-
Cisco IOS Security Configuration Guide: Securing the Data Plane, Release 12.4T
-
Automatic Signature Extraction
-
Cisco IOS Firewall Overview
-
Access Control Lists (ACLs)
-
IP Access List Features Roadmap
-
IP Access List Overview
-
Creating an IP Access List and Applying It to an Interface
-
Creating an IP Access List to Filter IP Options, TCP Flags, Noncontiguous Ports, or TTL Values
-
ACL Syslog Correlation
-
Refining an IP Access List
-
Object Groups for ACLs
-
Displaying and Clearing IP Access List Data Using ACL Manageability
-
Controlling Access to a Virtual Terminal Line
-
Access List-Based RBSCP
-
ACL IP Options Selective Drop
-
ACL Authentication of Incoming rsh and rcp Requests
-
-
Configuring IP Session Filtering (Reflexive Access Lists)
-
Configuring Lock-and-Key Security (Dynamic Access Lists)
-
Context-Based Access Control
-
Configuring Context-based Access Control
-
Application Firewall - Instant Message Traffic Enforcement
-
Cisco IOS Firewall MIB
-
Cisco IOS Firewall Performance Improvements
-
Cisco IOS Firewall Stateful Failover
-
Cisco IOS Firewall Support for TRP
-
Email Inspection Engine
-
ESMTP Support for Cisco IOS Firewall
-
Firewall ACL Bypass
-
Firewall N2H2 Support
-
Firewall Stateful Inspection of ICMP
-
Firewall Support for SIP
-
Firewall Support of Skinny Client Control Protocol (SCCP)
-
Firewall Websense URL Filtering
-
Granular Protocol Inspection
-
HTTP Inspection Engine
-
Inspection of Router-Generated Traffic
-
TCP Out-of-Order Packet Support for Cisco IOS Firewall and Cisco IOS IPS
-
Transparent Cisco IOS Firewall
-
Virtual Fragmentation Reassembly
-
VRF Aware Cisco IOS Firewall
-
-
Zone-Based Policy Firewall
-
Zone-Based Policy Firewall
-
Cisco IOS Firewall H.323 Support
-
H.323 RAS Support in Cisco IOS Firewall
-
Cisco IOS Firewall: SIP Enhancements: ALG and AIC
-
Application Inspection and Control for SMTP
-
Subscription-based Cisco IOS Content Filtering
-
Cisco IOS Firewall Support for Skinny Local Traffic and CME
-
User Based Firewall Support
-
- Cisco IOS Intrusion Prevention System (IPS)
- Flexible Packet Matching
-
Configuring IP Security Options
-
Configuring Port to Application Mapping
-
Configuring TCP Intercept (Preventing Denial-of-Service Attacks)
- Unicast Reverse Path Forwarding (uRPF)
- Threat Information Distribution Protocol (TIDP) and TMS
-
Table Of Contents
Threat Information Distribution Protocol
Threat Information Distribution Protocol
Secure Message Authentication and Encryption
TIDP-Based Mitigation Services
Configuring the Remote Peer to Use the RSA Key
Configuring TIDP Authentication and Encryption Keys
Locally Encrypting Message and Authentication Strings
Configuring the Source Interface and Enabling TIDP
Sending a Test Message to Verify that TIDP is Operational
Using Privileged EXEC Commands to Verify and Troubleshoot TIDP
Configuration Examples for TIDP
Threat Information Distribution Protocol
First Published: February 27, 2006Last Updated: March 20, 2006Threat Information Distribution Protocol (TIDP) provides a rapid and secure mechanism to distribute security threat information. TIDP is designed to support large groups of devices throughout the network. TIDP supports peer authentication and message encryption. TIDP is the distribution layer protocol for TIDP-Based Mitigation Services (TMS). TMS provides the framework to rapidly and efficiently distribute threat information to devices across the network. This document describes TIDP configuration. TIDP must be configured before TMS.
Finding Feature Information in This Module
Your Cisco IOS software release may not support all of the features documented in this module. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for TIDP" section
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
•
Configuration Examples for TIDP
Prerequisites for TIDP
•
•
Restrictions for TIDP
•
•
Information About TIDP
You should understand the following concepts, before configuring TIDP and TMS:
•
•
Threat Information Distribution Protocol
TIDP is a light-weight protocol that provides a rapid, scalable, and secure mechanism to distribute threat information to large groups of devices in the network. TIDP is configured on a per-group basis. Messages are bound to each group but can also be delivered to multiple groups. TIDP is deployed in a star or hub-and-spoke topology, similar to a client/server configuration, in which a controller supports multiple consumers. The controller is configured to peer with all consumers in the group. The consumers peer only with the controller and optionally with each other. Figure 1 shows a sample topology.
