Table Of Contents
Release Notes for Cisco uBR905 and Cisco uBR925 Cable Access Routers for Cisco IOS Release 12.2 XA
Cisco uBR905 Cable Access Router
Cisco uBR925 Cable Access Router
Determining the Software Version
Upgrading to a New Software Release
New Hardware Features in Release 12.2(2)XA4
New Software Features in Release 12.2(2)XA4
Cable-Modem QoS Drop-Ack Command
New Hardware Features in Release 12.2(2)XA1
New Software Features in Release 12.2(2)XA1
Cable-Modem VoIP Clock-Internal Command
Cisco H.323 Version 2 Phase 2 Gateway Features
Czech Republic and Mexico Country Codes Supported
H.323 Call Redirection Enhancements
New Hardware Features in Release 12.2(2)XA
New Software Features in Release 12.2(2)XA
Cable Monitor Web Diagnostics Tool
Cisco IOS Firewall (Phase I and II)
Cisco Secure Intrusion Detection System (IDS) Support
DF Bit Override Functionality with IPSec Tunnels
DOCSIS Baseline Privacy Interface (BPI)
DOCSIS Baseline Privacy Management Information Base
Dynamic Host Configuration Protocol Proxy Support
Easy IP—DHCP Server and NAT/PAT
Full and DOCSIS-Compliant Bridging
HSRP Support for ICMP Redirects
IPSec Encryption (56-bit and 3DES)
Management Information Base (MIB) Features
NAT—Support for NetMeeting Directory (Internet Locator Service—ILS)
Secure Shell Version 1 Client Support
VPN Enhancement—Dynamic Crypto Map
DOCSIS CLI Commands are Removed
Upgrading Software Images Using BPI
Limitation on Vendor-Specific Information in the DOCSIS Configuration File
Cisco DOCSIS CPE Configurator Support
Radio Frequency Interface MIBs
Resolved Caveats—Release 12.2(2)XA5
Open Caveats—Release 12.2(2)XA4
Closed or Resolved Caveats—Release 12.2(2)XA4
Open Caveats—Release 12.2(2)XA1
Closed or Resolved Caveats—Release 12.2(2)XA1
Open Caveats—Release 12.2(2)XA
Closed or Resolved Caveats—Release 12.2(2)XA
Cisco IOS Software Documentation Set Contents
Cisco IOS Release 12.2 Documentation Set
Obtaining Technical Assistance
Contacting TAC by Using the Cisco TAC Website
Release Notes for Cisco uBR905 and Cisco uBR925 Cable Access Routers for Cisco IOS Release 12.2 XA
February 9, 2002
Cisco IOS Release 12.2(2)XA5
OL-1645-01 Rev CO
These release notes for the Cisco uBR905 and Cisco uBR925 cable access routers describe the enhancements provided in Cisco IOS Release 12.2(2)XA4. These release notes are updated as needed to describe new features, memory requirements, hardware support, software platform deferrals, and changes to the microcode or modem code and related documents.
For a list of software caveats that apply to Release 12.2(2)XA4, see the "Caveats" section and Caveats for Cisco IOS Release 12.2 T. The caveats document is updated for every maintenance release and is located on Cisco.com and the Documentation CD-ROM.
Use these release notes with Cross-Platform Release Notes for Cisco IOS Release 12.2 located on Cisco.com and the Documentation CD-ROM. For complete documentation on the Cisco uBR905 and Cisco uBR925 cable access routers, see the documentation listed in the "Related Documentation" section.
Contents
These release notes describe the following topics:
•
Obtaining Technical Assistance
Introduction
The DOCSIS-based Cisco uBR905 and Cisco uBR925 cable access routers give small office, home office (SOHO) and branch office subscribers high-speed Internet or intranet access.The Cisco uBR905 and Cisco uBR925 cable access routers act as cable modems to connect computers and other customer premises devices at a subscriber site to the service provider cable, hybrid fiber-coaxial (HFC), and IP backbone network.
