Plus 40, and Enterprise/APPN/DBConn Plus IPSec 56 feature sets only.

New and Changed Information

The following sections list the new features supported by the Cisco 4000 Series in Cisco IOS Release 12.0. For more information about these features, refer to the cross-platform Release Notes for Cisco IOS  Release  12.0  located on CCO and the Documentation CD-ROM.

Important Notes

This section contains important information about use of your Cisco IOS Release 12.0 software.

Cisco IOS Syslog Failure

Certain versions of Cisco IOS software may fail or hang when they receive invalid User Datagram Protocol (UDP) packets sent to their syslog ports (port 514). At least one commonly-used Internet scanning tool generates packets which can cause such problems. This fact has been published on public Internet mailing lists, which are widely read both by security professionals and by security crackers. This information should be considered in the public domain.

Attackers can cause Cisco IOS devices to repeatedly fail and reload, resulting in a completely disabled Cisco IOS device that will need to be reconfigured by its administrator. Some Cisco IOS devices have been observed to hang instead of failing when attacked. These devices do not recover until they are manually restarted by reset or power cycling. An administrator must personally visit an attacked, hung device to restart it, even if the attacker is no longer actively sending any traffic. Some devices have failed without providing stack traces; some devices may indicate that they were "restarted by power-on", even when that is not the case.

Customers should assume that any potential attacker is likely to know that the existence of this vulnerability and the ways to exploit it. An attacker can use tools available to the public on the Internet. An attacker does not need to write any software to exploit the vulnerability. Minimal skill is required. No special equipment is required.

Despite Cisco's specifically inviting such reports, Cisco has received no actual reports of malicious exploitation of this vulnerability.

This vulnerability notice was posted on Cisco's World Wide Web site:

http://www.cisco.com/warp/public/770/iossyslog-pub.shtml  
 

This information was also sent to the following e-mail and Usenet news recipients:

Affected Devices and Software Versions

Vulnerable devices and software versions are specified in Table 2 of Software Versions and Fixes. Affected versions include 11.3AA, 11.3DB, and all 12.0 versions (including 12.0 mainline, 12.0S, 12.0T, and any other regular released version whose number starts with 12.0), up to the repaired releases listed in Table 2. Cisco is correcting the vulnerability in certain special releases and will correct it in future maintenance and interim releases. See Software Versions and Fixes for details. Cisco intends to provide fixes for all affected IOS variants.

No particular configuration is needed to make a Cisco IOS device vulnerable. It is possible to filter out attack traffic using access lists. See "Workarounds" for techniques. However, except at Internet firewalls, the appropriate filters are not common in customer configurations. Carefully evaluate your configuration before assuming that any filtering you have already configured protects you against this attack.

The most commonly used or asked-about products are listed below. If you are unsure whether your device is running Cisco IOS software, log in to the device and issue the show version command. Cisco IOS software will identify itself simply as "IOS" or "Internetwork Operating System Software". Other Cisco devices will not have the show version command, or they will identify themselves differently in their output. The most common Cisco devices that run Cisco IOS software include the following:

Affected software versions, which are relatively new, are not necessarily available on every device listed above.

If you are not running Cisco IOS software, you are not affected by this vulnerability. The following Cisco devices are not affected:

This vulnerability has been assigned Cisco bug ID CSCdk77426.

Solution

Cisco offers free software updates to correct this vulnerability for all affected customers, regardless of their contract status. However, because this vulnerability information has been disseminated by third parties, Cisco has released this notice before updates are available for all software versions. Table 2 gives Cisco's projected fix dates.

Make sure your hardware had adequate RAM to support the new software before installing it. Amount of RAM is seldom a problem when you upgrade within a major release (say, from 11.2(11)P to 11.2(17)P), but it is often a factor when you upgrade between major releases (say, from 11.2 P to 11.3 T).

Because fixes will be made available for all affected releases, this vulnerability will rarely, if ever, require an upgrade to a new major release. Cisco recommends very careful planning for any upgrade between major releases. Make certain no known bugs will prevent the new software from working properly in your environment.

Further upgrade planning assistance is available on Cisco's World Wide Web site at:

http://www.cisco.com  
 

Customers with service contracts should obtain new software through their regular update channels (generally via Cisco's World Wide Web site). They may upgrade to any software release, but they must remain within the boundaries of the feature sets they have purchased.

