|
Table Of Contents
Release Notes for Cisco Secure ACS Solution Engine Version 3.3
Upgrading to Cisco Secure ACS version 3.3
Cisco 1111—Recovering Cisco Secure ACS 3.3
Cisco 1112—Recovering Cisco Secure ACS 3.3
Important Known Problems with Network Admission Control
Supported Operating Systems for Remote Agent
Windows Support for Remote Agent
Solaris Support for Remote Agent
Supported Platforms for CiscoSecure Authentication Agent
Other Supported Devices and Software
Known Problems in Cisco Secure ACS Version 3.3
Obtaining Technical Assistance
Cisco Technical Support Website
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Release Notes for Cisco Secure ACS Solution Engine Version 3.3
June 2005
These release notes pertain to Cisco Secure Access Control Server Solution Engine (Cisco Secure ACS) version 3.3.
These release notes provide:
•Upgrading to Cisco Secure ACS version 3.3
•Cisco 1111—Recovering Cisco Secure ACS 3.3
•Cisco 1112—Recovering Cisco Secure ACS 3.3
–Important Known Problems with Network Admission Control
–Supported Operating Systems for Remote Agent
–Supported Platforms for CiscoSecure Authentication Agent
–Other Supported Devices and Software
•Obtaining Technical Assistance
•Obtaining Additional Publications and Information
New Features
Cisco Secure ACS version 3.3 contains the following new features and enhancements:
•Network admission control (NAC)—Cisco Secure ACS acts as a policy decision point in NAC deployments. Using policies you configure, it evaluates the credentials sent to it by Cisco Trust Agent, determines the state of the host, and sends the AAA client ACLs that are appropriate to the host state. Evaluation of the host credentials can enforce many specific policies, such as operating system patch level and anti-virus DAT file version. Cisco Secure ACS records the results of policy evaluation for use with your monitoring system. Policies can be evaluated locally by Cisco Secure ACS or can be the result returned from an external policy server that Cisco Secure ACS forwards credentials to. For example, credentials specific to an anti-virus vendor can be forwarded to the vendor anti-virus policy server.
•Cisco Security Agent integration (CSA)—Cisco Secure ACS Solution Engine ships with a pre-installed, standalone CSA. This integration in the base appliance image helps protect Cisco Secure ACS Solution Engine from day-zero attacks. The new behavior-based technology available with CSA protects Cisco Secure ACS Solution Engine against the constantly changing threats that viruses and worms pose.
•EAP Flexible Authentication via Secured Tunnel (EAP-FAST) support—Cisco Secure ACS supports the EAP-FAST protocol, a new publicly accessible IEEE 802.1X EAP type developed by Cisco Systems that protects authentication in a TLS tunnel but does not require use of certificates, unlike PEAP. Cisco developed EAP-FAST to support customers who cannot enforce a strong password policy and wish to deploy an 802.1X EAP type that does not require digital certificates, supports a variety of user and password database types, supports password expiration and change, and is flexible, easy to deploy, and easy to manage. For example, a customer using Cisco LEAP can migrate to EAP-FAST for protection from dictionary attacks. Cisco Secure ACS supports EAP-FAST supplicants available on Cisco Compatible client devices and Cisco Aironet 802.11a/b/g PCI and CardBus WLAN client adapters.
•Machine Access Restrictions (MARs)—Cisco Secure ACS includes MARs as an enhancement of Windows machine authentication. When Windows machine authentication is enabled, you can use MARs to control authorization of EAP-TLS and Microsoft PEAP users who authenticate with a Windows external user database. Users who access the network with a computer that has not passed machine authentication within a configurable length of time are given the authorizations of a user group that you specify and which you can configure to limit authorization as needed. Alternatively, you can deny network access altogether.
•Network Access Filters (NAFs)—Cisco Secure ACS includes NAF as a new type of Shared Profile Component. NAF provides a flexible way of applying network access restrictions and downloadable ACLs on AAA client names, network device groups, or the IP addresses of AAA clients. NAFs applied by IP addresses can use IP address ranges and wildcards. This feature introduces granular application of network access restrictions and downloadable ACLs, both of which previously only supported the use of the same access restrictions or ACLs to all devices. NAFs allow much more flexible network device restriction policies to be defined, a requirement common in large environments.
