|
|
February 24, 1997
These release notes describe the features and caveats for Cisco Internetwork Operating System (Cisco IOS) Release 11.2 F, beginning with Release 11.2(3)F, up to and including Release 11.2(4)F.
Prior to Cisco IOS Release 11.2, maintenance releases of major Cisco IOS software releases were used to deliver additional new features. Beginning with Cisco IOS Release 11.2, Cisco Systems provides as many as three software release "trains" based on a single version of Cisco IOS software. Maintenance releases of the Major train software deliver fixes to software defects only, thus providing the most stable software for your network for the features you need. In addition to the Major train, there are up to two Early Deployment (ED) trains. One ED train--Release 11.2 P-- delivers both fixes to software defects and support for new Cisco platforms. The other ED train--Release 11.2 F--delivers fixes to software defects, new platform support, and new cross-platform functionality.
Use Release 11.2 F when the features and functionality you need are provided only in this release.
Use this release note in conjunction with the Release Notes for Cisco IOS Release 11.2 and Release Notes for Cisco IOS Release 11.2 P documents. The software caveats that apply to Release 11.2 and Release 11.2 P also apply to Release 11.2 F.
These release notes discuss the following topics:
For Cisco IOS Release 11.2 F, the Cisco IOS documentation consists of the Feature Guide for Cisco IOS Release 11.2 P and the Feature Guide for Cisco IOS Release 11.2 F. The feature guides supplement the Cisco IOS Release 11.2 configuration guide and command reference publications.
In the Feature Guide for Cisco IOS Release 11.2 F, each new feature is documented in its own section, which includes configuration tasks as well as new and changed command reference pages. Occasionally, new software features are documented in conjunction with the Feature Guide for Cisco IOS Release 11.2 P. The Feature Guide for Cisco IOS Release 11.2 F contains documentation for the new features described in these release notes.
All the documents mentioned are available as printed manuals or electronic documents.
For electronic documentation of Release 11.2 router and access server software features, available on the Documentation CD-ROM, refer to the Cisco IOS Release 11.2 configuration guides and command references, which are located in the Cisco IOS Release 11.2 database.
You can also access Cisco technical documentation on the World Wide Web at http://www.cisco.com.
Cisco IOS Release 11.2 F supports the same router and access server platforms as Cisco IOS Release 11.2. For a list of additional platforms that might also be supported at each maintenance release, refer to the Release Notes for Cisco IOS Release 11.2 P document.
Release 11.2(4)F and later support the IPeXchange Internet Gateway platform.
Maintenance releases of Cisco IOS Release 11.2 F deliver fixes to software defects, new platform support, and new cross-platform functionality.
 | Caution When determining whether to deploy software from the Major or Early Deployment release train, you should weigh the importance you place on maximizing product capability versus maximizing operational stability. Regardless of the train you choose, an early release of software should always be tried in a test network before being deployed in a production network. |
The following software enhancements have been added to Release 11.2(4)F. These features are available only in Release 11.2 F. These features are documented in the Feature Guide for Cisco IOS Release 11.2 F publication. For additional platform support, refer to the Release Notes for Cisco IOS Release 11.2 P.
A new feature set for the Cisco 1003 and Cisco 1004 ISDN routers is available in Cisco IOS Release 11.2(4)F and later releases. This feature set contains the same features as the Cisco 1003, Cisco 1004 IP set (see the Release Notes for Cisco IOS Release 11.2) and includes X.31 support. SeeTable 7 for a list of additional features available in this new feature set. Memory requirements for the IP/X31 feature set are shown in Table 10.
Double Authentication provides additional authentication for Point-to-Point Protocol (PPP) sessions. Previously, PPP session authentication was limited to CHAP (or PAP). With Double Authentication, you essentially require remote users to pass a second stage of user authentication--after CHAP or PAP authentication--before they can gain network access.
If you configure your local host (NAS or router) for Double Authentication, remote users will be required to complete a second stage of authentication to gain their assigned user network privileges. This second ("double") authentication requires a password that is known to the user but not stored on the user's remote host. Therefore, the second authentication is specific to a user, not to a host. This feature provides an additional level of security that is be effective even if the remote host is stolen.
The Director Response Protocol (DRP), a simple User Datagram Protocol (UDP)-based application developed by Cisco Systems, enables Cisco's DistributedDirector product to query routers (DRP Server Agents) in the field for Border Gateway Protocol (BGP) and Interior Gateway Protocol (IGP) routing table metrics between distributed servers and clients. DistributedDirector, a separate standalone product, uses DRP to transparently redirect end-user service requests to the topologically closest responsive server. DRP enables DistributedDirector to provide dynamic, scalable, and "network intelligent" Internet traffic load distribution between multiple geographically dispersed servers.
DRP Server Agents are border routers (or peers to border routers) that support the geographically distributed servers for which DistributedDirector service distribution is desired. Note that, because DistributedDirector makes decisions based on BGP and IGP information, all DRP Server Agents must have access to full BGP and IGP routing tables.
