Guest

CiscoWorks Wireless LAN Solution Engine (WLSE)

Release Notes for the CiscoWorks Wireless LAN Solution Engine, Release 2.13 .1

  • Viewing Options

  • PDF (311.9 KB)
  • Feedback
Release Notes for the CiscoWorks Wireless LAN Solution Engine, Release 2.13.1

Table Of Contents

Release Notes for the CiscoWorks Wireless LAN Solution Engine, Release 2.13.1

New Features

Product Documentation

Documentation Updates

Rack Mounting Shelf not Included with WLSE Express

Additions to the User Guide for the CiscoWorks Wireless LAN Solution Engine

Additions to Online Help

Open and Resolved Caveats

WLSE Caveats

Obtaining Documentation

Cisco.com

Product Documentation DVD

Ordering Documentation

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Obtaining Technical Assistance

Cisco Technical Support & Documentation Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information


Release Notes for the CiscoWorks Wireless LAN Solution Engine, Release 2.13.1


August 21, 2006

These release notes are for use with the CiscoWorks Wireless LAN Solution Engine (WLSE) 2.13.1.

These release notes detail:

New Features

Product Documentation

Documentation Updates

Open and Resolved Caveats

Obtaining Documentation

Documentation Feedback

Cisco Product Security Overview

Obtaining Technical Assistance

Obtaining Additional Publications and Information

New Features

WLSE 2.13.1 supports:

Deployment on platforms: 1130, 1130-19, 1133 and 1030.

Cisco IOS software release 12.3(11)JA for AP1130, AP1240, BR1310 and BR1410.

Cisco IOS software release 12.3(8)JEA for AP350, AP1100, AP1210, AP1240, AP1130, BR1310, BR1410, and WLSM.

URL-based report export feature to users who have access privileges to WLSE Reports. Previously, access was restricted to the admin user only.


Note WLSE 2.13.1 supports only IOS access points.



Note Configuration for "NAC for MBSSID" is not provided through the WLSE GUI templates. You must use a custom template to configure NAC for MBSSID.


Product Documentation

You can access the WLSE online help by clicking the Help button in the top right corner of the screen or by selecting an option, then clicking the Help button. You can access the user guide from the online help by clicking the View PDF button.

The following product documentation is available for WLSE 2.13.1:

Table 1 Product Documentation 

Document Title
Available Formats

Installation and Configuration Guide for the 1030 CiscoWorks Wireless LAN Solution Engine Express

Describes how to install and configure the WLSE Express. Available in the following formats:

Printed document included with the product.

PDF on the WLSE Recovery CD-ROM.

On Cisco.com:

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/tsd_products_support_install_and_upgrade.html

Printed document available by order (part number DOC-17252=)1

Installation and Configuration Guide for the 1130-19 CiscoWorks Wireless LAN Solution Engine Express

Describes how to install and configure the WLSE. Available in the following formats:

Printed document included with the product.

PDF on the WLSE Recovery CD-ROM.

On Cisco.com:

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/tsd_products_support_install_and_upgrade.html

Printed document available by order (part number DOC-17251=)1

Installation and Configuration Guide for the 1133 CiscoWorks Wireless LAN Solution Engine Express

Describes how to install and configure the WLSE. Available in the following formats:

Printed document included with the product.

PDF on the WLSE Recovery CD-ROM.

On Cisco.com:

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/tsd_products_support_install_and_upgrade.html

Printed document available by order (part number DOC-17476=)

Regulatory Compliance and Safety Information for the 1030 CiscoWorks Wireless LAN Solution Engine Express

Provides regulatory compliance and safety information for the WLSE Express. Available in the following formats:

Printed document included with the product.

PDF on the WLSE Recovery CD-ROM.

On Cisco.com:

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/tsd_products_support_install_and_upgrade.html

Regulatory Compliance and Safety Information for the 1130-19 CiscoWorks Wireless LAN Solution Engine

Provides regulatory compliance and safety information for the WLSE. Available in the following formats:

Printed document included with the product.

PDF on the WLSE Recovery CD-ROM.

