Table Of Contents
Release Notes for Cisco Access Registrar, 4.2
New Features In Cisco Access Registrar 4.2.2
NumberOfRadiusIdentifiersPerSocket
New Features In Cisco Access Registrar 4.2
Oracle 10g Client,11g Server Support
LDAP Bind-Based Authentication
Enhancements in Cisco Access Registrar 4.2
Co-Existence With Other Network Management Applications
Cisco Access Registrar 4.2 Licensing
Getting Cisco Access Registrar 4.2 License
Installing Cisco Access Registrar 4.2 Licenses
Adding Additional Cisco Access Registrar 4.2 Licenses
Displaying License Information
Anomalies Fixed in Cisco Access Registrar 4.2.2
Known Anomalies in Cisco Access Registrar 4.2
Anomalies Fixed in Cisco Access Registrar 4.2
Obtaining Documentation, Obtaining Support, and Security Guidelines
Release Notes for Cisco Access Registrar, 4.2
Cisco Access Registrar 4.2 provides RADIUS authentication, authorization, and accounting (AAA) services for service providers and enterprises. Cisco Access Registrar (CAR) supports service provider deployment of access services by centralizing AAA information and simplifying provisioning and management.
CAR is a standards-based Remote Authentication Dial-in User Service (RADIUS) and proxy RADIUS server designed for high-performance, extensibility, and integration with external data stores and systems.
CAR supports a range of access technologies from traditional dial and broadband to wireless LANs and mobile wireless. CAR supports the latest wireless authentication protocols such as Extensible Authentication Protocol and Protected EAP used in wireless LAN deployments. CAR also is able to make real-time AAA requests to billing systems to support prepaid applications.
These release notes provide information about this release of CAR 4.2.
Note
CAR 4.2 can be used with Solaris 9, Solaris 10, or Red Hat Enterprise Linux 4.0 32-bit operating system using kernel 2.6.9-22.0.2.EL or later, and Glibc version: glibc-2.3.4-2.13 or later.
Releases of CAR from the 4.1.4 version onwards do not support the Solaris 8 operating system.
Contents
This release note contains the following sections:
•
•
New Features
The following sections describe new features in each release:
•
•
New Features In Cisco Access Registrar 4.2.2
CAR 4.2.2 introduces the following feature
New Properties in CAR 4.2.2
•
NumberOfRadiusIdentifiersPerSocket
NumberOfRadiusIdentifiersPerSocket is found under /Radius/Advanced. This represents the number of RADIUS Identifiers that Cisco AR can use per source port, while proxying requests to remote servers.
To use a different source port for every request that is proxied, you need to set the value of this property to one.
New Features In Cisco Access Registrar 4.2
Note
CAR 4.2 introduces these features.
•
•
•
•
WiMAX Support
WiMAX support is based on the WiMAX forum NWG_R1.1.0_Stage-3 specifications. For CAR to interact with ASN-GW (a.k.a BroadBand Wireless Gateway BWG) and Home Agent, a new WiMAX service is added in CAR 4.2. The type of this service is "wimax". WiMAX service contains—Session Manager (with a session-cache resource manager and HA resource manager), Query Service that is connected to the session manager configured for this service, and Prepaid Service, which are required to connect all the flows appearing in CAR for WiMAX. This service will be used as a container for the new key generation modules and the existing modules such as EAP services.
TPS-Based Licensing
CAR 4.2 follows a new licensing model—based on transactions per second, as opposed to the feature based licensing model in the earlier releases. CAR 4.2 supports the new licensing part numbers that are count based.
While upgrading to CAR 4.2, the licenses of previous versions cannot be used. Backward compatibility support in terms of license will not be available in this version.
Session Scalability
In CAR 4.2 session scalability feature adopts refactoring of current session data structures, as the effort required to build a session manager bottom-up is huge. In this release, the memory capacity to store sessions is enhanced from one million to four millions. The capacity is dependent on the number of attributes that are being captured for each session.
