Cisco IOS Software Releases 11.3

Table Of Contents

Release Notes for Cisco uBR7200 Series
Routers for Cisco IOS Release 11.3 NA

Contents

Introduction

Cisco Data-over-Cable Products

Cisco uBR7223 Universal Broadband Router

Cisco uBR7246 Universal Broadband Router

Cisco uBR904 Cable Modem

Early Deployment Releases

System Requirements

Memory Requirements

Hardware Supported

Determining the Version of Your Software Release

Upgrading to a New Software Release

Feature Set Tables

New and Changed Information

No New Software Features in Cisco IOS Release 11.3(11)NA

No New Software Features in Cisco IOS Release 11.3(10)NA

New Software Features in Cisco IOS Release 11.3(9)NA

Quality of Service Profile Enforcement

Upstream Traffic Shaping

New Software Features in Cisco IOS Release 11.3(8)NA

Per-Modem and Per-Host Access List Support

New Hardware Features in Cisco IOS Release 11.3(7)NA

Cisco uBR7223 Universal Broadband Router

New Hardware Features in Cisco IOS Release 11.3(6)NA

Cable Router Line Card (MC16)

New Software Features in Cisco IOS Release 11.3(5)NA

Additional or Changed Show Commands

Burst Profile Configuration

Cable Modem and Multicast Authentication using RADIUS

DHCP Relay Subscriber ID Insertion

Downstream Quality of Service Handling Compliant to MCNS Requirements

Encrypted Baseline Privacy Key Exchange

Improved and Extended Command-Line Interface

Improved MAC Scheduler

Improved Parameter Configuration

Improved Upstream Quality of Service

MIB Enhancements

Quality of Service Configuration

Read/Create Implementation of Quality of Service Table

Spectrum Management Enhancements

New Software Features in Cisco IOS Release 11.3(4)T

IP Type of Service and Precedence for GRE Tunnels

New Software Features in Cisco IOS Release 11.3(3)T

Named Method Lists for AAA Authorization and Accounting

Automated Double Authentication

Microsoft Point-to-Point Compression (MPPC)

Multiple ISDN Switch Types

National ISDN Switch Types for BRI and PRI

VPDN MIB and Syslog Facility

Additional Vendor-Proprietary RADIUS Attributes

New Hardware Features in Cisco IOS Release 11.3(2)XA

Cable Line Cards (MC11)

Cisco uBR7246 Universal Broadband Router

No New Features in Cisco IOS Release 11.3(1)

Important Notes

Cisco IOS Release 11.3 NA End of Sales and End of Engineering

Previously Documented cable spectrum-group shared Command Not Supported At This Time

Enabling IPX Routing

Forwarding of Locally Sourced AppleTalk Packets

Removed Bridging Command

Missing Source-Route Bridging Commands

New TACACS+ Attribute-Value (AV) Pair

Configuring VPDN

Cisco IOS Syslog Failure

Affected Devices and Software Releases

Solution

Workarounds

Software Versions and Fixes

Deprecated MIBs

Caveats

Open Caveats—Release 11.3(11)NA

Miscellaneous

Resolved Caveats—Release 11.3(11)NA

Basic System Services

DECnet

EXEC and Configuration Parser

IBM Connectivity

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

VINES

Wide-Area Networking

Related Documentation

Release-Specific Documents

Platform-Specific Documents

Feature Modules

Cisco IOS Software Documentation Set

Documentation Modules

Release 11.3 Documentation Set

Service and Support

Software Configuration Tips on the Cisco Technical Assistance Center Home Page

Cisco Connection Online

Documentation CD-ROM

Release Notes for Cisco uBR7200 Series
Routers for Cisco IOS Release 11.3 NA

---

August 9, 1999

These release notes for the Cisco uBR7200 series universal broadband routers describe new features and significant software components that are supported by Cisco IOS Release 11.3 NA, up to and including Release 11.3(11)NA. Cisco IOS Release 11.3(11)NA is based on Cisco IOS Release 11.3. These release notes are updated as needed to describe new features, new memory requirements, new hardware support, and other important information regarding the operation of Cisco uBR7200 series routers.

For a list of software caveats that apply to Release 11.3(11)NA, see the "Cisco IOS Syslog Failure" section of this document. Also see the Caveats for Cisco IOS Release 11.3 T document located on Cisco Connection Online (CCO) and the Documentation CD-ROM. This caveats document is updated for every Cisco IOS maintenance release.

Use these release notes with the Release Notes for Cisco uBR904 Cable Modem for Cisco IOS Release 11.3 NA and the cross-platform Release Notes for Cisco IOS Release 11.3, both of which are located on CCO and the Documentation CD-ROM.

Contents

These release notes cover the following topics:

•Introduction

•System Requirements

•New and Changed Information

•Important Notes

•Cisco IOS Syslog Failure

•Related Documentation

•Service and Support

•Cisco Connection Online

•Documentation CD-ROM

Introduction

This section contains information about the Cisco uBR7200 series universal broadband routers and Early Deployment Releases (ED) for the Cisco uBR7200 series routers.

Cisco Data-over-Cable Products

The Cisco data-over-cable products—the Cisco uBR7223 universal broadband router, the Cisco uBR7246 universal broadband router, and the Cisco uBR904 cable modem—are based on the Multimedia Cable Network Partners, Ltd. (MCNS) specifications. MCNS is a consortium of cable television companies whose goal is to create standards for interoperable data-over-cable systems.

For more information about the Cisco uBR7200 universal broadband routers, see the "New and Changed Information" section.

The Cisco uBR7200 series universal broadband routers consist of the CIsco uBR7223 and the Cisco uBR7246.

Cisco uBR7223 Universal Broadband Router

The Cisco uBR7223 universal broadband router is a cost-effective, scalable interface between subscriber cable modems and the backbone data network, and is designed specifically for small- to medium-sized network installations. The Cisco uBR7223 is based on the Cisco uBR7246.

Cisco uBR7246 Universal Broadband Router

The Cisco uBR7246 universal broadband router is designed to allow two-way transmission of digital data over a hybrid fiber coaxial (HFC) cable network. The Cisco uBR7246 supports Internet Protocol (IP) routing with a wide variety of protocols and any combination of Ethernet, Fast Ethernet, High-Speed Serial Interface (HSSI), and Asynchronous Transfer Mode (ATM) media. The Cisco uBR7246 gives cable operators a cost-effective, scalable, and feature-rich interface between subscriber cable modems and the backbone data network.

Cisco uBR904 Cable Modem

The Cisco uBR904 cable modem is the subscriber unit, a fully-functional Cisco IOS router that is installed within the subscriber's small office or home office and functions as the interface between the subscriber's personal computer and the cable operator's network.

For more information on the Cisco uBR904 cable modem, see the "Platform-Specific Documents" section.

Early Deployment Releases

These release notes describe the Cisco uBR7200 series universal broadband routers for Cisco IOS Release 11.3(11)NA. Release 11.3 NA is an Early Deployment (ED) release based on Release 11.3, and delivers fixes to software caveats and support for new Cisco hardware.

briefly describes the features and availability of ED releases for the Cisco uBR7200 series universal broadband routers.

Table 1 Early Deployment Releases for the Cisco uBR7246

ED Release	Maintenance Release	Availability	Additional Software Features	Additional Hardware Features
Release 11.3 NA	11	Now	—	—
Release 11.3 T	11	Now	—	—
Release 12.0 XI	4	Now	Features from Release 11.3 NA	•MC16C Modem Card
Release 12.0 T	5	Now	Features from Release 12.0(4)XI	•MC16C Modem Card

System Requirements

These system requirements for Release 11.3(11)NA include the following sections:

•Memory Requirements

•Hardware Supported

•Determining the Version of Your Software Release

•Upgrading to a New Software Release

•Feature Set Tables

Memory Requirements

describes the memory requirements of the Cisco IOS feature sets for the Cisco uBR7200 series universal broadband routers for Release 11.3(11)NA. Cisco uBR7200 universal broadband routers are shipped with a 16- or 20-MB Flash memory card.

Table 2 Memory Requirements for the Cisco uBR7200 Series Universal Broadband Routers

Feature Sets	Image Name	Software Image	Required Flash Memory	Required DRAM Memory	Runs From	Feature History
MCNS Two-Way Standard Feature Set	MCNS Two-way	ubr7200-p-mz	16 MB Flash	32 MB DRAM	RAM	Added in Release 11.3(1)T
	MCNS Two-way with VPN/NAT	ubr7200-ps-mz	16 MB Flash	32 MB DRAM	RAM	Added in Release 11.3(6)NA
	MCNS Two-way with Baseline Privacy	ubr7200-klp-mz	16 MB Flash	32 MB DRAM	RAM	Encryption image added in Release 11.3(6)NA
	MCNS Two-way with Baseline Privacy and VPN/NAT	ubr7200-klps-mz	16 MB Flash	32 MB DRAM	RAM	Encryption image added in Release 11.3(6)NA

Hardware Supported

Cisco IOS Release 11.3(11)NA supports these Cisco uBR7200 universal broadband routers:

•Cisco uBR7223

•Cisco uBR7246

For detailed descriptions of the new hardware features, see the "New and Changed Information" section.

Cisco IOS Release 11.3(11)NA also supports the available MC11 and MC16 cable line cards:

•MC11 cable modem line cards provide connection to the HFC network, offering one upstream port and downstream port. The cable modem card slots are numbered from top to bottom. These card slots are slot 3, slot 4, slot 5, and slot 6.

•MC16 cable modem line cards provide connection to the HFC network, offering six upstream ports and one downstream port.

For more information on the MC11 and MC16 cable modem line card software, see the "New and Changed Information" section.

summarizes the hardware supported on the Cisco uBR7200 series universal broadband routers.