Figure 1 The Controller Peers with all Consumers
Secure Message Authentication and Encryption
TIDP was designed to be secure. TIDP messages are protected by peer authentication and can be optionally encrypted to prevent the message payload from being viewed or altered. Authentication and encryption are configured with inbound and outbound keys. TIDP can be configured to use AES-128, HMAC-SHA1-160, and RSA key generation. Figure 2 shows TIDP message transport and distribution.
Figure 2 TMS Service Run Over TIDP
TIDP-Based Mitigation Services
TIDP is designed to run over only TCP as the transport layer protocol. TIDP is the distribution layer protocol for TIDP-Based Mitigation Services (TMS). TMS provides the framework to rapidly and efficiently distribute threat information to devices across the network.
The TMS framework transports messages that contain specific threat information about suspect traffic and associated mitigation enforcement actions to all devices in the network. Threat Information Messages (TIMs) are distributed throughout the network in near real time. TIMs are distributed from a central device, the TMS controller. TMS consumers are devices configured to receive TIMs. Each consumer can be configured with a unique rule set to locally enforce mitigation actions based on local requirements. Each rule set is customizable and can be modified on demand.
Note
How to Configure TIDP
This section contains the following tasks:
•
•
•
•
•
•
•
Generating an RSA Key Pair
This configuration task is optional. The steps in this task show how to generate the RSA key pair and then display the key so that the public key can be copied and input into the remote peer (receiving device).
Prerequisites
Before configuring the crypto key generate rsa command, ensure that your router has a hostname and IP domain name configured (with the hostname and ip domain-name commands). You will be unable to complete the crypto key generate rsa command without a hostname and IP domain name.
SUMMARY STEPS
1.
2.
3.
4.
5.
DETAILED STEPS
Examples
The following example, starting in global configuration mode, shows how to generate and display an RSA key pair:
Router(config)# crypto key generate rsa general-keys label CRYPTO_KEY_1 modulus 512The name for the keys will be: crypto_key_1% The key modulus size is 512 bits% Generating 512 bit RSA keys, keys will be non-exportable...[OK]Router(config)# exitRouter# show crypto key mypubkey rsa% Key pair was generated at: 12:45:16 PST Jan 1 2006Key name: CRYPTO_KEY_1Storage Device: not specifiedUsage: General Purpose KeyKey is not exportable.Key Data:305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00AD3E88 3B3489CBA4F77002 97FC4BEC 9AAFE414 973E7B38 B047EACE 5B4857BC 2606EEA3 6704041A1F6D9659 89070D18 F4358111 90905012 53EEF5E0 5F41B3FD AB020301 0001% Key pair was generated at: 12:45:23 PST Jan 9 2006Key name: CRYPTO_KEY_1.serverTemporary keyUsage: Encryption KeyKey is not exportable.Key Data:307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00D13A4D 1A668508F291D3E3 46500F52 435C3A07 23A66EB0 FA3A0A3B 53DE2DD6 0E24F9B0 825370CBBFB9E615 97E79BB1 95430760 CB68F399 502B509B 993935B3 A0EBE95C 33BEDD40471AFCD5 0EB86242 F3F8E741 53C3C14E D20916CF 2BC33422 B5020301 0001Configuring the Remote Peer to Use the RSA Key
This task shows how to enter the senders public RSA key on the remote peer. This task is required if an RSA key is configured for TIDP authentication on the sending device.
Prerequisites
The IP host statement in this task is optional. The remote peer will attempt to use domain name system (DNS) to resolve the name of the RSA key in the public key chain. If the remote peer is not configured to use DNS resolution, then the sending peer must be identified by configuring the ip host command on the remote peer. Configuration of the ip host command is optional in this task table.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
DETAILED STEPS
Examples
The following example, starting in global configuration mode, configures the remote peer to process the RSA key generated in the first configuration task:
Router(config)# ip host CRYPTO_KEY_1 10.1.1.1Router(config)# crypto key pubkey-chain rsaRouter(config-pubkey-chain)# named-key CRYPTO_KEY_1 signatureRouter(config-pubkey-key)# address 10.1.1.1Router(config-pubkey-key)# key-stringEnter a public key as a hexidecimal number ....Router(config-pubkey)# 305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00AD3E88 3B3489CBRouter(config-pubkey)# A4F77002 97FC4BEC 9AAFE414 973E7B38 B047EACE 5B4857BC 2606EEA3 6704041ARouter(config-pubkey)# 1F6D9659 89070D18 F4358111 90905012 53EEF5E0 5F41B3FD AB020301 0001Router(config-pubkey)# quitConfiguring TIDP Authentication and Encryption Keys
The steps in this task show how to configure TIDP peer authentication and message encryption. Peer authentication is required. Message encryption is optional. TIDP can be configured to use AES-128, HMAC-SHA1-160, and RSA key generation.