CAR creates sessions in the memory as long as memory is available in the system. When there is no memory in the system, the radius process gets crashed. To avoid crashing, MemoryLimitForRadiusProcess property is added in CAR 4.2.
The default value of MemoryLimitForRadiusProcess is 3500 Megabytes. This property is under /radius/advanced. When the radius process uses more memory than the configured limit, further sessions are not created and CAR rejects further incoming requests.
Dynamic Service Authorization
This feature allows you to access external DBs like LDAP and Oracle first to know which remote servers authenticated services need to be relayed. The requirement is achieved by introducing following three new environment variables:
•
•
•
The service that is selected through scripts, now has an option to set these variables (as appropriate to the phase in which the packet is in) to re authenticate, reauthorize, or recount using another service, thereby the services can be chained using this environment variable.
To put a limit on the count of number of services that can chained, a static value of 10 has been chosen. This limit can be dynamically set (in case required in the field - but not likely) using the Dynamic-Service-Loop-Limit environment variable, which will override the static value of 10.
As part of this feature, the existing LDAP and ODBC service will be opened for look ups for accounting. This means that LDAP and ODBC (Auth service) can be configured as an accounting service. They will essentially look up the database using the attributes in the accounting packet and map necessary information onto environment dictionary (as per the LDAP/ODBCToEnvironment mapping). The other two mappings will not be supported.
Oracle 10g Client,11g Server Support
In this release, CAR has been enhanced to support Oracle 10g Client and 11g Server. CAR 4.2 has been tested and certified with Oracle 9i/10g/11g servers via Oracle 9i/10g clients. CAR 4.2 support for Oracle 8i client/server has been discontinued (Oracle has withdrawn support for 8i client library).
LDAP Bind-Based Authentication
The LDAP client library is enhanced to support LDAPv3. However, no extended features in LDAPv3 are supported. The existing LDAP remote server is enhanced to support bind-based authentication in addition to the existing password-fetch based authentication. A new property, UseBindBasedAuthentication, is added to the existing LDAP remote server to enable or disable bind-based authentication. This is a Boolean value and can be set to TRUE or FALSE.
CRL Support
CAR 4.2 supports CRLs as defined by RFC 3280. HTTP and LDAP-based CRL look ups are supported. CAR 4.2 have provision to support CRL fetching and enforcement. The protocols supported for fetching CRLs would be LDAP and HTTP.
A new property, CRLDistributionURL, is added to the existing TLS-based EAP authentication services. When this property is configured, CAR fetches the CRL from the specified URL at startup. There is a background thread that stores the state of these CRLs and when any of them gets expired it fetches the new version of CRL from the URL again. The expiry information of the CRL will be encoded within it. CAR 4.2 verifies the certificate during the TLS-based authentication. CRL validation is done before accepting a client certificate during the TLS authentication.
Shared Secret Hiding
A new property, HideSharedSecretAndPrivateKeys, is added to /Radius/Advanced configuration section in aregcmd.
The HideSharedSecretAndPrivateKeys property hides:
•
•
When this property is set to TRUE, the following properties are displayed as <encrypted>:
•
–
–
–
–
–
•
–
–
–
–
•
•
•
•
When the value for this property is set to FALSE, all the above properties are displayed in clear text.
Server Virtualization Support
Server virtualization creates virtual machines (VMs) that run separate operating systems. The result is that the VM operates as if it were a separate server with its own operating system. One advantage of server virtualization is its flexibility—server virtualization allows multiple operating systems to be present on a physical machine.
A logical domain(LDoms) is a discrete logical grouping with its own operating system, resources, and identify within a single computer system. Each logical domain can be created, destroyed, reconfigured, and rebooted independently, without requiring a power cycle of the server. Variety of applications software can run in different LDoms and can be kept independent for performance and security purposes.
CAR 4.2 supports deployment on virtual servers over LDoms. A setup involving Sun T 5220 is created and CAR 4.2 is tested by means of running regressions and other tests ensuring CAR 4.2 works fine in LDoms.
