|
|
January 5, 1998
These release notes describe the new features and significant software components for Cisco IOS Release 11.3T for Cisco 2500 series routers and access servers. These release notes contain information about Cisco Release 11.3T Early Deployment (ED) software, which should always be tried in a test network before being deployed in a production network. To maximize network operational stability, use the mainline software release only. (Mainline and ED software releases are defined in the section "Cisco IOS Release 11.3 Paradigm.")
These release notes discuss the following topics:
Similar to a train rolling down a track and picking up passengers, after a release of Cisco IOS software is released to customers it picks up software fixes along the way and is rereleased as maintenance releases. Maintenance releases provide the most stable software for your network, for the features you need. In addition to the mainline software "train," there is an early deployment (ED) train. The ED train-Release 11.3T-delivers fixes to software defects and support for new Cisco platforms and features. Figure 1 shows the Cisco IOS 11.3 and 11.3T train software releases.
| Caution When determining whether to deploy software from the Major or Early Deployment release train, you should weigh the importance you place on maximizing product capability versus maximizing operational stability. Regardless of the train you choose, an early release of software should always be tried in a test network before being deployed in a production network. |
Table 1 compares the Cisco IOS Release 11.3 software release trains supported by Cisco 2500 series access servers and routers.
| Software Release | Features | Known Software Caveats |
|---|---|---|
| Release 11.3 mainline | The following features are included:
|
All the software caveats for each 11.3 mainline maintenance release. |
| Release 11.3 T | The following features are included:
|
All the software caveats for each 11.3 mainline maintenance release and ED train 11.3 T release, as described in the section "Caveats for Release 11.3(1)". |
To determine which version of Cisco IOS software is running on your Cisco 2500 series router or access server, log in to the router and enter the show version User EXEC command:
router# show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-J-L), Version 11.3(1)T, RELEASE SOFTWARE
Copyright (c) 1986, 1997, 1998 by cisco Systems, Inc.
Compiled Wed 03-Dec-97 23:26 by ccaime
Image text-base: 0x03047AB8, data-base: 0x00001000
ROM: System Bootstrap, Version 5.2(8a), EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
BOOTFLASH: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a), EARLY DEPLOYMENT RELEASE SOFTWARE
router uptime is 4 hours 2 minutes
System restarted by reload
System image file is "flash:master/c2500-j-l.113-0.16.T", booted via flash
cisco 2500 (68030) processor (revision D) with 16384K/2048K bytes of memory.
Processor board ID 02438483, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)
Configuration register is 0x0
The following Cisco 2500 series routers and access servers are supported by Release 11.3T:
The following Cisco 2500 series access servers are supported by Release 11.3T: Cisco AS2509-RJ, AS2511-RJ, and 2509-ET.
Cisco IOS Release 11.3T supports the following platforms: Cisco AS2509-RJ and Cisco AS2511-RJ access servers. Table 2 and Table 3 summarize the interfaces supported for these devices. "Yes" means that a particular data rate or interface is supported.
| Interface | Cisco 2500 Series |
|---|---|
| Ethernet (AUI) | Yes |
| Ethernet (10BaseT) | Yes (2505, 2507, 2516, 2520, 2522, and 2524 only) |
| 4-Mbps Token Ring | Yes |
| 16-Mbps Token Ring | Yes |
| Synchronous Serial | Yes |
| Cisco 2500 Series | |
|---|---|
| Data Rate | |
| 48/56/64 kbps | Yes |
| 1.544/2.048 Mbps | Yes |
| Interface | |
| EIA/TIA-232 | Yes |
| X.21 | Yes |
| V.35 | Yes |
| EIA/TIA-449 | Yes |
| EIA-530 | Yes |
| Serial, synchronous and asynchronous | Yes |
| ISDN BRI S/T | Yes (2503, 2504, 2516, 2520, 2521, 2522, 2523, 2524, and 2525 only) |
| ISDN BRI U | Yes (2524 and 2525) |
The Cisco AS2509-RJ and Cisco AS2511-RJ access servers connect asynchronous serial devices to LANs and WANs. The access servers combine the functions of a terminal server, protocol translator, and a router, and perform both synchronous and asynchronous routing of supported protocols.
These access servers provide the following interfaces and ports:
Cisco Systems is introducing three new models in the Cisco 2500 series that are preconfigured as Frame Relay access devices (FRADs). The devices include the Cisco 2501FRAD-FX, Cisco 2501LANFRAD-FX, and Cisco 2502LANFRAD-FX. These new "Fixed FRADs" complement the existing Cisco 2500 serial and LAN FRAD models and offer a new entry point for cost-effective Frame Relay applications. The Fixed FRADs are ideal for branch office and remote office connectivity of legacy/ System Network Architecture (SNA) devices or cost-effective Frame Relay access.
Mission-specific routers are entry-level routers that are based on standard Cisco 2500 series hardware. However, mission-specific routers contain less memory than standard models and run reduced software images designed for CFRAD, LAN FRAD, and ISDN applications. The Cisco 2500 series fixed FRAD platforms are a variation of the Mission-specific CFRAD and LAN FRAD platforms. However, they are not upgradeable to routers like the mission-specific FRAD models.
The Cisco Fixed FRADs have been modified so that they do not execute non-FRAD Cisco IOS software images. This includes the images designed for other Cisco 2500 series systems. The Fixed FRAD routers cannot be upgraded to run feature sets that typically run on Cisco 2500 series routers.
The Fixed FRAD series includes three fixed-configuration hardware models with the following features:
The Generated SysObjectID's feature generates a unique sysObjectID for each Cisco 2500 series router and its derived partner product. For example, the sysObjectID values for a Cisco 2511, a partner's 2511, and another partner's 2511 are each different. The sysObjectID Simple Network Management Protocol (SNMP) MIB object is used to identify the device to be managed and make application-specific decisions. In some network management programs, this object determines which graphical element or name to display for a device.
When in severe overload conditions, routers that cannot keep up with the incoming packet stream must drop packets. If no intelligence is applied to choosing which ones to discard, this impacts the stability of routing protocols. This feature applies some simple choices to selectively discard packets likely to be unimportant for routing and interface stability. SPD is enabled by default; there are no commands or configuration tasks required.
The Cisco IOS software documentation is divided into nine modules and two master indexes. There are also four supporting documents.
Each module consists of two books: a configuration guide and a corresponding command reference. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Each configuration guide can be used in conjunction with its corresponding command reference.
Two master indexes provide indexing information for the Cisco IOS software documentation set: an index for the configuration guides and an index for the command references. In addition, individual books contain a book-specific index.
The Cisco IOS documentation set consists of the following books and chapter topics:
| Books | Chapter Topics |
|---|---|
| · Configuration Fundamentals Configuration Guide
· Configuration Fundamentals Command Reference | Configuration Fundamentals Overview
Cisco IOS User Interfaces File Management Interface Configuration System Management |
| · Network Protocols Configuration Guide, Part 1
· Network Protocols Command Reference, Part 1 | IP Addressing
IP Services IP Routing Protocols |
| · Network Protocols Configuration Guide, Part 2
· Network Protocols Command Reference, Part 2 | AppleTalk
Novell IPX |
| · Network Protocols Configuration Guide, Part 3
· Network Protocols Command Reference, Part 3 | Apollo Domain
Banyan VINES DECnet ISO CLNS XNS |
| · Wide-Area Networking Configuration Guide
· Wide-Area Networking Command Reference | ATM
Frame Relay SMDS X.25 and LAPB |
| · Security Configuration Guide
· Security Command Reference | Terminal Access Security
Network Access Security Accounting and Billing Filtering Traffic Preventing Fraudulent Route Updates Network Data Encryption |
| · Dial Solutions Configuration Guide
· Dial Solutions Command Reference | Dial Business Solutions and Examples
Dial-In Port Setup DDR and Dial Backup Remote Node and Terminal Service Cost-Control and Large-Scale Dial Solutions VPDN |
| · Cisco IOS Switching Services Configuration Guide
· Cisco IOS Switching Services Command Reference | Switching Paths for IP Networks
· Fast Switching · Autonomous Switching · NetFlow Switching · Optimum Switching Virtual LAN (VLAN) Switching and Routing · Inter-Switch Link Protocol Encapsulation · IEEE 802.10 Encapsulation · LAN Emulation |
| · Bridging and IBM Networking Configuration Guide
· Bridging and IBM Networking Command Reference | Transparent Bridging
Source-Route Bridging Remote Source-Route Bridging DLSw+ STUN and BSTUN LLC2 and SDLC IBM Network Media Translation DSPU and SNA Service Point SNA Frame Relay Access Support APPN NCIA Client/Server Topologies IBM Channel Attach |
| · Cisco IOS Software Command Summary
· Dial Solutions Quick Configuration Guide · System Error Messages · Debug Command Reference |
The Cisco IOS software documentation set is available as printed manuals or electronic documents. You can access the electronic documents either on the Cisco Documentation CD-ROM or at Cisco Connection Online (CCO) on the World Wide Web:
New online navigation enhancements for Release 11.3 include:
For additional information about the Documentation CD-ROM and CCO, refer to the sections "Cisco Connection Online" and "Documentation CD-ROM" at the end of these release notes.
This section describes new software features available only in software release 11.3(1)T and above. For more information about configuring the following new features, from CCO go to Cisco Product Documentation, select Cisco IOS Software Configuration, click on Cisco IOS Release 11.3, select Cisco IOS 11.3T New Feature Documentation, and then click on 11.3(1)T New Features. This information is also available on the Documentation CD-ROM.
This section is divided into the following two subjects:
This section describes the LAN Support software features that are new in the initial release of Cisco IOS Release 11.3T.
The x digital subscriber line bridge support feature enables you to configure a router for intelligent bridge flooding for x digital subscriber line and other bridge applications.
This section describes the Management software features that are new in the initial release of Cisco IOS Release 11.3T.
The SNMP Inform Requests feature allows routers to send inform requests to SNMP managers. Agent routers can send SNMP notifications to SNMP managers when particular events occurs.
For example, an agent router might send a message to a manager when the agent router experiences an error condition. SNMP notifications can be sent as traps or inform requests. Traps are unreliable because the receiver does not send acknowledgments when it receives traps. The sender cannot determine if the traps were received. However, an SNMP entity that receives an inform request acknowledges the message with an SNMP response PDU. If the sender never receives the response, the inform request can be sent again.
Thus, informs are more likely to reach their intended destination. However, informs consume more resources in the agent and in the network. Unlike a trap, which is discarded as soon as it is sent, an inform request must be held in memory until a response is received or the request times out. Also, traps are sent only once, while an inform may be retried several times. The retries increase traffic and contribute to a higher overhead on the network.
The SNMP Manager feature allows a router to serve as an SNMP manager. As an SNMP manager, the router can send SNMP requests to agents and receive SNMP responses and notifications from agents. When the SNMP manager process is enabled, the router can query other SNMP agents and process incoming SNMP traps.
The following software enhancements have been added to Release 11.3. These features are available in all software trains of Release 11.3. Separate documentation that is available with each release of the ED software trains describes the additional functionality that is available in ED software releases.
