Last updated: February, 2009
• Drive business productivity with increased security, improved voice quality and functionality to the branch office, and enhanced Quality of Service (QoS)
• Deploy or upgrade IPv6, NetFlow, and associated management features
• Deploy small remote offices and teleworkers who depend on secure Internet access and corporate network connectivity
• Implement new content delivery features, network voice enhancements, improved security, and valuable management and deployment tools
Types of Cisco IOS Software Releases
Release 12.4 consolidates the new technology releases from the previous release family. For example, Release 12.4 is a consolidation of all features and hardware support in the Release 12.3T 1 family. Release 12.4 receives software fixes on regular basis, but no new features or hardware support.
Figure 1 shows the relationship between Release 12.4T and Release 12.4.
Figure 1. Release 12.4T and Release 12.4 Relationship
• First Commercial Shipment (FCS) is the date at which the release is first available to customers on Cisco.com
Figure 2 below shows the relationship between Major Release 12.4T, individual 12.4(n)T new feature releases, and ongoing maintenance (additional software fixes) through release rebuilds of individual 12.4T releases.
Figure 2. Major Release 12.4T and Individual 12.4(n)T Release Relationship
Cisco IOS Software Release Portfolio
Cisco IOS BGP Support for 4-byte Autonomous System Numbers (ASN)
The Cisco IOS BGP 4-byte ASN feature allows BGP to support the ASN encoded as a 4-byte entity. The addition of this feature allows an operator to use an expanded 4-byte AS number granted by IANA.
Application-Based Routing for Mobile Router (MR) Multi-Path Support
This feature extends existing MR Multi-Path routing support to enable static Access Control Lists (ACLs) and dynamic Policy-Based Routing (PBR) route-map commands to define unique traffic types and route these traffic classes over specified interfaces or paths. This feature enables you to bi-directionally define how specific traffic types should be routed across the multiple tunnels established between the MR and HA. The same ACL and PBR policies are used on both the MR and HA.
Web Services Management Agent (WSMA)
Web Services Management Agent (WSMA) allows customers, partners and developers to provision, configure, manage and adapt Cisco IOS devices using industry standard Web Services protocols. Combined with Extensible Markup Language (XML), Web Services provides secure, reliable and robust access to IOS using a familiar set of protocols already in use by the majority of customers and partners. WSMA leverages existing investments in IOS CLI as well as existing Web Services expertise and tools.
Smart Call Home Support for the Cisco 7200 Series Router
Smart Call Home is a powerful component of Cisco SMARTnet Service that offers proactive diagnostics, real-time alerts, and personalized web-based reports on select Cisco devices.
Cisco Unified Communications Manager Express and Cisco Unified SRST 7.1
Release 12.4(24)T provides a number of advanced Cisco Unified Communications Manager Express and Cisco Unified SRST features, including Single Number Reach (SNR), Whisper Intercom, SIP line side enhancements, CME/CUE user name/password synchronization, MLPP over PRI, enhanced BLF monitoring, SIP line side DND update, and video across SIP trunks between CMEs.
Per IPSec Tunnel Quality of Service (QoS)
This feature enables the DMVPN hub to dynamically allocate a QoS service policy for each spoke. The DMVPN hub can have multiple QoS policies for all the remote spokes. If QoS is configured, each spoke requests a QoS policy from the hub during Next Hop Resolution Protocol (NHRP) registration. This QoS service policy is applied on the hub in the outbound direction. A typical QoS policy provides multiple classes of service, including a priority queue for voice, and traffic shaping for the total bandwidth of all classes.
Cisco IOS Firewall Support for Trusted Relay Point
Cisco IOS firewall enhances security for Unified Communications (UC) by supporting Trusted Relay Point (TRP). This solution provides a trusted anchor within the network for seamless UC related services including media recording, QoS enforcement, and intelligent firewall traversal. Trusted Relay Point is a multi-functional architecture covering Quality of Service (QoS), Optimized Edge Routing (OER), and virtual network traversal. It eliminates the deep packet inspection and overhead associated with firewalling by signaling the firewall to permit traffic.
Advanced Embedded Management
– Cisco IOS Embedded Event Manager (EEM) Version 3.0: EEM is a powerful and flexible tool to automate tasks and customize the behavior of Cisco IOS and the operation of the device. Customers can use EEM to create and run programs or scripts directly on a router or switch. The scripts are referred to as EEM Policies and can be programmed using a simple CLI-based interface or using a scripting language called Tool Command Language (Tcl). EEM version 3.0 enhances performance, increases feature integration, adds new capabilities, and extends the flexibility, so EEM can be used in new and exciting ways.
