[an error occurred while processing this directive]

Cisco AVS 3100 Series Application Velocity System

Release Note for the Cisco Application Velocity System (Software Version 5.0.x)

Hierarchical Navigation

Downloads

 Feedback

Table Of Contents

Release Note for the Cisco Application Velocity System

Contents

Supported Product Upgrades

New Features in Software Version 5.0.1

Account Information

Performance Node and Console Version Match

Upgrading the AVS 3110

Upgrading the AVS 3120 and AVS 3180

Before Upgrading the AVS 3120 or AVS 3180

Backing up the AVS 3180 Before Upgrading

Upgrading the AVS 3120 and AVS 3180 to Software Version 5.0.1 or 5.0.2

Reverting to a Previous Software Version Using a Backup File

Reverting to a Previous Software Version

Restoring the AVS 3180 database

Password Recovery Procedure

Frequently Asked Questions (FAQ)

Software Version 5.0.2 Open and Resolved Caveats

Software Version 5.0.2 Open Caveat

Software Version 5.0.2 Resolved Caveats

Software Version 5.0.1 Open and Resolved Caveats

Software Version 5.0.1 Open Caveats

Software Version 5.0.1 Resolved Caveats

Related Documentation

Obtaining Documentation

Cisco.com

Product Documentation DVD

Ordering Documentation

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Obtaining Technical Assistance

Cisco Technical Support & Documentation Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information


Release Note for the Cisco Application Velocity System

August 11, 2006

Note The most current Cisco documentation for released products is also available on www.cisco.com. The online documents may contain updates and modifications made after the hardcopy documents were released.

Contents

This release note applies to software versions 5.0.0, 5.0.1, and 5.0.2 of the Application Velocity System (AVS). This release note contains the following sections:

Supported Product Upgrades

New Features in Software Version 5.0.1

Account Information

Performance Node and Console Version Match

Upgrading the AVS 3110

Upgrading the AVS 3120 and AVS 3180

Reverting to a Previous Software Version Using a Backup File

Password Recovery Procedure

Frequently Asked Questions (FAQ)

Software Version 5.0.2 Open and Resolved Caveats

Software Version 5.0.1 Open and Resolved Caveats

Related Documentation

Cisco Product Security Overview

Obtaining Technical Assistance

Supported Product Upgrades

You can upgrade previous releases of the Cisco AVS 3110 or FineGround Velocity product in the field. The method of upgrading depends on the appliance version you have. Table 1 lists the upgrade paths and methods that are available for the appliance. To upgrade to 5.0.1 or 5.0.2, the product must be at version 4.0 or later.

Table 1 Supported AVS Upgrade Methods

Existing Products Release
Upgrade Product Release
Software Upgrade Method
Notes

AVS 5.0

AVS 5.0.1, 5.0.2

Supported

Obtain correct appliance image from www.cisco.com

Velocity or AVS 4.0

AVS 5.0.0, AVS 5.0.1, AVS 5.0.2

Supported (Must be at 4.0 or greater)

Obtain correct appliance image from www.cisco.com

Velocity 3.2.5
Velocity 3.2.1
Velocity 3.2.0
Velocity 3.1.0

AVS 4.0.0

Supported (Must be at 3.1.0-5 or greater)

Obtain correct appliance image from www.cisco.com


New Features in Software Version 5.0.1

This section describes the new features and changes in software version 5.0.1.

Performance is enhanced.

There is a new command line interface (CLI) command named show inventory. This command displays information about the application appliance such as its name, serial number, description, model name, and hardware revision.

There are new SNMP MIB variables that provide the same information as the new show inventory command. These are listed in Table 2.