•Downloadble ACL enhancements—Cisco Secure ACS version 3.3 extends per-user ACL support to any layer three network device that supports this feature. This includes Cisco PIX Firewalls, Cisco VPN solutions, and Cisco IOS routers. You can define sets of ACLs that can be applied per user or per group. This feature complements NAC support by enabling the enforcement of the correct ACL policy. When used in conjunction with NAFs, downloadable ACLs can be applied differently per AAA client, enabling you to tailor ACLs uniquely per user, per access device.
•Replication enhancements—Cisco Secure ACS version 3.3 includes two enhancements to the CiscoSecure Database Replication feature:
–Configurable replication timeout—You can specify how long a replication event is permitted to continue before Cisco Secure ACS ends the replication attempt and restarts affected services. This feature improves your ability to configure replication when network connections between replication partners are slow.
–Separate replication of user database and group database—You can replicate the user and group databases separately. Replicating changes to user accounts no longer automatically requires replicating groups. Likewise, replicating groups no longer requires replicating users. This increase to replication component granularity can reduce the amount of data sent between Cisco Secure ACSes during a replication event.
Supplemental License Agreement for Cisco Systems Network Management Software Running on the Cisco 11XX Hardware Platform
IMPORTANT—READ CAREFULLY: This Supplemental License Agreement ("SLA") contains additional limitations on the license to the Software provided to Customer under the Software License Agreement between Customer and Cisco. Capitalized terms used in this SLA and not otherwise defined herein shall have the meanings assigned to them in the Software License Agreement. To the extent that there is a conflict among any of these terms and conditions applicable to the Software, the terms and conditions in this SLA shall take precedence.
By installing, downloading, accessing or otherwise using the Software, Customer agrees to be bound by the terms of this SLA. If Customer does not agree to the terms of this SLA, Customer may not install, download or otherwise use the Software.
1. ADDITIONAL LICENSE RESTRICTIONS.
•Installation and Use. The Cisco Secure Access Control Server Software component of the Cisco 11XX Hardware Platform is pre-installed. CD's containing tools to restore this Software to the 11XX hardware are provided to Customer for reinstallation purposes only. Customer may only run the supported Cisco Secure Access Control Server Software on the Cisco 11XX Hardware Platform designed for its use. No unsupported Software product or component may be installed on the Cisco 11XX Hardware Platform.
•Software Upgrades, Major and Minor Releases. Cisco may provide Cisco Secure Access Control Server Software updates and new version releases for the 11XX Hardware Platform. If the Software update and new version releases can be purchased through Cisco or a recognized partner or reseller, the Customer should purchase one Software update for each Cisco 11XX Hardware Platform. If the Customer is eligible to receive the Software update or new version release through a Cisco extended service program, the Customer should request to receive only one Software update or new version release per valid service contract.
•Reproduction and Distribution. Customer may not reproduce nor distribute software.
2. DESCRIPTION OF OTHER RIGHTS AND LIMITATIONS.
Please refer to the Cisco Systems, Inc. Software License Agreement.
Product Documentation
Note We sometimes update the printed and electronic documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.
Table 1 describes the product documentation that is available.
Table 1 Product Documentation
Document Title Available FormatsRelease Notes for Cisco Secure ACS Solution Engine
•Printed document that was included with the product.
•On Cisco.com.
Installation and Setup Guide for Cisco Secure ACS Solution Engine
•PDF on the product CD-ROM.
•On Cisco.com.
•Printed document available by order (part number DOC-7816532).1
User Guide for
Cisco Secure ACS Solution Engine•PDF on the product CD-ROM.
•On Cisco.com.
•Printed document available by order (part number DOC-7816534=).1
Installation and User Guide for Cisco Secure ACS User-Changeable Passwords
•PDF on the product CD-ROM.
•On Cisco.com.
Regulatory Compliance and Safety Information for Cisco Secure ACS Solution Engine
•Printed document that was included with the product.
•PDF on the product CD-ROM.
•On Cisco.com.
Supported and Interoperable Devices and Software Tables for Cisco Secure ACS Solution Engine
On Cisco.com.
Recommended Resources for the Cisco Secure ACS User
On Cisco.com.
Online Documentation
In the Cisco Secure ACS HTML interface, click Online Documentation.
1 See Obtaining Documentation.
Related Documentation
Note We sometimes update the printed and electronic documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.
