Table Of Contents
Release Notes for Cisco uBR924
Cable Access Router for Cisco IOS Release 12.0(7)TDetermining the Software Version
Upgrading to a New Software Release
No New Hardware Features in Release 12.0(7)T
New Software Features in Release 12.0(7)T
VPN Enhancement—Dynamic Crypto Map
NetRanger Support—IOS Intrusion Detection
Simple Gateway Control Protocol 1.1
No New Hardware Features in Release 12.0(5)T
New Software Features in Release 12.0(5)T
Baseline Privacy Management Information Base
New Hardware Features In Release 12.0(4)XI1
New Software Features In Release 12.0(4)XI1
Full and DOCSIS-Compliant Bridging
Using Multiple PCs with a Cisco uBR924 Cable Access Router
Last Maintenance Release of Cisco IOS Release 12.0 T
Supplemental and Corrected Text for the Online Feature Module
Open Caveats—Release 12.0(5)T1
Resolved Caveats—Release 12.0(5)T1
Resolved Caveats—Release 12.0(5)T
Cisco IOS Software Documentation Set
Release 12.0 Documentation Set
Software Configuration Tips on the Cisco Technical Assistance Center Home Page
Release Notes for Cisco uBR924
Cable Access Router for Cisco IOS Release 12.0(7)T
December 13, 1999
These release notes for the Cisco uBR924 cable access router support Cisco IOS Release 12.0 T, up to and including Release 12.0(4)XI1, 12.0(5)T, 12.0(7)T, or higher interim images. These release notes are updated as needed to describe new features, memory requirements, hardware support, software platform deferrals, and changes to the microcode or modem code and related documents.
For a list of software caveats that apply to Release 12.0(7)T, see the "Caveats" section and Caveats for Cisco IOS Release 12.0 T. The caveats document is updated for every maintenance release and is located on Cisco Connection Online (CCO).
Use these release notes with Cross-Platform Release Notes for Cisco IOS Release 12.0 located on CCO.
Contents
These release notes describe the following topics:
Introduction
The Cisco uBR924 cable access router gives residential or small office/home office (SOHO) subscribers high-speed Internet or Intranet access and packet telephone services via a shared two-way cable system and IP backbone network. The router connects computers, telephone or fax equipment, and other customer premises devices at a subscriber site to the service provider's cable and IP backbone network.
The router is based on Data-Over-Cable Service Interface Specifications (DOCSIS) and interoperates with any bidirectional, DOCSIS-qualified Cable Modem Termination System (CMTS). The router ships from the Cisco factory with a Cisco IOS software image stored in nonvolatile memory (NVRAM) that supports DOCSIS-compliant bridging data operations. The Cisco uBR924 cable access router functions as a cable modem—a modulator/demodulator at a subscriber site to convey data communications on the cable television system.
Based on the feature licenses your company purchased, other Cisco IOS images can be downloaded from Cisco Connection Online (CCO). Each Cisco uBR924 cable access router in your network can then be configured to support Voice over IP (VoIP) and/or other special operating modes based on your service offering and the practices in place for your network. The Cisco uBR924 cable access router can function as an advanced router, providing wide area network (WAN) data connectivity in a variety of configurations.
Note
Starting with Cisco IOS Release 12.0(5)T, all Cisco uBR924 cable access router images support DOCSIS Baseline Privacy (BPI) encryption/decryption. BPI is subject to export restrictions.
Early Deployment Releases
These release notes describe the Cisco uBR924 cable access router for Release 12.0(7)T. Release 12.0 T is an Early Deployment (ED) release based on Release 12.0 and announces fixes to software caveats and support for new Cisco hardware.
For information about features in Release 12.0, see Cross-Platform Release Notes for Cisco IOS Release 12.0 on CCO.
For information about features in other ED releases, see .
For information about features in other platforms, see Release Notes for Cisco IOS Release 12.0 on CCO.