The Cisco uBR905 cable access router supports data traffic via a shared two-way cable system and IP backbone network. The Cisco uBR925 cable access router supports both data and Voice over IP (VoIP) traffic via a shared two-way cable system and IP backbone network.
Both cable access router models support four Ethernet hub ports to connect to PCs and other customer premises equipment (CPE) devices. The Cisco uBR925 cable access router also supports connecting one PC or CPE device through a Universal Serial Bus (USB) port.
The Cisco uBR905 and Cisco uBR925 cable access routers are based on Data-over-Cable Service Interface Specifications (DOCSIS) and interoperates with any bidirectional, DOCSIS-qualified cable modem termination system (CMTS). These cable access routers ship from the Cisco factory with a Cisco IOS software image stored in nonvolatile Flash memory that supports DOCSIS-compliant bridging data operations.
Note
Cisco uBR905 Cable Access Router
The Cisco uBR905 cable access router features a single F-connector interface to the cable system, four RJ-45 (10BASE-T Ethernet) hub ports to connect to a local PC or LAN, and one RJ-45 console port to connect to a laptop computer/console terminal for local Cisco IOS configuration. The Cisco uBR905 router also provides an onboard IPSec hardware accelerator, which provides high-performance encryption that is substantially faster than software-based encryption.
Cisco uBR925 Cable Access Router
The Cisco uBR925 cable access router features a single F-connector interface to the cable system, four RJ-45 (10BASE-T Ethernet) hub ports to connect to a local PC or LAN, one Universal Serial Bus (USB) port to connect to a local PC, and one RJ-45 console port to connect to a laptop computer/console terminal for local Cisco IOS configuration. The Cisco uBR925 router also provides two RJ-11 voice ports to connect to FXS telephone devices for VoIP support. The Cisco uBR925 router also provides an onboard IPSec hardware accelerator, which provides high-performance encryption that is substantially faster than software-based encryption.
Early Deployment Releases
These release notes describe the Cisco uBR905 and Cisco uBR925 cable access routers for Cisco IOS Release 12.2(2)XA4, which is an early deployment (ED) release based on Cisco IOS Release 12.2 T. Early deployment releases contain fixes for software caveats and support for new Cisco hardware and software features.
Table 1 shows that Release 12.2(2)XA4 is the initial early deployment release for both the Cisco uBR905 and Cisco uBR925 cable access routers.
Note
Table 1 Early Deployment Releases for the Cisco uBR905 and Cisco uBR925 Cable Access Routers
12.2(2)XA4
Support for the [no] cable-modem qos drop-ack command.
Now
12.2(2)XA1
Support for the Cisco uBR925 cable access router was added, including the following features:
•
•
•
–
–
–
–
–
–
•
•
Now
12.2(2)XA
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Now
1 VoIP and USB support exist only when the Cisco IOS Release 12.2(2)XA1 image is loaded on the Cisco uBR925 cable access router. The Cisco uBR905 cable access router does not support either VoIP traffic or the USB interface.
2 SID = Service ID
3 HSRP = Hot-Standby Routing Protocol
4 ICMP = Internet Control Message Protocol
5 DES = Data Encryption Standard
6 MIB = Management Information Base
7 VPN = Virtual Private Network
System Requirements
This section describes the system requirements for Cisco IOS Release 12.2(2)XA4 and includes the following sections:
•
•
Memory Recommendations
Table 2 lists the minimum memory recommendations for Cisco IOS Release 12.2(2)XA4 for the Cisco uBR905 and Cisco uBR925 cable access routers.
Headend Interoperability
DOCSIS Concatenation
If DOCSIS concatenation with a 16-QAM (quadrature amplitude modulation) symbol rate is used, the CMTS must be configured for Unique Word 16 in the preamble for both short and long data burst profiles. On the Cisco uBR7200 series universal broadband routers, use the cable modulation-profile global configuration command and specify uw16 for both the long and short modulation profiles.
