Table Of Contents
Release Notes for Cisco Application eXtension Platform (AXP) 1.1.7
Cisco AXP Software Development Files
Upgrading and Downgrading to a New Software Release
Upgrading from Cisco AXP 1.1.5 to Cisco AXP 1.1.7
Downgrading from Cisco AXP 1.1.7
Determining the Software Version
Basic Safeguards for Securing AXP Router/Blade
Resolved Caveats- Cisco AXP Version 1.1.7
Modified Commands in Cisco AXP 1.1.7
Obtaining Documentation, Obtaining Support, and Security Guidelines
Release Notes for Cisco Application eXtension Platform (AXP) 1.1.7
October 7, 2009Revised: October 7, 2009, OL-14273-01These release notes support the software for the Cisco Application eXtension Platform (AXP). To see if your software or hardware platforms are affected, view the field notices for Cisco IOS software version 12.4 (T) at http://www.cisco.com/warp/public/tech_tips/index/cfn.html. (You need to have an account on cisco.com to view the field notices.)
Contents
•
Basic Safeguards for Securing AXP Router/Blade
•
•
System Requirements
This section describes the system requirements for Cisco Application eXtension Platform Version 1.1.7 and includes the following sections:
•
•
Cisco IOS Software Release
Cisco AXP 1.1.7 supports routers with the following Cisco IOS releases.
•
–
–
–
–
Download the image from:
Supported Hardware
Files in Cisco AXP 1.1.7
Download Cisco AXP files from the following location:
http://www.cisco.com/public/sw-center/access/axp/117.shtml
Files in Cisco AXP 1.1.7 are explained in the following sections:
•
Cisco AXP Product Files
Cisco AXP product files for AIM and NME service modules:
•
•
Cisco AXP Product Files for AIM Service Modules
Compressed archive axp-k9.aim.1.1.7.tar.gz contains all package files associated with Cisco AXP on AIM service modules. The package files are shown in .
Cisco AXP Product Files for NME Service Modules
Compressed archive axp-k9.nme.1.1.7.tar.gz contains all package files associated with Cisco AXP on NME service module. The package files are shown in Table 1.
Cisco AXP Software Development Files
Cisco AXP software development files:
•
•
•
•
Cisco AXP Software Development Kit (SDK)
Compressed archive axp-sdk.1.1.7.tar.gz contains the Cisco AXP Software Development Kit (SDK) for all service modules.
Cisco AXP Software Development Files for VMware
Compressed archive axp-k9.vmw.1.1.7.tar.gz contains the Cisco AXP Software Development Files for VMware.
The package files are shown in Table 2.
Cisco AXP Software Development Files for Add-ons on AIM Service Modules
Compressed archive axp-k9.aim.addon.1.1.7.tar.gz contains Cisco AXP software development files for add-ons on AIM service modules. The package files are shown in Table 3.
Cisco AXP Software Development Files for Add-ons on NME Service Modules
Compressed archive axp-k9.nme.addon.1.1.7.tar.gz contains Cisco AXP software development files for add-ons on NME service modules. The package files are shown in Table 4.
Upgrading and Downgrading to a New Software Release
Upgrading from Cisco AXP 1.1.5 to Cisco AXP 1.1.7
To upgrade from Cisco AXP 1.1.5 and higher versions to Cisco AXP 1.1.7 with applications packaged with the 1.1.5/1.1.7 SDK:
a.
The FTP directory contains a package file such as (axp-k9.nme.1.1.7.pkg or axp-installer.k9.aim.1.1.7.prt1) and
a corresponding payload file (axp-k9.nme.1.1.7.prt1 or axp-k9.aim.1.1.7.prt1) with other add-on packages.b.
Note
For upgrading and downgrading various software versions on Cisco AXP, refer to the Cisco Application eXtension Platform 1.1 Command Reference and the Cisco Application eXtension Platform 1.1 User Guide.
After upgrading to Cisco AXP 1.1.7, verify that the system is running on Cisco AXP 1.1.7.
Downgrading from Cisco AXP 1.1.7
To downgrade to Cisco AXP 1.1.5 with applications packaged with the 1.1.5 SDK:
–
Note
Determining the Software Version
To determine the version of Cisco AXP software currently running on your Cisco AXP service module, log into the service module, and enter the show software version EXEC command.
The following sample output from the show software version command indicates the version number on the first output line.
Application eXtension Platform (AXP) version (1.1.7)Technical Support: http://www.cisco.com/techsupport/ Copyright (c) 1986-2009 by Cisco Systems, Inc.Limitations and Restrictions
For Cisco AXP 1.1.7 and lower versions, issuing the do command through the Cisco AXP IOS Service API, always returns "OK". If the do command works or fails, the return value is always the same—"OK".