System Requirements
This section describes the system requirements for Release 12.0 T:
•
•
Memory Requirements
The image subset legend for Table 2 and is as follows:
•
•
•
•
•
•
•
•
Headend Interoperability
Voice
In Cisco IOS Release 12.0(7)T, Simple Gateway Control Protocol (SGCP) is introduced. SGCP is an alternative to the H.323 protocol that provides signaling and feature negotiation via a remote Call Agent (CA). SGCP eliminates the need for a dial plan mapper. It also eliminates the need for static configuration on the router to map IP addresses to telephone numbers because this function is provided by the remote CA.
To configure the Cisco uBR924 cable access router to support multiple classes of service, use either the Cisco Subscriber Registration Center (CSRC) tool or the configuration file editor of your choice. DOCSIS configuration files can contain multiple classes of service (CoS) to support voice. The first CoS is used for data (and voice if no other CoS is defined), and a second CoS can be defined to give higher priority for voice traffic. Lower-priority traffic can then be fragmented to avoid interfering with the timeslots allocated for voice traffic.
When configured to support voice in Cisco IOS Releases 12.0(4)XI1 and 12.0(5)T, the Cisco uBR924 cable access router packetizes and transports voice in compliance with the H.323 protocol. H.323v2 is integrated in Cisco gatekeeper/gateway products, such as the Cisco 2600 series and Cisco 3600 series, using Cisco IOS Release 12.0(5)T or higher interim images. The gatekeeper must be running Cisco IOS Release 12.0(5)T or higher in order to support registration of the full E.164 address for each Cisco uBR924 cable access router port.
Note
Advanced Data Feature Sets
Note
To support encryption/decryption, Cisco IOS images must contain encryption/decryption software at both the CMTS router and the Cisco uBR924 cable access router. Both the CMTS router and the Cisco uBR924 cable access router must be enabled and configured per the software feature set.
If you are using Cisco 7200 series equipment, also refer to applicable release notes for the corresponding images at the headend that support the encryption/decryption software and the VPN solution set.
Hardware Supported
The Cisco uBR924 cable access router contains:
•
•
•
Note
•
•
•
•
Determining the Software Version
To determine the version of Cisco IOS software running on your Cisco uBR924 cable access router, log in to the Cisco uBR924 cable access router and enter the show version EXEC command:
router#show verCisco Internetwork Operating System SoftwareIOS (tm) 920 Software (UBR920-Y5-M), Version 12.0(7)T, EARLY DEPLOYMENT RELEASE SOFTWARE (fc2)TAC:Home:SW:IOS:Specials for infoCopyright (c) 1986-1999 by cisco Systems, Inc.Upgrading to a New Software Release
For information about upgrading to a new software release, see the product bulletin Cisco IOS Software Release 12.0 T Upgrade Paths and Packaging Simplification (#819: 1/99) on CCO at:
Service & Support: Software Center: Cisco IOS Software: Product Bulletins: Software
Under Cisco IOS 12.0, click Cisco IOS Software Release 12.0 T Upgrade (#819: 1/99)
Note
Feature Set Tables
The Cisco IOS software is packaged in feature sets consisting of software images—depending on the platform. Each feature set contains a specific set of Cisco IOS features. (See .)
Release 12.0 T supports the same feature sets as Release 12.0, but Release 12.0 T can include new features supported by the Cisco uBR924 cable access router.
The Cisco uBR924 cable access router IP routing capabilities conserve IP addresses by using port-level multiplexed Network Address Translation (NAT) and Port Address Translation (PAT). Dynamic Host Configuration Protocol (DHCP) is used to distribute these or real IP addresses to the devices the Cisco uBR924 cable access router supports. NAT/PAT is bundled with DHCP server into a feature referred to as "Easy IP."
