Table Of Contents
Release Notes for Cisco uBR924
Cable Access Router for Cisco IOS Release 12.0(7)XR1Determining the Software Version
Upgrading to a New Software Release
No New Hardware Features in Release 12.0(7)XR1
New Software Features in Release 12.0(7)XR1
No New Hardware Features in Release 12.0(7)XR
New Software Features in Release 12.0(7)XR
DOCSIS 1.0+ Extensions—Dynamic Multi-SID Assignment and Concatenation
No New Hardware Features in Release 12.0(7)T
New Software Features in Release 12.0(7)T
VPN Enhancement—Dynamic Crypto Map
NetRanger Support—Cisco IOS Intrusion Detection
Firewall (Phase II)—Cisco Secure Integrated Software
Simple Gateway Control Protocol 1.1
No New Hardware Features in Release 12.0(5)T
New Software Features in Release 12.0(5)T
Firewall (Phase I)—Cisco Secure Integrated Software
Baseline Privacy Management Information Base
New Hardware Features In Release 12.0(4)XI1
New Software Features In Release 12.0(4)XI1
Full and DOCSIS-Compliant Bridging
Using Multiple PCs with a Cisco uBR924 Cable Access Router
Last Maintenance Release of Cisco IOS Release 12.0 T
Supplemental and Corrected Text for the Online Feature Module
Resolved Caveats—Release 12.0(7)XR1
Open Caveats—Release 12.0(7)XR1
Open Caveats—Release 12.0(7)XR
Open Caveats—Release 12.0(5)T1
Resolved Caveats—Release 12.0(5)T1
Resolved Caveats—Release 12.0(5)T
Cisco IOS Software Documentation Set
Release 12.0 Documentation Set
Software Configuration Tips on the Cisco Technical Assistance Center Home Page
Release Notes for Cisco uBR924
Cable Access Router for Cisco IOS Release 12.0(7)XR1
January 17, 2000
These release notes for the Cisco uBR924 cable access router support Cisco IOS Release 12.0 T, up to and including Release 12.0(4)XI1, 12.0(5)T, 12.0(7)T, 12.0(7)XR, 12.0(7)XR1 or higher interim images. These release notes are updated as needed to describe new features, memory requirements, hardware support, software platform deferrals, and changes to the microcode or modem code and related documents.
For a list of software caveats that apply to Release 12.0(7)XR1, see the "Caveats" section and Caveats for Cisco IOS Release 12.0 T. The caveats document is updated for every maintenance release and is located on Cisco Connection Online (CCO).
Use these release notes with Cross-Platform Release Notes for Cisco IOS Release 12.0 located on CCO.
Contents
These release notes describe the following topics:
Introduction
The Cisco uBR924 cable access router gives residential or small office/home office (SOHO) subscribers high-speed Internet or Intranet access and packet telephone services via a shared two-way cable system and IP backbone network. The router connects computers, telephone or fax equipment, and other customer premises devices at a subscriber site to the service provider's cable and IP backbone network.
The router is based on Data-Over-Cable Service Interface Specifications (DOCSIS) and interoperates with any bidirectional, DOCSIS-qualified Cable Modem Termination System (CMTS). The router ships from the Cisco factory with a Cisco IOS software image stored in nonvolatile memory (NVRAM) that supports DOCSIS-compliant bridging data operations. The Cisco uBR924 cable access router functions as a cable modem—a modulator/demodulator at a subscriber site to convey data communications on the cable television system.
Based on the feature licenses your company purchased, other Cisco IOS images can be downloaded from Cisco Connection Online (CCO). Each Cisco uBR924 cable access router in your network can then be configured to support Voice over IP (VoIP) and/or other special operating modes based on your service offering and the practices in place for your network. The Cisco uBR924 cable access router can function as an advanced router, providing wide area network (WAN) data connectivity in a variety of configurations.
Note
Starting with Cisco IOS Release 12.0(5)T, all Cisco uBR924 cable access router images support DOCSIS Baseline Privacy (BPI) encryption/decryption. BPI is subject to export restrictions.
Early Deployment Releases
These release notes describe the Cisco uBR924 cable access router for Release 12.0(7)XR1. Release 12.0(7)XR1 is an Early Deployment (ED) release based on Release 12.0 and announces fixes to software caveats and support for new Cisco hardware.