Table 3 Supported Interfaces on the Cisco uBR7200 Series Universal Broadband Routers  

Interface, Network Module, or Data Rate	Product Number1	Description	Platforms Supported	In2
ATM	PA-A1-OC3MM	1-port ATM OC-3c/STM-1 multimode port adapter	Cisco uBR7200 series routers	11.3(8)NA and later 11.3 NA releases, 12.0(3)T and later 12.0 T releases
	PA-A1-OC3SMI	1-port ATM OC-3c/STM-1 single-mode intermediate reach port adapter	Cisco uBR7200 series routers	11.3(8)NA and later 11.3 NA releases, 12.0(3)T and later 12.0 T releases
	PA-A2-4E1XC-E3ATM	5-port ATM CES3 (4 E1 120-ohm CBR4 ports and 1 E3 ATM port) port adapter	Cisco uBR7246 only	12.0(3)T and later 12.0 T releases
	PA-A2-4E1XC-OC3SM	5-port ATM CES (4 E1 120-ohm CBR ports and 1 OC-3 ATM single-mode port) port adapter	Cisco uBR7246 only	12.0(3)T and later 12.0 T releases
	PA-A2-4T1C-OC3SM	5-port ATM CES (4 T1 CBR ports and 1 OC-3 ATM single-mode port) port adapter	Cisco uBR7246 only	12.0(3)T and later 12.0 T releases
	PA-A2-4T1C-T3ATM	5-port ATM CES (4 T1 CBR ports and 1 T3 ATM port) port adapter	Cisco uBR7246 only	12.0(3)T and later 12.0 T releases
	PA-A3-E3	1-port ATM, PCI-based E3 port adapter	Cisco uBR7200 series routers	12.0(3)T and later 12.0 T releases
	PA-A3-OC3MM	1-port OC-3c/STM-1 multimode port adapter	Cisco uBR7200 series routers	12.0(3)T and later 12.0 T releases
ATM	PA-A3-OC3SMI	1-port OC-3c/STM-1 single-mode, intermediate reach port adapter	Cisco uBR7200 series routers	12.0(3)T and later 12.0 T releases
	PA-A3-OC3SML	1-port OC-3c/STM-1 single-mode, long reach port adapter	Cisco uBR7200 series routers	12.0(3)T and later 12.0 T releases
	PA-A3-T3	1-port ATM, PCI-based DS3 port adapter	Cisco uBR7200 series routers	12.0(3)T and later 12.0 T releases
Ethernet	PA-4E	4-port Ethernet 10BaseT port adapter	Cisco uBR7200 series routers	11.3(8)NA and later 11.3 NA releases, 12.0(3)T and later 12.0 T releases
	PA-8E	8-port Ethernet 10BaseT port adapter	Cisco uBR7200 series routers	11.3(8)NA and later 11.3 NA releases, 12.0(3)T and later 12.0 T releases
	PA-FE-FX	1-port 100BaseFX Fast Ethernet port adapter	Cisco uBR7200 series routers	11.3(8)NA and later 11.3 NA releases, 12.0(3)T and later 12.0 T releases
	PA-FE-TX	1-port 100BaseTX Fast Ethernet port adapter	Cisco uBR7200 series routers	11.3(8)NA and later 11.3 NA releases, 12.0(3)T and later 12.0 T releases
High-Speed Serial Interfaces (HSSI)	PA-H	1-port HSSI port adapter	Cisco uBR7200 series routers	11.3(8)NA and later 11.3 NA releases, 12.0(3)T and later 12.0 T releases
	PA-2H	2-port HSSI port adapter	Cisco uBR7200 series routers	12.0(3)T and later 12.0 T releases
Packet-Over- SONET (POS)	PA-POS-OC3MM	1-port POS OC3 multimode port adapter	Cisco uBR7200 series routers	12.0(3)T and later 12.0 T releases
	PA-POS-OC3SMI	1-port OC3 single-mode, intermediate reach port adapter	Cisco uBR7200 series routers	12.0(3)T and later 12.0 T releases
	PA-POS-OC3SML	1-port POS OC-3 single-mode, long reach port adapter	Cisco uBR7200 series routers	12.0(3)T and later 12.0 T releases
Serial	PA-2E3	2-port E3 serial port adapter	Cisco uBR7200 series routers	12.0(3)T and later 12.0 T releases
	PA-2T3	2-port T3 serial port adapter	Cisco uBR7200 series routers	12.0(3)T and later 12.0 T releases
	PA-4E1G-75	4-port unbalanced (75-ohm) E1-G.703/G.704 synchronous serial port adapter	Cisco uBR7200 series routers	12.0(3)T and later 12.0 T releases
	PA-4E1G-120	4-port balanced (120-ohm) E1-G.703/G.704 synchronous serial port adapter	Cisco uBR7200 series routers	12.0(3)T and later 12.0 T releases
	PA-4T+	4-port synchronous serial port adapter	Cisco uBR7200 series routers	11.3(8)NA and later 11.3 NA releases, 12.0(3)T and later 12.0 T releases
	PA-8T-232	8-port EIA/TIA-232 synchronous serial port adapter	Cisco uBR7200 series routers	11.3(8)NA and later 11.3 NA releases, 12.0(3)T and later 12.0 T releases
	PA-8T-V35	8-port V.35 synchronous serial port adapter	Cisco uBR7200 series routers	11.3(8)NA and later 11.3 NA releases, 12.0(3)T and later 12.0 T releases
	PA-8T-X21	8-port X.21 synchronous serial port adapter	Cisco uBR7200 series routers	11.3(8)NA and later 11.3 NA releases, 12.0(3)T and later 12.0 T releases
Serial	PA-E3	1-port E3 serial port adapter	Cisco uBR7200 series routers	12.0(3)T and later 12.0 T releases
	PA-MC-E3	1 multi-channel E3, medium-speed serial interface	Cisco uBR7200 series routers	12.0(3)T and later 12.0 T releases
	PA-MC-T3	1 multichannel T3 interface with BNC connectors	Cisco uBR7200 series routers	12.0(3)T and later 12.0 T releases
	PA-T3	1-port T3 serial port adapter	Cisco uBR7200 series routers	12.0(3)T and later 12.0 T releases

1 Refer to the Documentation CD-ROM or http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com for the most current list of supported port adapters. 2 The number in the "In" column indicates the Cisco IOS release when the interface was first introduced. If a cell in this column is empty, the interface was included in the initial base release. 3 CES = circuit emulation service. 4 CBR = constant bit rate.

Determining the Version of Your Software Release

To determine the version of Cisco IOS software currently running on the Cisco uBR7200 series universal broadband router, log in to the router and enter the show version EXEC command. The IOS version number is indicated on the second line as indicated in the sample output shown below:

router> show version

Cisco Internetwork Operating System Software 

IOS (tm) uBR7200 Software (ubr7200-p-mz), Version 11.3(10)NA, RELEASE SOFTWARE

The output includes additional information such as processor revision numbers, memory amounts, hardware IDs, and partition information.

Upgrading to a New Software Release

At the time of this printing, no product bulletins are available for upgrading to Cisco IOS Release 11.3 NA. For generic information on updating to a new Cisco IOS software release, see the Cisco IOS Software Release Upgrade Paths and Packaging Simplification product bulletin located on CCO. From the CCO home page, click on this path:

Service & Support: Product Bulletins: Software

Under Cisco IOS 11.3, click on Cisco IOS Software Release 11.3 Upgrade Paths (#703: 12/97).

Feature Set Tables

The Cisco IOS software is packaged in feature sets consisting of software images. Each feature set contains a specific set of Cisco IOS features.

Table 4 lists the Cisco IOS software feature sets available for the Cisco uBR7200 series universal broadband routers in Cisco IOS Release 11.3(10)NA.

Table 4 Feature Sets Available for the Cisco uBR7200 Series Universal Broadband Routers

Feature Set	Software Image	Feature Set Matrix Term	Image Name
IP Routing Standard Feature Set	MCNS Two-way	Basic1	ubr7200-p-mz
	MCNS Two-way with VPN/NAT	Basic, VPN/NAT2	ubr7200-ps-mz
	MCNS Two-way with Baseline Privacy	Basic, Baseline Privacy3	ubr7200-klp-mz
	MCNS Two-way with Baseline Privacy and VPN/NAT	Basic, Baseline Privacy, VPN/NAT	ubr7200-klps-mz

1 This feature is offered in the Basic feature set. 2 This feature is offered with VPN/NAT functionality. 3 This feature is offered in the encryption feature sets that consist of 56-bit DES (k1) data encryption feature sets.

---

Caution   

Cisco IOS images with strong encryption (including, but not limited to 168-bit (3DES) data encryption feature sets) are subject to United States government export controls and have limited distribution. Strong encryption images to be installed outside the United States are likely to require an export license. Customer orders may be denied or subject to delay due to United States government regulations. When applicable, purchaser/user must obtain local import and use authorizations for all encryption strengths. Please contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com.

---

lists the features and feature sets available for the for the Cisco uBR7200 series universal broadband routers in Cisco IOS Release 11.3(11)NA . This tables uses the following conventions:

•Yes—The feature is supported in the feature set.

•No—The feature is not supported in the feature set.

•In—This column indicates the maintenance release in which the feature was introduced. For example, (3) means a feature is introduced in 11.3(3)T, and (6)NA means a feature was introduced in 11.3(6)NA. If this cell in this column is empty, this feature was introduced in the initial release.

Table 5 Feature List by Feature Set for the Cisco uBR7200 Series Universal Broadband Routers for Cisco IOS Release 11.3 (10)NA 