Refer to the Cisco DistributedDirector 2501 Installation and Configuration Guide or the Cisco DistributedDirector 4700-M Installation and Configuration Guidefor information on how to configure DistributedDirector.
This feature provides MD5 authentication of routing updates from the IP EIGRP routing protocol. The MD5 keyed digest in each IP Enhanced IGRP packet prevents the introduction of unauthorized or false routing messages from unapproved sources.
The IPeXchange Internet Gateway connects Novell NetWare or other IPX-based users to the Internet or other TCP/IP-based network services. IPeXchange allows workstations to use TCP/IP-based applications such as Telnet, FTP, and Netscape Navigator without requiring a TCP/IP protocol stack on each workstation. Instead, the IPeXchange Internet Gateway provides a TCP/IP gateway with a single IP address for the entire IPX network.
The IPeXchange Internet Gateway is a client/server product.
The server is a Cisco router that runs the Cisco IOS software as the IPeXchange server software. The server, which is sometimes referred to as a gateway, is connected to both an IPX network and a TCP/IP-based network, such as the Internet.
An IPeXchange client is a Windows 3.x- or Windows 95-based PC that runs the IPeXchange client software. The PC is connected to an IPX network.
The IPeXchange Internet Gateway offers the following benefits:
The following features sets for IPeXchange are available:
This feature allows you to identify IPX access lists with an alphanumeric string (a name) rather than a number. This feature allows you to configure an unlimited number of the following types of access lists:
If you identify your access list with a name rather than a number, the mode and command syntax are slightly different. Currently, only packet and route filters can use a named list.
This feature allows you to maintain security by using a separate and easily identifiable access list for each user or interface. It also removes the limit of 100 lists per filter type.
Consider the following before configuring IPX named access lists:
This feature links Service Advertising Protocol (SAP) updates to Routing Information Protocol (RIP) updates so that SAP broadcast and unicast updates automatically occur immediately after the completion of the corresponding RIP update. It ensures that no service information will be rejected by a remote router because it lacks a valid route to the service. As a result of this feature, periodic SAP updates are sent at the same frequency as RIP updates.
The default behavior of the router is to send RIP and SAP periodic updates with each using its own update interval, depending on the configuration. In addition, RIP and SAP periodic updates are jittered slightly, such that they tend to diverge from each other over time. This feature synchronizes SAP and RIP updates.
In addition, it is now possible to disable the sending of general RIP and/or SAP queries on a link when it first comes up.
Sending all SAP and RIP information in a single update reduces bandwidth demands and eliminates erroneous rejections of SAP broadcasts.
Linking SAP and RIP updates populates the service table at the remote router more quickly, because services will not be rejected due to the lack of a route to the service. This can be especially useful on WAN circuits where the update intervals have been greatly increased to reduce the overall level of periodic update traffic on the link.
RIP and SAP general queries are normally sent by remote routers when a circuit first comes up. On WAN circuits, two full updates of each kind are often sent across the link. The first update is a full broadcast update, triggered locally by the link-up event. The second update is a specific (unicast) reply triggered by the general query received from the remote router. By disabling the sending of general queries when the link first comes up, it is possible to reduce traffic to a single update, and save bandwidth.
This feature allows the router to interpret the maximum lifetime field in a Level 1 link-state packet (LSP) in hours or seconds. Previously, the field was interpreted in seconds only.
By being able to interpret the maximum lifetime field in hours, the router will be able to keep LSP packets for a much longer time which will reduce overhead on slower-speed serial links and keep ISDN links from becoming active unnecessarily.
Cisco's implementation of packet assembler/disassembler (PAD) has been enhanced:
The per-user configuration can tie together the following dialin features:
A virtual access interface created dynamically for any user dialin session is deleted when the session ends. The resources used during the session are returned for other dialin uses.
With per-user configuration:
This feature enables a high-capacity central site router with an Asynchronous Transfer Mode (ATM) interface to terminate multiple Point-to-Point Protocol (PPP) connections. These PPP connections are typically received from remote branch offices that have PPP-compatible devices interconnecting directly to StrataCom ATM Switch Interface Shelf (AXIS) equipment through a leased-line connection.
A logical interface known as a virtual access interface associates each PPP connection to an ATM permanent virtual circuit (PVC). This configuration allows the PPP protocol to terminate at the router ATM interface as if received from a typical PPP serial interface. Each PPP connection is encapsulated in a separate ATM PVC, which acts as the physical medium over which PPP frames are transported.
The virtual access interface for each PVC obtains its configuration from a virtual template when the PVC is created. All PPP parameters are managed within the virtual template configuration. Multiple virtual access interfaces can spawn from a single virtual template, hence multiple PVCs can use a single virtual template.
The virtual access interface remains associated with a PVC as long as the PVC is configured. Once the PVC is deconfigured, the virtual access interface is marked as deleted. Shutting down the associated ATM interface also causes the virtual access interface to be marked as down (within 10 seconds), bringing the PPP connection down. If a keepalive timer of the virtual template is set on the interface, the virtual access interface uses the PPP echo mechanism to verify the existence of the remote peer. If an interface failure is detected and the PPP connection is brought down, the virtual access interface remains up.