On Cisco.com:

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/tsd_products_support_install_and_upgrade.html

Regulatory Compliance and Safety Information for the 1133 CiscoWorks Wireless LAN Solution Engine

Provides regulatory compliance and safety information for the WLSE. Available in the following formats:

Printed document included with the product.

PDF on the WLSE Recovery CD-ROM.

On Cisco.com:

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/tsd_products_support_install_and_upgrade.html

User Guide for the CiscoWorks Wireless LAN Solution Engine

Describes WLSE features and provides instructions for using it. Available in the following formats:

From the WLSE online help.

PDF on the WLSE Recovery CD-ROM.

On Cisco.com:

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/products_user_guide_list.html

Upgrading CiscoWorks Wireless LAN Solution Engine Software

Describes the options available and how to upgrade to the WLSE system software to release 2.13. Available in the following formats:

From the WLSE online help.

On Cisco.com:

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/tsd_products_support_install_and_upgrade.html

FAQ and Troubleshooting Guide for the CiscoWorks Wireless LAN Solution Engine

Contains FAQs and troubleshooting information, and provides a table for all the faults displayed under Faults > Display Faults with explanations and possible actions. Available in the following formats:

From the WLSE online help.

On Cisco.com:

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/prod_troubleshooting_guides_list.html

Configuring Devices for Management by the CiscoWorks Wireless LAN Solution Engine

Contains procedures for converting non-IOS access points to IOS access points. Available in the following formats:

On Cisco.com:

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/products_installation_and_configuration_guides_list.html

Supported Devices Table for the CiscoWorks Wireless LAN Solution Engine

Lists the devices supported by WLSE. Available in the following formats:

On Cisco.com:

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/products_device_support_tables_list.html

Finding Documentation for the CiscoWorks Wireless LAN Solution Engine

Lists the documents associated with this release of WLSE. Available in the following formats:

Printed document included with product.

PDF on the WLSE Recovery CD-ROM.

On Cisco.com:

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/products_documentation_roadmaps_list.html

Finding Documentation for the CiscoWorks Wireless LAN Solution Engine Express

Lists the documents associated with this release of WLSE. Available in the following formats:

Printed document included with product.

PDF on the WLSE Recovery CD-ROM.

On Cisco.com:

http://www.cisco.com/en/US/products/ps6379/products_documentation_roadmaps_list.html

Configuring the CiscoWorks Wireless LAN Solution Engine TACACS+/RADIUS Authentication Using Cisco Secure ACS

Describes the procedure to configure the CiscoWorks Wireless LAN Solution Engine (WLSE) using ACS as a TACACS+/RADIUS authentication module.

On Cisco.com:

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/products_installation_and_configuration_guides_list.html

WLSE Express AAA Server Certificate Configuration Guide

Provides information about public key infrastructure (PKI) and Rabin-Shamir-Adelmann (RSA) certificates, how to generate certificates to be used with the WLSE Express, and how to configure AAA certificates to be used on WLSE-Express.

On Cisco.com:

http://www.cisco.com/en/US/products/ps6379/products_installation_and_configuration_guides_list.html

1 See Obtaining Documentation.


Documentation Updates

The latest version of the CiscoWorks Wireless LAN Solution Engine documentation and Online Help test does not include the following information. This information was first published in the Release Note for 2.13.1.

Rack Mounting Shelf not Included with WLSE Express

The Installation and Configuration Guide for the CiscoWorks Wireless LAN Solution Engine Express incorrectly lists a rack mounting shelf as an item included with the WLSE Express. However, the rack mounting shelf is not included and must be ordered separately.

Additions to the User Guide for the CiscoWorks Wireless LAN Solution Engine

Supported Browsers

Section should include:

"Java Plug-in release 1.5 is required. The Java Plug-in is used by certain WLSE features such as Location Manager and Real Time Graphs. The Java Plug-in can be installed from a third-party source such as Sun Microsystems."

"Mozilla should be replaced with Firefox release 1.06."

Deployment Wizard

Section should include:

"The roles and privileges assigned to your login determine whether you can use the Deployment Wizard. Select Admin > User Admin > Manage Roles, and make sure that both the Wizard > WLSE Wizard and Configure > Auto Update options are checked."