Table 2 New MIB Variables

Variable
OID
Description

entPhysicalName

.1.3.6.1.2.1.47.1.1.1.1.7.0

Name of application appliance

entPhysicalSerialNumber

.1.3.6.1.2.1.47.1.1.1.1.11.0

Serial number of application appliance

entPhysicalDescription

.1.3.6.1.2.1.47.1.1.1.1.2.0

Description of application appliance

entPhysicalModelName

.1.3.6.1.2.1.47.1.1.1.1.13.0

Model name of application appliance

entPhysicalHardwareRev

.1.3.6.1.2.1.47.1.1.1.1.8.0

Hardware revision of application appliance


Account Information

The following account information may be helpful to you during and after an upgrade:

The grub password is set to FineGr0und5!
Grub will ask you for this password if you want to change the normal boot process.

The pam_tally option in /etc/pam.d/system-auth disables accounts after a specified number of failed logins. The root account is exempt from this check. The support for this option is included but not activated in /etc/pam.d/system-auth. To enable this option, uncomment the auth and account lines that contain references to pam_tally. A disabled account can be restored by the root user by using the following command:

/sbin/pam_tally --user username --reset

After updating to version 5.0.1 or 5.0.2, the only accounts with a valid login shell will be fgn and root.

After updating to version 5.0.1 or 5.0.2, the fgn account password is reset to fineground.

The user fgn is allowed to su into root.

Root cannot log in using ssh. Root log in is allowed only from the serial console (ttyS0) through a PC connected to the serial port and running a terminal emulation program, or the console (tty1) through a keyboard and mouse connected directly to the appliance. These terminals require physical access to the appliance.

Performance Node and Console Version Match

You must upgrade all deployed performance nodes to match the software version of the Management Console. For example, for the AVS 5.0.2 software release, you must upgrade all of the performance nodes to version 5.0.2. Without these performance node upgrades, critical management features such as performance node configuration versioning will not function correctly.

Upgrading the AVS 3110

To upgrade the AVS 3110 from software versions 4.0 or 5.0 to versions 5.0.1 or 5.0.2, perform the following procedure.Ensure that you run the installation as the root user.

Step 1 Obtain the appliance upgrade image file, AVS3110-K9-5.0.1-UPGRADE.tar, from www.cisco.com.

Step 2 Shut down all AVS related processes, by executing the following commands: 

# /etc/init.d/fgnpn_6628c641c56f7e6e1e6aec5f24e328c17f81683b stop

# /etc/init.d/fgnmc_de1eb23f6ecf273bee6b4561cd29368e3e539712 stop

# /etc/init.d/fgndb_de1eb23f6ecf273bee6b4561cd29368e3e539712 stop

Step 3 Change directory to the following path: 

cd /usr/local/fineground/appliance

Step 4 Make an upgrade501 or upgrade502 directory. For example: 

mkdir upgrade501

Step 5 Change to this new directory: 

cd upgrade501

Step 6 Copy the appliance upgrade image file to this location.

Step 7 Extract the TAR archive. For example: 

tar zxvf AVS3110-K9-5.0.1-UPGRADE.tar

Step 8 Change to the bin directory: 

cd bin

Step 9 Execute the appliance upgrade script: 

./run.sh upgrade-fgn

Step 10 Change to the hardening directory: 

cd ../hardening

Step 11 Execute the hardening script: 

./fgn_up2date.sh  |tee -a ./rpm-update.log 2>&1

Step 12 Reboot the appliance by issuing the reboot command:

Step 13 After the appliance starts, change to bin directory in the location where you extracted the TAR archive: 

cd /usr/local/fineground/appliance/upgrade501/bin

Step 14 Execute the system upgrade script with the upgrade-system flag to upgrade the operating system and the system: 

./run.sh upgrade-system

Note The system upgrade process (system hardening) takes time to complete. Do not interrupt the process by typing Ctrl-C (or any other interrupt keys). You must wait until the shell prompt appears. To monitor the progress, open a new shell and use the following command:
tail -f /usr/local/fineground/appliance/upgrade501/hardening/logs/hardenlog

Step 15 Reboot the appliance by issuing the reboot command:

Step 16 Reregister all upgraded nodes with the Management Console. To do this, open the Management Console, open a node and click the Edit Properties command. Click Apply, without making any changes to the properties. Repeat this for each node defined in the Management Console.