Feature	Software Images by Feature Set
	In	MCNS Two-way	MCNS Two-way with VPN/NAT	MCNS Two-way with Baseline Privacy	MCNS Two-way with Baseline Privacy and VPN/NAT
Internet
DRP Server Agent	(3)	Yes	Yes	Yes	Yes
IP Routing
Easy IP (Phase 1)	(3)	Yes	Yes	Yes	Yes
Hot Standby Router Protocol (HSRP) over ISL in Virtual LAN Configurations	(3)	Yes	Yes	Yes	Yes
IP Type of Service and Precedence for GRE Tunnels	(4)	Yes	Yes	Yes	Yes
IP Enhanced IGRP Route Authentication	(3)	Yes	Yes	Yes	Yes
TCP Enhancements, including: •TCP Selective Acknowledgment •TCP Timestamp	(3)	No	No	No	No
LAN Support
AppleTalk Access List Enhancements		No	No	No	No
DECnet Accounting		No	No	No	No
IPX Named Access Lists		No	No	No	No
IPX SAP-after-RIP		No	No	No	No
NLSP Enhancements		No	No	No	No
NLSP Multicast Support		No	No	No	No
Management
Improved and Extended Command Line Interface, including: •Additional or Changed Show Commands •Burst Profile Configuration •DHCP Relay Subscriber ID Insertion •Improved MAC Scheduler •Improved Parameter Configuration	(5)NA	No	Yes	Yes	Yes
Cisco Call History MIB Command Line Interface	(3)	Yes	Yes	Yes	Yes
Cisco IOS Internationalization	(3)	Yes	Yes	Yes	Yes
Entity MIB, Phase 1	(3)	Yes	Yes	Yes	Yes
MIB Enhancements	(5)NA	No	Yes	Yes	Yes
SNMPv2C	(3)	Yes	Yes	Yes	Yes
Spectrum Management Enhancements
Virtual Profiles	(3)	Yes	Yes	Yes	Yes
Multimedia
IP Multicast Load Splitting across Equal-Cost Paths	(3)	Yes	Yes	Yes	Yes
IP Multicast over ATM Point-to-Multipoint Virtual Circuits	(3)	Yes	Yes	Yes	Yes
IP Multicast over Token Ring LANs	(3)	Yes	Yes	Yes	Yes
Stub IP Multicast Routing	(3)	Yes	Yes	Yes	Yes
Quality of Service
Downstream QoS Handling	(5)NA	No	Yes	Yes	Yes
Upstream Traffic Shaping	(9)NA	No	Yes	Yes	Yes
Improved Upstream QoS	(5)NA	No	Yes	Yes	Yes
QoS Configuration	(5)NA	No	Yes	Yes	Yes
QoS Profile Enforcement	(9)NA	No	Yes	Yes	Yes
Read/Create Implementation of QoS	(5)NA	No	Yes	Yes	Yes
RTP Header Compression	(3)	Yes	Yes	Yes	Yes
Security
Automated Double Authentication	(3)	Yes	Yes	Yes	Yes
Cable Modem and Multicast Authentication using RADIUS	(5)NA	No	Yes	Yes	Yes
Encrypted Baseline Privacy Key Exchange	(5)NA	No	Yes	Yes	Yes
Encrypted Kerberized Telnet		No	No	No	No
HTTP Security	(3)	Yes	Yes	Yes	Yes
Named Method Lists for AAA Authorization & Accounting	(3)	Yes	Yes	Yes	Yes
Per-Modem and Per-Host Access List Support	(8)NA	Yes	Yes	Yes	Yes
Per-User Configuration	(3)	Yes	Yes	Yes	Yes
Reflexive Access Lists	(3)	Yes	Yes	Yes	Yes
TCP Intercept		No	No	No	No
Vendor-Proprietary RADIUS Attributes	(3)	Yes	Yes	Yes	Yes
Switching
AppleTalk Routing over ISL and IEEE 802.10 in Virtual LANs		No	No	No
CLNS and DECnet Fast Switching over PPP		No	No	No	No
DECnet/Vines/XNS over ISL, including: •Banyan VINES Routing over ISL Virtual LANs •DECnet Routing over ISL Virtual LANs •XNS Routing over ISL Virtual LANs		No	No	No	No
Fast-Switched Policy Routing	(3)	Yes	Yes	Yes	Yes
IPX Routing over ISL Virtual LANs		No	No	No	No
VIP Distributed Switching Support for IP Encapsulated in ISL		No	No	No	No
Terminal Services
Virtual Interface Template Service		No	No	No	No
Virtual Templates for Protocol Translation		No	No	No	No
WAN Optimization
ATM MIB Enhancements		No	No	No	No
PAD Enhancements		No	No	No	No
PAD Subaddressing	(3)	Yes	Yes	Yes	Yes
WAN Services
Bandwidth Allocation Control Protocol (BACP)	(3)	Yes	Yes	Yes	Yes
Enhanced Local Management Interface (ELMI)	(3)	Yes	Yes	Yes	Yes
Frame Relay Enhancements	(3)	Yes	Yes	Yes	Yes
Frame Relay MIB Extensions	(3)	Yes	Yes	Yes	Yes
Frame Relay Router ForeSight	(3)	Yes	Yes	Yes	Yes
ISDN Advice of Charge		Yes	Yes	Yes	Yes
ISDN Caller ID Callback		Yes	Yes	Yes	Yes
ISDN Multiple Switch Type		Yes	Yes	Yes	Yes
ISDN NFAS		Yes	Yes	Yes	Yes
LANE Per-subinterface Debug Messages		No	No	No	No
Layer 2 Forwarding—Fast Switching		No	No	No	No
Leased-Line ISDN at 128 kbps		No	No	No	No
MPPC		Yes	Yes	Yes	Yes
Multilink PPP Interleaving and Fair-Queuing Support		No	No	No	No
National ISDN Switch Types for BRI and PRI	(3)	Yes	Yes	Yes	Yes
PPP over ATM		No	No	No	No
Telnet Extensions for Dialout		No	No	No	No
VPDN MIB and Syslog Facility	(3)	Yes	Yes	Yes	Yes
VPDN Tunnel Lookup Based on Dialed Number Information		No	No	No	No
X.25 Enhancements		Yes	Yes	Yes	Yes
X.25 on ISDN		No	No	No	No
X.25 Switching between PVCs and SVCs	(3)	Yes	Yes	Yes	Yes
X.28 Emulation		No	No	No	No

Optional feature set licenses for Cisco uBR7200 series universal broadband routers are as follows:

•WAN Packet Protocols

•ATM DXI

•Frame Relay switching

•Frame Relay SVC support (DTE)

•Frame Relay traffic shaping

•SMDS over ATM

•X.25

•X.25 switching

•Interdomain Routing

•BGP

•BGP4—Includes soft configuration, multipath support, and prefix filtering with inbound route maps

•EGP for Internet scale routing

New and Changed Information

The following sections list the new features supported by the Cisco uBR7200 series universal broadband routers in Cisco IOS Release 11.3 NA.

No New Software Features in Cisco IOS Release 11.3(11)NA

No new features were introduced for the Cisco uBR7200 series universal broadband routers in Cisco IOS Release 11.3(11)NA.

No New Software Features in Cisco IOS Release 11.3(10)NA

No new features were introduced for the Cisco uBR7200 series universal broadband routers in Cisco IOS Release 11.3(10)NA.

New Software Features in Cisco IOS Release 11.3(9)NA

The following software enhancements were introduced in Cisco IOS Release 11.3(9)NA and are available for the Cisco uBR7200 series universal broadband routers.

Quality of Service Profile Enforcement

The Quality of Service (Qos) Profile Enforcement feature allows cable modem termination system (CMTS) operators to override the provisioned service class of a cable modem at the time of registration, with a CMTS local-static quality of service profile.

QoS Profile Enforcement allows CMTS operators to control the QoS from the CMTS, thereby eliminating any interference from improper local-rate limiting implemented on the cable modem. The CMTS provisions a registering cable modem with a default Data-Over-Cable Service Interface Specification (DOCSIS) 1.0 service class that is assigned by the operator. This service class has no upstream or downstream rate limits. When the modem sends data upstream, it makes bandwidth requests without throttling or dropping packets because of its own rate policing algorithm. The CMTS does traffic shaping based on the QoS profile enforced by the operator.

Upstream Traffic Shaping

The Upstream Traffic Shaping feature allows the cable modem termination system (CMTS) to perform upstream rate shaping on the DOCSIS upstream channel.

With traffic shaping, the CMTS can buffer the grants for rate-exceeded cable modems. This grant buffering at the CMTS avoids TCP-related timeouts and retransmits resulting in an improved TCP throughput performance for the rate-exceeded modems. Thus, shaping enables the CMTS to enforce the peak upstream rate for the cable modem without degrading overall TCP performance for the modem. When users do not enable the shaping option for upstream rate limiting, the CMTS upstream-rate-policing code drops bandwidth requests from cable modems that are found to have exceeded their configured peak-upstream rate (using different local drop policies). The effect of bandwidth requests (eventually upstream packets) being dropped causes degraded throughput performance of windows-based protocols (like TCP) for these rate-exceeded modems because of the timeouts and retransmits that follow.

New Software Features in Cisco IOS Release 11.3(8)NA

The following software enhancement was introduced in Cisco IOS Release 11.3(8)NA and is available for the Cisco uBR7200 series universal broadband routers.

Per-Modem and Per-Host Access List Support

The Per-Modem and Per-Host Access List Support feature adds support of per-modem and per-host access lists to Cisco uBR7200 images. It also adds MIB support and CLI commands for the definition of per-modem and per-host access lists.

New Hardware Features in Cisco IOS Release 11.3(7)NA

The following hardware enhancement was introduced in Cisco IOS Release 11.3(7)NA and is available for the Cisco uBR7200 series universal broadband routers.

Cisco uBR7223 Universal Broadband Router

The Cisco uBR7223 universal broadband router is part of a new class of Cisco data-over-cable products designed to allow two-way transmission of digital data over hybrid fiber coaxial (HFC) cable. The Cisco uBR7223 supports IP routing with a wide variety of protocols and any combination of Ethernet, Fast Ethernet, High-Speed Serial Interface (HSSI), serial, Packet-Over-SONET (POS), and Asynchronous Transfer Mode (ATM) media.

New Hardware Features in Cisco IOS Release 11.3(6)NA

The following hardware enhancement was introduced in Cisco IOS Release 11.3(6)NA and is available for the Cisco uBR7200 series universal broadband routers.

Cable Router Line Card (MC16)

The software for the MC16 Cable Router Line Card is a driver running on the Cisco uBR7200 series universal broadband routers. Using a Protocol Control Information (PCI) interface, the universal broadband router line card software interacts with the MC16 card. Data is passed back and forth, as Direct Memory Access (DMA) transfers, from the Cisco uBR7200 series universal broadband routers memory to the MC16 card.

Additionally, the MC16 card supports universal broadband router line card management and control with the MC16 MIB, Media Access Control (MAC) control software and logical link management software based on MCNS standards, and minimized security.

New Software Features in Cisco IOS Release 11.3(5)NA

The following software enhancements were introduced in Cisco IOS Release 11.3(5)NA and are available for the Cisco uBR7200 series universal broadband routers.

Additional or Changed Show Commands

The Cisco uBR7200 series universal broadband routers contain the following additional or changed show commands:

•The show cable qos command is changed to show cable qos-profile <n> command, where the optional argument <n> can be used to display a specific profile.

•The show int cx/y sid command displays more complete Service ID (SID) status information.

•The show cable modem command displays a list of options for a single modem to be specified by entering either the cable modem's IP address or MAC address.

•The following are show cable modulation-profile command modifications:

• The show cable modulation-profile command was removed.

•The show cable burst-profile command was renamed show cable modulation-profile.

•The new show cable modulation-profile command has an added option <n> to display modulation profile number n.

Burst Profile Configuration

For each modulation/burst profile configuration, the Cisco uBR7200 series universal broadband routers will support burst profile number, burst profile interval usage code, burst type, preamble length and unique word length, differential encoding enable/disable, FEC correctable bytes value, FEC code word length, scrambler seed value, maximum burst size, guard time size, last code word shortened/lengthened, and scrambler enable/disable.