CautionCisco IOS images with strong encryption (including, but not limited to, 168-bit [3DES] data encryption feature sets) are subject to United States government export controls and have limited distribution. Strong encryption images to be installed outside the United States may require an export license. Customer orders may be denied or subject to delay due to United States government regulations. When applicable, the purchaser or user must obtain local import and use authorizations for all encryption strengths. Contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com.
lists the features and feature sets supported by the Cisco uBR924 cable access router in Cisco IOS Release 12.0 T and uses the following conventions:
•
•
•
Note
Both and list the Cisco IOS software images by feature sets. lists the voice and data software images; lists the data-only software images.
New and Changed Information
The following sections list the new hardware and software features supported by the Cisco uBR924 cable access router for Release 12.0 T.
No New Hardware Features in Release 12.0(7)T
There are no new hardware features supported by the Cisco uBR924 cable access router for Release 12.0(7)T.
New Software Features in Release 12.0(7)T
The following new software features are supported by the Cisco uBR924 cable access router for Release 12.0(7)T.
VPN Enhancement—Dynamic Crypto Map
Dynamic crypto map is one of the PIX IPSec network security commands. IPSec provides security for transmission of sensitive information over unprotected networks such as the Internet.
The dynamic crypto map command is used to create policy templates that are used when processing negotiation requests for new security associations from a remote IPSec peer, even if you do not know all of the crypto map parameters required to communicate with the remote peer (such as the peer's IP address). The dynamic crypto map allows you to accept requests for new security associations from previously unknown peers. These requests, however, are not processed until the ISAKMP (IKE) authentication has completed successfully.
When the firewall receives a negotiation request via IKE from another IPSec peer, the request is examined to see if it matches a crypto map entry. If the negotiation does not match any explicit crypto map entry, it will be rejected unless the crypto map set includes a reference to a dynamic crypto map.
If the firewall accepts the peer's request, at the point that it installs the new IPSec security associations, it also installs a temporary crypto map entry. This entry is filled in with the results of the negotiation. At this point, the firewall performs normal processing, using this temporary crypto map entry as a normal entry, even requesting new security associations if the current ones are expiring (based on the policy specified in the temporary crypto map entry). After all of the corresponding security associations expire, the temporary crypto map entry is removed.
Dynamic crypto map sets are not used for initiating IPSec security associations. However, they are used for determining whether or not traffic should be protected.
Note
NetRanger Support—IOS Intrusion Detection
Cisco IOS Release 12.0(7)T supports NetRanger programming. NetRanger is an Intrusion Detection System (IDS) composed of three parts:
•
•
•
Firewall (Phase II)
Cisco IOS Release 12.0(7)T enhances the Cisco IOS Firewall feature set with the Cisco IOS Firewall (Phase II) set of features:
•
•
•
•
•
•
•
•
•
For general information, see the description of the Cisco IOS Firewall Feature Set in the Cisco Product Catalog. For detailed information, see the Cisco IOS Firewall Feature Set documentation set, as well as the sections on Traffic Filtering and Firewalls in the Security Configuration Guide and Security Command Reference (available on the Documentation CD-ROM and CCO).
Simple Gateway Control Protocol 1.1
The Cisco uBR924 cable access router supports Simple Gateway Control Protocol (SGCP). SGCP is an out-of-band signaling protocol that interacts with the external Call Agent (CA) to establish telephone calls. SGCP eliminates the need for a dial plan mapper and static configuration on the router to map IP addresses to telephone numbers because this function is provided by the external CA.
The Cisco uBR924 cable access router supports SGCP residential gateway (RGW), as opposed to trunking gateway (TGW), which controls the telephone call.
SGCP MIB
The Simple Gateway Control Protocol (SGCP) Management Information Base (MIB) supports configuration, performance, and fault management of the SGCP interface. The SGCP MIB components are as follows:
•
•
•
•
•
•
•
•
•
•
•
•
No New Hardware Features in Release 12.0(5)T
There are no new hardware features supported by the Cisco uBR924 cable access router for Release 12.0(5)T.