Customers without service contracts may upgrade to obtain only the bug fixes; they are not offered upgrades to versions newer than required to resolve the defects. In general, these customers will be restricted to upgrading within a single row of Table 2 below, except when no upgrade within the same row is available in a timely manner. Obtain updates by contacting one of the following Cisco Technical Assistance Centers (TACs):

Give the URL of this notice (http://www.cisco.com/warp/public/770/iossyslog-pub.shtml) as evidence of your entitlement to a free update. Free updates for non-contract customers must be requested through the TAC. Please do not contact either "psirt@cisco.com" or "security-alert@cisco.com" for software updates.

Workarounds

You can work around this vulnerability by preventing any affected Cisco IOS device from receiving or processing UDP datagrams addressed to its port 514. This can be done either using packet filtering on surrounding devices, or by using input access list filtering on the affected IOS device itself.

If you use an input access list, that list should be applied to all interfaces to which attackers may be able to send datagrams. Interfaces include not only physical LAN and WAN interfaces, but virtual subinterfaces of those physical interfaces, as well as virtual interfaces and/or interface templates corresponding to GRE, L2TP, L2F, and other tunneling protocols.

The input access list must block traffic destined for UDP port 514 at any of the Cisco IOS device's own IP addresses, as well as at any broadcast or multicast addresses on which the Cisco IOS device may be listening. Be sure to block both old-style "all-zeros" broadcasts and new-style "all-ones" broadcasts. It is not necessary to block traffic being forwarded to other hosts; only traffic actually addressed to the Cisco IOS device is of interest.

No single input access list works in all configurations. Know the effect of your access list in your specific configuration before activating it.

The following example shows a possible access list for a three-interface router, along with the configuration commands needed to apply the list. The example assumes input filtering is not needed, other than as a workaround for this vulnerability.

! Deny all multicasts, and all unspecified-net broadcasts, to port 514
access-list 101 deny udp any 224.0.0.0 31.255.255.255 eq 514
! Deny old-style unspecified-net broadcasts
access-list 101 deny udp any host 0.0.0.0 eq 514
! Deny network-specific broadcasts. This example assumes that all of
! the local interfaces are on the class B network 172.16.0.0, subnetted
! everywhere with mask 255.255.255.0. This will differ from network
! to network. Note that we block both new-style and old-style broadcasts.
access-list 101 deny udp any 172.16.0.255 0.0.255.0 eq 514
access-list 101 deny udp any 172.16.0.0   0.0.255.0 eq 514
! Deny packets sent to the addresses of our own network interfaces.
access-list 101 deny udp any host 172.16.1.1 eq 514
access-list 101 deny udp any host 172.16.2.1 eq 514
access-list 101 deny udp any host 172.16.3.3 eq 514
! Permit all other traffic (default would be to deny)
access-list 101 permit ip any any
 
! Apply the access list to the input side of each interface
interface ethernet 0
ip address 172.16.1.1 255.255.255.0
ip access-group 101 in
 
interface ethernet 2
ip address 172.16.2.1 255.255.255.0
ip access-group 101 in
 
interface ethernet 3
ip address 172.16.3.3 255.255.255.0
ip access-group 101 in
 

Listing all possible addresses---especially all possible broadcast addresses---to which attack packets might be sent is complicated. If you do not need to forward any legitimate syslog traffic received on an interface, you can block all syslog traffic arriving on that interface. Remember that blocking will affect traffic routed through the Cisco IOS device as well as traffic destined to the device; if the IOS device is expected to forward syslog packets, you will have to do the detailed filtering. Because input access lists impact system performance, install them with caution, especially on systems running very near their capacity.

Software Versions and Fixes

Many Cisco software images have been or will be specially reissued to correct this vulnerability. For example, regular released version 12.0(2) is vulnerable, as are interim versions 12.0(2.1) through 12.0(2.3). The first fixed interim version of 12.0 mainline software is 12.0(2.4). However, a special release, 12.0(2a), contains only the fix for this vulnerability and does not include any other bug fixes from later 12.0 interim releases.

If you are running 12.0(2), and want to fix this problem without risking possible instability presented by installing the 12.0(2.4) interim release, you can upgrade to 12.0(2a). Release 12.0(2a) is a "code branch" from the 12.0(2) base, which will merge back into the 12.0 mainline at 12.0(2.4).

Special releases, like 12.0(2a), are one-time, spot fixes, and they will not be maintained. Thus, the upgrade path from12.0(2a) is to 12.0(3).

Table 2 specifies information about affected and repaired software versions.


Note All dates within this table are subject to change.


