Table Of Contents
Release Notes for
Cisco Configuration Professional 2.2
May 26, 2010
These release notes support Cisco Configuration Professional (Cisco CP) version 2.2. They should be used with the documents listed in the "Related Documentation" section.
These release notes are updated as needed. To ensure that you have the latest version of these release notes, go to http://www.cisco.com/go/ciscocp. In the Support box, click General Information > Release Notes, and then find the latest release notes for your release.
This document contains the following sections:
Cisco CP is a GUI-based device management tool for Cisco access routers. Cisco CP simplifies router, firewall, Intrusion Prevention System, VPN, unified communications, WAN, and basic LAN configuration through GUI-based, easy-to-use wizards. Cisco CP is installed on a PC.
Routers that are ordered with Cisco CP are shipped with Cisco CP Express installed in router flash memory. Cisco CP Express is a light weight version of Cisco CP, that you can use to configure LAN and WAN interfaces and minimal IOS security features.
This sections describes PC and router system requirements. It contains the following parts:
PC System Requirements
Table 1 lists the system requirements for a PC running Cisco CP. Although the Cisco CP application requires Java Runtime Error (JRE) to run, the Cisco CP Express application included with Cisco CP can run under the native Java Virtual Machine in the supported browsers and JRE.
Router System Requirements
Router System Requirements are described in the following parts:
Table 4 lists the phones that Cisco CP supports:
Supported Network Modules
Supported Interface Cards
Table 7 lists the interface cards that Cisco CP supports.
Supported Adapters, Processing Engines, and Service Engines
Table 8 lists the adapters, processing engines, and service engines that Cisco CP supports.
Cisco IOS Releases
Cisco CP is compatible with the Cisco IOS releases listed in Table 9.
Determining the Cisco IOS Release
To determine the release of Cisco IOS software currently running on your Cisco router, log in to the router and enter the show version EXEC command. The following sample output from the show version command indicates the Cisco IOS release on the second output line:Router> show versionCisco Internetwork Operating System SoftwareIOS (tm) C1700 Software (c1700-k8sv3y7-mz) Version 12.2(13)ZH
Required IP Address Configuration Information
Table 10 provides the required IP address configuration for the PC. Use this information to complete the section "Task 4: Configure the IP Address On the PC" in the Cisco Configuration Professional Quick Start Guide.
Router Configuration Requirements
To run Cisco CP, a router configuration must meet the requirements shown in Table 11.
The default configuration file meets all Cisco CP requirements. The default configuration file has the name cpconfig-model_number.cfg. For example, the configuration file for the Cisco 860 and Cisco 880 routers is cpconfig-8xx.cfg.
Cisco CP Ordering Options
Table 12 describes the ordering options under which Cisco CP can be ordered. Cisco CP Express is a product that is shipped in router flash memory when the router is ordered with Cisco CP.
New and Changed Information
This section contains new information about Cisco CP, and any information about Cisco CP that has changed.
This section contains the following parts:
New and Changed Features
Cisco CP 2.2 supports the following new features:
•3G Feature Enhancements - In addition to supporting HWIC—3G—HSPA, HWIC—3G—HSPA—A, HWIC—3G—HSPA—G, and PCEX—3G—HSPA—x for 88xG series ISRs, Activation command change without SID and NID, ESN format, and PPP PDP are supported in Cisco CP 2.2
•Cisco Unity Express configuration - Cisco CP has disabled automatic initialization of Cisco Unity Express 8.x. Instead, you can use the Cisco Unity Express Configuration screen to configure Call Agent, hostname, domain name, DNS IP address, time zone, and NTP.
•Conferencing Enhancements - Earlier, Cisco CP supported configuring ad-hoc conferencing. In Cisco CP 2.2 MeetMe conferencing is also supported.
•Content Filtering Enhancements - The status of content filtering license activation and digital certificate is displayed before you launch the wizard. The two types of content filtering are category based filtering and web sense or secure computing.
•Demo Mode - Click the Cisco Configuration Professional (Demo) option in the Start menu to launch demo mode. The dashboard is populated with three devices. The devices supported are 800 series, ISR-G2 with licensing, and 1861 wireless. You can discover any or all of the three devices. You cannot create, edit, or delete community or add a new device to a community in demo mode.
•Dial Plan Enhancements - Earlier Cisco CP could only read dial peers created through Cisco CP. In Cisco CP 2.2, the dial plan feature can handle all types and combinations of dial plans configured by you.