Enhancements in Cisco Access Registrar 4.2
Table 1 gives details on the enhancements made in CAR 4.2 over the earlier versions.
Table 1 Enhancements in CAR 4.2
CSCsu49676
CAR bypasses the incoming traffic throttling.
A new property under each Client configuration called EnforceTrafficThrottling is introduced. This property is enabled by default, and you can turn off enforcement for a particular client. Additionally, you are offered more flexibility in choosing whether to enforce throttling by means of scripting. A new environment variable, called Enforce-Traffic-Throttling, has been introduced which can be set to TRUE or FALSE using an extension point script. This environment variable takes precedence over the Client configuration settings, when both are used.
CSCsq53135
CAR supports newer ACS Remote Agent
CAR 4.2 supports the Windows Domain Controller/Active Directory (WDC/AD) and enables you to authenticate users present in a WDC/AD using the CiscoSecure Remote Agent (CSRA).
Note
Note
CSCee44981
CAR sets the sessionkey value for Session Manager.
A new property under each SessionManager configuration called SessionKey is introduced. The SessionManager checks whether the environmental variable Session-Key is set. If the environmental variable is set, the server uses it as the sessionkey. If environmental variable Session-Key is not set then SessionManager gets the value configured in the SessionKey property under SessionManager.
SessionKey can be a combination of attributes separated by colon. The values for those attributes are obtained from the RequestDictionary. If any one of the attributes that is configured for the sessionkey is not present in the RequestDictionary, CAR will drop the request.
However, if Session-Key is not set, SessionManager uses NAS-Identifier and NAS-Port to create the sessionkey.
CSCeh50897
Request to have query-sessions list cache Resource Manager contents.
In CAR 4.2, the query-session is modified to list the contents of the Resource Manager cached attributes in addition to session attributes.
System Requirements
Note
This section describes the system requirements to install and use the CAR software.
Full Installation
Table 2 lists the system requirements for a full installation of CAR.
Client-Only Installation
Table 3 lists the system requirements for installing the client-only component of CAR.
Table 3 Client-Only Requirements
CPU Architecture
SPARC
OS Version
Solaris 9 or Solaris 10
Minimum RAM
32 MB
Recommended RAM
64 MB
Recommended Disk Space
120 MB
Note
The recommended disk space does not include the amount of space needed for accounting records which can grow rapidly depending on how frequently you process and remove them from the CAR disk. If CAR runs out of disk space, it could cause the loss of accounting information and the corruption of session management information.
Co-Existence With Other Network Management Applications
To achieve optimal performance, CAR should be the only application running on a single machine.
Note
You can choose to run collaborative servers such as an Oracle or SQL database system, an LDAP server, or another Solaris application. There are no known conflicts with any other Solaris applications.
You can configure CAR to avoid UDP port conflicts with other network management applications. The most common conflicts occur when other applications also use ports 2785 and 2786. Another possible conflict could be SNMP. If you configure and use SNMP on your CAR server, no other application can be configured to use SNMP on the CAR machine.
Related Documentation
The following is a list of the documentation for CAR 4.2. You can access the URLs listed for each document at www.cisco.com on the World Wide Web. We recommend that you refer to the documentation in the following order:
Cisco Access Registrar 4.2 Documentation Guide (78-18785-01)
http://cisco.com/en/US/docs/net_mgmt/access_registrar/4.2/roadmap/guide/ardocgd.html
Cisco Access Registrar 4.2 Installation and Configuration Guide (OL-17221-01)
http://cisco.com/en/US/docs/net_mgmt/access_registrar/4.2/installation/guide/incfg.html
Cisco Access Registrar 4.2 User Guide (OL-17222-01)
http://cisco.com/en/US/docs/net_mgmt/access_registrar/4.2/user/guide/users.html
Note
.htm
Cisco Access Registrar 4.2 Licensing
CAR 4.2 uses a new licensing mechanism that enables you to activate all features in CAR. During system initialization, the CAR server sets up the licensing data model and activates all features.