New Software Features in Release 12.0(5)T
Note
The following new software features are supported by the Cisco uBR924 cable access router for Release 12.0(5)T.
Fax
Fax support is introduced in Cisco IOS Release 12.0(5)T images that support voice. The two Cisco uBR924 cable access router VoIP ports can now be connected to telephone or fax devices. Also refer to New Hardware Features In Release 12.0(4)XI1.
Note
Enhanced Bridging
The Cisco uBR924 cable access router contains four RJ-45 (10BaseT Ethernet) hub ports. Using Cisco IOS Release 12.0(5)T or higher interim images, these hub ports can be connected to four computers directly or one of the four ports to an Ethernet hub. The Ethernet hub connects additional computers or devices at the site. A maximum of three devices can be bridged using Cisco IOS 12.0(4)XI or higher interim images. A maximum of 254 devices can be bridged using Cisco IOS 12.0(5)T or higher interim images. (No limit exists in routing mode.)
DOCSIS Baseline Privacy
The DOCSIS Baseline Privacy feature is based on the DOCSIS Baseline Privacy Interface Specification. It provides data privacy across the HFC network by encrypting traffic flows between the Cisco uBR924 cable access router and the cable operator's Cable Modem Termination System (CMTS).
Baseline Privacy security services are defined as a set of extended services within the DOCSIS MAC sublayer. Two new MAC management message types, BPKM-REQ and BPKM-RSP, are employed to support the Baseline Privacy Key Management (BPKM) protocol.
The BPKM protocol does not use authentication mechanisms such as passwords or digital signatures; it provides basic protection of service by ensuring that a cable modem, uniquely identified by its 48-bit IEEE MAC address, can only obtain keying material for services it is authorized to access. The Cisco uBR924 cable access router is able to obtain two types of keys from the CMTS: the Traffic Exchange Key (TEK), which is used to encrypt and decrypt data packets, and the Key Exchange Key (KEK), which is used to decrypt the TEK.
For more information on this feature, refer to the DOCSIS Baseline Privacy Interface Specification (SP-BPI-IO1-970922).
IPSec Network Security
IPSec Network Security (IPSec) is an IP security feature that provides robust authentications and encryption of IP packets. IPSec is a framework of open standards developed by the Internet Engineering Task Force (IETF). IPSec provides security for transmission of sensitive information over unprotected networks such as the Internet. IPSec acts at the network layer, protecting and authenticating IP packets between participating IPSec devices ("peers") such as the Cisco uBR924 cable access router.
IPSec provides the following network security services:
•
•
•
•
Triple DES (Phase I)
Data Encryption Standard (DES) is a standard cryptographic algorithm developed by the United States National Bureau of Standards. The Triple DES (3DES) images increase the encryption/decryption from the 56-bit IPSec feature set to 168 bit.
Layer 2 Tunneling Protocol
Layer 2 Tunneling Protocol (L2TP) is an emerging Internet Engineering Task Force (IETF) standard that combines Cisco's Layer 2 Forwarding (L2F) and Microsoft's Point-to-Point Tunneling Protocol (PPTP). L2TP is an extension of the Point-to-Point Protocol (PPP), which is an important component for Access Virtual Private Networks (VPNs).
Traditional dial-up networking services only supported registered IP addresses, which limited the types of applications that could be implemented over VPNs. L2TP supports multiple protocols and unregistered and privately administered IP addresses over the Internet. This allows the existing access infrastructure, such as the Internet, modems, access servers, and ISDN terminal adapters (TAs), to be used.
L2TP can be initiated wherever PPTP or L2F is currently deployed and can be operated as a client initiated tunnel, such as PPTP, or a network access server (NAS) initiated tunnel, such as L2F.
Refer to the Limitations and Restrictions section for information regarding the functionality of the Cisco uBR924 cable access router in L2TP applications.
