Downloads |
Product BulletinNo. 2135
Cisco IOS Software Release 12.2(13)ZH
This product bulletin describes the content and delivery information for Cisco® IOS® Software Release 12.2(13)ZH. It should be used in conjunction with the Cisco IOS Software Release 12.3T product bulletin. Cisco IOS Software Release 12.2(13)ZH is a short-lived, early deployment release that will be supported in the second release of Cisco IOS Software Release 12.3T. It supports the Cisco 831, 836, and 837 routers, and Cisco 1700 Series routers (Cisco 1701, 1710, 1720, 1721, 1751, 1751-V, and 1760).
The platform and features delivered with this early deployment release will be immediately incorporated into the second release of Cisco IOS Software Release 12.3T. The timeframe for the availability of the second release of the Cisco IOS Software Release 12.3T train is the first quarter of calendar year 2004. Please note that this timeframe is subject to change.
Future early deployment releases will be provided for maintenance support until Cisco IOS Software Release 12.2(13)ZH becomes available in the second release of Cisco IOS Software Release 12.3T.
In addition to the supported features described in this product bulletin, more information is available in the release notes for Cisco IOS Software Release 12.2(13)ZH.
Customers should prepare to upgrade using the migration path shown in Figure 1.
Figure 1:
Cisco IOS Software Release 12.2(13)ZH Release Train and Migration Guide
New Features in Cisco IOS Software Release 12.2(13)ZH
Table 1 lists the features delivered in the Cisco IOS Software Release 12.2(13)ZH.
Table 1 Cisco IOS Software Release 12.2(13)ZH New Features
Detailed Information
New Platform
Cisco 1701 Router
The Cisco 1701 is an ADSL security router, ideal for providing secure and reliable Internet and corporate network connectivity to enterprise small branch offices and small and medium-sized businesses. It is a fixed-configuration, dual-port router in a desktop form factor that offers business-class ADSL over basic telephone service with a redundant ISDN (basic rate interface [BRI-S/T]) WAN link to ensure high availability of critical business applications. The Cisco 1701 router also supports numerous integrated security services, as well as advanced QoS features, to prioritize mission-critical data traffic.
New Hardware
1-Port ADSL over ISDN WIC
The ADSL over ISDN WIC (part number WIC-1ADSL-I-DG) conforms to Cisco WICs and Voice Interface Cards (VIC) and enables ADSL services to be deployed. The WIC supports the UR-2 and Annex B G.992.1 technical specifications and complies with ANSI T1.413 Issue 2. It targets the business ADSL over ISDN market in European countries where there is a significant installed base of ISDN, including Germany and parts of Belgium, Switzerland, Norway, Spain, Austria, and the Netherlands.
New Software Features
Direct HTTP Enrollment with Certificate Authority Servers
Some certificate authorities support enrollment via HTTP. Cisco IOS Software should allow a user to specify a profile for HTTP enrollment-related operations. Cisco IOS Software will fill in the command template within the profile with the PKCS 10 certificate request and up to eight user-provided values. The resulting message will be sent to the HTTP server and the response will be parsed for a privacy enhanced mail (PEM) format certificate.
DHCP Option 82
DHCP Option 82 allows the DHCP server to allocate an IP address from a pool, based upon the contents of the Option 82 fields. Cisco Catalyst® 3550 and 4000 series switches have support for Option 82 in their DHCP relay implementations. The information sent via Option 82 will be used to identify which port the DHCP request came in on.
There are multiple sub-options defined in DHCP for Option 82:
1. Agent Circuit ID sub-option
a. The contents vary between the Cisco Catalyst 3550 and 4000 series systems
Cisco Catalyst 3550 Series = Simple Network Management Protocol (SNMP) index of the port
Cisco Catalyst 4000 Series = virtual LAN (VLAN) + module + port information
a. On both switches, this field is used to identify the Media Access Control (MAC) address of the switch
DHCP Option 82 provides a Cisco IOS Software-based DHCP server to be enhanced, providing address allocation based upon the unparsed contents of the Agent Circuit ID and the Agent Remote ID sub-options.