– Flexible NetFlow Enhancements: Support for NetFlow v5 export format, TopTalkers CLI support, and Multicast statistics for IPv4.
Cisco 880SRST and 880G Integrated Services Routers
The Cisco 880SRST Series is ideal for small remote sites and teleworkers who need to be connected to larger Enterprises. These routers help extend corporate networks to secure remote sites while giving users access to the same applications found in a corporate office. The Cisco 880SRST Series routers offers WAN options like xDSL and Fast Ethernet (FE) WAN interface, a 4-port 10/100 FE managed switch with power over Ethernet, and the latest 802.11n Wireless LAN capability. In addition, the Cisco 880SRST Series offers 4 FXS ports, FXO or BRI for PSTN connectivity, and a 4 SRST user license.
The 880G Series with the 3G Wireless option offers a cost-effective, rapidly deployable, reliable and secure backup solution. In addition to 3G Wireless WAN, the Cisco 880G Series offers additional WAN options like xDSL and Fast Ethernet (FE) WAN interface, a 4-port 10/100 FE managed switch with VLAN support and the latest 802.11n Wireless LAN capability. The 880G Series supports the latest 3G standards (HSPA and EVDO Rev A) and are backward compatible with UMTS/EDGE/GPRS and EVDO Rev0/1xRTT respectively.
For additional information about the features available in Release 12.4(22)T, please visit: Cisco IOS Software Releases 12.4 T-Products & Services-Cisco Systems
Cisco IOS Service Diagnostics
Cisco IOS Service Diagnostics is an embedded feature that enables customers, partners and Cisco TAC engineers the ability to diagnose software and network neighborhood issues on Cisco platforms, minimizing troubleshooting time. It can be used to run diagnostic audits on the network and monitor device health and state.
Cisco IOS Content Filtering
Cisco IOS Content Filtering offers category-based productivity and security ratings. Content-aware security ratings protect against malware, malicious code, phishing attacks, and spyware. URL and keyword blocking help to ensure that employees are productive when accessing the Internet. This is a subscription-based hosted solution that leverages Trend Micro's global TrendLabs™ threat database, and is closely integrated with Cisco IOS. It is supported on routers running the Advanced Security image. Feature licenses can be purchased directly from the Cisco.com ordering tool or through your Cisco partner/account team.
Hierarchical Queuing Framework (HQF)
Cisco IOS Hierarchical Queuing Framework (HQF) enables customers to manage their QoS at multiple levels (physical interface level, logical interface level, and class level) of scheduling for applying QoS queuing and shaping. This provides the most comprehensive, granular, and flexible QoS network operating system architecture available in the industry today.
Cisco 860, 880, and 1861 Routers
The Cisco 860 and 880 are part of the Cisco 800 fixed-configuration router family and offer Internet access, security, and wireless services over broadband speeds onto a single, secure device that's simple to use and manage for small businesses. The Cisco 1861 Integrated Services Router, part of the Cisco 1800 Series Integrated Services Router portfolio, is a unified communications solution for small to medium size businesses and Enterprise branch offices that provides voice, data, voicemail, Automated-Attendant, video, and security capabilities while integrating with existing desktop applications such as calendar, email, and Customer Relationship Management (CRM) programs.
For additional information about the features available in Release 12.4(20)T, please visit: Cisco IOS Software Releases 12.4 T-Products & Services-Cisco Systems
• Cisco SOHO 90 Series
• Cisco 831, 836, 837, and 850 Series
• Cisco 1701, 1711, 1712, 1721, 1751, 1751-V, and 1760 Series
• Cisco 2610XM-2611XM, 2620XM-2621XM, 2650XM-2651XM, and 2691 Series
• Cisco 3631 and 3660 Series
• Cisco 3725 and 3745 Series
• Cisco 7400 Series
• Cisco AS5850 Universal Gateway
For more information refer to the following product bulletin: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps6968/ps6441/product_bulletin_c25_466578.html
Cisco IOS Auto-Upgrade Manager
Cisco IOS Auto-Upgrade Manager simplifies the Cisco IOS software upgrade process by providing a simple interface to specify, download, and upgrade (or downgrade) to a new Cisco IOS software image. Cisco IOS Auto-Upgrade Manager includes CLI-based management of automatic software downloads and upgrades. New software images can be automatically downloaded from Cisco with a valid Cisco.com login via SSL, or any other TFTP/FTP server in the user's network or elsewhere that contains the desired software image. The software upgrade can be schedule to occur immediately, or at a convenient future time using a "Warm-Upgrade" to minimize down time.