Table 2 describes a set of white papers about Cisco Secure ACS for Windows Server; however, much of the information contained in these papers is applicable to Cisco Secure ACS Solution Engine. All white papers are available on Cisco.com. To view them, go to the following URL:
http://www.cisco.com/warp/public/cc/pd/sqsw/sq/tech/index.shtml
Installation Notes
For information about installing Cisco Secure ACS, see Installation and Setup Guide for Cisco Secure ACS Solution Engine, version 3.3.
Upgrading to Cisco Secure ACS version 3.3
This procedure upgrades the Cisco Secure ACS software on a Cisco 1111 device to Cisco Secure ACS Solution Engine 3.3 from any of the following versions:
•Cisco Secure ACS Solution Engine 3.2.3
•Cisco Secure ACS Solution Engine 3.2.2
•Cisco Secure ACS Solution Engine 3.2.1
Note Cisco 1112 devices do not support versions of Cisco Secure ACS before version 3.3; therefore, this section does not apply to Cisco 1112 devices.
Please read this procedure carefully before proceeding. Upgrading from Cisco Secure ACS versions 3.2.1 and 3.2.2 requires significant additional steps that must be taken to preserve Cisco Secure ACS data and configuration.
To upgrade a Cisco 1111 device from Cisco Secure ACS Solution Engine version 3.2 to version 3.3, follow these steps:
Step 1 If the Cisco 1111 is running Cisco Security Agent, you must disable the CSAgent service before proceeding with the upgrade. To disable the CSAgent service, log in to the console and enter stop csagent.
Step 2 Determine what software of the following categories the Cisco 1111 is running:
•Cisco Secure ACS
•Appliance Management Software
•Patches, if any
To do so, log in to the HTML interface, select System Configuration > Appliance Upgrade Status, and view the version information displayed.
Step 3 If the Cisco 1111 you are upgrading is running Cisco Secure ACS version 3.2.1 or version 3.2.2, you must perform the following steps:
a. Back up Cisco Secure ACS data and configuration. To do so, use one of the two following features:
•ACS Backup, available in the System Configuration section of the HTML interface. For more information, see User Guide for Cisco Secure ACS Solution Engine.
•backup command, available on the serial console. For more information, see Installation and Setup Guide for Cisco Secure ACS Solution Engine.
b. Use the Recovery CD from Cisco Secure ACS 3.2.3. to upgrade the appliance to version 3.2.3. This will destroy all data and install a new image. You can download the image of the Recovery CD image for Cisco Secure ACS Solution Engine version 3.2.3 from the following location:
http://www.cisco.com/pcgi-bin/tablebuild.pl/acs-soleng-3des
For more information about reimaging the hard drive, see Installation and Setup Guide for Cisco Secure ACS Solution Engine, version 3.3.
c. Perform initial configuration of the Cisco Secure ACS Appliance. For more information, see Installation and Setup Guide for Cisco Secure ACS Solution Engine.
d. Restore the appliance data and configuration. To do so, use one of the two following features:
•ACS Restore, available in the System Configuration section of the HTML interface. For more information, see User Guide for Cisco Secure ACS Solution Engine.
•restore command, available on the serial console. For more information, see Installation and Setup Guide for Cisco Secure ACS Solution Engine.
Step 4 If either of the following conditions is true:
•In Step 3 you reimaged the Cisco 1111 with Cisco Secure ACS version 3.2.3.
•The Cisco 1111 is not running Appliance Management Software version 3.2.3.12.
you must apply the applInstAppliance_3_2_3_12 upgrade, available on the Cisco Secure ACS version 3.3 upgrade CD. The applInstAppliance_3_2_3_12 upgrade is also available as part of the "Microsoft Security Bulletin MS04-011 - Appliance Management Software and Microsoft Hotfix" patch, found at:
http://www.cisco.com/pcgi-bin/tablebuild.pl/acs-soleng-3des
For assistance with applying the upgrade, use the upgrade procedure in User Guide for Cisco Secure ACS Solution Engine.
Step 5 If either of the following conditions is true:
•In Step 3 you reimaged the Cisco 1111 with Cisco Secure ACS version 3.2.3.