This feature is ideally suited for enterprise customers or customers who use Cisco StrataCom ATM switches to access wide-area networks (WANs) or public ATM networks, such as organizations with many remote branch offices requiring access to high-density corporate headquarters.
The TCP intercept feature implements software to protect TCP servers from TCP SYN-flooding attacks, which are a type of denial-of-service attack.
A SYN-flooding attack occurs when a hacker floods a server with a barrage of requests for connection. Becaue these messages have unreachable return addresses, the connections cannot be established. The resulting volume of unresolved open connections eventually overwhelms the server and can cause it to deny service to valid requests, thereby preventing legitimate users from connecting to a Web site, accessing e-mail, using FTP service, and so on.
The TCP intercept feature helps prevent SYN-flooding attacks by intercepting and validating TCP connection requests. In intercept mode, the TCP intercept software intercepts TCP synchronization (SYN) packets from clients to servers that match an extended access list. The software establishes a connection with the client on behalf of the destination server and, if successful, establishes the connection with the server on behalf of the client and knits the two half-connections together transparently. Thus, connection attempts from unreachable hosts will never reach the server. The software continues to intercept and forward packets throughout the duration of the connection.
Beginning with Cisco IOS Release 11.2, virtual interfaces can be configured independently of any physical interface and applied dynamically, as needed, to create virtual access interfaces. When a user dials in, a predefined configuration template is used to configure a virtual access interface; when the user is done, the virtual access interface is torn down and the resources are freed for other dialin uses.
This feature provides a generic service that can be used to apply predefined configurations (virtual interface templates) in creating and freeing virtual access interfaces on the fly, as needed.
Virtual interface templates and virtual access interfaces are basically serial interfaces with no hardware associations; they are created and freed as needed.
The virtual interface template service provides the following benefits to customers with large numbers of dial-in users:
Cisco IOS software Release 11.2 F enables you to simplify the process of configuring protocol translation to tunnel PPP or SLIP across X.25, TCP, and LAT networks. It does so by providing virtual template interfaces that you can configure independently and apply to any protocol translation configuration. You can configure virtual interface templates for one-step and two-step protocol translation.
Before virtual templates were implemented, you enabled asynchronous protocol functions on VTY lines by creating virtual asynchronous interfaces rather than virtual access interfaces. (For one-step translation, you did so by specifying ppp or slip as outgoing options in the translate command. For two-step translation, you did so by specifying the vty-async command.) The differences between virtual asynchronous interfaces and virtual access interfaces are as follows:
Virtual access interfaces replace virtual asynchronous interfaces for both one-step and two-step translation.
Virtual profiles is a unique PPP application that defines and applies per-user configuration information for users who dial in to a router. Virtual profiles allow user-specific configuration information to be applied irrespective of the media used for the dial-in call. The configuration information for virtual profiles can come from a virtual interface template, per-user configuration information stored on an AAA server, or both, depending on how the router and AAA server are configured.
Virtual profiles are intended to overcome current limitations on network scalability:
Virtual profiles overcome the limitations listed above by providing a unique interface for each user dialing in to a Cisco router/access server.
Cisco's X.25 offerings have been restructured to meet additional design goals that include greater modularity and consistent availability of X.25 services to the code that uses them. The following have been updated:
Basic Rate Interface (BRI) is an Integrated Systems Digital Network (ISDN) interface, and it consists of two B channels (B1 and B2) and one D channel. The B channels are used to transfer data, voice, and video. The D channel controls the B channels.
ISDN uses the D channel to carry signal information. ISDN can also use the D channel in a BRI to carry X.25 packets. The D channel has a capacity of 16 kbps, and the X.25 over D channel can utilize up to 9.6 kbps.
This feature allows you to set the parameters of the X.25-over-D-channel interface without disrupting the original ISDN interface configuration. In a normal ISDN BRI interface, the D and B channels are bundled together and represented as a single interface. The original BRI interface will continue to represent the D, B1, and B2 channels.
Because some end-user equipment uses static terminal endpoint identifiers (TEIs) to access this feature, static TEIs are supported. The dialer understands the X.25-over-D-channel calls and initiates them on a new interface.
X.25 traffic over the D channel can be used as a primary interface where low-volume, sporadic interactive traffic is the normal mode of operation.
Supported traffic includes IPX, AppleTalk, transparent bridging, XNS, DECnet, and IP.
The Cisco IOS software provides an X.28 user emulation mode, which enables you to interact and control the PAD. During an exchange of control information, messages or commands sent from the terminal to the PAD are called PAD command signals. Messages sent from the PAD to the terminal are called PAD service signals. These signals and any transmitted data take the form of encoded character streams as defined by International Alphabet Number 5.