For information about features in Release 12.0, see Cross-Platform Release Notes for Cisco IOS Release 12.0 on CCO.
For information about features in other ED releases, see .
For information about features in other platforms, see Release Notes for Cisco IOS Release 12.0 on CCO.
System Requirements
This section describes the system requirements for IOS Releases 12.0(4)XI1, 12.0(5)T, 12.0(7)T, 12.0(7)XR, and 12.0(7)XR1:
•
Determining the Software Version
•
Upgrading to a New Software Release
Memory Requirements
The image subset legend for Table 2 and is as follows:
•
y5=Reduced IP image with easy IP functionality (PAT/NAT/DHCP server)
•
v4=Voice set—Additional SGCP protocol is supported for voice in Cisco IOS Release 12.0(7)T, Cisco IOS Release 12.0(7)XR, and Cisco IOS Release 12.0(7)XR1
•
s=Plus set includes L2TP—Available in Cisco IOS Release 12.0(7)T and Cisco IOS Release 12.0(7)XR1; not available in Cisco IOS Release 12.0(7)XR
•
o=Firewall (Phase I) feature set—Available in Cisco IOS Release 12.0(5)T
•
o3=Firewall (Phase II) feature set—Available in Cisco IOS Release 12.0(7)T and Cisco IOS Release 12.0(7)XR1; not available in Cisco IOS Release 12.0(7)XR
•
k1=DOCSIS baseline privacy
•
56i=56-bit IPSec—Available in Cisco IOS Release 12.0(7)T; not available in Cisco IOS Release 12.0(7)XR and Cisco IOS Release 12.0(7)XR1
•
k2=Triple DES (Phase I)—Available in Cisco IOS Release 12.0(5)T; enhancements available in Cisco IOS Release 12.0(7)T and Cisco IOS Release 12.0(7)XR1
Headend Interoperability
Voice
Cisco IOS Release 12.0(7)XR and Cisco IOS Release 12.0(7)XR1 images introduce DOCSIS 1.0+ Extensions that support dynamic multi-SID assignment and concatenation. Dynamic multi-SID assignment enables you to dynamically and automatically add, delete, and modify multiple SIDs to have the parameters (such as QoS) required for the type of traffic passed over the data flow—typically voice, which requires a higher priority to ensure optimum voice quality. With dynamic multi-SIDs, high-bandwidth data streams can be created and eliminated as needed. Concatenation enables you to combine multiple upstream packets into one packet to reduce packet overhead and overall latency, as well as increase transmission efficiency.
Note
In order to use the dynamic multi-SID and concatenation feature, both the Cisco uBR924 cable access router and the CMTS router must have dynamic multi-SID support. If you are using the Cisco uBR7200 series headend equipment as the CMTS router, Cisco IOS Release 12.0(7)XR or Cisco IOS 12.0(7)XR1 is required on both the Cisco uBR924 cable access router and the CMTS router to ensure these features are activated.
In Cisco IOS Release 12.0(7)T, Simple Gateway Control Protocol (SGCP) is introduced. SGCP is an alternative to the H.323 protocol that provides signaling and feature negotiation via a remote Call Agent (CA). SGCP eliminates the need for a dial plan mapper. It also eliminates the need for static configuration on the router to map IP addresses to telephone numbers because this function is provided by the remote CA.
To configure the Cisco uBR924 cable access router to support multiple classes of service, use either the Cisco Subscriber Registration Center (CSRC) tool or the configuration file editor of your choice. DOCSIS configuration files can contain multiple classes of service (CoS) to support voice. The first CoS is used for data (and voice if no other CoS is defined), and a second CoS can be defined to give higher priority for voice traffic. Lower-priority traffic can then be fragmented to avoid interfering with the timeslots allocated for voice traffic.
When configured to support voice in Cisco IOS Releases 12.0(4)XI1 and 12.0(5)T, the Cisco uBR924 cable access router packetizes and transports voice in compliance with the H.323 protocol. H.323v2 is integrated in Cisco gatekeeper/gateway products, such as the Cisco 2600 series and Cisco 3600 series, using Cisco IOS Release 12.0(5)T or higher interim images. The gatekeeper must be running Cisco IOS Release 12.0(5)T or higher in order to support registration of the full E.164 address for each Cisco uBR924 cable access router port.