Cable Modem and Multicast Authentication using RADIUS

As an enhancement to baseline privacy, the Cisco uBR7200 series universal broadband routers can be configured for cable modem and multicast authentication using RADIUS protocol. When a cable modem comes online or when a JOIN request is sent through a multicast data stream, the Cisco uBR7200 series universal broadband routers send relevant information to RADIUS servers for cable modem/host authentication. This feature can be configured on a per-interface basis.

DHCP Relay Subscriber ID Insertion

The Cisco uBR7200 series universal broadband routers allow insertion of DHCP relay-agent option fields. Using the [no] cable relay-agent-option command, these fields can be enabled on a per-interface basis.

Downstream Quality of Service Handling Compliant to MCNS Requirements

Cisco IOS Release 11.3(5)NA handles downstream quality of service in compliance with MCNS requirements for the Cisco uBR7200 series universal broadband routers. The Cisco uBR7200 series universal broadband routers control access to the shared time-slotted MCNS upstream cable channel used by the cable modems remotely.

The downstream port outputs 64- and 256-QAM modulated carriers conforming to the ITU-T J.83 Annex A or Annex B standards for transmission of MPEG digital television. The downstream port outputs a 44.00 MHz intermediate frequency (IF) carrier, which is upconverted to an assigned radio frequency (RF). Data destined for subscribers is broadcast on a standard cable television channel. The carrier bandwidth is 6 MHz with raw speeds of 30.34 Mbps and 42.88 Mbps.

Encrypted Baseline Privacy Key Exchange

Baseline privacy extensions permit the encryption of data transferred between the cable modem and the Cisco uBR7200 series universal broadband router. Images with encrypted key exchange are considered encrypted images.

The key management protocol defined by baseline privacy allows the Cisco uBR7200 universal broadband router to provide two types of keys to cable modems. The Key Exchange Key (KEK) decrypts the Traffic Exchange Keys (TEK). The TEK is the key used to encrypt and decrypt data packets.

---

Note   For Cisco Systems to be able to provide nonexport controlled images, the standard image (ubr7200-p-mz) will no longer support baseline privacy. New images explicitly identified as encryption images (ubr7200-pk1-mz and ubr7200-pk1s-mz), will support baseline privacy.

---

Improved and Extended Command-Line Interface

Extensive command-line interface enhancements include user configuration using the command-line interface, SNMP, and HTTP. All methods will provide essentially the same set of configuration objects.

Improved MAC Scheduler

The MAC scheduler in the Cisco uBR7200 series universal broadband routers handle computation of optimal number of initial ranging opportunities per second and initial ranging backoff window, optimal date request backoff window, and data request slots per second.

Improved Parameter Configuration

The Cisco uBR7200 series universal broadband routers contain algorithms that control the rate of the contention slots and a common algorithm for varied parameter configuration for cable modems within each of the upstream contention subchannels.

Improved Upstream Quality of Service

The Cisco uBR7200 series universal broadband routers have an improved upstream quality of service. The upstream port receives time-division multiplexed data bursts. Cisco uBR7200 series universal broadband routers support QPSK and 16-QAM modulation at carrier bandwidths of 0.2, 0.4, 0.8, 1.6, and 3.2 MHz with raw speeds of 0.32, 0.64, 1.28, 2.56, and 5.12 Mbps when using QPSK. A single downstream supports up to six upstreams. (The number of upstreams supported is indicated by the second digit of the model number of the cable router line card.) Each upstream has its own set of Upstream Channel Descriptor (UCD) and Upstream Bandwidth Allocation (MAP) messages, which control the frequency, modem transmission parameters, and timing of messages sent toward the Cisco uBR7200 series router.

MIB Enhancements

Both the Management Interface Base (MIB) and command-line interface provide the same set of configuration options in the Cisco uBR7200 series universal broadband routers. Additionally, the Radio Frequency (RF) Interface MIB has changed:

•docsIfUpChannelFrequency now has a range starting with 0, where 0 indicates that the frequency is unknown or not specified.

•docsIfUpChannelWidth now has a range of 0-16 MHz. The value of 0 means the channel width is unknown or not configured

•docsIfQosProfileTable is now read-create.

•docsIfQosProfBaselinePrivacy is a new object.

•docsIfQosProfStatus is a new object.

•docsIfCmtsQosProfilePermissions is a new object.

•docsIfCmtsCmStatusValue is a new object.

Quality of Service Configuration

Quality of Service (QoS) data can be configured through the command-line interface to support the quality of service profile number, priority, maximum upstream bandwidth, guaranteed upstream bandwidth, maximum downstream bandwidth, maximum transmit burst length, baseline privacy enable/disable, and Type of Service (ToS) overwrite byte.

Read/Create Implementation of Quality of Service Table

The following commands for updating the quality of service (QoS) table are available with the Cisco uBR7200 series universal broadband routers.

•create-snmp—Permit creation of QoS table entries by SNMP

•modems—Permit creation of QoS table entries by modem registration requests

•update-snmp—Permit dynamic update of QoS table entries by SNMP

Spectrum Management Enhancements

For full fault detection support, the following spectrum management enhancements are available in the Cisco uBR7200 series universal broadband routers.

•Flapping Modem Detector

•Modem Flap-List—Supports new clear cable modem flap-list command

•State Change Logging—Supports new show cable modem flap-list command

New Software Features in Cisco IOS Release 11.3(4)T

The following software enhancement was introduced in Cisco IOS Release 11.3(4)T and is available for the Cisco uBR7200 series universal broadband routers.

IP Type of Service and Precedence for GRE Tunnels

Prior to the IP Type of Service and Precedence for GRE Tunnels feature, at generic route encapsulation-based tunnel endpoints, the Type of Service (ToS) bits (including precedence bits) were not copied to the tunnel or GRE IP header that encapsulates the inner packet. Instead, those bits were set to zero. This was not a problem unless the intermediate routers between two tunnel endpoints honored ToS or precedence bits, in which case those settings were ignored.

With the advent of virtual private network (VPN) and QoS applications, it is desirable to copy the ToS bits when the router encapsulates the packets using GRE. Thus, intermediate routers between tunnel endpoints can take advantage of the QoS features such as weighted fair queuing (WFQ) and weighted random early detection (WRED).

New Software Features in Cisco IOS Release 11.3(3)T

The following software enhancements were introduced in Cisco IOS Release 11.3(3)T and are available for the Cisco uBR7200 series universal broadband routers.

Named Method Lists for AAA Authorization and Accounting

In earlier Cisco IOS releases, only named authentication method lists were supported under Cisco's Authentication, Authorization, and Accounting (AAA) network security services. With Cisco IOS Release 11.3(3)T, AAA has been extended to support both authorization and accounting named method lists. Named Method Lists for AAA Authorization and Accounting function the same way as those for authentication, they allow you to define different methods for authorization and accounting and apply those methods on a per-interface or per-line basis.

Automated Double Authentication

The Automated Double Authentication feature enhances the previous double authentication feature. Previously with the double authentication feature, a second level of user authentication was achieved when you telnetted to the network access server or router and entered a username and password. Now, with automated double authentication, you do not have to telnet anywhere, but instead respond to a dialog box that requests a username and password or PIN.

Microsoft Point-to-Point Compression (MPPC)

Microsoft Point-to-Point Compression (MPPC) is a scheme used to compress Point-to-Point Protocol (PPP) packets between Cisco and Microsoft client devices. The MPPC algorithm is designed to optimize bandwidth utilization to support multiple simultaneous connections. The MPPC algorithm uses a Lempel-Ziv (LZ)-based algorithm with a continuous history buffer called a dictionary.

Multiple ISDN Switch Types

The Multiple ISDN Switch Types feature allows for configuring more than one ISDN switch type per router. An ISDN switch type can be applied on a per-interface basis, thus extending the existing global isdn switch-type command to the interface level. This allows Basic Rate Interfaces (BRI) and Primary Rate Interfaces (PRI) to run simultaneously on platforms that support both interface types.

National ISDN Switch Types for BRI and PRI

National ISDN Switch Types for Basic Rate and Primary Rate Interfaces introduces changes to ISDN switch types for PRIs and BRIs as follows:

•Adds a new switch type for PRI interfaces (isdn switch-type primary-ni).

•Changes the BRI basic-ni1 switch type to basic-ni (isdn switch-type basic-ni).

•Removes the ISDN vn2 switch type (isdn switch-type vn2) used in France. The existing vn3 switch type (isdn switch-type vn3) supports French vn2 switches.

•Removes the ISDN basic-nwnet3 switch type (isdn switch-type basic-nwnet3) used in Norway. The basic-net3 switch type (isdn switch-type basic-net3) supports Norway NET3 switches.

•Removes the ISDN basic-nznet3 switch type (isdn switch-type basic-nznet3) used by New Zealand NET3 switches. The ISDN basic-net3 switch type (isdn switch-type basic-net3) supports New Zealand NET3 switches.

•Adds the ability to configure outgoing PRI B channel selection for the T1 controller in ascending order (channel 1 to channel 23) or descending order (channel 23 to channel 1). Previously, the router selected a B channel for outgoing calls from the highest free channel in descending order. The E1 controller channel selection for ascending order is channel 1 to 31, and 31 to 1 for descending order.

---

Note   The command parser will still accept the following switch types: basic-nwnet3, vn2, and basic-net3; however, when viewing the NVRAM configuration using either the show running configuration or write terminal command, the basic-net3 or vn3 switch types are displayed respectively.

---

VPDN MIB and Syslog Facility

The Virtual Private Dialup Network (VPDN) Management Information Base (MIB) feature is intended to support all the tables and objects defined in the Cisco VPDN Management MIB for VPDN user sessions. VPDN system-wide information is available. This includes active VPDN tunnels, active user sessions in active VPDN tunnels, and failure history information, per username.

The VPDN Syslog facility provides generic logging output for VPDN information, such as Layer 2 Forwarding Protocol (L2F). The syslog messages are generated to inform authentication or authorization errors, resource issues, and time-out events.

Additional Vendor-Proprietary RADIUS Attributes

This release introduces support for Additional Vendor-Proprietary RADIUS Attributes. Remote Authentication Dial-In User Server (RADIUS) is an access server authentication, authorization, and accounting protocol originally developed by Livingston, Inc. Although an Internet Engineering Task Force (IETF) draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the network access server and the RADIUS server.

New Hardware Features in Cisco IOS Release 11.3(2)XA

The following hardware enhancements were introduced in Cisco IOS Release 11.3(2)XA and are available for the Cisco uBR7200 series universal broadband routers.