This section is divided into the following subjects:
This section describes the IBM network software features that are new in the initial release of Cisco IOS Release 11.3.
High Performance Routing (HPR) is an enhancement to APPN that improves network performance and reliability. Considered the next step in the evolution of SNA networking, HPR replaces the APPN routing technique called intermediate session routing (ISR) and provides significant performance improvements over ISR.
HPR replaces ISR with two elements: Rapid Transport Protocol (RTP) and Automatic Network Routing.
RTP is a transport protocol that provides functions including error recovery, packet resequencing, segmentation, selective retransmissions, flow control, and congestion control. It incorporates a new congestion avoidance algorithm, Adaptive Rate-Based congestion control. ARB is preventive rather than a reactive congestion control mechanism and maximizes the usage of limited and costly bandwidth with consistent response time under heavy traffic.
Automatic Network Routing is a new type of connectionless source routing with priority. Automatic Network Routing provides a low level routing mechanism that minimizes cycles and storage requirements for routing packets through intermediate nodes.
Cisco's HPR is compliant with Version 6 of the HPR architecture of record. All functions are interoperable with the following IBM major platforms:
The router APPN MIB implementation has been updated to support a new MIB definition recently approved by the APPN Implementors Workshop (AIW). The new MIB provides better manageability of APPN network nodes across implementations. It also adds objects for supporting connection networks.
In this release Cisco supports both the current and new MIBs to allow for migration of our application customers from the current version which supports RFC 1593 to a new version for this new MIB.
APPN over Ethernet LAN Emulation (LANE) is an enhancement to Cisco's APPN intermediate session routing (ISR) implementation that allows an APPN router to participate in an emulated LAN. APPN over Ethernet LANE enables the APPN network node on the router to communicate with an end system on a switched LAN environment.
Two new APPN Scalability Enhancement features, Locate Throttling and Negative Caching, allow you to tune your APPN network to conserve network resources by queuing redundant searches and retaining unreachable searches.
The Locate Throttling feature prevents multiple broadcast locate searches that can occur when more than one resource requests sessions with the same destination LU.
The Negative Caching feature prevents excess searches to unreachable resources.
Three types of encapsulation are supported in DLSw+: direct, Fast-Sequenced Transport (FST), and TCP. Previously, DLSw+ supported only backup peers for FST and TCP peer types. This new Frame Relay/Direct Backup Peer feature extends the backup peer capability to all types of DLSw+ transportation types.
Cisco's Bisync 3780 Support feature has been enhanced to add a user-configurable address on contention interfaces.
The Cisco Bisync support protocol stack (BSC) Extended Addressing feature enables the user to configure a set of nonstandard Bisync addresses (for non-IBM Bisync devices that do not use the standard set of 3270 Control Unit addresses).
The BSTUN over Frame Relay feature provides a tunnel mechanism for Binary Synchronous Communications protocol (bisync) without using TCP/IP encapsulation.
Cisco MultiPath Channel (CMPC) is Cisco Systems' implementation of IBM's MultiPath Channel (MPC) feature. CMPC allows the virtual telecommunications access method (VTAM) to establish Advanced-Peer-to-Peer Networking (APPN) connections using both High Performance Routing (HPR) and Intermediate Session Routing (ISR) through a channel-attached Cisco 7000 series router using the MPC protocols.
With the Border Peer Caching feature, border peers can build three caches (local, remote, and group) and check these caches before forwarding explorers for other routers.
The Cisco DLSw+ Management Information Base (MIB) enhancement feature now includes more information about the "plus" features. For example, the MIB describes the encapsulation type being used: direct, LLC2, FST, and TCP. Furthermore, for FST and direct, which use fast cache entries instead of circuits to establish sessions, the MIB now includes FST and direct cache entries.
The MIB also describes configured defaults for promiscuous and on-demand peers. It provides information about border peers, dynamic peers, and backup peers. Previously the MIB did not know about the remote peer's IP address when using direct or LLC2 encapsulation. Now the remote peer's IP address is sent through the capabilities exchange and listed in the MIB. Finally, the new MIB includes traps for peer up or down and circuit up or down. This MIB provides SNMP network management access to most of the information in the show dlsw capabilities command.
DLSw+ SNA type of service (TOS) sets the IP precedence bits in the IP header of DLSw+ packets. When APPN is running with DLSw+ and the priority option is specified on the dlsw remote peer command, SNA TOS maps APPN class of service (COS) to TCP TOS.
The Frame Relay Access Support (FRAS) Boundary Network Node (BNN) enhancement provides seamless processing at the router regardless of end station changes. End stations can be added or deleted without reconfiguring the router. The FRAS BNN enhancement coexists with the original FRAS BNN feature.
Frame Relay Access Support (FRAS) Dial Backup over DLSw+ is an enhancement to Cisco's FRAS implementation that allows you to configure a secondary path that is used when the Frame Relay network becomes unavailable. If preconfigured properly, when the primary link to the Frame Relay WAN fails, FRAS Dial Backup over DLSw+ moves existing sessions to the alternate link automatically. When the primary link is restored, existing sessions are kept on the backup connection so they can be moved nondisruptively to the primary link at the user's discretion.
Frame Relay Access Support (FRAS) DLCI Backup is an enhancement to Cisco's FRAS implementation that lets you configure a secondary serial or ISDN path to the host, to be used when the Frame Relay network becomes unavailable. When the primary Frame Relay link to the Frame Relay WAN fails, the FRAS DLCI Backup feature causes the router to reroute all sessions from the main Frame Relay interface to the secondary interface. The secondary interface can be either serial or ISDN, and must have a data link connection identifier (DLCI) configured.
The FRAS (Frame Relay Access Support) Host feature provides connectivity from a Systems Network Architecture (SNA) Frame Relay Access Device (FRAD) to a Cisco router for SNA mainframe access. This feature also provides connectivity from remote SNA FRADs to LAN-attached front-end processors (FEPs) or to LAN-attached SNA minicomputers (such as AS/400s).
The FRAS Management Information Base (MIB) CISCO-DLCSW-MIB.MY is a collection of managed objects that can be accessed via a network management protocol, such as SNMP. The objects in the MIB support LLC- and SDLC-attached devices for both BNN and BAN formats of RFC 1490. The FRAS MIB user interface is defined by the network manager's SNMP application.
Data-link switching plus (DLSw+) now supports LLC2-to-Synchronous Data Link Control (SDLC) Protocol conversion between PU4 devices. The LLC2-SDLC for PU 4 feature allows a SDLC-attached FEP to communicate over DLSw+ to a LAN-attached FEP.
DLSw+ now filters NetBIOS Session Alive packets from the WAN. This feature allows you to transport NetBIOS in a dial-on-demand routing (DDR) environment by filtering NetBIOS Session Alive packets. NetBIOS periodically sends Session Alive packets as LLC2 I-frames. These packets do not require a response and are superfluous to the function of proper data flow. Furthermore, these packets keep dial-on-demand interfaces up and this up time causes unwanted per-packet charges in DDR networks.
This feature extends support for source-route bridging (SRB) on an FDDI interface to the Cisco 4000-M, Cisco 4500-M, and Cisco 4700-M routers.
Cisco IOS encapsulates source-route bridging (SRB) traffic using RFC 1490 Bridged 802.5 encapsulation to provide SRB over Frame Relay functionality. This functionality may be used between Cisco routers or between a Cisco router and RFC 1490-compliant FRADs or routers.
Logical unit (LU) nailing allows a client IP address to be mapped, or "nailed," to one or more LU local addresses on one or more physical units (PUs) by means of router configuration commands. You can control the relationship between the TN3270 client and the LU.
Clients from traditional TN3270 (non-TN3270E) devices can connect to specific LUs, which overcomes a limitation of TN3270 devices that cannot specify a "CONNECT LU." LU nailing is useful for TN3270E clients, because you can perform the configuration at the router, providing central control, rather than at the client.
The enhancements for the TN3270 server include the following:
Cisco provides full RFC 1646 printer support in the TN3270 server. There are no configuration tasks or other options required in the CIP to take advantage of this support. Prior versions of the TN3270 server feature provided RFC 1647 support.
The Function Management Header (FMH) support is provided in the context of providing printer support for the Kanji character set. There are no configuration tasks or other options required in the CIP to take advantage of this support.
When a client does not support FMH and the host sends an FMH, the client will report a bad datastream or print random data. Prior to TN3270 server support of FMH, when a host sent an FMH the session would be unbound.
With suitable host and client software, you can now print double-byte character set characters over an LU type 1 session.
The TN3270 server now translates the host SNA character string (SCS) to 3270DS. In the initial release of TN3270 server, you were required to set up the host to provide either SCS or 3270DS data, depending on the needs of the client. That requirement no longer exists.
The TN3270 server supports IP type of service (TOS) precedence setting. TOS is used in router networks to make routing decisions for the generated IP packets. The TN3270 server generates packets that comply to IP TOS/precedence values. (Refer to RFC 1349 for a description of IP TOS/precedence.)
The Token Ring LANE (TR-LANE) feature emulates an IEEE 802.5 Token Ring LAN using ATM technology. LANE provides a service interface for network layer protocols that is identical to existing MAC layers. No changes are required to existing upper layer protocols and applications. With TR-LANE, Token Ring packets are encapsulated in the appropriate ATM cells and sent across the ATM network. When the packets reach the other side of the ATM network, they are de-encapsulated. LANE essentially bridges LAN traffic across ATM switches.
TR-LANE allows legacy Token Ring LAN users to take advantage of ATM's benefits without modifying end-station hardware or software.
ATM uses connection-oriented service with point-to-point signaling or multicast signaling between source and destination devices. However, Token Ring LANs use connectionless service. Messages are broadcasts to all devices on the network. With TR-LANE, routers and switches emulate the connectionless service of a Token Ring LAN for the endstations.
Cisco's implementation of block serial tunneling (BSTUN) encapsulates Binary Synchronous Communications protocol (Bisync), Adplex, ADT Security Systems, Inc., Diebold, and asynchronous generic traffic for transfer over router links.
Cisco's tunneling of asynchronous security protocols feature (ASP) enables your Cisco 2500, 4000, or 4500 series router to support devices that use the following asynchronous security protocols:
These protocols enable enterprises to transport polled asynchronous traffic over the same network that supports their Systems Network Architecture (SNA) and multiprotocol traffic, eliminating the need for separate facilities.
Silicon Switch Processor (SSP) address resolution packets will now be sent via User Datagram Protocol (UDP) unicast service rather than via TCP. SSP packets include: CANUREACH.EX, NETBIOS_NAME_QUERY_EX, NB_ADD_NAME.QUERY_EX, and DATAFRAME.
UDP Unicast enhances the scalability of TCP peer networks because it allows DLSw+ to better control address resolution packets and unnumbered information (UI) frames during periods of congestion. Previously, these frames were carried over TCP. TCP retransmits frames that get lost or delayed in transit, and hence aggravate congestion. Because address resolution packets and UI frames are not sent on a reliable transport on the LAN, sending them reliably over the WAN is unnecessary. By using UDP for these frames, DLSw+ minimizes network congestion.