•EnergyWise - The EnergyWise feature allows you to:
–Modify power levels on specific hardware modules or components.
–Schedule capabilities where the user can change the power level on a one-time basis or maintain a recurrent schedule.
–Assign a device to a domain specifying EnergyWise attributes.
–Perform interface-level power configuration.
–Support SIP/H323 Pass through
The following enhancements are supported in Cisco CP 2.2:
–Configuring firewall for SIP Application Inspection and configuring rate-limit feature for SIP messages. Configuring firewall for inspection of H.323v4 Annex E and Annex G packets and configuring rate-limit feature for H.323 messages. Even if firewall is configured in the device, we can delete the policies associated with the firewall and switch to the other type firewall.
–Configuring firewall to support inspection of locally generated or locally terminated SCCP traffic.
•GUI Enhancements - Earlier, only Zone Firewall user interface was displayed if the IOS image supported Zone Firewall. In Cisco CP 2.2, it is possible to switch from Zone Firewall to Classic Firewall and vice versa. If a firewall is configured on the router, you can delete the policies associated with that firewall and switch to the other firewall. In Cisco CP 2.2 it is also possible to list the protocols in the Firewall Rule user interface by alphabet or by category.
•IOS IPS Enhancements - Cisco CP detects the status of IPS license activation and allows you to load the signature packages on the router. Cisco CP provides the URL from which to download the license and the path for the license feature.
Note Only licensed signature packages require the license to load the signature.
•Module Management Enhancements - SRE/SM support for WAN Optimization and Service Module support for Video Surveillance are provided in Cisco CP 2.2.
•Rollback Feature - Rollback feature is used to revert the entire set of CLIs executed as part of one configuration and restore the router to the state seen before executing the set of CLIs. The restore happens irrespective of whether the commands were successfully pushed to the device or not. Rollback is available for offline-online transition, template, and bulk import features. Rollback is not available for Cisco Unity Express.
•WAN Optimization Enhancements - Earlier basic discovery and configuration support was provided for WAAS modules. In Cisco CP 2.2, initial setup and application management for WAAS modules are also supported.
New Hardware Support
The new devices supported are:
The new interface cards supported are:
Limitations and Restrictions
This section describes restrictions and limitations that may apply to Cisco CP. It contains the following parts:
Cisco CP Minimum Screen Resolution
Cisco CP requires a screen resolution of at least 1024 x 768.
Restrictions for Cisco 7204VXR, Cisco 7206VXR, and Cisco 7301 Routers
The following restrictions apply to Cisco CP running on Cisco 7204VXR, Cisco 7206VXR, and Cisco 7301 Routers:
•The Cisco CP Express application is not supported. You must use the Cisco IOS CLI to give the router an initial configuration that will enable you to connect to the router using a browser.
•WAN configuration is not supported. Cisco CP supports configuration of Ethernet and Fast Ethernet interfaces.
•The Cisco CP Reset feature is not available.
•No default configuration file is supplied. To run Cisco CP, you must provide a configuration that includes the commands necessary to support operation of Cisco CP.
Cisco CP and Internet Explorer 8
In some systems (Windows XP and Windows Vista), with IE8 installed, Cisco CP may not work as expected. This is due to a reported IE 8 caching issue.
IE8 reinstall or clearing the cache does not help. Any Flash based application like Cisco CP will see this issue.
A workaround today is to create another user account with appropriate privileges and run Cisco CP in that user account.
JRE Settings for Cisco CP
The following JRE settings are needed for CCP to function properly:
Step 1 Go to Start > Control Panel > Java.
Step 2 Click View under Java Applet Runtime Settings.
Step 3 Select your JRE in use.
Step 4 Set the "Java runtime parameters" with the value "-Xmx256m -Dsun.java2d.d3d=false".
In addition, if JRE is upgraded to versions 1.6.0_11 or above, following settings are needed after Cisco CP installation.
Step 1 Go to Start > Control Panel > Java > Advance.
Step 2 Select "Java Plug-in" tree.
Step 3 Uncheck the check box for Enable next-generation Java Plug-in.
Step 4 Restart Cisco CP.