Table 6: Affected and Repaired Software Versions
Cisco IOS Major Release Description Special Fix1 First Fixed Interim Release2 Fixed Maintenance Release3
 Unaffected Releases

11.2 and earlier---all variants

Unaffected early releases (no syslog server)

Unaffected

Unaffected

Unaffected

11.3, 11.3T, 11.3DA, 11.3MA, 11.3NA, 11.3WA, 11.3(2)XA

11.3 releases without syslog servers

Unaffected

Unaffected

Unaffected

Releases based on 11.3

11.3AA

11.3 early deployment for AS58xx

11.3(7)AA2, 8-JAN-19994

11.3(7.2)AA

11.3(8)AA, 15-FEB-1999

11.3DB

11.3 for Cisco NRP routing blade in Cisco 6400 xDSL DSLAM

11.3(7)DB2, 18-JAN-1999

 Releases based on 12.0

12.0

12.0 Mainline

12.0(2a), 8-JAN-1999

12.0(2.4)

12.0(3), 1-FEB-1999

12.0T

12.0 new technology early deployment

12.0(2a)T1, 11-JAN-1999

12.0(2.4)T

12.0(3)T, 15-FEB-1999

12.0S

ISP support; 7200, RSP, GSR

12.0(2.3)S, 27-DEC-1998

12.0(2)S5, 18-JAN-1999

12.0DB

12.0 for Cisco 6400 universal access concentrator node switch processor (lab use)

12.0(2)DB, 18-JAN-1999

12.0(1)W

12.0 for Catalyst 8500 and LS1010

12.0(1)W5(5a) and 12.0(1a)W5(5b) (LS1010 platform only)

12.0(1)W5(5.15)

12.0(1)W5(6) (platform support for Catalyst 8540M will be in 12.0(1)W5(7))

12.0(0.6)W5

One-time early deployment for CH-OC12 module in Catalyst 8500 series switches.

Unaffected; one-time release

Unaffected

Unaffected; general upgrade path is via 12.0(1)W5 releases.

12.0(1)XA3

Short-life release; merged to 12/0T at 12.0(2)T

Obsolete

Merged

Upgrade to 12.0(2a)T1 and/or to 12.0(3)T.

12.0(1)XB

Short-life release for Cisco 800 series; merged to 12.0T and 12.0 (3)T

12.0(1)XB1

Merged

Upgrade to 12.0(3)T.

12.0(2)XC

Short-life release for new features in Cisco 2600, Cisco 3600, ubr7200, ubr900 series; merged to 12.0T at 12.0(3)T.

12.0(2)XC1, 7-JAN-1999

Merged

Upgrade to 12.0(3)T

12.0(2)XD

Short-life release for ISDN voice features; merged to 12.0T at 12.0(3)T.

12.0(2)XD1, 18-JAN-1999

Merged

Upgrade to 12.0(3)T

12.0(1)XE

Short-life release

12.0(2)XE, 18-JAN-1999

Merged

Upgrade to 12.0(3)T

1A special fix is a one-time release that provides the most stable immediate upgrade path.
2Interim releases are tested less rigorously than regular, maintenance releases; interim releases may contain serious bugs.
3Fixed maintenance releases are on a long-term upgrade path. Other long-term upgrade paths also exist.
4All dates in this table are estimates, subject to change.
5This entry is not a misprint. The 12.0(2.3)S interim release is available before the 12.0(2)S regular release in which the vulnerability is fixed.

Deprecated MIBs

Older Cisco Management Information Bases (MIBs) will be replaced in a future release. OLD-CISCO-* MIBS are currently being migrated into more scalable MIBs---without affecting existing Cisco IOS products or NMS applications. Make sure that you update from deprecated MIBs to the replacement MIBs as shown in the table below.

Deprecated MIBs Replacement MIBs

OLD-CISCO-APPLETALK-MIB

RFC1243-MIB

OLD-CISCO-CHASSIS-MIB

ENTITY-MIB

OLD-CISCO-CPUK-MIB

In Development

OLD-CISCO-DECNET-MIB

OLD-CISCO-ENV-MIB

CISCO-ENVMON-MIB

OLD-CISCO-FLASH-MIB

CISCO-FLASH-MIB

OLD-CISCO-INTERFACES-MIB

IF-MIB CISCO-QUEUE-MIB

OLD-CISCO-IP-MIB

OLD-CISCO-MEMORY-MIB

CISCO-MEMORY-POOL-MIB

OLD-CISCO-NOVELL-MIB

NOVELL-IPX-MIB

OLD-CISCO-SYS-MIB

(Compilation of other OLD* MIBS)