Bidirectional Forward Detection (BFD) Support for Cisco Integrated Services Routers
BFD is a detection protocol that is designed to provide fast forwarding path failure detection times for all media types. It provides a low-overhead, short-duration method of detecting failures in the forwarding path between two adjacent routers, including the interfaces, data links, and forwarding planes. BFD delivers fast router peer failure detection times independent of all media types, encapsulations, topologies, and routing protocols including EIGRP, IS-IS, OSPF, and BGP (single-hop peers over Ethernet interfaces).
Flexible Packet Matching (FPM)
Flexible Packet Matching (FPM) is the next-generation Access Control List (ACL) technology that provides flexible and rapid first line of defense against malicious traffic at the entry point into the network. It features powerful custom pattern matching deep within packet header or payload, minimizing inadvertent blocking of legitimate business traffic.
Intrusion Protection (IPS) and SSLVPN Enhancements
Cisco IOS IPS now supports signatures for many vulnerabilities found in Microsoft SMB (Server Message Block) and MSRPC (Microsoft Remote Procedure Call) protocols. New SSLVPN features in Cisco IOS Software Release 12.4(15)T include SSLVPN clientless performance and GUI enhancements, SSLVPN user-level bookmarking, and front door-VRF support.
Cisco 7201 Router
The Cisco 7201 Router is the latest generation of the Cisco 7200 Series Family. It is a compact, high performance Single Rack Unit (RU) router that uses the latest Cisco 7200VXR Network Processing Engine NPE-G2 coupled with a comprehensive range of interface options. Cisco 7201 provides four built-in Gigabit Ethernet ports and one port adapter (PA) slot which makes it ideal for various service providers and enterprise applications.
Layer 2 VPN Transport over MPLS
The fundamental benefit of an MPLS network is being able to support multitude of applications over a single infrastructure. Any Transport over MPLS (AToM) is Cisco's Layer 2 (L2) Virtual Private Network (VPN) over MPLS network solution. Prior to the availability of AToM, Enterprises and service providers had to build separate networks for providing L2 connectivity based on the subscriber's existing network encapsulation. AToM enables Enterprise and service providers to consolidate these different networks, resulting in significant capital (CAPEX) savings and reduced operational costs.
Enhanced MPLS Management for Layer 2 VPNs
Cisco IOS MPLS embedded management offers standards-based management capabilities for IP/MPLS networks, including PseudoWire (PW) connectivity supporting Layer-2 VPN services. In addition to RFC4379-based MPLS OAM capabilities for MPLS core networks, Cisco's industry leading MPLS management feature portfolio now also offers network operators detailed Layer-2 MPLS VPN resource monitoring and connectivity troubleshooting capabilities,
Enhanced Mobile IPv6 Authorization and Identity Support
The Mobile IPv6 Authentication Option Support feature provides a lightweight shared-key approach to authenticate an IPv6 mobility enabled endpoint, conserving processing power on mobile nodes and minimizing control message network bandwidth consumption between mobile nodes and home agents. Mobile IPv6 network access identifier support expands the number of authentication options by allowing mobile node to be identified by a network access identifier instead of an IP home address.
Group Encrypted Transport VPN
Group Encrypted Transport (GET) VPN, a next-generation WAN encryption technology, eliminates the need to compromise between network intelligence and keeping data private. GET VPN introduces a new IPSec-based security model that is based on the concept of "trusted" group members. Trusted member routers use a common security methodology independent of any point-to-point IPSec tunnel relationship. By utilizing trusted groups instead of point-to-point tunnels, meshed networks are able to achieve higher scalability while delivering network intelligence features such as QoS, routing, and multicast critical for voice and video quality.
Network Processing Engine G2 and VPN Service Adapter for the Cisco 7200 Series Router
The Cisco Network Processing Engine G2 (NPE-G2) addresses the demand for performance and flexibility by further increasing Cisco 7200 Series Router processing capacity and helping enable the latest Cisco IOS Software features. The Cisco VPN Services Adapter (VSA) for Cisco 7200 Series Routers provides high-performance encryption and key-generation services for IP Security (IPsec) VPN applications.
For additional information about the features available in Release 12.4(11)T, please visit: http://www.cisco.com/go/124tpb/
Cisco IOS Flexible NetFlow is the next-generation in IP flow monitoring technology allowing user configurable flow information to perform customized traffic identification and focused monitoring of specific network attributes. By optimizing the network infrastructure, it reduces operation costs, improves capacity planning and security incident detection with increased flexibility and scalability.