Additions to Online Help

Naming Guidelines

Should include:

"The pound (#) signs should not be used in the shared secret for RADIUS or TACACS+ authentication modules, which are defined under Admin > Appliance > Security > Authentication Modules."

Open and Resolved Caveats

Table 2 describes caveats known to exist in this release. Table 3 describes caveats resolved since the last release.


Note To obtain more information about known problems, access the Cisco Software bug Toolkit at http://www.cisco.com/cgi-bin/Support/Bugtool/home.pl. (You will be prompted to log into Cisco.com.)


WLSE Caveats

Table 2 Open Caveats in the WLSE  

Bug ID
Summary
Explanation

CSCeb36372

The Client Historical Association report does not contain a disassociation time.

The Client Historical Association report does not have information about the last time a client associated with the access point, the time it disconnected from the access point, the duration of the association, or the association state.

Workaround: No known workaround.

Note In the current release, only association times of a client are supported. Disassociation time of the client is not available in this release.

CSCec41188

You cannot add an access point-based LEAP server to the WLSE if it is already managed by WLSE.

You cannot add an access point-based LEAP/EAP-FAST server to WLSE if that access point is already being managed by WLSE. The WLSE views it as a duplicate device.

Workaround: No known workaround.

CSCef90440

A database exception occurs when creating jobs in multiple WLSE sessions.

When you try to create WLSE configuration templates in two separate browser windows simultaneously, one configuration template does not get saved.

Workaround: Create templates in a single browser window at one time.

CSCeh06754

Radio Monitoring is not enabled after rebooting a 350 access point.

Occasionally after rebooting a 350 access point, if you enter show wlccp ap rm, Radio Monitoring is not enabled on the access point even though it is enabled from WLSE.

Workaround: Re-enable Radio Manager from WLSE.

CSCsa60720

Location Manager loads with a previous version of jar file.

Workaround: Close all instances of your browser to clear the Java cache. Then relaunch your browser and relaunch Location Manager.

CSCsa79506

If a switch has multiple IP addresses, port suppression may fail.

If a switch has multiple IP addresses, port suppression might fail. In order for a switchport to be suppressed, the switch must be in the Managed state. If a switch has multiple IP addresses, WLSE stores only one IP address. If WLSE discovers the rogue on a different VLAN on the same switch with a different IP address (other than the one stored in WLSE), WLSE does not suppress the port because this IP address is not in the database.

Workaround: Manually suppress the switchport from the Rogue Details screen.

CSCsa93652

Backup data fails occasionally due to database locks.

The backup function occasionally does not work.

Workaround: Do the following:

Stop the services by entering

services stop

services status

Make sure the database is no longer running, and then restart the services by entering

services start

If the services do not restart after entering these commands, reboot the WLSE.

After restarting the WLSE, log into the WLSE and select Admin > Appliance > DIAGNOSTICS > Processes.

Check WirelessSvcMgr and click Stop.

Check WLSEjobvm and click Stop.

Check WLSEFaults and click Stop.

Make sure the processes actually stop; the green arrow pointing up should change to a red arrow pointing down.

After the processes have been stopped, perform the backup.

CSCsb64225

Replacement access point shows incorrect MAC address in Location Manager.

If you replace an access point with a different access point that has the same management IP address (but different MAC addresses), after reinventory of that access point, all reports show the new MAC addresses of the access point, but Location Manager still shows the old access point's MAC addresses.

Workaround: No known workaround.

CSCsb65071

An SNMP timeout occurs during access point radio scan jobs.

In some cases, you might get a "Not SNMP Accessible" error message on some access points during an AP Radio Scan even though the access point is SNMP reachable and the SNMP RW community string provided in WLSE is correct. During the start of the AP Radio Scan or in any of the following 8 power steps, WLSE gives an error message indicating that a particular interface is not SNMP accessible. A corresponding SNMP Timeout exception appears in the swan.log for the same access points.

Workaround: Do one of the following:

Reduce the number of access points in the AP Radio Scan job and then rerun the job.