Note
In Cisco IOS Release 12.0(5)T, the CMTS images, if you are using Cisco uBR7200 series equipment, support static multi-SID. Static multi-SID provides better-than-best-effort transmission of either data and voice or a combination of data and voice packets.
Advanced Data Feature Sets
Note
Starting with Cisco IOS Release 12.0(5)T, all Cisco uBR924 cable access router images support DOCSIS Baseline Privacy (BPI) encryption/decryption. BPI is subject to export restrictions.
To support encryption/decryption, Cisco IOS images must contain encryption/decryption software at both the CMTS router and the Cisco uBR924 cable access router. Both the CMTS router and the Cisco uBR924 cable access router must be enabled and configured per the software feature set.
If you are using Cisco 7200 series equipment, also refer to applicable release notes for the corresponding images at the headend that support the encryption/decryption software and the VPN solution set.
Hardware Supported
The Cisco uBR924 cable access router contains:
•
A single F-connector interface to the cable system.
•
Four RJ-45 (10BaseT Ethernet) hub ports to connect:
•
Up to three computers directly to the four Ethernet hub ports at the rear of the Cisco uBR924 cable access router when operating in bridging mode using Cisco IOS Release 12.0(4)XI or higher interim images. When operating in routing mode, all four Ethernet hub ports can be connected directly to four computers.
Note
When using Cisco IOS Release 12.0(5)T or higher, four computers can be connected directly to the four Ethernet hub ports in bridging mode.
•
One of the four Ethernet hub ports at the rear of the Cisco uBR924 cable access router can be connected to an Ethernet hub, which then connects additional computers or devices at the site when operating in routing or bridging mode using Cisco IOS Release 12.0(5)T or higher.
•
Two RJ-11 Foreign Exchange Station (FXS) ports to connect telephones and fax devices to the cable system and IP backbone; the router ships from the Cisco factory with the voice ports disabled. FXS ports on the Cisco uBR924 cable access router are to be connected to analog telephones or fax machines and not used for PBX extensions.
•
One RJ-11 port to connect to a standard, analog telephone line (optional) to provide a backup Plain Old Telephone Service (POTS) connection to the Public Switched Telephone Network (PSTN) should the Cisco uBR924 cable access router lose power.
•
One RJ-45 console port (optional) to connect to a laptop computer or console terminal when locally configuring the Cisco uBR924 cable access router; the router ships from the Cisco factory with the console port enabled.
Determining the Software Version
To determine the version of Cisco IOS software running on your Cisco uBR924 cable access router, log in to the Cisco uBR924 cable access router and enter the show version EXEC command:
router#show verCisco Internetwork Operating System SoftwareIOS (tm) 920 Software (UBR920-Y5-M), Version 12.0(7)XR1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc2)TAC:Home:SW:IOS:Specials for infoCopyright (c) 1986-1999 by cisco Systems, Inc.Upgrading to a New Software Release
For information about upgrading to a new software release, see the product bulletin Cisco IOS Software Release 12.0 T Upgrade Paths and Packaging Simplification (#819: 1/99) on CCO at:
Service & Support: Software Center: Cisco IOS Software: Product Bulletins: Software
Under Cisco IOS 12.0, click Cisco IOS Software Release 12.0 T Upgrade (#819: 1/99)
Note
The Cisco IOS Software Release 12.0 T Upgrade Paths and Packaging Simplification can also be found at this URL: http://www.cisco.com/kobayashi/library/12.0/120MigrPaths.pdf. You must have an account on CCO to access this URL.
Feature Set Tables
The Cisco IOS software is packaged in feature sets consisting of software images—depending on the platform. Each feature set contains a specific set of Cisco IOS features. (See .)
Release 12.0(7)XR1 supports the same feature sets as Release 12.0, but Release 12.0(7)XR1 can include new features supported by the Cisco uBR924 cable access router.