Cable Line Cards (MC11)

The MC11 cable line cards installed in the Cisco uBR7200 series universal broadband routers provide connection to the Hybrid Fiber Coaxial (HFC) cable network. The MC11 line cards offer one upstream port and one downstream port. The cable modem card slots are numbered from top to bottom: cable modem card slot 3, slot 4, slot 5, and slot 6.

Cisco uBR7246 Universal Broadband Router

Cisco uBR7246 universal broadband features enable the Cisco uBR7246 universal broadband router to communicate with an HFC network via a Cisco MC11 cable modem card. Cisco MC11 cable modem cards allow you to connect cable modems on the HFC network to a Cisco uBR7246 in a Community Antenna Television (CATV) headend facility. The modem card provides the interface between the Cisco uBR7246 protocol control information (PCI) bus and the Radio Frequency (RF) signal on the HFC network.

No New Features in Cisco IOS Release 11.3(1)

There were no new features introduced for the Cisco uBR7200 series universal broadband routers in Cisco IOS Release 11.3(1).

Important Notes

The following sections contain important notes about Cisco IOS Release 11.3 that might apply to the Cisco uBR7200 series universal broadband routers.

Cisco IOS Release 11.3 NA End of Sales and End of Engineering

End of Sales (EOS) means a software release may no longer be ordered. These releases are still available through FSO and CCO for customers under maintenance contract or for Customer Service Engineering (CSE) support until they reach the "End of Life" milestone. End of Engineering (EOE) means there are no further scheduled maintenance releases. The last maintenance release scheduled on the EOE date is available only through CCO and Cisco Field Service Operations, not through Cisco manufacturing.

•Release 11.3 NA is scheduled to reach End of Sales (EOS) status with maintenance Release 11.3(11)NA.

•Release 11.3 NA is scheduled to reach EOE with Release 11.3(11)NA.

Ongoing support for functionality in Releas 11.3 NA is available in Cisco IOS Release 12.0(3)T and later 12.0 T releases

EOS and EOE releases are subject to change. For the most up-to-date information on the status of EOS or EOE, see the Cisco IOS Software Release 11.3 NA End of Sales and End of Engineering product bulletin on CCO. On CCO, click on this path:

Service & Support: Product Bulletins: Software

Under Cisco IOS 11.3, click on Cisco IOS Software 11.3 NA EOS and EOE (#849:12/98).

Previously Documented cable spectrum-group shared Command Not Supported At This Time

The cable spectrum-group shared command was documented in the feature module Cisco uBR7246 Universal Broadband Router Enhancements, released with Cisco IOS Release 11.3(5)NA. This command is not supported on the Cisco uBR7200 series in Release 11.3 NA, but is supported in Release 12.0(5)T.

If you are using Release 11.3 NA and it is necessary to configure two upstream channels to share the same spectrum-group but have different frequencies, they can be configured manually.

As an example, you have two nodes with two upstream channels per node. Node one carries US0 and US1; node two carries US2 and US3. Assume also that you are allocated 25 MHz to 35 MHz for the two upstreams combined.

First, set up two spectrum groups:

cable spectrum-group 1 band 25000000 30000000

cable spectrum-group 2 band 30000000 35000000

---

Note   Be sure you do not configure overlapping spectrum groups.

---

Then, allocate one channel from each node to each spectrum group:

cable us0 spectrum-group 1

cable us1 spectrum-group 2

cable us2 spectrum-group 1

Enabling IPX Routing

The Token Ring interface is reset whenever IPX routing is enabled on that interface.

Forwarding of Locally Sourced AppleTalk Packets

The Cisco implementation of AppleTalk does not forward packets with local-source and destination network addresses. This behavior does not conform to the definition of AppleTalk in the Apple Computer publication Inside AppleTalk. However, this behavior is designed to prevent any possible corruption of the AppleTalk Address Resolution Protocol (AARP) table in any AppleTalk node that is gleaning the MAC-address.

Removed Bridging Command

As of Release 11.3(2)T, the bridge group multicast-source command is no longer available. This command was removed to comply with the source-route-transparent (SRT) bridging implementation.

Missing Source-Route Bridging Commands

Due to a production problem, many source-route bridging commands were omitted from the printed version of the Cisco IOS Software Command Summary (78-4746-XX). For complete documentation of all source-route bridging commands, see the Bridging and IBM Networking Command Reference (78-4743-XX). You can also obtain the most current documentation on CCO and the Documentation CD-ROM.

New TACACS+ Attribute-Value (AV) Pair

A new authorization feature was added in Release 11.3(1) that allows for separate configuration and authorization of Multilink PPP. This can cause MLP authorization to fail in TACACS+ servers that do not include the relevant authorization permissions in the configuration. For TACACS+, the following attribute-value (AV) pair should be added for all users who are allowed to negotiate Multilink PPP:

service = ppp protocol = multilink {

Configuring VPDN

For information about configuring VPDN, follow this path on CCO:

Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 11.3: Cisco IOS 11.3 Configuration Guides, Command References: Dial Solutions Configuration Guide: Virtual Private Dialup Networks: Configuring Virtual Private Dialup Networks

To reach the VPDN command reference, follow this path on CCO:

Cisco IOS Software Configuration: Cisco IOS Release 11.3: Cisco IOS 11.3 Configuration Guides, Command References: Dial Solutions Command Reference: Virtual Private Dialup Networks: Virtual Private Dialup Network Commands

Cisco IOS Syslog Failure

Certain releases of Cisco IOS software may fail or hang when they receive invalid User Datagram Protocol (UDP) packets sent to their syslog ports (port 514). At least one commonly-used Internet scanning tool generates packets, which can cause such problems. This fact has been published on public Internet mailing lists, which are widely read both by security professionals and by security attackers. This information should be considered in the public domain.

Attackers can cause Cisco IOS devices to repeatedly fail and reload, resulting in a completely disabled Cisco IOS device that will need to be reconfigured by its administrator. Some Cisco IOS devices have been observed to hang instead of failing when attacked. These devices do not recover until they are manually restarted by reset or power cycling. An administrator must personally visit an attacked, hung device to restart it, even if the attacker is no longer actively sending any traffic. Some devices have failed without providing stack traces; some devices may indicate that they were "restarted by power-on," even when that is not the case.

Assume that any potential attacker is likely to know that existence of this vulnerability and the ways to exploit it. An attacker can use tools available to the public on the Internet and does not need to write any software to exploit the vulnerability. Minimal skill is required and no special equipment is required.

Despite Cisco specifically inviting such reports, Cisco has received no actual reports of malicious exploitation of this vulnerability.

This vulnerability notice was posted on Cisco's World Wide Web site:

http://www.cisco.com/warp/public/770/iossyslog-pub.shtml

This information was also sent to the following e-mail and Usenet news recipients:

•cust-security-announce@cisco.com

•bugtraq@netspace.org

•first-teams@first.org (includes CERT/CC)

•first-info@first.org

•cisco@spot.colorado.edu

•comp.dcom.sys.cisco

•nanog@merit.edu

Affected Devices and Software Releases

Vulnerable devices and software releases are specified in , . Affected releases include Releases 11.3 AA, 11.3 DB, and all 12.0 releases (including 12.0 mainline, 12.0 S, 12.0 T, and any other regular released version whose number starts with 12.0), up to the repaired releases listed in . Cisco is correcting the vulnerability in certain special releases and will correct it in future maintenance and interim releases. See , for details. Cisco intends to provide fixes for all affected IOS variants.

No particular configuration is needed to make a Cisco IOS device vulnerable. It is possible to filter out attack traffic by using access lists. See the "Workarounds" section for techniques. However, except at Internet firewalls, the appropriate filters are not common in customer configurations. Carefully evaluate your configuration before assuming that any filtering you have protects you against this attack.

The most commonly used or asked-about products are listed below. If you are unsure whether your device is running Cisco IOS software, log in to the device and issue the show version command. Cisco IOS software will identify itself simply as "IOS" or "Internetwork Operating System Software". Other Cisco devices will not have the show version command, or they will identify themselves differently in their output. The most common Cisco devices that run Cisco IOS software include the following:

•Cisco routers in the AGS/MGS/CGS/AGS+, IGS, RSM, 800, ubr900, 1000, 2500, 2600, 3000, 3600, 3800, 4000, 4500, 4700, AS5200, AS5300, AS5800, 6400, 7000, 7200 (including the ubr7200), 7500, and 12000 series

•Most recent versions of the LS1010 ATM switch

•Some versions of the Catalyst 2900XL LAN switch

•Cisco DistributedDirector

Affected software releases, which are relatively new, are not necessarily available on every device listed above. If you are not running Cisco IOS software, you are not affected by this vulnerability.

The following Cisco devices are not affected:

•700 dialup routers (750, 760, and 770 series)

•Catalyst 1900, 2800, 2900, 3000, and 5000 LAN switches, except for some versions of the Catalyst 2900XL. However, optional router modules running Cisco IOS software in switch backplanes, such as the RSM module for the Catalyst 5000 and 5500, are affected.

•WAN switching products in the IGX and BPX lines

•MGX (formerly known as the AXIS shelf)

•Host-based software

•Cisco PIX Firewall

•Cisco LocalDirector

•Cisco Cache Engine

This vulnerability has been assigned Cisco bug ID CSCdk77426.

Solution

Cisco offers free software updates to correct this vulnerability for all affected customers—regardless of their contract status. However, because this vulnerability information has been disseminated by third parties, Cisco has released this notice before updates are available for all software releases. gives Cisco's projected fix dates.

Make sure your hardware had adequate RAM to support the new software before installing it. The amount of RAM is seldom a problem when you upgrade within a major release (say, from 11.2(11)P to 11.2(17)P), but it is often a factor when you upgrade between major releases (say, from 11.2 P to 11.3 T).

Because fixes will be available for all affected releases, this vulnerability will rarely, if ever, require an upgrade to a new major release. Cisco recommends very careful planning for any upgrade between major releases. Make certain no known bugs will prevent the new software from working properly in your environment.

Further upgrade planning assistance is available on Cisco's World Wide Web site at:

http://www.cisco.com

If you have service contracts you can obtain new software through your regular update channels (generally via Cisco's World Wide Web site). You can upgrade to any software release, but you must remain within the boundaries of the feature sets you have purchased.

If you don't have service contracts, you can upgrade to obtain only the bug fixes; free upgrades are restricted to the minimum upgrade required to resolve the defects. In general, you will be restricted to upgrading within a single row of , except when no upgrade within the same row is available in a timely manner. Obtain updates by contacting one of the following Cisco Technical Assistance Centers (TACs):

•+1 800 553 2447 (toll-free from within North America)

•+1 408 526 7209 (toll call from anywhere in the world)

•tac@cisco.com

Give the URL of this notice (http://www.cisco.com/warp/public/770/iossyslog-pub.shtml) as evidence for a free update. Non-contract customers must request free updates through the TAC. Please do not contact either "psirt@cisco.com" or "security-alert@cisco.com" for software updates.