•The Cisco 1111 does not have the patch named "Microsoft Security Bulletin MS04-11 and MS04-012" applied.
you must apply the appl_ms04-011-012 patch, available on the Cisco Secure ACS version 3.3 upgrade CD. The appl_ms04-011-012 patch is also available as part of the "Microsoft Security Bulletin MS04-011 - Appliance Management Software and Microsoft Hotfix" patch, found at:
http://www.cisco.com/pcgi-bin/tablebuild.pl/acs-soleng-3des
For assistance with applying the patch, use the upgrade procedure in User Guide for Cisco Secure ACS Solution Engine.
Step 6 Apply the applInstAppliance_3_3_1_16 upgrade, available on the Cisco Secure ACS version 3.3 upgrade CD. The applInstAppliance_3_3_1_16 upgrade will also be available for downloading on cisco.com.
For assistance with applying the upgrade, use the upgrade procedure in User Guide for Cisco Secure ACS Solution Engine.
Step 7 Apply the applInstAcs_3_3_1_16 upgrade, available on the Cisco Secure ACS version 3.3 upgrade CD. The applInstAcs_3_3_1_16 upgrade is also available for downloading on cisco.com.
Note This is the only upgrade in this procedure that does not require that the Cisco 1111 reboot itself.
For assistance with applying the upgrade, use the upgrade procedure in User Guide for Cisco Secure ACS Solution Engine.
Step 8 If you performed Step 2 or if the Cisco 1111 does not have the Cisco Security Agent upgrade applied, apply the Cisco Security Agent update, available on the Cisco Secure ACS version 3.3 upgrade CD. The Cisco Security Agent update is also available for downloading on cisco.com.
Step 9 Verify that Cisco Security Agent is enabled. To do so, log in to the console and enter show. If the CSAgent service is not running, enter start csagent.
Step 10 To see the results of this upgrade procedure, view the Appliance Upgrade page. To do so, log in to the HTML interface and select System Configuration > Appliance Upgrade Status.
When you complete this procedure, the Application Versions table on the Appliance Upgrade page will appear as follows:
Cisco 1111—Recovering Cisco Secure ACS 3.3
This section provides procedures for the recovery process for a Cisco 1111 that runs Cisco Secure ACS Solution Engine 3.3.
Caution You cannot use the Recovery CD for Cisco Secure ACS Solution Engine 3.3 on a Cisco 1111.
To perform recovery on a Cisco 1111 running Cisco Secure ACS Solution Engine 3.3, follow these steps:
Step 1 Use the Recovery CD from Cisco Secure ACS 3.2.3 to upgrade the appliance to version 3.2.3. This will destroy all data and install a new image. You can download the image of the Recovery CD image for Cisco Secure ACS Solution Engine version 3.2.3 from the following location:
http://www.cisco.com/pcgi-bin/tablebuild.pl/acs-soleng-3des
For more information about reimaging the hard drive, see Installation and Setup Guide for Cisco Secure ACS Solution Engine, version 3.3.
Step 2 Perform initial configuration of the Cisco Secure ACS Appliance. For more information, see Installation and Setup Guide for Cisco Secure ACS Solution Engine.
Step 3 Apply the applInstAppliance_3_2_3_12 upgrade, available on the Cisco Secure ACS version 3.3 upgrade CD. The applInstAppliance_3_2_3_12 upgrade is also available as part of the "Microsoft Security Bulletin MS04-011 - Appliance Management Software and Microsoft Hotfix" patch, found at:
http://www.cisco.com/pcgi-bin/tablebuild.pl/acs-soleng-3des
For assistance with applying the upgrade, use the upgrade procedure in User Guide for Cisco Secure ACS Solution Engine.
Step 4 Apply the appl_ms04-011-012 patch, available on the Cisco Secure ACS version 3.3 upgrade CD. The appl_ms04-011-012 patch is also available as part of the "Microsoft Security Bulletin MS04-011 - Appliance Management Software and Microsoft Hotfix" patch, found at:
http://www.cisco.com/pcgi-bin/tablebuild.pl/acs-soleng-3des
For assistance with applying the patch, use the upgrade procedure in User Guide for Cisco Secure ACS Solution Engine.
Step 5 Apply the applInstAppliance_3_3_1_16 upgrade, available on the Cisco Secure ACS version 3.3 upgrade CD. The applInstAppliance_3_3_1_16 upgrade is also available for downloading on cisco.com.
For assistance with applying the upgrade, use the upgrade procedure in User Guide for Cisco Secure ACS Solution Engine.