The Cisco uBR924 cable access router IP routing capabilities conserve IP addresses by using port-level multiplexed Network Address Translation (NAT) and Port Address Translation (PAT). Dynamic Host Configuration Protocol (DHCP) is used to distribute these or real IP addresses to the devices the Cisco uBR924 cable access router supports. NAT/PAT is bundled with DHCP server into a feature referred to as "Easy IP."
CautionCisco IOS images with strong encryption (including, but not limited to, 168-bit [3DES] data encryption feature sets) are subject to United States government export controls and have limited distribution. Strong encryption images to be installed outside the United States may require an export license. Customer orders may be denied or subject to delay due to United States government regulations. When applicable, the purchaser or user must obtain local import and use authorizations for all encryption strengths. Contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com.
lists the features and feature sets supported by the Cisco uBR924 cable access router in Cisco IOS Releasse 12.0(4)XI1, 12.(5)T, 12.0(7)T, 12.0(7)XR, and 12.0(7)XR1and uses the following conventions:
•
Yes—The feature is supported in the feature set.
•
No—The feature is not supported in the feature set.
•
In—The number in the "In" column indicates the Cisco IOS release in which the feature was first introduced.
Note
This feature set table only contains a selected list of features. This table is not cumulative— nor does it list all the features in each image.
Both and list the Cisco IOS software images by feature sets. lists the voice and data software images; lists the data-only software images.
New and Changed Information
The following sections list the new hardware and software features supported by the Cisco uBR924 cable access router.
No New Hardware Features in Release 12.0(7)XR1
There are no new hardware features supported by the Cisco uBR924 cable access router for Release 12.0(7)XR1.
New Software Features in Release 12.0(7)XR1
Cisco IOS Release 12.0(7)XR1 introduces additional capabilities from Cisco IOS Release 12.0(7)XR. Cisco IOS Release 12.0(7)XR1 consolidates all new software features added in Cisco IOS Release 12.0(7)XR and Cisco IOS Release 12.0(7)T. Cisco IOS Release 12.0(7)XR1 includes 3 DES and Firewall (Phase II) support not found in Cisco IOS Release 12.0(7)XR, but does not include 56-bit IPSec support found in Cisco IOS Release 12.0(7)T.
No New Hardware Features in Release 12.0(7)XR
There are no new hardware features supported by the Cisco uBR924 cable access router for Release 12.0(7)XR.
New Software Features in Release 12.0(7)XR
The following new software features are supported by the Cisco uBR924 cable access router for Release 12.0(7)XR.
DOCSIS 1.0+ Extensions—Dynamic Multi-SID Assignment and Concatenation
The following are Cisco uBR924 cable access router DOCSIS 1.0+ extensions that are supported in Cisco IOS Release 12.0(7)XR:
•
Dynamic Multi-SID Assignment—New MAC messages are introduced to dynamically add, delete, and modify SIDs to have the parameters (such as QoS) required for the type of traffic that will be passed over the data flow. The new MAC messages (SID_ADD, SID_CHANGE, and SID_DELETE) can be used to ensure that the Cisco uBR924 cable access router has the required bandwidth to process its voice traffic, and that it is not requesting more bandwidth than is required for processing its voice traffic. Without dynamic multi-SID assignment and QoS, the Cisco uBR924 cable access router would be required to statically configure two high-priority SIDs even if they were never used. With these new messages, high-bandwidth data streams can be created and eliminated as needed.
•
Concatenation—DOCSIS concatenation combines multiple upstream packets into one packet to reduce packet overhead and overall latency, as well as increase transmission efficiency. Using concatenation, a DOCSIS cable modem needs to make only one bandwidth request for a concatenated packet, as opposed to making a different bandwidth request for each individual packet; this technique is especially effective for bursty real-time traffic, such as voice calls.
Note
In order to use the dynamic multi-SID and concatenation feature, both the Cisco uBR924 cable access router and the CMTS router must have dynamic multi-SID support. If you are using the Cisco uBR7200 series headend equipment as the CMTS router, Cisco IOS Release 12.0(7)XR or Cisco IOS Release 12.0(7)XR1 is required on both the Cisco uBR924 cable access router and the CMTS router to ensure these features are activated.
No New Hardware Features in Release 12.0(7)T
There are no new hardware features supported by the Cisco uBR924 cable access router for Release 12.0(7)T.