For asynchronous devices such as a terminals or modems to access an X.25 network host, the device's packets must be assembled or disassembled by a PAD device. Using standard X.28 commands from the PAD, calls can be made into an X.25 network, X.3 PAD parameters can be set, or calls can be reset. There are 22 available X.3 PAD parameters to configure. These parameters can also be set by a remote X.25 host using X.29. Cisco's new X.28 PAD implementation enables users to access X.25 networks or set PAD parameters using the X.28 standard user interface. This standard interface is common in many European countries and adheres to the X.25 International Telecommunication Union Telecommunication (ITU-T) standards.
The new X.28 interface is designed for asynchronous devices that require X.25 transport to access a remote or native asynchronous or synchronous host application. Applications such as dial-up users accessing a remote X.25 host can use the X.28 interface. For example, banks implement Cisco routers to support back office applications, ATMs, point of sales authorization devices, and alarm systems. These alarm devices are connected asynchronously to the same Cisco router and report alarm conditions to a remote alarm host for the dispatch of police. Cisco's X.28 PAD calls can be transported over a public packet network, a private X.25 network, the Internet, a private IP based network, or a Frame Relay network. With this new service, Cisco now offers the flexibility to use either the X.28 interface directly or over a Cisco IOS application service such as protocol translation. The protocol translation VTY asynchronous application enables users to bidirectionally access an X.25 application with the PAD service or protocols such as Digital Equipment Corporation (DEC), local-area transport (LAT), and TCP.
The following software enhancements have been added to Release 11.2(3)F. These features are available only in Release 11.2 F. These features are documented in the Feature Guide for Cisco IOS Release 11.2 F. For additional platform support, refer to the Release Notes for Cisco IOS Release 11.2 P.
This feature adds functionality and improved performance when using AppleTalk access lists and filters.
The specific AppleTalk access list enhancements include the following:
The Cisco Frame Relay MIB adds proprietary extensions to the standard Frame Relay MIB (RFC 1315). It provides additional link-level and virtual circuit-level information and statistics that are mostly specific to Cisco Frame Relay implementation. This MIB provides SNMP network management access to most of the information covered by the show frame-relay commands, such as, show frame-relay lmi, show frame-relay pvc, show frame-relay map, and show frame-relay svc.
Kerberized Telnet enables a router to initiate or receive an encrypted Telnet session. Previously, all Telnet session traffic could only be transmitted as cleartext (readable) data.
You can use Kerberized Telnet when establishing a Telnet session to or from a router. When you use this feature, first you are authenticated by your Kerberos credentials, and then an encrypted Telnet session is established.
Cisco's Kerberized Telnet uses the following encryption standard: 56-bit Data Encryption Standard (DES) encryption with 64-bit Cipher Feedback (CFB).
This feature is available only if you have the 56-bit encryption image. 56-bit DES encryption is subject to U.S. government export control regulations.
Cisco routers now fast switch Layer 2 Forwarding (L2F) traffic. In stack group environments in which some L2F traffic is offloaded to a powerful router, fast switching provides improved scalability.
In Cisco IOS Release 11.2, leased-line service at 64 kbps via ISDN BRI is provided in Japan and Germany. In Cisco IOS Release 11.2(3)F, leased line service at 128 kbps via ISDN BRI is provided in Japan. This service combines two B channels into a single pipe.
The following TCP functionality and performance enhancements have been added:
Cisco's implementation of block serial tunneling (BSTUN) encapsulates Binary Synchronous Communications protocol (Bisync), Adplex, ADT Security Systems, Inc., Diebold, and asynchronous generic traffic for transfer over router links.
Cisco's tunneling of asynchronous security protocols feature (ASP) enables your Cisco 2500, 4000, or 4500 series router to support devices that use the following asynchronous security protocols:
These protocols enable enterprises to transport polled asynchronous traffic over the same network that supports their Systems Network Architecture (SNA) and multiprotocol traffic, eliminating the need for separate facilities.
Not all features are available in all feature sets. The tables in this section indicate the platforms and feature sets that contain the new features in Release 11.2 F.
An explanation of the table entries follows:
Cisco IOS images with strong encryption (including, but not limited to 56-bit DES) are subject to U.S. Government export controls, and have a limited distribution. Images to be installed outside the U.S. require an export license. Customer orders may be denied or subject to delay due to U.S. Government regulations. Contact your sales representative or distributor for more information, or send e-mail to export@cisco.com.
The Cisco IOS software is available in different feature sets depending upon the platform. Table 1 lists the feature sets for the Cisco 7000 and Cisco 7500 series. Table 2 lists the feature sets for the Cisco 7200 series. Table 3 lists the feature sets for the Cisco 2500 series, Cisco 4000, Cisco 4500, and Cisco 4700. Table 4 lists platform-specific feature sets for the Cisco 2500 series and Cisco AS5100. Table 5 lists the feature sets for the Cisco AS5200. Table 6 lists the software for the Cisco 1003 and Cisco 1004 ISDN routers and the Cisco 1005 router. Table 7 lists the platform-specific software for the Cisco 1003 and Cisco 1004 ISDN routers. Table 8 lists platform-specific software for the Cisco 1005 router. Table 9 lists the feature sets for IPeXchange Internet Gateway.