If no errors occurred during the upgrade process, the appliance should be upgraded.

Step 17 Perform this procedure on each appliance that you want to upgrade.

Note The following non-critical error message is logged in hardening/logs/update-rpms.log:

sleep: relocation error: /lib/i686/librt.so.1: symbol __pthread_clock_settime, version GLIBC_PRIVATE not defined in file libpthread.so.0 with link time reference

This message occurs because glibc and its dependencies are updated, and when sshd is restarted after the update it refers to preloaded glibc libraries that have been replaced. This message can be ignored.

Upgrading the AVS 3120 and AVS 3180

This section contains information on the steps you must take prior to upgrading your AVS 3120 or
AVS 3180, how to back up an appliance prior to upgrading, and the software upgrade procedure. Refer to the following topics to upgrade your appliance.

Before Upgrading the AVS 3120 or AVS 3180

Backing up the AVS 3180 Before Upgrading

Upgrading the AVS 3120 and AVS 3180 to Software Version 5.0.1 or 5.0.2

Before Upgrading the AVS 3120 or AVS 3180

Due to caveat CSCse73892 (as described in Software Version 5.0.2 Open Caveat), you must perform the following procedure before upgrading the software on AVS 3120 or AVS 3180 (this caveat does not apply to AVS 3110).

Step 1 Reboot the system using the safe mode option.

Step 2 Login as root.

Step 3 Mount the file system to copy the group file. For example: 

mount /dev/hda2 /mnt

Step 4 Copy the /etc/group file to local tmp directory. For example: 

cp -p  /mnt/etc/group /tmp/group.backup

umount /mnt

Step 5 Run the upgrade process as described in Upgrading the AVS 3120 and AVS 3180.

Step 6 When the upgrade process is completed, mount the file system and copy the group file. For example: 

mount /dev/hda2 /mnt

cp -p /tmp/group.backup /mnt/etc/group

Step 7 Reboot the system.

Backing up the AVS 3180 Before Upgrading

The AVS 3180 upgrade process does not back up the database automatically. You must back up the database manually before beginning the upgrade procedure. Follow these steps to back up the database:

Step 1 Obtain PostgreSQL from http://www.postgresql.org/ and install it onto a remote host system that has enough disk space to hold the full database backup. The amount of disk space required could be as large as 180 GB, if the database is around 160 GB in size.

Step 2 From the remote host, back up the AVS database by using the postgreSQL utility pg_dump. This utility copies the database from the AVS 3180 into a series of text files on the remote host. The command is as follows: 

$PG_HOME/bin/pg_dump -h AVShostname -U fineground -p 5432 fgnlog | split -b 1024m - backupFilename

The keywords, arguments, and options are:

-h AVShostname - Hostname or IP address of the AVS 3180 where the database resides

-U fineground - Connects to the database with the fineground username

-p 5432 - Port number to use to connect to the database

fgnlog - Name of the database

| split -b 1024m - - Splits the output of pg_dump into separate files that have a maximum size of 1024 MB

backupFilename - Pathname of the file to hold the database back up. The split program creates more than one file, appending two letters (aa, ab, and so on) to the name for each subsequent file it creates.

It is usually necessary to divide the output of pg_dump into a series of files because of the maximum file size limitations of the operating system. The maximum file size for the linux version 2.4 kernal is
2 GB. The maximum file size on other operating systems may vary.

Iptables may prevent the remote host from connecting to the AVS 3180 where the database resides. If this occurs, execute the following commands on the AVS 3180: 

/sbin/iptables -F

/sbin/iptables -X

Upgrading the AVS 3120 and AVS 3180 to Software Version 5.0.1 or 5.0.2

To upgrade the AVS 3120 or AVS 3180 from version 5.0 to version 5.0.1 or 5.0.2, perform the following procedure.