DOCSIS 1.0+ Extensions
Cisco IOS Release 12.2(2)XA4 images support the Cisco DOCSIS 1.0+ Extensions, which include dynamic multi-SID assignment and concatenation. To use the dynamic multi-SID and concatenation features, the Cisco uBR905 and Cisco uBR925 cable access routers and the CMTS router must support them. If you are using a Cisco CMTS router as the headend equipment, Cisco IOS Release 12.1(1)T or a later release is required on the Cisco CMTS router to ensure that these features are activated.
To configure the Cisco uBR905 and Cisco uBR925 cable access routers to support multiple classes of service, use either the Cisco Subscriber Registration Center (CSRC) tool or the configuration file editor of your choice. DOCSIS configuration files can contain multiple classes of service (CoS) to support voice and other real-time traffic. The first CoS is used for data (and voice if no other CoS is defined), and up to three additional classes of service can be defined to give higher priority for voice and other real-time traffic.
IPSec Encryption Support
To use IPSec encryption, the Cisco uBR905 and Cisco uBR925 cable access routers and the destination endpoint must support IPSec encryption and be configured for the same encryption policy. The endpoint is typically an IPSec gateway such as a peer router, Cisco PIX Firewall, or other device that can be configured for IPSec. (The CMTS does not need to support IPSec encryption unless it is desired that the CMTS act as an IPSec gateway.)
Note
Hardware Supported
The Cisco uBR905 cable access router contains the following interfaces:
•
•
–
–
•
•
The Cisco uBR925 cable access router contains the following interfaces:
•
•
–
–
•
•
•
•
Determining the Software Version
To determine the version of Cisco IOS software running on your cable access router, log into the cable access router and enter the show version EXEC command:
For the Cisco uBR905 and Cisco uBR925 cable access routers:
router# show versionCisco Internetwork Operating System SoftwareIOS (tm) 925 Software (ubr925-k8o3sv4y5-mz), Version 12.2(2)XA4, RELEASE SOFTWAREUpgrading to a New Software Release
For technical information about upgrading to a new software release, see Cisco IOS Upgrade Ordering Instructions on Cisco.com located at:
http://tools.cisco.com/SupportFusion/FusionHome.do
For other information about upgrading to Cisco IOS Release 12.2 T, see the product bulletin Cisco IOS Software Release 12.2 T Ordering Procedures and Platform Support on Cisco.com at:
Service & Support: Software Center: Cisco IOS Software: Product Bulletins: Software
Under Cisco IOS 12.2, click on Cisco IOS Software Release 12.2 T Ordering Procedures and Platform Support
Feature Set Tables
Cisco IOS software is packaged in feature sets consisting of software images, depending on the platform. Each feature set contains a specific set of Cisco IOS features.
Caution
Table 3 lists the features and feature sets supported by the Cisco uBR905 and Cisco uBR925 cable access routers in Cisco IOS Release 12.2(2)XA4 and uses the following conventions:
Yes—The feature is supported in the software image.
No—The feature is not supported in the software image.
Note
This set of electronic documents may contain updates and modifications made after the hard-copy documents were printed. If you have a Cisco.com login account, you can find image and release information regarding features prior to Cisco IOS Release 12.2(2)XA by using the Feature Navigator tool at http://www.cisco.com/go/fn.
New and Changed Information
New Hardware Features in Release 12.2(2)XA4
There are no new hardware features in Release 12.2(2)XA4.
New Software Features in Release 12.2(2)XA4
The following new software features are supported in Cisco IOS Release 12.2(2)XA4.
Cable-Modem QoS Drop-Ack Command
TCP traffic uses a packet-acknowledge algorithm, where a group of packets must be acknowledged before additional traffic can be sent. When a large number of packets is transmitted on the downstream, it can result in a large number of acknowledgements on the upstream. Because the downstream bandwidth is typically many times greater than the upstream bandwidth, certain applications can temporarily overrun the upstream with a large volume of acknowledgement packets.
If any of those acknowledgements are dropped or lost, traffic can be backed up, and data packets might have to be resent, even if those packets had in fact been successfully received. This can significantly impact real-time traffic, such as voice calls.