UDP Unicast Enhancement does not affect Fast-Sequenced Transport (FST) or direct peer encapsulations.
This section describes the Internet software feature that is new in the initial release of Cisco IOS Release 11.3.
The Director Response Protocol (DRP), a simple User Datagram Protocol (UDP)-based application developed by Cisco Systems, enables Cisco's DistributedDirector product to query routers (DRP Server Agents) in the field for Border Gateway Protocol (BGP) and Interior Gateway Protocol (IGP) routing table metrics between distributed servers and clients. DistributedDirector, a separate standalone product, uses DRP to transparently redirect end-user service requests to the topologically closest responsive server. DRP enables DistributedDirector to provide dynamic, scalable, and "network intelligent" Internet traffic load distribution between multiple geographically dispersed servers.
DRP Server Agents are border routers (or peers to border routers) that support the geographically distributed servers for which DistributedDirector service distribution is desired. Note that, because DistributedDirector makes decisions based on BGP and IGP information, all DRP Server Agents must have access to full BGP and IGP routing tables.
Refer to the Cisco DistributedDirector 2500 Series Installation and Configuration Guide or the Cisco DistributedDirector 4700-M Installation and Configuration Guide for information on how to configure DistributedDirector.
This section describes the IP routing software features that are new in the initial release of Cisco IOS Release 11.3.
The Easy IP (Phase 1) feature combines Network Address Translation (NAT) and PPP/Internet Protocol Control Protocol (IPCP). This feature enables a Cisco router to automatically negotiate its own registered WAN interface Internet Protocol (IP) address from a central server and to enable all remote hosts to access the global Internet using this single registered IP address. Because Easy IP uses existing port-level multiplexed NAT functionality within the Cisco IOS software, IP addresses on the remote LAN are invisible to the Internet.
The Hot Standby Router Protocol (HSRP) provides a very high level of redundancy between hosts and gateway routers. With HSRP, users realize high network availability by enabling backup routes between hosts on Ethernet, Fast Ethernet, FDDI, and Token Ring networks. Cisco IOS devices that are running the HSRP send and receive multicast hello packets to detect router failure and to designate active and standby routers.
HSRP was first introduced with ATM LAN Emulation in Cisco IOS Release 11.0 and in Release 11.1 for virtual LAN (VLAN) configurations in IP networks using IEEE 802.10 encapsulations on FDDI media. Starting with Release 11.2, HSRP is also supported over Inter-Switch Links (ISLs) in VLAN configurations on FastEthernet. Now, HSRP functionality can be deployed with Cisco IOS VLANS using IEEE 802.10 on FDDI, ATM LAN Emulation, and ISL encapsulation on Fast Ethernet.
This feature provides MD5 authentication of routing updates from the IP EIGRP routing protocol. The MD5 keyed digest in each IP Enhanced IGRP packet prevents the introduction of unauthorized or false routing messages from unapproved sources.
The TCP selective acknowledgment feature improves performance in the event that multiple packets are lost from one TCP window of data. Prior to this feature, with the limited information available from cumulative acknowledgments, a TCP sender could learn about only one lost packet per round-trip time. An aggressive sender could choose to retransmit packets early, but such retransmitted segments might have already been successfully received.
The TCP selective acknowledgment mechanism helps improve performance. The receiving TCP host returns selective acknowledgment packets to the sender, informing the sender of data that has been received. In other words, the receiver can acknowledge packets received out of order. The sender can then retransmit only the missing data segments (instead of everything since the first missing packet).
Prior to selective acknowledgment, if TCP lost packets 4 and 7 out of an 8-packet window, TCP would receive acknowledgment of only packets 1, 2, and 3. Packets 4 through 8 would have to be resent. With selective acknowledgment, TCP receives acknowledgment of packets 1, 2, 3, 5, 6, and 8. Only packets 4 and 7 have to be resent. Refer to RFC 2018 for more detailed information on TCP selective acknowledgment.
The TCP timestamp option provides better TCP round-trip time measurements. Because the timestamps are always sent and echoed in both directions and the timestamp value in the header is always changing, TCP header compression will not compress the outgoing packet. To allow TCP header compression over a serial link, the TCP timestamp option is disabled. Refer to RFC 1323 for more detailed information on TCP timestamp.
This section describes the LAN support software features that are new in the initial release of Cisco IOS Release 11.3.
This feature adds functionality and improved performance when using AppleTalk access lists and filters.
The specific AppleTalk access list enhancements include the following:
DECnet Accounting allows you to collect information about DECnet packets and the number of bytes that are switched through the Cisco IOS software. You collect accounting information based on the source and destination DECnet addresses. DECnet accounting tracks only DECnet traffic that is routed out an interface on which DECnet accounting is configured; it does not include traffic generated by or terminating at the router itself.
This feature allows you to identify IPX access lists with an alphanumeric string (a name) rather than a number. This feature allows you to configure an unlimited number of the following types of access lists:
If you identify your access list with a name rather than a number, the mode and command syntax are slightly different. Currently, only packet and route filters can use a named list.
This feature allows you to maintain security by using a separate and easily identifiable access list for each user or interface. It also removes the limit of 100 lists per filter type.
Consider the following before configuring IPX named access lists:
This feature links Service Advertising Protocol (SAP) updates to Routing Information Protocol (RIP) updates so that SAP broadcast and unicast updates automatically occur immediately after the completion of the corresponding RIP update. It ensures that no service information will be rejected by a remote router because it lacks a valid route to the service. As a result of this feature, periodic SAP updates are sent at the same frequency as RIP updates.
The default behavior of the router is to send RIP and SAP periodic updates with each using its own update interval, depending on the configuration. In addition, RIP and SAP periodic updates are jittered slightly, such that they tend to diverge from each other over time. This feature synchronizes SAP and RIP updates.
In addition, it is now possible to disable the sending of general RIP and/or SAP queries on a link when it first comes up.
Sending all SAP and RIP information in a single update reduces bandwidth demands and eliminates erroneous rejections of SAP broadcasts.
Linking SAP and RIP updates populates the service table at the remote router more quickly, because services will not be rejected due to the lack of a route to the service. This can be especially useful on WAN circuits where the update intervals have been greatly increased to reduce the overall level of periodic update traffic on the link.
RIP and SAP general queries are normally sent by remote routers when a circuit first comes up. On WAN circuits, two full updates of each kind are often sent across the link. The first update is a full broadcast update, triggered locally by the link-up event. The second update is a specific (unicast) reply triggered by the general query received from the remote router. By disabling the sending of general queries when the link first comes up, it is possible to reduce traffic to a single update, and save bandwidth.
This feature allows the router to interpret the maximum lifetime field in a Level 1 link-state packet (LSP) in hours or seconds. Previously, the field was interpreted in seconds only.
By being able to interpret the maximum lifetime field in hours, the router will be able to keep LSP packets for a much longer time which will reduce overhead on slower-speed serial links and keep ISDN links from becoming active unnecessarily.
The NLSP Multicast Support feature adds support for the use of NLSP multicast addressing for Ethernet, Token Ring, and FDDI router interfaces. This capability is only possible when the underlying Cisco hardware device or driver supports multicast addressing.
With this feature, the router defaults to using multicasts on Ethernet, Token Ring, and FDDI interfaces, instead of broadcasts, to address all NLSP routers on the network. If an adjacent neighbor does not support NLSP multicasting, the router will revert to using broadcasts on the affected interface.
When routers running prior versions of Cisco IOS software are present on the same network with routers running Cisco IOS Release 11.3 software, broadcasts will be used on any segment shared by the two routers.
This section describes the Management software features that are new in the initial release of Cisco IOS Release 11.3.
A Cisco IOS command line interface is available for setting two Cisco Call History MIB parameters. These parameters are the number of entries to be retained by the MIB and the length of time to retain them, which correspond to the following MIB objects:
When you save the router configuration before reloading the router, the parameter values are also saved.
Before this release, SNMP was the only available means for setting the values of these parameters. However, when the parameters are set by SNMP, the old values are lost and the parameters are reset to their default values whenever a router is reloaded. The Cisco Call History MIB command line interface is enabled by default.
The Cisco IOS Internationalization feature allows you to use HTML Server Side Includes (SSIs) to customize international or non-international HTML pages used for the Cisco Web browser interface (for example, ClickStart pages) and store them in Flash memory on multiple Cisco IOS platforms. In addition, this feature allows you to display 8-bit or multibyte international character sets (for example, Japanese) and print the escape (ESC) character as a single character instead of as the caret and bracket symbols (^[) on the Cisco Web browser and at the router command line.
The Entity MIB (RFC 2037) describes the logical resources, physical resources, and logical-to-physical mappings of devices managed by a single SNMP agent. This feature implements the first phase of the Entity MIB, the Logical Entity Table. The Logical Entity Table describes the logical entities managed by a single agent. The Entity MIB also records the time of the last modification to any object in the Entity MIB and sends out a trap when any object is modified. The Entity MIB provides no managed objects with write access.
The SNMPv2C feature replaces support for SNMPv2Classic with support for SNMPv2 and SNMPv2C. SNMPv2C replaces the Party-based Administrative and Security Framework of SNMPv2Classic with the Community-based Administrative Framework while retaining 64-bit counters and get-bulk functionality. This feature implements RFCs 1901 through 1907, deprecating the implementation of RFCs 1441 through 1451.
Cisco IOS software continues to support SNMPv1.
The following commands are obsolete in Release 11.3:
In addition, the snmp-server trap-authentication command has been deprecated. Use the snmp-server enable traps snmp authentication command in its place. Existing configurations that use the snmp-server trap-authentication command are not affected; however, this command will not be saved to the startup configuration.
Virtual profiles is a unique PPP application that defines and applies per-user configuration information for users who dial in to a router. Virtual profiles allow user-specific configuration information to be applied irrespective of the media used for the dial-in call. The configuration information for virtual profiles can come from a virtual interface template, per-user configuration information stored on an AAA server, or both, depending on how the router and AAA server are configured.
Virtual profiles are intended to overcome current limitations on network scalability:
Virtual profiles overcome the limitations listed above by providing a unique interface for each user dialing in to a Cisco router/access server.
This section describes the multimedia software features that are new in the initial release of Cisco IOS Release 11.3.
You can now configure load splitting of IP multicast traffic across equal-cost paths. Prior to this feature, when there were equal-cost paths between routers, IP multicast packets traversed only one path. If a tunnel was configured, the same next hop was always used, and no load splitting occurred.
IP multicast load splitting is accomplished indirectly by consolidating the available bandwidth of all the physical links into a single tunnel interface. The underlying physical connections then use existing unicast load-splitting mechanisms for the tunnel (multicast) traffic.
By configuring load splitting among equal-cost paths, you can use your links between routers more efficiently when sending IP multicast traffic.
IP multicast over ATM point-to-multipoint virtual circuits is a feature that dynamically creates ATM point-to-multipoint switched virtual circuits (SVCs) to handle IP multicast traffic more efficiently. The feature can enhance router performance and link utilization because packets are not replicated and sent multiple times over the ATM interface.