Create a new radio scan job and include the access points that had SNMP errors, select some neighboring access points (for example, from the same floor, one floor above, or one floor below), then run the AP Radio Scan job.

CSCsb65711

Deleted and re-discovered devices do not get listed in Radio Monitoring.

After an access point is deleted then rediscovered, Radio Monitoring is not turned on for that access point.

Workaround: Select Radio Mgr > Radio Monitoring, select the access point, and turn on Radio Monitoring.

CSCsb69261

The 802.11a maximum power is not displayed correctly unless native power is enabled.

The 802.11a radio maximum transmit power for the UNII-2 (52-64) and UNII-3 (149-161) channels is incorrectly displayed as 30mW in the Location Manager GUI.

Workaround: Enable dot11 extension power native on the 802.11a radio interface by issuing the following configuration commands:

ap(config)#int d1

ap(config-if)# dot11 extension power native

CSCsb73871

WLSM-WDS does not get discovered after being deleted.

After you delete WLSM-WDS from WLSE, subsequent manual discovery and auto-discovery of WLSM-WDS fails.

Workaround: Reboot WLSE or stop and then start the services.

CSCsd23688

Changing the web timeout value starts another instance of Tomcat.

When you change the timeout value under Admin > Appliance > Time/NTP/Name/Web Timeout, another set of Tomcat processes are started but the previous processes are not terminated.

Workaround: Reload the WLSE after changing the web timeout value.

CSCsd33933

"Voice stream is rejected due to other reason" is not updated.

When you generate a report under Reports > Voice > AP Group Voice Stream Summary: Current, the third column of the report displays "Voice Streams Rejected Due To Insufficient Bandwidth."The last column of the report is supposed to display "Voice Streams Rejected Due To Other Reason," which can be any one of the following reasons:

The SSID is blocked for Admission Control.

There is an incorrect PHY rate

There is a TSPEC violation.

However, the report shows the voice streams rejected due to "TSPEC violation" only.

Workaround: Get the detailed reason for the voice stream rejections from the access point console using the CLI command show dot11 cac. This displays the CAC settings and statistics, including the reasons for the rejections.

CSCsd38274

TSM QoS threshold settings that are modified in the GUI are overwritten.

If you modify and save the TSM QoS Threshold settings under Faults > Voice QoS Settings, and if for any reason, the WLSE is restarted (or the services are stopped and restarted), the TSM QoS threshold settings you modified are overwritten by the system default values. This happens only if and when the WLSE is restarted (or when the services are stopped and restarted).

Workaround: No known workaround. You need to reset the threshold values after the WLSE is restarted.

CSCsd74705

Starting an upgrade from a WLSE 2.11, 2.12 or 2.13 base, on a slow link, and utilizing the MS Windows Repository method to upgrade may cause the upgrade to fail.

The Microsoft Windows Repository method first downloads the upgrade image from the Windows Server to the WLSE appliance. If this first transaction takes more than 15 minutes to complete, the actual upgrade never starts. Under normal link speeds, the download occurs in less than 15 minutes. The upgrade then has a chance to shut down the idle daemon while the upgrade runs.

Workaround:

1. Follow steps 1-7 under the Microsoft Windows Server Repository section in the WLSE-2.13-K9.readme-V1.txt file.

2. From the browser, manually disable the idle daemon before continuing with the upgrade as follows:

a. Select Admin > Appliance > Diagnostics > Processes.

b. Select WLSEIdleServer, then click Stop at the bottom of screen.

3. Continue with step 9 of the upgrade readme file.

CSCsd88985

View summary and actual polling intervals are different.

If you change the polling interval for the policies/thresholds, WLSE might show double-polling of the devices if the devices are polled frequently. The View Summary always displays the latest poll interval settings, but actual polling might happen based on an old interval as well as the new interval settings because of a large number of SNMP requests still in queue. This double-polling continues until all requests with the earlier interval settings are processed. After all earlier requests are processed, the SNMP polling uses the latest poll interval settings. Double-polling occurs on already enabled policies and thresholds only.

Workaround: Disable the policies/thresholds that are already enabled, then enable the policies/thresholds with new poll interval settings. This will clear all existing SNMP requests so that the new poll interval settings are used for the next request.

