Products & Services

Training & Events

Partner Central

Hierarchical Navigation

HOME
- SUPPORT
  - PRODUCT SUPPORT
    - CISCO INTERFACES AND MODULES
      - CISCO SERVICES MODULES
        GENERAL INFORMATION
        RELEASE NOTES
        Release Note for the Cisco Anomaly Guard Module (Software Version 4.0)

Cisco Services Modules

Release Note for the Cisco Anomaly Guard Module (Software Version 4.0)

Downloads

Release Note for the Cisco Anomaly Guard Module (Software Version 4.0)

Table Of Contents

Release Note for the Cisco Anomaly Guard Module

Contents

Maximum Number of Modules Supported in a Catalyst 6500 Chassis

Caution When Upgrading the Software

Software Version 4.0(2) Open Caveats

Related Documentation

Obtaining Documentation, Obtaining Support, and Security Guidelines

Release Note for the Cisco Anomaly Guard Module

April 22, 2005

Note The most current Cisco documentation for released products is also available on Cisco.com. The online documents may contain updates and modifications made after the hardcopy documents were released.

Contents

This release note applies to software version 4.0(2) for the Cisco Anomaly Guard Module (Guard module). The Cisco Catalyst 6500 Series Switch and the Cisco 7600 Router support the Guard module.

•The Catalyst 6500 requires IOS 12.2(18)SXD3 or later to support the Guard module.

•The 7600 Router require IOS 12.2(18)SXE or later and a SUP720 to support the Guard module.

This release note contains the following sections:

•Maximum Number of Modules Supported in a Catalyst 6500 Chassis

•Caution When Upgrading the Software

•Software Version 4.0(2) Open Caveats

•Related Documentation

•Obtaining Documentation, Obtaining Support, and Security Guidelines

Maximum Number of Modules Supported in a Catalyst 6500 Chassis

The Catalyst 6500 9-slot chassis supports a combined maximum of eight Anomaly Guard modules and Traffic Anomaly Detector modules. You can install a maximum of eight Guard modules or a maximum of four Detector modules in a single chassis in any combination for a total of eight modules.

A Catalyst 6500 13-slot chassis supports a combined maximum of six Anomaly Guard modules and Traffic Anomaly Detector modules. You can install a maximum of four Guard modules or a maximum of four Detector modules in a single chassis in any combination for a total of six modules.

Caution When Upgrading the Software

Do not press Ctrl-C during the upgrade process or the upgrade may fail.

Software Version 4.0(2) Open Caveats

The following caveats are open in the Guard module software version 4.0(2):

•CSCrh01198—After you reload the Guard, it erases the default gateway if the gateway is on the same subnet as one of the Guard configured VLAN interfaces. Workaround: Use a static route instead of a default gateway.

•CSCrh01574—The Guard does not clear the User-filter counters after you enter the renumber command. This may lead to erroneous filter counter display. Workaround: Disregard rate information for a maximum of 20 seconds after filter re-enumeration.

•CSCuk53037—When a zombie attack occurs on several zones, the list of the reported zombie
IP addresses of one zone may include zombie IP addresses from another zone.

•CSCuk54606—When activating a zone (that is, issuing the protect or the learning commands), the Guard displays the following error message even if the configuration is correct and the Guard diversion is working properly:
no injection path 
The Guard could display this message if it does not have a default injection route and the zone injection definition consists of two or more injection routes with an IP address that does not match the zone IP address. For example, a zone IP address of 192.168.254.0/24 and zone injection routes of 192.168.254.0/25 and 192.168.254.128/25. Workaround: Configure a default injection route for the Guard or configure the zone injection routes to match the zone IP addresses. For example, if you configure the injection routes to be 192.168.254.0/25 and 192.168.254.128/25, configure the zone IP addresses to be the same.

•CSCsa64914 - The name of the Flexible Filter Drop Count counter in the Web-Based Management Zone>Configuration>General menu should be Flexible Filter Drop Rate. This counter accurately displays the drop rate of the flex-filter. The General menu also contains the Flexible Filter Action and Flexible Filter Count fields. When the Flexible Filter Action value is displayed as:

–Drop - the Flexible Filter Count value displays the number of dropped packets

–Count - the Flexible Filter Count value displays the number of counted packets

Related Documentation

The following documentation is available for the Cisco Anomaly Guard Module:

•Cisco Anomaly Guard Module and Traffic Anomaly Detector Module Installation Note

•Cisco Anomaly Guard Module Configuration Guide

•Cisco Anomaly Guard Module Web-Based Management Configuration Guide

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

.