Prior to this feature, IP multicast datagrams used the MAC-level broadcast address 0xFFFF.FFFF.FFFF. That placed an unnecessary burden on all devices that did not participate in IP multicast. The IP multicast over Token Ring LANs feature defines a way to map IP multicast addresses to a single Token Ring MAC address. This feature defines the Token Ring functional address (0xc000.0004.0000) that should be used over Token Ring. Cisco Systems' implementation complies with RFC 1469, IP Multicast over Token-Ring Local Area Networks (June 1993).
IP multicast transmissions over Token Ring interfaces are more efficient than they used to be. This feature reduces the load on other machines that do not participate in IP multicast because they do not receive these packets.
The following restrictions apply to this feature:
When using PIM in a large network, there are often stub regions over which the administrator has limited control. To reduce the configuration and administration burden, you can configure a subset of PIM functionality that provides the stub region with connectivity, but does not allow it to participate in or potentially complicate any routing decisions.
Stub IP multicast routing allows simple multicast connectivity and configuration at stub networks. It eliminates periodic flood-and-prune behavior across slow-speed links (ISDN and below) using dense mode. It does this by using forwarded IGMP reports as a type of Join message and selective PIM message filtering.
This section describes the quality of service software features that are new in the initial release of Cisco IOS Release 11.3.
Real-time Transport Protocol (RTP) is a protocol used for carrying packetized audio and video traffic over an IP network. RTP is described in RFC 1889. RTP is not intended for data traffic, which uses Transmission Control Protocol (TCP) or User Datagram Protocol (UDP). RTP provides end-to-end network transport functions intended for applications transmitting real-time requirements, such as audio, video, or simulation data over multicast or unicast network services.
The minimal 12 bytes of the RTP header, combined with 20 bytes of IP header and 8 bytes of UDP header create a 40-byte IP/UDP/RTP header. The RTP packet has a payload of approximately 20 to 150 bytes for audio applications that use compressed payloads. It is very inefficient to transmit the IP/UDP/RTP header without compressing it.
The RTP header compression feature compresses the IP/UDP/RTP header in an RTP data packet from 40 bytes to approximately 2 to 5 bytes. It is a hop-by-hop compression scheme similar to RFC 1144 for TCP header compression. Using RTP header compression can benefit both telephony voice and multicast backbone (MBONE) applications running over slow links.
RTP header compression is supported on serial lines using Frame Relay, HDLC, or PPP encapsulation. It is also supported over ISDN interfaces.
Enabling compression on both ends of a low-bandwidth serial link can greatly reduce the network overhead if there is a lot of RTP traffic on that slow link. This compression is beneficial especially when the RTP payload size is small (for example, compressed audio payloads of 20-50 bytes). Although the MBONE-style RTP traffic has higher payload sizes, compact encodings like Compressed Encoding for Linear Prediction (CELP) can also help considerably.
This section describes the security software features that are new in the initial release of Cisco IOS Release 11.3.
Double Authentication provides additional authentication for Point-to-Point Protocol (PPP) sessions. Previously, PPP session authentication was limited to CHAP (or PAP). With Double Authentication, you essentially require remote users to pass a second stage of user authentication--after CHAP or PAP authentication--before they can gain network access.
If you configure your local host (NAS or router) for Double Authentication, remote users will be required to complete a second stage of authentication to gain their assigned user network privileges. This second ("double") authentication requires a password that is known to the user but not stored on the user's remote host. Therefore, the second authentication is specific to a user, not to a host. This feature provides an additional level of security that is effective even if the remote host is stolen.
Encrypted Kerberized Telnet enables a router to initiate or receive an encrypted Telnet session. Previously, all Telnet session traffic could only be transmitted as cleartext (readable) data.
You can use Encrypted Kerberized Telnet when establishing a Telnet session to or from a router. When you use this feature, first you are authenticated by your Kerberos credentials, and then an encrypted Telnet session is established. Cisco's Encrypted Kerberized Telnet uses the following encryption standard: 56-bit Data Encryption Standard (DES) encryption with 64-bit Cipher Feedback (CFB).
This feature is available only if you have the 56-bit encryption image. 56-bit DES encryption is subject to U.S. government export control regulations.
All Cisco routers and access servers running Cisco IOS Release 11.0(6) or later have an HTTP server, which is an embedded subcomponent of the Cisco IOS software. The HTTP server allows users with a privilege level of 15 to issue Cisco IOS commands from a predefined home page using a Web browser. Cisco IOS software currently allows only users with a privilege level of 15 to access the Cisco Web browser interface. In Cisco IOS Release 11.3, the HTTP security feature enables users with a privilege level other than 15 to access the HTTP server.
In addition, a new command has been added to specify how HTTP server users are authenticated. The HTTP server in the Cisco IOS Release 11.2 software uses the enable password method to authenticate a user at privilege level 15. In Release 11.3, system administrators can now specify enable; local; Terminal Access Controller Access Control System (TACACS); or authentication, authorization, and accounting (AAA) user authentication.
The HTTP Security feature enables network administrators to provide HTTP server access to users with a privilege level of less than 15. This feature allows the Cisco Web browser interface to mirror the functionality of the command-line interface (CLI).
The per-user configuration can tie together the following dial-in features:
A virtual access interface created dynamically for any user dial-in session is deleted when the session ends. The resources used during the session are returned for other dial-in uses.
With per-user configuration:
Reflexive access lists allow IP packets to be filtered based on upper-layer session information. You can use reflexive access lists to permit IP traffic for sessions originating from within your network, but to deny IP traffic for sessions originating from outside your network. This is known as "reflexive" filtering, a type of session filtering.
Reflexive access lists can be defined with extended named IP access lists only. You cannot define reflexive access lists with numbered or standard named IP access lists, or with other protocol access lists.
The TCP intercept feature implements software to protect TCP servers from TCP SYN-flooding attacks, which are a type of denial-of-service attack. A SYN-flooding attack occurs when a hacker floods a server with a barrage of requests for connection. Because these messages have unreachable return addresses, the connections cannot be established. The resulting volume of unresolved open connections eventually overwhelms the server and can cause it to deny service to valid requests, thereby preventing legitimate users from connecting to a Web site, accessing e-mail, using FTP service, and so on.
The TCP intercept feature helps prevent SYN-flooding attacks by intercepting and validating TCP connection requests. In intercept mode, the TCP intercept software intercepts TCP synchronization (SYN) packets from clients to servers that match an extended access list. The software establishes a connection with the client on behalf of the destination server and, if successful, establishes the connection with the server on behalf of the client and knits the two half-connections together transparently. Thus, connection attempts from unreachable hosts will never reach the server. The software continues to intercept and forward packets throughout the duration of the connection.
Remote Authentication Dial-In User Server (RADIUS) is an access server authentication and accounting protocol originally developed by Livingston, Inc. Although an Internet Engineering Task Force (IETF) draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the network access server and the RADIUS server, some vendors have extended the RADIUS attribute set in a unique way. Cisco IOS software currently supports the IETF draft standard RADIUS. In this release, Cisco IOS software introduces support for the most common vendor-proprietary RADIUS attributes.
Some vendor-proprietary implementations of RADIUS let the administrator define static routes and IP pool definitions on the RADIUS server, instead of on each individual network access server. As each network access server starts up, it queries the RADIUS server for static route and IP pool information. In this release, a new command enables the Cisco router to obtain static routes and IP pool definition information from the RADIUS server at start-up time. This frees the user from having to configure such information on each individual network access server.
This section describes the switching software features that are new in the initial release of Cisco IOS Release 11.3.
AppleTalk can now be routed over virtual LAN (VLAN) subinterfaces using ISL and IEEE 802.10 VLAN encapsulating protocols. The AppleTalk Routing over ISL and IEEE 802.10 in Virtual LANs feature provides full-feature Cisco IOS AppleTalk support on a per-VLAN basis, allowing standard AppleTalk capabilities to be configured on VLANs. This feature allows users to configure consolidated VLAN routing over a single VLAN trunking interface.
Prior to introduction of this feature, AppleTalk could be routed only on the main interface on a LAN port. If AppleTalk routing was disabled on the main interface or if the main interface was shut down, the entire physical interface would stop routing any AppleTalk packets. With this feature enabled, AppleTalk routing on subinterfaces will be unaffected by changes in the main interface.
Banyan VINES can now be routed over virtual LAN (VLAN) subinterfaces using the ISL encapsulation protocol. The Banyan VINES Routing over ISL Virtual LANs feature provides full-feature Cisco IOS software Banyan VINES support on a per-VLAN basis, allowing standard Banyan VINES capabilities to be configured on VLANs.
Cisco now supports fast switching of incoming and outgoing DECnet and CLNS packets over PPP.
DECnet can now be routed over virtual LAN (VLAN) subinterfaces using the ISL VLAN encapsulation protocols. The DECnet Routing over ISL Virtual LANs feature provides full-feature Cisco IOS software DECnet support on a per-VLAN basis, allowing standard DECnet capabilities to be configured on VLANs.
IP policy routing can now be fast-switched. Prior to this feature, policy routing could only be process switched, which meant that on most platforms, the switching rate was approximately 1,000 to 10,000 packets per second. This was not fast enough for many applications. Users who need policy routing to occur at faster speeds can now implement policy routing without slowing down the router.
The IPX Routing over ISL Virtual LANs (VLANs) feature extends Novell NetWare routing capabilities to include support for routing all standard IPX encapsulations for Ethernet frame types in VLAN configurations. Users with Novell NetWare environments can now configure any one of the four IPX Ethernet encapsulations to be routed using the Inter-Switch Link (ISL) encapsulation across VLAN boundaries. IPX encapsulation options now supported for VLAN traffic include:
With this feature, Inter-Switch Link (ISL) encapsulated IP packets can be switched on Versatile Interface Processor (VIP) controllers installed on Cisco 7500 series routers.
VIP distributed switching offloads switching of ISL VLAN IP traffic to the VIP card, removing involvement from the main CPU. Offloading ISL traffic to the VIP card, significantly improves networking performance. Because you can install multiple VIP cards in a router, VLAN routing capacity is increased linearly according to the number of installed VIP cards.
XNS can now be routed over virtual LAN (VLAN) subinterfaces using the ISL VLAN encapsulation protocol. The XNS Routing over ISL Virtual LANs feature provides full-feature Cisco IOS software XNS support on a per-VLAN basis, allowing standard XNS capabilities to be configured on VLANs.
This section describes the terminal services software features that are new in the initial release of Cisco IOS Release 11.3.
Beginning with Cisco IOS Release 11.2, virtual interfaces can be configured independently of any physical interface and applied dynamically, as needed, to create virtual access interfaces. When a user dials in, a predefined configuration template is used to configure a virtual access interface; when the user is done, the virtual access interface is torn down and the resources are freed for other dial-in uses.
This feature provides a generic service that can be used to apply predefined configurations (virtual interface templates) in creating and freeing virtual access interfaces on the fly, as needed. Virtual interface templates and virtual access interfaces are basically serial interfaces with no hardware associations; they are created and freed as needed. The virtual interface template service provides the following benefits to customers with large numbers of dial-in users:
Cisco IOS software Release 11.3 enables you to simplify the process of configuring protocol translation to tunnel PPP or SLIP across X.25, TCP, and LAT networks. It does so by providing virtual template interfaces that you can configure independently and apply to any protocol translation configuration. You can configure virtual interface templates for one-step and two-step protocol translation.