Workarounds

You can work around this vulnerability by preventing any affected Cisco IOS device from receiving or processing UDP datagrams addressed to its port 514. This can be done either using packet filtering on surrounding devices, or by using input access list filtering on the affected IOS device itself.

If you use an input access list, apply that list to all interfaces to which attackers may be able to send datagrams. Interfaces include—not only physical LAN and WAN interfaces—but virtual subinterfaces of those physical interfaces, as well as virtual interfaces and interface templates corresponding to GRE, L2TP, L2F, and other tunneling protocols.

The input access list must block traffic destined for UDP port 514 at any of the Cisco IOS device's own IP addresses, as well as at any broadcast or multicast addresses on which the Cisco IOS device may be listening. Be sure to block both old-style "all-zeros" broadcasts and new-style "all-ones" broadcasts. It is not necessary to block traffic being forwarded to other hosts—only traffic actually addressed to the Cisco IOS device is of interest. No single input access list works in all configurations. Know the effect of your access list in your specific configuration before activating it.

The following example shows a possible access list for a three-interface router, along with the configuration commands needed to apply the list. The example assumes input filtering is not needed, other than as a workaround for this vulnerability:

! Deny all multicasts, and all unspecified-net broadcasts, to port 514

access-list 101 deny udp any 224.0.0.0 31.255.255.255 eq 514

! Deny old-style unspecified-net broadcasts

access-list 101 deny udp any host 0.0.0.0 eq 514

! Deny network-specific broadcasts. This example assumes that all of

! the local interfaces are on the class B network 172.16.0.0, subnetted

! everywhere with mask 255.255.255.0. This will differ from network

! to network. Note that we block both new-style and old-style broadcasts.

access-list 101 deny udp any 172.16.0.255 0.0.255.0 eq 514

access-list 101 deny udp any 172.16.0.0   0.0.255.0 eq 514

! Deny packets sent to the addresses of our own network interfaces.

access-list 101 deny udp any host 172.16.1.1 eq 514

access-list 101 deny udp any host 172.16.2.1 eq 514

access-list 101 deny udp any host 172.16.3.3 eq 514

! Permit all other traffic (default would be to deny)

access-list 101 permit ip any any

! Apply the access list to the input side of each interface

interface ethernet 0

ip address 172.16.1.1 255.255.255.0

ip access-group 101 in

interface ethernet 2

ip address 172.16.2.1 255.255.255.0

ip access-group 101 in

interface ethernet 3

ip address 172.16.3.3 255.255.255.0

ip access-group 101 in

Listing all possible addresses—especially all possible broadcast addresses—to which attack packets may be sent is complicated. If you do not need to forward any legitimate syslog traffic received on an interface, you can block all syslog traffic arriving on that interface. Remember that blocking will affect traffic routed through the Cisco IOS device as well as traffic destined to the device; if the IOS device is expected to forward syslog packets, you will have to do the detailed filtering. Because input access lists impact system performance, install them with caution—especially on systems running very near their capacity.

Software Versions and Fixes

Many Cisco software images have been or will be specially reissued to correct this vulnerability. For example, regular released version 12.0(2) is vulnerable, as are interim releases 12.0(2.1) through 12.0(2.3). The first fixed interim version of 12.0 mainline software is 12.0(2.4). However, a special release, 12.0(2a), contains only the fix for this vulnerability and does not include any other bug fixes from later 12.0 interim releases.

If you are running 12.0(2) and want to fix this problem without risking possible instability presented by installing the 12.0(2.4) interim release, you can upgrade to 12.0(2a). Release 12.0(2a) is a "code branch" from the 12.0(2) base, which will merge back into the 12.0 mainline at 12.0(2.4).

Special releases, like 12.0(2a), are one-time, spot fixes, and they will not be maintained. Thus, the upgrade path from12.0(2a) is to 12.0(3).

specifies information about affected and repaired software releases.

---

Note   All dates within this table are subject to change.

---

Table 6 Affected and Repaired Software Releases 

Cisco IOS Major Release	Description	Special Fix1	First Fixed Interim Release2	Fixed Maintenance Release3
Unaffected Releases
11.2 and earlier releases—all variants	Unaffected early releases (no syslog server)	Unaffected	Unaffected	Unaffected
11.3, 11.3  T, 11.3 DA, 11.3 MA, 11.3 NA, 11.3 WA, 11.3(2)XA	11.3 releases without syslog servers	Unaffected	Unaffected	Unaffected
Releases based on 11.3
11.3 AA	11.3 early deployment for AS58xx	11.3(7)AA2, 8-JAN-19994	11.3(7.2)AA	11.3(8)AA, 15-FEB-1999
11.3 DB	11.3 for Cisco NRP routing blade in Cisco 6400 xDSL DSLAM			11.3(7)DB2, 18-JAN-1999
Releases based on 12.0
12.0	12.0 Mainline	12.0(2a), 8-JAN-1999	12.0(2.4)	12.0(4), 12-APR-1999
12.0 T	12.0 new technology early deployment	12.0(2a)T1, 11-JAN-1999	12.0(2.4)T	12.0(3)T, 15-FEB-1999
12.0 S	ISP support; 7200, RSP, GSR		12.0(2.3)S, 27-DEC-1998	12.0(2)S5 , 18-JAN-1999
12.0 DB	12.0 for Cisco 6400 universal access concentrator node switch processor (lab use)			12.0(2)DB, 18-JAN-1999
12.0(1)W	12.0 for Catalyst 8500 and LS1010	12.0(1)W5(5a) and 12.0(1a)W5(5b) (LS1010 platform only)	12.0(1)W5(5.15)	12.0(1)W5(6) (platform support for Catalyst 8540M will be in 12.0(1)W5(7))
12.0(0.6)W5	One-time early deployment for CH-OC12 module in Catalyst 8500 series switches	Unaffected; one-time release	Unaffected	Unaffected; To upgrade use 12.0(1)W5 releases.
12.0(1)XA3	Short-life release; merged to 12/0T at 12.0(2)T	Obsolete	Merged	Upgrade to 12.0(2a)T1 or to 12.0(3)T.
12.0(1)XB	Short-life release for Cisco 800 series; merged to 12.0 T and 12.0 (3)T	12.0(1)XB1	Merged	Upgrade to 12.0(3)T.
12.0(2)XC	Short-life release for new features in Cisco 2600, Cisco 3600, ubr7200, ubr900 series; merged to 12.0 T at 12.0(3)T	12.0(2)XC1, 7-JAN-1999	Merged	Upgrade to 12.0(3)T
12.0(2)XD	Short-life release for ISDN voice features; merged to 12.0 T at 12.0(3)T	12.0(2)XD1, 18-JAN-1999	Merged	Upgrade to 12.0(3)T
12.0(1)XE	Short-life release	12.0(2)XE, 18-JAN-1999	Merged	Upgrade to 12.0(3)T

1 A special fix is a one-time release that provides the most stable immediate upgrade path. 2 Interim releases are tested less rigorously than regular maintenance releases; interim releases can contain serious bugs. 3 Fixed maintenance releases are on a long-term upgrade path. Other long-term upgrade paths also exist. 4 All dates in this table are estimates and are subject to change. 5 This entry is not a misprint. The 12.0(2.3)S interim release is available before the 12.0(2)S regular release.

Deprecated MIBs

Old Cisco Management Information Bases (MIBs) will be replaced in a future release. OLD-CISCO-* MIBS are currently being migrated into more scalable MIBs—without affecting existing Cisco IOS products or NMS applications. You can update from deprecated MIBs to the replacement MIBs as shown in the following table.

Table 7 Deprecated and Replacement MIBs

Deprecated MIB	Replacement
OLD-CISCO-APPLETALK-MIB	RFC1243-MIB
OLD-CISCO-CHASSIS-MIB	ENTITY-MIB
OLD-CISCO-CPUK-MIB	In Development
OLD-CISCO-DECNET-MIB
OLD-CISCO-ENV-MIB	CISCO-ENVMON-MIB
OLD-CISCO-FLASH-MIB	CISCO-FLASH-MIB
OLD-CISCO-INTERFACES-MIB	IF-MIB CISCO-QUEUE-MIB
OLD-CISCO-IP-MIB
OLD-CISCO-MEMORY-MIB	CISCO-MEMORY-POOL-MIB
OLD-CISCO-NOVELL-MIB	NOVELL-IPX-MIB
OLD-CISCO-SYS-MIB	(Compilation of other OLD* MIBS)
OLD-CISCO-SYSTEM-MIB	CISCO-CONFIG-COPY-MIB
OLD-CISCO-TCP-MIB	CISCO-TCP-MIB
OLD-CISCO-TS-MIB
OLD-CISCO-VINES-MIB	CISCO-VINES-MIB
OLD-CISCO-XNS-MIB

Caveats

This section contains both open and resolved caveats for the current Cisco IOS maintenance release only.

For information on caveats in Cisco IOS Release 11.3 NA, see the "Important Notes and Caveats for Release 11.3" section in the cross-platform Release Notes for Cisco IOS Release 11.3 document. These cross-platform release notes contain caveats affecting all maintenance releases.

For information on other caveats that also apply to this release, see the Caveats for Cisco IOS Release 11.3 T document. This caveats document lists severity 1 and 2 caveats for Release 11.3 T. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Caveats describe unexpected behavior or defects in Cisco IOS software releases.

Because Release 11.3 NA is based on Release 11.3 and Release 11.3 T, all caveats in Release 11.3(10) and Release 11.3(10)T are also in Release 11.3(11)NA.

---

Note   If you have an account with CCO, you can use Bug Navigator II to find caveats of any severity for any release. From the CCO home page, click on this path: Service & Support: Online Technical Support: Software Bug Toolkit II. Bug Navigator II can also be found at http://www.cisco.com/support/bugtools.

---

Open Caveats—Release 11.3(11)NA

This section describes possibly unexpected behavior by Release 11.3(11)NA. Unless otherwise noted, these caveats apply to all 11.3 releases up to and including Release 11.3(11)NA.

Miscellaneous

•CSCdm47012

The latest versions of Smart Modular and Sharp Flash cards used to store Diagnostics and IOS SW images can report unrecoverable write errors.

Affected Flash cards use a new Sharp (LH28F016SCT) chip set. The original Smart Modular and Intel Flash cards are not affected.