To optimize the TCP traffic on the upstream in these circumstances, the Cisco uBR905 and Cisco uBR925 cable access routers automatically analyze the upstream traffic and drop unnecessary packet acknowledgements when traffic begins backing up. This feature has been automatically enabled by default on the routers, starting with Cisco IOS Release 12.0(5)T.
In some situations, however, this feature can result in packets being dropped on the upstream, which could impact the performance of certain applications such as FTP transfers. If packet drops do occur on the upstream, this feature can be turned off with the no cable-modem qos drop-ack command, which is new to Cisco IOS Release 12.2(2)XA4.
New Hardware Features in Release 12.2(2)XA1
Cisco IOS Release 12.2(2)XA1 is the first release that supports both the Cisco uBR905 and Cisco uBR925 cable access routers.
Note
New Software Features in Release 12.2(2)XA1
The following new software features are supported in Cisco IOS Release 12.2(2)XA1. All voice-related features apply only to the Cisco uBR925 cable access router. All other features apply to both the Cisco uBR905 and Cisco uBR925 cable access routers, unless otherwise noted.
Cable-Modem VoIP Clock-Internal Command
The cable-modem voip clock-internal command enables the cable access router's internal clock, allowing it to make VoIP calls over the Ethernet and USB interfaces even when the cable interface is down or disconnected. If the CMTS is a Cisco uBR7200 series router with a Cisco Cable Clock Card, this command disables the use of that clock.
Cisco H.323 Version 2 Phase 2 Gateway Features
Cisco H.323 Version 2 Phase 2 upgrades Cisco IOS software by adding the following optional features, and facilitates customized extensions to the Cisco gatekeeper:
•
•
•
•
•
•
See the Cisco H.323 Version 2 Phase 2 document on Cisco.com at http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t1/h323v2p2.htm for more information.
Czech Republic and Mexico Country Codes Supported
Cisco IOS Release 12.2(2)XA4 enhances the cptone voice-port configuration command with support for the Czech Republic (CZ) and Mexico (MX) country call progress codes.
H.323v2 Protocol
In architectures using the VoIP H.323v2 protocol stack, the session application manages two call legs for each call: a telephony leg managed by the voice telephony service provider, and the VoIP leg managed by the cable system operator—the VoIP service provider. Use of the H.323v2 protocol typically requires a dial plan and mapper at the Cisco uBR925 cable access router or other server location to map IP addresses to telephone numbers.
When both legs of the call have been set up, the session application creates a conference between them. The opposite leg's transmit routine for voice packets is given to each provider. The CMTS router passes data to the gateway and gatekeeper. The H.323v2 protocol stack provides signaling using H.225 and media negotiation using H.245.
Note
To make and receive H.323 calls, the Cisco uBR925 cable access router must be configured for the following:
•
•
Note
H.323v2 Caller ID
Cisco IOS Release 12.2(2)XA4 adds support for caller ID over H.323v2 VoIP calls, using the station-id name and caller-id enable voice-port configuration commands. For example, to enable caller ID for voice port 0 on the Cisco uBR925 cable access router, enter the following commands:
Router# config tRouter(config)# voice-port 0Router(voice-port)# station-id name myphonenameRouter(voice-port)# caller-id enableRouter(voice-port)# exitRouter(config)#
Tips
H.323 Call Redirection Enhancements
The user-to-user information element (UUIE) of the H.323 Facility message is used primarily for call redirection. The UUIE contains a field, facilityReason, that indicates the nature of the redirection. The H.323 Call Redirection Enhancements feature adds support for two reasons: routeCallToGatekeeper and callForwarded. It also provides a non-standard method for using the Facility message to effect call transfer.
Tip
MGCP Including NCS
This feature implements the following MGCP protocols on the Cisco uBR925 cable access router:
•
•
Media Gateway Control Protocol (MGCP)1.0 is a protocol for the control of Voice over IP (VoIP) calls by external call-control elements known as media gateway controllers (MGCs) or call agents (CAs). It is described in RFC2705.