Step 1 Place the upgrade image file onto a local FTP server that can be accessed with an account that has both read and write access. The image file will be named AVS3120-K9-version.tar.gz for the AVS 3120 or AVS3180-K9-MGMT-version.tar.gz for the AVS 3180.

Step 2 Reboot into safe mode by using the reboot CLI command: 

velocity>reboot safe-mode

Step 3 After one minute, access the AVS appliance using SSH. Use the username fgn and the password fineground. Change to the super user mode by using the su command with the dash option: 

bash-2.05b$ su - root

At the password prompt, enter the root password (the default is FineGr0und5!)

Step 4 Change to the /usr/sbin directory: 

-sh-2.05b# cd /usr/sbin

Step 5 Run the upgrade.sh script. The syntax is: 

-sh-2.05b# ./upgrade.sh upgradefile ftpserverIP usrid password backup | no-backup

The arguments and options are:

upgradefile - File name of the upgrade image file

ftpserverIP - IP address of the FTP server

usrid- User name for the FTP server

password- Password for the FTP server

backup | no-backup - Indicates whether a backup file is kept. If you select backup, a backup file, (AVS-3120.tar for the AVS 3120 or AVS-3180.tar for the AVS 3180) is copied to the FTP server. This file is an archive of image files generated from partitions of system, application, and configuration data. On the AVS 3180, this backup option does not back up the database. A warning is displayed to back up the database separately before proceeding with the upgrade.

We recommend that you use the backup option to generate a backup file in case you need to revert to the previous software version. To allow you to revert to the previous software version, you must use this option to generate a backup file.

Once the upgrade completes successfully, the message "The Upgrade Completed Successfully" is displayed.

Step 6 Enter the reboot command to reboot the AVS appliance into the runtime image: 

-sh-2.05b# reboot

Reverting to a Previous Software Version Using a Backup File

This section describe how to revert to a previous software version using the backup file generated when you specified the backup option for the upgrade sh script. This section also describes how to restore the AVS 3180 database.

Reverting to a Previous Software Version

Restoring the AVS 3180 database

Reverting to a Previous Software Version

To revert to a previous software version using a backup file:

Step 1 Place the backup image file onto a local FTP server. If you followed the upgrade procedure in this document and chose the backup option, the backup image file will exist on the same FTP server you used for the upgrade.

Step 2 Reboot into safe mode by using the reboot CLI command: 

velocity>reboot safe-mode

Step 3 After one minute, access the AVS appliance using SSH. Use the username fgn and the password fineground. Change to the super user mode by using the su command with the dash option: 

bash-2.05b$ su - root

At the password prompt, enter the root password (the default is FineGr0und5!)

Step 4 Change to the /usr/sbin directory: 

-sh-2.05b# cd /usr/sbin

Step 5 Run the restore.sh script. The syntax is: 

-sh-2.05b# ./restore.sh backupfile ftpserverIP usrid password

The arguments are:

backupfile - File name of the backup image file

ftpserverIP - IP address of the FTP server

usrid - User name for the FTP server

password - Password for the FTP server

Once the process completes successfully, the message "Restore has completed" is displayed. On the AVS 3180, you must restore the database separately because it is not backed up by the backup utility. See the following procedure for details.