Peer Authentication
TIDP peers are authenticated by configuring an RSA public key or by configuring an authentication string. The authentication string can be encrypted or transmitted as clear text. TIDP performs authentication by signing sent messages and verifying the signature in received messages. Two sets of authentication keys are configured for each TIDP group, a send key and receive key. If a message fails authentication, the invalid message counter is increased incrementally. This counter is displayed in the output of the show tidp detail command.
Message Encryption
TIDP messages can be optionally encrypted to prevent the contents from being viewed or altered. Two sets of encryption keys are configured for each TIDP group, a send key and receive key.
Locally Encrypting Message and Authentication Strings
A message or authentication string can be encrypted in the router configuration file so that encryption and/or authentication is not compromised for the TIDP group if one peer is compromised. The key string is saved as clear text when the 0 keyword is entered after the key-string argument. The key string text is encrypted if the 6 keyword is entered. Configuring the password encryption aes command in Global configuration mode will automatically encryption all key-strings in the router configuration file.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
DETAILED STEPS
Examples
The following examples, starting in global configuration mode, configure an encryption key and authentication key between two TIDP peers.
Sending Peer Key-Set
Router(config)#_tidp key-set KEY_1Router(config-tidp-ks)# authentication-key send keypair-name CRYPTO_KEY_1Router(config-tidp-ks)# encryption-key send key-string 6 Aa1Bb2Cc3Router(config-tidp-ks)# exitReceiving Peer Key-Set
Router(config)# tidp key-set KEY_2Router(config-tidp-ks)# authentication-key receive pub-key CRYPTO_KEY_1Router(config-tidp-ks)# encryption-key receive key-string 6 Aa1Bb2Cc3Router(config-tidp-ks)# exitTroubleshooting Tips
If a connection has been established, then the existing authentication and/or encryption keys are compatible. If a connection is not established, verify the following:
•
•
If these tips do not resolve the problem, then you should check syslog for CONNFAIL error messages from the peer initiating the connection. The following debug command can also be helpful in troubleshooting a TIDP connection problem:
•
•
•
Configuring a TIDP Group
TIDP groups are designed to manage the distribution of threat information to TIDP consumers. The steps in this task show the following:
•
•
•
•
TIDP Groups
TIDP is deployed in groups following a star topology. Each group is configured with at least one TIDP controller. The controller is configured to communicate with each TIDP consumer. The consumer is configured to communicate only with the controller. Each group can have a maximum of 250 consumers. Each consumer can be a member of up to 64 groups.
Prerequisites
Peer authentication is required and must be configured before a TIDP group can be activated. A key-set is first configured with the tidp key-set command in global configuration mode. The authentication and encryption keys are associated with the TIDP group by configuring the key-set command in Step 4.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
DETAILED STEPS
Examples
The following examples, starting in global configuration mode, configure TIDP group number 10 on a controller and consumer:
Controller (10.1.1.1)
Router(config)# tidp key-set KEY_1Router(config-tidp-ks)# authentication-key receive key-string Aa1Bb2Cc3Router(config-tidp-ks)# authentication-key send key-string Dd4Ee5Ff6Router(config-tidp-ks)# exitRouter(config)# tidp group 10Router(config-tidp-grp)# key-set KEY_1Router(config-tidp-grp)# registration retry-interval min 30 max 600Router(config-tidp-grp)# peer 10.1.1.2Router(config-tidp-grp)# peer 10.1.1.3Router(config-tidp-grp)# peer 10.1.1.4Router(config-tidp-grp)# activeRouter(config-tidp-grp)# exitConsumer (10.1.1.2)
Router(config)# tidp-set KEY_2Router(config-tidp-ks)# authentication-key receive key-string Dd4Ee5Ff6Router(config-tidp-ks)# authentication-key send key-string Aa1Bb2Cc3Router(config-tidp-ks)# exitRouter(config)# tidp group 10Router(config-tidp-grp)# key-set KEY_2Router(config-tidp-grp)# peer 10.1.1.1Router(config-tidp-grp)# activeRouter(config-tidp-grp)# exitConfiguring the Source Interface and Enabling TIDP
The steps in this task show how to configure the source interface for TIDP communication and enable TIDP globally on a router.