Tables indicate new features in Release 11.2 F. For additional feature support, refer to the Release Notes for Cisco IOS Release 11.2 publication.
The tables use the following conventions to identify features:
| Feature Set | |||
|---|---|---|---|
| Features | IP Routing | Desktop/IBM1 | Enterprise1 |
| LAN Support | |||
| AppleTalk Access List Enhancements | -- | Ð | Ð |
| IPeXchange Internet Gateway | -- | -- | -- |
| IPX Named Access Lists | -- | Ð | Ð |
| IPX SAP-after-RIP | -- | Ð | Ð |
| NLSP Enhancements | -- | -- | Ð |
| WAN Services | |||
| Frame Relay MIB Extensions | Ð | Ð | Ð |
| Layer 2 Forwarding--Fast Switching | -- | -- | -- |
| Leased Line ISDN at 128 kbps | -- | -- | -- |
| PPP over ATM (Cisco 7500 only) | Ð | Ð | Ð |
| X.25 Enhancements | Ð | Ð | Ð |
| X.25 on ISDN | -- | -- | -- |
| X.28 Emulation | -- | -- | Ð |
| WAN Optimization | |||
| PAD Enhancements | -- | -- | Ð |
| IP Routing | |||
| DRP Server Agent | Ð | Ð | Ð |
| IP Enhanced IGRP Route Authentication | Ð | Ð | Ð |
| TCP Enhancements | Ð | Ð | Ð |
| TCP Intercept | -- | -- | Ð |
| Security | |||
| Double Authentication | Ð | Ð | Ð |
| Kerberized Telnet (Cisco 7500 and RSP7000 only) | -- | -- | Encrypt 56 |
| Per-User Configuration | Ð | Ð | Ð |
| Virtual Profiles | Ð | Ð | Ð |
| IBM Support | |||
| Tunneling of Asynchronous Security Protocols | Ð | Ð | Ð |
| Terminal Services | |||
| Virtual Templates for Protocol Translation | -- | -- | Ð |
| Feature Set | ||||
|---|---|---|---|---|
| Features | Network Layer 3 Switching | IP Routing | Desktop/IBM1 | Enterprise1 |
| LAN Support | ||||
| AppleTalk Access List Enhancements | -- | -- | Ð | Ð |
| IPeXchange Internet Gateway | -- | -- | -- | -- |
| IPX Named Access Lists | Ð | -- | Ð | Ð |
| IPX SAP-after-RIP | Ð | -- | Ð | Ð |
| NLSP Enhancements | -- | -- | -- | Ð |
| WAN Services | ||||
| Frame Relay MIB Extensions | Ð | Ð | Ð | Ð |
| Layer 2 Forwarding--Fast Switching | -- | -- | -- | -- |
| Leased Line ISDN at 128 kbps | -- | -- | -- | -- |
| PPP over ATM | -- | -- | -- | -- |
| X.25 Enhancements | Ð | Ð | Ð | Ð |
| X.25 on ISDN | -- | -- | -- | -- |
| X.28 Emulation | -- | -- | -- | Ð |
| WAN Optimization |
| |||
| PAD Enhancements | -- | -- | -- | Ð |
| IP Routing | ||||
| DRP Server Agent | Ð | Ð | Ð | Ð |
| IP Enhanced IGRP Route Authentication | Ð | Ð | Ð | Ð |
| TCP Enhancements | Ð | Ð | Ð | Ð |
| TCP Intercept | -- | -- | -- | Ð |
| Security | ||||
| Double Authentication | Ð | Ð | Ð | Ð |
| Kerberized Telnet | -- | -- | -- | -- |
| Per-User Configuration | Ð | Ð | Ð | Ð |
| Virtual Profiles | Ð | Ð | Ð | Ð |
| IBM Support | ||||
| Tunneling of Asynchronous Security Protocols | Ð | Ð | Ð | Ð |
| Terminal Services |
| |||
| Virtual Templates for Protocol Translation | Ð | Ð | Ð | Ð |
| Feature Set | |||||
|---|---|---|---|---|---|
| Features | IP Routing | IP/IPX/ IBM/APPN1 | Desktop (IP/IPX/ AppleTalk/DEC) | Desktop/ IPeXchange (IP/IPX/AppleTalk/ DEC/IPeXchange) | Enterprise2 |
| LAN Support | |||||
| AppleTalk Access List Enhancements | -- | -- | Ð | Ð | Ð |
| IPeXchange Internet Gateway (Cisco 2500 only) | -- | -- | -- | Ð | -- |
| IPX Named Access Lists | -- | Ð | Ð | Ð | Ð |
| IPX SAP-after-RIP | -- | Ð | Ð | Ð | Ð |
| NLSP Enhancements | -- | -- | -- | -- | Ð |
| WAN Services | |||||
| Frame Relay MIB Extensions | Ð | Ð | Ð | Ð | Ð |
| Layer 2 Forwarding--Fast Switching | -- | -- | Ð | Ð | Ð |
| Leased Line ISDN at 128 kbps (Cisco 4000, Cisco 4500, and Cisco 4700 only) | Ð | Ð | Ð | Ð | Ð |
| PPP over ATM | Ð | Ð | Ð | Ð | Ð |
| X.25 Enhancements | Ð | Ð | Ð | Ð | Ð |