OLD-CISCO-SYSTEM-MIB

CISCO-CONFIG-COPY-MIB

OLD-CISCO-TCP-MIB

CISCO-TCP-MIB

OLD-CISCO-TS-MIB

OLD-CISCO-VINES-MIB

CISCO-VINES-MIB

OLD-CISCO-XNS-MIB

Caveats

For a list of software caveats that apply to Cisco IOS  Release  12.0, refer to the Caveats for Cisco IOS Release 12.0 T  document that accompanies these release notes. This document lists severity 1 and 2 caveats for Cisco IOS Release 12.0  T. Caveats describe unexpected behavior or defects in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Because Cisco  IOS Release  12.0(3) is based on Cisco  IOS Release  12.0 all caveats in Release 12.0 are also in Release 12.0  T.

The caveats document is also located on CCO and the Documentation CD-ROM.


Note If you have an account with CCO, you can use Bug Navigator II to find caveats of any severity for any release. From CCO, select Service & Support: Online Technical Support: Software Bug Toolkit II. You can find Bug Navigator II at http://www.cisco.com/support/bugtools.

Related Documentation

The following sections describe the documentation available for the Cisco 4000 Series routers. Typically, these documents consist of hardware and software installation guides, Cisco IOS configuration and command references, system error messages, and feature modules which are updates to the Cisco IOS documentation. Documentation is available as printed manuals or electronic documents, except for feature modules, which are only available online.

You can find the most up-to-date documentation on the Web via Cisco Connection Online (CCO) and on the Documentation CD-ROM. These electronic documents may contain updates and modifications made after the hard-copy documents were printed.

Use these release notes with the documents listed in these sections:

Release-Specific Documentation

The following documents are specific to Release 12.0 and are located on CCO and the Documentation CD-ROM:

To reach the cross-platform Release Notes for Cisco IOS Release 12.0 from the CCO home page, click on this path:
Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Release Notes: Cross-Platform Release Notes
To reach the cross-platform Release Notes for Cisco IOS Release 12.0 on the Documentation CD-ROM, click on this path:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Release Notes: Cross-Platform Release Notes
To reach these documents, from the CCO home page, click on this path:
Service & Support: Technical Documents

Platform-Specific Documents

The documents listed in this section are available for the Cisco 4000 Series.

This documentation can be found on CCO and on the Documentation CD-ROM.

From the CCO home page, click on this path:

Service & Support: Documentation Home Page: Cisco Product Documentation: Access Servers and Access Routers: Modular Access Routers: Cisco 4000 Series (4000/4500/4700/4000-M/4500-M/4700-M)

From the Documentation CD-ROM, click on this path:

Cisco Product Documentation: Access Servers and Access Routers: Modular Access Routers: Cisco 4000 Series (4000/4500/4700/4000-M/4500-M/4700-M)

Cisco IOS Software Documentation Set

The Cisco IOS software documentation set consists of the Cisco  IOS configuration guides, Cisco  IOS command references, and several other supporting documents. These documents are shipped with your order in electronic form on the Documentation CD-ROM---unless you specifically ordered the printed versions.

Documentation Modules

Each module in the Cisco IOS documentation set consists of two books: a configuration guide and a corresponding command reference. Chapters in a configuration guide describe protocols, configuration tasks, Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Each configuration guide can be used in conjunction with its corresponding command reference.

To reach these documents on the CCO home page, click on this path:

Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Configuration Guides and Command References

To reach these documents on the Documentation CD-ROM, click on this path:

Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Configuration Guides and Command References

Release 12.0 Documentation Set

Table 7 details the contents of the Cisco  IOS Release 12.0 software documentation set which is available in electronic form and also in printed form upon request.


Note You can find the most current Cisco IOS documentation on the latest Documentation CD-ROM and on the Web. These electronic documents may contain updates and modifications made after the paper documents were printed.