PacketCable is an industry-wide initiative to develop interoperability standards for multimedia services over cable facilities using packet technology. PacketCable developed the NCS protocol, which contains extensions and modifications to MGCP while preserving basic MGCP architecture and constructs. NCS is designed for use with analog, single-line user equipment on residential gateways.
MGCP Model
MGCP bases its call control and intelligence in centralized call agents, also called media gateway controllers. The call agents issue commands to simple, low-cost endpoints, which are housed in media gateways (MGs), and they also receive event reports from the gateways. MGCP messages between call agents and media gateways are sent over IP/UDP. The messages between CA and gateways can be sent over IP/TCP as well. Typically, IP/UDP is the chosen norm.
The MGCP 1.0 Including NCS 1.0 provides protocols for residential gateways (RGWs), which sit at the border of the packet network to provide an interface between traditional, circuit-based voice services and the packet network. Residential gateways offer a small number of analog line interfaces.
Two basic MGCP constructs are endpoints and connections. An endpoint is a source or sink for call data (RTP/IP) that is flowing through the gateway. A common type of endpoint is found at the physical interface between the POTS or PSTN service and the gateway; this type of endpoint might be an analog voice port or a digital DS0 group. There are other types of endpoints as well, and some are logical rather than physical. An endpoint is identified by a two-part endpoint name that contains the name of the entity on which it exists (for example, an access server or router) and the local name by which it is known (for example, a port identifier).
A connection is a temporary allocation of resources that enables a call to be completed. One or more connections is necessary to complete a call. Connections have names that identify them with the call to which they belong. Connections can be one-to-one or multipoint. Calls and connections are initiated, modified, and deleted on instructions from call agents.
Call agents manage call flow through standard MGCP commands that are sent to the endpoints under their control. The commands are delivered in standard ASCII text, and may contain session descriptions transmitted in Session Description Protocol (SDP), a text-based protocol. These messages are sent over IP/UDP.
Call agents keep track of endpoint and connection status through the gateway's reporting of standard events that are detected from endpoints and connections. Call agents also direct gateways to apply certain standard signals when a POTS/PSTN connection expects them. For example, when someone picks up a telephone handset, an off-hook event is detected on an endpoint on the residential gateway to which the telephone is connected. The gateway reports the event to a call agent, which orders the gateway to apply the dial-tone signal to the endpoint reporting the off-hook event. The person picking up the handset hears dial tone.
Related events and signals are grouped into standard packages that apply to particular types of endpoints. For instance, the off-hook event is found in the line package, which is associated with analog-line endpoints, which in turn are associated with residential gateways.
NAT Support of H.323 RAS
Cisco IOS NAT supports all H.225 and H.245 message types, including those sent in the Registration, Admission, and Status (RAS) protocol. RAS provides a number of messages that are used by software clients and Voice over IP (VoIP) devices to register their location, request assistance in call setup, and control bandwidth. The RAS messages are directed toward an H.323 gatekeeper.
Some RAS messages include IP addressing information in the payload, typically meant to register a user with the gatekeeper or learn about another user already registered. If these messages are not known to NAT, they cannot be translated to an IP address that will be visible to the public network.
Previously, NAT did not support H.323 RAS messages. With this enhancement, embedded IP addresses can be inspected for potential address translation.
Tip
New Hardware Features in Release 12.2(2)XA
Cisco IOS Release 12.2(2)XA supports the Cisco uBR905 cable access router.
New Software Features in Release 12.2(2)XA
The following new software features are supported by the Cisco uBR905 cable access router for Release 12.2(2)XA. (The Cisco uBR925 cable access router inherits these features when running Cisco IOS Release 12.2(2)XA1.)
Cable Monitor Web Diagnostics Tool
The Cable Monitor is a web-based diagnostic tool to display the current status and configuration of the Cisco uBR905 and Cisco uBR925 cable access routers. The Cable Monitor can also be used when the cable network is down, providing an easy way for subscribers to provide necessary information to service technicians and troubleshooters.