Before virtual templates were implemented, you enabled asynchronous protocol functions on VTY lines by creating virtual asynchronous interfaces rather than virtual access interfaces. (For one-step translation, you did so by specifying ppp or slip as outgoing options in the translate command. For two-step translation, you did so by specifying the vty-async command.) The differences between virtual asynchronous interfaces and virtual access interfaces are as follows:
Virtual access interfaces replace virtual asynchronous interfaces for both one-step and two-step translation.
This section describes the WAN optimization software features that are new in the initial release of Cisco IOS Release 11.3.
The Cisco AAL5 MIB adds a proprietary extension to the standard ATM MIB (RFC 1695) to provide per-VC statistic counters that are currently displayed in response to the Cisco IOS show atm vc vcd command for ATM interfaces. This MIB extension allows SNMP network management system applications to query the same variables (SNMP objects) as those that can be gathered from the Cisco IOS command line interface.
Cisco's implementation of packet assembler/disassembler (PAD) has been enhanced:
This feature allows you to append a specified value to an X.121 calling address, if the X.121 calling address is not sufficient to identify the source of a call. PAD subaddressing allows you to create unique X.121 calling addresses by including either a physical port number or a value specified for a line as a subaddress to the X.121 calling address.
PAD subaddressing enables an X.25 host application to uniquely identify the source of an X.121 call. For example, in some bank security alarm applications, the central alarm host identifies the physical location of the alarm units from subaddressing information contained in the Call Request packet.
This section describes the WAN services software features that are new in the initial release of Cisco IOS Release 11.3.
The Bandwidth Allocation Control Protocol (BACP), described in RFC 2125, provides Multilink PPP peers with the ability to govern link utilization. Once peers have successfully negotiated BACP, they can use the Bandwidth Allocation Protocol (BAP), which is a subset of BACP, to negotiate bandwidth allocation. BAP provides a set of rules governing dynamic bandwidth allocation through call control; a defined method for adding and removing links from a multilink bundle for Multilink PPP is used. The addition of any link to an existing multilink bundle is controlled by a BAP call or callback request message, and the removal of a link can be controlled by a link drop message.
BACP is designed to operate in both the virtual interface environment and the dialer interface environment. It can operate over any physical interface that is PPP multilink capable and has a dial capability; at initial release, BACP supports ISDN and asynchronous serial interfaces.
BACP provides the following benefits:
The Enhanced Local Management Interface feature provides an enhancement to the Frame Relay LMI protocol. Enhanced Local Management Interface enables automated exchange of Frame Relay QoS parameter information between the Cisco router and the Cisco StrataCom switch. Routers can base congestion management and prioritization decisions on known QoS values, such as the Committed Information Rate (CIR), Committed Burst Size (Bc), and Excess Burst Size (Be). The router senses Quality of Service (QoS) values from the switch and can be configured to use those values in traffic shaping. This enhancement works between Cisco routers and Cisco StrataCom switches (BPX/AXIS and IGX platforms).
The Frame Relay Enhancements introduced with this feature include:
Frame Relay compression can now occur on the VIP board, on the CSA, or on the main CPU of the router. FRF.9 is standard-based and therefore provides multivendor compatibility. FRF.9 compression uses higher compression ratios, allowing more data to be compressed for faster transmission.
The CSA hardware has been in use on the Cisco 7200 series and Cisco 7500 series platforms, but it has had no support for Frame Relay compression. FRF.9 compression provides the ability to maintain multiple decompression/compression histories on a per-DLCI basis.
The Cisco Frame Relay MIB adds proprietary extensions to the standard Frame Relay MIB (RFC 1315). It provides additional link-level and virtual circuit-level information and statistics that are mostly specific to Cisco Frame Relay implementation. This MIB provides SNMP network management access to most of the information covered by the show frame-relay commands, such as, show frame-relay lmi, show frame-relay pvc, show frame-relay map, and show frame-relay svc.
ForeSight is the network traffic control software used in Cisco StrataCom switches. The Cisco StrataCom Frame Relay switch can extend ForeSight messages over a User-to-Network Interface (UNI), passing the backward congestion notification for virtual circuits. The Router ForeSight feature allows Cisco Frame Relay routers to process and react to ForeSight messages and adjust virtual circuit level traffic shaping in a timely manner.
The Router Foresight feature must be configured explicitly on both the Cisco router and the Cisco StrataCom switch. When ForeSight is enabled, a ForeSight message is sent out periodically based the configured time interval, which can range form 40 to 5000 milliseconds. The time interval between the ForeSight messages is set during configuration of the StrataCom switch. Refer to the appropriate StrataCom documentation for details of configuring this feature.
When a Cisco router receives a ForeSight message indicating that certain Data Link Connection Identifiers (DLCIs) are experiencing congestion, the Cisco router reacts by activating its traffic shaping function to slow down the output rate. The router reacts as it would if it were to detect the congestion by receiving a packet with the backward explicit congestion notification (BECN) bit set.
The difference between the BECN and ForeSight methods is that BECN requires a user packet to be sent in the direction of the congested DLCI to convey the signal. The sending of user packets is not predictable and, therefore, not reliable as a notification mechanism. Rather than waiting for user packets to provide the congestion notification, timed ForeSight messages guarantee that the router receives notification before congestion becomes a problem. Traffic can be slowed down in the direction of the congested DLCI.
The Frame Relay Router ForeSight feature provides an improved mechanism for managing network traffic. It provides these benefits:
The ISDN Advice of Charge (AOC) feature is for ISDN PRI NET5 and ISDN BRI NET3 switch types only. This feature allows users to obtain charging information for all calls during the call (AOC-D) or at the end of the call (AOC-E) or both. Users must have subscribed through their local ISDN network for the ISDN services (AOC-D or AOC-E). No router configuration changes are required to retrieve this call charging information.
The ISDN AOC feature also supports, for the AOC-D service, an optional configurable short-hold mode which provides a dynamic idle timeout by measuring the call charging period, based on the frequency of the AOC-D or the AOC-E message from the network. The short-hold mode idle time will do the following:
Call accounting information for AOC-D and AOC-E messages is stored in SNMP MIB objects. This feature can allow users to track call costs and to control and possibly reduce tariff charges through the use of the short-hold mode option.
The ISDN caller ID callback feature allows the initial incoming call from the client to the server to be rejected based on the caller ID message contained in the ISDN setup message, and allows a callback to be initiated to the calling destination. In Cisco IOS Release 11.2, ISDN callback functionality required PPP or Combinet Packet Protocol (CPP) client authentication and client-server callback negotiation to proceed.
If authentication and callback negotiation were successful, the callback server had to disconnect the call and then place a return call. Both the initial call and the return call were subject to tolls, and when service providers charge by the minute, even brief calls could be expensive. This feature is independent of the encapsulation in effect and can be used with various encapsulations, such as PPP, HDLC, Frame Relay, and X.25.
ISDN Non-Facility Associated Signaling (NFAS) allows a single D channel to control multiple PRI interfaces. A backup D channel can also be configured for use when the primary NFAS D channel fails. Use of a single D channel to control multiple PRI interfaces can free B channel on each interface to carry other traffic. Once the controllers are configured, only the NFAS primary D channel must be configured; its configuration is distributed to all the members of the associated NFAS group.
This feature allows you to limit debug messages to those related to a particular subinterface. Some debug commands generate a large amount of output; by restricting output to information on a particular subinterface, you can reduce the number of debug messages generated.
Cisco routers now fast switch Layer 2 Forwarding (L2F) traffic. In stack group environments in which some L2F traffic is offloaded to a powerful router, fast switching provides improved scalability.
In Cisco IOS Release 11.2, leased-line service at 64 kbps via ISDN BRI is provided in Japan and Germany. In Cisco IOS Release 11.3, leased line service at 128 kbps via ISDN BRI is provided in Japan. This service combines two B channels into a single pipe.
Interleaving on Multilink PPP allows large packets to be multilink encapsulated and fragmented into a small enough size to satisfy the delay requirements of real-time traffic; small real-time packets are not multilink encapsulated and are transmitted between fragments of the large packets. The interleaving feature also provides a special transmit queue for the smaller, delay-sensitive packets, enabling them to be transmitted earlier than other flows.
Weighted fair-queuing on Multilink PPP works on the packet level, not at the level of multilink fragments. Thus, if a small real-time packet gets queued behind a larger best-effort packet and no special queue has been reserved for real-time packets, the small packet will be scheduled for transmission only after all the fragments of the larger packet are scheduled for transmission.
Weighted fair-queuing is now supported on all interfaces that support Multilink PPP, including Multilink PPP virtual access interfaces and virtual interface templates. Weighted fair-queuing is enabled by default.
Fair-queuing on Multilink PPP overcomes a prior restriction. Previously, fair-queuing was not allowed on virtual access interfaces and virtual interface templates. Interleaving provides the delay bounds for delay-sensitive voice packets on a slow link that is used for other best-effort traffic.
This feature enables a high-capacity central site router with an Asynchronous Transfer Mode (ATM) interface to terminate multiple Point-to-Point Protocol (PPP) connections. These PPP connections are typically received from remote branch offices that have PPP-compatible devices interconnecting directly to StrataCom ATM Switch Interface Shelf (AXIS) equipment through a leased-line connection.
A logical interface known as a virtual access interface associates each PPP connection to an ATM permanent virtual circuit (PVC). This configuration allows the PPP protocol to terminate at the router ATM interface as if received from a typical PPP serial interface. Each PPP connection is encapsulated in a separate ATM PVC, which acts as the physical medium over which PPP frames are transported.
The virtual access interface for each PVC obtains its configuration from a virtual template when the PVC is created. All PPP parameters are managed within the virtual template configuration. Multiple virtual access interfaces can spawn from a single virtual template, hence multiple PVCs can use a single virtual template.
The virtual access interface remains associated with a PVC as long as the PVC is configured. Once the PVC is deconfigured, the virtual access interface is marked as deleted. Shutting down the associated ATM interface also causes the virtual access interface to be marked as down (within 10 seconds), bringing the PPP connection down. If a keepalive timer of the virtual template is set on the interface, the virtual access interface uses the PPP echo mechanism to verify the existence of the remote peer. If an interface failure is detected and the PPP connection is brought down, the virtual access interface remains up.
This feature is ideally suited for enterprise customers or customers who use Cisco StrataCom ATM switches to access wide-area networks (WANs) or public ATM networks, such as organizations with many remote branch offices requiring access to high-density corporate headquarters.
The Telnet Extensions for Dialout feature is the network access server component of the Cisco DialOut Utility, which enables local users to send faxes or connect to services outside the LAN by using modems attached (or internal) to a network access server. This feature extends the functionality of Telnet by enabling users to control the activity of these modems from their desktop computers using standard communications software. Because the Telnet Extensions for Dialout feature works in conjunction with the client/desktop Cisco DialOut Utility, it is not a standalone feature. It enables the network access server to interface with the client/desktop component of the Cisco DialOut Utility. The client/desktop component of Cisco DialOut Utility must be installed on the client workstation before this feature can be used.