Enabling and Disabling TIDP
The source interface must be configured before TIDP can be enabled globally on a router. The source interface cannot be reconfigured while TIDP is enabled. TIDP can be disabled globally on a router by entering the no form of the tidp enable command. The TIDP configuration is not removed from the router configuration file when the no form of this command is entered.
Prerequisites
A physical interface, configured with a fixed IP address, must be in an enabled state and reachable by TIDP peers via TCP/IP.
Restrictions
An interface that is configured with a dynamic IP address cannot be configured as the TIDP source interface.
SUMMARY STEPS
1.
2.
3.
4.
5.
DETAILED STEPS
Examples
The following example, starting in global configuration mode, configures interface Ethernet 0/0 as the source interface for communication with TIDP peers:
Router(config)# interface Ethernet 0/0Router(config-if)# ip address 10.1.1.1 255.255.255.0Router(config-if)# no shutdownRouter(config-if)# exitRouter(config)# tidp source 10.1.1.1Router(config)# endWhat to Do Next
Configuring the source interface and enabling TIDP completes TIDP configuration. Proceed to the next sections to see information about verifying and troubleshooting TIDP. For information on configuring TMS, see TIDP-Based Mitigation Services documentation.
Sending a Test Message to Verify that TIDP is Operational
The steps in this task show how to verify the operational status of TIDP.
Enabling the TIDP Test CLI
The test tidp command is used test to transmit a text message a TIDP group or peer. The test tidp command is not visible or configurable until the debug tidp command has been entered with the test keyword. TIDP test debugging must be enabled on the source and destination devices.
SUMMARY STEPS
1.
2.
3.
DETAILED STEPS
Examples
The following example shows a test messages sent to the 10.1.1.2 peer in TIDP group 10:
Sender (10.1.1.1)
Router1# debug tidp testTIDP test debugging is onRouter1# test tidp send group 10 peer 10.1.1.2 Unicast_Test_MessageReceiver (10.1.1.2)
Router2# debug tidp testTIDP test debugging is onRouter2#03:36:03: TIDP msg from 10.1.1.1, group 10: 'Unicast_Test_Message'Troubleshooting Tips
If a test message is not received by a group or peer, you should verify the following:
•
•
•
Using Privileged EXEC Commands to Verify and Troubleshoot TIDP
This section describes clear, debug, and show commands that are used to verify the operational status and configuration of TIDP. All commands in this section are optional.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
DETAILED STEPS
Examples
The following is sample output from the show tidp command:
Router# show tidpGlobal TIDP information:TIDP status: enabledTIDP source: 10.1.1.1TIDP groups: 1 (1 active, 0 inactive)The following is sample output from the show tidp group command:
Router# show tidp group 10TIDP Group 10:Group status: activeTotal registered peers: 2Total unregistered peers: 1Registration retry interval - min: 60, max: 3600Key-set: KEY_1The following is sample output for the show tidp key-set command:
Router# show tidp key-set KEY_1TIDP keyset KEY_1:Groups:10The following is sample output for the show tidp peer command:
Router# show tidp peer 10.1.1.3TIDP Peer 10.1.1.3:Peer state: ConnectedConfigured in groups:10Total messages received: 1Total messages transmitted: 1Total messages transmit dropped: 0Duplicate messages received: 0Replayed messages received: 0Configuration Examples for TIDP
This section provides TIDP controller and consumer examples. These configurations are similar to each other. The main difference is that TIDP peering is configured between the controller and each peer. However, the TIDP consumers are configured to peer only with the controller and not other peers.
TIDP Controller: Example
Ethernet 0/0 is configured as the source interface for TIDP communication.
Router(config)# interface Ethernet 0/0Router(config-if)# ip address 10.1.1.1 255.255.255.0Router(config-if)# no shutdownRouter(config-if)# exitRouter(config)# tidp source 10.1.1.1An RSA key named CRYPTO_KEY_1 is generated.
Router(config)# crypto key generate rsa general-keys label CRYPTO_KEY_1 modulus 512The name for the keys will be: crypto_key_1% The key modulus size is 512 bits% Generating 512 bit RSA keys, keys will be non-exportable...[OK]Router(config)# exitKey-set KEY_1 is configured with an authentication and encryption key-set. The RSA key in generated in the previous step is configured as the sender authentication key.
