Contents
1) Introduction: Cisco IOS Software Release 12.4T
1.2) Release 12.4T Additional Information
2) Release 12.4(20)T Highlights
2.1.2) Cisco IOS Content Filtering
2.1.3) VRF-Aware Cisco IOS Intrusion Prevention System (IPS)
2.1.4) User-based Cisco IOS Firewall
2.1.5) Application Inspection and Control for Simple Mail Transfer Protocol (SMTP)
2.1.6) Cisco IOS Firewall Support for Skinny Local Traffic
2.1.8) Cisco IOS Firewall H.323 Version 3 (v3) and Version 4 (v4) Support
2.1.10) Object Groups for Access Control Lists (ACL)
2.1.11) Cisco IOS SSL VPN Access Control Enhancements
2.1.12) Cisco IOS SSL VPN AnyConnect Client Support
2.1.13) Cisco IOS SSL VPN Back End HTTP Proxy
2.1.14) Cisco IOS SSL VPN Full-Tunnel Performance Enhancements
2.1.15) Cisco IOS SSL VPN URL Split Rewrite Support
2.1.16) Next Hop Resolution Protocol (NHRP) MIB for Dynamic Multipoint VPN (DMVPN)
2.1.17) IPv6 Over Dynamic Multipoint VPN (DMVPN) Support
2.1.18) Group Encrypted Transport (GET) VPN Support for VRF-Lite
2.1.19) Cisco Tunnel Control Protocol (cTCP) Support on Easy VPN Hardware Clients
2.1.20) IPSec Usability Enhancements
2.1.21) Secure Shell Protocol Version 2 (SSHv2) Feature Enhancements
2.1.22) Command Line Interface (CLI) for Displaying Certificates
2.1.23) CLI to Control Certification Revocation List (CRL) Cache
2.1.24) Secure Device Provisioning (SDP) Connect Template
2.2.1) Cisco Express Forwarding Scalability and Selective Rewrite (CSSR)
2.2.2) Network Time Protocol (NTP) Version 4
2.3.1) Cisco IOS MPLS Label Distribution Protocol (LDP) Enhancements
2.3.2) Cisco IOS MPLS Traffic Engineering and Resource Reservation Protocol (TE/RSVP)
2.4.1) Cisco IOS QoS: Hierarchical Queuing Framework (HQF)
2.4.2) Resource Reservation Protocol (RSVP) Penultimate Hop Overwrite
2.5.1) IPv6 VPN Provider Edge Router (6VPE) over MPLS
2.5.2) IPv6 Access Control List (ACL) enhancements for IPv6 IPSec Authentication Header (AH)
2.5.3) Mobile Network v6-Basic NEMO Support
2.6.1) Cisco IOS Service Diagnostics
2.6.2) Embedded Event Manager Version 2.4
2.6.3) Cisco IOS Embedded Packet Capture
2.6.4) Flexible NetFlow (FNF) Exporter-Outgoing Features Support
2.6.5) Flexible NetFlow for IPv6
2.6.6) Deprecating NetFlow for IPv6 Record
2.7.1) Cisco 1861 Integrated Services Router
2.7.2) Intrusion Prevention System (IPS) Advanced Integration Module
2.7.3) Cisco 860 and 880 Series Routers
2.7.4) Cisco Business-Class IAD880 Series Integrated Access Devices
2.8.1) Communications Manager Express (CME) 7.0 Voice Features
2.8.2) Survivable Remote Site Telephony 7.0 Voice Features
2.8.3) Cisco Unified Border Element (CUBE) 1.2
2.8.4) Voice Quality Improvements on Cisco VoIP Gateways
3) Release 12.4(15)T Highlights
3.1.1) Cisco IOS Intrusion Prevention System (IPS) Support for Microsoft Vulnerabilities
3.1.2) Flexible Packet Matching (FPM) Full Packet Filtering
3.1.3) Cisco IOS SSL VPN Enhancements
3.1.3.1) SSL VPN Clientless Performance Enhancements
3.1.3.2) SSL VPN GUI Enhancements
3.1.3.3) SSL VPN User-Level Bookmarking
3.1.3.4) Front door-VRF (fVRF) Support
3.1.4) Cisco IOS Software Support for AnyConnect VPN Client
3.1.5) Reverse Route Injection Distance Metric Enhancements
3.2.1) OSPF Mechanism to Exclude Connected Prefixes
3.2.2) Optimized Edge Routing (OER) Application Aware Routing
3.2.4) Bandwidth Call Admission Control (CAC) for IP Multicast
3.3.1) Gateway Load Balancing Protocol (GLBP) Client Cache
3.3.2) Dynamic Host Configuration Protocol (DHCP) Server Multiple Subnet
3.3.3) Hot Standby Routing Protocol (HSRP) Bidirectional Forwarding Detection (BFD) Peering
3.3.4) DHCPv6 Stateless Enhancements
3.4.1) Bidirectional Forward Detection (BFD) Support for Cisco Integrated Services Routers