Affected platforms are 7200 and all derivatives, 7500, GSR, and maybe others.

There is no workaround. If the problem occurs, try to reformat the Flash, store less images, or try storing images in a different order. This may help under some circumstances.

•CSCdm68266

When running 11.3(10)NA image, ingress gw can display wrong cause code.

•CSCdm68546

This fixes CM status display in CMTS when the modem goes offline with BPI turned on and key expiration. Previously, the CM showed online when actually it was offline.

Resolved Caveats—Release 11.3(11)NA

All the caveats listed in this section are resolved in Release 11.3(11)NA. This section only describes severity 1 and 2 caveats.

Basic System Services

•CSCdk80230

Certain Internetwork Status Monitor (ISM) NetView users can issue non-enable mode commands without router authentication. Users accessing the router through NetView must be authenticated through NetView's security methods, which can include RACF and SAF. Mainframe users can be restricted from issuing any router commands by the restriction of the RUNCMD within NetView. Users issuing enable mode commands must be authorized to issue this level of command by ISM, and must possess the ENABLE mode password. If the router is controlled by TACACS+, the ISM user must have a TACACS+ User ID and Password to issue enable level commands.

show user : command has been modified : the user field is filled up by the host name.

Two options have been added to the following commands : sna host and dspu host.

The options are: no-enable and high-security.

Configure these options with focalpoint.

no-enable : when this is set, it does not allow enable command from the host

high-security : when this is set, it allows the following commands in USER mode. (PRIVILEGE mode is not affected by this option.) You must enter all these commands in full or else the command will not be allowed (that is, sh versi is not allowed for show version)

•CSCdm45535

C7500 router can erroneously detect output stuck conditions causing interfaces to reset or perform cbus restarts for no apparent reason. This causes all IPs in the router to reset.

DECnet

•CSCdk23805

When Decnet accounting is implemented, it is possible for the router to crash depending on the number of connections.

•CSCdm28939

When you are configuring Decnet on a router, you can specify an Address Translation Gateway (ATG) network number in the range 0 to 3. If the ATG-network-number is specified incorrectly while configuring an interface, the router will reload.

If the ATG-network-number is not required the problem will not occur.

If the ATG-network-number is required, then a workaround is to ensure that the ATG-network-number specified when enabling an interface matches the ATG-network-number specified when decnet routing is enabled globally; for example:

decnet 1 routing 2.3 interface ethernet 0/0 decnet 1 cost 5

EXEC and Configuration Parser

•CSCdm39355

If the length of the entire command after completion exceeds PARSEBUF, then the router crashes.

Fix: Don't allow the "command completion" if it exceeds PARSEBUF.

IBM Connectivity

•CSCdm30793

A Cisco 7206 configured for dlsw priority peers may crash with a bus error in Release 11.3(9)T.

Workaround: None.

•CSCdm39124

Console message flooding may occur when an XID3 loop occurs with APPN in the router. The following messages are repeated for each iteration of the loop:

%APPN-3-logcsCS_XXXXIP11_LOGMSG_01: CS - Sending Alert to MS, sense_code = 83E0001, 
proc_name = XXXXIP32, port_name = HMAC04, ls_name = @LS00289 
%APPN-3-logcsCS_XXXXIP11_LOGMSG_03: CS - Associated outbound XID data in alert (length 
>= 29): %APPN-3-Error: 
327307700000000000F7C1000000008000010B510005000000000007000E11F4C4C5C2E5D4E4F0F04BD5D5C
3C9D7F0F110380037110C0804F1F2F0F0F0F00908F0F0F0F0F0F0F01406C3C9E2C3D640C1D7D7D540D5D561
C4D3E4D90F0FC3C9E2C3D640C1D7D7D540D5D52207000000083E0001 
%APPN-3-logcsCS_XXXXIP11_LOGMSG_05: CS - Associated inbound XID data in alert (length 
>= 29): %APPN-3-Error: 
326705D56F010000B00810000000000000010B410005B800000000070010370023110C0804F0F3F0F0F0F00
F06D4E240E2D5C140E2C5D9E5C5D90908F0F0F0F0F0F0F0131103100010F0F0F0F0F0F0F0F0F0F0F0F0F00E
0FF4C4C5C2E5D4E4F0F04BC3E3F5F6C6

Avoid console logging.

•CSCdm49573

The router crashes with bus error when executing a show dlsw circuit command if there is a circuit with a local rif of 18 bytes.

This is a regression introduced by CSCdk83294.

•CSCdm50361

DLSw Lite peers leak CLS connect request buffers. If possible, try using a different peer type. This patch frees an outstanding connect request if additional requests are received while the first request is still pending.

Interfaces and Bridging

•CSCdk10376

SYMPTOM: Crash in frf9_preComp()

This ondition most frequently occurs during times when router traffic is heavy, which causes memory usage to increase and a possible low-memory condition to occur.

WORKAROUND: Disable compression or use a different type.

Since this problem is aggravated by a low-memory condition, tuning the memory can prevent this condition from occurring, but there are no guarantees.

•CSCdm46735

A PA-4R-DTR port may reset under the following circumstances:

1) A high rate of traffic is traversing the port (200 pps or better) .

2) The PA-4R-DTR port is the active monitor of the physical ring.

3) An event on the ring forces the active monitor to purge the ring.

When this problem occurs, the PA-4R-DTR port resets, and the ring experiences a beacon.

Workaround: Make sure the DTR port is not the active monitor on the ring. This can be done by ensuring that the mac-address of the DTR card is not the highest mac-address on the physical ring.

IP Routing Protocols

•CSCdm20483

IP access lists fail to block pings on the interfaces configured for policy routing with IP route-cache policy.

•CSCdm28898

ARP to a router fails on the serial interface when bridging is enabled and after the router is reloaded.

----eth---2500---serial---2500---eth---

Router : 2500 IOS : 112.(17), 12.0(3.7)

Workaround: Remove IP address on serial and enter again.

•CSCdm44957

Some IP fragments may be incorrectly filtered out by access lists.

•CSCdm53317

DNS replies passing from "inside" to "outside" through NAT are not NAT translated correctly in many cases. There is no workaround.

Miscellaneous

•CSCdk45491

Symptom: The NM-1FE-TX fails to autonegotiate properly when connected through an SMF connector.

Analysis: Manually setting the speed to 100 solves the problem. An interface speed command with the following syntax is being added to overcome this. The default behaviour would be to autonegotiate:

[no] speed {10 | 100 | auto}

•CSCdm18910

When port info is passed from LAC and 'vpdn aaa attribute nas-port vpdn-nas' is configured, it should be mapped to the correct NAS-Port-Type value.

•CSCdm22032

Configuring PPP encapsulation on an interface and making that interface a member of a bridge group gives "tracebacks" and "fair-queue not initialized properly" messages. Remove bridging from the interface or turn off fair queueand the massages dissappear.

00:06:39: -Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D020 00:06:39: 
Fair Queue:packet not initialized properly: 0, 0 , 38 00:06:39: -Traceback= 601C9C58 
602015E0 60556558 60553958 6021D034 6021D020 00:06:39: Fair Queue:packet not 
initialized properly: 0, 0 , 38 00:06:39: -Traceback= 601C9C58 602015E0 60556558 
60553958 6021D034 6021D020 00:06:40: Fair Queue:packet not initialized properly: 0, 0 , 
38 00:06:40: -Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D020 
00:06:40: Fair Queue:packet not initialized properly: 0, 0 , 38 00:06:40: -Traceback= 
601C9C58 602015E0 60556558 60553958 6021D034 6021D020 00:06:40: Fair Queue:packet not 
initialized properly: 0, 0 , 38 00:06:40: -Traceback= 601C9C58 602015E0 60556558 
60553958 6021D034 6021D020 00:06:40: Fair Queue:packet not initialized properly: 0, 0 , 
38 00:06:40: -Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D020 
00:06:40: Fair Queue:packet not initialized properly: 0, 0 , 38 00:06:40: -Traceback= 
601C9C58 602015E0 60556558 60553958 6021D034 6021D020 

•CSCdm28631

Under stressful conditions (if the ESA is bringing up a large number of crypto sessions simultaneously), it may either enter a race condition or get the crypto initiation messages wedged in the input queue of the interface doing encryption.

•CSCdm31647

A customer reset a VIP card in slot 8 of one Cisco 7513, and the VIP crashed. When the VIP came up, ISL trunking to slot 4 (PA-2FEISL-TX) started dropping large packets. However, small packets go through the interface just fine. Workaround is to reset the box.

•CSCdm33429

A Cisco AS5300 gets a bus error when it is under a heavy load caused by outgoing Modem calls. Have tested with IOS 11.3(9)T and 11.3(8.5)T with same results.

Problem is reproducible within minutes.

•CSCdm33707

After the router is reloaded, ESA can not re-establish active crypto connection. The workaround is to remove the crpto map, reload the the router again, and reapply the crypto map.

•CSCdm44057

When running virtual-profile, theCisco 7500 keeps on resetting the cbus.

The first message is "%RSP-3-RESTART: interface Serial4/0:1, output stuck" .

Then a little later, a reset occurs on the cbus. If debugging cbus, you can see the bus resetting. This also causes all attached controllers to loose connectivity. The only way to access the box is through the console port.

•CSCdm49454

Problem description: When cable ip-broadcast-echo is enabled, under certain timing conditions, it may cause a buffer leak.

Workaround: Do not enable cable ip-broadcast-echo and cable ip-multicast-echo.

VINES

•CSCdk80167

Cisco 2500 series and Cisco 4000 series routers (68000-based routers) might reload a few minutes after VINES Sequenced Routing Update Protocol (SRTP) is configured.

Workaround: Do not use VINES SRTP. If it is enabled, disable it by issuing the no vines srtp-enabled command.

Wide-Area Networking

•CSCdk37517

DDR with dialer dtr does not reset DTR to a down state after an unsuccessful call attempt. Unsuccessful in this case means that DD; therefore DCD does not come up.

This can be verified by viewing show dialer to ensure that the dialer state is idle; then enter show interface serial x to check the state of DTR.

This problem does not seem to occur in Release 11.1.

•CSCdm30090

When the router is operating as an X.25 switch and forwards an X.25 call containing certain facilities not interpreted by the router, the facility values can be corrupted. The problem most likely occurs when the call cannot be forwarded immediately (i.e., when using X25-over-TCP) with heavy traffic; the affected facilities include any local facilities and the Charging Information facility.

•CSCdm33448

A router performing X.25 switching may reload when clearing many calls simultaneously during heavy traffic.