Telnet extensions allow the communications software running on the client's desktop computer to control modem settings, such as baud rate, parity, bit size, and stop bits. In addition, these extensions allow the network access server to return Carrier Detect signals to the communications software so that the software can determine when to start dialing a particular number.
The Telnet Extensions for Dialout feature uses reverse Telnet to access modems attached to the network access server. To enable this feature, you only need to configure the access server or router for reverse Telnet and configure the appropriate lines to both send and receive calls.
The network service provider can select a specific VPDN tunnel for outgoing calls from a dial-in user by using the Dialed Number Information Service (DNIS) information provided on ISDN lines. The ability to select a tunnel based on DNIS provides additional flexibility to network service providers who offer VPDN services and to the corporations that use the services. Instead of having to use only the domain name for tunnel selection, tunnel selection can be based on the dialed number.
With this feature, a corporation--which might have only one domain name--can provide multiple specific phone numbers for users to dial in to the network access server at the service provider's point of presence. The service provider can select the tunnel to the appropriate services or portion of the corporate network based on the dialed number.
Cisco's X.25 offerings have been restructured to meet additional design goals that include greater modularity and consistent availability of X.25 services to the code that uses them. The following have been updated:
Basic Rate Interface (BRI) is an Integrated Systems Digital Network (ISDN) interface, and it consists of two B channels (B1 and B2) and one D channel. The B channels are used to transfer data, voice, and video. The D channel controls the B channels.
ISDN uses the D channel to carry signal information. ISDN can also use the D channel in a BRI to carry X.25 packets. The D channel has a capacity of 16 kbps, and the X.25 over D channel can utilize up to 9.6 kbps.
This feature allows you to set the parameters of the X.25-over-D-channel interface without disrupting the original ISDN interface configuration. In a normal ISDN BRI interface, the D and B channels are bundled together and represented as a single interface. The original BRI interface will continue to represent the D, B1, and B2 channels.
Because some end-user equipment uses static terminal endpoint identifiers (TEIs) to access this feature, static TEIs are supported. The dialer understands the X.25-over-D-channel calls and initiates them on a new interface.
X.25 traffic over the D channel can be used as a primary interface where low-volume, sporadic interactive traffic is the normal mode of operation. Supported traffic includes IPX, AppleTalk, transparent bridging, XNS, DECnet, and IP.
This feature allows X.25 switching between PVCs and SVCs. Previously, X.25 switching was permitted only between circuits of the same type. Traffic that entered the router over a switched virtual circuit (SVC) could be forwarded only to another SVC. Likewise, traffic that entered the router over a permanent virtual circuit (PVC) could be forwarded only to another PVC. This feature allows switching between the two circuit types.
The Cisco IOS software provides an X.28 user emulation mode, which enables you to interact and control the PAD. During an exchange of control information, messages or commands sent from the terminal to the PAD are called PAD command signals. Messages sent from the PAD to the terminal are called PAD service signals. These signals and any transmitted data take the form of encoded character streams as defined by International Alphabet Number 5.
For asynchronous devices such as a terminals or modems to access an X.25 network host, the device's packets must be assembled or disassembled by a PAD device. Using standard X.28 commands from the PAD, calls can be made into an X.25 network, X.3 PAD parameters can be set, or calls can be reset. There are 22 available X.3 PAD parameters to configure. These parameters can also be set by a remote X.25 host using X.29. Cisco's new X.28 PAD implementation enables users to access X.25 networks or set PAD parameters using the X.28 standard user interface. This standard interface is common in many European countries and adheres to the X.25 International Telecommunication Union Telecommunication (ITU-T) standards.
The new X.28 interface is designed for asynchronous devices that require X.25 transport to access a remote or native asynchronous or synchronous host application. Applications such as dial-up users accessing a remote X.25 host can use the X.28 interface. For example, banks implement Cisco routers to support back office applications, ATMs, point of sales authorization devices, and alarm systems. These alarm devices are connected asynchronously to the same Cisco router and report alarm conditions to a remote alarm host for the dispatch of police. Cisco's X.28 PAD calls can be transported over a public packet network, a private X.25 network, the Internet, a private IP based network, or a Frame Relay network. With this new service, Cisco now offers the flexibility to use either the X.28 interface directly or over a Cisco IOS application service such as protocol translation. The protocol translation VTY asynchronous application enables users to bidirectionally access an X.25 application with the PAD service or protocols such as Digital Equipment Corporation (DEC), local-area transport (LAT), and TCP.
The Cisco IOS software is packaged into "feature sets" (also called "software images"). There are many different feature sets available, and each feature set contains a specific subset of Cisco IOS features. Table 4 provides a matrix of the new feature set organization and shows which feature sets are available on the Cisco 2500 series routers and access servers. These feature sets only apply to Cisco IOS Release 11.3T.
The tables use the following conventions to identify feature sets:
Cisco IOS images with strong encryption (including, but not limited to, 56-bit DES) are subject to U.S. government export controls and have a limited distribution. Images to be installed outside the U.S. require an export license. Customer orders may be denied or subject to delay due to U.S. government regulations. Contact your sales representative or distributor for more information, or send e-mail to export@cisco.com.
| Feature Set | Cisco 25001 Platform |
|---|---|
| IP | Yes |
| IP Plus | Yes |
| IP Plus 40 | Yes |
| IP Plus 56 | Yes |
| IP 40 | No |
| IP 56 | No |
| IP/IPX | No |
| IP/IPX Plus | No |
| IP/IPX/AT | No |
| IP/IPX/AT Plus | No |
| IP/IPX/AT Plus 40 | No |
| IP/IPX/AT Plus 56 | No |
| IP/ASYNC | No |
| IP/IPX/ASYNC | No |
| IP/OSPF/PIM | No |
| IP/IPX/AT/IBM | No |
| IP/IPX/AT/IBM Plus | No |
| IP/IPX/AT/IBM Plus 40 | No |
| IP/IPX/AT/IBM Plus 56 | No |
| ISDN | Yes |
| Desktop | No |
| Desktop Plus | No |
| Desktop IBM | No |
| Desktop IBM 40 | No |
| Desktop IBM 56 | No |
| ATM Cable Interface Processor | No |
| IP/IPX/AT/DEC | Yes |
| IP/IPX/AT/DEC Plus | Yes |
| Enterprise | No |
| Enterprise Plus | Yes |
| Enterprise Plus 40 | Yes |
| Enterprise 40 | No |
| Enterprise Plus 56 | Yes |
| Enterprise 56 | No |
| Enterprise APPN | No |
| Enterprise APPN Plus | Yes |
| Enterprise APPN Plus 40 | Yes |
| Enterprise APPN Plus 56 | Yes |
| Enterprise APPN 40 | No |
| Enterprise APPN 56 | No |
| Remote Access Server | Yes |
| FRAD | Yes |
| LAN FRAD | Yes |
| Netflow Layer 3 Switching | No |
To determine what features are available with each feature set, see Table 5 through Table 7. The tables summarize what features you can use when running a specific feature set on the Cisco 2500 series for Cisco IOS Release 11.3T. The feature set tables use the following symbol conventions to identify features:
| Feature Set | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Feature | IP | IP Plus | IP Plus 40 | IP Plus 56 | ISDN | IP/IPX/ AT/ DEC | IP/IPX/ AT/ DEC Plus | Enter- prise Plus | Enter- prise Plus 40 | Enter- prise Plus 56 |
| IBM Support | ||||||||||
| APPN High Performance Routing | No | No | No | No | No | No | No | No | No | No |
| APPN MIB Enchancements | No | No | No | No | No | No | No | No | No | No |
| APPN over Ethernet LAN Emulation | No | No | No | No | No | No | No | No | No | No |
| APPN Scalability Enhancements | No | No | No | No | No | No | No | No | No | No |
Bisync Enhancements, includes:
|
No | Yes | Yes | Yes | No | No | Yes | Yes | Yes | Yes |
| Cisco MultiPath Channel (CMPC) | No | No | No | No | No | No | No | No | No | No |
DLSw+ Enhancements, includes:
|
No | Yes | Yes | Yes | No | No | Yes | Yes | Yes | Yes |
FRAS Enhancements, includes:
|
No | Yes | Yes | Yes | No | No | Yes | Yes | Yes | Yes |
| SRB over FDDI on Cisco 4000-M, 4500-M, and 4700-M Routers | No | No | No | No | No | No | No | No | No | No |
| TN3270 LU Nailing | No | No | No | No | No | No | No | No | No | No |
| TN3270 Server Enhancements | No | No | No | No | No | No | No | No | No | No |
| Token Ring LANE | No | No | No | No | No | No | No | No | No | No |
| Tunneling of Asynchronous Security Protocols | No | Yes | Yes | Yes | No | No | Yes | Yes | Yes | Yes |
| Internet | ||||||||||
| DRP Server Agent | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| IP Routing | ||||||||||
| Easy IP (Phase 1) | No | Yes | Yes | Yes | No | No | Yes | Yes | Yes | Yes |
| Hot Standby Router Protocol (HSRP) over ISL in Virtual LAN Configurations | No | No | No | No | No | No | No | No | No | |
| IP Enhanced IGRP Route Authentication | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
TCP Enhancements, includes:
|
No | No | No | No | No | No | Yes | Yes | Yes | |
| LAN Support | ||||||||||
| AppleTalk Access List Enhancements | No | No | No | No | No | Yes | Yes | Yes | Yes | Yes |
| DECnet Accounting | No | No | No | No | No | Yes | Yes | Yes | Yes | Yes |
| IPX Named Access Lists | No | No | No | No | Yes | Yes | Yes | Yes | Yes | Yes |
| IPX SAP-after-RIP | No | No | No | No | Yes | Yes | Yes | Yes | Yes | Yes |
| NLSP Enhancements | No | No | No | No | No | Yes | Yes | Yes | Yes | Yes |
| NLSP Multicast Support | No | No | No | No | No | Yes | Yes | Yes | Yes | Yes |
| Management | ||||||||||
| Cisco Call History MIB Command Line Interface | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Cisco IOS Internationalization | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Entity MIB, Phase 1 | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| SNMP Inform Requests | No | No | No | No | No | No | No | Yes | Yes | Yes |
| Virtual Profiles | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Multimedia | ||||||||||
| IP Multicast Load Splitting across Equal-Cost Paths | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| IP Multicast over ATM Point-to-Multipoint Virtual Circuits | No | No | No | No | No | No | No | No | No | No |
| IP Multicast over Token Ring LANs | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Stub IP Multicast Routing | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Quality of Service | ||||||||||
| RTP Header Compression | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes |
| Security | ||||||||||
| Double Authentication | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Encrypted Kerberized Telnet | No | No | No | No | No | No | No | No | No | Yes |
| HTTP Security | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Per-User Configuration | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Reflexive Access Lists | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes |
| TCP Intercept | No | No | No | No | No | No | Yes | Yes | Yes | |
| Vendor-Proprietary RADIUS Attributes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Switching | ||||||||||
| AppleTalk Routing over ISL and IEEE 802.10 in Virtual LANs | No | No | No | No | No | No | No | No | No | No |
| CLNS and DECnet Fast Switching over PPP | No | No | No | No | No | No | No | Yes | Yes | Yes |
DECnet/Vines/XNS over ISL, includes:
|
No | No | No | No | No | No | No | No | No | No |