3.5.1) Multiple PPP-over-Ethernet (PPPoE) Clients per VC Support
3.5.2) Layer 2 Tunneling Protocol (L2TP) Forwarding of PPPoE Tags
3.6) Management, Instrumentation, and User Interface
3.6.1) Cisco IOS Auto-Upgrade Manager
3.6.2) Cisco IOS Embedded Resource Manager
3.6.3) Toolkit Command Language (TCL) Signing
3.7.1) Mobile Ad Hoc Networking (MANET) Networking Enhancements for Router Radio Links
3.7.2) Access Point Link Role Flexibility
3.7.3) IP Pool Address Holdback Timer
3.8.1) Communications Manager Express (CME) 4.1 Voice Features
3.8.2) Survivable Remote Site Telephony 4.1 Voice Features
3.9.2) ATM T3/E3 for the Cisco 2800 and 3800 Series Integrated Services Router
3.9.3) HWIC-2SHDSL & HWIC-4SHDSL
3.9.5) USB eToken 64KB Enhancement
3.9.6) Boot from USB Flash Enhancement
4) Release 12.4(11)T Highlights
4.1.1) Cisco IOS SSL VPN Enhancements
4.1.2) SSL VPN Netegrity Single Sign-on (SSO) Support
4.1.3) SSL VPN Application ACL Support
4.1.4) SSL VPN Port-forwarding Enhancement
4.1.5) SSL VPN Debug Infrastructure
4.1.6) SSL VPN URL Obfuscation Support
4.1.7) Group Encrypted Transport (GET) VPN
4.1.8) MPLS VPN (RFC 2547) over Dynamic Multipoint VPN (DMVPN)
4.1.9) EasyVPN Phase 8.0 Enhancements
4.1.11) Cisco IOS Intrusion Prevention System (IPS) Version 5.0 Signature Format Support
4.2.1) L2VPNs over MPLS-Any Transport over MPLS (AToM)
4.2.2) Ethernet over MPLS (AToM)
4.2.4) Frame Relay over MPLS (FRoMPLS)
4.2.5) Any Transport over MPLS (AToM) Interworking
4.2.6) Multilink Frame Relay over MPLS (AToM)
4.2.7) Any Transport over MPLS (AToM) High Availability
4.2.8) AToM Pseudowire Redundancy
4.2.10) Layer 2 Local Switching with Interworking
4.2.11) Layer 2 Tunnel Protocol Version 3 (L2TPv3) Enhancements
4.3) Multiprotocol Label Switching Management
4.3.1) Cisco IOS Multiprotocol Label Switching Embedded Management
4.4.1) DHCP Relay per interface VPN ID support
4.4.2) DHCP Class Support for Option 60, 77, 124, 125
4.4.3) Hot Standby Routing Protocol Bidirectional Forwarding Detection Peering
4.4.4.) Enhanced Object Tracking support for Mobile IP, PDSN or GGSN
4.4.5) Show and Clear Commands for Cisco IOS Sockets
4.4.6) Cisco Express Forwarding (CEF) L4 Port Load Balancing
4.4.7) Tunnel Source Address Selection
4.4.8) Radius Server Load Balancing
4.5.1) Mobile IPv6 Authentication Option Support
4.5.2) Mobile IPv6 Network Access Identifier (NAI) Support
4.5.3) Cisco Mobile Wireless Home Agent Release 3.0
4.5.4) Cisco Packet Data Serving Node (PDSN) Release 3.0
4.7.2) VoiceXML Browser Update-Support of W3C VoiceXML Forum Standard VXML 2.0
4.7.3) Internet Low Bit Rate (iLBC) Codec Support for SIP and H.323
4.8.1) Network Processing Engine G2 (NPE-G2) for Cisco 7200 Series Router
4.8.2) VPN Services Adapter (VSA) for Cisco 7200VXR Series Routers
5) Release 12.4(9)T Highlights
5.1.1) Cisco IOS Firewall Enhancements
5.1.3) DMVPN Manageability Enhancements
5.1.5) Cisco IOS WebVPN-Auto-Applet Port Forwarding Download
5.1.6) Cisco IOS WebVPN-HTTP Authentication
5.1.7) Cisco IOS WebVPN-RADIUS Accounting
5.2.1) Cisco Unified CallManager Express 4.0
5.2.2) Cisco Multiservice IP-to-IP Gateway-Hosted NAT Traversal
5.2.4) High-Density Packet Voice for Cisco AS5400XM and AS5350XM Universal Gateways
5.3) Management Instrumentation
5.3.2) Cisco Networking Services (CNS) Security Enhancements
5.3.3) Netconf Access for Configuration over SSH and BEEP
5.4.1.) Bidirectional Forwarding Detection (BFD) Echo Mode
5.4.2) ACL-based Rate Based Satellite Control Protocol (RBSCP)
5.4.3) Open Shortest Path First version 3 (OSPFv3) IPsec ESP Encryption and Authentication
5.5.1) Mobile IP-Mobile Router Multi-path Support
5.6.1) Enhanced Object Tracking (EOT) Support for Carrier Delay