Router(config)# tidp key-set KEY_1Router(config-tidp-ks)# authentication-key send keypair-name CRYPTO_KEY_1Router(config-tidp-ks)# authentication-key receive key-string 6 Aa1Bb2Cc3Router(config-tidp-ks)# encryption-key receive key-string 6 Dd4Ee5Ff6Router(config-tidp-ks)# encryption-key send key-string 6 Gg7Hh8Ii9Router(config-tidp-ks)# exitTIDP group 10 is configured and activated. KEY_1 is associated with group 10. The peer registration timers are configured to register unregistered peer at 30 second intervals for up to 10 minutes. Remote peers in the 10.1.1/24 network are configured as TIDP peers.
Router(config)# tidp group 10Router(config-tidp-grp)# key-set KEY_1Router(config-tidp-grp)# registration retry-interval min 30 max 600Router(config-tidp-grp)# peer 10.1.1.2Router(config-tidp-grp)# peer 10.1.1.3Router(config-tidp-grp)# peer 10.1.1.4Router(config-tidp-grp)# activeRouter(config-tidp-grp)# exitTIDP is enabled globally on the router. This is the final step of the TIDP configuration.
Router(config)# tidp enableTIDP Consumer: Example
Ethernet 0/0 is configured as the source interface for TIDP communication.
Router(config)# interface Ethernet 0/0Router(config-if)# ip address 10.1.1.2 255.255.255.0Router(config-if)# no shutdownRouter(config-if)# exitRouter(config)# tidp source 10.1.1.2The TIDP consumer is configured to process the RSA key generated on the controller. An IP host statement is entered to configure a static hostname-to-IP-adress mapping.
Router(config)# ip host CRYPTO_KEY_1 10.1.1.1Router(config)# crypto key pubkey-chain rsaRouter(config-pubkey-chain)# named-key CRYPTO_KEY_1 signatureRouter(config-pubkey-key)# address 10.1.1.1Router(config-pubkey-key)# key-stringEnter a public key as a hexidecimal number ....Router(config-pubkey)# 305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00AD3E88 3B3489CBRouter(config-pubkey)# A4F77002 97FC4BEC 9AAFE414 973E7B38 B047EACE 5B4857BC 2606EEA3 6704041ARouter(config-pubkey)# 1F6D9659 89070D18 F4358111 90905012 53EEF5E0 5F41B3FD AB020301 0001Router(config-pubkey)# quitRouter(config-pubkey-key)# exitRouter(config-pubkey-chain)# exitKey-set KEY_2 is configured with an authentication and encryption key-set. The RSA key in processed in the previous step is configured as the receiving authentication key.
Router(config)# tidp key-set KEY_2Router(config-tidp-ks)# authentication-key receive pubkey-name CRYPTO_KEY_1Router(config-tidp-ks)# authentication-key send key-string 6 Aa1Bb2Cc3Router(config-tidp-ks)# encryption-key receive key-string 6 Dd4Ee5Ff6Router(config-tidp-ks)# encryption-key send key-string 6 Gg7Hh8Ii9Router(config-tidp-ks)# exitTIDP group 10 is configured and activated. KEY_2 is associated with group 10. Peering is established only with the TIDP controller.
Router(config)# tidp group 10Router(config-tidp-grp)# key-set KEY_2Router(config-tidp-grp)# peer 10.1.1.1Router(config-tidp-grp)# activeRouter(config-tidp-grp)# exitTIDP is enabled globally on the router.
Router(config)# tidp enable
Where to Go Next
This document describes the configuration of TIDP. After TIDP is up and running, see TIDP-Based Mitigation Services (TMS) documentation for information about configuring TMS.
Additional References
The following sections provide references related to TIDP:
Related Documents
Standards
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
MIBs
RFCs
No new or modified RFCs are supported by this feature, and support for existing standards has not been modified by this feature.
—
Technical Assistance
Command Reference
The following commands are introduced or modified in the feature or features
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
For information about these commands, see the Cisco IOS Security Command Reference at
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_book.html.
For information about all Cisco IOS commands, see the Command Lookup Tool at
http://tools.cisco.com/Support/CLILookup or the Master Command List.
Feature Information for TIDP
Table 1 lists the release history for this feature.
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Cisco IOS software images are specific to a Cisco IOS software release, a feature set, and a platform. Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Note
Table 1
Feature Information for TIDP
CCDE, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0812R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2007 Cisco Systems, Inc. All rights reserved.