| X.25 on ISDN | Ð | Ð | Ð | Ð | Ð |
| X.28 Emulation | -- | -- | -- | -- | Ð |
| WAN Optimization | |||||
| PAD Enhancements | -- | -- | -- | -- | Ð |
| IP Routing | |||||
| DRP Server Agent | Ð | Ð | Ð | Ð | Ð |
| IP Enhanced IGRP Route Authentication | Ð | Ð | Ð | Ð | Ð |
| TCP Enhancements | Ð | Ð | Ð | Ð | Ð |
| TCP Intercept | -- | -- | -- | -- | Ð |
| Security | |||||
| Double Authentication | Ð | Ð | Ð | Ð | Ð |
| Kerberized Telnet | -- | -- | -- | -- | Encrypt 56 |
| Per-User Configuration (Cisco 4500 only) | Ð | Ð | Ð | Ð | Ð |
| Virtual Profiles | Ð | Ð | Ð | Ð | Ð |
| IBM Support | |||||
| Tunneling of Asynchronous Security Protocols | Ð | Ð | Ð | Ð | Ð |
| Terminal Services |
| ||||
| Virtual Templates for Protocol Translation | -- | -- | -- | -- | Ð |
| Feature Set | ||||
|---|---|---|---|---|
| Features | ISDN | CFRAD | LAN FRAD | Remote Access Server |
| LAN Support | ||||
| AppleTalk Access List Enhancements | -- | -- | -- | -- |
| IPeXchange Internet Gateway | -- | -- | -- | -- |
| IPX Named Access Lists | Ð | -- | Ð | Ð |
| IPX SAP-after-RIP | Ð | -- | Ð | Ð |
| NLSP Enhancements | -- | -- | -- | -- |
| WAN Services | ||||
| Frame Relay MIB Extensions | -- | Ð | Ð | Ð |
| Layer 2 Forwarding--Fast Switching | -- | -- | -- | Ð |
| Leased Line ISDN at 128 kbps | -- | -- | -- | -- |
| PPP over ATM | -- | -- | -- | -- |
| X.25 Enhancements | -- | -- | -- |
|
| X.25 on ISDN | Ð | -- | -- | -- |
| X.28 Emulation | -- | -- | -- | -- |
| WAN Optimization | ||||
| PAD Enhancements | -- | Ð | -- | -- |
| IP Routing | ||||
| DRP Server Agent | -- | -- | -- | -- |
| IP Enhanced IGRP Route Authentication | Ð | Ð | Ð | Ð |
| TCP Enhancements | Ð | Ð | Ð | Ð |
| TCP Intercept | -- | -- | -- | -- |
| Security | ||||
| Double Authentication | Ð | Ð | Ð | Ð |
| Kerberized Telnet | -- | -- | -- | -- |
| Per-User Configuration | Ð | Ð | Ð | Ð |
| Virtual Profiles | Ð | Ð | Ð | Ð |
| IBM Support | ||||
| Tunneling of Asynchronous Security Protocols | -- | Ð | Ð | -- |
| Terminal Services |
|
|
|
|
| Virtual Templates for Protocol Translation | -- | Ð | -- | -- |
| Feature Set | |||
|---|---|---|---|
| Features | IP Routing | Desktop (IP/IPX/AppleTalk/DEC) | Enterprise1 |
| LAN Support | |||
| AppleTalk Access List Enhancements | -- | Ð | Ð |
| IPeXchange Internet Gateway | -- | -- | -- |
| IPX Named Access Lists | -- | Ð | Ð |
| IPX SAP-after-RIP | -- | Ð | Ð |
| NLSP Enhancements | -- | -- | Ð |
| WAN Services | |||
| Frame Relay MIB Extensions | Ð | Ð | Ð |
| Layer 2 Forwarding--Fast Switching | -- | Ð | Ð |
| Leased Line ISDN at 128 kbps | -- | -- | -- |
| PPP over ATM | -- | -- | -- |
| X.25 Enhancements | Ð | Ð | Ð |
| X.25 on ISDN | Ð | Ð | Ð |
| X.28 Emulation | -- | -- | Ð |
| WAN Optimization | |||
| PAD Enhancements | -- | -- | Ð |
| IP Routing | |||
| DRP Server Agent | Ð | Ð | Ð |
| IP Enhanced IGRP Route Authentication | Ð | Ð | Ð |
| TCP Enhancements | Ð | Ð | Ð |
| TCP Intercept | -- | -- | Ð |
| Security | |||
| Double Authentication | Ð | Ð | Ð |
| Kerberized Telnet | -- | -- | -- |
| Per-User Configuration | Ð | Ð | Ð |
| Virtual Profiles | Ð | Ð | Ð |
| IBM Support | |||
| Tunneling of Asynchronous Security Protocols | Ð | Ð | Ð |
| Terminal Services |
|
|
|
| Virtual Templates for Protocol Translation | -- | -- | Ð |
| Feature Set1 | ||||
|---|---|---|---|---|
| Features | IP Routing2 | IP/IPX Routing2 | IP/AppleTalk Routing2 | IP/IPX/AppleTalk Routing |
| LAN Support | ||||
| AppleTalk Access List Enhancements | -- | -- | -- | Plus |
| IPeXchange Internet Gateway | -- | -- | -- | -- |