To reach software documents from the CCO home page, click on this path:

Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0

To reach software documents on the Documentation CD-ROM, click on this path:

Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0


Table 7: Cisco IOS Software Release 12.0 Documentation Set
Books Chapter Topics

  • Configuration Fundamentals Configuration Guide

  • Configuration Fundamentals Command Reference

Configuration Fundamentals Overview
Cisco IOS User Interfaces
File Management
System Management

  • Bridging and IBM Networking Configuration Guide

  • Bridging and IBM Networking Command Reference

Transparent Bridging
Source-Route Bridging
Token Ring Inter-Switch Link
Remote Source-Route Bridging
DLSw+
STUN and BSTUN
LLC2 and SDLC
IBM Network Media Translation
DSPU and SNA Service Point
SNA Frame Relay Access Support
APPN
Cisco Database Connection
NCIA Client/Server Topologies
Cisco Mainframe Channel Connection
Airline Product Set

  • Dial Solutions Configuration Guide

  • Dial Solutions Command Reference

Dial-In Port Setup
Dial-In Terminal Services
Dial-on-Demand Routing (DDR)
Dial Backup
Dial-Out Modem Pooling
Large-Scale Dial Solutions
Cost-Control Solutions
ISDN
X.25 over ISDN
VPDN
Dial Business Solutions and Examples

  • Cisco IOS Interface Configuration Guide

  • Cisco IOS Interface Command Reference

Interface Configuration Overview

  • Network Protocols Configuration Guide, Part 1

  • Network Protocols Command Reference, Part 1

IP Addressing
IP Services
IP Routing Protocols

  • Network Protocols Configuration Guide, Part 2

  • Network Protocols Command Reference, Part 2

AppleTalk
Novell IPX

  • Network Protocols Configuration Guide, Part 3

  • Network Protocols Command Reference, Part 3

Apollo Domain
Banyan VINES
DECnet
ISO CLNS
XNS

  • Security Configuration Guide

  • Security Command Reference

AAA Security Services
Security Server Protocols
Traffic Filtering and Firewalls
IP Security and Encryption
Passwords and Privileges
Neighbor Router Authentication
IP Security Options

  • Cisco IOS Switching Services Configuration Guide

  • Cisco IOS Switching Services Command Reference

Switching Paths for IP Networks
Virtual LAN (VLAN) Switching and Routing

  • Wide-Area Networking Configuration Guide

  • Wide-Area Networking Command Reference

ATM
Frame Relay
SMDS
X.25 and LAPB

  • Voice, Video, and Home Applications Configuration Guide

  • Voice, Video, and Home Applications Command Reference

Voice over IP
Voice over Frame Relay
Voice over ATM
Voice over HDLC
Video Support
Universal Broadband Features

  • Quality of Service Solutions Configuration Guide

  • Quality of Service Solutions Command Reference

Classification
Scheduling
Packet Drop
Traffic Shaping
ATM QoS
SNA QoS
Line Protocols

  • Cisco IOS Software Command Summary

  • Dial Solutions Quick Configuration Guide

  • System Error Messages

  • Debug Command Reference


Note The Cisco Management Information Base (MIB) User Quick Reference publication is no longer being published. For the latest list of MIBs supported by Cisco, see the Cisco Network Management Toolkit on Cisco Connection Online. Click on this path: Service & Support: Software Center: Network Mgmt Products: Cisco Network Management Toolkit: Cisco MIB.

Service and Support

For service and support for a product purchased from a reseller, contact the reseller. Resellers offer a wide variety of Cisco  service and support programs, which are described in the section "Service and Support" in the information packet that shipped with your product.


Note If you purchased your product from a reseller, you can access CCO as a guest. CCO is Cisco  Systems' primary real-time support channel. Your reseller offers programs that include direct access to CCO services.

For service and support for a product purchased directly from Cisco, use CCO.

Software Configuration Tips on the Cisco TAC Home Page

The following URL contains links and helpful tips on configuring your Cisco products: http://www.cisco.com/kobayashi/serv_tips.shtml. This URL is subject to change without notice. If it changes, point your browser to CCO and click on this path:

Products & Technologies: Products: Technical Tips

"Hot Tips" are popular tips and hints gathered from Cisco's Technical Assistance Center (TAC). Most of these documents are also available from the TAC's Fax-on-Demand service. To reach Fax-on-Demand and receive documents at your fax machine, call 888-50-CISCO (888-502-4726). From international areas, call 650-596-4408.

The following sections are provided from the Technical Tips page:

Cisco Connection Online

Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.

Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.

CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.

You can reach CCO in the following ways:

For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.


Note If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800  553-2447, 408  526-7209, or tac@cisco.com. To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800  553-6387, 408  526-7208, or cs-rep@cisco.com.

Documentation CD-ROM

Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it may be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also reach Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.

If you read Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.





hometocprevnextglossaryfeedbacksearchhelp
Posted: Thu Feb 4 14:21:13 PST 1999
Copyright 1989-1999©Cisco Systems Inc.