Firewall (Phase I)
The Firewall (Phase I) feature set extends the security technology currently available in Cisco IOS software to the Cisco uBR924 cable access router, providing firewall-specific capabilities. Firewall (Phase I) features include stateful, application-based filtering, dynamic per-user authentication and authorization, defense against network attacks, Java blocking, and real-time alerts. Firewall (Phase I) is interoperable with Cisco IOS software features including NAT, VPN tunneling protocols, Cisco Express Forwarding (CEF), AAA extensions, Cisco encryption technology, and Cisco IOS IPSec.
Baseline Privacy Management Information Base
The Baseline Privacy Management Information Base (MIB), as currently defined, is now available in Cisco IOS Release 12.0(5)T code. BPI allows an SNMP manager to monitor and manage the Cisco uBR924 cable access router's BPI configuration, including whether BPI is enabled, status of current authorization keys, current timeout values, real-time status counters, and additional information about authorization errors.
Note
New Hardware Features In Release 12.0(4)XI1
The following new hardware feature is supported by the Cisco uBR924 cable access router for Release 12.0(4)XI1.The Cisco uBR924 cable access router contains two FXS VoIP ports that are labeled V1+V2 and V2 at the rear of the unit. These ports can be connected directly to telephones or to adapters that allow multiple telephones to be connected to each of the two VoIP telephone lines. The Ringer Equivalence Number (REN) determines how many telephones can be connected to a telephone line.
Note
Between 5 and 10 voice devices can be connected to each of the two VoIP telephone lines, provided each telephone line does not exceed the 5 REN limit. Typical length of the 26-gauge telephone wire is 3,000 feet or more.
The Cisco uBR924 cable access router can support the number of telephones typically found in small businesses.
New Software Features In Release 12.0(4)XI1
Note
The following new software features are supported by the Cisco uBR924 cable access router for Cisco IOS Release 12.0(4)XI1.Full and DOCSIS-Compliant Bridging
Full and DOCSIS-Compliant Bridging allows the Cisco uBR924 cable access router to operate with any DOCSIS-qualified CMTS.
The ability of the Cisco uBR924 cable access router to grant access to Customer Premises Equipment (CPE) devices is controlled by the "MAX CPE" field in the DOCSIS configuration file. The Cisco uBR924 cable access router defaults to one MAX CPE address unless this option is set to a higher number. The valid MAX CPE address range is 1 to 3 for bridging operation using Cisco IOS Release 12.0(4)XI1. In Cisco IOS Release 12.0(5)T or higher interim images, the valid MAX CPE address range is 1 to 254 for bridging operation.
Easy IP
Dynamic Host Configuration Protocol (DHCP) Server:
With the introduction of Easy IP, Cisco IOS Release 12.0(4)XI1 supports Intelligent DHCP Relay and DHCP Client functionality. A DHCP Relay Agent is any host that forwards DHCP packets between clients and servers. A DHCP Relay Agent enables the client and server to reside on separate subnets. If the Cisco IOS DHCP server cannot satisfy a DHCP request from its own database, it can forward the DHCP request to one or more secondary DHCP servers defined by the network administrator using standard Cisco IOS IP helper-address functionality.
Network Address Translation and Port Address Translation (NAT/PAT):
•
•
•
•
•
•
Routing protocols will run on the Ethernet interface instead of the cable interface, and all packets received will be routed out the Ethernet interface or use the default gateway to reach the CMTS. This eliminates the need to run RIP on the cable interface.
To implement NAT on the Cisco uBR924 cable access router, the Ethernet interface is configured with an "inside" address and the cable interface is configured with an "outside" address. The Cisco uBR924 cable access router also supports configuration of static connections, dynamic connections, and address pools.
Routing (RIP V2)
A routing configuration for the Cisco uBR924 cable access router is most likely used when the cable access router is being added to an existing personal computer network. When configured in routing mode, the Cisco uBR924 cable access router will automatically configure the headend's IP address as its IP default gateway. When the IP host-routing is being configured, this automatic configuration of the headend's IP address as its IP default gateway will allow the Cisco uBR924 cable access router to send packets not intended for the Ethernet interface to the headend.