Step 6 Apply the applInstAcs_3_3_1_16 upgrade, available on the Cisco Secure ACS version 3.3 upgrade CD. The applInstAcs_3_3_1_16 upgrade is also available for downloading on cisco.com.
Note This is the only upgrade in this procedure that does not require that the Cisco 1111 reboot itself.
For assistance with applying the upgrade, use the upgrade procedure in User Guide for Cisco Secure ACS Solution Engine.
Step 7 Apply the Cisco Security Agent update, available on the Cisco Secure ACS version 3.3 upgrade CD. The Cisco Security Agent update will also be available for downloading on cisco.com.
Step 8 Verify that Cisco Security Agent is enabled. To do so, log into the console and enter show. If the CSAgent service is not running, enter start csagent.
Step 9 To see the results of this recovery procedure, view the Appliance Upgrade page. To do so, log in to the HTML interface and select System Configuration > Appliance Upgrade Status.
When you complete this procedure, the Application Versions table on the Appliance Upgrade page will appear as follows:
Cisco 1112—Recovering Cisco Secure ACS 3.3
The recovery process for a Cisco 1111 that runs Cisco Secure ACS Solution Engine 3.3 is documented in Installation and Configuration Guide for Cisco Secure ACS Solution Engine, version 3.3. The Recovery CD for Cisco Secure ACS Solution Engine, version 3.3, is designed for and tested with Cisco 1112 devices.
Security Patch Process
For information about our process for evaluating and releasing Microsoft security patches for Cisco Secure ACS Solution Engine, see the Cisco Secure ACS Solution Engine Security Patch Process document, available in the Product Literature area for Cisco Secure ACS Solution Engine on cisco.com.
Limitations and Restrictions
The following limitations and restrictions apply to Cisco Secure ACS 3.3.
Important Known Problems with Network Admission Control
The following known problems are related to Network Admission Control. We recommend that you review them.
•CSCee88908—CSLog crash if a logged attribute is deleted due to replication
•CSCee87826—A deleted policy is being reassign when created with the same name
•CSCee87899—Replication of CNAC policies should be updated in the doc
Supported Migration Versions
We support migrating to Cisco Secure ACS Solution Engine version 3.3 from many versions of Cisco Secure ACS for Windows Server; however, migration requires upgrading Cisco Secure ACS for Windows Server to version 3.3.
For detailed steps for performing a migration from Cisco Secure ACS for Windows Server to Cisco Secure ACS Solution Engine, see either of the following two documents:
•Installation Guide for Cisco Secure ACS for Windows Server, version 3.3
•Installation and Configuration Guide for Cisco Secure ACS Solution Engine, version 3.3
Supported Web Browsers
To administer all features included in the HTML interface of Cisco Secure ACS 3.3, use an English-language version of one of the following tested and supported web browsers:
•Microsoft Internet Explorer for Microsoft Windows
–Version 6.0
–Service Pack 1
–Microsoft Java Virtual Machine
•Netscape Communicator for Microsoft Windows
–Version 7.1
–Sun Java Plug-in 1.4.2_04
•Netscape Communicator for Solaris 2.8
–Version 7.0
–Mozilla 5.0
–Sun Java Plug-in 1.4.0_01
Note•Several known problems are related to using Netscape Communicator with Cisco Secure ACS. For more information, please review Table 3.
•We do not recommend using a slow network connection for remote access to the Cisco Secure ACS HTML interface. Some features that use Java applets do not operate optimally, such as the HTML pages for configuring Network Access Restrictions and Network Admission Control.
We do not support other versions of these browsers or other Java virtual machines with these browsers, nor do we test web browsers by other manufacturers.
Note To use a web browser to access the Cisco Secure ACS HTML interface, configure your web browser as follows:
•Use an English-language version of a supported browser.
•Enable Java.
•Enable JavaScript.
•Disable HTTP proxy.
Supported Operating Systems for Remote Agent
Cisco Secure ACS 3.3 supports Cisco Secure ACS Remote Agent on Microsoft Windows 2000 and Solaris operating systems, as specified in the following two sections.