| Fast-Switched Policy Routing | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| IPX Routing over ISL Virtual LANs | No | No | No | No | No | No | No | No | No | No |
| VIP Distributed Switching Support for IP Encapsulated in ISL | No | No | No | No | No | No | No | No | No | No |
| Terminal Services | ||||||||||
| Virtual Interface Template Service | No | No | No | No | No | No | No | No | No | No |
| Virtual Templates for Protocol Translation | No | No | No | No | No | No | No | Yes | Yes | Yes |
| WAN Optimization | ||||||||||
| ATM MIB Enhancements | No | No | No | No | No | No | No | No | No | No |
| PAD Enhancements | No | No | No | No | No | No | No | Yes | Yes | Yes |
| PAD Subaddressing | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes |
| WAN Services | ||||||||||
| Bandwidth Allocation Control Protocol | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes |
| Enhanced Local Management Interface (ELMI) | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes |
| Frame Relay Enhancements | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Frame Relay MIB Extensions | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes |
| Frame Relay Router ForeSight | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes |
| ISDN Advice of Charge | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| ISDN Caller ID Callback | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| ISDN NFAS | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| LANE Per-subinterface Debug Messages | No | No | No | No | No | No | No | No | No | No |
| Layer 2 Forwarding--Fast Switching | No | Yes | Yes | Yes | No | No | Yes | Yes | Yes | Yes |
| Leased Line ISDN at 128 kbps | No | No | No | No | No | No | No | No | No | No |
| Multilink PPP Interleaving and Fair-Queuing Support | No | No | No | No | No | No | No | No | No | No |
| PPP over ATM | No | No | No | No | No | No | No | No | No | No |
| Telnet Extensions for Dialout | No | No | No | No | No | No | No | No | No | No |
| VPDN Tunnel Lookup Based on Dialed Number Information | No | No | No | No | No | No | No | No | No | No |
| X.25 Enhancements | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes |
| X.25 on ISDN | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes |
| X.25 Switching between PVCs and SVCs | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes |
| X.28 Emulation | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes |
| Feature Set | |||||||
|---|---|---|---|---|---|---|---|
| Feature | Enterprise/ APPN Plus | Enterprise/ APPN Plus 40 | Enterprise/ APPN Plus 56 | Remote Access Server | FRAD | LAN FRAD | LAN FRAD/OSPF |
| IBM Support | |||||||
| APPN High Performance Routing | Yes | Yes | Yes | No | No | No | No |
| APPN MIB Enchancements | Yes | Yes | Yes | No | No | No | No |
| APPN over Ethernet LAN Emulation | Yes | Yes | Yes | No | No | No | No |
| APPN Scalability Enhancements | Yes | Yes | Yes | No | No | No | No |
Bisync Enhancements, includes:
|
Yes | Yes | Yes | No | Yes | Yes | Yes |
| Cisco MultiPath Channel (CMPC) | No | No | No | No | No | No | No |
DLSw+ Enhancements, includes:
|
Yes | Yes | Yes | No | No | No | No |
FRAS Enhancements, includes:
|
Yes | Yes | Yes | No | No | No | No |
| SRB over FDDI on Cisco 4000-M, 4500-M, and 4700-M Routers | No | No | No | No | No | No | No |
| TN3270 LU Nailing | No | No | No | No | No | No | No |
| TN3270 Server Enhancements | No | No | No | No | No | No | No |
| Token Ring LANE | No | No | No | No | No | No | No |
| Tunneling of Asynchronous Security Protocols | Yes | Yes | Yes | No | Yes | Yes | Yes |
| Internet | |||||||
| DRP Server Agent | Yes | Yes | Yes | No | No | No | No |
| IP Routing | |||||||
| Easy IP (Phase 1) | Yes | Yes | Yes | No | No | No | No |
| Hot Standby Router Protocol (HSRP) over ISL in Virtual LAN Configurations | No | No | No | No | No | No | No |
| IP Enhanced IGRP Route Authentication | Yes | Yes | Yes | Yes | No | No | No |
TCP Enhancements, includes:
|
Yes | Yes | Yes | No | No | No | No |
| LAN Support | |||||||
| AppleTalk Access List Enhancements | Yes | Yes | Yes | No | No | No | No |
| DECnet Accounting | Yes | Yes | Yes | No | No | No | No |
| IPX Named Access Lists | Yes | Yes | Yes | Yes | No | Yes | Yes |
| IPX SAP-after-RIP | Yes | Yes | Yes | Yes | No | Yes | No |
| NLSP Enhancements | Yes | Yes | Yes | No | No | No | No |
| NLSP Multicast Support | Yes | Yes | Yes | No | No | No | No |
| Management | |||||||
| Cisco Call History MIB Command Line Interface | Yes | Yes | Yes | No | No | No | No |
| Cisco IOS Internationalization | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Entity MIB, Phase 1 | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| SNMPv2C | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| SNMP Inform Requests | Yes | Yes | Yes | No | No | No | No |
| Virtual Profiles | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Multimedia | |||||||
| IP Multicast Load Splitting across Equal-Cost Paths | Yes | Yes | Yes | Yes | No | No | No |
| IP Multicast over ATM Point-to-Multipoint Virtual Circuits | No | No | No | No | No | No | No |
| IP Multicast over Token Ring LANs | Yes | Yes | Yes | Yes | No | No | No |
| Stub IP Multicast Routing | Yes | Yes | Yes | Yes | No | No | No |
| Quality of Service | |||||||
| RTP Header Compression | Yes | Yes | Yes | Yes | No | No | No |
| Security | |||||||
| Double Authentication | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Encrypted Kerberized Telnet | No | No | Yes | No | No | No | No |
| HTTP Security | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Per-User Configuration | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Reflexive Access Lists | Yes | Yes | Yes | Yes | No | No | No |
| TCP Intercept | Yes | Yes | Yes | No | No | No | No |
| Vendor-Proprietary RADIUS Attributes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Switching | |||||||
| AppleTalk Routing over ISL and IEEE 802.10 in Virtual LANs | No | No | No | No | No | No | No |
| CLNS and DECnet Fast Switching over PPP | Yes | Yes | Yes | No | No | No | No |
DECnet/Vines/XNS over ISL, includes:
|
No | No | No | No | No | No | No |
| Fast-Switched Policy Routing | Yes | Yes | Yes | Yes | No | No | No |
| IPX Routing over ISL Virtual LANs | No | No | No | No | No | No | No |
| VIP Distributed Switching Support for IP Encapsulated in ISL | No | No | No | No | No | No | No |
| Terminal Services | |||||||
| Virtual Interface Template Service | No | No | No | No | No | No | No |
| Virtual Templates for Protocol Translation | Yes | Yes | Yes | Yes | No | No | No |
| WAN Optimization | |||||||
| ATM MIB Enhancements | No | No | No | No | No | No | No |
| PAD Enhancements | Yes | Yes | Yes | Yes | No | No | No |
| PAD Subaddressing | Yes | Yes | Yes | Yes | No | No | No |
| WAN Services | |||||||
| Bandwidth Allocation Control Protocol | Yes | Yes | Yes | No | No | No | No |
| Enhanced Local Management Interface (ELMI) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Frame Relay Enhancements | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Frame Relay MIB Extensions | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Frame Relay Router ForeSight | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| ISDN Advice of Charge | Yes | Yes | Yes | No | No | No | No |
| ISDN Caller ID Callback | Yes | Yes | Yes | No | No | No | No |
| ISDN NFAS | Yes | Yes | Yes | No | No | No | No |
| LANE Per-subinterface Debug Messages | No | No | No | No | No | No | No |
| Layer 2 Forwarding--Fast Switching | Yes | Yes | Yes | Yes | No | No | No |
| Leased Line ISDN at 128 kbps | No | No | No | No | No | No | No |
| Multilink PPP Interleaving and Fair-Queuing Support | No | No | No | No | No | No | No |
| PPP over ATM | No | No | No | No | No | No | No |
| Telnet Extensions for Dialout | No | No | No | No | No | No | No |
| VPDN Tunnel Lookup Based on Dialed Number Information | No | No | No | No | No | No | No |
| X.25 Enhancements | Yes | Yes | Yes | Yes | No | No | No |
| X.25 on ISDN | Yes | Yes | Yes | No | No | No | No |
| X.25 Switching between PVCs and SVCs | Yes | Yes | Yes | Yes | No | No | No |
| X.28 Emulation | Yes | Yes | Yes | Yes | No | No | No |
| Feature Set | |||
|---|---|---|---|
| Feature | FRAD | LANFRAD | LANFRAD/OSPF |
| IBM Support | |||
| APPN High Performance Routing | No | No | No |
| APPN MIB Enchancements | No | No | No |
| APPN over Ethernet LAN Emulation | No | No | No |
| APPN Scalability Enhancements | No | No | No |
Bisync Enhancements, includes:
|
Yes | Yes | Yes |
| Cisco MultiPath Channel (CMPC) | No | No | No |
DLSw+ Enhancements, includes:
|
No | No | No |
FRAS Enhancements, includes:
|
No | No | No |
| SRB over FDDI on Cisco 4000-M, 4500-M, and 4700-M Routers | No | No | No |
| TN3270 LU Nailing | No | No | No |
| TN3270 Server Enhancements | No | No | No |
| Token Ring LANE | No | No | No |
| Tunneling of Asynchronous Security Protocols | Yes | Yes | Yes |
| Internet | |||
| DRP Server Agent | No | No | No |
| IP Routing | |||
| Easy IP (Phase 1) | No | No | No |
| Hot Standby Router Protocol (HSRP) over ISL in Virtual LAN Configurations | No | No | No |
| IP Enhanced IGRP Route Authentication | Yes | Yes | No |
TCP Enhancements, includes:
|
No | No | No |
| LAN Support | |||
| AppleTalk Access List Enhancements | No | No | No |
| DECnet Accounting | No | No | No |
| IPX Named Access Lists | No | Yes | Yes |
| IPX SAP-after-RIP | No | Yes | No |
| NLSP Enhancements | No | No | No |
| NLSP Multicast Support | No | No | No |
| Management | |||
| Cisco Call History MIB Command Line Interface | No | No | No |
| Cisco IOS Internationalization | No | No | No |
| Entity MIB, Phase 1 | Yes | Yes | Yes |
| SNMPv2C | Yes | Yes | Yes |
| Virtual Profiles | Yes | Yes | Yes |
| Multimedia | |||
| IP Multicast Load Splitting across Equal-Cost Paths | No | No | No |
| IP Multicast over ATM Point-to-Multipoint Virtual Circuits | No | No | No |
| IP Multicast over Token Ring LANs | No | No | No |
| Stub IP Multicast Routing | No | No | No |
| Quality of Service | |||
| RTP Header Compression | No | No | No |
| Security | |||
| Double Authentication | Yes | Yes | Yes |
| Encrypted Kerberized Telnet | No | No | No |
| HTTP Security | No | No | No |
| Per-User Configuration | Yes | Yes | Yes |
| Reflexive Access Lists | No | No | No |
| TCP Intercept | No | No | No |
| Vendor-Proprietary RADIUS Attributes | Yes | Yes | Yes |
| Switching | |||
| AppleTalk Routing over ISL and IEEE 802.10 in Virtual LANs | No | No | No |
| CLNS and DECnet Fast Switching over PPP | No | No | No |
DECnet/Vines/XNS over ISL, includes:
|
No | No | No |
| Fast-Switched Policy Routing | No | No | No |
| IPX Routing over ISL Virtual LANs | No | No | No |
| VIP Distributed Switching Support for IP Encapsulated in ISL | No | No | No |
| Terminal Services | |||
| Virtual Interface Template Service | No | No | No |
| Virtual Templates for Protocol Translation | No | No | No |
| WAN Optimization | |||
| ATM MIB Enhancements | No | No | No |
| PAD Enhancements | No | No | No |
| PAD Subaddressing | No | No | No |
| WAN Services | |||
| Bandwidth Allocation Control Protocol | No | No | No |
| Enhanced Local Management Interface (ELMI) | Yes | Yes | Yes |
| Frame Relay Enhancements | Yes | Yes | Yes |
| Frame Relay MIB Extensions | Yes | Yes | Yes |
| Frame Relay Router ForeSight | Yes | Yes | Yes |
| ISDN Advice of Charge | No | No | No |
| ISDN Caller ID Callback | No | No | No |
| ISDN NFAS | No | No | No |
| LANE Per-subinterface Debug Messages | No | No | No |
| Layer 2 Forwarding--Fast Switching | No | No | No |
| Leased Line ISDN at 128 kbps | No | No | No |
| Multilink PPP Interleaving and Fair-Queuing Support | No | No | No |
| PPP over ATM | No | No | No |
| Telnet Extensions for Dialout | No | No | No |
| VPDN Tunnel Lookup Based on Dialed Number Information | No | No | No |
| X.25 Enhancements | No | No | No |
| X.25 on ISDN | No | No | No |
| X.25 Switching between PVCs and SVCs | No | No | No |
| X.28 Emulation | No | No | No |
If you are upgrading to Cisco IOS Release 11.3T from an earlier Cisco IOS software release, you should save your current configuration file before configuring your access server with the Cisco IOS Release 11.3T software. An unrecoverable error could occur during download or configuration.