RIP V2 routing is useful for small internetworks in that it enables optimization of Network Interface Center (NIC)-assigned IP addresses by defining VLSMs for network addresses, and it allows Classless Interdomain Routing (CIDR) addressing schema.
Voice Support
Acceptable voice quality and reduction in network bandwidth usage are achieved by using several voice processing techniques. Digital Signal Processors (DSPs), in combination with DSP firmware in the Cisco uBR924 cable access router, provide the stream-to-packet and packet-to-stream conversion, as well as voice processing capabilities. Typical voice processing services include echo cancellation, voice compression, Voice Activity Detection (VAD) or silence compression and Dual Tone Multi-Frequency (DTMF) tone detection and generation. Supported vocoders include:
•
•
•
•
•
•
•
•
•
•
Use of the H.323 protocol typically involves a dial plan and mapper at the headend to map IP addresses to telephone numbers. You can also set static routes. Use dial peer commands to define local and remote peers. For the backup POTS port, define port and E.164 addresses. For remote peers, define remote peers' IP addresses and E.164 addresses.
Note
Cable Device MIB
The Cable Device MIB is for DOCSIS-compliant cable modems and CMTS. The Cable Device MIB records statistics related to the configuration and status of the cable modem. Statistics include an events log and device status. The following list details the components of the Cable Device MIB:
•
•
•
•
•
•
The Cable Device MIB is very similar to the RFI MIB in that both allow access to statistics; they are different in that the Cable Device MIB reports statistics on the cable modem, and the RFI MIB reports statistics on the radio frequency transmissions over the cable television line.
Cisco Standard MIBs
The Cisco Standard MIBs consist of the following components:
•
•
•
•
•
•
Note
Cisco Voice MIBs
The Cisco Voice MIBs consist of the following components:
•
•
•
•
•
•
Radio Frequency Interface MIB
The Radio Frequency Interface (RFI) MIB module is for DOCSIS-compliant radio frequency interfaces in cable modems and CMTS. On the cable modem, RFI MIB entries provide:
•
•
•
•
•
The RFI MIB includes tables describing both the CMTS and the cable modem side of the cable interface. All cable modem tables are implemented.
With IPSec, data can be transmitted across a public network without fear of observation, modification, or spoofing. This enables applications such as VPNs, extranets, and remote user access.
IPSec services are similar to those provided by Cisco Encryption Technology, a proprietary security solution introduced in Cisco IOS Software Release 11.2. However, IPSec provides a more robust security solution, and is standards based.
Limitations and Restrictions
This section describes warnings and cautions about using Cisco IOS Release 12.0 T software.
Using Multiple PCs with a Cisco uBR924 Cable Access Router
The MAX CPE parameter in a Cisco uBR924 cable access router's DOCSIS configuration file determines how many PCs (or other CPE devices) are supported by that Cisco uBR924 cable access router. The default value for the MAX CPE parameter is 1, which means only one PC can be connected to the Cisco uBR924 cable access router.
The DOCSIS 1.0 specification states that a CMTS cannot age-out MAC addresses for CPE devices, so the first PC that is connected to a Cisco uBR924 cable access router is normally the only one that the CMTS recognizes as valid. If a subscriber replaces an existing PC or changes its network interface card (NIC) to one that has a different MAC address, the CMTS will refuse to let the PC come online because this would exceed the maximum number of CPE devices specified by the MAX CPE parameter.
To allow a subscriber to replace an existing PC or NIC, the following workarounds are possible:
•
•
Layer 2 Tunneling Protocol
Implementation of L2TP in Cisco IOS Release 12.0(5)T is dependent on a PPP connection supported on one of the directly attached interfaces. A dial-up PPP connection is required in order to initiate an L2TP Tunnel connection. This is a requirement of the L2TP Access Concentrator (LA
Guest