This section contains important information for Cisco CP. It contains the following sections:
Cisco IOS Enforces One-Time Use of Default Credentials
To address CSCsm25466, Cisco IOS images included with recent shipments of Cisco 800, Cisco 1800, Cisco 2800, and Cisco 3800 routers, enforce the one-time use of the default user name and password provided in the Cisco CP configuration file. If you bypass Cisco CP or Cisco CP Express and use a console or Telnet connection to log into the router, the login and exec banners warn you that you must change the user name "cisco" and password "cisco" before you log off of the router. If you do not change the credentials as directed, you will not be able to log on to the router the next time that you attempt to do so.
The following Cisco IOS releases enforce the one-time use of the default credentials:
•12.4(11)T or later
•12.4(11)SW, 12.4(11)SW1, 12.4(11)XV, 12.4(11)XJ
Follow the procedure in this section to secure the router by creating a new username and password, to remove the login banner and exec banner warnings, and to save the configuration changes to the router startup configuration.
Note If you login to the router using a Telnet or a console connection but do not complete the steps in this procedure, be aware of the following:
•If you do not change the default username and password, and then log off the router, you will not be able to log into the router again without entering the reload command. No additional warning is given before you log off.
•If you do not change the default username and password, but do enter the write memory command before ending the session, future logins will be disabled. In this case, you will need to follow the password recovery procedure at the following link:
To secure the router, remove the banner warnings and save the changes to the router startup config, complete the following steps:
Step 1 Connect the light blue console cable, included with your router, from the blue console port on your router to a serial port on your PC. Refer to your router's hardware installation guide for instructions.
Step 2 Connect the power supply to your router, plug the power supply into a power outlet, and turn on your router. Refer to your router's quick start guide for instructions.
Step 3 Use HyperTerminal or a similar terminal emulation program on your PC, with the terminal emulation settings of 9600 baud, 8 data bits, no parity, 1 stop bit, and no flow control, to connect to your router.
Step 4 When prompted, enter the username cisco, and password cisco.
Step 5 Enter configuration mode by entering the following command:yourname# configure terminal
Step 6 Create a new username and password by entering the following command:yourname(config)# username username privilege 15 secret 0 password
Replace username and password with the username and password that you want to use.
Step 7 Remove the default username and password by entering the following command:yourname(config)# no username cisco
Step 8 To remove the login banner, enter the following command:yourname(config)# no banner login
The login banner warning will no longer appear.
Step 9 To remove the exec banner, enter the following command:yourname(config)# no banner exec
The exec banner warning will no longer appear.
Step 10 Leave configuration mode, by entering the following command:yourname(config)# end
Step 11 Copy the configuration changes to the startup configuration by entering the following command:yourname# copy running-config startup-config
When logging into the router in the future, use the username and password that you created in Step 6.
Cisco CP Merge and Replace Configuration Functions Fail Under Some Conditions
The problem described here is caveat CSCsj21989. If you attempt to merge configuration changes made using the Cisco CP Config Editor feature, or replace the running configuration with a configuration from the Config Editor, the router configuration will not be changed if there is a network device with a Network Address Translation (NAT) IP address, or a cache engine in the connection between the PC and the router. If you need to make changes to the router configuration that you would normally make using the Cisco CP Config Editor, use the Cisco IOS CLI instead.
Cisco CP Security Dashboard May Display Threats Unrelated to Your Cisco IOS IPS Installation
Some (or all) of the top threats you obtain using the Cisco CP Security Dashboard may not pertain to your Cisco IOS IPS installation. After you deploy the signatures applicable to the top threats displayed by the Cisco CP Security Dashboard, the dashboard may still display some (or all) top threats with a red icon because applicable signatures could not be found. Those remaining top threats are unrelated to your Cisco IOS IPS installation and not a danger to your router running Cisco IOS software.
Cisco CP May Lose Connection to Network Access Device
This note concerns the Network Admission Control (NAC) feature.
If the PC used to invoke Cisco CP returns a posture state (Healthy, Infected, Checkup, Quarantine, or Unknown) and if the group policy on the ACS server attached to the posture token assigned to the PC has a redirect URL configured, the connection between Cisco CP and the router acting as the Network Access Device (NAD) may be lost. The same problem can occur if an exception list entry attached to a policy with a redirect URL is configured with the IP address or MAC address of the PC.
If you try to reinvoke Cisco CP from this PC, you will not be able to do so because the browser will be redirected to the location specified in the redirect URL.