In CAR 4.2, licensing is based on transactions per second (TPS). Every license will cover all features, but with restrictions enforced on the TPS. TPS is calculated based on the number of packets flowing into CAR irrespective of the feature.
License Slabs
The license slabs available in CAR 4.2 are listed in Table 4.
Getting Cisco Access Registrar 4.2 License
When you order the CAR 4.2 product, a text license file will be sent to you in e-mail. If you are evaluating the software, Cisco will provide you with an evaluation license.
If you decide to upgrade your CAR software, a new text license file will be sent to you in e-mail.
Note
If you receive a Software License Claim Certificate, you can get your CAR license file at one of the two following URLs:
Use this site if you are a registered user of Cisco.com
•
Use this site if you are not a registered user of Cisco.com.
Within one hour of registration at either of the above web sites, you will receive your license key file and installation instructions in e-mail.
Installing Cisco Access Registrar 4.2 Licenses
You must have a license in a directory on the CAR machine before you attempt to install CAR software. If you have not installed the CAR license file before beginning the software installation, the installation process will fail.
You can store the CAR license file in any directory on the CAR machine. During the installation process, you will be asked the location of the license file, and the installation process will copy the license file to the /opt/CSCOar/license directory, or $INSTALL/license if you are not using the default installation location.
The license file might have the name ciscoar.lic, but it can be any filename with the suffix .lic. To install the CAR license file, you can copy and paste the text into a file, or you can simply save the file you receive in e-mail to an accessible directory.
Adding Additional Cisco Access Registrar 4.2 Licenses
If you add additional licenses, you can open the file in /opt/CSCOar/license and add additional lines to the license file, or you can create an additional license file to hold the new lines. If you add a new file, remember to give it a .lic suffix. You must restart the CAR server for the new license to take effect. To restart the CAR server, enter the following on the server command line:
/opt/CSCOar/bin/arserver restart
Sample License File
The following is an example of a CAR 4.2 license file.
INCREMENT AR-BASE-100TPS cisco 4.2 30-Nov-2008 uncountedHOSTID=ANY \NOTICE="<LicFileID>2008090307</LicFileID><LicLineID>0</LicLineID> \<PAK>dummyPak</PAK>" SIGN=ABCDEF123456INCREMENT AR-ADD-TPS cisco 4.2 30-Nov-2008 uncounted \VENDOR_STRING=<count>100</count> HOSTID=ANY \NOTICE="<LicFileID>2008090307</LicFileID><LicLineID>1</LicLineID> \<PAK>dummyPak</PAK>" SIGN=ABCDEF123456Displaying License Information
CAR provides two ways of getting license information using aregcmd:
•
•
aregcmd Command-Line Option
CAR provides a new -l command-line option to aregcmd. The syntax is:
aregcmd -l directory_name
where directory_name is the directory where the CAR license file is stored.
The following is an example of the aregcmd -l command:
aregcmd -l /opt/CSCOar/licenseLicensed Application: Cisco Access Registrar (Standard Version)Following are the licensed components:NAME VERSION EXPIRY_INFO COUNT==== ======= =========== =====AR-Base-100TPS 4.2 30-Nov-2008 100AR-ADD-TPS 4.2 30-Nov-2008 100Launching aregcmd
The CAR server displays license information when you launch aregcmd, as shown in the following:
aregcmd
Cisco Access Registrar 4.2.1 Configuration UtilityCopyright (C) 1995-2008 by Cisco Systems, Inc. All rights reserved.Logging in to localhost[ //localhost ]LicenseInfo = AR-Base-100TPS 4.2 (expires on 30-Nov-2008)AR-ADD-TPS 4.2 (expires on 30-Nov-2008)Radius/Administrators/Server 'Radius' is Running, its health is 10 out of 10Caveats
This section provides information about known anomalies in CAR 4.2 and information about anomalies from previous versions of CAR that have been fixed.