Cisco IOS Firewall (Phase I and II)
The Cisco IOS Firewall feature set includes the following set of features:
•
•
•
•
•
•
•
•
•
For general information, see the description of the Cisco IOS Firewall Feature Set in the Cisco Product Catalog. For detailed information, see the Cisco IOS Firewall Feature Set documentation set, as well as the section Traffic Filtering and Firewalls in the Security Configuration Guide and the Security Command Reference (available on the Documentation CD-ROM and Cisco.com).
Cisco Secure Intrusion Detection System (IDS) Support
Cisco IOS Release 12.2(2)XA supports the Cisco Secure Intrusion Detection System (IDS), formerly known as Cisco NetRanger, which is composed of three parts:
•
•
•
DF Bit Override Functionality with IPSec Tunnels
The DF Bit Override Functionality with IPSec Tunnels feature allows customers to specify whether their router can clear, set, or copy the Don't Fragment (DF) bit from the encapsulated header. A DF bit is a bit within the IP header that determines whether a router is allowed to fragment a packet.
For more information, see the DF Bit Override Functionality with IPSec Tunnels document, available on Cisco.com and the Customer Documentation CD-ROM.
DOCSIS 1.0+ Extensions
In addition to the other quality of service (QoS) features, DOCSIS 1.1 supports a number of features that are required for the delivery of high-quality voice traffic. To use these features before the DOCSIS 1.1 specification is finalized, Cisco has created the DOCSIS 1.0+ extensions that contain the most important of these features:
•
•
To avoid potentially wasting bandwidth in this manner, the DOCSIS 1.0+ extensions support the dynamic creation of multiple SIDs. New Media Access Control (MAC) messages dynamically add, delete, and modify SIDs when needed. When a phone connected to the router is taken off-hook, the Cisco uBR905 router creates a SID that has the QoS parameters needed for that particular voice call. When the call terminates, the router deletes the SID, releasing its bandwidth for use elsewhere.
The DOCSIS 1.0+ features are introduced in Cisco IOS Software Release 12.0(7) XR and 12.1(1) T.
Note
DOCSIS Baseline Privacy Interface (BPI)
The DOCSIS Baseline Privacy Interface (BPI) feature is based on the DOCSIS BPI Specification (SP-BPI-I02-990319 or later revision). It provides data privacy across the Hybrid Fiber-Coaxial (HFC) network by encrypting traffic flows between the Cisco uBR905 and Cisco uBR925 cable access routers and the cable operator's CMTS.
The BPI+ (BPI Plus) feature is an enhancement to the BPI feature and is based on the DOCSIS BPI+ Specification (SP-BPI+-I04-000407 or later revision), which is still in development. In addition to the regular BPI features, BPI+ provides more secure authentication of cable modems through the use of digital certificates. Also, a cable modem can use a digital signature to verify that the software image it has downloaded has not been altered or corrupted in transit.
Note
DOCSIS Baseline Privacy Management Information Base
The Baseline Privacy Management Information Base (MIB), as currently defined, is available in Cisco IOS Release 12.2(2)XA code. BPI allows a Simple Network Management Protocol (SNMP) manager to monitor and manage the BPI configuration of Cisco uBR905 and Cisco uBR925 cable access routers, including whether BPI is enabled, status of current authorization keys, current timeout values, real-time status counters, and additional information about authorization errors.
Note
Dynamic Host Configuration Protocol Proxy Support
The DHCP Proxy Support feature helps to automate the configuration of the Cisco uBR905 and Cisco uBR925 cable access routers in two situations:
•
Note
•
When configured for DHCP Proxy Support, during startup the Cisco uBR905 and Cisco uBR925 cable access routers sends a proxy DHCP request to the DHCP server using the Ethernet interface's MAC address. The DHCP server replies with a second IP address that the router assigns to either the Ethernet interface or to the NAT pool, depending on which option was specified.