General Voice Routing Enhancements
Functional enhancements have been added to improve call routing on Cisco 1751 and 1760 voice over IP (VoIP) gateways, including:
- Incoming call blocking
- Trunk group enhancements
- Carrier-sensitive routing
- A new attribute, carrier ID, is defined in a trunk group
- Digit manipulation enhancement
- New translation profile support with translation rules, referenced by a trunk group for incoming and outgoing call number translation
- Multiple trunk groups support
- Support for up to 64 trunk groups can be defined in a dial peer
- Carrier ID dial-peer matching
- Carrier resource management
- Source IP group support for SIP/H.323 calls, to identify the source of a VoIP call; selected services such as number translation or inbound dial peer can be provided to the call
- ENUM support (RFC 2916 "E.164 number and DNS") specifies how the domain name server (DNS) can be used for identifying available services connected to one E.164 number
SIPv2 Enhancement
Voice routing enhancement for SIPv2.
IVR and VXML Enhancements
Functional enhancements improve IVR and VXML support on Cisco 1751, 1751-V, and 1760 VoIP gateways.
- Enhanced Toolkit Command Languate (TCL) command library for scripting to meet the needs of Internet service providers (ISPs) and Internet telephony service providers (ITSPs), configuring dynamic prompts, customizing accounting templates, and directing authentication, authorization, and accounting (AAA) requests for voice gateways
- TCL-based IVR call-back support
VXML support in Cisco IOS Software
- Basic and enhanced VXML infrastructure (XML parser, HTTP client, VXML session application, and Javascript library).
- VXML Voice Store and Forward support for user who want to develop voice, fax, and messaging services.
- VXML Call Transfer with enhanced accounting information (automatic number identification [ANI], RDNIS and caller's account number).
- VXML RECORD Element and Media Steam Recording Support. This allows users to record audio messages into the gateway's memory using a VXML application. This can be stored and replayed using an external storage based on HTTP, FTP, or Trivial File Transfer Protocol (TFTP).
- VXML-based fax relay.
- Support for setting the VXML and HTTP debug levels.
Voice Infrastructure Enhancements
Functional enhancements improve voice support on Cisco 1751 and 1760 platforms in their function as VoIP gateways.
- Logging support for debugging on the Cisco IOS Software interface used by DSPs
- VoIP signaling debugging enhancements
- Cisco Express Forwarding for VoIP for VRFLite
- Call-control layer enhancements
- Cisco Express Forwarding support for VoIP traffic that originates or terminates on the Cisco 1751 and 1760 voice gateways
Cisco IOS Telephony Service Version 2.1
Cisco IOS Telephony Service offers an entry-level IP telephony solution integrated directly into Cisco IOS Software. Customers can now deploy voice, data, and IP telephony on a single platform for their small offices. Cisco IOS Telephony Service offers a core set of phone features that customers commonly require for their everyday business needs, and takes advantage of the numerous voice capabilities that are available in Cisco IOS Software to provide a robust IP telephony offering for the small office environment.
Cisco IOS Telephony Service Version 2.1 provides support for new features, including additional languages, phone loads for Cisco CallManager 3.1 and above, GUI customization capability, Live Feed Music on Hold (MoH), H450.2 and H450.3 support in Cisco IOS Software, Consultative Transfer, and Hookflash Transfer.
Cisco IOS Telephony Service Version 2.1 has been released in Cisco IOS Software Release 12.2(11)YT. However, in Cisco IOS Software Release 12.2(13)ZH, Cisco IOS Telephony Service Version 2.1 is now supported on the Cisco 1700 Series in combination with the below configurations. These combinations were not supported in Cisco IOS Software Release 12.2(11)YT.
Cisco SRST Version 2.1
The Cisco SRST feature offers enterprises a reliable mechanism for providing continuous IP telephony services to small branch offices in the event of an outage. Cisco SRST enables enterprises to build large IP telephony networks using centralized call processing resources.
Cisco SRST Version 2.1 provides support for additional languages and for the Cisco IP Phone Expansion Module 7914.
Cisco SRST Version 2.1 has been released in Cisco IOS Software Release 12.2(11)YT. However, in Cisco IOS Software Release 12.2(13)ZH, Cisco SRST Version 2.1 is supported on the Cisco 1700 Series in combination with the below configurations. These combinations were not supported in Cisco IOS Software Release 12.2(11)YT.