Step 6 Enter the reboot command to reboot the AVS appliance into the runtime image: 

-sh-2.05b# reboot

Restoring the AVS 3180 database

For the AVS 3180, you must restore the database separately because it is not backed up by the backup utility. To restore the database on the AVS 3180 from a backupfile:

From the remote host, restore the AVS database by using the postgreSQL utility psql. This utility reads in the backup files and enters the data back into the AVS database. The command syntax is as follows: 

cat backupFilename* | $PG_HOME/bin/psql -h AVShostname -U fineground -p 5432 fgnlog

The keywords and arguments are:

cat backupFilename* - Pathname of the database backup file that you specified during the backup procedure. The asterisk at the end ensures that all of the multiple split files are read.

| $PG_HOME/bin/psql - Restores the database from the backup files

-h AVShostname - Hostname or IP address of the AVS 3180 where the database resides that you are restoring

-U fineground - Connects to the database with the fineground username

-p 5432 - Port number to use to connect to the database

fgnlog - Name of the database

The backed up data is appended to the database during the restore procedure, except for duplicate records, which are not added to the database.

Password Recovery Procedure

To reset the root password for the AVS appliance, follow the procedure below. This procedure applies to the AVS 3110, AVS 3120, and AVS 3180.

Step 1 Connect a console to the application appliance and then restart the application appliance.

Step 2 When you see the following boot screen, press the "p" key. 

GRUB Loading stage1.5.


GNU GRUB  version 0.94  (635K lower / 4127680K upper memory)


-------------------------------------------------------------------

0: Cisco AVS Runtime Image

1: Cisco AVS Maintenance Image

-------------------------------------------------------------------


Use the ^ and v keys to select which entry is highlighted.

Press enter to boot the selected OS or 'p' to enter a

password to unlock the next set of features.

Step 3 Enter the password when prompted (the default password is FineGr0und5!) and press Enter: 

Password: ************

Step 4 Enter the letter "e" next (without pressing Enter).

Step 5 Use the down arrow key to select choice 1 (kernel) from the following list. 

-------------------------------------------------------------------

0: root (hd0,1)

1: kernel /boot/vmlinuz-espresso ro root=/dev/sda2 console=ttyS0

2: initrd (hd0,1)/boot/initrd-espresso

-------------------------------------------------------------------

Step 6 Enter the letter "e" next (without pressing Enter). The following command is displayed: 

grub edit> kernel /boot/vmlinuz-espresso ro root=/dev/hda2 console=ttyS0

Step 7 Add a space character followed by the word single to the command line, as follows, then press Enter: 

grub edit> kernel /boot/vmlinuz-espresso ro root=/dev/hda2 console=ttyS0 single

Step 8 Enter the letter "b" (without pressing Enter).

Step 9 The appliance will boot into single user mode. The command prompt will be displayed after the boot process.

Step 10 Use the passwd command to change the root password: 

sh-2.05b# passwd

Changing password for user root.

New password:

Step 11 Reboot the appliance by using the reboot command: 

sh-2.05b# reboot

Frequently Asked Questions (FAQ)

This section provides help on specific issues, problems, and questions.

Q. How can I change the IP address of the appliance once it has been already installed?

A. Use the CLI command set interface to change the IP address on the AVS 3120 and AVS 3180 appliances. On the AVS 3110 appliance, you can run the /usr/local/appliance/bin/appliance-netconf.py utility or edit the network configuration file /etc/sysconfig/network-scripts/ifcfg-eth0 using a text editor and change the IPADDR= directive. You must run the appliance-netconf.py script from the appliance console.

Q. How can I change the host name of the appliance?

A. Use the CLI command set hostname to change the host name on the AVS 3120 and AVS 3180 appliances. On the AVS 3110 appliance, edit the network configuration file /etc/sysconfig/network using a text editor and change the HOSTNAME= directive.

Q. How do I access the appliance remotely?

A. The only way to access the appliance remotely is by using SSH.

Q. Of the multiple network interfaces found on the back panel of the AVS appliance, which one is active?

A. On the AVS 3120 appliance, the left-most interface (Ethernet 1) is the active interface. On the AVS 3180 appliance, the lower interface (Ethernet 1) is the active interface. On the AVS 3110 appliance, the interface closest to the VGA monitor port is the active interface.

Software Version 5.0.2 Open and Resolved Caveats

The following sections contain the open and resolved caveats in software version 5.0.2.