However, issuing the do command through a Cisco IOS CLI console session returns the correct error messages when the do command fails.
Basic Safeguards for Securing AXP Router/Blade
In order to improve the security of your system, we suggest the following actions:
•
•
Following this safeguard ensures that users attempting a privileged CLI operation need to go through #enable mode and password authorization.
•
Caveats for Cisco AXP
Caveats describe unexpected behavior or defects in Cisco software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.
Note
•
Resolved Caveats- Cisco AXP Version 1.1.7
•
•
•
•
•
•
This notice addresses vulnerability in the AXP techsupport support shell EXEC mode CLI. Specifically, "awk" and "more" utilities have been removed from the shell to plug mechanisms within those utilities that permit escaping from the "restricted" shell environment to "unrestricted" mode that may potentially allow full access to AXP guest/host file systems.
Future AXP releases may reinstate the removed "awk" and "more" utilities by disabling the mechanisms that permit escapes out of the restricted shell environment.
•
Modified Commands in Cisco AXP 1.1.7
The following command has been modified in Cisco AXP 1.1.7.
techsupport support shell
To enter a restricted shell environment containing a limited set of diagnostic utilities used to troubleshoot the AXP system, use the techsupport support shell command in Cisco AXP EXEC mode.
techsupport support shell
Command Default
None
Command Modes
Cisco AXP EXEC
Command History
1.1
This command was Introduced.
1.1.7
The awk and more keywords were removed.
Usage Guidelines
In Cisco AXP EXEC mode, use this command to enter a shell that provides a set of diagnostic utilities as well as read-only access to the /var/log directory. When in the shell, type "help" to list the utilities provided by this shell. Type "exit" to exit the shell. The techsupport support shell command does not allow the following diagnostic commands to be used: awk, more.
Examples
The following example shows the use of help to display the list of utilities and viewable directories.
se-192-1-1-137> techsupport support shellSaving session script in: techshell_session.logThis is a restricted shell environment with a limited set of commandsuseful to technical support personnel for diagnosing the system.Type "help" or ? to find out the list of TechSupport commands.Type "exit" or Cntrl-D to exit.techsupport> helpTechSupport commands available:df free head ls mpstat pidstat sort top vmstatcat du grep iostat netstat ps tail traceroute wcTechSupport directories viewable:/var/logtechsupport>The next example shows the use of grep to filter startup messages in messages.log.
techsupport> grep startup /var/log/messages.log08/08/10 15:56:42 system_startup: rsrc_file:/etc/aim_rsrc_file08/08/10 15:56:42 system_startup: Populating resource values from /etc/aim_rsrc_file08/08/10 15:56:43 system_startup: rsrc_file:/etc/default_rsrc_file08/08/10 15:56:43 system_startup: Populating resource values from /etc/default_rsrc_file08/08/10 15:56:44 system_startup: rsrc_file:/etc/products/apphosting/aim_rsrc_fileFor help using any of the given utilities, please type the name of the utility followed by --help.Related Commands
show tech-support
Displays a summary of the diagnostic information for the application.
Related Documentation
The following sections describe the documentation available for the Cisco Application eXtension Platform and Cisco ISRs. Typically, these documents consist of hardware and software installation guides, Cisco IOS configuration and command references, system error messages, feature modules, and other documents for Cisco IOS Release.
Use these release notes with the documents listed in the following sections:
Software Documents
The following documents are specific to Cisco Application eXtension Platform. They are also listed in the Support section at: http://www.cisco.com/en/US/products/ps9701/index.html.
•
•
•
•
•
•
Platform-Specific Documents
Hardware installation guides, configuration and command reference guides, and additional documents specific to the Cisco ISR routers are available at:
Cisco Integrated Service Routers
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation. This guide lists all new and revised Cisco technical documentation. You can also subscribe to the guide using an RSS feed.
Notices
The following notices pertain to this software license.
OpenSSL/Open SSL Project
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
This product includes software written by Tim Hudson (tjh@cryptsoft.com).
License Issues
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.
OpenSSL License:
Copyright © 1998-2007 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1.
2.
3.
4.
5.
6.
"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS"' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).
Original SSLeay License:
Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
The implementation was written so as to conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).
Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1.
2.
3.
"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)".
The word `cryptographic' can be left out if the routines from the library being used are not cryptography-related.
4.
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flip Video, Flip Video (Design), Flipshare (Design), Flip Ultra, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Store, and Flip Gift Card are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0907R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2008-2009, Cisco Systems, Inc. All rights reserved.
Guest