| IPX Named Access Lists | -- | -- | -- | -- |
| IPX SAP-after-RIP | -- | Ð | -- | Ð |
| NLSP Enhancements | -- | -- | -- | Plus |
| WAN Services | ||||
| Frame Relay MIB Extensions (Cisco 1005 only) | Ð | Ð | Ð | Ð |
| Layer 2 Forwarding--Fast Switching | -- | -- | -- | -- |
| Leased Line ISDN at 128 kbps (Cisco 1003 and Cisco 1004 only) | Ð | Ð | Ð | Ð |
| PPP over ATM | -- | -- | -- | -- |
| X.25 Enhancements | Ð | Ð | Ð | Ð |
| X.25 on ISDN (Cisco 1003, Cisco 1004 only) | Ð | Ð | Ð | Ð |
| X.28 Emulation | -- | -- | -- | -- |
| WAN Optimization | ||||
| PAD Enhancements | -- | -- | -- | -- |
| IP Routing | ||||
| DRP Server Agent | -- | -- | -- | -- |
| IP Enhanced IGRP Route Authentication | Ð | Ð | Ð | Ð |
| TCP Enhancements | Ð | Ð | Ð | Ð |
| TCP Intercept | -- | -- | -- | -- |
| Security | ||||
| Double Authentication | Ð | Ð | Ð | Ð |
| Kerberized Telnet | -- | -- | -- | -- |
| Per-User Configuration | Ð | Ð | Ð | Ð |
| Virtual Profiles | Ð | Ð | Ð | Ð |
| IBM Support | ||||
| Tunneling of Asynchronous Security Protocols | -- | -- | -- | -- |
| Terminal Services |
|
|
|
|
| Virtual Templates for Protocol Translation | -- | -- | -- | -- |
| Feature Set | |
|---|---|
| Features | IP/X31 Routing1 |
| LAN Support | |
| AppleTalk Access List Enhancements | -- |
| IPeXchange Internet Gateway | -- |
| IPX Named Access Lists | -- |
| IPX SAP-after-RIP | -- |
| NLSP Enhancements | -- |
| WAN Services | |
| Frame Relay MIB Extensions (Cisco 1005 only) | Ð |
| Layer 2 Forwarding--Fast Switching | -- |
| Leased Line ISDN at 128 kbps (Cisco 1003 and Cisco 1004 only) | Ð |
| PPP over ATM | -- |
| X.25 Enhancements | Ð |
| X.25 on ISDN (Cisco 1003, Cisco 1004 only) | Ð |
| X.28 Emulation | -- |
| WAN Optimization |
|
| PAD Enhancements | -- |
| IP Routing | |
| DRP Server Agent | -- |
| IP Enhanced IGRP Route Authentication | Ð |
| TCP Enhancements | Ð |
| TCP Intercept | -- |
| Security | |
| Double Authentication | Ð |
| Kerberized Telnet | -- |
| Per-User Configuration | Ð |
| Virtual Profiles | Ð |
| IBM Support | |
| Tunneling of Asynchronous Security Protocols | -- |
| Terminal Services |
|
| Virtual Templates for Protocol Translation | -- |
| Feature Set | |||
|---|---|---|---|
| Features | IP/OSPF/PIM Routing1 | IP/Async1 | IP/IPX/Async1 |
| LAN Support | |||
| AppleTalk Access List Enhancements | -- | -- | -- |
| IPeXchange Internet Gateway | -- | -- | -- |
| IPX Named Access Lists | -- | -- | -- |
| IPX SAP-after-RIP | -- | -- | Ð |
| NLSP Enhancements | -- | -- | -- |
| WAN Services | |||
| Frame Relay MIB Extensions | Ð | Ð | Ð |
| Layer 2 Forwarding--Fast Switching | -- | -- | -- |
| Leased Line ISDN at 128 kbps | -- | -- | -- |
| PPP over ATM | -- | -- | -- |
| X.25 Enhancements | Ð | Ð | Ð |
| X.25 on ISDN | -- | -- | -- |
| X.28 Emulation | -- | -- | -- |
| WAN Optimization | |||
| PAD Enhancements | -- | -- | -- |
| IP Routing | |||
| DRP Server Agent | -- | -- | -- |
| IP Enhanced IGRP Route Authentication | Ð | Ð | Ð |
| TCP Enhancements | Ð | Ð | Ð |
| TCP Intercept | -- | -- | -- |
| Security | |||
| Double Authentication | Ð | Ð | Ð |
| Kerberized Telnet | -- | -- | -- |
| Per-User Configuration | Ð | Ð | Ð |
| Virtual Profiles | Ð | Ð | Ð |
| IBM Support | |||
| Tunneling of Asynchronous Security Protocols | -- | -- | -- |
| Terminal Services |
|
|
|
| Virtual Templates for Protocol Translation | -- | -- | -- |
Unless otherwise noted, the memory requirement for feature sets in Release 11.2 F are the same as Release 11.2. Platforms not available in Release 11.2 or 11.2 P are shown in Table 10.