Before downloading a software upgrade, read Product Bulletin #703, Cisco IOS Software Release Upgrade Paths and Packaging Simplification. The information in this bulletin supersedes the following instructions. This bulletin is located in the following locations on CCO and the Documentation CD-ROM:
For instructions on downloading a current Cisco IOS release from the CCO Trivial File Transfer Protocol (TFTP) server, go to the following URL. (This URL is subject to change without notice.)
http://www.cisco.com/kobayashi/sw-center
The Software Center window is displayed.
Step 1 Click Cisco IOS Software. The Cisco IOS Software window is displayed.
Step 2 Click Cisco IOS 11.3. The Cisco 11.3 Software Upgrade Planner window is displayed.
Step 3 Click Download Cisco IOS 11.3 Software. The Software Checklist window is displayed.
Step 4 Select the appropriate information in each section of the Software Checklist window.
Step 5 Click Execute. The software release is downloaded to your desktop computer.
Step 6 Transfer the software release to a local TFTP server on your network, using a terminal emulation application, such as TCP Connect.
Step 7 Log in to your router. Copy the software release from your TFTP server to your router, using the copy tftp command.
Table 8 through Table 10 describe the memory requirements for the Cisco 2500 series platform feature set supported by Cisco IOS Release 11.3T. Beginning with Cisco IOS Release 10.3, some software image sizes exceed 4 MB and, when compressed, exceed 2 MB. Also, some systems now require more than 1 MB of main system memory for data structure tables.
For Cisco routers to take advantage of the Release 11.3T features, you must upgrade the code or main system memory. Some platforms have specific chip or architecture requirements that affect what can be upgraded and in what increments.
| Platform/Feature Set | Minimum Required Code Memory | Required Main Memory | Release 11.3T Runs from |
|---|---|---|---|
| IP | 8 MB Flash | 4 MB DRAM | Flash |
| IP Plus | 8 MB Flash | 4 MB DRAM | Flash |
| IP Plus 40 | 8 MB Flash | 4 MB DRAM | Flash |
| IP 56 Plus | 8 MB Flash | 4 MB DRAM | Flash |
| ISDN | 8 MB Flash | 4 MB DRAM | Flash |
| IP/IPX/AT/DEC | 8 MB Flash | 4 MB DRAM | Flash |
| IP/IPX/AT/DEC Plus | 8 MB Flash | 6 MB DRAM | Flash |
| Enterprise Plus | 16 MB Flash | 6 MB DRAM | Flash |
| Enterprise Plus 40 | 16 MB Flash | 6 MB DRAM | Flash |
| Enterprise Plus 56 | 16 MB Flash | 6 MB DRAM | Flash |
| Enterprise/APPN Plus | 16 MB Flash | 8 MB DRAM | Flash |
| Enterprise/APPN Plus 40 | 16 MB Flash | 8 MB DRAM | Flash |
| Enterprise/APPN Plus 56 | 16 MB Flash | 8 MB DRAM | Flash |
| Remote Access Server (RAS) | 8 MB Flash | 4 MB DRAM | Flash |
| FRAD | 8 MB Flash | 4 MB DRAM | Flash |
| LANFRAD | 8 MB Flash | 4 MB DRAM | Flash |
| Cisco 2500 Fixed FRAD Series | |||
| FRAD | 8 MB Flash | 4 MB DRAM | Flash |
| LANFRAD | 8 MB Flash | 4 MB DRAM | Flash |
| Feature Set | Required Flash Memory | Required DRAM Memory | Release 11.3T Runs from1 |
|---|---|---|---|
| IP | 8 MB Flash | 4 MB DRAM | Flash |
| Remote Access Server | 8 MB Flash | 4 MB DRAM | Flash |
| Feature Set | Required Flash Memory | Required DRAM Memory | Release 11.3T Runs from1 |
|---|---|---|---|
| CFRAD | 4 MB Flash | 4 MB DRAM | Flash |
| LAN FRAD | 4 MB Flash | 4 MB DRAM | Flash |
| OSPF LAN FRAD | 4 MB Flash | 4 MB DRAM | Flash |
This section describes warnings and cautions about using the Cisco IOS Release 11.3T software. It discusses the following topics:
The Token Ring interface is reset whenever IPX routing is enabled on that interface.
Our implementation of AppleTalk does not forward packets with local-source and destination network addresses. This behavior does not conform to the definition of AppleTalk in Apple Computer's Inside AppleTalk publication. However, this behavior is designed to prevent any possible corruption of the AppleTalk Address Resolution Protocol (AARP) table in any AppleTalk node that is performing MAC-address gleaning.
Certain products containing the Texas Instruments TMS380C26 Token Ring controller do not support SRT. SRT is the concurrent operation of SRB and transparent bridging on the same interface.
The affected products, shipped between March 30, 1994, and January 16, 1995, are the Cisco 2502, Cisco 2504, Cisco 2510, Cisco 2512, Cisco 2513, and Cisco 2515. Units shipped before March 30, 1994, or after January 16, 1995, are not affected. They use the Texas Instruments TMS380C16 Token Ring controller, which supports SRT.
SRT support is necessary in two situations. In one, Token Ring networks are configured to SRB protocols such as SNA and NetBIOS, and they transparently bridge other protocols, such as IPX. In the other situation, SNA or NetBIOS uses SRB, and Windows NT is configured to use NetBIOS over IP. Certain other configuration alternatives do not require SRT (contact the Technical Assistance Center for more information).
As of Release 10.3(1), SRB in the following Cisco IOS feature sets is no longer supported: IP, IP/IPX, and Desktop. To use SRB, you need one of the following feature sets: IP/IBM base, IP/IPX/IBM base, IP/IPX/IBM/APPN, Desktop/IBM base, Enterprise, or Enterprise/APPN. In most non-IBM Token Ring environments, the multiring feature in IP, IP/IPX, and Desktop eliminates the need for IP/IBM base, IP/IPX/IBM base, IP/IPX/IBM/APPN, Desktop/IBM base, Enterprise, or Enterprise/APPN.
This section describes possibly unexpected behavior by Release 11.3(1)T. Unless otherwise noted, these caveats apply to all 11.3 and 11.3 T releases up to and including 11.3(1) and 11.3(1)T. The caveats listed here describe only the serious problems. For the complete list of caveats against Release 11.3, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" at the end of this document.
%CALLS_MGMT-1-CPM_Q_POOL: Cannot get memory for process watched queue entry
%CALLS_MGMT-1-CPM_Q_POOL: Cannot get memory for process watched queue entry
%CALLS_MGMT-1-CPM_Q_POOL: Cannot get memory for process watched queue entry
%CALLS_MGMT-1-CPM_Q_POOL: Cannot get memory for process watched queue entry %CALLS_MGMT-1-CPM_Q_POOL: Cannot get memory for process watched queue entry %CALLS_MGMT-1-CPM_Q_POOL: Cannot get memory for process watched queue entry %CALLS_MGMT-1-CPM_Q_POOL: Cannot get memory for process watched queue entry %CALLS_MGMT-1-CPM_Q_POOL: Cannot get memory for process watched queue entry
#show cont t1
T1 0 is up.
No alarms detected.
Version info of slot 0: HW: 1, Firmware: 13, NEAT PLD: 12, NR Bus PLD: 19
Framing is SF, Line Code is AMI, Clock Source is Line Primary.
Data in current interval (418 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Total Data (last 24 hours)
0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 1 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs Robbed bit signals state: timeslots rxA rxB txA txB
1 0 0 1 1
2 0 0 1 1
abort
crashdump
process_run_degraded_or_crash
process_ok_to_reschedule
process_suspend
process_may_suspend
doprintc
_doprnt
_slow_check
_etext
_check_access
_open_connection
_telnet_multiproto_open
_connect_multiproto
_connect_command
_parse_cmd
interface TokenRing0/0
ip address <ip-address>
multiring ip
source-bridge proxy-explorer
bad checksum not version 4, and bad TTL, are dropped aggressively to guard against bad IP packets spoofing. The show ip spd command displays whether aggressive mode is enabled or not. SPD random drop in RSP is supported.
%SCHED-2-WATCH: Attempt to enqueue uninitialized watched queue (address 0).
-Process= "<interrupt level", ipl= 1, pid= 2
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = Framer background [CSCdj04848]
%SYS-2-LINKED: Bad enqueue of 8F3288 in queue 9570C8
-Process= "LAPF Input", ipl= 6, pid= 36
-Traceback= EBE30 EAA88 4A73B4 4A8E10 [CSCdj29721]
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com. To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526-7208, or cs-rep@cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more up to date than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
|
|