New Software Features in Release 12.0(7)T
The following new software features are supported by the Cisco uBR924 cable access router for Release 12.0(7)T.
VPN Enhancement—Dynamic Crypto Map
Dynamic crypto map is one of the PIX IPSec network security commands. IPSec provides security for transmission of sensitive information over unprotected networks such as the Internet.
The dynamic crypto map command is used to create policy templates that are used when processing negotiation requests for new security associations from a remote IPSec peer, even if you do not know all of the crypto map parameters required to communicate with the remote peer (such as the peer's IP address). The dynamic crypto map allows you to accept requests for new security associations from previously unknown peers. These requests, however, are not processed until the ISAKMP (IKE) authentication has completed successfully.
When the firewall receives a negotiation request via IKE from another IPSec peer, the request is examined to see if it matches a crypto map entry. If the negotiation does not match any explicit crypto map entry, it will be rejected unless the crypto map set includes a reference to a dynamic crypto map.
If the firewall accepts the peer's request, at the point that it installs the new IPSec security associations, it also installs a temporary crypto map entry. This entry is filled in with the results of the negotiation. At this point, the firewall performs normal processing, using this temporary crypto map entry as a normal entry, even requesting new security associations if the current ones are expiring (based on the policy specified in the temporary crypto map entry). After all of the corresponding security associations expire, the temporary crypto map entry is removed.
Dynamic crypto map sets are not used for initiating IPSec security associations. However, they are used for determining whether or not traffic should be protected.
Note
The only parameter required in a dynamic crypto map is the set transform-set. All other parameters are optional.
NetRanger Support—Cisco IOS Intrusion Detection
Cisco IOS Release 12.0(7)T supports NetRanger programming. NetRanger is an Intrusion Detection System (IDS) composed of three parts:
•
A management console (director) that is used to view the alarms as well as to manage the sensors.
•
A sensor that monitors traffic. This traffic is matched against a list of known signatures to detect misuse of the network. This is usually in the form of scanning for vulnerabilities or of attacking systems. When a signature is matched, the sensor can track certain actions. In the case of the appliance sensor, it can reset (via TCP/rst) sessions, or enable "shuns" of further traffic. In the case of the IOS-IDS, it can drop traffic. In all cases, the sensor can send alarms to the director.
•
Communications through automated report generation of standardized and customizable reports and QoS/CoS monitoring capabilities.
Firewall (Phase II)—Cisco Secure Integrated Software
Cisco IOS Release 12.0(7)T enhances the Cisco IOS Firewall feature set with the Cisco IOS Firewall (Phase II) set of features:
•
Context-Based Access Control (CBAC) that intelligently filters TCP and UDP packets based on the application-layer protocol. This includes Java applets, which can be blocked completely or allowed only from known and trusted sources.
•
Detection and prevention of the most common denial of service (DoS) attacks, such as ICMP and UDP echo packet flooding, SYN packet flooding, half-open or other unusual TCP connections, and deliberate mis-fragmentation of IP packets.
•
Support for a broad range of commonly used protocols, including H.323 and NetMeeting, FTP, HTTP, MS Netshow, RPC, SMTP, SQL*Net, and TFTP.
•
Authentication Proxy for authentication and authorization of web clients on a per-user basis.
•
Dynamic port mapping that maps the default port numbers for well-known applications to other port numbers. This can be done on a host-by-host basis or for an entire subnet, providing a large degree of control over which users can access different applications.
•
Configurable alerts and audit trail.
•
Intrusion Detection System (IDS) that recognizes the signatures of 59 common attack profiles. When an intrusion is detected, IDS can either send an alarm to a syslog server or to NetRanger Director, drop the packet, or reset the TCP connection.
•
User-configurable audit rules.
•
Configurable real-time alerts and audit trail logs.
For general information, see the description of the Cisco IOS Firewall Feature Set in the Cisco Product Catalog. For detailed information, see the Cisco IOS Firewall Feature Set documentation set, as well as the sections on Traffic Filtering and Firewalls in the Security Configuration Guide and Security Command Reference (available on the Documentation CD-ROM and CCO).