Software Version 5.0.2 Open Caveat

Software Version 5.0.2 Resolved Caveats

Software Version 5.0.2 Open Caveat

The following caveat applies to software version 5.0.2. CSCse73892—Logging on to the appliance after an upgrade will fail when you add or modify existing users. During an upgrade, the file /etc/group gets corrupted and a user's sudo privileges are lost. Workaround: Before upgrading the software, perform the following procedure.

Step 1 Reboot the system using the safe mode option.

Step 2 Login as root.

Step 3 Mount the file system to copy the group file. For example: 

mount /dev/hda2 /mnt

Step 4 Copy the /etc/group file to local tmp directory. For example: 

cp -p  /mnt/etc/group /tmp/group.backup

umount /mnt

Step 5 Run the upgrade process as described in either Upgrading the AVS 3110 or in Upgrading the AVS 3120 and AVS 3180.

Step 6 When the upgrade process is completed, mount the file system and copy the group file. For example: 

mount /dev/hda2 /mnt

cp -p /tmp/group.backup /mnt/etc/group

Step 7 Reboot the system.

Software Version 5.0.2 Resolved Caveats

The following caveats were resolved in software version 5.0.2.

CSCsc64448—When using the Goliath Webdav client through the AVS in SSL mode, the error "An SSL error has occurred" is displayed. This happens when Goliath receives a "Connection: close" close header after creating a file on the server.

CSCsc65627—A file descriptor leak occurs when the FgnStatLog was pulled by the Management Console. This would eventually result in the process running out of resources.

CSCse53847—Log rotate may not rotate log files for postgres and console. Paths defined in the configuration files were corrected to ensure proper rotation of the log files in AVS3120/AVS3180/AVS3180A systems.

CSCse63151—When the origin server sends an incorrect Transfer-Encoding header with extra characters after the "chunked" keyword, the appliance would not recognized the header correctly.

CSCsc22116—Tthe halt command was added to the CLI to enable the system to be powered off. For example: 

velocity> enable 
velocity> halt

Software Version 5.0.1 Open and Resolved Caveats

The following sections contain the open caveats and resolved caveats in software version 5.0.1.

Software Version 5.0.1 Open Caveats

Software Version 5.0.1 Resolved Caveats

Software Version 5.0.1 Open Caveats

The following caveats apply to software version 5.0.1.

CSCsc04598—Due to an inconsistency in the BIOS and run-time image clock settings, you must configure the initial date and time by using the following commands: 

set date tz timezone

set ntp start ntp_ip

Or, if you do not want to use an NTP server, you must use this command: 

set date time MM:DD:hh:mm:YYYY tz timezone

CSCsc13072—Availability Manager clustering configuration commands must be executed in the following sequence, otherwise, the appliance will not initialize properly: 

set am enable

set lb cluster

set lb server

CSCsc13075—A change to the DNS server configuration (Resolv.conf) takes effect only after restarting the Condenser.

CSCsb41642—The SNMP agent uses the loopback IP address (127.0.0.1) instead of the interface IP address in traps.

CSCsc32485—A syntax error in httpd.conf does not cause an error message to be logged to the error log.

CSCsb82920—There is no provision for displaying the ARP table by using the CLI.

CSCsc59635—This caveat applies only to the AVS 3110. When upgrading the software, the upgrade script does not correctly detect when it cannot stop one or more processes. Workaround: Stop all AVS related processes manually prior to performing an upgrade.

CSCfg01967—This caveat applies only to the AVS 3110. The Velocity-1 node defined within the Management Console is not the hostname of the local machine. When you are prompted for networking information the first time during appliance installation, the node information supplied will not overwrite the node defined within the Management Console, but will be used for the hostname only.

Software Version 5.0.1 Resolved Caveats

The following caveats were resolved in software version 5.0.1.