HTTPs/FTP/Telnet Authentication Proxy (with Absolute and Inactive Timers)
When authentication proxy is enabled on the Cisco router, users can log in to the network or access the Internet via HTTP. When a user initiates an HTTP session through the firewall, the authentication proxy is triggered. Authentication proxy will first check to see whether a user has been authenticated. If a valid authentication entry exists for the user, the authentication proxy completes the connection without any further intervention. If no entry exists, the authentication proxy responds to the HTTP connection request by prompting the user for a user name and password. When authenticated, their specific access profiles are automatically retrieved and applied from a Cisco Secure ACS, or other Remote Authentication Dial-In User Service (RADIUS) or Terminal Access Controller Access Control System (TACACS+) authentication server. The user profiles are active only when there is active traffic from the authenticated users.
This special release of Cisco IOS Software Release 12.2(13)ZH adds authentication proxy support for both FTP and Telnet sessions with absolute timers and inactive timers enhancements.
URL Filtering (Websense)
Enterprises and small and medium-sized businesses may need to monitor, manage, and restrict employee or user access to nonbusiness or objectionable content on the Internet. ISPs may want to sell this as a managed service to their end users. This can be achieved through installing Websense on a local host. Websense is a URL filtering software that can filter HTTP requests based on destination host names, destination IP addresses, key words, and user names. It maintains a URL database of more than 20 million sites organized into more than 60 categories and subcategories.
The Cisco IOS Firewall, also known as Content Based Access Control (CBAC) or the inspection module, interacts with the Websense server to know whether a particular URL is allowed or blocked. The Websense server is assumed to be on a protected network, where the requests from the Cisco IOS Firewall will not have to traverse an unprotected network to reach the Websense server.
URL Filtering (N2H2)
Enterprises and small and medium-sized businesses may need to monitor, manage, and restrict employee or user access to nonbusiness or objectionable content on the Internet. ISPs may want to sell this as a managed service to their end users.
N2H2 is a globally deployed URL filtering software that can filter HTTP requests based on destination host name, destination IP address, user name, and password. It relies on a sophisticated URL database exceeding 15 million sites and organized into more than 40 categories, using both Internet technology and human review. With widespread use of N2H2 in enterprises and small and medium-sized businesses, supporting N2H2 on Cisco 8xx routers is necessary to reach customers that want to deploy N2H2 URL filtering.
This feature enables Cisco 830 Series routers to perform URL filtering based on the N2H2 server. When a Cisco 830 Series router receives an HTTP request, it sends a query request to the N2H2 server with the requested URL. The N2H2 server will perform some necessary lookups for the URL and send back a query response. Based on the N2H2 server's response, the Cisco 830 Series router will either block the HTTP request by redirecting the browser to a block page, or proceed with normal HTTP processing. This feature is currently available on the cache engine and Cisco PIX® Series firewalls. It uses the Internet Filtering for PIX Protocol (IFP).
SIP Through Firewall
Firewall and Network Address Translation (NAT) traversal for SIP is complex, in part due to the large number of scenarios and the solutions developed to solve them. The following documentation provides deployment scenarios and technical details.
NAT and Firewall Scenarios and Solutions for SIP:
http://www.jdrosen.net/papers/draft-rosenberg-sipping-nat-scenarios-00.txt
These drafts describe how SIP works with firewalls and NATs:
http://www.cs.columbia.edu/sip/drafts_firewall.html
VRRP
VRRP enables one router to act as a backup for another router. If the primary router fails, the secondary router takes over automatically. The function is similar to Hot Standby Router Protocol (HSRP).
CB-QoS MIB Support
CB-QoS MIB provides the necessary SNMP instrumentation to monitor QoS parameters.
Product Numbers
Table 2 provides the feature sets, images, and memory recommendations for Cisco IOS Software Release 12.2(13)ZH.
1. The memory recommendations in Table 2 account for Cisco IOS Software Release 12.2(13)ZH feature support in the Cisco IOS Software Release 12.4 mainline.
2. The Cisco 1751 platform is limited to 16 MB Flash memory only, whereas the Cisco 1751-V system supports up to 32 MB Flash memory.
Table 2 Cisco IOS Software Release 12.2(13)ZH Feature Sets, Images, and Memory Recommendations
Download Information
Customers can download Cisco IOS Software Release 12.2(13)ZH Software from the Cisco.com software image library.