•
•
•
Anomalies Fixed in Cisco Access Registrar 4.2.2
Table 5 lists the anomalies fixed in CAR 4.2.2.
Table 5 Anomalies Fixed in CAR 4.2.2
CSCse45392
The SNMP Agent is not sending the carServerStop trap when stopping the Server Agent.
Symptoms: The Cisco AR server occasionally fails to send the carServerStop trap when the server has been stopped.
Condition: This might occur when you attempt to stop the Cisco AR server.
Workaround: None.
CSCsi58070
SessionKeyLookup feature uses default session manager when queried session is present in pending removal cache.
Symptoms: Cisco AR uses a default session manager to update or create the session when doing a lookup.
Conditions: This occurs when the session being looked up by an Ascend-IPA-Allocate request is present in pending removal cache.
Workaround: Set the pending removal delay to zero in the cache resource manager.
CSCsl29318
Policy engine rules ExecRealmRule and ExecSuffixRule using the question mark (?) in regular expressions not working properly
Symptoms: Both ExecReamRule and ExecSuffixRule match realms and suffixes that they should not match and behave similar to specifying a wild card.
Conditions: This occurs when the question mark is used as the first character in the ExecReamRule or ExecSuffixRule.
Workaround: None.
CSCsj91620
Unable to release certain sessions.
Symptoms: In Cisco Access Registrar 4.1.2, it might be possible to encounter conditions in which user sessions are not properly logged out. If per-user session limits are used, affected users might eventually be unable to connect.
Evidence of this can be found when running the release-sessions command. If affected, output will be similar to the following:
--> release-sessions /radius with-User user1@cisco.comReleased 1 session(s) with-User user1@cisco.com for /Radius/SessionManagers--> release-sessions /radius with-User user1@cisco.comReleased 1 session(s) with-User user1@cisco.com for /Radius/SessionManagers--> query-sessions /radiusSessions for /Radius:Sessions for /Radius/SessionManagers/SessionLM:S2 Key: 10.0.0.1, NAS: 192.168.0.1, NAS-Port: 0, User-Name: user1@cisco.com, Time: 510:09:24Conditions: Issue seen with user traffic on Cisco AR version 4.1.2. Issue is intermittent and does not appear to affect all accounts.
Workaround: Repeated use of the release-session command does eventually release the session. Releasing the sessions via the GUI can occasionally work as well. Older sessions can be prevented from running into this by using "Stale session Timeout".
CSCsw36990
Packet type is missing with ExecRealmRule and ExecSuffixRule.
Symptoms: When any of the rules fail, the packet type is modified with " "(empty), and returns the error "The packet type is not correct".
Conditions: The scripts ExecRealmRule and ExecSuffixRule is not working with "OR" rule when the particular user is present in the second rule and not in first rule.
Workaround: None.
CSCsx12877
Unable to start Error Assertion failed: size > 0; file aheap_global.cpp.
Symptoms: AR fails to start and the following error message appears in the name_radius_1_log:
12/01/2008 1:22:33 name/radius/1 Error System 0 Assertion failed: size > 0; file aheap_global.cpp, line 49, data 0x0Conditions: When the _TLSSessionStore file in /opt/CSCOar/temp is corrupted.
Workaround:
1.
/etc/init.d/arserver stop2.
mv /opt/CSCOar/temp/_TLSSessionStore /opt/CSCOar/temp/_TLSSessionStore.bak3.
/etc/init.d/arserver startCSCsx28791
CAR cores when EAP-TTLS authenticator is timed out during authentication
Symptoms: CAR restarts and produces a core during EAP-TTLS authentication with inner method odbc server. The log/trace message contains "invalid data in EAP request".
Conditions: Inner method might cause delay to complete authentication.
Workaround: Increase the AuthenticationTimeout value under EAP Services.
CSCsx50129
Validation check is not getting executed on unfiltered session managers.