Easy IP—DHCP Server and NAT/PAT
The Easy IP feature set includes the following features to automate the assignment and use of IP addresses:
•
•
Note
Enhanced Bridging
The Cisco uBR905 and Cisco uBR925 cable access routers contains four RJ-45 (10BaseT Ethernet) hub ports, which can be connected to four computers directly or one of the four ports to an Ethernet hub. The Ethernet hub connects additional computers or devices at the site. A maximum of 254 devices can be bridged in DOCSIS bridging mode; no limit exists in routing mode.
Full and DOCSIS-Compliant Bridging
DOCSIS-compliant bridging allows the Cisco uBR905 and Cisco uBR925 cable access routers to operate as a DOCSIS 1.0 cable modem, so that it can interoperate with any DOCSIS-qualified CMTS. This is the default mode of operation for the Cisco uBR905 and Cisco uBR925 cable access routers.
HSRP Support for ICMP Redirects
The HSRP Support for ICMP Redirects feature enables Internet Control Message Protocol (ICMP) redirection on interfaces configured with the Hot Standby Router Protocol.
When running HSRP, it is important to prevent hosts from discovering the interface (or real) MAC addresses of routers in the HSRP group. If a host is redirected by ICMP to the real MAC address of a router, and that router later fails, then packets from the host will be lost. Previously, ICMP redirect messages were automatically disabled on interfaces configured with HSRP.
This feature now enables ICMP redirects on interfaces configured with HSRP. This functionality works by filtering outgoing ICMP redirect messages through HSRP, where the next-hop IP address may be changed to an HSRP virtual IP address.
IP Address Negotiation
The Cisco uBR905 and Cisco uBR925 cable access routers support the ip address docsis command on the cable interface. Older Cisco IOS releases used the ip address negotiated or ip address dhcp command for this purpose, but these commands cannot be used on cable interfaces.
Note
IPSec Encryption (56-bit and 3DES)
IPSec Network Security (IPSec) is an IP security feature that provides robust authentications and encryption of IP packets. IPSec is a framework of open standards developed by the Internet Engineering Task Force (IETF). IPSec provides security for transmission of sensitive information over unprotected networks such as the Internet. IPSec acts at the network layer, protecting and authenticating IP packets between participating IPSec devices ("peers") such as the Cisco uBR905 and Cisco uBR925 cable access routers.
IPSec provides the following network security services:
•
•
•
•
•
Layer 2 Tunneling Protocol
Layer 2 Tunneling Protocol (L2TP) is an emerging Internet Engineering Task Force (IETF) standard that combines Cisco's Layer 2 Forwarding (L2F) and Microsoft's Point-to-Point Tunneling Protocol (PPTP). L2TP is an extension of the Point-to-Point Protocol (PPP), which is an important component for Access Virtual Private Networks (VPNs).
Traditional dial-up networking services only supported registered IP addresses, which limited the types of applications that could be implemented over VPNs. L2TP supports multiple protocols and unregistered and privately administered IP addresses over the Internet. This allows the existing access infrastructure, such as the Internet, modems, access servers, and ISDN terminal adapters (TAs), to be used.
L2TP can be initiated wherever PPTP or L2F is currently deployed and can be operated as a client initiated tunnel, such as PPTP, or a network access server (NAS) initiated tunnel, such as L2F.
Note
Management Information Base (MIB) Features
Cisco IOS Release 12.2(2)XA supports the following MIB features:
•
•
•
•
NAT—Support for NetMeeting Directory (Internet Locator Service—ILS)
Microsoft NetMeeting is a Windows-based application that enables multiuser interaction and collaboration from a user's PC over the Internet or an intranet. Support for the NetMeeting Directory (ILS) allows connections by name from the directory built into the NetMeeting application. Destination IP addresses do not need to be known in order for a connection to be made.