CSCse34104

AP Radio Scan scheduled job continues to run after job is changed to a run now.

If you schedule an AP radio scan job to run at a future date and time and to recur, and then you change the job to run now, the job continues to run at the scheduled time and continues to repeat.

Workaround: Stop and restart the services to clear the memory. Or you can leave the existing AP radio scan job as is and create a new AP radio scan to run now.

CSCse35092

Location Manager shows rogue fault reports with no reporting AP or client.

Location Manager might show rogue fault reports with no reporting AP or client if the Rogue AP is not detected for a length of time (for example, more than an hour).

Workaround: No known work around.

CSCse62962

Job fails if hostname command is present after changing device credentials.

When you create a Command Preview template with Admin Access security, issue the necessary commands and then apply the hostname command, WLSE tries to reconnect to the AP but the job fails if the commands applied before the hostname command changes the device credentials. The template should remove or modify the existing credentials from the device, which are added in the WLSE device credentials page, and the template should include hostname configuration.

Workaround: Re-run the failed job again or create separate templates for the following configurations:

Removing configured user/password from the device

Configuring hostnames

CSCse75262

CLI-based remote Radius authentication for Telnet is dysfunctional.

When the WLSE is configured for remote authentication with the failover option, Telnet logins do not fail over. You cannot login with the a locally-defined password using Telnet.

Workaround: No known workaround. This problem does not exist when using SSH.

CSCsf15690

Location Manager shows two non-supported antennas.

Two antennas shown on the Location Manager >Antenna Placement page, AIR-ANT2422DG-R and AIR-ANT5135DG-R, should not appear because they are not supported on WLSE 2.13.1. Do not use these antennas as they are non operational and not supported.

Workaround: No known work around.


Table 3 Resolved Problems in the WLSE  

Bug ID
Summary
Explanation

CSCsa94583

Config archive/firmware job fails when you disable IP HTTP on the AP.

WLSE archive/firmware jobs fail on APs that do not have an ip http server configuration. In addition, the AP firmware upgrade fails when the AP is connected to the WLSE's Ethernet0 interface and the AP is configured with an HTTP port other than port 80.

CSCsd46123

A Network Administrator could not create a new AAA User through GUI.

A user with the role Network Admin could not create new RADIUS users using the WLSE GUI. However, the user could be create new user accounts using CLI.

CSCsd66542

The date on some reports showed "dddd" for users other than the admin.

When a user other than admin accessed reports from the WLSE GUI, the date selection in Trend Reports and some of the Wireless Client Reports showed dddd for the year selection.

CSCsd69623

The WLSE 2.13 displays an error when you select IDS > Manage Network-Wide IDS Settings > Rogue AP Detection

The WLSE 2.13 generates an error when a non-Admin user with System Admin rights attempts to access IDS > Manage Network-Wide IDS Settings > Rogue AP Detection.

CSCsd87223

The WLSE 2.13 stopped sending traps and syslog messages when managing large numbers of access points.

When managing 500 or more access points, WLSE failed to send traps and syslog messages.

CSCsd91456

In prior releases, the WLSE Express generated errors when configured to monitor the embedded AAA server using PEAP.

When the embedded AAA server is configured to monitor the embedded AAA Server using PEAP, error messages appeared in the aaa-server log file.

This problem only occurred with externally-generated certificates. There was no problem when PEAP monitoring with the self signed certificates.

CSCse03735

Unable to apply template in some cases.

In some cases, WEP Encryption configuration in APs contradicts with template WEP configurations, and this causes the template configuration to applied incorrectly in the AP.

CSCse09163

In prior releases, the Configuration Archive option to export to file displayed a blank screen.

The export to file option under the Configuration Archive subtab displayed a blank screen if the archived configuration contained the following characters: backslash (\) or asterisk (*).

CSCse24311

WLSE 2.13 will not allow non-admin users access to Reports > Realtime.

When you select Reports > Realtime, you get an error message indicating that you do not have access.

CSCse30750

In prior releases, a configuration job which contained no encryption vlan <#> key <#> commands failed, and the following error was displayed: "Transmit key delete error: a new transmit key is required before deleting this one.''