•Windows Support for Remote Agent
•Solaris Support for Remote Agent
Windows Support for Remote Agent
The computer running Cisco Secure ACS Remote Agent for Windows must use an English-language version of one of the following operating systems:
•Windows 2000 Server, with Service Pack 4 installed
•Windows 2000 Advanced Server, with the following conditions:
–with Service Pack 4 installed
–without features specific to Windows 2000 Advanced Server enabled
•Windows Server 2003, Enterprise Edition
•Windows Server 2003, Standard Edition
Note The following restrictions apply to support for Microsoft Windows operating systems:
•We have not tested and cannot support the multi-processor feature of any supported operating system.
•We cannot support Microsoft clustering service on any supported operating system.
•Windows 2000 Datacenter Server is not a supported operating system.
Tested Windows Security Patches
Note For information about remote agent support for Microsoft patches issued after the release of Cisco Secure ACS Solution Engine version 3.3, see Supported and Interoperable Devices and Software Tables for Cisco Secure ACS Solution Engine, version 3.3.
We tested Cisco Secure ACS Remote Agent for Windows with the Windows Server 2003 patches documented in the following Microsoft Knowledge Base Articles:
We tested Cisco Secure ACS Remote Agent for Windows with the Windows 2000 Server patches documented in the following Microsoft Knowledge Base Articles:
Solaris Support for Remote Agent
The computer running Cisco Secure ACS Remote Agent for Solaris must use Solaris 2.8 or 2.9.
Supported Platforms for CiscoSecure Authentication Agent
For use with Cisco Secure ACS 3.3, we tested CiscoSecure Authentication Agent on Windows XP with Service Pack 1. We support the use of CiscoSecure Authentication Agent with Cisco Secure ACS 3.3 when CiscoSecure Authentication Agent runs on one of the following client platform operating systems:
•Windows XP
•Windows 2000 Professional
•Windows 98
•Windows 95
•Windows NT 4.0
Other Supported Devices and Software
For information about supported Cisco devices, external user databases, and other software, see Supported and Interoperable Devices and Software Tables for Cisco Secure ACS Solution Engine Version 3.3. To see this document, go to the following URL: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/3.3/device/table/app33sdt.html.
Known Problems
This section contains information about the following topics:
•Known Problems in Cisco Secure ACS Version 3.3
Cisco AAA Client Problems
Refer to the appropriate release notes for information about Cisco AAA client problems that might affect the operation of Cisco Secure ACS. You can access these release notes online at the following URLs.
Cisco Aironet Access Point
http://www.cisco.com/univercd/cc/td/doc/product/wireless/
Cisco BBSM
http://www.cisco.com/univercd/cc/td/doc/product/aggr/bbsm/
Cisco Catalyst Switches
http://www.cisco.com/univercd/cc/td/doc/product/lan/
Cisco IOS
http://www.cisco.com/univercd/cc/td/doc/product/software/
Cisco Secure PIX Firewall
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/
Cisco VPN 3000 Concentrator
http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/
http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3002/
Cisco VPN 5000 Concentrator
http://www.cisco.com/univercd/cc/td/doc/product/aggr/vpn5000/
Known Problems in Cisco Secure ACS Version 3.3
Table 3 describes problems known to exist in this release.
Note•A "—" in the Explanation column indicates that no information was available at the time of publication. You should check the Cisco Software Bug Toolkit for current information. To access the Cisco Software Bug Toolkit, go to http://www.cisco.com/pcgi-bin/Support/Bugtool/home.pl. (You will be prompted to log in to Cisco.com.)
•Bug summaries and explanations in Table 3 are printed word-for-word as they appear in our bug tracking system.
Resolved Problems
Table 4 describes problems resolved in Cisco Secure ACS Solution Engine, version 3.3.
Note Bug summaries in Table 4 are printed word-for-word as they appear in our bug tracking system.
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
•Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:
http://www.cisco.com/en/US/partner/ordering/index.shtml
•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).
Documentation Feedback
You can send comments about technical documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.
Cisco Technical Support Website
The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year at this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool automatically provides recommended solutions. If your issue is not resolved using the recommended resources, your service request will be assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553 2447For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.
Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:
http://www.cisco.com/go/marketplace/
•The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as ordering and customer support services. Access the Cisco Product Catalog at this URL:
http://cisco.com/univercd/cc/td/doc/pcat/
•Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:
•Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:
•iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:
http://www.cisco.com/go/iqmagazine
•Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:
•World-class networking training is available from Cisco. You can view current offerings at this URL:
http://www.cisco.com/en/US/learning/index.html
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
Copyright © 2004 Cisco Systems, Inc. All rights reserved.