There are two workarounds for this problem:
•Ensure that the PC that you use to invoke Cisco CP attains a posture token which has an associated group policy on the ACS server that is not configured with a redirect URL.
•Alternatively, use Cisco CP to create a NAC exception list entry with the IP address or MAC address of the PC you use to invoke Cisco CP. Note that the exception list entry created for the PC should be associated to an exception policy which does not have a redirect URL configured in it.
For more information, see the links in the Cisco CP NAC online help pages.
Popup Blockers Disable Cisco CP Online Help
If you have enabled popup blockers in the browser you use to run Cisco CP, online help will not appear when you click the help button. To prevent this from happening, you must disable the popup blocker when you run Cisco CP. Popup blockers may be enabled in search engine toolbars, or may be standalone applications integrated with the web browser.
Microsoft Windows XP with Service Pack 2 blocks popups by default. In order to turn off popup blocking in Internet Explorer, go to Tools > Pop-up Blocker > Turn Off Pop-up Blocker.
If you have not installed and enabled third-party pop up blockers, go to Tools >Internet Options > Privacy, and uncheck the Block popups checkbox.
Disable Proxy Settings
Cisco CP will not start when run under Internet Explorer with proxy settings enabled. To correct this problem, choose Internet Options from the Tools menu, click the Connections tab, and then click the LAN settings button. In the LAN Settings window, disable the proxy settings.
Security Alert Dialog May Remain After Cisco CP Launches
When Cisco CP is launched using HTTPS, a security alert dialog box that informs you of possible security problems and asks you if you want to proceed with program launch may appear. This can happen if the router does not have the following global configuration command in the running configuration:ip http timeout-policy idle 600 life 86400 requests 10000
Screencasts for Cisco CP Features
Instead of online help, we have provided screencasts for the following Cisco CP 2.2 features:
•Adhoc and MeetMe Conferencing
These screencasts are located at: http://www.cisco.com/en/US/docs/net_mgmt/cisco_configuration_professional/scrcst/ccpsc.html
You must have Internet access to view the screencasts.
Cisco Configuration Professional Is Already Running Message
If Cisco CP has not been shut down properly, and you try to relaunch it, you may see the following message: "Cisco Configuration Professional is already running. Only one occurrence can run at a time." To correct this problem and relaunch Cisco CP, do the following:
Step 1 Press Ctrl Alt Delete, and click Task Manager.
Step 2 In the Windows Task Manager dialog, click Processes.
Step 3 In the Image Name column, highlight the processes CiscoCP.exe, CiscoCPEngine.exe, IEC2.exe, and SplashScreen.exe.
Step 4 Click End Process.
Step 5 Wait for 30 seconds and then restart Cisco CP.
Discovery Never Completes
Because of Microsoft Windows Java caching issues, Cisco CP is sometimes unable to complete discovery of a device. To fix this issue, complete the following steps:
Step 1 Choose Application > Exit to shut down Cisco CP.
Step 2 Close all existing IE windows.
Step 3 Go to Start > Control Panel > Java. The General tab is displayed.
Step 4 In the Temporary Internet Files box, click Delete Files.
Step 5 In the displayed dialog, leave all file types checked, and click OK.
Step 6 Click OK in the Java control panel to close it.
Step 7 Restart Cisco CP.
Caveats describe unexpected behavior in Cisco CP. This section contains the following:
Table 13 lists caveats that are open in Cisco CP 2.2
Table 14 lists caveats that are resolved in Cisco CP 2.2.
Table 14 Resolved Caveats in Cisco CP 2.2
Bug ID Summary
Location to download SDM IPS packages needs to be changed.
match-all command not supported in IOS version 15.0.
Table 15 describes the related documentation available for Cisco CP.
Note For information on obtaining documentation and technical assistance, product security, and additional information, see What's New, which also lists new and revised documents each month.
HWIC—High-Speed WAN Interface Card
HSPA—High-Speed Packet Access
HSPA—A—High-Speed Packet Access for Americas
HSPA—G—High-Speed Packet Access for Global
SID—System Identification Number
NID—Network Identification Number
ESN—Electronic Serial Numbers
PDP—Packet Data Protocol (PDP)
PPP—Point-to-Point Protocol (PPP) PDP type
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
CCDE, CCENT, CCSI, Cisco Eos, Cisco Explorer, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco TrustSec, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco and/or its affiliates in the United States and certain other countries.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/web/siteassets/legal/trademark.html. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)