Symptoms: While validating //localhost, the following errors were found.
/Radius/Advanced/SessionPurgeInterval: Dependent property either SessionTimeOut or PhantomSessionTimeOut should be set in atleast one of SessionManagerThese errors must be corrected before saving.
Conditions: Filter one session manager and delete that session manager.
Workaround: Unfilter the session manager, before executing the 'save' command.
CSCsw44934
Upgrade from 4.1.5 to 4.2 failed with segmentation fault.
Symptoms: Upgrade from CAR 4.1.5 to CAR 4.2 failed with the following error.
Mcdadmin-level upgrade completedAregcmd-level upgrade in progressConfiguration DB analysis is in progressWait../opt/CSCOar/.upgrade/upgrade-ar.sh: line 97: 24003 Segmentation fault CALL_AREGCMD ls -R /Radius >$ORIGLSThe upgrade procedure has failed. To restart, you must first uninstall AR with pkgrm, and then install again with pkgadd.error: %post(CSCOar-4.2.1-1225991489.i386) scriptlet failed, exit status 139Conditions: Total number of SessionManager objects configured in the CAR is greater than 64.
Workaround: Perform the following steps.
1.
/cisco-ar/bin/mcdadmin -se /tmp/mcd-config-4.1.5.txta.
b.
2.
/cisco-ar/bin/mcdadmin -se /tmp/only-session-manager.txt -p "/servers/name/radius/1/providers/provider1/sessionmanagers/"3.
/cisco-ar/bin/mcdadmin -s -R "/servers/name/radius/1/providers/provider1/sessionmanagers/"4.
mcdadmin -se /tmp/mcd-config-without-sessionmanagers.txt5.
[ servers/name/radius/1/providers/provider1/sessionmanagers ]_version = int32:[0]3676.
/cisco-ar/bin/mcdadmin -scoi /tmp/mcd-config-without-sessionmanagers.txt7.
8.
/cisco-ar/bin/mcdadmin -si /tmp/only-session-manager.txt9.
Note
CSCsu76289
User-Name in session should have outer identity instead of inner identity.
Symptoms: WiMAX session manager unable to cache the outer identity of an user.
Conditions: A variable that will set the session manager to cache outer or inner identity as needed.
Workaround: Set the newly introduced environment variable "Cache-Outer-Identity" to TRUE, WiMAX session manager will cache the outer identity.
Note
CSCsy34221
AttributesToBeCached attributes are not replicated to slave AR server.
Symptoms: AR Replication does not propagate changes made to /Radius/ResourceManagers/<...>/AttributesToBeCached.
Conditions: Issue is experienced only for attributes under AttributesToBeCached object. All other objects continue to be replicated properly.
Workaround: Perform Full Resynchronization. For details on how to perform full resync please refer to Chapter 11, "Using Replication," of Cisco CNS Access Registrar User Guide.
CSCsx19905
CAR4.2.1 Upgrade does not migrate existing tclscript script file.
Symptoms: When upgrading to CAR 4.2.1, the tcl script file is replaced with a new file resulting in loss of earlier configuration details.
Conditions: Some of the configuration files are not restored on upgrade to CAR 4.2.1.
Workaround: Before upgrading, backup the existing file to prevent any loss of data. After upgrading, replace the /opt/CSCOar/scripts/radius/tcl/tclscript.tcl with the backup file.
CSCsy70769
CAR need to support certificates signed with SHA256 digest algorithm.
Symptoms: TLS accept status (-1): (1) error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm.
Conditions: sha256 with RSAEncrpytion signature algorithm used in X.509 certificate.
Workaround: None.
Known Anomalies in Cisco Access Registrar 4.2
Table 6 lists the known anomalies in CAR 4.2.
Anomalies Fixed in Cisco Access Registrar 4.2
Table 7 lists the anomalies fixed in CAR 4.2.
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
CCDE, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0812R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2007-2009 Cisco Systems, Inc. All rights reserved.
Guest