CSCsc72489—Changed IP_CONN_TRACK from a static-compiled kernel component to a kernel loadable module. This component is needed by the Availability Manager. Making it loadable only when needed improves the system performance.

CSCsc80179—Fixed a performance issue with the JPull module, which processes FgnStatLog files. JPull no longer sleeps for a few seconds before processing the next available FgnStatLog file.

Related Documentation

Refer to the following documentation for more information on the AVS 3120 and the AVS 3180 products:

Document Title
Provides

Cisco AVS 3120 Application Velocity System Hardware Installation Guide

Information on installing the Cisco AVS 3120 Application Velocity System.

Cisco AVS 3180 Management Station Hardware Installation Guide

Information on installing the Cisco AVS 3180 Management Station.

Cisco Application Velocity System User Guide

Comprehensive information on using the AVS software, including configuration, administration, and reporting functions.


Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/techsupport

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Product Documentation DVD

The Product Documentation DVD is a comprehensive library of technical product documentation on a portable medium. The DVD enables you to access multiple versions of installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the same HTML documentation that is found on the Cisco website without being connected to the Internet. Certain products also have PDF versions of the documentation available.

The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com users (Cisco direct customers) can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at this URL:

http://www.cisco.com/go/marketplace/

Ordering Documentation

Registered Cisco.com users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL:

http://www.cisco.com/go/marketplace/

Nonregistered Cisco.com users can order technical documentation from 8:00 a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by calling 011 408 519-5055. You can also order documentation by e-mail at tech-doc-store-mkpl@external.cisco.com or by fax at 1 408 519-5001 in the United States and Canada, or elsewhere at 011 408 519-5001.

Documentation Feedback

You can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com.

You can submit comments about Cisco documentation by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Cisco Product Security Overview

Cisco provides a free online Security Vulnerability Policy portal at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

From this site, you will find information about how to:

Report security vulnerabilities in Cisco products.

Obtain assistance with security incidents that involve Cisco products.

Register to receive security information from Cisco.

A current list of security advisories, security notices, and security responses for Cisco products is available at this URL:

http://www.cisco.com/go/psirt

To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL:

http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT:

For Emergencies only — security-alert@cisco.com

An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.

For Nonemergencies — psirt@cisco.com

In an emergency, you can also reach PSIRT by telephone:

1 877 228-7302

1 408 525-6532

Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x.

Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

The link on this page has the current PGP key ID in use.

If you do not have or use PGP, contact PSIRT at the aforementioned e-mail addresses or phone numbers before sending any sensitive material to find other means of encrypting the data.

Obtaining Technical Assistance

Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.

Cisco Technical Support & Documentation Website

The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, at this URL:

http://www.cisco.com/techsupport

Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do

Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.

Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447

For a complete list of Cisco TAC contacts, go to this URL:

http://www.cisco.com/techsupport/contacts

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—An existing network is down, or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of the network is impaired, while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

The Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product overviews, key features, sample part numbers, and abbreviated technical specifications for many Cisco products that are sold through channel partners. It is updated twice a year and includes the latest Cisco offerings. To order and find out more about the Cisco Product Quick Reference Guide, go to this URL:

http://www.cisco.com/go/guide

Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

http://www.ciscopress.com

Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/packet

iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

or view the digital edition at this URL:

http://ciscoiq.texterity.com/ciscoiq/sample/

Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

Networking products offered by Cisco Systems, as well as customer support services, can be obtained at this URL:

http://www.cisco.com/en/US/products/index.html

Networking Professionals Connection is an interactive website for networking professionals to share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL:

http://www.cisco.com/discuss/networking

World-class networking training is available from Cisco. You can view current offerings at this URL:

http://www.cisco.com/en/US/learning/index.html

This document is to be used in conjunction with the documents listed in the "Related Documentation" section.

Copyright © 2006, Cisco Systems, Inc.
All rights reserved.

[an error occurred while processing this directive]