For new Cisco platforms, also refer to the Release Notes for Cisco IOS Release 11.2 P.
Table 11 lists the current microcode versions for the Cisco 7000 series. Table 12 lists the current microcode versions for the Cisco 7500 series. Note that for the Cisco 7000 and Cisco 7500 series, microcode software images are bundled with the system software image--with the exception of the Channel Interface Processor (CIP) microcode (all system software images) and Versatile Interface Processor (VIP) microcode (certain system software images). Bundling eliminates the need to store separate microcode images. When the router starts, the system software unpacks the microcode software bundle and loads the proper software on all the interface processor boards. VIP and VIP2 microcode is bundled into all Cisco 7500 series feature sets listed in Table 1. VIP2C is bundled into Encryption feature sets.
| Processor or Module1 | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco IOS Release | AIP | EIP | FEIP | FIP | FSIP | HIP | MIP | SP | SSP | TRIP | VIP2 |
| Minimum Version Required | 10.15 | 10.1 | 10.4 | 10.2 | 10.18 | 10.2 | 12.0 | 11.15 | 11.15 | 10.3 | 22.20 |
| 11.2(3)F | 10.17 | 10.1 | 10.4 | 10.2 | 10.18 | 10.2 | 12.2 | 11.15 | 11.15 | 10.4 | 22.20 |
| 11.2(4)F | 10.17 | 10.1 | 10.4 | 10.2 | 10.19 | 10.2 | 12.2 | 11.15 | 11.15 | 10.4 | 22.20 |
| Processor or Module1 | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco IOS Release | AIP | EIP | FEIP | FIP | FSIP | HIP | MIP | POSIP | RSP22 | TRIP | VIP2 | VIP22 | VIP2C2,3 |
| Minimum Version Required | 20.8 | 20.2 | 20.3 | 20.1 | 20.4 | 20.0 | 22.0 | 20.0 | 20.0 | 20.0 | 22.20 | 22.20 | 22.20 |
| 11.2(3)F | 20.10 | 20.2 | 20.3 | 20.1 | 20.4 | 20.0 | 22.2 | 20.0 | 20.0 | 20.1 | 22.20 | 22.20 | 22.20 |
| 11.2(4)F | 20.10 | 20.2 | 20.3 | 20.1 | 20.6 | 20.0 | 22.2 | 20.0 | 20.0 | 20.1 | 22.20 | 22.20 | 22.20 |
Beginning with Cisco IOS Release 11.1, the CIP microcode is no longer bundled with the Cisco IOS software image. You must have Flash memory installed on the Route Processor (RP) card and 8 MB RAM installed on your CIP card to use the IBM channel attach features in Cisco IOS Release 11.1 and later. See the "Important Notes" section for more information about CIP microcode.
This section describes warnings and cautions about using the Cisco IOS Release 11.2 F software.
For additional information, refer to the Release Notes for Cisco IOS Release 11.2 and the Release Notes for Cisco IOS Release 11.2 P.
If you are upgrading to Cisco IOS Release 11.2 from an earlier Cisco IOS software release, you should save your current configuration file before installing Release 11.2 software on your router.
This section describes possibly unexpected behavior by Release 11.2(4)F. Unless otherwise noted, this caveat applies to all 11.2 F releases, up to and including 11.2(4)F. The caveats listed here describe only the serious problems. For additional caveats against this release, refer to the Release Notes for Cisco IOS Release 11.2 and the Release Notes for Cisco IOS Release 11.2 P. For additional caveats applicable to Release 11.2(4)F, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" later in this document.
This section describes possibly unexpected behavior by Release 11.2(3)F. Unless otherwise noted, this caveat applies to all 11.2 F releases, up to and including 11.2(3)F. The caveats listed here describe only the serious problems. For additional caveats against this release, refer to the Release Notes for Cisco IOS Release 11.2 and the Release Notes for Cisco IOS Release 11.2 P. For additional caveats applicable to Release 11.2(3)F, see the caveats sections for newer 11.2 F releases and use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" later in this document. The caveats for newer releases precede this section.
All caveats listed in this section are resolved in Release 11.2(4)F.
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can access CCO in the following ways:
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more up to date than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
|
|