Integrated IP Communications
Cisco Unified CallManager Express (CME) 4.0 for the Cisco Integrated Services Routers (ISR) enables the deployment of a cost-effective, highly reliable IP communications system with a single Cisco ISR using Cisco IOS Software for Small/Medium Business applications. CME 4.0 provides new IP Communications capabilities, including Cisco VT Advantage for Video Telephony, IP Telephony registration across VPNs for Remote Teleworkers, and enhanced SIP Trunking for greater call control using the SIP protocol.
Enhanced HTTP and P2P Security
Cisco IOS Firewall enhances protection against network worms, HTTP vulnerabilities, and buffer overflows with HTTP Application Inspection (AI). New P2P (Peer to Peer) control capabilities support blocking or rate limiting these protocols for increased network availability and tighter network usage control. Cisco IOS Firewall also introduces session limits for inspected traffic to defend against DoS attacks and enable control of network resource utilization.
Faster Routing Protocol Convergence
Bidirectional Forwarding Detection (BFD) Echo Mode offers a fast (sub-second), protocol-independent method for detecting link failures to enable faster convergence of routing protocols and increased network availability.
For additional information about the features available in Release 12.4(9)T, please visit: http://www.cisco.com/go/124tpb/
Cisco IOS Security
Cisco IOS Firewall enhances network availability and simplifies management with Firewall Stateful Failover, Zone-Based Policy Configuration, and a Cisco Unified Firewall MIB. The integration of Cisco IOS Firewall, Cisco IOS Intrusion Prevention System, and Cisco IOS WebVPN on the Cisco Integrated Services Routers enables an integrated security solution for enterprise and service provider customers.
Cisco IOS WebVPN delivers comprehensive endpoint security with Cisco Secure Desktop by providing host assessment, protection against malicious software, post-session clean-up, and privacy. It integrates with firewall, access controls, intrusion prevention, and application control to offer a single-router solution for cost-effective SSL VPN.
With Resource Reservation Protocol (RSVP) Application ID and Cisco Unified Call Manager, RSVP Agent for Call Admission Control improves VoIP call quality by providing an integrated Call Admission Control and Quality of Service solution for voice and videoconferencing applications. RSVP Agent for Call Admission Control enables dynamic, guaranteed bandwidth reservation for voice or video traffic across networks with multi-tiered, meshed topologies with SIP, MGCP, SCCP, or H.323 signaling protocols.
Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv6 extends EIGRP to the next-generation IPv6 infrastructure, extending seamless IPv6 integration to EIGRP for IPv4 users in enterprise, public sector (ie: defense and government), and wireless environments.
For additional information about the features available in Release 12.4(6)T, please visit: http://www.cisco.com/go/124tpb/
The Cisco 1801, 1802, 1803 Integrated Services Routers provide a cost-effective, single-box solution for small, medium, and branch office applications with secure concurrent services for broadband access, including ADSL2/ADSL2+, wireless LAN connectivity (simultaneous 802.11a/b/g), and Redundant WAN Links.
Cisco IOS Flexible Packet Matching (FPM) is next-generation Access Control List (ACL) technology that provides a rapid first line of defense against malicious traffic at the entry point into the network. It features powerful custom pattern matching deep within a packet header or payload, minimizing inadvertent blocking of legitimate business traffic.
Application Firewall for Instant Messenger Traffic Enforcement reduces exposure to potential vulnerabilities from instant messenger clients. It offers flexible policy enforcement by enabling administrators to restrict user access to specific instant messenger services (ie: text chat, voice or video chat, and file transfer) and to ensure judicious use of network resources.
Cisco IOS IP Service Level Agreements (SLAs) for VoIP with Real Time Protocol extends the productivity, OpEx, and availability benefits of Cisco IOS IP SLAs to VoIP networks. Application-aware performance monitoring for VoIP networks measures call and voice statistics (ie: quality, jitter, delay, and frame loss) to facilitate network health, readiness, and troubleshooting.
Hot Standby Router Protocol (HSRP) for IPv6 increases network availability by extending the fault tolerance and fast switchover capabilities of HSRP to IPv6. This feature reduces protocol overhead and switchover times to just a few seconds, versus those available from the normal IPv6 Neighbor Discovery mechanisms.
NetFlow Reliable Export via Stream Control Transport Protocol ensures the integrity of accounting and billing information. It facilitates highly reliable NetFlow export via redundant NetFlow streams to minimize the effects of network congestion and packet loss.
For additional information about the features available in Release 12.4(4)T, please visit Release 12.3T New Features and Hardware, Product Bulletin No. 3001.
Cisco IOS Software Release Policy
Caveats describe unexpected behavior (ie: software defect) in Cisco IOS Software releases. Release notes include a list of resolved caveats from the most recent maintenance release, as well as a list of open caveats and any existing workaround.