In configuration jobs with commands to delete multiple keys, the WLSE deleted the keys in the listed order: 1, 2,3, 4. If the a command to delete the transmit key was configured in any position but last, the job failed.

CSCse40868

In prior releases, when you tried to access Real Time Graphs or Location Manager WLSE features, a warning message appeared indicating that the Verisign certificate had or would be expiring.

There were two workarounds for this outstanding caveat: (1) Click OK in the warning dialog box to continue working with the application -or- (2) Upgrade to WLSE release 2.13 or greater in which the caveat was resolved.

CSCse44054

In prior releases, CCO import failed.

For WLSE releases earlier than WLSE 2.13.1, when you tried to import an access point image into WLSE using the CCO (Cisco.com) option, you got a "login failed" error.

CSCse51958

Client information is not found in Per- VLAN Client Report.

On a WDS setup enabled in WLSE 2.13, the Per VLAN Client Report is empty for the clients.

CSCse52282

WLSE 2.13 does not push WDS config to AP after reset.

After you reset the WDS and backup WDS, WLSE does not push the Active WDS or backup WDS configuration to the APs.


Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/techsupport

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Product Documentation DVD

Cisco documentation and additional literature are available in the Product Documentation DVD package, which may have shipped with your product. The Product Documentation DVD is updated regularly and may be more current than printed documentation.

The Product Documentation DVD is a comprehensive library of technical product documentation on portable media. The DVD enables you to access multiple versions of hardware and software installation, configuration, and command guides for Cisco products and to view technical documentation in HTML. With the DVD, you have access to the same documentation that is found on the Cisco website without being connected to the Internet. Certain products also have PDF versions of the documentation available.

The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com users (Cisco direct customers) can order a Product Documentation DVD (product number DOC-DOCDVD=) from Cisco Marketplace at this URL:

http://www.cisco.com/go/marketplace/

Ordering Documentation

Beginning June 30, 2005, registered Cisco.com users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL:

http://www.cisco.com/go/marketplace/

Nonregistered Cisco.com users can order technical documentation from 8:00 a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by calling 011 408 519-5055. You can also order documentation by e-mail at tech-doc-store-mkpl@external.cisco.com or by fax at 1 408 519-5001 in the United States and Canada, or elsewhere at 011 408 519-5001.

Documentation Feedback

You can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com.

You can send comments about Cisco documentation to bug-doc@cisco.com.

You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Cisco Product Security Overview

Cisco provides a free online Security Vulnerability Policy portal at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

From this site, you can perform these tasks:

Report security vulnerabilities in Cisco products.

Obtain assistance with security incidents that involve Cisco products.

Register to receive security information from Cisco.

A current list of security advisories and notices for Cisco products is available at this URL:

http://www.cisco.com/go/psirt

If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:

http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a vulnerability in a Cisco product, contact PSIRT:

Emergencies — security-alert@cisco.com

An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered non-emergencies.

Non-emergencies — psirt@cisco.com

In an emergency, you can also reach PSIRT by telephone:

1 877 228-7302

1 408 525-6532


Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product to encrypt any sensitive information that you send to Cisco. PSIRT can work from encrypted information that is compatible with PGP versions 2.x through 8.x.

Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

The link on this page has the current PGP key ID in use.


Obtaining Technical Assistance

Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.

Cisco Technical Support & Documentation Website

The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, at this URL:

http://www.cisco.com/techsupport

Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do


Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.


Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447

For a complete list of Cisco TAC contacts, go to this URL:

http://www.cisco.com/techsupport/contacts

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

http://www.ciscopress.com

Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/packet

iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

or view the digital edition at this URL:

http://ciscoiq.texterity.com/ciscoiq/sample/

Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

Networking products offered by Cisco Systems, as well as customer support services, can be obtained at this URL:

http://www.cisco.com/en/US/products/index.html

Networking Professionals Connection is an interactive website for networking professionals to share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL:

http://www.cisco.com/discuss/networking

World-class networking training is available from Cisco. You can view current offerings at this URL:

http://www.cisco.com/en/US/learning/index.html