Parser Cache
The Parser Cache feature optimizes the parsing (translation) of Cisco IOS software configuration command lines by remembering how to parse recently encountered command lines. This feature was developed to improve the scalability of the Cisco IOS software CLI parser when processing large configuration files. This improvement is especially useful for those cases in which thousands of virtual circuits must be configured for interfaces, or hundreds of access control lists (ACLs) are required. The parser chain cache can rapidly recognize and translate configuration lines that differ slightly from previously used configuration lines (for example, pvc 0/100, pvc 0/101, and so on). Testing indicates an improvement to load time of between 30% and 36% for large configuration files when using the parser cache.
A new global configuration command, [no] parser cache, allows the disabling or reenabling of parser cache.
RFC 2233 Support
In Cisco IOS Release 12.2(2)XA, the IF-MIB MIB supports RFC 2233, which obsoletes the previous RFC 1573. This change adds the "ifCounterDiscontinuityTime" attribute and changes the "ifTableLastChange attribute."
In addition, this feature adds support for RFC 2233-compliant link up and link down traps. By default, link up and link down traps are implemented as given in the CISCO-IF-CAPABILITY.my MIB. To generate link up and link down traps as defined by RFC 2233, use the snmp-server trap link ietf global configuration command.
RFC 2669 and RFC 2670 Support
RFC 2669 and RFC 2670 are supported on the DOCS-CABLE-DEVICE-MIB and DOCS-IF-MIB MIBs, respectively.
Routing (RIP V2)
When configured for routing mode, the Cisco uBR905 and Cisco uBR925 cable access routers supports the Routing Information Protocol Version 2 (RIPv2). In routing mode the Cisco uBR905 and Cisco uBR925 cable access routers automatically configures itself to use the headend's IP address as its IP default gateway. This allows the Cisco uBR905 and Cisco uBR925 cable access routers to send packets not intended for the private LAN to the headend for delivery to the Internet and other networks.
Note
Secure Shell Version 1 Client Support
The Secure Shell (SSH) protocol provides for authentication and encryption at the application layer, providing a secure connection even when BPI or IPSec authentication and encryption are not used at the network layer.
By default, the SSH feature uses 56-bit DES encryption. Higher security 168-bit 3DES encryption is available when using Cisco IOS images that support 3DES IPSec encryption. (The SSH client must also support the same level of encryption.)
In Cisco IOS Release 12.2(2)XA, SSH support includes the following features:
•
•
•
•
Note
SNMP Enhancements
Cisco IOS Release 12.2(2)XA supports RFC 2669 and RFC 2670 for the DOCS-CABLE-DEVICE-MIB and DOCS-IF-MIB MIBs, respectively.
VPN Enhancement—Dynamic Crypto Map
Dynamic crypto map is one of the Cisco PIX IPSec network security commands. IPSec provides security for transmission of sensitive information over unprotected networks such as the Internet.
The dynamic crypto map command is used to create policy templates that are used when processing negotiation requests for new security associations from a remote IPSec peer, even if you do not know all of the crypto map parameters required to communicate with the remote peer (such as the peer's IP address). The dynamic crypto map allows you to accept requests for new security associations from previously unknown peers. These requests, however, are not processed until the Internet Security Association and Key Management Protocol (ISAKMP) Internet Key Exchange (IKE) authentication has completed successfully.
When the firewall receives a negotiation request via IKE from another IPSec peer, the request is examined to see if it matches a crypto map entry. If the negotiation does not match any explicit crypto map entry, it will be rejected unless the crypto map set includes a reference to a dynamic crypto map.
If the firewall accepts the peer's request, at the point that it installs the new IPSec security associations, it also installs a temporary crypto map entry. This entry is filled in with the results of the negotiation. At this point, the firewall performs normal processing, using this temporary crypto map entry as a normal entry, even requesting new security associations if the current ones are expiring (based on the policy specified in the temporary crypto map entry). After all of the corresponding security associations expire, the temporary crypto map entry is removed.
Dynamic crypto map sets are not used for initiating IPSec security associations. However, they are used for determining whether traffic should be protected.
Note
Limitations and Restrictions
Cisco IOS Release 12.2(2)XA4 for the Cisco uBR905 and Cisco uBR925 cable access routers contains the following limitations and restrictions.
Guest