5.6.2) Domain Name Service-Split DNS
5.7.1) Hot Standby Router Protocol-HSRP Group Shutdown
6) Release 12.4(6)T Highlights
6.1.1) G.SHDSL WAN Interface Card (WIC-1SHDSL-V3)
6.2.1) Cisco IOS Firewall Enhancements
6.2.4) Complete Certificate Chain Validation in Cisco IOS Public Key Infrastructure
6.2.5) Enhanced Online Certificate Status Protocol in Cisco IOS Public Key Infrastructure
6.2.6) EasyVPN Password Aging via Authentication, Authorization and Accounting
6.2.7) EasyVPN Dynamic Firewall/Access Control List Policy Push to Cisco VPN Software Client
6.2.10) Management Plane Protection
6.2.11) Network Address Translation ARP Ping
6.3.1) Cisco Resource Reservation Protocol Agent for Call Admission Control
6.3.2) Local Voice Busyout and Advanced Local Voice Busyout Enhancements
6.3.3) Cisco Text Relay for Baudot Text Phones
6.3.5) In-Service Updates to Gatekeeper Zone Prefix Configuration
6.3.6) Packet Mode Services on D Channel
6.3.8) Session Initiation Protocol Gateway Support for Busyout
6.3.9) Session Initiation Protocol Transport Layer Security (TLS) Support
6.4.1) Cisco Gateway Load Balancing Protocol for IPv6
6.4.2) Hot Standby Router Protocol-Multiple Group Optimization
6.5) Management Instrumentation
6.5.1) Cisco IOS IP Service Level Agreements-Label Switched Path Health Monitor
6.5.2) Cisco IOS IP Service Level Agreements-ICMP Jitter Operation
6.5.3) Cisco IOS IP Service Level Agreements: Real Time Protocol-based Voice over IP Operation
6.5.4) Multiprotocol Label Switching Label Switched Path Ping and Label Switched Path Traceroute
6.6.1) Enhanced Interior Gateway Routing Protocol for IPv6
6.6.2) Routing Information Protocol Version 2: RFC 1724 MIB Extension
6.6.3) Open Shortest Path First Version 2 RFC 3623 Graceful Restart-Helper Mode
6.7.1) Dynamic Host Configuration Protocol Option 82-Per Interface Support
6.8.1) ANI Suppression During L2TP Set-Up for the Cisco AS5000 Series
6.9.1) Asynchronous Transfer Mode Oversubscription for DSL
6.9.2) Private VLAN Edge on Cisco 1800 Fixed Configuration Routers
7) Release 12.4(4)T Highlights
7.1.1) Cisco 1801, 1802, and 1803 Integrated Services Routers
7.1.2) Multi-Processor Forwarding for Broadband LAC, LNS, and PTA
7.1.3) ADSL2/ADSL2+ Support for Integrated Service Routers (ISRs)
7.2.1) Flexible Packet Matching
7.2.2) Application Firewall for Instant Message Traffic Enforcement
7.2.3) VRF-Aware Domain Name System
7.2.5) Control Plane Protection
7.2.7) IPv6 Support for Site-Site IPsec VPN
7.2.8) Dynamic Multipoint VPN Quality of Service Support
7.3.1) Cisco IOS IP Service Level Agreements for VoIP with Real Time Protocol
7.3.2) Secure Communication between IP-STE and PSTN STE Endpoints
7.3.3) Interoperability Enhancements to the Cisco Multiservice IP-IP Gateway
7.3.4) Identify Alternate Endpoint Call Attempts in RADIUS Call Accounting Records
7.3.6) Session Initiation Protocol: CLI for Passing Calling Name when Privacy Exists
7.3.7) Fax Relay Support for SG3 Fax Machines at G3 Speeds
7.3.8) SIP-SIP Basic Support on the Cisco Multiservice IP-to-IP Gateway
7.3.9) Cisco CallManager Express 3.4
7.3.10) Survivable Remote Site Telephony Version 3.4 Support with Release 12.4(4)T
7.4.1) Cisco Hot Standby Router Protocol for IPv6
7.4.2) NetFlow Reliable Export via Stream Control Transport Protocol
7.5) Management Instrumentation
7.5.1) NetFlow Top Talkers CLI
7.6.1) Skype Classification via NBAR Packet Description Language Modules
7.6.2) Direct Connect Packet Description Language Modules Native Implementation
7.7.1) Multicast User Authentication and Profile Support
7.7.2) Point-to-Point Protocol over Ethernet Circuit ID Tag Processing
7.8.1) Bidirectional Forwarding Detection Support
7.8.2) