 Feedback
|
Table Of Contents
Cross-Platform Release Notes for Cisco IOS Release 12.2S
Determining the Software Version
Upgrading to a New Software Release
Bundled FPGAs for the Cisco 7304
Shared Port Adapter FPD Image Packages for the Cisco 7304
New Hardware Features in Cisco IOS Release 12.2(30)S
New Software Features in Cisco IOS Release 12.2(30)S
New Hardware Features in Cisco IOS Release 12.2(25)S3
1 Port OC-12 ATM Line Card (7300-1OC12ATM)
1-Port OC-12c/STM-4 POS SPA Shared Port Adapter (SPA-1OC12-POS)
2-Port and 4-Port OC-3 POS SPA Shared Port Adapter (SPA-2XOC3-POS and SPA-4XOC3-POS)
2-Port and 4-Port T3/E3 Serial SPA Shared Port Adapter (SPA-2XT3/E3 and SPA-4XT3/E3)
New Software Features in Cisco IOS Release 12.2(25)S3
New Hardware Features in Cisco IOS Release 12.2(25)S2
New Software Features in Cisco IOS Release 12.2(25)S2
Any Transport over MPLS for PXF
Layer 2 Tunneling Protocol v3 for PXF on the Cisco 7304 NSE-100
Multicast and Multicast VPN for PXF
New Hardware Features in Cisco IOS Release 12.2(25)S1
New Software Features in Cisco IOS Release 12.2(25)S1
PPP/MLP MRRU Negotiation Configuration
New Hardware Features in Cisco IOS Release 12.2(25)S
New Software Features in Cisco IOS Release 12.2(25)S
ACL—Named ACL Support for Noncontiguous Ports on an Access Control Entry
ACL Support for Filtering IP Options
Any Transport over MPLS (AToM) Graceful Restart
Any Transport over MPLS High Availability - Stateful Switchover (SSO) and Non-Stop Forwarding (NSF)
AToM Port Mode Cell Relay Support for PA-A3-8T1 IMA PA and PA-A3-8E1 IMA PA
ATM Port Mode Packed Cell Relay over AToM
ATM PVC Trap Enhancements for Segment and End AIS/RDI Failures
CLNS Support for GRE Tunneling of IPv4 and IPv6
Configuration Change Notification and Logging
Configuration Generation Performance Enhancement
Configuration Replace and Configuration Rollback
Contextual Configuration Diff Utility
Control Plane Policing - Time Based
Extended ACL Support for IGMP to Support SSM in IPv4
FHRP - Enhanced Object Tracking of Service Assurance Agent (SAA) Operations
First Hop Redundancy Protocols
Frame Relay Conditional Debug Support
Frame Relay FRF.1.2 Annex A Support
Integrated IS-IS Global Default Metric
Integrated IS-IS Protocol Shutdown Support Maintaining Configuration Parameters
IS-IS Caching of Redistributed Routes
IS-IS Support for Priority-Driven IP Prefix RIB Installation
L2TPv3: Layer 2 Tunneling Protocol Version 3
Layer 2 Local Switching Features
Loadsharing IP Packets over More Than Six Parallel Paths
Memory Pool - SNMP Notification Support
MPLS LDP Inbound Label Binding Filtering
MPLS LDP: SSO/NSF Support and Graceful Restart
MPLS VPN - Route Target Rewrite
MPLS VPN—VRF Selection Based on Source IP Address
MPLS VPN VRF Selection Using Policy Based Routing
MSDP Compliance with IETF RFC 3618
Multicast Fast Switching Performance Improvement
Multilink Frame Relay over L2TPv3/AToM
NAT—Performance Enhancement—CEF Switching Support
NAT—Performance Enhancement—Translation Table Optimization
NAT—Performance & Scalability Enhancement—Timer Wheel
NAT—Rate Limiting NAT Translation
NAT—Translation of External IP Addresses Only
OSPF Link-Local Signaling Per Interface Basis
OSPF Link State Database Overload Protection
OSPF MIB Support of RFC 1850 and Latest Extensions
OSPF Support for Forwarding Adjacencies over MPLS Traffic Engineered Tunnels
OSPF Support for Unlimited Software VRFs per Provider Edge (PE) Router
PBR Support for Multiple Tracking Options
Periodic MIB Data Collection and Transfer Mechanism
PIM Dense Mode Fallback Prevention in a Network Following RP Information Loss
Port Mode Cell Relay Support for PA-A3-T3, PA-A3-E3, and PA-A3-OC3 PAs
RTP Header Compression over Satellite Links
Secure Shell Version 2 Support
Service Assurance Agent (SAA) Multiple Operation Scheduling
SNMP Support over VPNs—Context Based Access Control
Stateful Switchover (SSO) Support for QoS
Stateful Switchover Support for Multilink Frame Relay
Suppress BGP Advertisement for Inactive Routes
Unique Device Identifier (UDI) Retrieval
VC Single Cell Relay Support for PA-A3-OC12 over AToM/L2TPv3
VP/VC Mode Packed Cell Relay Support for PA-A3-8T1 IMA PA and PA-A3-8E1 IMA PA
VRF Aware Multicast Error Messages
New Hardware Features in Cisco IOS Release 12.2(22)S
Regex Engine Performance Enhancement
New Software Features in Cisco IOS Release 12.2(22)S
ONS 15530 and ONS 15540 Cisco IOS Software Features
New Hardware Features in Cisco IOS Release 12.2(20)S6
New Software Features in Cisco IOS Release 12.2(20)S6
Cisco 7304 FPGA Upgrade Enhancements
Cisco 7304 Shared Port Adapter Field Programmable Device show Command Updates
New Hardware Features in Cisco IOS Release 12.2(20)S5
New Software Features in Cisco IOS Release 12.2(20)S5
PXF Logical Interface Options on the Cisco 7304 Router Using an NSE-100
FPGA Upgrade Prompt Options on the Cisco 7304 Router
New Hardware Features in Cisco IOS Release 12.2(20)S3
Cisco CWDM SFP Support for the NPE-G100
New Software Features in Cisco IOS Release 12.2(20)S3
Stateful Switchover and Nonstop Forwarding Support for Cisco 7304 Routers using the MSC-100
New Hardware Features in Cisco IOS Release 12.2(20)S2
4-Port 10/100 Fast Ethernet Shared Port Adapter
2-Port 10/100/1000 Gigabit Ethernet Shared Port Adapter
New Software Features in Cisco IOS Release 12.2(20)S2
New Hardware Features in Cisco IOS Release 12.2(20)S
New Software Features in Cisco IOS Release 12.2(20)S
Enhanced Management of the Cisco 7304 Router, Phase 1
Frame Relay Discard Eligibility Bit Marking (PXF Based)
Generic Routing Encapsulation Tunnel IP Source and Destination VRF Membership (PXF Based)
Hierarchical Aggregate Ingress Policing (PXF Based)
Interface Queueing for Subinterfaces (PXF Based)
MQC Hierarchical Service-Policy Map Infrastructure (PXF Based)
MQC Match and Set QoS Group (PXF Based)
NetFlow Export of BGP Next Hop Propagation (PXF Based)
Nonstop Forwarding (NSF) with Stateful Switchover (SSO)
Route Processor Redundancy Plus (RPR+)
Service Assurance Agent (SAA) MPLS VPN Operation
Service Assurance Agent (SAA) Path Jitter Operation
New Hardware Features in Cisco IOS Release 12.2(18)S
2-Port Packet over SONET OC3c/STM1 Port Adapter
New Software Features in Cisco IOS Release 12.2(18)S
BGP CLI Troubleshooting Commands
BGP Configuration Using Peer Templates
BGP Dynamic Update Peer-Groups
BGP Increased Support of Numbered AS-Path Access Lists to 500
BGP Restart Session After Max-Prefix Limit
BGP Route-Map Policy List Support
EIGRP NonStop Forwarding Support
Integrated IS-IS Multi-Topology Support for IPv6
ip dhcp-client default-router distance Command
IS-IS Incremental Shortest Path First (i-SPF) Support
IS-IS Limit on Number of Redistributed Routes
IS-IS Mechanisms to Exclude Connected IP Prefixes from LSP Advertisements
IS-IS Support for a Redistribution Limit of Maximum Prefixes Imported
IS-IS Support for IP Route Tags
Memory Threshold Notifications
MPLS - Interfaces MIB Enhancements
MPLS - LDP MIB Version 08 Upgrade
MPLS Traffic Engineering Forwarding Adjacency
MPLS Traffic Engineering (TE)—Interarea Tunnels
MPLS VPN Support for EIGRP Between Provider Edge and Customer Edge
NetFlow Export of BGP Next Hop Information
NetFlow Export Version 9 Support
Nonstop Forwarding (NSF) with Stateful Switchover (SSO)
OSPF Forwarding Address Suppression in Translated Type-5 LSAs
OSPF Incremental Shortest Path First (i-SPF) Support
OSPF Inbound Filtering Using Route Maps with a Distribute List
OSPF Support for a Redistribution Limit of Maximum Prefixes Imported
OSPF Support for Link State Advertisement (LSA) Throttling
QA Error Recovery for the Cisco 7500 Series
Source Specific Multicast (SSM) Mapping
SSO support for Community MIB, Notification MIB, Notification Log MIB, and Entity FRU Control MIB
New Hardware Features in Cisco IOS Release 12.2(14)S
Cisco 7200-I/O-GE+E and Cisco 7200-I/O-2FE/E Input/Output Controllers
Cisco 7401 ASR-BB and Cisco 7401 ASR-CP
Enhanced Gigabit Ethernet Interface Processor
Multichannel STM-1 Port Adapter
PA-MC-2T3+ Phase-II (T3 Subrate)
New Software Features in Cisco IOS Release 12.2(14)S
Any Transport over MPLS Features
Cisco 7500 Single Line Card Reload
Cisco IOS Server Load Balancing (SLB)
Cisco Quality of Service Device Manager
Class-Based Quality of Service MIB
DiffServ Compliant Weighted Random Early Detection
Distributed GRE Tunneling Support
Distributed Network-Based Application Recognition
DLR Enhancements: PGM RFC-3208 Compliance
Enhanced Password Security, Phase I
EXEC Commands in Configuration Mode
Express RTP Header Compression
Frame Relay Queueing and Fragmentation at the Interface
Functionality Changed for the tunnel mpls traffic-eng autoroute metric Command
Generic Routing Encapsulation (GRE) Tunnel Keepalive
GLBP: Gateway Load Balancing Protocol
IGMP Version 3—Explicit Tracking of Hosts, Groups, and Channels
Integrated IS-IS Point-to-Point Adjacency over Broadcast Media
Interface Range Configuration Mode
IP Access List Entry Sequence Numbering
IS-IS: Allows BGP to Control the Configuration of the Overload Bit
IS-IS HMAC-MD5 Authentication and Enhanced Clear Text Authentication
Low Latency Queuing for the VIP Enhancement
Manual TFTP Certificate Enrollment
MPLS Label Distribution Protocol (LDP)
MPLS Label Distribution Protocol (LDP) MIB
MPLS Label Switching Router MIB
MPLS Traffic Engineering (TE) Features
Multicast-VPN—IP Multicast Support for MPLS VPNs
Multilink Frame Relay (FRF.16)
Multilink PPP Minimum Links Mandatory
Network-Based Application Recognition
Network-Based Application Recognition RTP Payload Classification
Quality of Service Feature for Parallel Express Forwarding (PXF)
Quality of Service over LAN Emulation
Route Processor Redundancy Plus (RPR+)
SNMP Support for VLAN Subinterfaces
Virtual Router Redundancy Protocol
SNMP Version 1 BGP4-MIB Limitations
Important Notes for Cisco IOS Release 12.2(25)S15
NBAR Classification for HTTP Traffic on NPE-G100
Important Notes for Cisco IOS Release 12.2(25)S
High-Capacity Counters in the Output of the show interfaces Command
Memory Requirements for the VIP2-40 and VIP2-50
Important Notes for Cisco IOS Release 12.2(22)S
Changes to the Output of the show version Command
Important Notes for Cisco IOS Release 12.2(20)S
Protocol Independent Multicast on Cisco 7304 Routers
Important Notes for Cisco IOS Release 12.2(14)S18
RPR and RPR+ for the Cisco 7500 Series Routes
Important Notes for Cisco IOS Release 12.2(14)S
Configuring MD5 Authentication for BGP Peering Sessions
Resolved Caveats—Cisco IOS Release 12.2(30)S1
Open Caveats—Cisco IOS Release 12.2(30)S
Resolved Caveats—Cisco IOS Release 12.2(30)S
Resolved Caveats—Cisco IOS Release 12.2(25)S15
Resolved Caveats—Cisco IOS Release 12.2(25)S14
Resolved Caveats—Cisco IOS Release 12.2(25)S13
Resolved Caveats—Cisco IOS Release 12.2(25)S12
Resolved Caveats—Cisco IOS Release 12.2(25)S11
Resolved Caveats—Cisco IOS Release 12.2(25)S10
Resolved Caveats—Cisco IOS Release 12.2(25)S9
Resolved Caveats—Cisco IOS Release 12.2(25)S8
Resolved Caveats—Cisco IOS Release 12.2(25)S7
Resolved Caveats—Cisco IOS Release 12.2(25)S6
Resolved Caveats—Cisco IOS Release 12.2(25)S5
Resolved Caveats—Cisco IOS Release 12.2(25)S4
Resolved Caveats—Cisco IOS Release 12.2(25)S3
Open Caveats—Cisco IOS Release 12.2(25)S2
Resolved Caveats—Cisco IOS Release 12.2(25)S2
Resolved Caveats—Cisco IOS Release 12.2(25)S1
Open Caveats—Cisco IOS Release 12.2(25)S
Resolved Caveats—Cisco IOS Release 12.2(25)S
Resolved Caveats—Cisco IOS Release 12.2(22)S2
Resolved Caveats—Cisco IOS Release 12.2(22)S1
Open Caveats—Cisco IOS Release 12.2(22)S
Resolved Caveats—Cisco IOS Release 12.2(22)S
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.2(20)S14
Resolved Caveats—Cisco IOS Release 12.2(20)S13
Resolved Caveats—Cisco IOS Release 12.2(20)S12
Resolved Caveats—Cisco IOS Release 12.2(20)S11
Resolved Caveats—Cisco IOS Release 12.2(20)S10
Resolved Caveats—Cisco IOS Release 12.2(20)S9
Resolved Caveats—Cisco IOS Release 12.2(20)S8
Resolved Caveats—Cisco IOS Release 12.2(20)S7
Resolved Caveats—Cisco IOS Release 12.2(20)S6
Resolved Caveats—Cisco IOS Release 12.2(20)S5
Resolved Caveats—Cisco IOS Release 12.2(20)S4
Resolved Caveats—Cisco IOS Release 12.2(20)S3
Resolved Caveats—Cisco IOS Release 12.2(20)S2
Resolved Caveats—Cisco IOS Release 12.2(20)S1
Open Caveats—Cisco IOS Release 12.2(20)S
Resolved Caveats—Cisco IOS Release 12.2(20)S
Resolved Caveats—Cisco IOS Release 12.2(18)S13
Resolved Caveats—Cisco IOS Release 12.2(18)S12
Resolved Caveats—Cisco IOS Release 12.2(18)S11
Resolved Caveats—Cisco IOS Release 12.2(18)S10
Resolved Caveats—Cisco IOS Release 12.2(18)S9
Resolved Caveats—Cisco IOS Release 12.2(18)S8
Resolved Caveats—Cisco IOS Release 12.2(18)S7
Resolved Caveats—Cisco IOS Release 12.2(18)S6
Resolved Caveats—Cisco IOS Release 12.2(18)S5
Resolved Caveats—Cisco IOS Release 12.2(18)S4
Resolved Caveats—Cisco IOS Release 12.2(18)S3
Resolved Caveats—Cisco IOS Release 12.2(18)S2
Resolved Caveats—Cisco IOS Release 12.2(18)S1
Open Caveats—Cisco IOS Release 12.2(18)S
Resolved Caveats—Cisco IOS Release 12.2(18)S
Resolved Caveats—Cisco IOS Release 12.2(14)S19
Resolved Caveats—Cisco IOS Release 12.2(14)S18
Resolved Caveats—Cisco IOS Release 12.2(14)S17
Resolved Caveats—Cisco IOS Release 12.2(14)S16
Resolved Caveats—Cisco IOS Release 12.2(14)S15
Resolved Caveats—Cisco IOS Release 12.2(14)S14
Resolved Caveats—Cisco IOS Release 12.2(14)S13
Resolved Caveats—Cisco IOS Release 12.2(14)S12
Resolved Caveats—Cisco IOS Release 12.2(14)S10
Resolved Caveats—Cisco IOS Release 12.2(14)S9
Resolved Caveats—Cisco IOS Release 12.2(14)S7
Resolved Caveats—Cisco IOS Release 12.2(14)S5
Resolved Caveats—Cisco IOS Release 12.2(14)S3
Resolved Caveats—Cisco IOS Release 12.2(14)S2
Resolved Caveats—Cisco IOS Release 12.2(14)S1
Cisco IOS Software Documentation Set
Cisco IOS Release 12.2 Documentation Set Contents
Obtaining Documentation and Submitting a Service Request
Cross-Platform Release Notes for Cisco IOS Release 12.2S
September 24, 2008
Cisco IOS Release 12.2(30)S1
OL-2586-09 Rev. Q1
These release notes support Cisco IOS Release 12.2S up to and including Cisco IOS Release 12.2(30)S1. These release notes are updated as needed to describe new features, memory requirements, hardware support, software platform deferrals, and related documents.
Note
Cisco IOS Release 12.2(30)S and its rebuilds support only the Cisco ONS 15530 and Cisco ONS 15540 platforms. These releases do not introduce new hardware or software features but integrate resolved caveats.
Cisco IOS Release 12.2S is based on Cisco IOS Release 12.2 and is tailored for service provider and large-scale enterprise networks. Cisco IOS Release 12.2S includes features that were initially supported in Cisco IOS Release 12.2. Additionally, Cisco IOS Release 12.2S integrates features from Cisco IOS Release 12.0S, Release 12.0ST, and Release 12.1E.
For a list of the software caveats that apply to Cisco IOS Release 12.2S, see the "Caveats" section and the Caveats for Cisco IOS Release 12.2 document. The caveats document is updated for every maintenance release and is located on Cisco.com.
Use these release notes in conjunction with the Cross-Platform Release Notes for Cisco IOS Release 12.2 document located on Cisco.com.
We recommend that you view the field notices for this release to see if your software or hardware platforms are affected. If you have an account on Cisco.com, you can find field notices at http://www.cisco.com/warp/public/tech_tips/index/fn.html. If you do not have a Cisco.com login account, you can find field notices at http://www.cisco.com/warp/public/tech_tips/index/fn.html.
Contents
•
•
Introduction
Cisco IOS Release 12.2(14)S was the first general availability release of this software. Many of the features and the hardware supported in this software have been previously released to customers on other software releases.
For information on new features and Cisco IOS commands that are supported by Cisco IOS Release 12.2S, see the "New and Changed Information" section and the "Caveats" section.
Early Deployment Releases
These release notes describe the Cisco 7200 series routers, Cisco 7301 router, Cisco 7304 routers, Cisco 7400 series routers, Cisco 7500 series routers, Cisco ONS 15530 platform, and Cisco ONS 15540 platform for Cisco IOS Release 12.2S, which is an early deployment (ED) release based on Cisco IOS Release 12.2. Early deployment releases contain fixes for software caveats and support for new Cisco hardware and software features. Table 1 shows the Cisco IOS Release 12.2S early deployment releases for the above-mentioned platforms.
Table 1 Early Deployment Releases for the Cisco 7200 Series, Cisco 7301, Cisco 7304, Cisco 7400 Series, Cisco 7500 Series, Cisco ONS 15530, and Cisco ONS 15540
12.2(30)S1
Rebuild
No new software features.
No new hardware features.
11/17/05
12.2(30)S
Maintenance1
No new software features.
No new hardware features.
07/29/05
12.2(25)S15
Rebuild
No new software features.
No new hardware features.
12/06/07
12.2(25)S14
Rebuild
No new software features.
No new hardware features.
08/28/07
12.2(25)S13
Rebuild
No new software features.
No new hardware features.
06/25/07
12.2(25)S12
Rebuild
No new software features.
No new hardware features.
02/09/07
12.2(25)S11
Rebuild
No new software features.
No new hardware features.
10/20/06
12.2(25)S10
Rebuild
No new software features.
No new hardware features.
07/10/06
12.2(25)S9
Rebuild
No new software features.
No new hardware features.
03/30/06
12.2(25)S8
Rebuild
No new software features.
No new hardware features.
01/10/06
12.2(25)S7
Rebuild
No new software features.
No new hardware features.
10/31/05
12.2(25)S6
Rebuild
No new software features.
No new hardware features.
10/24/05
12.2(25)S5
Rebuild
No new software features.
No new hardware features.
06/23/05
12.2(25)S4
Rebuild
No new software features.
No new hardware features.
04/13/05
12.2(25)S3
Rebuild
See the "New Software Features in Cisco IOS Release 12.2(25)S3" section.
See the "New Hardware Features in Cisco IOS Release 12.2(25)S3" section.
03/07/05
12.2(25)S2
Rebuild
See the "New Software Features in Cisco IOS Release 12.2(25)S2" section.
No new hardware features.
12/30/04
12.2(25)S1
Rebuild
See the "New Software Features in Cisco IOS Release 12.2(25)S1" section.
No new hardware features.
10/14/04
12.2(25)S
Maintenance
See the "New Software Features in Cisco IOS Release 12.2(25)S" section.
See the "New Hardware Features in Cisco IOS Release 12.2(25)S" section.
08/16/04
12.2(22)S2
Rebuild
No new software features.
No new hardware features.
08/26/04
12.2(22)S1
Rebuild
No new software features.
No new hardware features.
06/24/04
12.2(22)S
Maintenance
See the "New Software Features in Cisco IOS Release 12.2(22)S" section.
See the "New Hardware Features in Cisco IOS Release 12.2(22)S" section.
03/18/04
12.2(20)S14
Rebuild
No new software features.
No new hardware features.
08/03/07
12.2(20)S13
Rebuild
No new software features.
No new hardware features.
03/27/07
12.2(20)S12
Rebuild
No new software features.
No new hardware features.
06/30/06
12.2(20)S11
Rebuild
No new software features.
No new hardware features.
04/27/06
12.2(20)S10
Rebuild
No new software features.
No new hardware features.
12/29/05
12.2(20)S9
Rebuild
No new software features.
No new hardware features.
09/19/05
12.2(20)S8
Rebuild
No new software features.
No new hardware features.
05/13/05
12.2(20)S7
Rebuild
No new software features.
No new hardware features.
03/04/05
12.2(20)S6
Rebuild
See the "New Software Features in Cisco IOS Release 12.2(20)S6" section.
No new hardware features.
11/01/04
12.2(20)S5
Rebuild
See the "New Software Features in Cisco IOS Release 12.2(20)S5" section.
No new hardware features.
08/11/04
12.2(20)S4
Rebuild
No new software features.
No new hardware features.
06/28/04
12.2(20)S3
Rebuild
See the "New Software Features in Cisco IOS Release 12.2(20)S3" section.
See the "New Hardware Features in Cisco IOS Release 12.2(20)S3" section.
05/21/04
12.2(20)S2
Rebuild
No new software features.
See the "New Hardware Features in Cisco IOS Release 12.2(20)S2" section.
03/16/04
12.2(20)S1
Rebuild
No new software features.
No new hardware features.
01/21/04
12.2(20)S
Maintenance
See the "New Software Features in Cisco IOS Release 12.2(20)S" section.
No new hardware features.
10/29/03
12.2(18)S13
Rebuild
No new software features.
No new hardware features.
08/01/07
12.2(18)S12
Rebuild
No new software features.
No new hardware features.
06/22/06
12.2(18)S11
Rebuild
No new software features.
No new hardware features.
02/09/06
12.2(18)S10
Rebuild
No new software features.
No new hardware features.
09/29/05
12.2(18)S9
Rebuild
No new software features.
No new hardware features.
04/19/05
12.2(18)S8
Rebuild
No new software features.
No new hardware features.
02/24/05
12.2(18)S7
Rebuild
No new software features.
No new hardware features.
12/09/04
12.2(18)S6
Rebuild
No new software features.
No new hardware features.
09/10/04
12.2(18)S5
Rebuild
No new software features.
No new hardware features.
05/24/04
12.2(18)S4
Rebuild
No new software features.
No new hardware features.
03/22/04
12.2(18)S3
Rebuild
No new software features.
No new hardware features.
01/26/04
12.2(18)S2
Rebuild
No new software features.
No new hardware features.
12/05/03
12.2(18)S1
Rebuild
No new software features.
No new hardware features.
10/09/03
12.2(18)S
Maintenance
See the "New Software Features in Cisco IOS Release 12.2(18)S" section.
See the "New Hardware Features in Cisco IOS Release 12.2(18)S" section.
08/21/03
12.2(14)S19
Rebuild
No new software features.
No new hardware features.
07/26/07
12.2(14)S18
Rebuild
No new software features.
No new hardware features.
05/29/07
12.2(14)S17
Rebuild
No new software features.
No new hardware features.
05/18/06
12.2(14)S16
Rebuild
No new software features.
No new hardware features.
01/30/06
12.2(14)S15
Rebuild
No new software features.
No new hardware features.
09/20/05
12.2(14)S14
Rebuild
No new software features.
No new hardware features.
04/13/05
12.2(14)S13
Rebuild
No new software features.
No new hardware features.
02/17/05
12.2(14)S12
Rebuild
No new software features.
No new hardware features.
11/16/04
12.2(14)S10
Rebuild
No new software features.
No new hardware features.
08/09/04
12.2(14)S9
Rebuild
No new software features.
No new hardware features.
05/17/04
12.2(14)S7
Rebuild
No new software features.
No new hardware features.
03/08/04
12.2(14)S5
Rebuild
No new software features.
No new hardware features.
09/29/03
12.2(14)S3
Rebuild
No new software features.
No new hardware features.
07/10/03
12.2(14)S2
Rebuild
No new software features.
No new hardware features.
06/03/03
12.2(14)S1
Rebuild
No new software features.
No new hardware features.
04/10/03
12.2(14)S
Maintenance
See the "New Software Features in Cisco IOS Release 12.2(14)S" section.
See the "New Hardware Features in Cisco IOS Release 12.2(14)S" section.
01/30/03
1 Cisco IOS Release 12.0(30)S is the last maintenance release of Release 12.2S.
System Requirements
This section describes the system requirements for Cisco IOS Release 12.2S and includes the following sections:
•
•
Memory Recommendations
The memory recommendation tables have been removed from the Cisco IOS Release 12.2S release notes to improve the usability of the release notes documentation. The memory recommendations that were provided by these tables are available through Cisco Feature Navigator.
Cisco Feature Navigator is a web-based tool that enables you to determine which Cisco IOS and Catalyst OS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or by feature set (software image). Under the release section, you can compare Cisco IOS software releases side by side to display both the features unique to each software release and the features that the releases have in common.
Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:
For frequently asked questions about Cisco Feature Navigator, see the FAQs at the following URL:
http://tools.cisco.com/ITDIT/CFN/jsp/help.jsp
Determining Memory Recommendations for Software Images (Feature Sets)
To determine memory recommendations for software images (feature sets) in Cisco IOS Release 12.2S, go to the Cisco Feature Navigator home page and perform the following steps.
Step 1
Step 2
a.
b.
The Search Results table will list all the software images (feature sets) that support the release that you chose, plus the DRAM and flash memory recommendations for each image.
Step 3
a.
b.
c.
d.
The Search Results table will list all the software images (feature sets) that support the release that you chose, plus the DRAM and flash memory recommendations for each image.
Supported Hardware
This section describes the platforms and port adapters that are supported in Cisco IOS Release 12.2S.
Supported Platforms
Cisco IOS Release 12.2S supports the following platforms:
•
•
•
•
•
•
•
For detailed descriptions of the new hardware features, see the "New and Changed Information" section.
For additional information about supported hardware for these platforms and this release, see the Hardware/Software Compatibility Matrix in the Cisco Software Advisor at the following location:
http://www.cisco.com/pcgi-bin/front.x/Support/HWSWmatrix/hwswmatrix.cgi
Table 2 describes the supported platforms for Cisco IOS Release 12.2S and uses the following conventions:
•
•
Supported Port Adapters
Table 3 lists the port adapters that are supported for the Cisco 7200 series routers, Cisco 7301 router, Cisco 7304 router, Cisco 7400 series routers, and Cisco 7500 series routers in Cisco IOS Release 12.2S up to and including Cisco IOS Release 12.2(30)S1 and uses the following conventions:
•
•
•
Table 3 Supported Port Adapters for the Cisco 7200 Series, Cisco 7301, Cisco 7304, Cisco 7400 Series, and Cisco 7500 Series
Series
Router
Router
Series
SeriesPA-A1-OC3SM
1-port ATM OC3 single mode (IR)
—
No
No
No
No
Yes
PA-A1-OC3MM
1-port ATM OC3 multimode
—
No
No
No
No
Yes
PA-A2-4T1C-OC3SM=
ATM CES, 4 T1 CES ports, 1 OC3 ATM SM port
—
Yes
No
No
No
No
PA-A2-4T1C-T3ATM=
ATM CES, 4 T1 CES ports, 1 T3 ATM port
—
Yes
No
No
No
No
PA-A2-4E1XC-OC3SM=
CES OC3, 4 E1 ports, 120 ohms
—
Yes
No
No
No
No
PA-A2-4E1XC-E3ATM=
CES E3/E1, 120 ohms
—
Yes
No
No
No
No
PA-A3-OC3MM
1-port ATM Enhanced OC3c/STM1 multimode
—
Yes
Yes
Yes
Yes
Yes
PA-A3-OC3SMI
1-port ATM Enhanced OC3c/STM1 single mode (IR)
—
Yes
Yes
Yes
Yes
Yes
PA-A3-OC3SML
1-port ATM Enhanced OC3c/STM1 single mode (LR)
—
Yes
Yes
Yes
Yes
Yes
PA-A3-OC12MM
1-port ATM Enhanced OC12/STM4 multimode
—
No
No
No
No
Yes
PA-A3-OC12SMI
1-port ATM Enhanced OC12/STM4 single mode (IR)
—
No
No
No
No
Yes
PA-A3-E3
1-port ATM Enhanced E3
—
Yes
Yes
Yes
Yes
Yes
PA-A3-T3
1-port ATM Enhanced DS3
—
Yes
Yes
Yes
Yes
Yes
PA-A3-8E1IMA
8-port ATM Inverse Mux E1, 120 ohms
—
Yes
Yes
Yes
Yes
Yes
PA-A3-8T1IMA
8-port ATM Inverse Mux T1
—
Yes
Yes
Yes
Yes
Yes
PA-4C-E=
1-port Enhanced ESCON Channel
—
Yes
No
No
No
No
PA-SRP-OC12MM=
DPT-OC12 multimode (Cisco 7200 series only)
—
Yes
No
No
No
No
PA-SRP-OC12SMI=
DPT-OC12 single mode (IR) (Cisco 7200 series only)
—
Yes
No
No
No
No
PA-SRP-OC12SML=
DPT-OC12 single mode (LR) (Cisco 7200 series only)
—
Yes
No
No
No
No
PA-SRP-OC12SMX=
DPT-OC12 single mode extended reach (Cisco 7200 series only)
—
Yes
No
No
No
No
SRPIP-OC12MM=
DPT-OC12 multimode (Cisco 7500 series only)
—
No
No
No
No
Yes
SRPIP-OC12SMI=
DPT-OC12 single mode (IR) (Cisco 7500 series only)
—
No
No
No
No
Yes
SRPIP-OC12SML=
DPT-OC12 single mode (LR) (Cisco 7500 series only)
—
No
No
No
No
Yes
SRPIP-OC12SMX=
DPT-OC12 single mode extended reach (Cisco 7500 series only)
—
No
No
No
No
Yes
PA-4E
4-port Ethernet 10BASE-T
—
Yes
Yes
Yes
Yes
Yes
PA-4E1G/75
4-port E1 G.703 Serial, 75 ohms/unbalanced
—
Yes
Yes
Yes
Yes
Yes
PA-4E1G/120
4-port E1 G.703 Serial, 120 ohms/balanced
—
Yes
Yes
Yes
Yes
Yes
PA-5EFL
5-port Ethernet 10BASE-FL
—
Yes
Yes
No
Yes
Yes
PA-8E
8-port Ethernet 10BASE-T
—
Yes
Yes
Yes
Yes
Yes
PA-FE-FX
1-port Fast Ethernet 100BASE-FX
—
Yes
Yes
Yes
Yes
Yes
PA-FE-TX
1-port Fast Ethernet 100BASE-TX
—
Yes
Yes
Yes
Yes
Yes
PA-2FE-FX
2-port Fast Ethernet 100BASE-FX
—
Yes
Yes
Yes
Yes
Yes
PA-2FE-TX
2-port Fast Ethernet 100BASE-TX
—
Yes
Yes
Yes
Yes
Yes
PA-GE
1-port Gigabit Ethernet
—
Yes
No
Yes
Yes
No
PA-F/FD-MM
1-port FDDI Full Duplex multimode
—
Yes2
No
No
No
Yes
PA-F/FD-SM
1-port FDDI Full Duplex single mode
—
Yes2
No
No
No
Yes
PA-H
1-port High-Speed Serial Interface (HSSI)
—
Yes
Yes
Yes
Yes
Yes
PA-2H
2-port High-Speed Serial Interface (HSSI)
—
Yes
Yes
Yes
Yes
Yes
PA-MC-T3
1-port multichannel T3
—
Yes
Yes
Yes
Yes
Yes
PA-MC-E3
1-port multichannel E3
—
Yes
Yes
Yes
Yes
Yes
PA-MC-2T3+
2-port multichannel T3
—
Yes
Yes
Yes
Yes
Yes
PA-MC-2T1
2-port multichannel T1, integrated CSU/DSUs
—
Yes
Yes
Yes
Yes
Yes
PA-MC-2E1/120
2-port multichannel E1, G.703 120-ohm interface
—
Yes
Yes
Yes
Yes
Yes
PA-MC-4T1
4-port multichannel T1, integrated CSU/DSUs
—
Yes
Yes
Yes
Yes
Yes
PA-MC-8T1
8-port multichannel T1, integrated CSU/DSUs
—
Yes
Yes
Yes
Yes
Yes
PA-MC-8E1/120
8-port multichannel E1, G.703 120-ohm interface
—
Yes
No
Yes
Yes
Yes
PA-MC-8TE1+
8-port multichannel T1/E1 8PRI
(14)
Yes
Yes
Yes
Yes
Yes
PA-MC-STM-1MM
1-port multichannel STM-1 multimode
(14)
Yes
Yes
Yes
Yes
Yes
PA-MC-STM-1SMI
1-port multichannel STM-1 single mode
(14)
Yes
Yes
Yes
Yes
Yes
PA-4B-U
4-port BRI, U Interface
—
Yes
Yes
No
Yes
No
PA-8B-S/T
8-port BRI, S/T Interface
—
Yes
Yes
No
Yes
No
SA-ENCRYPT=
Encryption Service Adapter
—
No
No
No
No
Yes
SA-ISA
Integrated Services Adapter for IPSec or MPPE encryption
(14)
Yes
No
No
No
No
SPA-4FE-7304
4-port 10/100 Fast Ethernet SPA
(20)S2
No
No
Yes
No
No
SPA-2GE-7304
2-port 10/100/1000 Gigabit Ethernet SPA
(20)S2
No
No
Yes
No
No
SPA-2XOC3-POS
2-port OC-3c/STM-1 POS SPA
(25)S3
No
No
Yes
No
No
SPA-4XOC3-POS
4-port OC-3c/STM-1 POS SPA
(25)S3
No
No
Yes
No
No
SPA-1OC12-POS
1-port OC-12c/STM-4 POS SPA
(25)S3
No
No
Yes
No
No
SPA-2XT3/E3
2-port T3/E3 Serial SPA
(25)S3
No
No
Yes
No
No
SPA-4XT3/E3
4-port T3/E3 Serial SPA
(25)S3
No
No
Yes
No
No
PA-POS-OC3MM
1-port Packet over SONET OC3c/STM1 multimode
—
Yes
Yes
Yes
Yes
Yes
PA-POS-OC3SMI
1-port Packet over SONET OC3c/STM1 single mode (IR)
—
Yes
Yes
Yes
Yes
Yes
PA-POS-OC3SML
1-port Packet over SONET OC3c/STM1 single mode (LR)
—
Yes
Yes
Yes
Yes
Yes
PA-POS-2OC3
2-port OC-3/STM-1 POS with APS
(18)
Yes
Yes
Yes
Yes
Yes
PA-4T+
4-port Serial, Enhanced
—
Yes
Yes
Yes
Yes
Yes
PA-8T-V35
8-port Serial, V.35
—
Yes
Yes
Yes
Yes
Yes
PA-8T-X21
8-port Serial, X.21
—
Yes
Yes
Yes
Yes
Yes
PA-8T-232
8-port Serial, 232
—
Yes
Yes
Yes
Yes
Yes
PA-T3
1-port T3 Serial, T3 DSUs
—
Yes
Yes
Yes
Yes
Yes
PA-T3+
1-port T3 Serial, Enhanced
—
Yes
Yes
Yes
Yes
Yes
PA-2T3
2-port T3 Serial, T3 DSUs
—
Yes
Yes
Yes
Yes
Yes
PA-2T3+
2-port T3 Serial, Enhanced
—
Yes
Yes
Yes
Yes
Yes
PA-E3
1-port E3 Serial, E3 DSUs
—
Yes
Yes
Yes
Yes
Yes
PA-2E3
2-port E3 Serial, E3 DSUs
—
Yes
Yes
Yes
Yes
Yes
PA-4R-DTR
4-port Dedicated Token Ring, 4/16Mbps, HDX/FDX
—
Yes
No
No
No
Yes
1 For a spare product number, append an equal sign (=) to the product number. If a product number is listed as a spare product, only a spare product is available. For End-of-Sale (EOS) and End-of-Life (EOL) information about port adapters, refer to the Cisco product bulletins at the following locations:
Cisco 7200 series: http://www.cisco.com/en/US/products/hw/routers/ps341/prod_eol_notices_list.html
Cisco 7300 series: http://www.cisco.com/en/US/products/hw/routers/ps352/prod_eol_notices_list.html
Cisco 7400 series: http://www.cisco.com/en/US/products/hw/routers/ps354/prod_eol_notices_list.html
Cisco 7500 series: http://www.cisco.com/en/US/products/hw/routers/ps359/prod_eol_notices_list.html2 The FDDI port adapters are supported on non-VXR routers.
For troubleshooting and alerts information about port adapters, see the Cisco documents at the following location:
Determining the Software Version
To determine the version of Cisco IOS software that is running on your Cisco router, log in to the router and enter the show version EXEC command:
Router> show versionCisco Internetwork Operating System SoftwareIOS (tm) 7500 Software (rsp-jsv-mz), Version 12.2(25)S, EARLY DEPLOYMENT RELEASE SOFTWAREUpgrading to a New Software Release
For information about selecting a new Cisco IOS software release, see How to Choose a Cisco IOS Software Release at the following location:
http://www.cisco.com/warp/public/130/choosing_ios.shtml
For information about upgrading to a new software release, see the appropriate platform-specific document:
•
http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a0080094c07
.shtml•
http://www.cisco.com/en/US/products/hw/optical/ps2011/ps4002/index.html
•
http://www.cisco.com/en/US/products/hw/optical/ps2011/ps2014/index.html
For Cisco IOS upgrade ordering instructions, see the document at the following location:
http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/957_pp.htm
To choose a new Cisco IOS software release by comparing feature support or memory requirements, use Cisco Feature Navigator. Cisco Feature Navigator is a web-based tool that enables you to determine which Cisco IOS and Catalyst OS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or by feature set (software image). Under the release section, you can compare Cisco IOS software releases side by side to display both the features unique to each software release and the features that the releases have in common.
Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:
To choose a new Cisco IOS software release based on information about defects that affect that software, use Bug Toolkit at the following URL:
http://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl
Microcode Software
This section describes microcode software that is supported for the Cisco 7304 in Cisco IOS Release 12.2S and consists of the following subsections:
•
•
Bundled FPGAs for the Cisco 7304
This section provides information about the field-programmable gate array (FPGA) images for the Cisco 7304. These images apply only to the Cisco 7304.
If the versions of the FPGA images that are running on your Cisco 7304 do not match the versions that are bundled in the Cisco IOS software, we recommend that you update your FPGA images. For more details, see the Cisco 7304 FPGA Bundling and Update document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121ex/121ex10/
73fpga.htmBundled FPGAs for Cisco IOS Release 12.2(25)S15
There are no new FPGA images for Cisco IOS Release 12.2(25)S15. All Cisco IOS Release 12.2(25)S15 software images for the Cisco 7304 support the bundled FPGAs that were released in Release 12.2(25)S9.
Bundled FPGAs for Cisco IOS Release 12.2(25)S14
There are no new FPGA images for Cisco IOS Release 12.2(25)S14. All Cisco IOS Release 12.2(25)S14 software images for the Cisco 7304 support the bundled FPGAs that were released in Release 12.2(25)S9.
Bundled FPGAs for Cisco IOS Release 12.2(25)S13
There are no new FPGA images for Cisco IOS Release 12.2(25)S13. All Cisco IOS Release 12.2(25)S13 software images for the Cisco 7304 support the bundled FPGAs that were released in Release 12.2(25)S9.
Bundled FPGAs for Cisco IOS Release 12.2(25)S12
There are no new FPGA images for Cisco IOS Release 12.2(25)S12. All Cisco IOS Release 12.2(25)S12 software images for the Cisco 7304 support the bundled FPGAs that were released in Release 12.2(25)S9.
Bundled FPGAs for Cisco IOS Release 12.2(25)S11
There are no new FPGA images for Cisco IOS Release 12.2(25)S11. All Cisco IOS Release 12.2(25)S11 software images for the Cisco 7304 support the bundled FPGAs that were released in Release 12.2(25)S9.
Bundled FPGAs for Cisco IOS Release 12.2(25)S10
There are no new FPGA images for Cisco IOS Release 12.2(25)S10. All Cisco IOS Release 12.2(25)S10 software images for the Cisco 7304 support the bundled FPGAs that were released in Release 12.2(25)S9.
Bundled FPGAs for Cisco IOS Release 12.2(25)S9
All Cisco IOS Release 12.2(25)S9 software images for the Cisco 7304 support the bundled FPGAs that are listed in Table 4.
Bundled FPGAs for Cisco IOS Release 12.2(25)S8
All Cisco IOS Release 12.2(25)S8 software images for the Cisco 7304 support the bundled FPGAs that are listed in Table 5.
Bundled FPGAs for Cisco IOS Release 12.2(25)S7
There are no new FPGA images for Cisco IOS Release 12.2(25)S7. All Cisco IOS Release 12.2(25)S7 software images for the Cisco 7304 support the bundled FPGAs that were released in Release 12.2(25)S3.
Bundled FPGAs for Cisco IOS Release 12.2(25)S6
There are no new FPGA images for Cisco IOS Release 12.2(25)S6. All Cisco IOS Release 12.2(25)S6 software images for the Cisco 7304 support the bundled FPGAs that were released in Release 12.2(25)S3.
Bundled FPGAs for Cisco IOS Release 12.2(25)S5
There are no new FPGA images for Cisco IOS Release 12.2(25)S5. All Cisco IOS Release 12.2(25)S5 software images for the Cisco 7304 support the bundled FPGAs that were released in Release 12.2(25)S3.
Bundled FPGAs for Cisco IOS Release 12.2(25)S4
There are no new FPGA images for Cisco IOS Release 12.2(25)S4. All Cisco IOS Release 12.2(25)S4 software images for the Cisco 7304 support the bundled FPGAs that were released in Release 12.2(25)S3.
Bundled FPGAs for Cisco IOS Release 12.2(25)S3
All Cisco IOS Release 12.2(25)S3 software images for the Cisco 7304 support the bundled FPGAs that are listed in Table 6.
Bundled FPGAs for Cisco IOS Release 12.2(25)S2
All Cisco IOS Release 12.2(25)S2 software images for the Cisco 7304 support the bundled FPGAs that are listed in Table 7.
Bundled FPGAs for Cisco IOS Release 12.2(20)S14
There are no new FPGA images for Cisco IOS Release 12.2(20)S14. All Cisco IOS Release 12.2(20)S14 software images for the Cisco 7304 support the bundled FPGAs that were released in Release 12.2(20)S11.
Bundled FPGAs for Cisco IOS Release 12.2(20)S13
There are no new FPGA images for Cisco IOS Release 12.2(20)S13. All Cisco IOS Release 12.2(20)S13 software images for the Cisco 7304 support the bundled FPGAs that were released in Release 12.2(20)S11.
Bundled FPGAs for Cisco IOS Release 12.2(20)S12
There are no new FPGA images for Cisco IOS Release 12.2(20)S12. All Cisco IOS Release 12.2(20)S12 software images for the Cisco 7304 support the bundled FPGAs that were released in Release 12.2(20)S11.
Bundled FPGAs for Cisco IOS Release 12.2(20)S11
All Cisco IOS Release 12.2(20)S11 software images for the Cisco 7304 support the bundled FPGAs that are listed in Table 8.
Bundled FPGAs for Cisco IOS Release 12.2(20)S10
All Cisco IOS Release 12.2(20)S10 software images for the Cisco 7304 support the bundled FPGAs that are listed in Table 9.
Bundled FPGAs for Cisco IOS Release 12.2(20)S9
There are no new FPGA images for Cisco IOS Release 12.2(20)S9. All Cisco IOS Release 12.2(20)S9 software images for the Cisco 7304 support the bundled FPGAs that were released in Release 12.2(20)S8.
Bundled FPGAs for Cisco IOS Release 12.2(20)S8
All Cisco IOS Release 12.2(20)S8 software images for the Cisco 7304 support the bundled FPGAs that are listed in Table 10.
Bundled FPGAs for Cisco IOS Release 12.2(20)S7
All Cisco IOS Release 12.2(20)S7 software images for the Cisco 7304 support the bundled FPGAs that are listed in Table 11.
Bundled FPGAs for Cisco IOS Release 12.2(20)S6
All Cisco IOS Release 12.2(20)S6 software images for the Cisco 7304 support the bundled FPGAs that are listed in Table 12.
Bundled FPGAs for Cisco IOS Release 12.2(20)S5
All Cisco IOS Release 12.2(20)S5 software images for the Cisco 7304 support the bundled FPGAs that are listed in Table 13.
Bundled FPGAs for Cisco IOS Release 12.2(20)S4
There are no new FPGA images for Cisco IOS Release 12.2(20)S4. All Cisco IOS Release 12.2(20)S4 software images for the Cisco 7304 support the bundled FPGAs that were released in Release 12.2(20)S3.
Bundled FPGAs for Cisco IOS Release 12.2(20)S3
All Cisco IOS Release 12.2(20)S3 software images for the Cisco 7304 support the bundled FPGAs that are listed in Table 14.
Bundled FPGAs for Cisco IOS Release 12.2(20)S2
All Cisco IOS Release 12.2(20)S2 software images for the Cisco 7304 support the bundled FPGAs that are listed in Table 15.
Bundled FPGAs for Cisco IOS Release 12.2(20)S1
There are no new FPGA images for Cisco IOS Release 12.2(20)S1. All Cisco IOS Release 12.2(20)S1 software images for the Cisco 7304 support the bundled FPGAs that were released in Release 12.2(20)S.
Bundled FPGAs for Cisco IOS Release 12.2(20)S
All Cisco IOS Release 12.2(20)S software images for the Cisco 7304 support the bundled FPGAs that are listed in Table 16.
Shared Port Adapter FPD Image Packages for the Cisco 7304
Field-programmable device (FPD) image packages are used to update shared port adapter (SPA) FPD images. If a discrepancy exists between an SPA FPD image and the Cisco IOS image that is running on the router, the SPA will be deactivated until this discrepancy is resolved. For additional information on FPDs, including the upgrade process, see the "Upgrading Field-Programmable Devices" section of the Cisco 7304 Modular Services Card and Shared Port Adapter Software Configuration Guide:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/73mscspa/mscspasw/index.htm
Note
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(25)S15
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(25)S15 is the c7304-fpd.122-25.S15.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com. The content of this SPA FPD image package is the same as the content of the SPA FPD image package for Release 12.2(25)S3.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(25)S14
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(25)S14 is the c7304-fpd.122-25.S14.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com. The content of this SPA FPD image package is the same as the content of the SPA FPD image package for Release 12.2(25)S3.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(25)S13
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(25)S13 is the c7304-fpd.122-25.S13.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com. The content of this SPA FPD image package is the same as the content of the SPA FPD image package for Release 12.2(25)S3.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(25)S12
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(25)S12 is the c7304-fpd.122-25.S12.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com. The content of this SPA FPD image package is the same as the content of the SPA FPD image package for Release 12.2(25)S3.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(25)S11
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(25)S11 is the c7304-fpd.122-25.S11.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com. The content of this SPA FPD image package is the same as the content of the SPA FPD image package for Release 12.2(25)S3.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(25)S10
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(25)S10 is the c7304-fpd.122-25.S10.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com. The content of this SPA FPD image package is the same as the content of the SPA FPD image package for Release 12.2(25)S3.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(25)S9
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(25)S9 is the c7304-fpd.122-25.S9.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com. The content of this SPA FPD image package is the same as the content of the SPA FPD image package for Release 12.2(25)S3.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(25)S8
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(25)S8 is the c7304-fpd.122-25.S8.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com. The content of this SPA FPD image package is the same as the content of the SPA FPD image package for Release 12.2(25)S3.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(25)S7
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(25)S7 is the c7304-fpd.122-25.S7.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com. The content of this SPA FPD image package is the same as the content of the SPA FPD image package for Release 12.2(25)S3.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(25)S6
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(25)S6 is the c7304-fpd.122-25.S6.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com. The content of this SPA FPD image package is the same as the content of the SPA FPD image package for Release 12.2(25)S3.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(25)S5
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(25)S5 is the c7304-fpd.122-25.S5.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com. The content of this SPA FPD image package is the same as the content of the SPA FPD image package for Release 12.2(25)S3.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(25)S4
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(25)S4 is the c7304-fpd.122-25.S4.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com. The content of this SPA FPD image package is the same as the content of the SPA FPD image package for Release 12.2(25)S3.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(25)S3
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(25)S3 is the c7304-fpd.122-25.S3.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(25)S2
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(25)S2 is the c7304-fpd.122-25.S2.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(20)S14
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(20)S14 is the c7304-fpd-pkg.122-20.S14 file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image in the Software Center on Cisco.com.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(20)S13
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(20)S13 is the c7304-fpd-pkg.122-20.S13 file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image in the Software Center on Cisco.com.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(20)S12
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(20)S12 is the c7304-fpd-pkg.122-20.S12 file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image in the Software Center on Cisco.com.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(20)S11
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(20)S11 is the c7304-fpd-pkg.122-20.S11 file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image in the Software Center on Cisco.com.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(20)S10
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(20)S10 is the c7304-fpd-pkg.122-20.S10 file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image in the Software Center on Cisco.com.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(20)S9
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(20)S9 is the c7304-fpd-pkg.122-20.S9 file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image in the Software Center on Cisco.com.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(20)S8
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(20)S8 is the spa-fpd-122-20.S8.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(20)S7
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(20)S7 is the spa-fpd-122-20.S7.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(20)S6
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(20)S6 is the spa-fpd-122-20.S6.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(20)S5
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(20)S5 is the spa-fpd-122-20.S5.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(20)S4
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(20)S4 is the spa-fpd-122-20.S4.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(20)S3
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(20)S3 is the spa-fpd-122-20.S3.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com.
Shared Port Adapter FPD Image Package for Cisco IOS Release 12.2(20)S2
The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.2(20)S2 is the spa-fpd-122-20.S2.pkg file. This SPA FPD image package file is accessible from the page where you downloaded your specific Cisco IOS image from the Software Center on Cisco.com.
Cisco IOS Release 12.2(20)S2 is the first Cisco IOS Release to support SPAs. Therefore, Cisco IOS Release 12.2(20)S2 is the first Cisco IOS Release to support FPD image packages.
Feature Support
Cisco IOS software is packaged in feature sets that consist of software images that support specific platforms. The feature sets available for a specific platform depend on which Cisco IOS software images are included in a release. Each feature set contains a specific set of Cisco IOS features.
Caution
Note
Cisco Feature Navigator is a web-based tool that enables you to determine which Cisco IOS and Catalyst OS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or by feature set (software image). Under the release section, you can compare Cisco IOS software releases side by side to display both the features unique to each software release and the features that the releases have in common.
Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:
For frequently asked questions about Cisco Feature Navigator, see the FAQs at the following URL:
http://www.cisco.com/support/FeatureNav/FNFAQ.html
Determining Which Software Images (Feature Sets) Support a Specific Feature
To determine which software images (feature sets) in Cisco IOS Release 12.2S support a specific feature, go to the Cisco Feature Navigator home page and perform the following steps.
Step 1
Step 2
Step 3
Note
Repeat this step to add additional features. A maximum of 20 features can be chosen for a single search.
Step 4
Step 5
Step 6
Step 7
Determining Which Features Are Supported in a Specific Software Image (Feature Set)
To determine which features are supported in a specific software image (feature set) in Cisco IOS Release 12.2S, go to the Cisco Feature Navigator home page and perform the following steps.
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
New and Changed Information
This section lists the new hardware and software features supported by Cisco IOS Release 12.2S and contains the following subsections:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Note
New Hardware Features in Cisco IOS Release 12.2(30)S
There are no new hardware features in Cisco IOS Release 12.2(30)S.
New Software Features in Cisco IOS Release 12.2(30)S
There are no new software features in Cisco IOS Release 12.2(30)S.
New Hardware Features in Cisco IOS Release 12.2(25)S3
This section describes new and changed features in Cisco IOS Release 12.2(25)S3. Some features may be new to Cisco IOS Release 12.2S but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.2(25)S3. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.
1 Port OC-12 ATM Line Card (7300-1OC12ATM)
This release introduces the 1-port OC-12 ATM line card (7300-1OC12ATM)for the Cisco 7304 router. For detailed information about this feature, see the Cisco documents at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/linecard/ol_6876/index.htm
1-Port OC-12c/STM-4 POS SPA Shared Port Adapter (SPA-1OC12-POS)
This release introduces the 1-port OC-12c/STM-4 POS SPA (SPA-1OC12-POS) shared port adapter (SPA) for the Cisco 7304 router. For detailed information about this feature, see the following Cisco documents:
•
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/73mscspa/mscspahw/index.htm
•
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/73mscspa/mscspasw/index.htm
2-Port and 4-Port OC-3 POS SPA Shared Port Adapter (SPA-2XOC3-POS and SPA-4XOC3-POS)
This release introduces the 2-port and 4-port OC-3 POS shared port adapters (SPA-2XOC3-POS and SPA-4XOC3-POS) for the Cisco 7304 router. For detailed information about this feature, see the following Cisco documents:
•
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/73mscspa/mscspahw/index.htm
•
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/73mscspa/mscspasw/index.htm
2-Port and 4-Port T3/E3 Serial SPA Shared Port Adapter (SPA-2XT3/E3 and SPA-4XT3/E3)
This release introduces the 2-port and 4-port T3/E3 serial SPA shared port adapters (SPA-2XT3/E3 and SPA-4XT3/E3) for the Cisco 7304 router. For detailed information about this feature, see the following Cisco documents:
•
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/73mscspa/mscspahw/index.htm
•
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/73mscspa/mscspasw/index.htm
New Software Features in Cisco IOS Release 12.2(25)S3
This section describes new and changed features in Cisco IOS Release 12.2(25)S3. Some features may be new to Cisco IOS Release 12.2S but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.2(25)S3. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.
MPLS VPN: SSO/NSF Support
This feature was introduced in Cisco IOS Release 12.2(25)S. Release 12.2(25)S3 adds support for the Cisco 7304 routers. For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fsvpngr.
htmNew Hardware Features in Cisco IOS Release 12.2(25)S2
There are no new hardware features in Cisco IOS Release 12.2(25)S2.
New Software Features in Cisco IOS Release 12.2(25)S2
This section describes new and changed features in Cisco IOS Release 12.2(25)S2. Some features may be new to Cisco IOS Release 12.2S but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.2(25)S2. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.
Any Transport over MPLS for PXF
Any Transport over MPLS (AToM) transports Layer 2 packets over a Multiprotocol Label Switching (MPLS) backbone. AToM enables service providers to connect customer sites with existing data link layer (Layer 2) networks, by using a single, integrated, packet-based network infrastructure— a Cisco MPLS network. Instead of separate networks with network management environments, service providers can deliver Layer 2 connections over an MPLS backbone. AToM provides a common framework to encapsulate and transport supported Layer 2 traffic types over an MPLS network core.
The AToM for PXF features introduces AToM in the PXF-processing path for the Cisco 7304 router.
IP and Ethernet interworkings are supported in PXF as part of this feature.
The following AToM transport modes are now supported on line card, port adapter, shared port adapter, and the native Gigabit Ethernet interface on the Cisco 7304 processor:
•
•
•
•
•
The following modes are supported on the PA-A3-OC3 only:
•
•
•
•
•
For general information on AToM (non-PXF and across platforms), see the Any Transport over ATM document at the following location:
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fsatom.html
For additional information on this feature, see the Cisco 7304 Troubleshooting and Configuration Notes document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/trouble/1270note.htm
Layer 2 Tunneling Protocol v3 for PXF on the Cisco 7304 NSE-100
L2TPv3 is an Internet Engineering Task Force (IETF) l2tpext working group draft that provides several enhancements to L2TP for the capability to tunnel any Layer 2 payload over L2TP. Specifically, L2TPv3 defines the L2TP protocol for tunneling Layer 2 payloads over an IP core network using Layer 2 Virtual Private Networks (VPNs).
L2TP has two fundamental parts:
•
•
L2TPv3 signaling is responsible for negotiating control plane parameters, session IDs, and cookies; for performing authentication; and for exchanging configuration parameters. L2TPv3 is also used to reliably deliver hello messages and circuit status messages. These messages are critical to support circuit interworking, such as the Local Management Interface (LMI), and to monitor the remote circuit status.
This feature introduces L2TPv3 in the PXF processing path for Cisco 7304 routers using an NSE-100 (this feature is already available for the NPE-G100). Specifically, the following is supported for L2TPv3 in the PXF processing path:
•
–
–
–
–
–
–
–
–
•
–
–
•
–
–
–
•
–
–
–
–
–
•
–
–
policymap p1
class class-default
set qos-group .. [AND/OR]
police ..–
•
–
•
–
For additional information on this feature, see the Cisco 7304 Troubleshooting and Configuration Notes document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/trouble/1270note.htm
Multicast and Multicast VPN for PXF
The Multicast and Multicast VPN (mVPN) for PXF feature introduces support for the following packets in the PXF processing path on the Cisco 7304 Router in Cisco IOS Release 12.2(25)S2:
•
•
•
No new configuration has been introduced as a result of the introduction of this feature. This feature simply forwards the previously mentioned packets using the PXF-switching path, assuming the configurations were previously configured.
For some sample configurations, see the following documents:
•
http://www.cisco.com/warp/public/105/48.html
•
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/
fs_mvpn.htm#1041814For additional information on this feature, see the Cisco 7304 Troubleshooting and Configuration Notes document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/trouble/1270note.htm
New Hardware Features in Cisco IOS Release 12.2(25)S1
There are no new hardware features in Cisco IOS Release 12.2(25)S1.
New Software Features in Cisco IOS Release 12.2(25)S1
This section describes new and changed features in Cisco IOS Release 12.2(25)S1. Some features may be new to Cisco IOS Release 12.2S but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.2(25)S1. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.
Multiple Trunk
Cisco IOS Release 12.2(25)S1 adds support for multiple trunk connections that enable more than one network topology to connect to a single Cisco ONS 15540 chassis.
PPP/MLP MRRU Negotiation Configuration
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_7/gtmpmrru.
htmNew Hardware Features in Cisco IOS Release 12.2(25)S
This section describes new and changed features in Cisco IOS Release 12.2(25)S. Some features may be new to Cisco IOS Release 12.2S but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.2(25)S. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.
Route Switch Processor 16
The Route Switch Processor 16 (RSP16) is available in new system deployments and as an upgrade to existing systems that are based on the RSP8, RSP4+, or RSP2. The RSP16 is compatible with existing Versatile Interface Processors (VIPs), including the new Cisco VIP6-80, and with port adapters that are supported with existing VIPs.
The RSP16 fully supports Cisco 7500 series high-availability features, including Single Line Card Reload (SLCR), Route Processor Redundancy (RPR), RPR Plus (RPR+), Fast Software Upgrade (FSU), Nonstop Forwarding (NSF), and Stateful Switchover (SSO). This support allows the Cisco 7500 series routers to demonstrate some of the highest uptime in the industry. FSU allows customers to upgrade their existing RSP2, RSP4+, and RSP8 to RSP16 with minimal downtime.
The RSP16 is an ideal platform for enterprise and service provider networks that require additional performance and processing power to support service-enabled edge and core applications.
For information about installation and configuration of the RSP16, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7505/rte_swit/13963r16.htm
New Software Features in Cisco IOS Release 12.2(25)S
This section describes new and changed features in Cisco IOS Release 12.2(25)S. Some features may be new to Cisco IOS Release 12.2S but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.2(25)S. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.
1-Gbps ISC Links Peer Mode
The 1-Gbps ISC links peer mode is now supported on the Cisco ONS 15530 transponder line cards and Cisco ONS 15540 2.5-Gbps transponder modules.
ACL IP Options Selective Drop
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s23/sel_drop.htm
ACL—Named ACL Support for Noncontiguous Ports on an Access Control Entry
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_7/gtaclace.htm
ACL Support for Filtering IP Options
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gtipofil.htm
ACL TCP Flags Filtering
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gtaclflg.htm
Any Transport over MPLS
The following Any Transport over Multiprotocol Label Switching (AToM) features are introduced for the Cisco 7500 series in Cisco IOS Release 12.2(25)S:
•
•
•
•
•
•
•
•
For detailed information about these features, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fsatom.html
Any Transport over MPLS (AToM) Graceful Restart
For detailed information about this feature, see the Any Transport over MPLS High Availability - Stateful Switchover (SSO) and Non-Stop Forwarding (NSF) document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fsatomha.htm
Any Transport over MPLS High Availability - Stateful Switchover (SSO) and Non-Stop Forwarding (NSF)
For detailed information about this feature, see the Any Transport over MPLS High Availability - Stateful Switchover (SSO) and Non-Stop Forwarding (NSF) document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fsatomha.htm
AToM Port Mode Cell Relay Support for PA-A3-8T1 IMA PA and PA-A3-8E1 IMA PA
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fsatom.html
ATM Conditional Debug Support
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s28/12satmdb.htm
ATM OAM Ping
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s21/12atmpng.htm
ATM Port Mode Packed Cell Relay over AToM
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fsatom.html
ATM PVC Trap Enhancements for Segment and End AIS/RDI Failures
When an ATM permanent virtual circuit (PVC) cannot be used to transmit data because of a connectivity failure, it may be placed in a down state. To detect a connectivity failure, various types of Operation, Administration, and Maintenance (OAM) cells can be used. The operator can inform the network management system (NMS) about OAM failures using ATM PVC trap notifications. Depending on the PVC trap notification that is enabled, the PVC state can be kept up or can brought down. The various ATM PVC trap notifications supported for different types of PVC connectivity failure detection mechanisms are as follows:
•
•
•
•
•
When connectivity is restored and the PVC is in a down state, it is changed to an up state and data transfer is allowed to occur over the PVC. This restoration of connectivity can be detected using OAM cells, and the following recovery trap notifications can be used to inform the NMS:
•
•
•
•
•
If the traps in these lists were sent for each PVC failure and recovery, they would generate much traffic for the NMS. To reduce this traffic, at most one trap of each type could be generated in each notification interval. However, because there can be multiple PVCs, each of which can have multiple failures and recoveries, the trap may contain multiple PVCs. To reduce the size of the trap packet, successive PVCs that have the same failures or recoveries are expressed by means of ranges.
In the F5 AIS/RDI failure and recovery traps listed above, separate segment and end AIS/RDI traps are not implemented. The ATM PVC Trap Enhancements for Segment and End AIS/RDI Failures feature introduced in Cisco IOS Release 12.2(25)S allows the generation of separate ATM F5 segment and end AIS/RDI failure and recovery trap notifications. This enhancement also adds the ifDescr object to the traps.
See the ATM OAM Support for F5 Continuity Check feature module for information about enabling ATM OAM F5 support:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s24/24soamcc.htm
BGP Features
The following BGP features are supported as of Cisco IOS Release 12.2(25)S:
BGP Cost Community Support for EIGRP MPLS VPN PE-CE with Backdoor Links
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fsbgpcce.htm
BGP MIB Support Enhancements
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fs_bmibe.htm
BGP Policy Accounting Output Interface Accounting
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/
gtbgppax.htmBGP Support for Dual AS Configuration for Network AS Migrations
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fsbgpdas.htm
BGP Support for IP Prefix Import from Global Table into a VRF Table
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fs_bgivt.htm
BGP Support for Named Extended Community Lists
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fsnextcl.htm
BGP Support for Sequenced Entries in Extended Community Lists
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fsextseq.htm
BGP Support for TTL Security Check
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fs_btsh.htm
Cisco IOS Login Enhancements
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gt_login.htm
Cisco IOS Scripting with Tcl
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_2/gt_tcl.htm
CLNS Support for GRE Tunneling of IPv4 and IPv6
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-tunnel.html#wp1055474
CNS Agents
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fs_cns.htm
Configuration Change Notification and Logging
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gtconlog.htm
Configuration Generation Performance Enhancement
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_7/gtinvgen.htm
Configuration Replace and Configuration Rollback
For detailed information about this feature, including configuration versioning, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_7/gtrollbk.htm
Contextual Configuration Diff Utility
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gt_diff.htm
Control Plane Policing - Time Based
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s18/gtrtlimt.htm
CPU Threshold Notification
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gt_cput.htm
Embedded Event Manager 2.0
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fs_eem2.htm
Embedded Syslog Manager (ESM)
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_2/gt_esm.htm
Enhanced Object Tracking
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t15/fthsrptk.htm
Extended ACL Support for IGMP to Support SSM in IPv4
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_7/gtmcxacl.htm
FHRP - Enhanced Object Tracking of Service Assurance Agent (SAA) Operations
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gtfhrp.htm
FHRP - HSRP - SSO Aware HSRP
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fshsrpss.htm
First Hop Redundancy Protocols
The following First Hop Redundancy Protocols (FHRPs) are supported in Cisco IOS Release 12.2(25)S:
•
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_2/gthsrpau.htm
•
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gthsrpv2.htm
•
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_2/gtvrrptk.htm
Frame Relay Conditional Debug Support
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s28/12sfrcdb.htm
Frame Relay FRF.1.2 Annex A Support
The Frame Relay FRF.1.2 Annex A Support feature is also known as Local Management Interface (LMI) segmentation and supports an enhancement to the Frame Relay LMI protocol where LMI full status messages are segmented because MTU constraints or large numbers of permanent virtual circuits (PVCs). This feature is useful when the MTU size cannot be increased but is insufficient to accommodate the large number of PVCs on the link. During Frame Relay internetworking with other Layer 2 protocols, the MTUs on each interface must match. In software without the Frame Relay FRF.1.2 Annex A Support feature, users cannot change the MTU size on the Frame Relay side and place all the PVC data into one LMI packet. With the Frame Relay FRF.1.2 Annex A Support functionality, this problem is solved.
The FRF.1.2 Annex A standard adds a new message type "Full status continued" to an LMI packet. When a DCE determines that it cannot fit all PVCs into one packet (enforced by the MTU size), the message type is set to "Full status continued." The DTE responds to "Full status continued" messages sent to this packet immediately instead of waiting for the T391 timer to expire. The DCE sends the remaining PVCs in one or more "Full status continued" messages until all the remaining PVCs can fit into one message. At this point, a normal "Full status" message is sent.
If the DTE receives a "Full status" or "Full status continued" STATUS message in response to a "Full status continued" STATUS ENQUIRY message, this exchange indicates a lower-valued data-link connection identifier (DLCI) than the previous "Full status continued" STATUS message and is considered to be an error event and PVC information elements (IEs) will not be processed. The next time the T391 timer expires, the "Full status" STATUS ENQUIRY procedure is reinitiated.
This feature follows the FRF1.2 implement agreement [1] and allows the Cisco IOS software to be compliant with the FRF1.2 standard. The implementation is platform-independent and applies to all platforms running Cisco IOS software that support Frame Relay. This feature interoperates only with existing Cisco IOS software releases where all PVCs can be reported in one packet. A router running the new functionality must be able to interoperate with routers running existing Cisco IOS software releases and with routers that support the new functionality using the continuation status request and reply frames. Only LMI types Q.933A and ANSI support the FRF.1.2 Annex A standard.
You can track "Full status continued" packets using the debug frame-relay lmi privileged EXEC command. An extra field, 04, has been added to the display output. The following example indicates where in the report to look for this field (text in bold for purpose of example):
17:42:39: Serial1(out): StEnq, myseq 126, yourseen 125, DTE up
17:42:39: datagramstart = 0x40058DA4, datagramsize = 13
17:42:39: FR encap = 0x00010308
17:42:39: 00 75 51 0104 53 02 7E 7DThe string segment "active/inactive" in the show interface commands indicates whether the FRF.1.2 Annex A standard is triggered. The report indicates active when routers receive the "Full status continued" message; otherwise, the report indicates inactive.
Integrated IS-IS Global Default Metric
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gtisglob.htm
Integrated IS-IS Protocol Shutdown Support Maintaining Configuration Parameters
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gtisprot.htm
IPMROUTE-STD-MIB
This feature introduces support for the IPMROUTE-STD-MIB in Cisco IOS Release 12.2(25)S. The IPMROUTE-STD-MIB, as defined in RFC 2932, is a module for management of IP multicast routing in a manner independent of the specific multicast routing protocol in use. Support for this MIB replaces the draft form of the IPMROUTE-MIB.
The IPMROUTE-STD-MIB supports all the MIB objects of the IPMROUTE-MIB and also supports the following four new MIB objects:
•
•
•
•
The ipMRouteScopeNameTable MIB object is not supported because it is not relevant to multicast routers.
IP Traffic Export
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gt_rawip.htm
IPv6 Anycast Address
For information about this feature, see the "IPv6 Address Type: Anycast" section in the Implementing Basic Connectivity for IPv6 document:
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-addrg_bsc_con.html#wp1052470
IPv6 Multicast Features
The following IPv6 Multicast and IPv6 Multicast-related features are supported as of Cisco IOS Release 12.2(25)S:
•
•
•
•
•
•
•
•
•
•
For information about the IPv6 Multicast: PIM Embedded RP Support feature and the IPv6 Multicast: Static Multicast Routing (mroute) for IPv6 feature, see the following section in the Implementing IPv6 Multicast document:
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-multicast.html
For information about the IPv6 Multicast: Address Family Support for Multiprotocol BGP feature, see the following section in the Implementing IPv6 Multicast document:
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-multicast.html
For information about all other IPv6 Multicast and IPv6 Multicast-related features mentioned above, see the following section in the Implementing IPv6 Multicast document:
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-multicast.html
IS-IS Caching of Redistributed Routes
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s27/isredrib.htm
IS-IS Support for Priority-Driven IP Prefix RIB Installation
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s26/fslocrib.htm
L2TPv3: Layer 2 Tunneling Protocol Version 3
Cisco IOS Release 12.2(25)S introduces support for the Layer 2 Tunneling Protocol version 3 (L2TPv3) feature, including the following L2TPv3-related features:
•
•
•
•
•
For information about the L2TPv3 Layer 2 Fragmentation feature, see the "IP Packet Fragmentation" section in the Layer 2 Tunnel Protocol Version 3 document (see below).
•
For detailed information about these features, see the Layer 2 Tunnel Protocol Version 3 document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s29/l2tpv29s.htm
L2VPN Interworking
Cisco IOS Release 12.2(25)S introduces support for the L2VPN Interworking feature, including the following features:
•
•
•
•
•
For detailed information about these features, see the L2VPN Interworking document:
Layer 2 Local Switching Features
The following Layer 2 Local Switching features are supported:
•
•
•
For detailed information about these features, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fslocal.html
Loadsharing IP Packets over More Than Six Parallel Paths
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fslocal.html
Memory Leak Detector
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_8/gtmleakd.htm
Memory Pool - SNMP Notification Support
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gtmemnot.htm
MPLS LDP Inbound Label Binding Filtering
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fsinbd4.htm
MPLS LDP: SSO/NSF Support and Graceful Restart
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fsldpgr.htm
MPLS LDP MIB: SSO/NSF Support
For further information about this feature, see the "MPLS LDP MIB: SSO/NSF Support" section in the MPLS High Availability: Overview document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fshaov.htm
MPLS VPN MIB: SSO/NSF Support
For detailed information about this feature, see the "MPLS VPN MIB: SSO/NSF Support" section in the MPLS High Availability: Overview document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fshaov.htm
MPLS VPN - Route Target Rewrite
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fsrtrw4.htm
MPLS VPN: SSO/NSF Support
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fsvpngr.htm
MPLS VPN—VRF Selection Based on Source IP Address
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122sz/12214sz/122szvrf.htm
MPLS VPN VRF Selection Using Policy Based Routing
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fs_pbrsv.htm
MSDP Compliance with IETF RFC 3618
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gt_msdp.htm
Multicast Fast Switching Performance Improvement
The Multicast Fast Switching Performance Improvement feature provides improvement of up to 100 percent of the existing multicast path packet throughput. This feature targets software forwarding-based platforms for IPv4 multicast only.
Multilink Frame Relay over L2TPv3/AToM
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s28/fsmfrl2.htm
NAT—dCEF Support
The NAT—dCEF Support feature enhances the overall performance of Route Switch Processors (RSPs) on a Cisco 7500 series by enabling line cards to perform address translation. Without this feature, any distributed Cisco Express Forwarding (dCEF) switched packet that needs address translation must be switched by the Route Switch Controller (RSC), which increases load and reduces system performance and throughput.
Line cards are able to maintain a subset of the RSC's NAT table. This enables the line cards to switch packets and perform express forwarding within and between port adapters. Because embedded address translation cannot occur at the line card level, packets that require payload translation are punted to the next higher level switching mechanism in the RSC.
NAT—Performance Enhancement—CEF Switching Support
The NAT—Performance Enhancement—CEF Switching Support feature enhances router performance by optimizing packet processing. Through Cisco Express Forwarding (CEF), decisions to translate, punt, drop, or forward a packet are made with a single lookup. To improve performance, packets that do not require translation and fragmented packets are not punted to the process level. Those packets that have special flags, such as TCP syn/fin/reset, are processed in the CEF path itself. Any action that is CPU-intensive is performed by a background process or by process-level NAT code.
NAT—Performance Enhancement—Translation Table Optimization
The NAT Translation Table Optimization Performance enhancement provides greater structure for storing translation table entries and an optimized look up in the table for associating table entries to IP connections.
NAT—Performance & Scalability Enhancement—Timer Wheel
The NAT—Performance & Scalability Enhancement—Timer Wheel feature reduces CPU utilization in cases where routers must manage large numbers of Network Address Translation (NAT) entries and it eliminates the performance bottleneck caused by the previous timer tree model. By using a more efficient data structure and a priority queue to sort the timer and eliminate the sorting operation during a timer insertion, the process of inserting and removing a timer is faster, improving the scalability of a router that is running NAT.
NAT—Rate Limiting NAT Translation
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gt_natrl.htm
NAT—Translation of External IP Addresses Only
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t4/ftnatxip.htm
NetFlow Input Filters
For detailed information about this feature (which is also known as the NetFlow Input Filters and Multi-Sampling Rates feature), see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gtnfinpf.htm
NetFlow MIB
This release adds MIB support to NetFlow. NetFlow cache information, current NetFlow configuration, and statistics can now be monitored using the Simple Network Management Protocol (SNMP).
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_7/nflowmib.htm
For more information about CISCO-NETFLOW-MIB, the MIB objects for the functionality described above, and to locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://tools.cisco.com/ITDIT/MIBS/servlet/index
NetFlow MIB and Top Talkers
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/nflowtt.htm
OSPF Area Transit Capability
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s27/ospfatc.htm
OSPF Forwarding Adjacency
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s24/ospffa.htm
OSPF Link-Local Signaling Per Interface Basis
For detailed information about this feature (which may also be known as the OSPF Per-Interface Link-Local Signaling feature), see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s27/ospflls.htm
OSPF Link State Database Overload Protection
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s27/ospfopro.htm
OSPF MIB Support of RFC 1850 and Latest Extensions
This release updates the OSPF MIB support to the latest RFC 1850 and adds the latest draft extensions. For more information regarding the definitions of the draft extensions, see the CISCO-OSPF-MIB.my and CISCO-OSPF-TRAP-MIB.my files that are available through the Cisco MIB FTP site at the following URL:
http://tools.cisco.com/ITDIT/MIBS/servlet/index
For routers that are running Cisco IOS Release 12.0(26)S and later releases, the OSPF MIB and CISCO OSPF MIB will be supported only for the first OSPF process (except for MIB objects that are related to virtual links and sham links). SNMP traps will be generated for OSPF events that are related to any of the OSPF processes. There is no workaround for this situation.
The CISCO-OSPF-MIB.my is a read-only MIB.
OSPF Support for Forwarding Adjacencies over MPLS Traffic Engineered Tunnels
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s24/
ospffa.htmOSPF Support for Unlimited Software VRFs per Provider Edge (PE) Router
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gtospfvf.htm
PBR Support for Multiple Tracking Options
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gtpbrtrk.htm
Periodic MIB Data Collection and Transfer Mechanism
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s24/gdatacol.htm
PIM Dense Mode Fallback Prevention in a Network Following RP Information Loss
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gtautorp.htm
Port Mode Cell Relay Support for PA-A3-T3, PA-A3-E3, and PA-A3-OC3 PAs
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fsatom.html
Rate Limiting NAT Translation
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gt_natrl.htm
Router Security Audit Logs
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s18/gtaudlog.htm
RTP Header Compression over Satellite Links
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fscrtprf.htm
Secure Copy
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ftscp.htm
Secure Shell Version 2 Support
For detailed information about this feature, including the Secure Shell SSH Version 2 Client Support feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gt_ssh2.htm
Secure SNMP Views
The User Security Model (USM), View-Based Access Control Model (VACM), and Community MIBs (SNMP-USM-MIB, SNMP-VACM-MIB, and SNMP-COMMUNITY-MIB) contain information that can potentially be used to gain access to a router using Simple Network Management Protocol (SNMP). Therefore, the USM, VACM, and Community MIBs are excluded from the default SNMP access view so as not to allow remote access unless it is specifically configured. However, when an SNMP view is created with any parent object identifier (OID) of these MIBs included (for example "internet included"), these MIBs also are included in the view. To increase security, the Secure SNMP Views feature excludes these MIBs from SNMP access views even when parent OIDs are included in the view.
In releases earlier than this release, when you configure SNMP views with parent OIDs that include the USM, VACM, or Community MIBs, you must explicitly exclude them. For example, the following configuration can be used to exclude security-sensitive MIBs from the SNMP view that is named "test":
! - include all MIBs under the parent tree "internet" snmp-server view test internet included
! -- exclude snmpUsmMIB snmp-server view test 1.3.6.1.6.3.15 excluded
! -- exclude snmpVacmMIB snmp-server view test 1.3.6.1.6.3.16 excluded
! -- exclude snmpCommunityMIB snmp-server view test 1.3.6.1.6.3.18 excludedAs of Cisco IOS Release 12.0(26)S, 12.2(25)S, and 12.2(2)T, the USM, VACM, and Community MIBs are excluded from any parent OIDs in a configured view by default. If you wish to include these MIBs in a view, you must now explicitly include them.
Service Assurance Agent (SAA) Multiple Operation Scheduling
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_8/gt_saams.htm
Silent Operation Mode
For detailed information about this feature, see the Control Plane Policing document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s18/gtrtlimt.htm
SNMP Support over VPNs—Context Based Access Control
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_2/gtsnmpvp.htm
Stateful Switchover (SSO) Support for QoS
For detailed information about this feature, see the following Stateful Switchover document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s20/fssso20s.htm
Stateful Switchover Support for Multilink Frame Relay
For detailed information about this feature, see the following Stateful Switchover document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s20/fssso20s.htm
Suppress BGP Advertisement for Inactive Routes
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fs_sbair.htm
Unique Device Identifier (UDI) Retrieval
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gtpepudi.htm
VC Single Cell Relay Support for PA-A3-OC12 over AToM/L2TPv3
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fsatom.html
VP/VC Mode Packed Cell Relay Support for PA-A3-8T1 IMA PA and PA-A3-8E1 IMA PA
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fsatom.html
VRF Aware Multicast Error Messages
Multicast error messages that are associated with a particular multicast VPN customer in an MPLS VPN environment can be tracked.
New Hardware Features in Cisco IOS Release 12.2(22)S
This section describes new and changed features in Cisco IOS Release 12.2(22)S. Some features may be new to Cisco IOS Release 12.2S but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.2(22)S. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.
ONS 15530 Platform
The Cisco ONS 15530 is a dense wavelength-division multiplexing (DWDM) multiservice aggregation platform that maximizes the carrying capacity of fiber by performing service aggregation of protocols such as Enterprise System Connection (ESCON), Fibre Channel, Fiber Connectivity (FICON), and Gigabit Ethernet. With the Cisco ONS 15530, users can take advantage of the availability of dark fiber to build a common infrastructure that supports data, storage area networking (SAN), and time-division multiplexing (TDM) traffic.
The Cisco ONS 15530 is available in two configurations, Network Equipment Building Systems (NEBS) and European Telecommunications Standards Institute (ETSI). Both configurations have two vertically stacked half-height slots specifically for the optical add/drop multiplexers (OADM) modules and ten vertically oriented slots that hold the CPU switch modules, line cards, and transponder line cards.
For further information about the Cisco ONS 15530 hardware, see the documents at the following Cisco location:
http://www.cisco.com/univercd/cc/td/doc/product/mels/15530/12_2_s/index.htm
ONS 15540 Platform
The Cisco ONS 15540 Extended Services Platform (ESP) is an optical transport platform that employs dense wavelength-division multiplexing (DWDM) technology. With the Cisco ONS 15540 ESP, users can take advantage of the availability of dark fiber to build a common infrastructure that supports data, storage area networking (SAN), and time-division multiplexing (TDM) traffic.
ONS 15540 ESP
The Cisco ONS 15540 ESP uses a 12-slot modular vertical chassis for optical mux/demux modules, transponder modules, and processor cards. The system has an optical backplane for carrying signals between the transponder modules and the mux/demux modules.
For further information about the Cisco ONS 15540 hardware, see the documents at the following Cisco location:
http://www.cisco.com/univercd/cc/td/doc/product/mels/15540/12_2_s/index.htm
ONS 15540 ESPx
The Cisco ONS 15540 ESPx is similar to the Cisco ONS 15504 ESP but uses an enhanced chassis with front fiber-optic cable access for optical interconnections between transponders and optical mux/demux modules. The system has an electrical backplane for system control.
For further information about the Cisco ONS 15540x hardware, see the documents at the following Cisco location:
http://www.cisco.com/univercd/cc/td/doc/product/mels/15540x/12_2_s/index.htm
Regex Engine Performance Enhancement
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s_22/fs_rexpe.hm
New Software Features in Cisco IOS Release 12.2(22)S
This section describes new and changed features in Cisco IOS Release 12.2(22)S. Some features may be new to Cisco IOS Release 12.2S but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.2(22)S. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.
ONS 15530 and ONS 15540 Cisco IOS Software Features
The Cisco IOS software features that are supported for the Cisco ONS 15530 and Cisco ONS 15540 include the following ones:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
For more information about these and other features, see the Cisco ONS 15530 and Cisco ONS 15540: Cisco IOS Software Configuration Library at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s_22/fs_ons.htm
New Hardware Features in Cisco IOS Release 12.2(20)S6
There are no new hardware features in Cisco IOS Release 12.2(20)S6.
New Software Features in Cisco IOS Release 12.2(20)S6
This section describes new and changed features in Cisco IOS Release 12.2(20)S6. Some features may be new to Cisco IOS Release 12.2S but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.2(20)S6. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.
Cisco 7304 FPGA Upgrade Enhancements
In Cisco IOS Release 12.2(20)S6, some major enhancements were made to the Cisco 7304 FPGA upgrade process. The following enhancements were made:
•
•
•
•
•
•
For additional information on the Cisco 7304 FPGA upgrade process, see the Cisco 7304 FPGA Bundling and Update document.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121ex/121ex10/73fpga.htm
Cisco 7304 Shared Port Adapter Field Programmable Device show Command Updates
In this Cisco IOS Release, the show upgrade commands that are used to monitor SPA FPD behavior on the Cisco 7304 router (show upgrade file, show upgrade package default, show upgrade progress, and show upgrade table) have been changed to add the fpd keyword. The output previously generated with the aforementioned commands can now be generated by entering the appropriate show upgrade fpd command (show upgrade fpd file, show upgrade fpd package default, show upgrade fpd progress, and show upgrade fpd table).
For additional information on these commands and FPD in general, see the Cisco 7304 Router Modular Services Card and Shared Port Adapter Software Configuration Guide:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/73mscspa/mscspasw/index.htm
New Hardware Features in Cisco IOS Release 12.2(20)S5
There are no new hardware features in Cisco IOS Release 12.2(20)S5.
New Software Features in Cisco IOS Release 12.2(20)S5
This section describes new and changed features in Cisco IOS Release 12.2(20)S5. Some features may be new to Cisco IOS Release 12.2S but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.2(20)S5. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.
PXF Logical Interface Options on the Cisco 7304 Router Using an NSE-100
On the Cisco 7304 router using an NSE-100, the PXF processing path is enhanced in Cisco IOS Release 12.2(20)S5 to support up to 63 classes per QoS policy (previous IOS releases supported up to 23 classes per QoS policy).
The pxf max-logical-interfaces command is introduced as part of this feature. This command allows you to choose the number of PXF logical interfaces that you want to support on the router. There is a direct trade off between the number of supported PXF logical interfaces on the router and the number of supported QoS traffic classes per policy in PXF. You can configure the pxf max-logical-interfaces command by using either the 4k or 16k options. If the router is configured to support 4,096 PXF logical interfaces (with the pxf max-logical-interfaces 4k command), up to 63 QoS classes per policy can be supported in PXF. If the router is configured to support 16,384 logical interfaces (which is the default setting, or which can be restored by entering the pxf max-logical-interfaces 16k command), up to 23 QoS classes per policy can be supported in PXF.
The show max-logical-interfaces command is also introduced to show the selected number of PXF logical interfaces that is configured in both the running and startup configurations.
For additional information on this feature, see the PXF Logical Interface Options document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s20/pxflio.htm
FPGA Upgrade Prompt Options on the Cisco 7304 Router
In Cisco IOS Release 12.2(20)S5, the [no] upgrade fpga prompt command is introduced. This command enables and disables FPGA prompting when an FPGA incompatibility is detected. FPGA upgrading prompting is still enabled by default. If FPGA prompting is disabled (with the no upgrade fpga prompt command), an FPGA upgrade is automatically performed when an FPGA incompatibility is detected by the router.
For additional information about this command, see the FPGA Bundling and Update document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121ex/121ex10/73fpga.htm
New Hardware Features in Cisco IOS Release 12.2(20)S3
This section describes new and changed features in Cisco IOS Release 12.2(20)S3. Some features may be new to Cisco IOS Release 12.2S but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.2(20)S3. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.
Cisco CWDM SFP Support for the NPE-G100
Supported platform: Cisco 7304
The SFP ports on the NPE-G100 processor of the Cisco 7304 router now supports the following Coarse Wavelength Division Multiplexing (CWDM) Small Form-Factor Pluggable (SFP) modules:
•
•
•
•
•
•
•
•
New Software Features in Cisco IOS Release 12.2(20)S3
This section describes new and changed features in Cisco IOS Release 12.2(20)S3. Some features may be new to Cisco IOS Release 12.2S but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.2(20)S3. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.
Stateful Switchover and Nonstop Forwarding Support for Cisco 7304 Routers using the MSC-100
Supported platform: Cisco 7304
The Stateful Switchover (SSO) and Nonstop Forwarding (NSF) features are now available for the Cisco 7304 routers configured with an MSC-100 populated with SPAs.
In specific Cisco networking devices that support dual RPs, SSO takes advantage of RP redundancy to increase network availability. The SSO feature takes advantage of RP redundancy by establishing one of the RPs as the active processor while the other RP is designated as the standby processor, and then synchronizing critical state information between them.
SSO is used with the Cisco NSF feature. Cisco NSF allows for the forwarding of data packets to continue along known routes while the routing protocol information is being restored following a switchover.
Stateful Switchover and Nonstop Forwarding Support for Cisco 7304 Routers using the PCI Port Adapter Carrier Card
Supported platform: Cisco 7304
The Stateful Switchover (SSO) and Nonstop Forwarding (NSF) features are now available for the Cisco 7304 routers configured with a PCI Port Adapter Carrier Card populated with a port adapter.
In specific Cisco networking devices that support dual RPs, SSO takes advantage of RP redundancy to increase network availability. The SSO feature takes advantage of RP redundancy by establishing one of the RPs as the active processor while the other RP is designated as the standby processor, and then synchronizing critical state information between them.
SSO is used with the Cisco NSF feature. Cisco NSF allows for the forwarding of data packets to continue along known routes while the routing protocol information is being restored following a switchover.
New Hardware Features in Cisco IOS Release 12.2(20)S2
This section describes new and changed features in Cisco IOS Release 12.2(20)S2. Some features may be new to Cisco IOS Release 12.2S but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.2(20)S2. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.
4-Port 10/100 Fast Ethernet Shared Port Adapter
Supported platform: Cisco 7304
The 4-port 10/100 Fast Ethernet shared port adapter (SPA) (7304-4FE-SPA) provides four 10/100 Fast Ethernet ports for the Cisco 7304. SPAs are half-height interface line cards that provide additional physical interfaces to the Cisco 7304 when inserted into Modular Services Cards (MSCs), assuming that the SPA is supported by the MSC. MSCs are jacket cards in which multiple SPAs can be inserted. An MSC fits into a line card slot.
For additional information on the 4-port 10/100 Fast Ethernet shared port adapter for the Cisco 7304, see the following documents:
•
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/73mscspa/mscspahw/index.htm
•
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/73mscspa/mscspasw/index.htm
2-Port 10/100/1000 Gigabit Ethernet Shared Port Adapter
Supported platform: Cisco 7304
The 2-port 10/100/1000 Gigabit Ethernet shared port adapter (SPA) provides two 10/100/1000 Ethernet/Fast Ethernet/Gigabit Ethernet ports for the Cisco 7304. SPAs are half-height interface line cards that provide additional physical interfaces to the Cisco 7304 router when inserted into Modular Services Cards (MSCs), assuming that the SPA is supported by the MSC. MSCs are jacket cards in which multiple SPAs can be inserted. An MSC fits into a line card slot.
For additional information on the SPA-2GE-7304 for the Cisco 7304 router, see the following documents:
•
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/73mscspa/mscspahw/index.htm
•
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/73mscspa/mscspasw/index.htm
Modular Services Card 100
Supported platform: Cisco 7304
The Modular Services Card 100 (MSC-100) enables support for Cisco shared port adapters (SPAs) on the Cisco 7304. The MSC-100 is a jacket card that is designed to accept two supported half-height SPAs in one line card slot of the Cisco 7304 chassis. For additional information on the MSC-100, see the following documents:
•
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/73mscspa/mscspahw/index.htm
•
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/73mscspa/mscspasw/index.htm
New Software Features in Cisco IOS Release 12.2(20)S2
There are no new software features in Cisco IOS Release 12.2(20)S2.
New Hardware Features in Cisco IOS Release 12.2(20)S
There are no new hardware features in Cisco IOS Release 12.2(20)S.
New Software Features in Cisco IOS Release 12.2(20)S
This section describes new and changed features in Cisco IOS Release 12.2(20)S. Some features may be new to Cisco IOS Release 12.2S but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.2(20)S. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.
Enhanced Management of the Cisco 7304 Router, Phase 1
The Enhanced Management of the Cisco 7304 Router, Phase 1 feature enables you to:
•
•
•
Other benefits include the following:
•
•
•
•
•
Supported Cisco 7304 Modules
The following Cisco 7304 network processing engines, line cards, and port adapters are supported:
•
•
•
•
•
•
•
•
•
•
•
•
•
Cisco 7304 MIB Enhancements
In Cisco IOS Release 12.2S, the Cisco 7304 supports the following MIBs:
•
•
•
•
•
•
•
•
•
Further Information
For further information about the Enhanced Management of the Cisco 7304 Router, Phase 1 feature, see the Cisco 7304 Router MIB Specifications Guide at the following location:
Frame Relay Discard Eligibility Bit Marking (PXF Based)
The ability to mark Frame Relay Discard Eligibility (DE) bits via the set fr-de command is now available in the Parallel Express Forwarding (PXF) processing path on the Cisco 7304 router.
The DE bit in the address field of a Frame Relay frame is used as a method for prioritizing the discarding of frames in congested Frame Relay networks. The Frame Relay DE bit has only two settings, 0 or 1. If congestion occurs in a Frame Relay network, frames with the DE bit set to 1 are discarded before frames with the DE bit set to 0. Therefore, important traffic should have the DE bit set to 0, and less important traffic should be forwarded with the DE bit set to 1.
The default DE bit setting is 0. The Class-Based Packet Marking feature allows users to change the DE bit setting to 1 for various traffic, giving users the option of keeping the default value of 0 or changing the value to 1. Users can therefore use Frame Relay DE bit marking to prioritize frames in a Frame Relay network.
For additional information on this and other PXF features, see the "PXF Features" section in the Cisco 7304 Troubleshooting and Configuration Notes document at the following location:
/en/US/docs/routers/7300/troubleshooting/7304_troubleshooting_guides/1270note.html#65935
For general, non-PXF specific information on this feature, see the Class-Based Marking document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/cbpmark2.htm
Generic Routing Encapsulation Tunnel IP Source and Destination VRF Membership (PXF Based)
The Generic Routing Encapsulation Tunnel IP Source and Destination VRF Membership (PXF Based) feature enables users to specify the Virtual Private Network (VPN) routing/forwarding (VRF) membership of a generic routing encapsulation (GRE) tunnel IP source and destination in the Parallel Express Forwarding (PXF) processing path for the Cisco 7304 router. Before the introduction of this feature, the VRF tunnel interface required the global route to the tunnel destination to remain up. This feature removes this restriction.
For additional information on this and other PXF features, see the "PXF Features" section in the Cisco 7304 Troubleshooting and Configuration Notes document at the following location:
/en/US/docs/routers/7300/troubleshooting/7304_troubleshooting_guides/1270note.html#65935
Hierarchical Aggregate Ingress Policing (PXF Based)
Hierarchical Aggregate Ingress Policing support is now available in the Parallel Express Forwarding (PXF) processing path on the Cisco 7304 router.
Hierarchical Aggregate Ingress Policing enables users to first police the aggregate default traffic and then police (via marking) the traffic that belongs to each nested traffic class.
In a Hierarchical Aggregate Ingress Policing configuration, the child policy map can have up to 23 user-defined classes, and the service policy that contains the child policy can be configured only on the default traffic class.
For additional information on this and other PXF features, see the "PXF Features" section in the Cisco 7304 Troubleshooting and Configuration Notes document at the following location:
/en/US/docs/routers/7300/troubleshooting/7304_troubleshooting_guides/1270note.html#65935
Interface Queueing for Subinterfaces (PXF Based)
The Interface Queueing for Subinterfaces feature is now available in the Parallel Express Forwarding (PXF) processing path for the Cisco 7304 router.
The Port Level Queueing for Subinterfaces feature allows port-level quality of service (QoS) configurations to be applied to 802.1q subinterfaces and data-link connection identifiers (DLCIs). QoS features can still be applied specifically to 802.1q subinterfaces and DLCIs, and the QoS configurations on the 802.1q subinterfaces and DLCIs will always take precedence over the port-level QoS configurations when the 802.1q subinterfaces or DLCI configurations conflict with the port-level QoS configurations.
For additional information on this and other PXF features, see the "PXF Features" section in the Cisco 7304 Troubleshooting and Configuration Notes document at the following location:
/en/US/docs/routers/7300/troubleshooting/7304_troubleshooting_guides/1270note.html#65935
MQC Hierarchical Service-Policy Map Infrastructure (PXF Based)
The MQC Hierarchical Service-Policy Map Infrastructure feature introduces hierarchical service policies that do not require a default class at the parent level in the Parallel Express Forwarding (PXF) processing path on the Cisco 7304 router. A user can now define multiple class queues with multiple classes of traffic feeding into each class queue.
For additional information on this and other PXF features, see the "PXF Features" section in the Cisco 7304 Troubleshooting and Configuration Notes document at the following location:
/en/US/docs/routers/7300/troubleshooting/7304_troubleshooting_guides/1270note.html#65935
MQC Match and Set QoS Group (PXF Based)
Quality of Service (QoS) group matching and setting are now available in the Parallel Express Forwarding (PXF) processing path on the Cisco 7304 router.
Marking a packet with a local QoS group value allows users to identify a group ID with a packet. The group ID can be used to classify packets into QoS groups based on prefix, autonomous system, and community string. This QoS group marking can be used only to classify traffic within a single router and cannot, therefore, be used to mark packets leaving the router. For this reason, QoS group values cannot be applied on output traffic policies (which are attached to interfaces that are configured with the service-policy output command).
The QoS group value is usually used for one of the two following reasons:
•
•
For additional information on this and other PXF features, see the "PXF Features" section in the Cisco 7304 Troubleshooting and Configuration Notes document at the following location:
/en/US/docs/routers/7300/troubleshooting/7304_troubleshooting_guides/1270note.html#65935
For general, non-PXF specific information on this feature, see the Class-Based Marking document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/cbpmark2.htm
NetFlow Export of BGP Next Hop Propagation (PXF Based)
The NetFlow Export of BGP Next Hop Propagation feature is now available in the Parallel Express Forwarding (PXF) processing path for the Cisco 7304 router.
The BGP Next Hop Propagation feature provides additional flexibility when designing and migrating networks. The BGP Next Hop Propagation feature allows a route reflector to modify the next hop attribute for a reflected route and allows Border Gateway Protocol (BGP) to send an update to an external BGP (eBGP) multihop peer with the next hop attribute unchanged.
For additional information on this and other PXF features, see the "PXF Features" section in the Cisco 7304 Troubleshooting and Configuration Notes document at the following location:
/en/US/docs/routers/7300/troubleshooting/7304_troubleshooting_guides/1270note.html#65935
For general, non-PXF specific information about the NetFlow Export of BGP Next Hop Information feature, see the BGP Next Hop Propagation document at the following location:
http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fs_bgpnh.html
Nonstop Forwarding (NSF) with Stateful Switchover (SSO)
Cisco IOS Release 12.2(18)S introduced the Nonstop Forwarding (NSF) with Stateful Switchover (SSO) feature for the Cisco 7500 series. Release 12.2(20)S introduces support for this feature for the Cisco 7304 router.
For detailed information about this feature, see the following Cisco documents:
•
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s20/fsnsf20s.htm
•
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s20/fssso20s.htm
Route Processor Redundancy Plus (RPR+)
Cisco IOS Release 12.2(14)S introduced the Route Processor Redundancy Plus (RPR+) feature for the Cisco 7500 series. Release 12.2(20)S introduces support for the Route Processor Redundancy Plus (RPR+) feature for the Cisco 7304 router.
The RPR+ and Stateful Switchover (SSO) redundancy modes, along with Route Processor Redundancy (RPR), Fast Software Upgrade (FSU), and online insertion and removal (OIR) of Route Processors (RPs), comprise the Cisco 7304 Route Processor High Availability feature.
A benefit of operating in RPR+ or SSO mode is that the standby RP boots up completely and switches over in a short period of time, usually 4 to 5 seconds in the case of RPR+ and in under 1 second in the case of SSO. The fast switchover is achieved in part because line cards are not reset across the switchover. In addition, the running configuration and the startup configuration are synchronized from the active RP to the standby RP.
For more information on the Route Processor Redundancy Plus (RPR+) feature on the Cisco 7304 router, see the Cisco 7300 Series High Availability NSE Redundancy document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121ex/121ex10/12e_rpr.htm
Service Assurance Agent (SAA) MPLS VPN Operation
The Service Assurance Agent (SAA) MPLS VPN Operation feature is supported on the Network Services Engine 100 (NSE-100) and the Network Processing Engine G-100 (NPE-G100) on the Cisco 7304 router. The feature is not supported in the Parallel Express Forwarding (PXF) processing path on the Cisco 7304 router. For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ft1csaa.htm
Service Assurance Agent (SAA) Path Jitter Operation
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ft1csaa.htm
New Hardware Features in Cisco IOS Release 12.2(18)S
This section describes new and changed features in Cisco IOS Release 12.2(18)S. Some features may be new to Cisco IOS Release 12.2S but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.2(18)S. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.
Cisco 7300 Series
The Cisco 7300 series includes the following two routers.
Cisco 7301 Router
The Cisco 7301 router is optimized for flexible, feature rich IP/MPLS services at the customer network edge, where service providers and enterprises link together. The Cisco 7301 router can be used for enterprise campus or Internet gateway applications, or it can be deployed by service providers as a high-end customer premises equipment (CPE) router for managed service offerings. Other applications for the Cisco 7301 router include service provider broadband aggregation and metro Ethernet CPE applications.
The compact Cisco 7301 router is the industry's highest performance single rack unit router, capable of processing million packets per second. With three built-in Gigabit Ethernet interfaces (copper or optical) and a single slot for any Cisco 7000 series port adapter, the Cisco 7301 router is highly flexible for a variety of applications. For broadband aggregation, the Cisco 7301 router also supports up to 16,000 subscribers sessions, making it ideal for pay-as-you-grow broadband deployment models.
For more information about the Cisco 7301 router, see the Cisco documents at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/7301/index.htm
Cisco 7304 Router
The compact, modular Cisco 7304 router is designed for the network edge, where high-performance IP/Multiprotocol Label Switching (MPLS) services are required to enable profitability, service differentiation, and business agility. The Cisco 7304 router is the most compact (4RU) routing system in the industry to offer route processor redundancy coupled with a comprehensive set of interfaces from DS-1 to OC-48/STM-16 to Gigabit Ethernet. The Cisco 7304 router supports two network processors designed to meet the widest variety of network requirements. The Network Service Engine 100 (NSE-100), with two built-in Gigabit Ethernet interfaces, delivers uncompromising feature acceleration using Cisco's innovative Adaptive Network Processing (ANP) technology—ideal for high-performance carrier service delivery. The Network Processing Engine G-100 (NPE-G100), with three built-in Gigabit/Fast Ethernet interfaces, offers high-performance, flexible support for the most comprehensive set of Cisco IOS features.
For more information about the Cisco 7304 router, see the Cisco documents at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/
Cisco 7304 Router Line Cards
The Cisco 7304 router supports the following line cards:
•
•
•
•
•
•
•
For more information about the Cisco 7304 router line cards, see the Cisco documents at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/linecard/index.htm
Cisco 7304 Router Port Adapters
The Cisco 7304 router supports Cisco 7000 series port adapters in conjunction with the 7300-CC-PA carrier card. For information about the supported port adapters, see Table 3 and see the Cisco documents at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/portad/index.htm
2-Port Packet over SONET OC3c/STM1 Port Adapter
Supported platforms: Cisco 7200 VXR routers, Cisco 7300 series, Cisco 7400 series, Cisco 7500 series
The 2-port Packet over SONET OC3c/STM1 port adapter (PA-POS-2OC3) provides two Packet-over-SONET (POS) ports in a single port adapter slot. The two ports function either as dual independent OC-3c/STM1 ports or as a single port with automatic protection switching (APS). The PA-POS-2OC3 is used as a direct connection between the supported router or switch and external networks.
The PA-POS-2OC3 installs into a single port adapter slot on the Cisco7204VXR, Cisco 7206VXR, Cisco 7301, and Cisco 7401ASR router, on the Cisco 7500 series, and on the Cisco 7304 PCI Port Adapter Carrier Card in a Cisco 7304 router.
For more information about the PA-POS-2OC3, see the Cisco documents at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/7200vx/portadpt/sonet_pa/3028_2oc/index.htm
New Software Features in Cisco IOS Release 12.2(18)S
This section describes new and changed features in Cisco IOS Release 12.2(18)S. Some features may be new to Cisco IOS Release 12.2S but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.2(18)S. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.
ACL Performance Enhancement
Supported platforms: Cisco 7200 series, Cisco 7300 series, Cisco 7500 series
An IP access control list (ACL) is a Cisco IOS software feature that allows an administrator to configure a network to permit and deny packets based on a set of ACL entries, thus improving security and control within a network. These lists contain entries that are searched sequentially for matches among certain fields in Layer 3 and Layer 4 packet headers.
Before Cisco IOS Release 12.2(18)S, ACL entries were sequentially configured and stored. This implementation caused the first match in a search to be the first ACL entry in a given list, not the entry that provided the best match. Although this implementation was straightforward and logical, it did not scale well with the number of ACL entries in an ACL.
Release 12.2(18)S implements ACLs using hierarchical radix tries (sometimes called multilevel tries, backtracking tries, or tries-of-tries) to improve matching performance. Individual tries are made for the source prefix and the destination prefix, with additional ACL entry information such as TCP ports, TCP flags, and time ranges being held at the nodes. Cisco IOS software performs a best match lookup for the given set of prefixes. This new implementation is an internal improvement that supports all existing functionality, and the sequential searching properties that cause ACLs to check the entries from start to end and stop searching for a match as soon as one is found are still valid.
The benefits of this implementation of ACLs using hierarchical radix tries are as follows:
•
•
•
ARP Optimization
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s22/arpoptim.htm
AutoSecure
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123_1/ftatosec.htm
BGP CLI Troubleshooting Commands
For detailed information about this feature (which is also known as the BGP Standard Usage of CLI Troubleshooting Commands feature), see the Implementing Multiprotocol BGP for IPv6 document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/ipv6_c/sa_bgpv6.htm
The Cisco IOS IPv6 Configuration Library is available at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/ipv6_c/index.htm
BGP Configuration Using Peer Templates
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s24/s_bgpct.htm
BGP Convergence Optimization
Supported platforms: Cisco 7200 series, Cisco 7300 series, Cisco 7500 series
The BGP Convergence Optimization feature introduces a new algorithm for update generation that reduces the amount of time that is required for Border Gateway Protocol (BGP) convergence. Neighbor update messages are optimized before they are forwarded to neighbors. Updates are optimized and forwarded based on peer groups and per-individual neighbors. This enhancement improves BGP convergence, router boot time, and transient memory usage. This enhancement is not user configurable.
Note
BGP Cost Community
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s24/s_bgpcc.htm
BGP Dynamic Update Peer-Groups
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s24/s_bgpdpg.htm
BGP Increased Support of Numbered AS-Path Access Lists to 500
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t15/ftiaaspa.htm
BGP Restart Session After Max-Prefix Limit
For detailed information about this feature (which is also known as the BGP Restart Neighbor Session After max-prefix Limit Reached feature), see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t15/ftbrsamp.htm
BGP Route-Map Continue
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_2/gt_brmcs.htm
BGP Route-Map Policy List Support
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t15/ftbgprpl.htm
Cisco 7304 Software Features
The following features were ported from other Cisco IOS releases and are now supported in Cisco IOS Release 12.2(18)S and later releases for the Cisco 7304 router.
ACL Accounting Enhancements
The Access Control List Accounting feature keeps internal statistics and reports so network managers can ascertain which access control lists (ACLs) have been tested. This knowledge provides network managers with an understanding of how intruders are attempting to enter their enterprise networks. ACL accounting provides source and destination address information, source and destination port numbers, and packet counts. Use the show ip access-lists [access-list-number | name] command to view how many times a particular ACL has permitted or denied packets. For example:
Router#show ip access-lists source_only
Extended IP access list source_only (Compiled)
permit udp host 1.1.1.3 eq snmp host 2.1.1.3 (994598 matches)
permit udp host 1.1.1.3 eq snmptrap host 2.1.1.3 (994598 matches)
permit udp host 1.1.1.3 eq domain host 2.1.1.3 (994598 matches)
permit udp host 1.1.1.3 eq bootps host 2.1.1.3 (994598 matches)
.
.
.Cisco 7304 Router High Availability NSE Redundancy
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121ex/121ex10/12e_rpr.htm
Cisco 7304 Router Platform-Specific Commands
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/12e_73x.htm
Cisco 7304 Router Power-On Diagnostics
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121ex/121ex10/12ediag.htm
FPGA Bundling and Update
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121ex/121ex10/73fpga.htm
IPv6 Multicast: Multicast Listener Discovery (MLD) Protocol
For detailed information about this feature, see the "Information About IPv6 Multicast" section in the Implementing IPv6 Multicast document:
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-multicast.html
IPv6 Multicast: PIM Source-Specific Multicast (PIM-SSM)
For detailed information about this feature, see the "Information About IPv6 Multicast" section in the Implementing IPv6 Multicast document:
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-multicast.html
IPv6 Multicast: PIM Sparse Mode (PIM-SM)
For detailed information about this feature, see the "Information About IPv6 Multicast" section in the Implementing IPv6 Multicast document:
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-multicast.html
IPv6 Multicast: Scope Boundaries
For detailed information about this feature, see the "Information About IPv6 Multicast" section in the Implementing IPv6 Multicast document:
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-multicast.html
Pv6 Routing: IS-IS Multitopology Support for IPv6
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/ipv6_c/sa_isis6.htm
IPv6 Routing: OSPF for IPv6 (OSPFv3)
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/ipv6_c/sa_ospf3.htm
MPLS AToM—Ethernet over MPLS
In Cisco IOS Release 12.2(18)S, this feature is introduced for the Cisco 7304 router. For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122sz/12214sz/eompls.htm
MPLS Traffic Engineering
Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) enables an MPLS backbone to replicate and expand upon the TE capabilities of Layer 2 ATM and Frame Relay networks.
TE is essential for service provider and Internet service provider (ISP) backbones. Such backbones must support a high use of transmission capacity, and the networks must be very resilient, so that they can withstand link or node failures.
MPLS TE provides an integrated approach to traffic engineering. With MPLS, TE capabilities are integrated into Layer 3, which optimizes the routing of IP traffic, given the constraints imposed by backbone capacity and topology.
MPLS TE routes traffic flows across a network based on the resources the traffic flow requires and the resources available in the network.
MPLS TE employs "constraint-based routing," in which the path for a traffic flow is the shortest path that meets the resource requirements (constraints) of the traffic flow. In MPLS TE, the flow has bandwidth requirements, media requirements, a priority over other flows, and so on.
MPLS TE gracefully recovers to link or node failures that change the topology of the backbone by adapting to the new set of constraints.
In Cisco IOS Release 12.2(18)S, the following MPLS TE features are introduced. This list also notes the features that were introduced in the Parallel Express Forwarding (PXF) switching path:
•
•
•
Allows a router to balance traffic engineering traffic over multiple traffic engineering tunnels.
•
Automatically resizes a tunnel based on the tunnel's utilization. Automatic Bandwidth Adjustment decides whether to resize a tunnel at a specified collection frequency. The frequency is the number of seconds between samples of the tunnel output rate.
•
An MPLS TE tunnel where the tunnel-head and the tunnel-tail routers are connected back to back is referred to as a 1-hop tunnel. In the 1-hop tunnel, the label switched path (LSP) terminates at the next hop. 1-hop MPLS TE tunnels are supported in PXF.
•
•
The MPLS Traffic Engineering Auto Route Calculation is used to instruct the Interior Gateway Protocol to use a tunnel in it's shortest path first (SPF)/next-hop calculation if the tunnel is up.
•
The ability to include and exclude given explicit IP addresses during LSP setup.
•
The affinity bits are an MPLS label distribution tunnel's requirements on the attributes of the links the tunnel will cross. The tunnel's affinity bits and affinity mask must match up with the attributes of the various links carrying the tunnel.
For sample MPLS TE configurations, see the Cisco 7304 Troubleshooting and Configuration Notes document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/trouble/1270note.htm
NSE-100 Hardware MAC Address Filtering
Each native Gigabit Ethernet port on the Network Service Engine 100 (NSE-100) can support up to 64 hardware MAC addresses. The MAC addressees of each port are stored in a hardware MAC address filtering table. With two NSE-100s installed, the Cisco 7304 router chassis can support up to four native Gigabit Ethernet ports and a total of 256 MAC address entries.
POS Alarm Trigger Delay
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121ex/121ex12c/e_posde.htm
PXF features
The Cisco 7304 router has a Parallel Express Forwarding (PXF) processor tot speed up the processing of various features that are supported in the PXF processing path. For a comprehensive list of the features that are supported in PXF on the Cisco 7304 and other information about PXF support, see the Cisco 7304 Router Troubleshooting and Configuration Notes document at the following location:
/en/US/docs/routers/7300/troubleshooting/7304_troubleshooting_guides/1270note.html#65935
show redundancy Command Enhancements
The show redundancy command has been enhanced to include the following outputs: Operating mode, system up time, active up time, and the number of standby failures.
T3 Bit Error Rate Testing
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121ex/121ex12c/e_t3bert.htm
T3 Maintenance Data Link Messages
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121ex/121ex13/e_t3mdl.htm
Unicast Reverse Path Forwarding
The Unicast Reverse Path Forwarding (RPF) feature helps to mitigate difficulties that are caused by the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a verifiable IP source address. For example, a number of common types of denial-of-service (DoS) attacks can take advantage of forged or rapidly changing source IP addresses to allow attackers to thwart efforts to locate or filter the attacks. RPF deflects such attacks by forwarding only packets that have source addresses that are valid and consistent with the IP routing table. This action protects the network of the Internet service provider (ISP), its customer, and the rest of the Internet.
On the Cisco 7304 router, the following configuration options are available for RPF:
•
The ip verify unicast reverse-path command configures RPF verification on an interface. In this configuration, the router checks to make sure that the source address appears in the routing table and matches the interface on which the packet was received. If the source address of the packet does not match the interface on which the packet was received, the packet is dropped if no access list is specified or filtered by the access list if an access list is specified in the command line. An access list is specified for packets failing the RPF by specifying a previously configured access list number using the list option in the command line.
A hole exists in the verification check to allow the router to ping it's own interface. This hole could be exploited by attackers to spoof packets and attack the router. To prevent this type of DoS attack, the allow-self-ping option has to be configured for a router to ping it's own interface.
•
The ip verify unicast source reachable-via any command configures RPF to accept the incoming packet if the source IP address exists in the router's Forwarding Information Base (FIB), while the ip verify unicast source reachable-via rx command configures RPF to insure the source IP address is reachable via the interface on which the packet was received. The allow-default option is used to signal that RPF can lookup the default route on a router and use if for RPF verification.
The show c7300 pxf accounting command can be used to show the number of packets dropped on account of a failed RFP check, and the show c7300 pxf interface all command will show the RPF Verification Drops (the packets dropped by RPF check) and RPF Suppressed Drops (the packets dropped by RPF but permitted by the configured access list.) The show ip access-list command will show the number of packets dropped by RPF and permitted or denied by the configured access list.
Control Plane Policing
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s18/gtrtlimt.htm
EIGRP NonStop Forwarding Support
Supported platforms: Cisco 7500 series
The EIGRP NonStop Forwarding Support feature introduces Cisco Nonstop Forwarding (NSF) Stateful Switchover (SSO) support on Cisco 7500 series routers that are running Enhanced Interior Gateway Routing Protocol (EIGRP). Cisco NSF SSO support allows the forwarding of data packets to continue along known routes while the routing protocol information is being restored following a switchover. With Cisco NSF, peer networking devices do not experience routing flaps, which reduces loss of service outages for customers. This capability allows the EIGRP peers of the failing router to retain the routing information that is advertised by the failing router and continue to use this information until the failed router has returned to normal operating behavior and is able to exchange routing information. The peering session is maintained throughout the entire NSF operation.
The following commands have been introduced on the Cisco 7500 series routers to support NSF SSO. These commands are enabled in router configuration mode under an EIGRP routing process.
•
The nsf command enables Cisco NSF SSO operation. Use the no form of this command to disable NSF SSO operation. This command can be issued only on NSF-capable routers, such as Cisco 7500 series routers.
•
The timers nsf signal command is used to adjust the maximum time of the initial restart period. During this time period the restarting router receives updates from peers. When this timer expires, a Routing Information Base (RIB) convergence notification is sent to peer routers. This command can be issued only on NSF-capable routers, such as Cisco 7500 series routers.
•
The timers nsf converge command is used by the NSF-aware peer to adjust the maximum time that the router will wait for the convergent signal from the restarting router. This is a watchdog timer used in case the NSF-aware peer does not receive the end-of-table indication from the restarting neighbor. When this timer expires, the peer will scan its topology table looking for the stale routes from the restarting neighbor and then go active on them. This command can be issued only on NSF-capable routers, such as Cisco 7500 series routers.
•
The timers nsf route-hold command sets the maximum period of time that the NSF-aware router will hold known routes for an NSF-capable neighbor during a switchover operation or a well-known failure condition. The route-hold timer is configurable so that you can tune network performance and avoid undesired effects, such as "black holing" routes if the switchover operation takes too much time. When this timer expires, the NSF-aware router scans the topology table and discards any stale routes, allowing EIGRP peers to find alternate routes instead of waiting during a long switchover operation. This command can be issued on NSF-capable or NSF-aware routers.
•
The output from the debug eigrp nsf command displays NSF-specific events. This command can be issued on NSF-capable or NSF-aware routers.
For more information about EIGRP NSF awareness and support, see the EIGRP NonStop Forwarding Awareness document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t15/ft_ensf.htm
For more information about NSF SSO support, see the Stateful Switchover document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s20/fssso20s.htm
GLBP MD5 Authentication
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_2/gtglbpau.htm
Hot Standby MAC Address
The Hot Standby MAC Address (HSMA) feature achieves redundancy and fault tolerance and avoids a single point of failure of Cisco Channel Interface Processors (CIPs) or Channel Port Adapters (CPAs). This feature also ensures that multiple devices on the Ethernet can have a common MAC address.
See the following document for further information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123_1/ft_hsma.htm
Image Verification
For detailed information about this feature, see the following Cisco document:
Implementing OSPF for IPv6
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ipv6/ipv6imp/sa_ospf3.htm
The Cisco IOS IPv6 Configuration Library is available at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ipv6_vgf.htm
Integrated IS-IS Multi-Topology Support for IPv6
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/12_2t/release/notes/122TNEWF.html
The Cisco IOS IPv6 Configuration Library is available at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ipv6_vgf.htm
ip dhcp-client default-router distance Command
Previous to Cisco IOS Release 12.2(18)S, Dynamic Host Configuration Protocol (DHCP) originated default routes that always had an administrative distance of 254. This distance allowed a metric of 255 as a backup route, but some routing protocols would interpret 255 as route unavailable. You can now configure the default administrative distance with the new ip dhcp-client default-router distance value command. For detailed information about this command, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_dhc1.html#wp1033167
IPv6 Multicast
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/12_2t/release/notes/122TNEWF.html
The Cisco IOS IPv6 Configuration Library is available at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ipv6_vgf.htm
IS-IS Incremental Shortest Path First (i-SPF) Support
For detailed information about this feature (which is also known as the IS-IS Incremental SPF feature), see the following Cisco document:
http://www.cisco.com/univercd/td/doc/product/software/ios120/120newft/120limit/120s/120s24/isisispf.htm
IS-IS Limit on Number of Redistributed Routes
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s25/
fsiredis.htmIS-IS Mechanisms to Exclude Connected IP Prefixes from LSP Advertisements
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s22/fsisiadv.htm
IS-IS Support for a Redistribution Limit of Maximum Prefixes Imported
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s25/fsiredis.htm
IS-IS Support for IP Route Tags
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_2/gtisitag.htm
Memory Threshold Notifications
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s18/fs_memnt.htm
MPLS - Interfaces MIB Enhancements
For detailed information about this feature (which is also known as the MPLS Enhancements to Interfaces MIB feature), see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s18/fsimib_3.htm
MPLS - LDP MIB Version 08 Upgrade
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s18/fsldp8_3.htm
MPLS Traffic Engineering Forwarding Adjacency
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s18/fstefa_3.htm
MPLS Traffic Engineering (TE)—Interarea Tunnels
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s18/fsiarea3.htm
MPLS VPN Support for EIGRP Between Provider Edge and Customer Edge
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t15/fteipece.htm
NetFlow Export of BGP Next Hop Information
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123_1/nfbgpnxt.htm
NetFlow Export Version 9 Support
For detailed information about this feature (which is also known as the NetFlow v9 Export Format feature), see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/nfexpfv9.html
NetFlow Multicast Support
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123_1/nfmultic.htm
Nonstop Forwarding (NSF) with Stateful Switchover (SSO)
For detailed information about this feature, see the following Cisco documents:
•
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s20/fsnsf20s.htm
•
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s20/fssso20s.htm
OSPF Forwarding Address Suppression in Translated Type-5 LSAs
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t15/ftoadsup.htm
OSPF Incremental Shortest Path First (i-SPF) Support
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s24/ospfispf.htm
OSPF Inbound Filtering Using Route Maps with a Distribute List
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s24/routmap.htm
OSPF Support for a Redistribution Limit of Maximum Prefixes Imported
For detailed information about this feature (which is also known as the OSPF Limit on Number of Redistributed Routes feature), see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s25/fsoredis.htm
OSPF Support for Fast Hellos
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s23/fasthelo.htm
OSPF Support for Link State Advertisement (LSA) Throttling
For detailed information about this feature (which is also known as the OSPF Link-State Advertisement [LSA] Throttling feature), see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s25/fsolsath.htm
QA Error Recovery for the Cisco 7500 Series
Supported platform: Cisco 7500 series
The QA Error Recovery for the Cisco 7500 feature helps a networking device to recover quickly from difficulties that are known as QAERRORs. These QAERRORs can be caused by hardware or software conditions. When a QAERROR occurs, a fully loaded networking device can pause up to five minutes (300 seconds) while it tries to recover from the difficulties. With QA error recovery enabled, the time that a networking device pauses can be a short as one second.
In Cisco IOS Release 12.2S, the QA Error Recovery for the Cisco 7500 feature is enabled by default.
You can tell that recovery from an error was successful because a message that reports a successful recovery appears on the console screen. In addition, the number of QAERROR recoveries is displayed in the output of the show controllers cbus privileged EXEC command.
The following example shows the output of the console or show logs when the QAERROR occurs. Although the example indicates both the point at which the feature attempts to recover from the QAERROR and the point at which the networking device recovers from the error, the networking device may display many additional messages that can help service technicians to diagnose the actual cause of the difficulties.
%QA-3-DIAG:Trying to recover from QA ERROR.
%QA-3-DIAG:Removing buffer header 0xE360 from all queues
%QA-3-DIAG:Buffer 0xE360 is element 155 on queue 0x2E
%QA-3-DIAG:Queue 0x2E (48000170) has 154 elements
%QA-3-DIAG:Buffer 0xE360 is element 1 on queue 0x340
%QA-3-DIAG:Queue 0x340 (48001A00) has 0 elements
%QA-3-DIAG:At least one QA queue is broken
%QA-3-DIAG:Recovered from QA ERRORThe following example shows the relevant QA error recovery output of the show controllers cbus privileged EXEC command:
Router# show controllers cbus
MEMD at E0000000, 8388608 bytes (unused 1565056, recarves 5, lost/qaerror recoveries 0/0)
.
.
.To disable QAERROR recovery on the networking device, enter the no version of the hw-module main-cpu qaerror-recovery-enable global configuration command:
no hw-module main-cpu qaerror-recovery-enable
Random Sampled NetFlow
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_2/nfstatsa.htm
Router Security Audit Logs
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s18/gtaudlog.htm
SNMPv3 Community MIB Support
Supported platforms: Cisco 7200 series, Cisco 7300 series, Cisco 7500 series
The SNMPv3 Community MIB Support feature implements support for the SNMP Community MIB (SNMP-COMMUNITY-MIB) module, defined in RFC 2576, in Cisco IOS software.
The SNMPv1/v2c Message Processing Model and Security Model require mappings between parameters used in SNMPv1 and SNMPv2c messages and the version-independent parameters used in the Simple Network Management Protocol (SNMP) architecture. The SNMP Community MIB contains objects for mapping between these community strings and version-independent SNMP message parameters.
The mapped parameters consist of the SNMPv1/v2c community name and the SNMP securityName and contextEngineID/contextName pair. This MIB provides mappings in both directions; that is, a community name may be mapped to a securityName, contextEngineID, and contextName, or the combination of securityName, contextEngineID, and contextName may be mapped to a community name. This MIB also augments the snmpTargetAddrTable with a transport address mask value and a maximum message size value.
For implementation details, see the SNMP-COMMUNITY-MIB.my file, available through Cisco.com at http://tools.cisco.com/ITDIT/MIBS/servlet/index.
Source Specific Multicast (SSM) Mapping
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_2/gtssmma.htm
SSO support for Community MIB, Notification MIB, Notification Log MIB, and Entity FRU Control MIB
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s18/ssomibs2.htm
Warm Reload
For detailed information about this feature, see the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_2/gtwrmrbt.htm
New Hardware Features in Cisco IOS Release 12.2(14)S
This section describes new and changed features in Cisco IOS Release 12.2(14)S. Some features may be new to Cisco IOS Release 12.2S but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.2(14)S. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.
Cisco 7200-I/O-GE+E and Cisco 7200-I/O-2FE/E Input/Output Controllers
Supported platform: Cisco 7200 VXR routers
Cisco IOS Release 12.2(14)S supports two new variants of the Cisco 7200 I/O card:
•
•
For more information about the Cisco 7200-I/O-GE+E and Cisco 7200-I/O-2FE/E Input/Output controllers, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/dtasio.htm
For information about installation and configuration of the Input/Output controllers, see the Cisco document at the following location:
Cisco 7401 ASR-BB and Cisco 7401 ASR-CP
The Cisco 7401 series Application Specific Router (ASR) platforms provide application-specific features for broadband subscriber aggregation and network application services with high processing performance. The Cisco 7401 series ASR platforms provide the following hardware features:
•
•
•
•
•
Cisco IOS Release 12.2(14)S supports the following two Cisco 7401 series ASR platforms:
•
•
For information about installation and configuration of the Cisco 7401 series ASR platforms, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/7401/index.htm
Enhanced Gigabit Ethernet Interface Processor
Supported platform: Cisco 7500 series
The Enhanced Gigabit Ethernet Interface Processor (GEIP+) dual-wide port adapter provides enhanced data throughput compared to the GEIP for high density environments.
Gigabit Ethernet (GE) continues to be the choice media for both Enterprise backbone and Internet service providers (ISP) intra-point of presence (POP) interconnects. The GEIP+ supplies the high-throughput solution for integrating Cisco 7500 series into GE infrastructures.
The GEIP+ supports the following features:
•
•
•
•
•
•
•
•
For information about installation and configuration of the GEIP+, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7505/vip1/vip4/10699dwg/index.htm
Integrated Service Adapter
Supported platform: Cisco 7200 series
The Integrated Service Adapter (ISA) is a single-width service adapter that provides high-performance, hardware-assisted tunneling and encryption services suitable for Virtual Private Network (VPN) remote access, site-to-site intranet, and extranet applications, as well as platform scalability and security, while working with all services necessary for successful VPN deployments—security, quality of service (QoS), firewall and intrusion detection, and service-level validation and management.
The ISA offloads IP security (IPSec) and Microsoft Point-to-Point Encryption (MPPE) processing from the main processor of Cisco 7200 series, thus freeing resources on the processing engine (that is, the network processing engine [NPE] on the Cisco 7200 series) for other tasks.
The ISA provides hardware-accelerated support for multiple encryption functions:
•
•
•
•
•
For information about installation and configuration of the ISA, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/7200vx/portadpt/service/sa_isa/index.htm
Multichannel STM-1 Port Adapter
Supported platforms: Cisco 7200 VXR routers, Cisco 7400 series, Cisco 7500 series
The PA-MC-STM-1 is a high-speed, single-port multichannel STM-1 port adapter. You can configure the PA-MC-STM-1 as a multichannel E1/E0 STM-1 port. The PA-MC-STM-1 can be configured into 63 individual E1 links. Each E1 link can carry a single channel at full or fractional rates or be broken down into multiple DS0 or Nx64 Kbps rates. The PA-MC-STM-1 supports up to three TUG-3/AU-3 transport slots numbered 1 through 3. You can configure each TUG-3/AU-3 to carry 21 SDH TU-12s. Each SDH TU-12 is capable of carrying a channelized E1 frame, which can be unchannelized to nx64-Kbps time slots.
For more information about the PA-MC-STM-1, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e7/12e_stm.htm
For information about installation and configuration of the PA-MC-STM-1, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7505/portadpt/multi_ch/pa_mcstm/index.htm
Network Services Engine
Supported platform: Cisco 7200 VXR routers
The Network Services Engine (NSE) is the latest processor engine for Cisco 7200 VXR series. The NSE delivers wire rate OC-3 throughput while concurrent high-touch WAN edge services are running. It is the first Cisco processing engine to offer integrated hardware acceleration, increasing Cisco 7200 VXR series system performance by 50 to 300 percent for combined "high touch" edge services. The NSE takes advantage of a new technology called Parallel Express Forwarding (PXF).
The PXF processor enables IP parallel processing functions that work with the primary processor to provide accelerated IP Layer 3 feature processing. The PXF processor off-loads IP packet processing and switching functions from the Route Processor (RP) to provide accelerated and highly consistent switching performance when coupled with one or more of several IP services features such as access control lists (ACLs), address translation, quality of service (QoS), flow accounting, and traffic shaping.
For information about installation and configuration of the NSE, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/7206/fru/npense/index.htm
NPE-400
Supported platform: Cisco 7200 VXR routers
The NPE-400 is a new version of network processing engine for Cisco 7200 VXR routers with the following enhancements:
•
•
•
•
The NPE-400 leverages technology from the NPE-225 and NSE-1 to provide a higher performance NPE card.
For information about installation and configuration of the NPE-400, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/7206/fru/npense/index.htm
NPE-G1
Supported platform: Cisco 7200 VXR routers
The NPE-G1 is the first network processing engine (NPE) for the Cisco 7200 VXR routers to provide the functionality of both a network processing engine and I/O controller. If used without an I/O controller, an I/O blank panel must be in place.
While its design provides I/O controller functionality, it can also work with any I/O controller that is supported in the Cisco 7200 VXR routers. The NPE-G1, when installed with an I/O controller, provides the primary I/O functionality; that is, the NPE-G1 I/O functionality enhances that of the existing I/O controller. However, when both the I/O controller and NPE-G1 are present, the functionality of the auxiliary port and console port are on the I/O controller.
The NPE-G1 maintains and executes the system management functions for the Cisco 7200 VXR routers and also holds the system memory and environmental monitoring functions.
The NPE-G1 consists of one board with multiple interfaces. The board is keyed so that it can be used only in the Cisco 7200 VXR routers.
For information about installation and configuration of the NPE-G1, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/7206/fru/npense/index.htm
PA-MC-2T3+ Phase-II (T3 Subrate)
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The PA-MC-2T3+ is a single-width port adapter that provides two T3 interface connections. Each T3 interface can now be independently configured to be either channelized or unchannelized. A channelized T3 provides 28 T1 lines multiplexed into the T3. Each T1 line can be configured into one or more serial interface data channels.
Using the no channelized command, you can configure the T3 as a single, unchannelized serial interface data channel. You can configure this data channel to use all of the T3 bandwidth or a portion of it.
For more information about the PA-MC-2T3+, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e5/5e_ct3.htm
For information about installation and configuration of the PA-MC-2T3+, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7505/portadpt/multi_ch/mc_2t3/index.htm
PA-MC-8TE1+ Port Adapter
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The PA-MC-8TE1+ port adapter is a T1/E1 multichannel port adapter that provides eight DSX-1/DS1 or eight G.703 interfaces. The PA-MC-8TE1+ interfaces can be channelized, fractional, ISDN PRI, or nonframed. You configure the same port adapter to support either T1 or E1 physical links. The PA-MC-8TE1+ provides a total of 8 T1 or E1 links.
The PA-MC-8TE1+ provides up to 256 channels, as compared to a maximum of 128 for the PA-MC-8T1 (or PA-MC-8E1) port adapters. This allows for full channelization (down to the DS0 rate) for both T1 and E1 WAN links.
The PA-MC-8TE1+ supports Facility Data Link (FDL) in Extended Superframe (ESF) framing on T1 networks and network and payload loopbacks. Bit error rate testing (BERT) is supported on each of the T1 or E1 links and can run on all of the eight ports at the same time.
The PA-MC-8TE1+ provides channel group loopback. Channel group loopback for T1/E1 enables you to do section testing for a channel group without bringing down the whole T1/E1 line.
The PA-MC-8TE1+ does not support the aggregation of multiple T1s or E1s (called inverse muxing or bonding) for higher bandwidth data rates. The multichannel PA-MC-8TE1+ port adapter supports Cisco High-Level Data Link Control (HDLC), Frame Relay, PPP, and Switched Multimegabit Data Service (SMDS) Data Exchange Interface (DXI) encapsulations over each T1 or E1 link. For SMDS only, DXI is sent on the T1 or E1 line, so it needs to connect to an SMDS switch that has direct DXI input.
The PA-MC-8TE1+ has been designed to support a hardware watchdog facility in the MPC860 processor. The SRAM memory in the PA-MC-8TE1+ is mapped into the host (a Virtual Interface Processor on a Cisco 7500 series router, for example) memory space, allowing additional debugging capabilities.
For information about installation and configuration of the PA-MC-8TE1+, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/7200vx/portadpt/multicha/8port_t1/index.htm
VIP4
Supported platform: Cisco 7500 series
The VIP4 is the fourth generation of Versatile Interface Processors for use with Cisco 7000 series using the Cisco 7000 series Route Switch Processor (RSP7000) and Cisco 7000 series Chassis Interface (RSP7000CI) with Cisco 7500 series (which also include the Cisco 7507-MX and Cisco 7513-MX routers). The VIP4 installs in the interface processor slots in your Cisco 7000 series or Cisco 7500 series router.
For information about installation and configuration of the VIP4, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7505/vip1/vip4/6927vip4.htm
VIP6-80
Supported platform: Cisco 7500 series
The Versatile Interface Processor (VIP6-80) is an option available for use with the Cisco 7500 series and the Cisco 7000 series using the Cisco 7000 series Route Switch Processor (RSP7000) and Cisco 7000 series Chassis Interface (RSP7000CI). The VIP6-80 improves high-performance switching over previous generation VIPs.
The VIP6-80 supports online insertion and removal (OIR), a feature that allows you to remove and replace a VIP6-80 without first shutting down the system. However, VIP6-80 does not support OIR of port adapters (PAs). The VIP6-80 is removed before the port adapter is removed or installed.
The VIP6-80 also supports Single Line Card Reload (SLCR), a feature that enables a failed line card to reload on the network backplane without reloading other line cards.
The VIP6-80 supports any combination of LAN and WAN PAs, including Fast Ethernet, T1/E1, High-Speed Serial Interface (HSSI), T3/E3, T3/E3 ATM, multichannel T1/E1, multichannel T3/E3, OC-3 ATM, Packet over SONET (POS), and OC-12 ATM.
For information about installation and configuration of the VIP6-80, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7505/vip1/14372v68.htm
New Software Features in Cisco IOS Release 12.2(14)S
This section describes new and changed features in Cisco IOS Release 12.2(14)S. Some features may be new to Cisco IOS Release 12.2S but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.2(14)S. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.
Any Transport over MPLS Features
The following sections describe various Any Transport over Multiprotocol Label Switching (AToM) features. For more information about the AToM features, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/atom/index.htm
ATM AAL5 over MPLS
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The ATM AAL5 over MPLS feature provides an ATM permanent virtual circuit (PVC) for transporting ATM adaptation layer 5 (AAL5) protocol data units (PDUs) across an IP/Multiprotocol Label Switching (MPLS) backbone with rate-limit policing and configurable PVC priority values. A dynamic MPLS tunnel is configured to enable label imposition and disposition of encapsulated ATM PDUs transported between two edge routers having a Label Distribution Protocol (LDP) neighbor relationship.
Each routed PVC label stack has two levels of labels prepended to each ATM PDU: an Interior Gateway Protocol (IGP) stack consisting of zero or more labels and a PVC-based label. Label imposition and disposition are performed by routers at the edge of the MPLS backbone. The imposition router takes the ATM PDU and encapsulates it in an MPLS PDU for transport to the correct disposition router. The disposition router takes the MPLS PDU, de-encapsulates the ATM PDU, and delivers it to the correct ATM interface and virtual path identifier/virtual circuit identifier (VPI/VCI).
Cell Relay over MPLS
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
With ATM cell relay functionality, ATM cells can be transported across Multiprotocol Label Switching (MPLS) networks transparently. This setup allows transportation of ATM signaling and Operations, Administration, and Maintenance (OAM) cells across a packet network, making a packet network invisible to the ATM network. The ATM Cell Relay over MPLS feature enables service providers to use the same tools for provisioning and to aggregate the existing frame and ATM installations to a high-speed packet core that is based on IP/MPLS.
Ethernet over MPLS
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The Ethernet over MPLS (EoMPLS) feature enables you to connect two VLAN networks that are in different locations, without using expensive bridges, routers, or switches at the VLAN locations. You can enable the Multiprotocol Label Switching (MPLS) backbone network to accept Layer 2 VLAN traffic by configuring the label edge routers (LERs) at both ends of the MPLS backbone.
Frame Relay over MPLS
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
With the Frame Relay over MPLS feature, Frame Relay traffic can be encapsulated in Multiprotocol Label Switching (MPLS) packets and forwarded over an MPLS backbone to other Frame Relay destinations. Service providers can quickly add new sites with less effort than with typical Frame Relay provisioning.
HDLC over MPLS
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The HDLC over MPLS feature enables a customer router to emulate a High-Level Data Link Control (HDLC) connection to another customer router across the packet backbone. Like PPP, this technology allows transportation of Cisco HDLC frames across the packet networks. HDLC over Multiprotocol Label Switching (MPLS) also works in transparent mode.
PPP over MPLS
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The PPP over MPLS feature enables service providers to encapsulate PPP frames across a Multiprotocol Label Switching (MPLS) core in order to emulate a PPP link across any layer transport. Using PPP over MPLS on Packet-over-SONET (POS) links enables service providers to create a "multiplexed" subinterface that can then be used to individually peer with other providers.
PPP over MPLS further enables service providers to provide a transparent PPP pass-through where the customer-edge routers can exchange the traffic via an end-to-end PPP session. Service providers can offer a virtual leased-line solution and use the PPP subinterface capability to peer with multiple providers via a single POS connection.
PPP over MPLS Restrictions
The following restrictions pertain to the PPP over MPLS feature:
•
•
•
•
BGP Features
The following sections describe various Border Gateway Protocol (BGP) features.
BGP 4 MIB Support for per-Peer Received Routes
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The BGP 4 MIB Support for per-Peer Received Routes feature introduces a new table in the CISCO-BGP4-MIB that provides the capability to query (by using Simple Network Management Protocol commands) for routes that are learned from individual Border Gateway Protocol (BGP) peers.
For more information about the BGP 4 MIB Support for per-Peer Received Routes features, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsbgpmib.htm
BGP Conditional Route Injection
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
Cisco IOS software provides several methods to originate a prefix into the Border Gateway Protocol (BGP) routing table. The existing methods include using the network or aggregate-address commands and redistribution. These methods assume the existence of more specific routing information (matching the route to be originated) in either the routing table or the BGP table.
The BGP Conditional Route Injection feature enables you to originate a prefix into a BGP routing table without the corresponding match. The routes are injected into the BGP table only if certain conditions are met. The most common condition is the existence of a less specific prefix.
The BGP Conditional Route Injection feature is configured using the bgp inject-map command. The bgp inject-map command uses two route maps (inject-map and exist-map) to install one or more new prefixes into a BGP routing table. The exist-map specifies the prefixes that the BGP speaking router will track. The inject-map defines the prefixes that will be created and installed into the local BGP table.
For more information about the BGP Conditional Route Injection feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsbgpri.htm
BGP Hide Local-Autonomous System
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
When the neighbor local-as command is configured on a Border Gateway Protocol (BGP) speaking router, the local autonomous system number is automatically prepended to all routes that are learned from external peers by default. This behavior makes changing the autonomous system number for a service provider or large existing BGP network difficult because paths, with the prepended autonomous system number, will be rejected by internal routers that are configured with the same autonomous system number. For example, if the network operator configures an internal router with the neighbor 10.0.0.2 local-as 20 command, all paths that are learned from the 10.0.0.2 external peer will have the autonomous system number 20 prepended. Internal routers that are configured with the autonomous number 20 will detect these routes as routing loops and reject them. This behavior required a network operator to change the autonomous system number for all internal peers at the same time in order to change the autonomous system number for a BGP network.
The BGP Hide Local-Autonomous System feature introduces the no-prepend keyword to the neighbor local-as command. The use of the no-prepend keyword will allow a network operator to configure a BGP speaker to not prepend the local autonomous system number to any routes that are received from external peers. This feature can be used to help transparently change the autonomous system number of a BGP network and ensure that routes can be propagated throughout the autonomous system, while the autonomous system number transition is incomplete. Because the local autonomous system number is not prepended to these routes, external routes will not be rejected by internal peers during the transition from one autonomous system number to another.
Caution
For more information about the BGP Hide Local-Autonomous System feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsbgphla.htm
BGP Hybrid CLI Support
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The BGP Hybrid CLI Support feature allows the network operator to configure the Border Gateway Protocol (BGP) using the Network Layer Reachability Information (NLRI) format for IPv4 unicast commands and the address-family identifier (AFI) format for address family commands, such as IPv6, VPNv4, and Connectionless Network Service (CLNS) protocol commands.
For more information about the BGP Hybrid CLI Support feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fs_bhcli.htm
The Cisco IOS IPv6 Configuration Library is available at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ipv6_vgf.htm
BGP Link Bandwidth
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The BGP Link Bandwidth feature is used to advertise the bandwidth of an autonomous system exit link as an extended community. The BGP Link Bandwidth feature is supported by the internal BGP (iBGP) and external BGP (eBGP) multipath features. The link bandwidth extended community indicates the preference of an autonomous system exit link in terms of bandwidth. The link bandwidth extended community attribute may be propagated to all iBGP peers and used with the BGP multipath features to configure unequal cost load balancing. When a router receives a route from a directly connected external neighbor and advertises this route to iBGP neighbors, the router may advertise the bandwidth of that link.
The link bandwidth extended community attribute is a 4-byte value that is set by the network administrator on the demilitarized zone (DMZ) interface that connects two single hop eBGP peers. The link bandwidth extended community attribute should be used as a traffic sharing value relative to other paths while forwarding traffic. Two paths are designated as equal for load balancing if the weight, local-pref, as-path length, Multi Exit Discriminator (MED), and Interior Gateway Protocol (IGP) costs are the same.
For more information about the BGP Link Bandwidth feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsbgplb.htm
BGP Multipath Load Sharing for Both eBGP and iBGP in an MPLS-VPN
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The BGP Multipath Load Sharing for Both eBGP and iBGP in an MPLS-VPN feature allows you to configure multipath load balancing with both external BGP (eBGP) and internal BGP (iBGP) paths in Border Gateway Protocol (BGP) networks that are configured to use Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs). This feature provides improved load-balancing deployment and service offering capabilities and is useful for multihomed autonomous systems and provider edge (PE) routers that import both eBGP and iBGP paths from multihomed and stub networks.
BGP installs up to the maximum number of paths allowed (configured using the maximum-paths command). BGP uses the best path algorithm to select one multipath as the best path, insert the best path into the routing information base (RIB), and advertise the best path to BGP peers. Other multipaths may be inserted into the RIB, but only one path will be selected as the best path.
Note
The multipaths are used by Cisco Express Forwarding (CEF) to perform load balancing, which can be performed on a per-packet or per-source or destination-pair basis. The BGP Multipath Load Sharing for Both eBGP and iBGP in an MPLS-VPN feature performs unequal cost load balancing by default by selecting BGP paths that do not have an equal cost of the Interior Gateway Protocol (IGP). In order to enable this feature, configure the router with MPLS VPNs that contain VPN routing and forwarding instances (VRFs) that import both eBGP and iBGP paths. The number of multipaths can be configured separately for each VRF.
Note
For more information about the BGP Multipath Load Sharing for Both eBGP and iBGP in an MPLS-VPN feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fseibmpl.htm
BGP Named Community Lists
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
Border Gateway Protocol (BGP) communities are attributes that are used to group and filter routes. Communities are designed to give the network operator the ability to apply policies to large numbers of routes by using match and set clauses in the configuration of route maps. Community lists are used in this process to identify and filter routes by their common attributes.
The BGP Named Community Lists feature introduces a new type of community list called the named community list. The BGP Named Community Lists feature allows the network operator to assign meaningful names to community lists and increases the number of community lists that can be configured. A named community list can be configured with regular expressions and with numbered community lists. All rules of numbered communities apply to named community lists except that there is no limitation on the number of community attributes that can be configured for a named community list.
Note
For more information about the BGP Named Community Lists feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsbgpncl.htm
BGP Policy Accounting
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The BGP Policy Accounting feature provides a means of charging customers according to the route that their traffic travels. Trans-Pacific, Trans-Atlantic, satellite, domestic, and other provider traffic can be identified and accounted for on a per-customer basis when customers are on a unique software interface. This feature also allows the accounting of traffic to known autonomous system numbers in order to better engineer and plan network circuit peering and transit agreements.
The BGP Policy Accounting feature classifies IP traffic by autonomous system number, autonomous system path, or community list, and increments packet and byte counters per input interface. It performs this function using route maps to classify the traffic into one of eight possible indexes, which represent a traffic classification.
For more information about the BGP Policy Accounting feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsbgppa.htm
BGP Prefix-Based Outbound Route Filtering
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The BGP Prefix-Based Outbound Route Filtering feature uses Border Gateway Protocol (BGP) outbound route filter (ORF) send and receive capabilities to minimize the number of BGP updates that are sent between peer routers. The configuration of this feature can help reduce the amount of resources required for generating and processing routing updates by filtering out unwanted routing updates at the source. For example, this feature can be used to reduce the amount of processing required on a router that is not accepting full routes from a service provider network.
The BGP Prefix-Based Outbound Route Filtering feature is enabled through the advertisement of ORF capabilities to peer routers. The advertisement of the ORF capability indicates that a BGP-speaking router will accept a prefix list from a neighbor and apply the prefix list to locally configured ORFs (if any exist). When this capability is enabled, the BGP speaker can install the inbound prefix list filter to the remote peer as an outbound filter, which reduces unwanted routing updates.
The BGP Prefix-Based Outbound Route Filtering feature can be configured with send, receive, or send and receive ORF capabilities. The local peer advertises the ORF capability in send mode. The remote peer receives the ORF capability in receive mode and applies the filter as outbound policy. The local and remote peers exchange updates to maintain the ORF for each router. Updates are exchanged between peer routers by address family depending on the ORF prefix list capability that is advertised. The remote peer starts sending updates to the local peer after it receives a route refresh request or an ORF prefix list with immediate status. The BGP speaker will continue to apply the inbound prefix list to received updates after the speaker pushes the inbound prefix list to the remote peer.
For more information about the BGP Prefix-Based Outbound Route Filtering feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsbgporf.htm
Bidirectional PIM
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
Bidirectional PIM (bidir-PIM) is a variant of the Protocol Independent Multicast (PIM) suite of routing protocols for IP multicast. In PIM, packet traffic for a multicast group is routed according to the rules of the mode configured for that multicast group. The Cisco IOS implementation of PIM supports three modes for a multicast group:
•
•
•
A router can simultaneously support all three modes or any combination of them for different multicast groups. In bidirectional mode, traffic is routed only along a bidirectional shared tree that is rooted at the rendezvous point (RP) for the group. In bidir-PIM, the IP address of the RP acts as the key to having all routers establish a loop-free spanning tree topology rooted in that IP address. This IP address need not be for a router, but can be any unassigned IP address on a network that is reachable throughout the PIM domain. This technique is the preferred configuration method for establishing a redundant RP configuration for bidir-PIM.
Membership to a bidirectional group is signalled via explicit join messages. Traffic from sources is unconditionally sent up the shared tree toward the RP and passed down the tree toward the receivers on each branch of the tree.
Bidir-PIM is designed to be used for many-to-many applications within individual PIM domains. Multicast groups in bidirectional mode can scale to an arbitrary number of sources without incurring overhead because of the number of sources.
Bidir-PIM is derived from the mechanisms of PIM-SM and shares many shortest-path tree (SPT) operations. Bidir-PIM also has unconditional forwarding of source traffic toward the RP upstream on the shared tree, but no registering process for sources as in PIM-SM. These modifications are necessary and sufficient to allow forwarding of traffic in all routers solely on the basis of the (*, G) multicast routing entries. This feature eliminates any source-specific state and allows scaling capability to an arbitrary number of sources.
Note
Cisco 7500 Single Line Card Reload
Supported platform: Cisco 7500 series
The Cisco 7500 Single Line Card Reload feature, the only method of correcting a line card hardware failure or a severe software error for one line card on a Cisco 7500 series router, requires the execution of a CBus Complex, a process that reloads every line card on the network backplane. The time it takes to complete the CBus Complex is often inconvenient, and no network traffic can be routed or switched during the CBus Complex process.
The Single Line Card Reload (SLCR) feature enables users to correct a line card failure on a Cisco 7500 series router by reloading the failed line card without reloading any other line cards on the network backplane. During the single line card reload process, all physical lines and routing protocols on the other line cards of the network backplane remain active. A single line card reload is also significantly faster than the CBus Complex process.
The SLCR feature works on all RSP images for all Cisco IOS releases that support the SLCR feature.
For more information about the SLCR feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e5/e5_slcr.htm
Cisco IOS Server Load Balancing (SLB)
Supported platforms: Cisco 7200 series
The Cisco IOS Server Load Balancing (SLB) feature is a Cisco IOS software-based solution that provides IP server load balancing. Using the Cisco IOS SLB feature, you can define a virtual server that represents a group of real servers in a cluster of network servers known as a server farm. In this environment, the clients connect to the IP address of the virtual server. When a client initiates a connection to the virtual server, the Cisco IOS SLB function chooses a real server for the connection based on a configured load-balancing algorithm.
Cisco IOS SLB also provides firewall load balancing, which balances flows across a group of firewalls called a firewall farm.
Note
Cisco IOS SLB provides the following functions and capabilities:
•
–
–
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
For more information about Cisco IOS SLB, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsslb.htm
Cisco Quality of Service Device Manager
Supported platforms: Cisco 7200 series, Cisco 7500 series that are VIP-enabled
Cisco Quality of Service Device Manager (QDM) is a web-based Java application through which you can configure and monitor advanced IP-based quality of service (QoS) functionality within Cisco routers.
QDM is available as a separate product and may be downloaded free of charge.
For more information about QDM, see the Release and Installation Notes for Cisco Quality of Service Device Manager at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/qdm/
Class-Based Quality of Service MIB
Supported platforms: Cisco 7200 series, Cisco 7500 series
The Class-Based Quality of Service MIB (Class-Based QoS MIB) provides read access to QoS configurations. This MIB also provides QoS statistics information based on the modular quality of service command-line interface (MQC), including information regarding class-map and policy-map parameters.
The Class-Based QoS MIB actually consists of two MIBs: CISCO-CLASS-BASED-QOS-MIB and CISCO-CLASS-BASED-QOS-CAPABILITY-MIB.
For more information, see the Cisco Network Management Toolkit for the MIBs at the following location:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
DCBWFQ, DWRED, and DLLQ Support for PA-A3-8E1IMA and PA-A3-8T1IMA Port Adapters on Cisco 7500 Series Routers
Supported platform: Cisco 7500 series
PA-A3-8E1IMA and PA-A3-8T1IMA port adapters on Cisco 7500 series now support Distributed Class-Based WFQ (DCBWFQ), Distributed Weighted Random Early Detection (DWRED), and Distributed Low Latency Queueing (DLLQ).
Distributed Class-Based WFQ
Weighted Fair Queueing (WFQ) offers dynamic, fair queueing that divides bandwidth across queues of traffic based on weights. WFQ ensures that all traffic is treated fairly, given its weight.
Distributed Class-Based WFQ (DCBWFQ) extends the standard WFQ functionality to provide support for user-defined traffic classes on the VIP. These user-defined traffic classes are configured in the Modular Quality of Service Command-Line Interface feature. For information on how to configure quality of service (QoS) with the modular quality of service command-line interface (MQC), see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120xe/120xe5/mqc/mcli.htm
For information on how to configure DCBWFQ, see the "Configuring Weighted Fair Queueing" chapter in the "Congestion Management" part of the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.1, at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/qos_c/qcprt2/qcdwfq.htm
Distributed Weighted Random Early Detection
Weighted Random Early Detection (WRED), the Cisco implementation of Random Early Detection (RED), combines the capabilities of the RED algorithm with IP precedence to provide preferential traffic handling for higher priority packets. It can selectively discard lower priority traffic when the interface begins to get congested and can provide differentiated performance characteristics for different classes of service.
Distributed WRED (DWRED) is the Cisco high-speed version of WRED. The DWRED algorithm was designed with Internet service providers (ISPs) in mind; it allows an ISP to define minimum and maximum queue depth thresholds and drop capabilities for each class of service.
For more information about DWRED, see the "Quality of Service Overview" chapter of the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.1, at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/qos_c/qcdintro.htm
Distributed Low Latency Queueing
Distributed Low Latency Queueing (DLLQ) enables you to specify low latency behavior for a traffic class. LLQ allows delay-sensitive data such as voice to be dequeued and sent first (before packets in other queues are dequeued), giving delay-sensitive data preferential treatment over other traffic.
DLLQ also introduces the ability to limit the depth of a device transmission ring. Before the introduction of DLLQ, the maximum transmission ring depth was not a user-configurable parameter. Therefore, particles could accumulate on a transmission ring without limitation, which could result in unavoidable high latencies. DLLQ allows users to limit the number of particles that may exist on a transmission ring, effectively lowering the latency incurred by packets sitting on that transmission ring.
For more information about DLLQ, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/dtllqvip.htm
PA-A3-8E1IMA and PA-A3-8T1IMA
For more information about the PA-A3-8E1IMA and PA-A3-8T1IMA port adapters, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7505/portadpt/atm_port/a3_8t_8e/index.htm
DFP Agent Subsystem
Supported platforms: Cisco 7200 series
The Dynamic Feedback Protocol (DFP) enables a DFP agent in a local load-balancing environment to collect status information from one or more real host servers, convert the information to relative weights, and report the weights to a DFP manager, such as a Cisco IOS Server Load Balancing (SLB) device. The DFP manager factors in the weights when load balancing the real servers. DFP also supports global load-balancing environments, with Cisco IOS SLB reporting weights to DistributedDirector.
In earlier Cisco IOS releases, the DFP agent was implemented only in Cisco IOS SLB. The new DFP Agent Subsystem feature enables client subsystems other than Cisco IOS SLB to act as DFP agents. However, currently Cisco IOS SLB is the only supported subsystem. You can use multiple DFP agents from different client subsystems at the same time.
For more information about DFP, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsdfp.htm
DiffServ Compliant Weighted Random Early Detection
Supported platform: Cisco 7500 series
Note
The DiffServ Compliant Weighted Random Early Detection feature enables Weighted Random Early Detection (WRED) to use the differentiated services code point (DSCP) value when it calculates the drop probability for a packet. The DSCP value is the first six bits of the IP type of service (ToS) byte.
For more information about the DiffServ Compliant Weighted Random Early Detection feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e5/dsdwrede.htm
Distributed GRE Tunneling Support
Supported platform: Cisco 7500 series
The Distributed GRE Tunneling Support feature allows Cisco IOS software to switch packets into and out of the generic routing encapsulation (GRE) tunnels using distributed Cisco Express Forwarding (dCEF). The tunneling is performed using recursive or "double" switching techniques that are currently deployed on existing nondistributed platforms. The relevant bits are ported into this development.
Double switching is performed by the handling of the received IP packet in the existing code path until it is determined that the packet needs encapsulation or de-encapsulation. Recursively forwarding the IP packet through the IP switching path again explains the "double" aspect of the switching.
For more information about the Distributed GRE Tunneling Support feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fs_dgre.htm
Distributed Network-Based Application Recognition
Supported platforms: Cisco 7500 series
Distributed Network-Based Application Recognition (dNBAR) introduces the existing NBAR feature for Cisco 7500 series that are configured with a Versatile Interface Processor (VIP).
The dNBAR feature allows packet classification by adding intelligent network classification to network infrastructures. dNBAR is a classification engine that recognizes a wide variety of applications, including web-based and other difficult-to-classify protocols that utilize dynamic TCP/UDP port assignments.
When an application is recognized and classified by dNBAR, a network can invoke services for that specific application. dNBAR ensures that network bandwidth is used efficiently by working with quality of service (QoS) features to provide the following features:
•
•
•
•
•
For more information about the dNBAR feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsnbarad.htm
DLR Enhancements: PGM RFC-3208 Compliance
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
In compliance with RFC 3208, the DLR Enhancements feature adds off-tree designated local repairer (DLR) support and redirecting poll response (POLR) capability for upstream DLRs to the Cisco implementation of Pragmatic General Multicast (PGM).
Enhanced Password Security, Phase I
Supported platforms: Cisco 7200 series, Cisco 7500 series
Using the Enhanced Password Security feature, you can configure Message Digest 5 (MD5) encryption for username passwords. Before the introduction of this feature, there were two types of passwords associated with usernames. Type 0 is a clear text password visible to any user who has access to privileged mode on the router. Type 7 is a password with a weak, exclusive-or type encryption. Type 7 passwords can be retrieved from the encrypted text by using publicly available tools.
MD5 encryption is a one-way hash function that makes reversal of an encrypted password impossible, providing strong encryption protection. Using MD5 encryption, you cannot retrieve clear text passwords. MD5 encrypted passwords cannot be used with protocols that require that the clear text password be retrievable, such as Challenge Handshake Authentication Protocol (CHAP).
Use the username (secret) command to configure a username and an associated MD5 encrypted secret.
For more information about the Enhanced Password Security, Phase I feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e8/8e_md5.htm
EXEC Commands in Configuration Mode
Supported platforms: Cisco 7200 series, Cisco 7500 series
You can now issue EXEC-level Cisco IOS commands (such as show, clear, and debug commands) from within global configuration mode or other modes by issuing the do command followed by the EXEC command.
For more information about the EXEC-level Cisco IOS commands, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122b/122b_15/12e_exe.htm
Express RTP Header Compression
Supported platform: Cisco 7200 series
Before the introduction of the Express RTP Header Compression feature, if compression of Real-Time Transport Protocol (RTP) headers was enabled, compression was performed in the process-switching path. That meant that packets traversing interfaces that had RTP header compression enabled were queued and passed up to the process to be switched. This procedure slowed down transmission of the packet, and therefore some users preferred to fast-switch uncompressed RTP packets.
Now, if RTP header compression is enabled, it occurs by default in the fast-switched path or the Cisco Express Forwarding switched (CEF-switched) path, depending on which switching method is enabled on the interface. Furthermore, the number of RTP header compression connections was increased to 1000 connections each.
If neither fast switching nor CEF switching is enabled, then if RTP header compression is enabled, it will occur in the process-switched path as before.
For more information about the Express RTP Header Compression feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e4/rtpfast.htm
Frame Relay Queueing and Fragmentation at the Interface
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The Frame Relay Queueing and Fragmentation at the Interface feature introduces support for low latency queueing (LLQ) and FRF.12 end-to-end fragmentation on a Frame Relay interface. This new feature simplifies the configuration of low latency, low jitter quality of service (QoS) by enabling the queueing policy and fragmentation configured on the interface to apply to all permanent virtual circuits (PVCs) and subinterfaces under that main interface. Before the introduction of this feature, queueing and fragmentation had to be configured on each individual PVC. Subrate shaping can also be configured on the interface.
For more information about the Frame Relay Queueing and Fragmentation at the Interface feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsfrintq.htm
Functionality Changed for the tunnel mpls traffic-eng autoroute metric Command
Supported platforms: Cisco 7200 series, Cisco 7500 series
The default behavior of the tunnel mpls traffic-eng autoroute metric interface configuration command has been changed in Cisco IOS Release 12.2(14)S. This command now combines the costs of all Intermediate System-to-Intermediate System (IS-IS) routes that are downstream from a Traffic Engineering (TE) tunnel into an additive path metric. IS-IS uses the additive path metric to set the metric of the TE tunnel.
Generic Routing Encapsulation (GRE) Tunnel Keepalive
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The Generic Routing Encapsulation (GRE) Tunnel Keepalive feature provides the capability of configuring keepalive packets to be sent over IP-encapsulated GRE tunnels. You can specify the rate at which keepalives will be sent and the number of times that a device will continue to send keepalive packets without a response before the interface becomes inactive.
For more information about the Generic Routing Encapsulation (GRE) Tunnel Keepalive feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/s_grekpa.htm
GLBP: Gateway Load Balancing Protocol
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The Gateway Load Balancing Protocol (GLBP) feature provides automatic router backup for IP hosts that are configured with a single default gateway on an IEEE 802.3 LAN. Multiple first-hop routers on the LAN combine to offer a single virtual first-hop IP router while sharing the IP packet forwarding load between them. Other routers on the LAN may act as redundant GLBP routers that will become active if any of the existing forwarding routers fail.
For more information about GLBP, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fs_glbp2.htm
iBGP Multipath Load Sharing
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
When a Border Gateway Protocol (BGP) speaking router with no local policy configured receives multiple network layer reachability information (NLRI) from the internal BGP (iBGP) for the same destination, the router will choose one iBGP path as the best path. The best path is then installed in the IP routing table of the router.
The iBGP Multipath Load Sharing feature enables the BGP speaking router to select multiple iBGP paths as the best paths to a destination. The best paths or multipaths are then installed in the IP routing table of the router. The iBGP Multipath Load Sharing feature functions similarly in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) with a service provider backbone.
For multiple paths to the same destination to be considered as multipaths, the following criteria must be met:
•
•
Even if the criteria are met and multiple paths are considered multipaths, the BGP speaking router will still designate one of the multipaths as the best path and advertise this best path to its neighbors.
For more information about the iBGP Multipath Load Sharing feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsbgpls.htm
IGMP State Limit
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The IGMP State Limit feature provides protection against denial of service attacks caused by Internet Group Management Protocol (IGMP) packets. The new command-line interface (CLI) introduced by this feature allows you to configure a limit on the number of IGMP states that results from IGMP, IGMP Version 3 lite, and URL Rendezvous Directory (URD) membership reports on a per-interface or global basis. Membership reports in excess of the configured limits will not be entered in the IGMP cache, and traffic for those excess membership reports will not be forwarded.
IGMP Version 3—Explicit Tracking of Hosts, Groups, and Channels
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
Note
The Internet Group Management Protocol (IGMP) is used by IP hosts to report their multicast group memberships to neighboring multicast routers. IGMP is available in versions 1, 2, and 3. The Explicit Tracking of Hosts, Groups, and Channels for IGMP Version 3 feature enables a multicast router to explicitly track the membership of all multicast hosts in a particular multiaccess network. This enhancement to the Cisco IOS implementation of IGMPv3 enables the router to keep track of each individual host that is joined to a particular group or channel. The main benefits of this feature are that it provides minimal leave latencies, faster channel changing, and improved diagnostics capabilities for IGMP.
For more information about IGMPv3 and related features such as Source Specific Multicast (SSM), see the Cisco IOS IP Configuration Guide, Release 12.2, at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/index.htm
For more information about the IGMP Version 3—Explicit Tracking of Hosts, Groups, and Channels feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fs_xtrc.htm
Integrated IS-IS Point-to-Point Adjacency over Broadcast Media
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
When a network consists of only two networking devices that are connected to broadcast media and uses the integrated Intermediate System-to-Intermediate System (IS-IS) protocol, it is better for the system to handle the link as a point-to-point link instead of as a broadcast link. This feature introduces a new command to make IS-IS behave as a point-to-point link between the networking devices.
Using this feature provides performance improvements to the network convergence times of the customer network because the feature saves the system from electing a designated router (DR), prevents flooding from using complete sequence number PDUs (CSNPs) for database synchronization, and simplifies shortest path first (SPF) computations.
For more information about the Integrated IS-IS Point-to-Point Adjacency over Broadcast Media feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fissp2p.htm
Interface Range Configuration Mode
Supported platforms: Cisco 7200 series, Cisco 7500 series
The interface range configuration mode allows you to configure multiple interfaces with the same configuration parameters. Once you enter the interface range configuration mode, all command parameters that you enter are attributed to all interfaces within that range until you exit the interface range configuration mode.
The interface range command mode has the following syntax:
interface range {vlan vlan_ID - vlan_ID} | {{ethernet | fastethernet | gigabitethernet | macro macro_name} slot/interface - interface} [, {{ethernet | fastethernet | gigabitethernet | macro macro_name} slot/interface - interface}]
Note that the space before the dash is required, you can enter up to five comma-separated ranges, and you are not required to enter spaces before or after the comma.
Interface Range Specification
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The Interface Range Specification feature allows specification of a range of interfaces to which subsequent commands are applied and supports definition of macros that contain an interface range. The Interface Range Specification feature is implemented with the range keyword, which is used with the interface command. In the interface configuration mode with the range keyword, all entered commands are applied to all interfaces within the range until you exit interface configuration mode.
IP Access List Entry Sequence Numbering
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The IP Access List Entry Sequence Numbering feature allows the user to add a sequence number to every access control element (ACE) in an access control list (ACL) and simplifies and accelerates ACE resequencing.
Before the release of this feature, there is no way to specify the position of an ACE within an ACL. When a user wants to insert an ACE in the middle of an existing list, all of the ACEs after the desired position must be removed, the new ACE is then applied, and finally all deleted ACEs must be reapplied in their new positions after the new ACE. This method is cumbersome and error prone.
This feature allows users to add sequence numbers to ACEs and resequence existing ACEs. When a user adds a new ACE, the user chooses the sequence number so that it is in a desired position in the ACL. And when a new ACE must be inserted, the ACEs currently on the ACL can be resequenced to create room on the ACL to insert the new ACE.
This feature works with numbered and named ACLs, and it supports standard and extended ACLs.
For backward compatibility with previous releases, if ACEs with no sequence numbers are applied, the first ACE will have a sequence number of 10, and successive ACEs will have sequence numbers incremented by 10. The maximum sequence number is 2147483647. If the generated sequence number exceeds this maximum number, the following message is displayed:
Exceeded maximum sequence number.If an ACE that already belongs to an existing ACL is entered without a sequence number, then it is assigned a sequence number that is 10 greater than the last sequence number in that ACL and is placed at the end of the list.
Distributed support will be provided so that the sequence numbers of ACEs in the Route Processor (RP) and LC are in synchronization at all times. Sequence numbers will not be nvgened.
If an ACE matches an already existing entry (except for the sequence number), then no changes are made. If a new ACE has a sequence number that is already present, the following error message is generated:
Duplicate sequence number.If an ACL is entered from global configuration mode, then sequence numbers for that ACL are generated automatically.
For more information about the IP Access List Entry Sequence Numbering feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsaclseq.htm
IP Event Dampening
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The IP Event Dampening feature introduces a configurable exponential decay mechanism to suppress the effects of excessive interface flapping events on routing tables and protocols. This feature allows the network operator to configure a router to identify and dampen flapping interfaces, which reduces the utilization of system processing resources and improves network stability and performance. This feature is configured on a per-interface basis and supports Connectionless Network Service (CLNS) and IP routing protocols.
For more information about the IP Event Dampening feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsipevdp.htm
IP MMLS Global Threshold
Supported platforms: Cisco 7200 series, Cisco 7500 series
The IP Multicast Multilayer Switching (MMLS) Global Threshold feature allows you to configure a global multicast rate threshold, specified in packets per second, below which all multicast traffic is routed by the Multilayer Switch Feature Card, which prevents creation of switching cache entries for low-rate Layer 3 flows.
IPSec—SNMP Support
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The IPSec—SNMP Support feature introduces support for industry standard IP Security (IPSec) MIBs and Cisco IOS software specific IPSec MIBs. The IPSec MIBs allow IPSec configuration monitoring and IPSec status monitoring using Simple Network Management Protocol (SNMP), and can be integrated into a variety of Virtual Private Network (VPN) management solutions. Cisco IOS command-line interface (CLI) commands allow you to examine the version of the MIBs, to enable (or disable) SNMP notifications for IPSec, and to monitor and control the size of the buffers that are used by this feature.
Full details of management options can be found in the CISCO-IPSEC-FLOW-MONITOR- MIB, the CISCO-IPSEC-MIB, and the CISCO-IPSEC-POLICY-MAP-MIB. These MIB modules can be obtained from Cisco Network Management Toolkit for the MIBs at the following location:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
For more information about the IPSec—SNMP Support feature and related Cisco IOS commands, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e4/dtipmib.htm
IPv6 Features
The following sections describe various IP version 6 (IPv6) features. For more information about the IPv6 features, see the Cisco IOS IPv6 Configuration Library at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ipv6_vgf.htm
CEFv6/dCEFv6—Cisco Express Forwarding
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
Cisco Express Forwarding for IPv6 (CEFv6) is advanced, Layer 3 IP switching technology for the forwarding of IPv6 packets. Distributed CEF for IPv6 (dCEFv6) performs the same functions as CEFv6 but for distributed architecture platforms such as the Cisco 12000 series Internet routers. CEFv6 and dCEFv6 function the same and offer the same benefits as CEFv4 and dCEFv4.
In Cisco IOS Release 12.2S, dCEFv6 and CEFv6 support IPv6 addresses and prefixes, separate Forwarding Information Bases (FIBs) for IPv6 global, site-local, and link-local addresses, and a separate global FIB for each Virtual Private Network (VPN).
IPv6 CEF supports a subset of the IPv4 CEF commands using the ipv6 cef root rather than ip cef. The behavior of all commands is analogous to that of the IPv4 CEF commands. Furthermore, a number of existing CEF commands that start with the root show cef now display IPv6 CEF information in addition to IPv4 CEF information.C
Table 32 lists the IPv6 commands that are related to the CEFv6/dCEFv6—Cisco Express Forwarding feature and that are supported in Cisco IOS Release 12.2S.
CEFv6 Switching for Tunnels
This section discusses the following three features:
•
•
•
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
Cisco Express Forwarding (CEF) switching is on by default when the IP version 6 (IPv6) protocol is configured on an interface. IPv6 overlay tunneling mechanisms (6to4, automatic, and Intra-Site Automatic Tunnel Addressing Protocol [ISATAP]) use CEF to transport IPv6 packets.
For information about implementing tunneling for IPv6, see the Cisco document at the following location:
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-tunnel.html
Cisco Discovery Protocol (CDP) - IPv6 Address Family Support for Neighbor Information
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The CDP IPv6 Address Family Support for Neighbor Information feature adds the ability to transfer IP version 6 (IPv6) addressing information between two Cisco devices using Cisco Discovery Protocol (CDP). CDP support for IPv6 addresses allows CDP to exchange IPv6 addressing information. CDP support for IPv6 addresses provides IPv6 information to network management products and troubleshooting tools.
DNS Lookups over an IPv6 Transport
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The DNS Lookups over an IPv6 Transport feature adds support for IPv6 AAAA record types over an IPv6 transport in the Domain Name System (DNS) name-to-address and address-to-name lookup processes.
IPv6 Extended Access Control Lists
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
Extended access control lists in IPv6 function the same and offer the same benefits as access control lists in IPv4—IPv6 extended access lists use source and destination addresses for matching operations and IPv6 option headers and optional, upper-layer protocol type information for finer granularity of control.
IPv6 access lists are identified by user selected names and are defined by a list of permit and deny statements entered within IPv6 access list configuration mode. Each access list statement must specify the protocol and source and destination prefixes to match against (where the any keyword is equivalent to the IPv6 prefix ::/0). Every IPv6 access list has implicit permit icmp any any nd-na, permit icmp any any nd-ns, and deny ipv6 any any statements as its last match conditions. (The former two match conditions allow for Internet Control Message Protocol for IPv6 [ICMPv6] neighbor discovery.) IPv6 access lists can be used only to filter traffic; IPv6 prefix lists must be used to filter routing protocol prefixes.
Table 33 lists the IPv6 commands that are related to the IPv6 Extended Access Control Lists feature and that are supported in Cisco IOS Release 12.2S.
IPv6 for Cisco IOS Software
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
IPv6, formerly called IPng (next generation), is the latest version of IP and offers many benefits, such as a larger address space, over the previous version of IP (version 4).
In Cisco IOS Release 12.2(14)S, the IPv6 for Cisco IOS Software feature is being integrated into the 12.2S Cisco IOS software release train along with the following additional, new feature enhancements:
•
•
•
•
IPv6 ISATAP Tunnel Support
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) is an automatic overlay tunneling mechanism that uses the underlying IP version 4 (IPv4) network as a nonbroadcast multiaccess (NBMA) link layer for IP version 6 (IPv6). The IPv4 address is encoded in the last 32 bits of the IPv6 address, enabling automatic IPv6-in-IPv4 tunneling within an IPv4 network. ISATAP tunnels allow individual IPv4/IPv6 dual-stack hosts within a site to connect to an IPv6 network using the IPv4 infrastructure. ISATAP uses a normal global IPv6 prefix (/64) which can be used with both local and global unicast IPv6 prefixes, enabling IPv6 routing on the Internet.
For information about implementing tunneling for IPv6, see the Cisco document at the following location:
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-tunnel.html
IPv6 MIBs
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The IPv6 MIBs feature adds network management support for IP version 6 (IPv6) using Simple Network Management Protocol (SNMP). New MIB tables have been added for monitoring IP and IP forwarding traffic in an IPv6 environment.
No new or modified Cisco IOS commands are associated with this feature. For details on the MIB enhancements, see the CISCO-IETF-IP-FORWARD-MIB.my and CISCO-IETF-IP-MIB.my MIB files, available from the Cisco MIB FTP site at http://tools.cisco.com/ITDIT/MIBS/servlet/index.
IPv6 Provider Edge Router over MPLS
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The IPv6 Provider Edge Router over MPLS feature (also referred to as Cisco 6PE) enables IPv6 sites to communicate over a Multiprotocol Label Switching (MPLS) IPv4 network with no software or hardware upgrades in the core MPLS infrastructure and with no disruption to existing customer services.
IPv6 RIP Enhancements
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The IPv6 RIP Enhancements feature adds support for a separate IPv6 Routing Information Protocol (RIP) routing table, the ability to delete routes from the IPv6 RIP routing table, and the ability to set route tags. The hold-down timer default is now set to zero, and a maximum number of parallel routes can be configured.
Secure Shell (SSH) over an IPv6 Transport
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
Secure Shell (SSH) in IPv6 functions the same as and offers the same benefits as SSH in IPv4—the SSH Server feature enables an SSH client to make a secure, encrypted connection to a Cisco router and the SSH Client feature enables a Cisco router to make a secure, encrypted connection to another Cisco router or to any other device running an SSH server. IPv6 enhancements to SSH consist of support for IPv6 addresses that enable a Cisco router to accept and establish secure, encrypted connections with remote IPv6 nodes over an IPv6 transport.
IS-IS: Allows BGP to Control the Configuration of the Overload Bit
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The Intermediate System-to-Intermediate System (IS-IS) protocol defines a special bit in each link-state packet (LSP) called the overload-bit. IS-IS uses the overload bit to "tell" other routers to ignore this router in their shortest path first (SPF) calculations. This function prevents transit traffic from passing through the router before the routing table has converged, and transit traffic is not lost.
This feature provides IS-IS with the ability to set the overload bit and then to wait for Border Gateway Protocol (BGP) convergence. After the BGP routing table has fully converged, BGP sends a notification to IS-IS that BGP is ready for the IS-IS protocol to unset the overload bit. When the IS-IS protocol receives the notification from BGP, IS-IS unsets the overload bit and returns the router to normal operation, allowing transit traffic to pass through the router.
The configuration of this feature allows a network operator to bring a new router into a network without immediately routing traffic through the new router. The network operator can configure the router that is running IS-IS to wait until the BGP routing table converges or the configured timer expires. The configuration of this feature can improve network performance and stability by making the router available much faster without the risk of losing traffic that is destined for other networks.
Note
This feature introduces three configuration options for the set-overload-bit IS-IS router configuration command. See Table 34 for syntax descriptions.
set-overload-bit [on-startup {announce-time | wait-for-bgp}]
no set-overload-bit [on-startup {announce-time | wait-for-bgp}]
IS-IS HMAC-MD5 Authentication and Enhanced Clear Text Authentication
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The IS-IS HMAC-MD5 Authentication and Enhanced Clear Text Authentication feature adds an HMAC-MD5 digest to each Intermediate System-to-Intermediate System (IS-IS) protocol data unit (PDU). HMAC is a mechanism for message authentication codes (MAC) using cryptographic hash functions. The digest allows authentication at the IS-IS routing protocol level, which prevents unauthorized routing messages from being injected into the network routing domain. IS-IS clear text (plain text) authentication is enhanced so that passwords are encrypted when the software configuration is displayed and passwords are easier to manage and change.
For more information about the IS-IS HMAC-MD5 Authentication and Enhanced Clear Text Authentication feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/ftismd5.htm
Low Latency Queuing for the VIP Enhancement
Supported platform: Cisco 7500 series
The optional bytes argument has been added to the priority command.
For more information about the Low Latency Queuing for the VIP feature, including information about the bytes argument in the priority command, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120xe/120xe5c/llqvip.htm
Manual TFTP Certificate Enrollment
Supported platforms: Cisco 7200 series, Cisco 7500 series
The Manual TFTP Certificate Enrollment feature allows users to generate a certificate request and accept certification authority (CA) certificates, as well as the router's certificates; these tasks are accomplished via a TFTP server or manual cut-and-paste operations. Users may wish to use TFTP or manual cut-and-paste enrollment in the following situations:
•
•
MPLS Label Distribution Protocol (LDP)
Supported platforms: Cisco 7200 series, Cisco 7500 series
The Cisco Multiprotocol Label Switching (MPLS) label distribution protocol (LDP), as standardized by the Internet Engineering Task Force (IETF) and as enabled by Cisco IOS software, allows the construction of highly scalable and flexible IP Virtual Private Networks (VPNs) that support multiple levels of services.
LDP provides a standard methodology for hop-by-hop, or dynamic label, distribution in an MPLS network by assigning labels to routes that have been chosen by the underlying Interior Gateway Protocol (IGP) routing protocols. The resulting labeled paths, called label switch paths or LSPs, forward label traffic across an MPLS backbone to particular destinations. These capabilities enable service providers to implement the Cisco MPLS-based IP VPNs and IP+ATM services across multivendor MPLS networks.
LDP provides the means for label switch routers (LSRs) to request, distribute, and release label prefix binding information to peer routers in a network. LDP enables LSRs to discover potential peers and to establish LDP sessions with those peers for the purpose of exchanging label binding information.
From an historical and functional standpoint, LDP is a superset of the Cisco prestandard Tag Distribution Protocol (TDP), which also supports MPLS forwarding along normally routed paths. For those features that LDP and TDP share in common, the pattern of protocol exchanges between network routing platforms is identical. The differences between LDP and TDP for those features supported by both protocols are largely embedded in their respective implementation details, such as the encoding of protocol messages.
This release of LDP, which supports both the LDP and TDP protocols, provides the means for transitioning an existing network from a TDP environment to an LDP environment. Thus, you can run LDP and TDP simultaneously on any router platform. The routing protocol that you select can be configured on a per-interface basis for directly connected neighbors and on a per-session basis for nondirectly connected (targeted) neighbors. In addition, an LSP across an MPLS network can be supported by LDP on some hops and by TDP on other hops.
For more information about MPLS LDP, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fs2sldp.htm
MPLS Label Distribution Protocol (LDP) MIB
Supported platforms: Cisco 7200 series, Cisco 7500 series
The Multiprotocol Label Switching (MPLS) label distribution protocol (LDP) MIB (MPLS LDP MIB) has been implemented to enable standard, Simple Network Management Protocol (SNMP)-based network management of the label switching features in Cisco IOS software. Providing this capability requires SNMP agent code to execute on a designated network management system (NMS) in the network. The NMS serves as the medium for user interaction with the network management objects in the MPLS LDP MIB.
The SNMP agent embodies a layered structure that is compatible with Cisco IOS software and presents a network administrative and management interface to the objects in the MPLS LDP MIB and, thence, to the rich set of label switching capabilities supported by Cisco IOS software.
By means of an SNMP agent, you can access MPLS LDP MIB objects using standard SNMP GET operations to accomplish a variety of network management tasks. All the objects in the MPLS LDP MIB follow the conventions defined in the Internet Engineering Task Force (IETF) draft MIB entitled "draft-ietf-mpls-ldp-mib-07.txt," which defines network management objects in a structured and standardized manner. This draft MIB is continually being evolved toward the status of a standard. Accordingly, the MPLS LDP MIB will be implemented in a manner that tracks the evolution of this IETF document.
Slight differences that exist between the IETF draft MIB and the implementation of equivalent functions in Cisco IOS software require some minor translations between the MPLS LDP MIB objects and the internal data structures of Cisco IOS software. Such translations are accomplished by the SNMP agent, which runs in the background on the NMS workstation as a low-priority process.
The extensive label switching capabilities supported in Cisco IOS software provide an integrated approach to managing the large volumes of traffic carried by WANs. These capabilities are integrated into the Layer 3 network services, thus optimizing the routing of high volume traffic through Internet service provider backbones while, at the same time, ensuring the resiliency of the network to link or node failures.
This release of Cisco IOS software supports the following functionality in relation to the MPLS LDP MIB:
•
•
•
•
The structure of the MPLS LDP MIB conforms to Abstract Syntax Notation One (ASN.1), thereby forming a highly structured and idealized database of network management objects.
Using any standard SNMP application, you can retrieve and display information from the MPLS LDP MIB by means of standard SNMP GET operations; similarly, you can traverse and display information in the MIB by means of SNMP GETNEXT operations.
Note
ciscoExperiment 1.3.6.1.4.1.9.10
mplsLdpMIB 1.3.6.1.4.1.9.10.65
If the MPLS LDP MIB is assigned an IANA Experimental OID number, Cisco will deprecate all objects in the MIB under the ciscoExperimental OID and reposition the objects under the IANA Experimental OID.For more information about the MPLS LDP MIB, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/ldpmb2.htm
MPLS Label Switching Router MIB
Supported platforms: Cisco 7200 series, Cisco 7500 series
The Multiprotocol label Switching (MPLS) label switch router (LSR) MIB (MPLS LSR MIB) allows you to use the Simple Network Management Protocol (SNMP) to remotely monitor an LSR that is using the MPLS technology. The MPLS LSR MIB mirrors the Cisco Label Switching subsystem, specifically, the LSR management information that is provided by the Label Forwarding Information Base (LFIB).
The MPLS LSR MIB contains managed objects that support the retrieval of label switching information from a router and is based on Revision 05 of the IEFT MPLS LSR MIB. This implementation enables a network administrator to get information on the status, character, and performance of the following:
•
•
•
In addition, the network manager can retrieve the status of cross-connect entries that associate MPLS segments with each other.
For more information about the MPLS LSR MIB, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fslsrm2s.htm
MPLS Traffic Engineering (TE) Features
The following sections describe various Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) features.
MPLS Traffic Engineering (TE)—Automatic Bandwidth Adjustment for TE Tunnels
Supported platforms: Cisco 7200 series, Cisco 7500 series
Traffic engineering automatic bandwidth adjustment provides the means to automatically adjust the bandwidth allocation for traffic engineering tunnels on the basis of their measured traffic load.
Traffic engineering autobandwidth samples the average output rate for each tunnel marked for automatic bandwidth adjustment. For each marked tunnel, it periodically (for example, once per day) adjusts the tunnel's allocated bandwidth to be the largest sample for the tunnel since the last adjustment.
The frequency with which tunnel bandwidth is adjusted and the allowable range of adjustments is configurable on a per-tunnel basis. In addition, the sampling interval and the interval over which to average tunnel traffic to obtain the average output rate are user-configurable on a per-tunnel basis.
For more information about the MPLS Traffic Engineering (TE)—Automatic Bandwidth Adjustment for TE Tunnels feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsbandaj.htm
MPLS Traffic Engineering (TE)—Configurable Path Calculation Metric for Tunnels
Supported platforms: Cisco 7200 series, Cisco 7500 series
When Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) is configured in a network, the Interior Gateway Protocol (IGP) floods two metrics for every link: the normal IGP (Open Shortest Path First [OSPF] or Intermediate System-to-Intermediate System [IS-IS]) link metric and a TE link metric. The IGP uses the IGP link metric in the normal way to compute routes for destination networks. In previous releases, MPLS TE used the TE link metric to calculate and verify paths for TE tunnels. When the traffic engineering metric was not explicitly configured, the traffic engineering metric was the IGP metric.
The current enhancement enables you to control the metric used in path calculation for TE tunnels on a per-tunnel basis. It allows you to specify that the path calculation for a given tunnel be based on either of the following:
•
•
For more information about the MPLS Traffic Engineering (TE)—Configurable Path Calculation Metric for Tunnels feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsmetric.htm
MPLS Traffic Engineering—Diff-Serv Aware (DS-TE)
Supported platforms: Cisco 7200 series, Cisco 7500 series
Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) allows constraint-based routing of IP traffic. One of the constraints satisfied by constraint-based routing (CBR) is the availability of required bandwidth over a selected path. Diff-Serv Aware Traffic Engineering (DS-TE) extends MPLS TE to enable you to perform CBR of "guaranteed" traffic, which satisfies a more restrictive bandwidth constraint than that satisfied by CBR for regular traffic. The more restrictive bandwidth is termed a sub-pool, while the regular TE tunnel bandwidth is called the global pool. (The sub-pool is a portion of the global pool.) This ability to satisfy a more restrictive bandwidth constraint translates into an ability to achieve higher quality of service (QoS) performance (in terms of delay, jitter, or loss) for the guaranteed traffic.
For example, DS-TE can be used to ensure that traffic is routed over the network so that, on every link, there is never more than 40 percent (or any assigned percentage) of the link capacity of guaranteed traffic (for example, voice), while there can be up to 100 percent of the link capacity of regular traffic. Assuming QoS mechanisms are also used on every link to queue guaranteed traffic separately from regular traffic, it then becomes possible to enforce separate "overbooking" ratios for guaranteed and regular traffic. (In fact, for the guaranteed traffic it becomes possible to enforce no overbooking at all—or even an underbooking—so that very high QoS can be achieved end-to-end for that traffic, even while for the regular traffic a significant overbooking continues to be enforced.)
Also, through the ability to enforce a maximum percentage of guaranteed traffic on any link, the network administrator can directly control the end-to-end QoS performance parameters without having to rely on over-engineering or on expected shortest path routing behavior. This is essential for transport of applications that have very high QoS requirements (such as real-time voice, virtual IP leased line, and bandwidth trading), where over-engineering cannot be assumed everywhere in the network.
DS-TE involves extending the Open Shortest Path First (OSPF) routing protocol, so that the available sub-pool bandwidth at each preemption level is advertised in addition to the available global pool bandwidth at each preemption level. And DS-TE modifies CBR to take this more complex advertised information into account during path computation.
DS-TE enables service providers to perform separate admission control and separate route computation for discrete subsets of traffic (for example, voice and data traffic).
Therefore, by combining DS-TE with other Cisco IOS features such as QoS, the service provider can do the following:
•
•
•
•
For more information about the DS-TE feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fs_diff.htm
MPLS Traffic Engineering (TE)—IP Explicit Address Exclusion
Supported platforms: Cisco 7200 series, Cisco 7500 series
The MPLS Traffic Engineering (TE) IP Explicit Address Exclusion feature provides a means to exclude a link or node from the path for a Multiprotocol Label Switching (MPLS) traffic engineering label-switched path (LSP).
The feature is accessible via the ip explicit-path command that allows you to create an IP explicit path and enter a configuration submode for specifying the path. The feature adds to the submode commands the exclude-address command for specifying addresses to exclude from the path.
If the exclude-address for an MPLS traffic engineering LSP identifies a flooded link, the constraint-based shortest path first (CSPF) routing algorithm does not consider that link when it computes paths for the LSP. If the exclude-address specifies a flooded MPLS traffic engineering router ID, the CSPF routing algorithm does not allow paths for the LSP to traverse the node that is identified by the router ID.
For more information about the MPLS Traffic Engineering (TE)—IP Explicit Address Exclusion feature, see the Cisco document at the following location:
MPLS Traffic Engineering (TE) MIB
Supported platforms: Cisco 7200 series, Cisco 7500 series
The Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) MIB (MPLS TE MIB) enables a standardized, Simple Network Management Protocol (SNMP)-based approach to managing the MPLS traffic engineering features in Cisco IOS software. Providing this capability requires SNMP agent code implementation of the MPLS TE MIB.
The MPLS TE MIB is based on the Internet Engineering Task Force (IETF) draft MIB entitled "draft-ietf-mpls-te-mib-05.txt," which includes objects describing features that support MPLS traffic engineering. This IETF draft MIB, which undergoes revisions from time to time, is being evolved toward becoming a standard. Accordingly, the Cisco implementation of the MPLS TE MIB is expected to track the evolution of the IETF draft MIB.
Slight differences between the IETF draft MIB and the implementation of the traffic engineering capabilities within Cisco IOS software require some minor translations between the MPLS TE MIB and the internal data structures of Cisco IOS software. These translations are accomplished by means of the SNMP agent code that is installed and operating on various hosts within the network. This SNMP agent code, running in the background as a low priority process, provides a management interface to Cisco IOS software.
The SNMP objects defined in the MPLS TE MIB can be viewed by any standard SNMP utility. All MPLS TE MIB objects are based on the IETF draft MIB; accordingly, no specific Cisco SNMP application is required to support the functions and operations that pertains to the MPLS TE MIB.
The following functionality is supported in the MPLS TE MIB:
•
•
•
•
For more information about the MPLS TE MIB, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/temib2.htm
MPLS Traffic Engineering (TE)—Scalability Enhancements
Supported platforms: Cisco 7200 series, Cisco 7500 series
Implementation of Multiprotocol Label Switching (MPLS) traffic engineering scalability has been improved so that scalability performs better for large numbers of traffic engineering tunnels. These improvements enable the following:
•
•
User-observable scalability enhancements include the following:
•
•
•
•
Pacing for RSVP Messages
A burst of RSVP traffic engineering signaling messages can overflow the input queue of a receiving router, causing some messages to be dropped. Dropped messages cause a substantial delay in completing label-switched path (LSP) signaling.
A new mechanism controls the transmission rate for RSVP messages and reduces the likelihood of input drops on the receiving router. The default transmission rate is 200 RSVP messages per second to a given neighbor. The rate is configurable.
Signaling and Management for MPLS Traffic Engineering Tunnels
The following changes improve the responsiveness of LSP recovery when a link used by an LSP fails:
•
•
Controlling IS-IS and MPLS Traffic Engineering Topology Database Interactions
The delay between when the IS-IS protocol receives an IGP update and when it delivers the update to the MPLS traffic engineering topology database has been reduced in most situations.
Previously, when IS-IS received a new LSP that contained traffic engineering type, length, and value (TLV) objects, a delay of several seconds could occur before IS-IS passed the traffic engineering TLVs to the traffic engineering database. The purpose of the delay was to provide better scalability during periods of network instability and to give the router an opportunity to receive more fragments of the LSP before passing the information to the traffic engineering database. However, this delay increased the convergence time for the traffic engineering database.
Now IS-IS extracts traffic engineering TLVs from received LSPs and passes them to the traffic engineering database immediately. The exception to this occurs when there are large numbers of LSPs to process and it is important to limit CPU consumption, such as during periods of network instability.
The arguments that control IS-IS delivery of traffic engineering TLVs to the traffic engineering topology database are configurable.
Improved Diagnostic Capabilities for MPLS Traffic Engineering and RSVP Signaling
The following enhancements improve diagnostic and troubleshooting capabilities for MPLS traffic engineering and RSVP:
•
•
More Information
For more information about the MPLS Traffic Engineering (TE)—Scalability Enhancements feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fssclenh.htm
MPLS VPN Features
The following sections describe various Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) features.
MPLS Virtual Private Networks
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The IP Virtual Private Network (VPN) feature for Multiprotocol Label Switching (MPLS) allows a Cisco IOS network to deploy scalable IP version 4 (IPv4) Layer 3 VPN backbone services. An IP VPN is the foundation that companies use for deploying or administering value-added services including applications and data hosting network commerce, and telephony services to business customers. In private LANs, IP-based intranets have fundamentally changed the way companies conduct their business. Companies are moving their business applications to their intranets to extend over a WAN. Companies are also embracing the needs of their customers, suppliers, and partners by using extranets (an intranet that encompasses multiple businesses). With extranets, companies reduce business process costs by facilitating supply-chain automation, electronic data interchange (EDI), and other forms of network commerce. To take advantage of this business opportunity, service providers must have an IP VPN infrastructure that delivers private network services to businesses over a public infrastructure.
MPLS VPNs offer the following benefits:
•
•
•
•
•
For more information about the MPLS Virtual Private Networks feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsmvpns.htm
MPLS VPN Carrier Supporting Carrier
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
Carrier supporting carrier is a term that is used to describe a situation in which one service provider allows another service provider to use a segment of its backbone network. The service provider that provides the segment of the backbone network to the other provider is called the backbone carrier. The service provider that uses the segment of the backbone network is called the customer carrier.
The carrier supporting carrier feature enables one Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN)-based service provider to allow other service providers, such as Internet service providers (ISPs) or a Border Gateway Protocol (BGP)/MPLS VPN service providers, to use a segment of its backbone network.
For more information about the MPLS VPN Carrier Supporting Carrier feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fs2scsc.htm
MPLS VPN Carrier Supporting Carrier—IPv4 BGP Label Distribution
Supported platforms: Cisco 7200 series, Cisco 7500 series
The MPLS VPN Carrier Supporting Carrier—IPv4 BGP Label Distribution feature enables you to configure your carrier supporting carrier network to enable Border Gateway Protocol (BGP) to transport routes and Multiprotocol Label Switching (MPLS) labels between the backbone carrier provider edge (PE) routers and the customer carrier customer edge (CE) routers. The backbone carrier offers BGP and MPLS Virtual Private Network (VPN) services. The customer carrier can be either of the following:
•
•
Previously you had to use Label Distribution Protocol (LDP) and an Internal Gateway Protocol (IGP) between PE and CE routers to achieve the same goal. Using BGP to distribute IPv4 routes and MPLS label routes has the following benefits:
•
•
For more information about the MPLS VPN Carrier Supporting Carrier—IPv4 BGP Label Distribution feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fscsclbl.htm
MPLS VPN ID
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
Using the MPLS VPN ID feature, you can identify Virtual Private Networks (VPNs) by a VPN identification (ID) number, as described in RFC 2685. This implementation of the MPLS VPN ID feature is used for identifying a VPN. The MPLS VPN ID feature is not used to control the distribution of routing information or to associate IP addresses with Multiprotocol Label Switching (MPLS) VPN ID numbers in routing updates.
Multiple VPNs can be configured in a router. You can use a VPN name (a unique ASCII string) to reference a specific VPN configured in the router. Alternately, you can use a VPN ID to identify a particular VPN in the router. The VPN ID follows a standard specification (RFC 2685). To ensure that the VPN has a consistent VPN ID, assign the same VPN ID to all the routers in the service provider network that services that VPN.
You can use several applications, such as RADIUS and Dynamic Host Configuration Protocol (DHCP), to manage VPNs by VPN ID.
Note
For more information about the MPLS VPN ID feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/vpnid2.htm
MPLS VPN Inter-AS—IPv4 BGP Label Distribution
Supported platforms: Cisco 7200 series, Cisco 7500 series
The MPLS VPN Inter-AS—IPv4 BGP Label Distribution feature enables you to set up a Virtual Private Network (VPN) service provider (SP) network to exchange IPv4 routes with Multiprotocol Label Switching (MPLS) labels. You can configure the VPN service provider network as follows:
•
•
–
–
Alternatively, if you enable the ASBR to exchange IPv4 routes and MPLS labels with the route reflector, the route reflector can reflect the IPv4 routes and MPLS labels learned from the ASBR to the PE routers in the VPN. The route reflector also reflects the VPNv4 routes to the PE routers in the VPN (as mentioned in the first bullet). Using the route reflectors to store the VPNv4 routes and forward them through the PE routers and ASBRs allows for a scalable configuration.
•
Using Border Gateway Protocol (BGP) to distribute IPv4 routes and MPLS label routes has the following benefits:
•
•
•
For more information about the MPLS VPN Inter-AS—IPv4 BGP Label Distribution feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fscsclbl.htm
MPLS VPN—SNMP MIB Support
Supported platforms: Cisco 7200 series, Cisco 7500 series
Simple Network Management Protocol (SNMP) agent code that is operating in conjunction with the Provider-Provisioned Virtual Private Network (PPVPN) Multiprotocol Label Switching (MPLS) VPN MIB (PPVPN MPLS VPN MIB) enables a standardized, SNMP-based approach in managing MPLS VPNs in Cisco IOS software.
The PPVPN MPLS VPN MIB is based on the Internet Engineering Task Force (IETF) draft MIB "draft-ietf-ppvpn-mpls-vpn-mib-03.txt," which includes objects describing features that support MPLS VPN events. This IETF draft MIB, which undergoes revisions from time to time, is evolving toward becoming a standard. The Cisco implementation of features of the PPVPN MPLS VPN MIB is expected to track the evolution of the IETF draft MIB and may change accordingly.
Some slight differences between the IETF draft MIB and the actual implementation of MPLS VPNs within Cisco IOS software require some minor translations between the PPVPN MPLS VPN MIB and the internal data structures of Cisco IOS software. These translations are accomplished by means of the SNMP agent code. Also, while running as a low priority process, the SNMP agent provides a management interface to Cisco IOS software. SNMP adds little overhead to the normal functions of the device.
The SNMP objects that are defined in the PPVPN MPLS VPN MIB can be viewed by any standard SNMP utility. The network administrator can retrieve information in the PPVPN MPLS VPN MIB using standard SNMP get and getnext operations for SNMP v1, v2, and v3.
All PPVPN-MPLS-VPN MIB objects are based on the IETF draft MIB; thus, no specific Cisco SNMP application is required to support the functions and operations that pertain to the PPVPN MPLS VPN MIB features.
In Cisco IOS Release 12.2(14)S, the PPVPN MPLS VPN MIB provides you with the ability to do the following:
•
•
•
•
•
•
•
For more information about the MPLS VPN—SNMP MIB Support feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsvnmb2s.htm
Multicast-VPN—IP Multicast Support for MPLS VPNs
Supported platforms: Cisco 7200 series, Cisco 7500 series
The Multicast-VPN—IP Multicast Support for MPLS VPNs feature enables a service provider to configure and support multicast traffic in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment. This feature supports routing and forwarding of multicast packets for each individual VPN routing and forwarding (VRF) instance, and it also provides a mechanism to transport VPN multicast packets across the service provider backbone.
The Multicast-VPN—IP Multicast Support for MPLS VPNs feature in Cisco IOS software provides the ability to support the multicast feature over a Layer 3 VPN. As enterprises extend the reach of their multicast applications, service providers can accommodate these enterprises over their MPLS core network. IP multicast is used to stream video, voice, and data to an MPLS VPN network core.
A VPN is network connectivity across a shared infrastructure, such as an internet service provider (ISP). Its function is to provide the same policies and performance as a private network, at a reduced cost of ownership, thus creating many opportunities for cost savings through operations and infrastructure.
Historically, IP in IP generic route encapsulation (GRE) tunnels was the only way to connect through a service provider network. Although such tunneled networks tend to have scalability issues, they represent the only means of passing IP multicast traffic through a VPN.
MPLS was derived from tag switching and various other vendor methods of IP-switching support enhancements in the scalability and performance of IP-routed networks by combining the intelligence of routing with the high performance of switching. MPLS is now used for VPNs, which is an appropriate combination because MPLS decouples information used for forwarding of the IP packet (the label) from the information carried in the IP header.
A Multicast-VPN allows an enterprise to transparently interconnect its private network across the network backbone of a service provider. The use of a Multicast-VPN to interconnect an enterprise network in this way does not change the way that enterprise network is administered, nor does it change general enterprise connectivity.
Because MPLS VPNs support only unicast traffic connectivity, deploying the Multicast-VPN feature in conjunction with MPLS VPN allows service providers to offer both unicast and multicast connectivity to MPLS VPN customers.
For more information about the Multicast-VPN—IP Multicast Support for MPLS VPNs feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fs_mvpn.htm
Multilink Frame Relay (FRF.16)
Supported platforms: Cisco 7200 series, Cisco 7400 series
The Multilink Frame Relay (FRF.16) feature introduces functionality that is based on the Frame Relay Forum's Multilink Frame Relay UNI/NNI Implementation Agreement (FRF.16). This feature provides a cost-effective way to increase bandwidth for particular applications by enabling multiple serial links to be aggregated into a single bundle of bandwidth. Multilink Frame Relay is supported on User-Network Interfaces (UNI) and Network-to-Network Interfaces (NNIs) in Frame Relay networks.
For more information about the Multilink Frame Relay feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fs_mfr.htm
Multilink PPP Minimum Links Mandatory
Supported platforms: Cisco 7200 series, Cisco 7500 series
Multilink PPP (MLP) allows for the establishing of multiple PPP links in parallel to the same destination. This is often used with dialup lines or ISDN connections to easily increase the amount of bandwidth between points.
With the introduction of the Multilink PPP Minimum Links Mandatory feature, you can configure the minimum number of links in an MLP bundle required to keep that bundle active by entering the multilink min-links links mandatory command. When you configure this command, all Network Control Protocols (NCPs) for an MLP bundle are disabled until the MLP bundle has the required minimum number of links. When a new link is added to the MLP bundle that brings the number of links up to the required minimum number of links, the NCPs are activated for the MLP bundle. When a link is removed from an MLP bundle, and the number of links falls below the required minimum number of links for that MLP bundle, the NCPs are disabled for that MLP bundle.
For more information about the Multilink PPP Minimum Links Mandatory feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e11/12e_mlp.htm
NetFlow Features
The following sections describe various NetFlow features.
NetFlow Multiple Export Destinations
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The NetFlow Multiple Export Destinations feature enables configuration of multiple destinations of the NetFlow data. With this feature enabled, two identical streams of NetFlow data are sent to the destination host. Currently, the maximum number of export destinations allowed is two. The NetFlow Multiple Export Destinations feature is available only if NetFlow is configured.
For more information about the NetFlow Multiple Export Destinations feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s19/12s_mdnf.htm
NetFlow Subinterface Support
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The NetFlow Subinterface Support feature provides the ability to enable NetFlow on a per-subinterface basis. In a scenario in which your network contains thousands of subinterfaces and you want to collect export records for only a few interfaces, you can fine-tune your collection of data to only specified subinterfaces. The result is a lower bandwidth requirement for NetFlow Data Export (NDE) and reduced platform requirements for NetFlow data collection devices.
For more information about the NetFlow Subinterface Support feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fs_nfsub.htm
NetFlow ToS-Based Aggregation
Supported platforms: Cisco 7200 series, Cisco 7200 series, Cisco 7500 series
The NetFlow ToS-Based Router Aggregation feature provides the ability to enable limited router-based type of service (ToS) aggregation of NetFlow Export data, which results in summarized NetFlow Export data to be exported to a collection device. The results are lower bandwidth requirements for NetFlow Export data and reduced platform requirements for NetFlow data collection devices.
For more information about the NetFlow ToS-Based Router Aggregation feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s15/dtnfltos.htm
Network-Based Application Recognition
Supported platform: Cisco 7200 series
Network-Based Application Recognition (NBAR) allows you to add intelligent network classification to network infrastructures. NBAR is a classification engine that recognizes a wide variety of applications, including web-based and other difficult-to-classify protocols that utilize dynamic TCP/UDP port assignments. When an application is recognized and classified by NBAR, a network can invoke services for that specific application.
NBAR ensures that network bandwidth is used efficiently by working with quality of service (QoS) features to provide the following:
•
•
•
•
•
In addition, NBAR supports the following:
•
•
•
For more information about the NBAR feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsnbarad.htm
Network-Based Application Recognition RTP Payload Classification
Supported platforms: Cisco 7200 series, Cisco 7500 series that are VIP-enabled
Note
The RTP Payload Type Matching enhancement has been added to the Network-Based Application Recognition (NBAR) feature. With the addition of NBAR RTP Payload Type Matching, Real-Time Transport Protocol (RTP) traffic can now be classified as a protocol within the modular quality of service command-line interface (MQC) framework.
For additional information about the NBAR feature, including NBAR RTP Payload Type Matching, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsnbarad.htm
OSPF Features
The following sections describe various Open Shortest Path First (OSPF) features.
OSPF Sham-Link Support for MPLS VPN
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
Note
In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) configuration, the Open Shortest Path First (OSPF) protocol is one way you can connect customer edge (CE) routers to service provider edge (PE) routers in the VPN backbone. OSPF is often used by customers who run OSPF as their intrasite routing protocol, subscribe to a VPN service, and want to exchange routing information between their sites using OSPF (during migration or on a permanent basis) over an MPLS VPN backbone.
Using an OSPF sham-link in an MPLS VPN has the following benefits:
•
•
For more information about the OSPF Sham-Link Support for MPLS VPN feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/shamlink.htm
OSPF Shortest Paths First Throttling
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The OSPF Shortest Paths First Throttling feature makes it possible to configure Shortest Paths First (SPF) scheduling in intervals of milliseconds and to delay SPF calculations during network instability. SPF calculates the Shortest Path Tree (SPT) when there is a change in topology. One SPF run may include multiple topology change events.
The interval at which SPF runs is dynamically chosen, based on the frequency of topology changes. However, this automatically selected interval is still within the range of values that are defined by the user. If the network topology is unstable, SPF throttling calculates SPF scheduling intervals to be of longer duration until the network topology becomes stable again.
For more information about the OSPF Shortest Paths First Throttling feature, see the Cisco document at the following location:
OSPF Stub Router Advertisement
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The OSPF Stub Router Advertisement feature allows you to bring a new router into a network without immediately routing traffic through the new router and allows you to gracefully shut down or reload a router without dropping packets that are destined for other networks. This feature introduces three configuration options that allow you to configure a router that is running the Open Shortest Path First (OSPF) protocol to advertise a maximum or infinite metric to all neighbors.
When any of these three configuration options are enabled on a router, the router will originate link-state advertisements (LSAs) with a maximum metric (LSInfinity: 0xFFFF) through all nonstub links. The advertisement of a maximum metric causes other routers to assign a cost to this router that is higher than the cost of using an alternate path. Because of the high cost that is assigned to paths that pass through this router, other routers will not use a path through this router as a transit path to forward traffic that is destined for other networks, allowing switching and routing functions to be up and running and routing tables to converge before transit traffic is routed through this router.
Note
For more information about the OSPF Stub Router Advertisement feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsospfau.htm
OSPF Support for Multi-VRF on CE Routers
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The OSPF Support for Multi-VRF on CE Routers feature provides the capability of suppressing provider edge (PE) checks. The checks are needed to prevent loops when the PE is performing a mutual redistribution of packets between Open Shortest Path First (OSPF) and Border Gateway Protocol (BGP). When Virtual Private Network routing/forwarding (VRF) is used on a router that is not a PE (that is, one that is not running BGP), the checks can be turned off to allow for correct population of the VRF routing table with routes to IP prefixes.
The OSPF Support for Multi-VRF on CE Routers feature allows you to split the router into multiple virtual routers, where each contains its own set of interfaces, routing table, and forwarding table. On the basis of routing information that is stored in the VRF IP routing table and VRF Cisco Express Forwarding (CEF) table, packets are forwarded to their destination using Multiprotocol Label Switching (MPLS).
The OSPF Support for Multi-VRF on CE Routers feature gives you the ability to segment or single out parts of your network and to configure those segments to perform specific functions, yet still maintaining correct routing information.
For more information about the OSPF Support for Multi-VRF on CE Routers feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/ospfvrfl.htm
OSPF Update Packet-Pacing Configurable Timers
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
In rare situations, you might need to change Open Shortest Path First (OSPF) packet-pacing default timers to mitigate CPU or buffer utilization issues that are associated with flooding large numbers of link-state advertisements (LSAs). The OSPF Update Packet-Pacing Configurable Timers feature allows you to configure the rate at which OSPF LSA flood pacing, retransmission pacing, and group pacing updates occur.
Configuring OSPF flood pacing timers allows you to control interpacket spacing between consecutive link-state update packets in the OSPF transmission queue. Configuring OSPF retransmission pacing timers allows you to control interpacket spacing between consecutive link-state update packets in the OSPF retransmission queue. Cisco IOS software groups the periodic refresh of LSAs to improve the LSA packing density for the refreshes in large topologies. The group timer controls the interval that is used for group LSA refreshment; however, this timer does not change the frequency at which individual LSAs are refreshed (the default refresh occurs every 30 minutes).
Note
For more information about the OSPF Update Packet-Pacing Configurable Timers feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsospfct.htm
Per-VC Queueing for ATM
Supported platforms: Cisco 7200 series, Cisco 7400 series
The Cisco IOS quality of service (QoS) software includes queueing mechanisms such as low latency queueing (LLQ), weighted fair queueing (WFQ) and class-based WFQ (CBWFQ). These mechanisms are typically configured at the interface level, the subinterface level, or the per-virtual circuit (VC) level. With the Per-VC Queueing for ATM feature, these queueing mechanisms are configured at the per-VC level using Parallel Express Forwarding (PXF).
When configuring CBWFQ and LLQ on a per-VC level using PXF, the following functionality is not supported:
•
•
•
Note
PIM Features
The following sections describe various Protocol Independent Multicast (PIM) features.
Multicast Subsecond Convergence
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The Multicast Subsecond Convergence feature comprises a comprehensive set of features and protocol enhancements that provide for improved scalability and convergence in multicast-based services. This feature set provides for the ability to scale to larger services levels and to recover multicast forwarding after service failure in subsecond time frames.
Multicast subsecond convergence allows you to send Protocol Independent Multicast (PIM) router-query messages (PIM hellos) every few milliseconds. In earlier releases, you could send the PIM hellos every few seconds. By enabling a router to send PIM hello messages more often, this feature allows the router to discover unresponsive neighbors more quickly. As a result, the router can implement failover or recovery procedures more efficiently.
The scalability enhancements improve on the efficiency of handling increases (or decreases) in service users (receivers) and service load (sources or content). Scalability enhancements in this release include the following:
•
•
The scalability enhancements provide the following benefits:
•
•
For more information about the Multicast Subsecond Convergence feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fs_subcv.htm
PIM MIB Extension for IP Multicast
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
Protocol Independent Multicast (PIM) is an IP multicast routing protocol used for routing multicast data packets to multicast groups. The PIM MIB Extension for IP Multicast feature introduces the Cisco implementation of the PIM MIB (CISCO-PIM-MIB), which is based on RFC 2934 (Protocol Independent Multicast MIB for IPv4). The PIM MIB describes objects that enable users to remotely monitor and configure PIM using Simple Network Management Protocol (SNMP). It supports dense mode and sparse mode operations of PIM.
The Cisco implementation of the PIM MIB provides the following trap enhancements to the existing version of the PIM MIB for IPv4:
•
•
•
The Cisco implementation of the PIM MIB introduces the following modifications to the existing version of the PIM MIB for IPv4:
•
•
•
•
For complete details on the Cisco implementation of the PIM MIB, see the CISCO-PIM-MIB.my file available from the Cisco MIB website on Cisco.com at the following location:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
For more information about the PIM MIB Extension for IP Multicast feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fs_pmmib.htm
PIM Multicast Scalability
Supported platforms: Cisco 7200 series, Cisco 7500 series
This feature enhances the Protocol Independent Multicast (PIM) protocol in Cisco IOS software by adding a new level of scalability. With this feature, edge devices can have a large number of multicast groups and users without increasing the CPU utilization of the router.
Quality of Service Feature for Parallel Express Forwarding (PXF)
Supported platforms: Cisco 7200 VXR routers with the Cisco Network Services Engine (NSE-1) Services Accelerator, Cisco 7400 series
The Quality of Service (QoS) feature, Generic Traffic Shaping (GTS), is being introduced for Parallel Express Forwarding (PXF). Note the following points:
•
When configuring GTS, a maximum of 256 classes can be configured in a policy map. However, for traffic shaping to be enabled along the PXF path, the maximum number of classes that can be configured in a policy map is 64. If more than 64 classes are configured, packets switched to interfaces using the policy map will be redirected to the route processor (RP).
•
For more information about QoS features, see the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2, and the Cisco IOS Quality of Service Solutions Command Reference, Release 12.2 T.
Quality of Service over LAN Emulation
Supported platforms: Cisco 7200 series, Cisco 7500 series
Note
The Quality of Service over LAN Emulation feature provides the capability to differentiate multiple classes of traffic by creating virtual channel connections (VCCs) with the desired quality of service (QoS) parameters. When prioritized traffic is received, the LAN Emulation (LANE) Client (LEC) forwards this traffic on a VCC with matching QoS parameters.
Currently, LANE QoS supports the creation of Unspecified Bit Rate+ (UBR+) VCCs. A UBR+ VCC is a UBR VCC for which the minimum cell rate (MCR) is guaranteed by the switch. If the switch cannot guarantee the rate you that you have specified for the UBR+ VCC, the LEC will revert to UBR with no MCR guarantee.
You can enable or disable the LANE QoS feature on a per-LEC basis by entering the qos option in the lane client command. The same emulated LAN (ELAN) can contain both QoS-capable and non-QoS-capable LECs.
For more information about the Quality of Service over LAN Emulation feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e2/lqos.htm
Route Processor Redundancy Plus (RPR+)
Supported platform: Cisco 7500 series
The Route Processor Redundancy Plus (RPR+) feature is an enhancement to the RPR feature. RPR+ keeps Versatile Interface Processors (VIPs) or Supervisor Engines from being reset and reloaded when a switchover occurs between the active and standby Route Switch Processors (RSPs) or Supervisor Engine.
Because VIPs are not reset on the Cisco 7500 series router, microcode is not reloaded on the VIPs, the time needed to parse the configuration is eliminated, and switchover time is reduced to 30 to 40 seconds.
High System Availability (HSA)
8 to 10 minutes
System default
RPR
4 to 5 minutes
VIPs and legacy interface processors supported
RPR+
30 to 40 seconds
VIPs supported1
Stateful Switchover
7 seconds
—
1 Legacy interface processors default to RPR. A message similar to the following is displayed during switchover:
1
%HA-2-NO_Quiesce: Slot 11 did not quiesce, it will be disabled and then reloaded.
For more information about the RPR+ redundancy feature for the Cisco 7500 series, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s22/fs22rpr.htm
RSVP Scalability Enhancements
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
Resource Reservation Protocol (RSVP) typically performs admission control, classification, policing, and scheduling of data packets on a per-flow basis and keeps a database of information for each flow. RSVP scalability enhancements let you select a resource provider (formerly called a quality of service [QoS] provider) and disable data packet classification so that RSVP performs admission control only. This facilitates integration with service provider (differentiated services [Diff-Serv]) networks and enables scalability across enterprise networks.
Class-based weighted fair queueing (CBWFQ) provides the classification, policing, and scheduling functions. CBWFQ puts packets into classes based on the differentiated services code point (DSCP) value in the packet's Internet Protocol IP header, thereby eliminating the need for per-flow state and per-flow processing.
For more information about the RSVP Scalability Enhancements feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsrsvpsc.htm
SNMP Support for VLAN Subinterfaces
Supported platforms: Cisco 7200 series, Cisco 7500 series
The SNMP Support for VLAN Subinterfaces feature provides MIB-2 interfaces sparse table support for Fast Ethernet subinterfaces. This enhancement is similar to the functionality supported in Frame Relay subinterfaces.
For more information about the SNMP Support for VLAN Subinterfaces feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e7/ft_snmpv.htm
Tunnel Type of Service (ToS)
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
The Tunnel Type of Service (ToS) feature allows you to configure the ToS and Time-to-Live (TTL) byte values in the encapsulating IP header of tunnel packets for an IP tunnel interface on a router. The Tunnel ToS feature is supported on Cisco Express Forwarding (CEF), fast switching, and process switching forwarding modes.
Turbo Access Control Lists
Supported platforms: Cisco 7200 series, Cisco 7500 series
Access control lists (ACLs) are normally searched sequentially to find a matching rule, and ACLs are ordered specifically to take this factor into account. Because of the increasing needs and requirements for security filtering and packet classification, ACLs can expand to the point at which searching the ACL adds a significant amount of time and memory when packets are being forwarded. Moreover, the time taken by the router to search the list is not always consistent, adding a variable latency to the packet forwarding. A high CPU load is necessary for searching an ACL with several entries.
The Turbo Access Control Lists feature, also referred to as the Turbo ACL feature, compiles the ACLs into a set of lookup tables, while maintaining the first match requirements. Packet headers are used to access these tables in a small, fixed number of lookups, independently of the existing number of ACL entries.
The feature has the following benefits:
•
•
For more information about the Turbo ACL feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e4/turbacl.htm
Virtual Router Redundancy Protocol
Supported platforms: Cisco 7200 series, Cisco 7400 series, Cisco 7500 series
There are several ways a LAN client can determine which router should be the first hop to a particular remote destination. The client can use a dynamic process or static configuration. Examples of dynamic router discovery are as follows:
•
•
•
The drawback to dynamic discovery protocols is that they incur some configuration and processing overhead on the LAN client. Also, in the event of a router failure, the process of switching to another router can be slow.
An alternative to dynamic discovery protocols is to statically configure a default router on the client. This approach simplifies client configuration and processing but creates a single point of failure. If the default gateway fails, the LAN client is limited to communicating only on the local IP network segment and is cut off from the rest of the network.
The Virtual Router Redundancy Protocol (VRRP) feature can solve the static configuration problem. VRRP enables a group of routers to form a single virtual router. The LAN clients can then be configured with the virtual router as their default gateway. The virtual router, representing a group of routers, is also known as a VRRP group.
VRRP is supported on Ethernet, Fast Ethernet, and Gigabit Ethernet interfaces, and on MPLS VPNs and VLANs.
For more information about the Virtual Router Redundancy Protocol feature, see the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st18/st_vrrpx.htm
MIBs
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://tools.cisco.com/ITDIT/MIBS/servlet/index
If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
http://tools.cisco.com/RPF/register/register.do
Limitations and Restrictions
The following sections contain information about limitations and restriction in Cisco IOS Release 12.2S that can apply to the Cisco 7200 series routers, Cisco 7301 router, Cisco 7304 routers, Cisco 7400 series routers, Cisco 7500 series routers, Cisco ONS 15530 platform, and Cisco ONS 15540 platform.
SNMP Version 1 BGP4-MIB Limitations
You may notice incorrect BGP trap OID output when you use the SNMP version 1 BGP4-MIB that is available for download at http://tools.cisco.com/ITDIT/MIBS/servlet/index. When a router sends BGP traps (notifications) about state changes on an SNMP version 1 monitored BGP peer, the enterprise OID is incorrectly displayed as .1.3.6.1.2.1.15 (bgp) instead of .1.3.6.1.2.1.15.7 (bgpTraps). The problem is not due to any error with Cisco IOS software. This problem occurs because the BGP4-MIB does not follow RFC 1908 rules regarding version 1 and version 2 trap compliance. This MIB is controlled by IANA under the guidance of the IETF, and work is currently in progress by the IETF to replace this MIB with a new version that represents the current state of the BGP protocol. In the meantime, we recommend that you use the SNMP version 2 BGP4-MIB or the CISCO-BGP4-MIB to avoid an incorrect trap OID.
Important Notes
The following sections contain important notes about Cisco IOS Release 12.2 S that can apply to the Cisco 7200 series routers, Cisco 7301 router, Cisco 7304 routers, Cisco 7400 series routers, Cisco 7500 series routers, Cisco ONS 15530 platform, and Cisco ONS 15540 platform.
Deferrals
Cisco IOS software images are subject to deferral. Cisco recommends that you view the deferral notices at the following location to determine if your software release is affected:
http://www.cisco.com/public/sw-center/sw-ios-advisories.shtml
Field Notices and Bulletins
For general information about the types of documents listed in this section, see the following document:
http://www.cisco.com/warp/public/cc/general/bulletin/software/general/index.shtml
•
•
Important Notes for Cisco IOS Release 12.2(25)S15
This section describes important issues that you should be aware of for Cisco IOS Release 12.2(25)S15.
NBAR Classification for HTTP Traffic on NPE-G100
When using a NPE-G100 to classify HTTP traffic with NBAR, the configuration is different than how it would be done on software-based platforms. To get the feature to function correctly on the NPE-G100, it requires an *action* accompanied under the class referenced in the policy-map i.e. police, set, etc. It is not enough to configure just "match protocol http". Here is a working example:
class-map match-any http
match protocol http
!
policy-map nbar_test
class http
set ip precedence 2
!
interface GigabitEthernet2
ip address 211.1.1.1 255.255.255.0
service-policy output nbar_test
!
Important Notes for Cisco IOS Release 12.2(25)S
This section describes important issues that you should be aware of for Cisco IOS Release 12.2(25)S.
High-Capacity Counters in the Output of the show interfaces Command
The counters in the output of the show interfaces command for the Cisco ONS 15530 and Cisco ONS 15540 now support a higher capacity than in previous Cisco IOS releases.
Memory Requirements for the VIP2-40 and VIP2-50
The minimum memory requirements for both a VIP2-40 and a VIP2-50 are 64 MB. These requirements apply to all Cisco IOS 12.2S releases.
Important Notes for Cisco IOS Release 12.2(22)S
This section describes important issues that you should be aware of for Cisco IOS Release 12.2(22)S.
Changes to the Output of the show version Command
The output of the show version EXEC command has been modified slightly to reflect general updates to Cisco IOS software. If you are currently using any automated tools (such as scripts) that parse the output of the show version EXEC command, you should review the new output format and make changes as needed.
Important Notes for Cisco IOS Release 12.2(20)S
This section describes important issues that you should be aware of for Cisco IOS Release 12.2(20)S.
Protocol Independent Multicast on Cisco 7304 Routers
Beginning in Cisco IOS Release 12.2(20)S, Protocol Independent Multicast (PIM) does not function on Cisco 7304 routers. This is a temporary situation that we plan on correcting as soon as we possibly can in a future Cisco IOS release.
Important Notes for Cisco IOS Release 12.2(14)S18
This section describes important issues that you should be aware of for Cisco IOS Release 12.2(14)S18.
RPR and RPR+ for the Cisco 7500 Series Routes
Cisco IOS Release 12.2(14)S18 does not support Route Processor Redundancy (RPR+) and RPR Plus (RPR)+ for the Cisco 7500 series routers.
Important Notes for Cisco IOS Release 12.2(14)S
This section describes important issues that you should be aware of for Cisco IOS Release 12.2(14)S.
Configuring MD5 Authentication for BGP Peering Sessions
This document provides general information about deploying MD5 authentication for a BGP session. You can configure MD5 authentication between two BGP peers, meaning that each segment sent on the TCP connection between the peers is verified. MD5 authentication must be configured with the same password on both BGP peers; otherwise, the connection between them will not be made. Configuring MD5 authentication causes the Cisco IOS software to generate and check the MD5 digest of every segment sent on the TCP connection. If authentication is invoked and a segment fails authentication, then an error message will be displayed in the console.
Old Behavior
In previous versions of Cisco IOS software, configuring MD5 authentication for a BGP peering session was generally considered to be difficult because the initial configuration and any subsequent MD5 configuration changes required the BGP neighbor to be reset.
New Behavior
This behavior has been changed in current versions of Cisco IOS software. CSCdx23494 (integrated in Cisco IOS release 12.2(14)S) introduced a change to MD5 authentication for BGP peering sessions. The BGP peering session does not need to be reset to maintain or establish the peering session for initial configuration or after the MD5 configuration has been changed. However, the configuration must be completed on both the local and remote BGP peer before the BGP hold timer expires. If the hold down timer expires before the MD5 configuration has been completed on both BGP peers, the BGP session will time out.
The following example enables the authentication feature between this router and the BGP neighbor at 10.108.1.1. The password that must also be configured for the neighbor is bla4u00=2nkq. The remote peer must be configured before the holddown timer expires.
router bgp 109neighbor 10.108.1.1 password bla4u00=2nkq
When the password has been configured, the MD5 key is applied to the tcp session immediately. If one peer is configured before the other, the TCP segments will be discarded on both the local and remote peers due to an authentication failure. The peer that is configured with the password will print an error message in the console similar to the following:
00:03:07: %TCP-6-BADAUTH: No MD5 digest from 10.0.0.2(179) to 10.0.0.1(11000)The time period in which the password must changed is typically the life time of a stale BGP session. When the password or MD5 key is configured, incoming TCP segments will only be accepted if the key is known. If the key is unknown on both the remote and local peer, the TCP segments will be dropped, and the BGP session will time out when the holddown timer expires.
If the BGP session has been preconfigured with a hold time of 0 seconds, no keepalive messages will be sent. The BGP session will stay up until one of the peers, on either side, tries to transmit a message (For example, a prefix update).
Note
PPP over MPLS Restrictions
The following restrictions pertain to the PPP over MPLS feature:
•
•
•
•
Caveats
Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only select severity 3 caveats are included in this section.
Because Cisco IOS Release 12.2S is based on Cisco IOS Release 12.2, many caveats that apply to Cisco IOS Release 12.2 also apply to Cisco IOS Release 12.2S. For information on severity 1 and 2 caveats in Cisco IOS Release 12.2, see the Caveats for Cisco IOS Release 12.2 document located on Cisco.com.
In this section, the following information is provided for each caveat:
•
•
•
Note
Documentation > Tools & Resources > Bug Toolkit (which is listed under Troubleshooting). Another option is to go to http://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl. (If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.)The Dictionary of Internetworking Terms and Acronyms contains definitions of acronyms that are not defined in this document:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/index.htm
This section consists of the following subsections:
Release 12.2(30)S and its rebuilds:
•
•
•
Release 12.2(25)S and its rebuilds:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Release 12.2(22)S and its rebuilds:
•
•
•
•
Release 12.2(20)S and its rebuilds:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Release 12.2(18)S and its rebuilds:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Release 12.2(14)S and its rebuilds:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Resolved Caveats—Cisco IOS Release 12.2(30)S1
Cisco IOS Release 12.2(30)S1 is a rebuild release for Cisco IOS Release 12.2(30)S. The caveats in this section are resolved in Cisco IOS Release 12.2(30)S1 but may be open in previous Cisco IOS releases.
Basic System Services
•
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
Open Caveats—Cisco IOS Release 12.2(30)S
This section describes possibly unexpected behavior by Cisco IOS Release 12.2(30)S. All the caveats listed in this section are open in Cisco IOS Release 12.2(30)S. This section describes only severity 1, severity 2, and select severity 3 caveats.
Miscellaneous
•
Symptoms: When a client or trunk laser failure occurs, the output of the show facility-alarm status reports that a "Line laser failure detected" but does not indicate which laser has failed.
Conditions: This symptom is observed on a Cisco ONS15530 and ONS15540 when there are transparent transponders.
Workaround: There is no workaround.
•
Symptoms: A flapping or intermittent laser failure alarm may be reported with a 15540-TSP2 2.5-Gbps transponder module even though both the lasers are in a good state. Such a spurious alarm stops in less than 20 seconds after it has started.
Conditions This symptom is observed very rarely on a Cisco ONS15540. If the alarm stops in less than 20 seconds after it has started, the alarm is spurious and can be ignored.
Workaround: There is no workaround.
•
Symptoms: An FC or FICON link may not initialize correctly through a 2.5-Gbps transponder module. The interface may remain in the down state while the link LEDs flap continuously.
Conditions: This symptom is observed rarely on a Cisco ONS15530 that is configured with a 15530-TSP1-xxxx transponder module and a Cisco ONS15540 that is configured with a 15540-TSP1-xxxx or 15540-TSP2-xxxx transponder module. The transponder modules run a functional image with version 1.A3 or an earlier image. The symptom occurs when Speed Negotiation is enabled on the client device and when FLC is enabled on all transponder interfaces on the link.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.2(30)S
All the caveats listed in this section are resolved in Cisco IOS Release 12.2(30)S. This section describes only severity 1, severity 2, and select severity 3 caveats.
Basic System Services
•
Symptoms: A router may reset unexpectedly with a bus error when the command- line interface (CLI) test gssapi init_sec_contxt server name command is issued.
Conditions: This symptom is observed on any platform that supports the CLI test gssapi init_sec_contxt server name command.
Workaround: Configure the kerberos local-realm kerberos-realm global configuration command.
•
Symptoms: A Cisco platform that is configured for Kerberos authentication may crash.
Conditions: This symptom is observed when you attempt to make an encrypted Kerberized Telnet connection.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7304 may crash because of low I/O memory as a result of an IPC storm that is associated with writing the CDP multicast address to an Ethernet MAC filter.
Conditions: This symptom is observed on Cisco 7304 with an Ethernet, Fast Ethernet, or Gigabit Ethernet port adapter. However, the symptom is platform-independent and may occur on any Cisco platform.
Workaround: If CDP is not required for network management (SNMP), enter the no cdp run command in the startup configuration.
If CDP is required for network management (SNMP), enter the no cdp enable command on each interface and subinterface in the startup configuration, except for the management interfaces and subinterfaces. (There is a maximum of 10 management interfaces and subinterfaces.)
•
Symptoms: A Cisco router may crash because of low I/O memory as a result of an IPC storm that is associated with writing the CDP multicast address to an Ethernet MAC filter.
Conditions: This symptom is observed on Cisco 7304 with an Ethernet, Fast Ethernet, or Gigabit Ethernet port adapter. However, the symptom is platform-independent and could occur on any Cisco platform.
Workaround: If CDP is not required for SNMP network management, enter the no cdp run command in the startup configuration.
If CDP is required for SNMP network management, enter the no cdp enable command on each interface and subinterface in the startup configuration, except for the management interfaces and subinterfaces. (There is a maximum of 10 management interfaces and subinterfaces.)
•
Symptoms: A network operations center (NOC) may receive many false alerts indicating that an IKE tunnel is down. (The IKE tunnel is torn down but immediately rebuilt.)
Conditions: This symptom is observed when SNMP traps are sent for every IKE timeout or rekey but not for an IPSec timeout or rekey.
Workaround: There is no workaround.
Further Problem Description: When the NMS receives an ikeTunnelStop message for the IKE tunnel, the NMS can issue an SNMP get request for the cikeTunnelHistTable in order to receive details about the IKE tunnel. The History Table provides the reason why the IKE tunnel was deleted. The cikeTunHistTermReason object is particularly useful because it provides the following information:
The reason the IPSec Phase-1 IKE Tunnel was terminated.
Possible reasons include:
1 = other
2 = normal termination
3 = operator request
4 = peer delete request was received
5 = contact with peer was lost
6 = local failure occurred.
7 = operator initiated check point requestThe NMS can then use this information to identify whether or not the ikeTunnelStop message was sent because of an error.
•
Symptoms: A router reloads when the NTP server association is set via SNMP.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(22)S.
Workaround: Enter the ntp peer command.
IP Routing Protocols
•
Symptoms: When you configure the distribute-list router configuration command under the address-family ipv4 vrf vrf name router configuration command, the distribute-list router configuration command may appear under the main routing process as may be displayed in the output of the show running-config EXEC command.
Conditions: This symptom is observed in either a Routing Information Protocol version 2 (RIPv2) or a Border Gateway Protocol (BGP) configuration when you specify the interface-type and interface-number arguments of the distribute-list {access-list-number | access-list-name} {in | out} [interface-type interface-number] router configuration command.
The symptom does not occur when you do not define the interface-type and interface-number arguments and only enter the distribute-list {access-list-number | access-list-name} {in | out} router configuration command.
Workaround: There is no workaround.
•
Symptoms: When the following Open Shortest Path First (OSPF) MIB tables are queried via snmpwalk, some interfaces may not be displayed:
–
–
–
Conditions: This symptom is observed on any Cisco platform that runs OSPF.
Workaround: There is no workaround.
•
Symptoms: A router may unexpectedly reload because of a watchdog timeout or bus error in OSPF.
Conditions: This symptom is observed when iSPF is configured under OSPF.
Workaround: Remove the iSPF configuration from OSPF by entering the no ispf command.
•
Symptoms: A Cisco router that runs Cisco IOS Release 12.3(5.13)T may reload because of a bus error. The output of the show version command may show the following:
System returned to ROM by bus error at PC 0xXXXXXXXX, address 0xYYYYYYYYConditions: These symptoms occur when clear ip nat * is executed on the CLI.
Workaround: Do not perform clear ip nat *.
The following link provides general information about bus errors: http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800cdd51.shtml
•
Symptoms: An OSPF Designated Router (DR) may fail to regenerate the network LSA when you reload the router.
Conditions: This symptom is observed on a Cisco router that functions as a DR for an OSPF interface when another interface with the same interface address is present in the area but is in a shut down state.
Workaround: Remove the duplicate interface address and enter the clear ip ospf process command.
•
Symptoms: The redistribute maximum-prefix command may not take effect.
Conditions: This symptom is observed when you enter this command while OSPF is processing an SSO switchover.
Workaround: Enter the clear ip ospf redistribution command.
•
Symptoms: An OSPF router may reload unexpectedly.
Conditions: This symptom is observed after a neighbor has performed a switchover.
Workaround: Disable LLS under the OSPF process on the router by entering the no capability lls command or disable OSPF NSF under the OSPF process on the neighbor by entering the no nsf command.
•
Symptoms: When performing a snmpwalk on OSPF-MIB that supports the ospfExtLsdbTable, a router can crash. In other instances alignment errors are observed when you enter the show alignment command.
Conditions: These symptoms are observed on a Cisco platform that runs Open Shortest Path First (OSPF) and supports the ospfExtLsdbTable in OSPF-MIB.
Workaround: There is no workaround.
•
Symptoms: Tracebacks that are related to spurious memory accesses may occur and the spurious memory accesses may increase over time. When multicast video streaming is viewed using an IP-TV viewer, this situation causes the browser to hang.
Conditions: This symptom is observed when NAT and multicast are configured on the same router.
Workaround: There is no workaround. To return the browser to normal operation, reload the router.
•
Symptoms: There are duplicate entries in the flow cache after an interface bounces, causing packet loss. The output of the show ip cache flow command may show information similar to the following:
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Gi0/0.1 10.2.0.1 Fa2/0 10.3.0.1 06 2C26 00B3 5
Gi0/0 10.2.0.1 Null 10.3.0.1 06 2C26 00B3<<<< 7Conditions: This symptom is observed on a Cisco 7304 that is configured with an NSE-100 and that runs Cisco IOS Release 12.2(20)S4 when an interface bounces quickly and when the CEF structures are flushed while the ARP cache is not flushed. This situation causes incomplete adjacencies because the CEF process expects a fresh ARP entry to complete its adjacency. The symptom is platform-independent and may also occur on other platforms when the same conditions occur.
Workaround: Clear the ARP cache or enter the shutdown command followed by the no shutdown command on the affected interface.
•
Symptoms: When VRFS are removed through the no ip vrf vrf-name command, OSPF VRF router processes may run into nvgen problems and the output of the show running-config command may not include a protocol name as in the following example:
router
network 10.10.0.0 0.0.255.255 area 0
...A correct output would be:
router ospf 1
network 10.10.0.0 0.0.255.255 area 0
...Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2S or a release that is based on Release 12.2S when you remove VRFs that are not assigned to any OSPF VRF processes.
Workaround: There is no workaround.
•
Symptoms: OSPF route redistribution in an OSPF VRF process does not function.
Conditions: This symptom is observed when you associate the OSPF process with a VRF by entering the router ospf process-id vrf vrf-name command and configure redistribution under the OSPF VRF process by entering the redistribute command.
Workaround: Do not associate the OSPF process with a VRF; only enter the router ospf process-id command.
•
Symptoms: A Cisco router that is configured for OSPF may generate recurring SYS-3-CPUHOG messages and tracebacks that are caused by the OSPF process:
%OSPF-5-ADJCHG: Process 100, Nbr 10.52.0.186 on ATM1/0.381 from LOADING to FULL, Loading Done
%SYS-3-CPUHOG: Task ran for 4568 msec (243/31), process = OSPF Router, PC = 60B9DFA8.
-Traceback= 60B9DFB0 60B7E6E0 60B7EE58
%OSPF-5-ADJCHG: Process 100, Nbr 10.53.0.66 on ATM1/0.115 from FULL to DOWN, Neighbor Down: Dead timer expired
%OSPF-5-ADJCHG: Process 100, Nbr 10.53.0.66 on ATM1/0.115 from LOADING to FULL, Loading Done
%SYS-3-CPUHOG: Task ran for 4988 msec (569/120), process = OSPF Router, PC = 60B9DFA8.
-Traceback= 60B9DFB0 60B7E6E0 60B7EE58At another date, the following error messages and tracebacks are generated:
%SYS-3-CPUHOG: Task ran for 2224 msec (368/9), process = OSPF Router, PC = 60BA80BC.
-Traceback= 60BA80C4 60B8876C 60B88EE4
%OSPF-5-ADJCHG: Process 100, Nbr 10.61.0.26 on ATM2/0.179 from FULL to DOWN, Neighbor Down: Dead timer expired
%OSPF-5-ADJCHG: Process 100, Nbr 10.61.0.26 on ATM2/0.179 from INIT to DOWN, Neighbor Down: Interface down or detached
%OSPF-5-ADJCHG: Process 100, Nbr 10.61.0.26 on ATM2/0.179 from LOADING to FULL, Loading Done
%SYS-3-CPUHOG: Task ran for 2028 msec (647/283), process = OSPF Router, PC = 60BA80BC.
-Traceback= 60BA80C4 60B8876C 60B88EE4
%SYS-3-CPUHOG: Task ran for 2904 msec (552/153), process = OSPF Router, PC = 60BA80BC.
-Traceback= 60BA80C4 60B8876C 60B88EE4Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NPE-225 and that runs Cisco IOS Release 12.2(15)T5 or 12.2(15)T13. However, the symptom may be platform-independent and could also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: When interfaces flap, a Cisco router may reload unexpectedly because of a bus error.
Conditions: This symptom is observed when OSPF accesses a freed LSDB entry.
Workaround: There is no workaround.
•
Symptoms: A router that is configured with the OSPF routing protocol may reload.
Conditions: This symptom is observed when the OSPF process is simultaneously deconfigured via one session and configured via another session.
Workaround: There is no workaround. Cisco strongly discourages you to configure a router via two different but simultaneous sessions.
•
Symptoms: Traffic is not load-balanced, and only a backdoor path is used to forward traffic.
Conditions: This symptom is observed on a PE router with a parallel path to a destination when one path is over an OSPF sham-link and the other path is over a backdoor link.
Workaround: Configure an OSPF metric in such a way that the OSPF sham-link path and the backdoor path do not have the same cost.
•
Symptoms: TE tunnels do not come up.
Conditions: This symptom is observed when a new loopback interface is created with an IP address on an MPLE TE head router that is configured with MPLS TE tunnels and when you reload the router. The symptom occurs because of a change in router ID.
Workaround: Shut down the newly created loopback interface, save the configuration, and reload the router.
•
Symptoms: In a simple network that consists of two routers, SPF calculations occur every minute although no topology changes occur.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS release later than Release 12.3(6b) or Release 12.3(7)T4 and that functions as an ABR router when there are static routes in the network. However, the symptom may also occur in other releases.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.3(6b) and Release 12.3(7)T4: SPF calculations do not occur every minute.
•
Symptoms: ARP entries may be purged unexpectedly.
Conditions: This symptom is observed on a Cisco router when there is a large number of ARP entries and a Stateful Switchover (SSO) occurs.
Workaround: There is no workaround.
•
Symptoms: A traceback occurs on a router when you terminate an OSPF routing process by entering the no router ospf command.
Conditions: This symptom is observed when MPLS TE and more than one OSPF process are configured on the router.
Workaround: There is no workaround.
•
Symptoms: During an NSF switchover on a RP, the convergence may be delayed up to five minutes.
Conditions: This symptom is observed when a DBD exchange error occurs while the adjacency is brought up.
Workaround: Enter the clear ip ospf process command on the affected router.
•
Symptoms: Connected routes cannot be redistributed from one protocol to another.
Conditions: This symptom is observed on EIGRP routes when you enter the shutdown command followed by the no shutdown command. The symptom may also affect other routing protocols.
Workaround: There is no workaround.
•
Symptoms: IS-IS redistribute commands are not synchronized to the standby RP. The routes that depend on these commands fail after a switchover.
Conditions: This symptom is observed on a Cisco 7500 series but is platform-independent.
Workaround: There is no workaround.
•
Symptoms: CPUHOG messages are generated when you bring up OSPF adjacencies on hundreds of subinterfaces.
Conditions: This symptom is observed when LSAs are configured to be refreshed every 30 minutes.
Workaround: There is no workaround.
•
Symptoms: The following CPUHOG message and tracebacks are generated when you create a NAT pool of the type "match-host" with a mask that is smaller than /12:
%SYS-3-CPUHOG: Task is running for (2000)msecs, more than (2000)msecs (87/11),process = Exec.Conditions: This symptom is observed when you enter one of the following global configuration commands:
–
–
Workaround: Create a NAT pool with a mask that is larger than /12.
•
Symptoms: After you reload a router, the CEF adjacency or hardware route for a peer is unexpectedly removed from the FIB hardware table, causing connectivity problems.
Conditions: This symptom is observed on a Cisco router that has a statically configured ARP alias for the peer.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A router may reload because of an NVRAM corruption.
Conditions: This symptom is observed when NVRAM is accessed simultaneously by two processes, when one the processes has a file open, and when the second process attempts to open a nonexistent file. The error handling for the second process clears the global NVRAM pointer that is used by the first process. This situation is more likely to occur in a configuration with redundant Route Processors (RPs) but may also occur in a configuration with a single RP when two terminal windows are open.
Workaround: There is no workaround.
•
Symptoms: A router with a configuration size that is larger than the NVRAM size reloads because of a bus error and stack overflow or stack corruption when you enter the show config command simultaneously with the write terminal or show running-config command.
Conditions: This symptom is observed when the service compress-config command or boot config command is enabled.
Workaround: Do not enter the above-mentioned commands simultaneously, reduce the size of the configuration, or increase the size of the NVRAM.
Further Problem Description: This problem was introduced in Cisco IOS Release 12.1(8a)E1, so most Cisco IOS 12.1E releases are exposed to this problem. The problem may also occur in Release 12.2S.
•
Cisco IOS devices running branches of Cisco IOS version 12.2S that have Dynamic Host Configuration Protocol (DHCP) server or relay agent enabled, even if not configured, are vulnerable to a denial of service where the input queue becomes blocked when receiving specifically crafted DHCP packets. Cisco is providing free fixed software to address this issue. There are also workarounds to mitigate this vulnerability. This issue was introduced by the fix included in CSCdx46180 and is being tracked by Cisco Bug ID CSCee50294.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20041110-dhcp.shtml.There are multiple workarounds for this issue:
There are four possible workarounds for this vulnerability:
–
–
–
a.
This vulnerability can be mitigated by utilizing the command:
no service dhcp
However, this workaround will disable all DHCP processing on the device, including the DHCP helper functionality that may be necessary in some network configurations.
a.
The Control Plane Policy feature may be used to mitigate this vulnerability, as in the following example:
access-list 140 deny udp host 192.168.13.1 any eq bootps
access-list 140 deny udp any host 192.168.13.1 eq bootps
access-list 140 deny udp any host 255.255.255.255 eq bootps
access-list 140 permit udp any any eq bootps
class-map match-all bootps-class
match access-group 140
policy-map control-plane-policy
class bootps-class
police 8000 1500 1500 conform-action drop exceed-action drop
control-plane
service-policy input control-plane-policyFor this example 192.168.13.1 is a legitimate DHCP server.
Additional information on the configuration and use of the CPP feature can be found at this link:
http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1838/
products_feature_guide09186a00801afad4.html.This workaround is only applicable to Cisco IOS 12.2S, as this feature is only available in Cisco IOS versions 12.2S and 12.3T. Cisco IOS 12.3T is not impacted by this advisory.
a.
Access lists can be applied to block DHCP/BootP traffic destined to any router interface addresses, as in the following example:
In this example, the IP address192.168.13.1 represents a legitimate DHCP server, the addresses 10.89.236.147 and 192.168.13.2 represent router interface addresses, and 192.168.61.1 represents a loopback interface on the router.
In this example, any bootp/dhcp packets destined to the router interface addresses are blocked.
access-list 100 remark permit bootps from the DHCP server
access-list 100 permit udp host 192.168.13.1 any eq bootps
access-list 100 remark deny bootps from any to router f1/0
access-list 100 deny udp any host 10.89.236.147 eq bootps
access-list 100 remark deny bootps from any to router f0/0
access-list 100 deny udp any host 192.168.13.2 eq bootps
access-list 100 remark deny bootps from any to router loopback1
access-list 100 deny udp any host 192.168.61.1 eq bootps
access-list 100 remark permit all other traffic
access-list 100 permit ip any anyaccess-list 100 is applied to f0/0 and f1/0 physical interfaces.
interface FastEthernet0/0
ip address 192.168.13.2 255.255.255.0
ip access-group 100 in
interface FastEthernet1/0
ip address 10.89.236.147 255.255.255.240
ip access-group 100 in
ip helper-address 192.168.13.1An alternate configuration for the interface access-list workaround.
This example would also need to be applied to all physical interfaces, but deny statements for all of the IP addresses configured on the router are not necessary in this approach. In this example, the address 192.168.13.1 represents a legitimate DHCP server.
access-list 100 permit udp host 192.168.13.1 any eq bootps
access-list 100 permit udp any host 192.168.13.1 eq bootps
access-list 100 permit udp any host 255.255.255.255 eq bootps
access-list 100 deny udp any any eq bootps
interface FastEthernet0/0
ip address 192.168.13.2 255.255.255.0
ip access-group 100 in
interface FastEthernet1/0
ip address 10.89.236.147 255.255.255.240
ip access-group 100 in
ip helper-address 192.168.13.1•
Symptoms: The entitySensorMIB does not function.
Conditions: This symptom is observed on a Cisco ONS 15530 that runs Cisco IOS Release 12.2S.
Workaround: There is no workaround.
•
Symptoms: Loss of synchronization occurs, causing traffic drops.
Conditions: This symptom is observed on an uplink interface of a 10G ITU trunk line card of a peer platform of a Cisco ONS15530 when a CPU switchover occurs on the Cisco ONS15530. The traffic drops occur on the 10G ITU trunk line card of the peer platform.
Workaround: There is no workaround.
•
Reception of certain IPv6 fragments with carefully crafted illegal contents may cause a router running Cisco IOS to reload if it has IPv6 configured. This applies to all versions of Cisco IOS that include support for IPv6.
The system may be protected by installing appropriate access lists to filter all IPv6 fragments destined for the system. For example:
interface Ethernet0/0
ipv6 traffic-filter nofragments in
!
ipv6 access-list nofragments
deny ipv6 any <my address1> undetermined-transport
deny ipv6 any <my address2> fragments
permit ipv6 any anyThis must be applied across all interfaces, and must be applied to all IPv6 addresses which the system recognizes as its own.
This will effectively disable reassembly of all IPv6 fragments. Some networks may rely on IPv6 fragmentation, so careful consideration should be given before applying this workaround.
We would recommend for customers to upgrade to the fixed IOS release. All IOS releases listed in IPv6 Routing Header Vulnerability Advisory at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml contain fixes for this issue.
•
Cisco Internetwork Operating System (IOS) software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.
Cisco has made free software available to address this vulnerability for all affected customers.
More details can be found in the security advisory that is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml.
•
Symptoms: The power-on diagnostics loopback tests of a Cisco ONS 15530 series 8-port FC/GE aggregation card (15530-FCGE-8P) may report a failure.
Conditions: This symptom is observed very rarely when the Cisco ONS 15530 is booted immediately after a power-cycle.
Workaround: There is no workaround. Note, however, that no functionality is affected.
•
Symptoms: After a CPU switchover, memory use on the new primary CPU increases by 10 MB and memory use peaks may go up to 85 percent.
Conditions: This symptom is observed on Cisco ONS15530 and ONS15540 that run Cisco IOS Release 12.2S.
Workaround: There is no workaround.
Further Problem Description: To clear the conditions, power-cycle the platform or enter the redundancy reload shelf command.
•
Symptoms: The maintenance mode on a Cisco AS5850 that is configured for RPR+ may not function.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(11)T but is release- and platform-independent.
Workaround: There is no workaround.
•
Symptoms: A vulnerability exists within the Cisco IOS Authentication, Authorization, and Accounting (AAA) command authorization feature, where command authorization checks are not performed on commands executed from the Tool Command Language (TCL) exec shell. This may allow authenticated users to bypass command authorization checks in some configurations resulting in unauthorized privilege escalation.
Conditions: Devices that are not running AAA command authorization feature, or do not support TCL functionality are not affected by this vulnerability.
This vulnerability is present in all versions of Cisco IOS that support the tclsh command.
Workaround: This advisory with appropriate workarounds is posted at
http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml•
Symptoms: When you enter the no shutdown interface configuration command on an interface of a 10-Gbps GE transponder card, the interface enters the UP state even when no client is connected.
Conditions: This symptom is observed when you boot a Cisco ONS15540 and insert a 10-Gbps GE transponder card.
Workaround: Perform an OIR of the card a couple of times.
•
Symptoms: A Cisco ONS 15540 may reload when an APS group is deleted via a TL1 command.
Conditions: This symptom is observed on a Cisco ONS 15540 when you are in the command-line interface (CLI) APS configuration mode while the APS group is deleted via a TL1 command.
Workaround: Use the CLI to delete the APS group.
•
This caveat consists of two symptoms, two conditions, and two workarounds in the following configuration:
A Cisco Catalyst 6000 series connects via a Gigabit Ethernet (GE) interface and a Y cable to a Cisco ONS 15540 that connects to another Cisco ONS 15540. This second Cisco ONS 15540 connects via a Y cable to the GE interface of another Cisco Catalyst 6000 series.
1.
Condition 1: This symptom is observed when the portfail notification is received on the working active interface on one of the Cisco ONS 15540 platforms and when auto-failover is disabled, preventing the hardware from switching. However, APS still turns the working laser off, causing the working interface to enter the standby mode. Note that the symptom may also occur when Cisco ONS 15530 platforms are used.
Workaround 1: There is no workaround.
2.
Condition 2: This symptom is observed when auto-failover is disabled and FLC (wave side) is enabled on the Cisco ONS 15540 platforms, causing end-to-end negotiation between the Cisco Catalyst 6000 series to fail. Because the originating Cisco Catalyst 6000 series continues to pulse its light, FLC is triggered and the wave side laser is turned on and off accordingly. Note that the symptom may also occur when Cisco ONS 15530 platforms are used.
Workaround 2: There is no workaround.
•
Symptoms: A Cisco 15500 ONS series crashes when FPGA reprogramming is in progress for any of its line cards and when you enter the show upgrade-info functional-image command through a vty line.
Conditions: This symptom is observed on a Cisco 15500 series that runs Cisco IOS Release 12.2S or a release that is based on Release 12.2S.
Workaround: There is no workaround.
•
Symptoms: During a CPU switchover on a Cisco 15540 extended range transponder, a temporary traffic interruption may occur. When the switchover is complete, traffic resumes. This symptom is intermittent and may not affect all transponders in a chassis.
The traffic interruption may occur for the following types of encapsulation:
–
–
–
–
–
–
–
Conditions: This symptom is observed on a Cisco ONS 15540 ESP and Cisco ONS 15540 ESPx in which extended range transponders are installed.
Workaround: There is no workaround.
•
Symptoms: A Cisco ONS 15500 series crashes because of a TLB modification exception.
Conditions: This symptom is observed when you attempt to modify non-writable memory.
Workaround: There is no workaround.
•
Symptoms: An error message similar to the following may be logged on a router:
%FIB-2-IF_NUMBER_ILLEGAL: Attempt to create CEF interface for unknown if with illegal if_number: 0This message is followed by a traceback.
Conditions: This symptom is observed on a Cisco router when a virtual interface or a virtual loopback interface is created.
Workaround: There is no workaround.
•
Symptoms: The physical Performance Monitoring (PM) statistics may not be collected correctly.
Conditions: This symptom is observed on a Cisco ONS15500 series that is configured when SNMP optical monitoring traps are enabled.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.2(25)S15
Cisco IOS Release 12.2(25)S15 is a rebuild release for Cisco IOS Release 12.2(25)S. The caveats in this section are resolved in Cisco IOS Release 12.2(25)S15 but may be open in previous Cisco IOS releases.
Miscellaneous
•
Cisco IOS contains multiple vulnerabilities in the Data-link Switching (DLSw) feature that may result in a reload or memory leaks when processing specially crafted UDP or IP Protocol 91 packets.
Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtml
•
Symptoms: SSO Standby NSE-100 crashes with the following error messages:
IDBINDEX_SYNC-3-IDBINDEX_ENTRY_LOOKUP or
HA_CONFIG_SYNC-3-LBL_POLICYAfter the crash, it was observed redundancy mode changed to RPR. When manual reset is applied on the standby, redundancy mode is back to SSO.
Conditions: This symptom is observed on a Cisco 7300 router that is configured with SSO 2xNSE-100 that is running Cisco IOS Release 12.2(25)S10. The issue seems intermittent and can sometimes be triggered by applying a large configuration (approximately 600 vrfs and 1500 sub-interfaces).
Workaround: There is no workaround.
•
Symptoms: A success event message is sent for a malformed XML. In this situation, a failure message should be sent.
Conditions: This symptom is observed when you send a malformed XML via the cns-send command, as in the example below:
<?xml version="1.0" encoding="UTF-8" ?>^M^M
<config-event config-action="write" no-syntax-check="TRUE">^M^M
<identifier>IDENTIFIER</identifier>^M^M
<config-data>^M^M
<config-id>AAA</config-id>^M^M
<cli>access-list 1 permit any^M^M
<cli>access-list 2 permit any ^M^M
<cli>access-list 1 permit any ^M^M
<cli>access-list 2 permit any ^M^M
<cli>access-list 1 permit any ^M^M
<cli>access-list 2 permit any ^M^M
<cli>access-list 1 permit any ^M^M
<cli>access-list 2 permit any ^M^M
<cli>access-list 2 permit any ^M^M
<cli>access-list 2 permit any ^M^M
</cli>^M^M
</cli>^M^M
</cli>^M^M
</cli>^M^M
</cli>^M^M
</cli>^M^M
</cli>^M^M
</cli>^M^M
</cli>^M^M
</cli>^M^M
</config-data>^M^M
</config-event>^M^MWorkaround: There is no workaround.
•
Symptoms: A T3/E3 serial SPA may not come up because the line protocol remains down, and the output of the show controllers serial command does not generate any output for the T3/E3 serial SPA.
Conditions: This symptom is observed on a Cisco 7304 when you apply the configuration for the first time after the router has booted.
Workaround: Unconfigure and reconfigure the card type command for the T3/E3 serial SPA.
Resolved Caveats—Cisco IOS Release 12.2(25)S14
Cisco IOS Release 12.2(25)S14 is a rebuild release for Cisco IOS Release 12.2(25)S. The caveats in this section are resolved in Cisco IOS Release 12.2(25)S14 but may be open in previous Cisco IOS releases.
IP Routing Protocols
•
Symptoms: A Cisco router that has the ip pim dense-mode proxy-register command enabled and that functions as a border router between a router that is configured for PIM dense mode and another router that is configured for PIM sparse mode may not register all non-directly connected sources.
Conditions: This symptom is observed when more than one non-directly connected source sends traffic to the Cisco router.
Workaround: Enter the clear ip mroute * or clear ip mroute group-address command.
Alternate Workaround: Enter the no ip mroute-cache on the interface that has the ip pim dense-mode proxy-register command enabled.
Miscellaneous
•
Symptoms: An incorrect update-source interface is selected for a multicast tunnel interface in an MVPN configuration.
Conditions: This symptom is observed when the provider edge (PE) router is also an ASBR with eBGP peers or has non-VPNv4 peers with higher IP addresses than the peer that has VPNv4 enabled. MVPN requires that the BGP update source address of a VPNv4 peer is selected as the MTI source address.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7304 may crash when you enter the no flowcontrol send command.
Conditions: This symptom is observed on a Cisco 7304 that has an NPE-G100 and a carrier card in which a SPA is installed.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7304 may reload unexpectedly because of a watchdog reset condition, which can be seen in the output of the show version command.
Conditions: This symptom is observed only on a Cisco 7304 that has an NPE-G100.
Workaround: There is no workaround.
•
Symptoms: The flow control for an on-board RJ45 GE interface of an NPE-G1 may not function properly.
Conditions: This symptom is observed on a Cisco 7200 series and a Cisco 7301.
Workaround: There is no workaround.
•
A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.
Cisco is providing fixed software to address this issue. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml.
•
Symptoms: A Gigabit Ethernet interface on a Cisco 7304 that has an NPE-G100 does not support flow control. When the traffic profile results in micro burst on a segment, the output of the show interface command may shows overrun errors.
Conditions: This symptom is observed on a Cisco 7304 that has an NPE-G100 and that runs Cisco IOS Release 12.2S or Release 12.2SB. Note that the symptom does not occur on a Cisco 7304 that has an NSE-100 or NSE-150.
Workaround: There is no workaround.
Further Problem Description: The fix for this caveat enables you to configure flowcontrol in interface configuration mode, thereby allowing pause frames to be sent to the peer. Enable flow control by entering the following commands on the Gigabit Ethernet interface:
Router#conf t
Router(config) # interface gig0
Router(config-if) # flowcontrol send
Router(config-if) # endEnable flowcontrol only when autonegotiation is also enabled to allow the NPE-G100 to negotiate with its peers as to whether it can recognize the pause frames.
Note that an additional change is made via caveat CSCsg39245 to increase the default receive ring limit from 64 Kbps to 128 Kbps to help absorb micro bursts.
•
Symptoms: When you configure MR-APS between a Cisco 7304 and another router such as a Cisco 7500 series or Cisco 7600 series with PA-MC-STM-1 port adapters, the following tracebacks are logged on the Cisco 7304:
-Process= "APS process", ipl= 0, pid= 191
-Traceback= 406DC2E0 40741174 400C24BC 400C2BF0 400C6D9C 400C79EC 400C8814 400C8894 400C90B8Conditions: This symptom is observed on a Cisco 7304 when the working or protect PA-MC-STM-1 port adapter in the active state.
Workaround: There is no workaround.
Further Problem Description: The symptom occurs with the following Cisco IOS software images:
On the Cisco 7304:
–
–
Note that Release 12.2S could also be affected.
On the Cisco 7600 series:
–
–
•
A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.
•
Symptoms: An end-to-end ping between CE routers may fail in an ATMoMPLS environment.
Conditions: This symptom is observed when a Cisco router that functions as a PE router has ATMoMPLS configured as "ATM single cell relay over MPLS: port mode" via the xconnect command under an ATM Main interface.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7301 or Cisco 7304 that is configured to use MPLS service policies on some interfaces may crash. The crash may be preceded by following error messages:
%SYS-2-CHUNKBOUNDSIB: Error noticed in the sibling of the chunk pak subblock c, Chunk index : 25, Chunk real max :25and
%SYS-2-CHUNKBADMAGIC: Bad magic number in chunk header, chunk 45FE855C data 45FE862C chunkmagic 15A3C78B chunk_freemagic 1000000Conditions: This symptom is observed on a Cisco 7301 and Cisco 7304 that run Cisco IOS Release 12.2(31)SB and is not related to a specific command sequence. However, note that the crash is platform-independent. For example, the crash could also occur on a Cisco 7600 series that runs Cisco IOS Release 12.2(33)SRB.
Workaround: There is no workaround.
•
Symptoms: When you configure the CNS Exec Agent, a traceback and spurious memory accesses may be generated.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2S or Release 12.2SB.
Workaround: There is no workaround. However, the functionality of the CNS Exec Agent is not affected.
Resolved Caveats—Cisco IOS Release 12.2(25)S13
Cisco IOS Release 12.2(25)S13 is a rebuild release for Cisco IOS Release 12.2(25)S. The caveats in this section are resolved in Cisco IOS Release 12.2(25)S13 but may be open in previous Cisco IOS releases.
Basic System Services
•
Symptoms: A memory leak may occur on a line card, eventually causing IPC to fail.
Conditions: This symptoms is observed on a Cisco platform that is configured for NetFlow. The symptom affects distributed platforms only.
Workaround: There is no workaround.
IBM Connectivity
•
A vulnerability exists in the Data-link Switching (DLSw) feature in Cisco IOS where an invalid value in a DLSw message could result in a reload of the DLSw device. Successful exploitation of this vulnerability requires that an attacker be able to establish a DLSw connection to the device.
There are workarounds available for this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml.
IP Routing Protocols
•
The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS contains a vulnerability that can result in a restart of the device or possible remote code execution.
NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature.
NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation.
NHRP is not enabled by default for Cisco IOS.
This vulnerability is addressed by Cisco bug IDs CSCin95836 for non-12.2 mainline releases and CSCsi23231 for 12.2 mainline releases.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml.
Miscellaneous
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml.
•
Cisco IOS and Cisco IOS XR contain a vulnerability when processing specially crafted IPv6 packets with a Type 0 Routing Header present. Exploitation of this vulnerability can lead to information leakage on affected Cisco IOS and Cisco IOS XR devices, and may also result in a crash of the affected Cisco IOS device. Successful exploitation on an affected device running Cisco IOS XR will not result in a crash of the device itself, but may result in a crash of the IPv6 subsystem.
Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-IPv6-leak.shtml.
•
Symptoms: A router may take a very long time to establish LDP sessions with its peers and advertise its label bindings. In some cases, the LDP sessions may flap.
Conditions: This symptom may occur when a Cisco router that uses LDP for label distribution has a large number (greater than 250) of LDP neighbors and several thousand label bindings to advertise.
Workaround: The time required to establish the neighbor sessions and advertise the label bindings when TDP is used in place of LDP may be substantially less. Using TDP in place of LDP will result in an acceptable convergence behavior.
•
Symptoms: LSPs that support AToM circuits may fail to come up.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software image that includes the fix for DDTS ID CSCeg74562. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeg74562. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: On a router that is configured for Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP), the CPU usage may increase considerably for an extended period of time when a large number of label bindings are withdrawn or released at the same time.
Conditions: This symptom is observed on a Cisco router only when LDP (as opposed to TDP) is used and when a large number (more than 250) of LDP neighbors and a large number of IP prefixes become unreachable at the same time.
Workaround: There is no workaround.
•
Symptoms: A spurious memory access may occur when you load Cisco IOS Release 12.2(25)S.
Conditions: This symptom is observed on a Cisco 7304 that has an NSE-100.
Workaround: There is no workaround.
•
Symptoms: A Network Processing Engine G1 (NPE-G1) may restart unexpectedly and report the following message:
Last reset from watchdog resetConditions: This symptom is observed only on Cisco 7200 and Cisco 7301 series routers that are configured with an NPE-G1 Network Processing Engine.
Workaround: There is no workaround.
•
A Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.
Note: Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
•
A Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.
Note: Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
•
Symptoms: In Cisco IOS software that is running the Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP), the router could reload while trying to access a bad virtual address.
Conditions: This symptom may be observed when LDP is being used. It will not be observed with TDP. It may happen when LDP receives a protocol message larger than 512 bytes right after receiving several Label Mapping messages smaller than 25 bytes. This problem is likely to be accompanied by the presence of one of the following error message:
Address Error (load or instruction fetch) exception, CPU signal 10, PC = 0xD0D0D0DThe above error message may be preceded by one of the following four error messages:
%ALIGN-1-FATAL: Corrupted program counter 19:45:07 CET Mon Sep 26 2005 pc=0xD0D0D0D, ra=0x61164128, sp=0x64879B98
%TDP-3-BAD_PIE: peer x.x.x.x; unknown pie type 0x11E
%TDP-3-UNEXPECTED_PIE: peer x.x.x.x unexpected pie type 0x0
%TDP-3-PTCLREAD: peer x.xx.x0, read failureThis problem may be seen in releases that include the fix for CSCeg74562 but do not have the fix associated with this defect.
Workaround: There is no workaround.
•
Symptoms: The VTP feature in certain versions of Cisco IOS software is vulnerable to a locally-exploitable buffer overflow condition and potential execution of arbitrary code. If a VTP summary advertisement is received with a Type-Length-Value (TLV) containing a VLAN name greater than 100 characters, the receiving switch will reset with an Unassigned Exception error.
Conditions: The packets must be received on a trunk enabled port, with a matching domain name and a matching VTP domain password (if configured).
Further Information: On the 13th September 2006, Phenoelit Group posted an advisory containing three vulnerabilities:
–
–
–
These vulnerabilities are addressed by Cisco IDs:
–
–
–
Cisco's statement and further information are available on the Cisco public website at
http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml.
•
A Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.
Note: Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
•
Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml.
•