Simple Gateway Control Protocol 1.1
The Cisco uBR924 cable access router supports Simple Gateway Control Protocol (SGCP). SGCP is an out-of-band signaling protocol that interacts with the external Call Agent (CA) to establish telephone calls. SGCP eliminates the need for a dial plan mapper and static configuration on the router to map IP addresses to telephone numbers because this function is provided by the external CA.
The Cisco uBR924 cable access router supports SGCP residential gateway (RGW), as opposed to trunking gateway (TGW), which controls the telephone call.
SGCP MIB
The Simple Gateway Control Protocol (SGCP) Management Information Base (MIB) supports configuration, performance, and fault management of the SGCP interface. The SGCP MIB components are as follows:
•
xgcplnBadVersions—Number of incoming messages delivered to the protocol entity and that are for an unsupported protocol version
•
xgcpRequestTimeOut—Timeout value used for retransmitting an unacknowledged message
•
xgcpRequestRetries—Number of retries for a request that exceeds timeout
•
xgcpAdminStatus—Desired state of the protocol entity
•
xgcpOperStatus—Current operational status of the protocol entity
•
xgcpUnRecognizedPackets—Number of unrecognized packets since reset
•
xgcpMsgStatTable—Table that contains SGCP statistics information since reset
•
xgcpMsgStatEntry—Row in the xgcpMsgStatTable that contains information about SGCP message statistics per IP address of the Media Gateway Controller (MGC)
•
xgcpIPAddress—IP address of the MGC
•
xgcpSuccessMessages—Number of successful messages that communicate with the MGC on that IP address
•
xgcpFailMessages—Number of failed messages that communicate with the MGC on that IP address
•
xgcpUpDownNotification—Notification sent when the protocol status changes between up and down
No New Hardware Features in Release 12.0(5)T
There are no new hardware features supported by the Cisco uBR924 cable access router for Release 12.0(5)T.
New Software Features in Release 12.0(5)T
Note
All Cisco IOS Release 12.0(5)T images were deferred because of DDTS entries CSCdm64438 and CSCdm66365. See Resolved Caveats—Release 12.0(5)T1.
The following new software features are supported by the Cisco uBR924 cable access router for Release 12.0(5)T.
Fax
Fax support is introduced in Cisco IOS Release 12.0(5)T images that support voice. The two Cisco uBR924 cable access router VoIP ports can now be connected to telephone or fax devices. Also refer to New Hardware Features In Release 12.0(4)XI1.
Note
Only one voice call (telephone or fax) per VoIP line is active at a time.
Enhanced Bridging
The Cisco uBR924 cable access router contains four RJ-45 (10BaseT Ethernet) hub ports. Using Cisco IOS Release 12.0(5)T or higher interim images, these hub ports can be connected to four computers directly or one of the four ports to an Ethernet hub. The Ethernet hub connects additional computers or devices at the site. A maximum of three devices can be bridged using Cisco IOS 12.0(4)XI or higher interim images. A maximum of 254 devices can be bridged using Cisco IOS 12.0(5)T or higher interim images. (No limit exists in routing mode.)
DOCSIS Baseline Privacy
The DOCSIS Baseline Privacy feature is based on the DOCSIS Baseline Privacy Interface Specification. It provides data privacy across the HFC network by encrypting traffic flows between the Cisco uBR924 cable access router and the cable operator's Cable Modem Termination System (CMTS).
Baseline Privacy security services are defined as a set of extended services within the DOCSIS MAC sublayer. Two new MAC management message types, BPKM-REQ and BPKM-RSP, are employed to support the Baseline Privacy Key Management (BPKM) protocol.
The BPKM protocol does not use authentication mechanisms such as passwords or digital signatures; it provides basic protection of service by ensuring that a cable modem, uniquely identified by its 48-bit IEEE MAC address, can only obtain keying material for services it is authorized to access. The Cisco uBR924 cable access router is able to obtain two types of keys from the CMTS: the Traffic Exchange Key (TEK), which is used to encrypt and decrypt data packets, and the Key Exchange Key (KEK), which is used to decrypt the TEK.
For more information on this feature, refer to the DOCSIS Baseline Privacy Interface Specification (SP-BPI-IO1-970922).
IPSec Network Security
IPSec Network Security (IPSec) is an IP security feature that provides robust authentications and encryption of IP packets. IPSec is a framework of open standards developed by the Internet Engineering Task Force (IETF). IPSec provides security for transmission of sensitive information over unprotected networks such as the Internet. IPSec acts at the network layer, protecting and authenticating IP packets between participating IPSec devices ("peers") such as the Cisco uBR924 cable access router.
IPSec provides the following network security services:
•
Privacy—IPSec can encrypt packets before transmitting them across a network.
•
Integrity—IPSec authenticates packets at the destination peer to ensure that the data has not been altered during transmission.
•
Authentication—Peers authenticate the source of all IPSec-protected packets.
•
Anti-replay protection—Prevents capture and replay of packets; helps protect against denial-of-service attacks.
Triple DES (Phase I)
Data Encryption Standard (DES) is a standard cryptographic algorithm developed by the United States National Bureau of Standards. The Triple DES (3DES) images increase the encryption/decryption from the 56-bit IPSec feature set to 168 bit.
Layer 2 Tunneling Protocol
Layer 2 Tunneling Protocol (L2TP) is an emerging Internet Engineering Task Force (IETF) standard that combines Cisco's Layer 2 Forwarding (L2F) and Microsoft's Point-to-Point Tunneling Protocol (PPTP). L2TP is an extension of the Point-to-Point Protocol (PPP), which is an important component for Access Virtual Private Networks (VPNs).
Traditional dial-up networking services only supported registered IP addresses, which limited the types of applications that could be implemented over VPNs. L2TP supports multiple protocols and unregistered and privately administered IP addresses over the Internet. This allows the existing access infrastructure, such as the Internet, modems, access servers, and ISDN terminal adapters (TAs), to be used.
L2TP can be initiated wherever PPTP or L2F is currently deployed and can be operated as a client initiated tunnel, such as PPTP, or a network access server (NAS) initiated tunnel, such as L2F.
Refer to the Limitations and Restrictions section for information regarding the functionality of the Cisco uBR924 cable access router in L2TP applications.
Firewall (Phase I)—Cisco Secure Integrated Software
The Firewall (Phase I) feature set extends the security technology currently available in Cisco IOS software to the Cisco uBR924 cable access router, providing firewall-specific capabilities. Firewall (Phase I) features include stateful, application-based filtering, dynamic per-user authentication and authorization, defense against network attacks, Java blocking, and real-time alerts. Firewall (Phase I) is interoperable with Cisco IOS software features including NAT, VPN tunneling protocols, Cisco Express Forwarding (CEF), AAA extensions, Cisco encryption technology, and Cisco IOS IPSec.
Baseline Privacy Management Information Base
The Baseline Privacy Management Information Base (MIB), as currently defined, is now available in Cisco IOS Release 12.0(5)T code. BPI allows an SNMP manager to monitor and manage the Cisco uBR924 cable access router's BPI configuration, including whether BPI is enabled, status of current authorization keys, current timeout values, real-time status counters, and additional information about authorization errors.
Note
The SNMP manager must load the DOCSIS-BPI-MIB.my MIB to access the BPI attributes.
New Hardware Features In Release 12.0(4)XI1
The following new hardware feature is supported by the Cisco uBR924 cable access router for Release 12.0(4)XI1.The Cisco uBR924 cable access router contains two FXS VoIP ports that are labeled V1+V2 and V2 at the rear of the unit. These ports can be connected directly to telephones or to adapters that allow multiple telephones to be connected to each of the two VoIP telephone lines. The Ringer Equivalence Number (REN) determines how many telephones can be connected to a telephone line.
Note
In most areas, the sum of the RENs of all devices on any one line should not exceed 5. If too many devices are attached, they may not ring properly.
Between 5 and 10 voice devices can be connected to each of the two VoIP telephone lines, provided each telephone line does not exceed the 5 REN limit. Typical length of the 26-gauge telephone wire is 3,000 feet or more.
The Cisco uBR924 cable access router can support the number of telephones typically found in small businesses.
New Software Features In Release 12.0(4)XI1
Note
All Cisco IOS Release 12.0(4)XI images were deferred because of the DDTS entries CSCdm34966, CSCdm40915, and CSCdm47138. See