•CSCdm36123

Customer repeatedly crashes (segV) when dialer rotor best is configured and 'deb dialer' is started once the traffic triggers a call.

•CSCdm37153

5200 pri never sends UAf respond to telcos switch in Release 11.3.

•CSCdm37653

Reliable PPP can cause an intermittent crash when used with WFQ. Workaround is to disable Reliable PPP or WFQ.

•CSCdm38291

The router configured for dialer watch never dials back when backup interface times out if Watched route on dialer watch is not installed in routing table.

Related Documentation

The following sections describe the documentation available for the Cisco uBR7200 series universal broadband routers Typically, these documents consist of hardware installation guides, software installation guides, Cisco IOS configuration and command references, and system error messages. Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online only. The most up-to-date documentation can be found on the Web via CCO and on the Documentation CD-ROM. These electronic documents might contain updates and modifications made after the hard copy documents were printed.

Use these release notes with the documents listed in these sections:

•Release-Specific Documents

•Platform-Specific Documents

•Feature Modules

•Feature Modules

Release-Specific Documents

The following documents are specific to Release 11.3:

•Release Notes for Cisco IOS Release 11.3

To navigate to Release Notes for Cisco IOS Release 11.3, follow this path on CCO:

Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 11.3: Release Notes for Cisco IOS Release 11.3

To navigate to Release Notes for Cisco IOS Release 11.3, follow this path on the Documentation CD-ROM:

Cisco IOS Software Configuration: Cisco IOS Release 11.3: Release Notes for Cisco IOS Release 11.3

•Product bulletins, field notices, and other release-specific documents

To reach these documents, see the Software Center at the following path on CCO:

Service & Support: Technical Documents

Platform-Specific Documents

The following hardware documents are available on CCO and the Documentation CD-ROM.

•Cisco uBR7200 series universal broadband routers hardware

•Cisco uBR7246 Installation and Configuration Guide

•Cisco uBR7223 Installation and Configuration Guide

•Cisco uBR7200 Series Configuration Notes

•Cisco Network Registrar for the uBR7200 Series

•Regulatory and Safety Compliance for the Cisco uBR7246

•Regulatory and Safety Compliance for the Cisco uBR7223

•Cisco uBR7200 Series Feature Enhancements

•Cisco uBR900 series hardware

•Cisco uBR904 Cable Modem Installation and Configuration Guide

•Cisco uBR904 Cable Modem Quick Reference Guide

•Update to the uBR904 Cable Modem Installation and Configuration Guide

•Bridging and Routing Features for the Cisco uBR904

•Regulatory Compliance and Safety Info. for the Cisco uBR904

•Troubleshooting Tips for the Cisco uBR904 Cable Modem

To reach Cisco uBR7200 and Cisco uBR900 series documentation on CCO, follow this path:

Service & Support: Documentation Home Page: Broadband/Cable Solutions: Cisco uBR7200 Series Universal Broadband Routers or Cisco uBR904 Cable Modem

To reach Cisco uBR7200 and Cisco uBR900 series documentation on the Documentation CD-ROM, follow this path:

Broadband/Cable Solutions: Cisco uBR7200 Series Universal Broadband Routers or Cisco uBR904 Cable Modem

Feature Modules

Feature modules describe new features supported by Release 11.3 NA and are an update to the Cisco IOS documentation set. As updates, the features modules are available online only. The feature module information is included in the next printing of the Cisco IOS documentation set. Each feature module consists of a brief overview of the feature, benefits, configuration tasks, and a command reference.

If you are viewing these release notes online, the existing feature modules are linked in the "New and Changed Information" section earlier in these release notes.

To reach the feature modules on CCO, follow this path:

Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 11.3: Release 11.3 NA Features

To reach the feature modules on the Documentation CD-ROM, follow this path:

Cisco IOS Software Configuration: Cisco IOS Release 11.3: Release 11.3 NA Features

Cisco IOS Software Documentation Set

The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents. These documents are shipped with your order in electronic form on the Documentation CD-ROM, unless you specifically ordered the printed versions.

Documentation Modules

Each module in the Cisco IOS documentation set consists of two books: a configuration guide and a corresponding command reference. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Each configuration guide can be used in conjunction with its corresponding command reference.

On CCO and the Documentation CD-ROM, two master hot-linked index provide information for the Cisco IOS software documentation set: configuration guides and command references.

To reach these documents on CCO, follow this path:

Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 11.3: Cisco IOS 11.3 Configuration Guides, Command References: Configuration Guide Master Index or Command Reference Master Index

To reach these documents on the Documentation CD-ROM, follow this path:

Cisco IOS Software Configuration: Cisco IOS Release 11.3: Cisco IOS 11.3 Configuration Guides, Command References: Configuration Guide Master Index or Command Reference Master Index

Release 11.3 Documentation Set

details the contents of the Cisco IOS Release 11.3 software documentation set. The document set is available in electronic form, and also in printed form upon request.

---

Note   The most current Cisco IOS documentation can be found on the CCO and the latest Documentation CD-ROM. These electronic documents might contain updates and modifications made after the paper documents were printed.

---

To reach software documents on CCO, follow this path:

Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 11.3

To reach software documentation on the Documentation CD-ROM, follow this path:

Service & Support: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 11.3

Table 8 Cisco IOS Software Release 11.3 Documentation Set   

Books	Chapter Topics
•Configuration Fundamentals Configuration Guide •Configuration Fundamentals Command Reference	Configuration Fundamentals Overview Cisco IOS User Interfaces File Management System Management
•Network Protocols Configuration Guide, Part 1 •Network Protocols Command Reference, Part 1	IP Addressing IP Services IP Routing Protocols
•Network Protocols Configuration Guide, Part 2 •Network Protocols Command Reference, Part 2	AppleTalk Novell IPX
•Network Protocols Configuration Guide, Part 3 •Network Protocols Command Reference, Part 3	Apollo Domain Banyan VINES DECnet ISO CLNS XNS
•Wide-Area Networking Configuration Guide •Wide-Area Networking Command Reference	ATM Frame Relay SMDS X.25 and LAPB
•Security Configuration Guide •Security Command Reference	AAA Security Services Security Server Protocols Traffic Filtering and Firewalls IP Security and Encryption Passwords and Privileges Neighbor Router Authentication IP Security Options
•Cisco IOS Interface Configuration Guide	Interface Configurations
•Dial Solutions Configuration Guide •Dial Solutions Command Reference	Dial-In Port Setup Dial-In Terminal Services Dial-on-Demand Routing (DDR) Dial Backup Dial-Out Modem Pooling Large-Scale Dial Solutions Cost-Control Solutions ISDN X.25 over ISDN VPDN Dial Business Solutions and Examples
•Cisco IOS Switching Services Configuration Guide •Cisco IOS Switching Services Command Reference	Switching Paths for IP Networks Virtual LAN (VLAN) Switching and Routing
•Bridging and IBM Networking Configuration Guide •Bridging and IBM Networking Command Reference	Transparent Bridging Source-Route Bridging Token Ring Inter-Switch Link Remote Source-Route Bridging DLSw+ STUN and BSTUN LLC2 and SDLC IBM Network Media Translation DSPU and SNA Service Point SNA Frame Relay Access Support APPN Cisco Database Connection NCIA Client/Server Topologies Cisco Mainframe Channel Connection Airline Product Set
•Voice, Video, and Home Applications Configuration Guide •Voice, Video, and Home Applications Command Reference	Voice over IP Voice over Frame Relay Voice over ATM Voice over HDLC Video Support Universal Broadband Features
•Quality of Service Solutions Configuration Guide •Quality of Service Solutions Command Reference	Classification Scheduling Packet Drop Traffic Shaping ATM QoS SNA QoS Line Protocols
•Configuration Guide Master Index •Command Reference Master Index
•Cisco IOS Software Command Summary •Cisco IOS System Error Messages •Debug Command Reference •Dial Solutions Quick Configuration Guide

---

Note   The Cisco Management Information Base (MIB) User Quick Reference publication is no longer published. For the latest list of MIBs supported by Cisco, see Cisco Network Management Toolkit on Cisco Connection Online. From CCO, click on the following path: Software & Support: Software Center: Network Mgmt Products: Cisco Network Management Toolkit: Cisco MIB.

---

Service and Support

For service and support for a product purchased from a reseller, contact the reseller. Resellers offer a wide variety of Cisco service and support programs, which are described in the section "Service and Support" in the information packet that shipped with your product.

---

Note   If you purchased your product from a reseller, you can access CCO as a guest. CCO is Cisco Systems' primary real-time support channel. Your reseller offers programs that include direct access to CCO services.

---

For service and support for a product purchased directly from Cisco, use CCO.

Software Configuration Tips on the Cisco Technical Assistance Center Home Page

If you have a CCO login account, you can access the following URL, which contains links and helpful tips on configuring Cisco products:

http://www.cisco.com/public/serv_tips.shtml

This URL is subject to change without notice. If it changes, point your Web browser to CCO and click on this path: Products & Technologies: Products: Technical Tips

The following sections are provided from the Technical Tips page:

•Access Dial Cookbook—Contains common configurations or recipes for configuring various access routes and dial technologies.

•Field Notices—Designed to notify you of any critical issues regarding Cisco products. These notices include problem descriptions, safety or security issues, and hardware defects.

•Hardware—Technical Tips related to specific hardware platforms.

•Hot Tips—Popular tips and hints gathered from the Cisco Technical Assistance Center (TAC). Most of these documents are available from the TAC Fax-on-demand service. To reach Fax-on-demand and receive documents at your fax machine from the United States, call 888-50-CISCO (888-502-4726). From other areas, call 650-596-4408.

•Internetworking Features—Tips on using and deploying Cisco IOS software features and services.

•Sample Configurations—Actual configuration examples—examples complete with topology and annotations.

•Software Products—MultiNet & Cisco Suite 100, Network Management, Cisco IOS Software Bulletins, and CiscoPro Configurations.

•Special Collections—Other Helpful Documents, including Case Studies, References & RFCs, and Security Advisories.

Cisco Connection Online

Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.

Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.

CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.

You can access CCO in the following ways:

•WWW:  http://www.cisco.com

•WWW:  http://www-europe.cisco.com

•WWW:  http://www-china.cisco.com

•Telnet:  cco.cisco.com

•Modem:  From North America, 408 526-8070; from Europe, 33 1 64 46 40 82. Use the following terminal settings: VT100 emulation; databits: 8; parity: none; stop bits: 1; and connection rates up to 28.8 kbps.

For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.

---

Note   If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com. To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526-7208, or cs-rep@cisco.com.

---

Documentation CD-ROM

Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.

If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.

78-5911-08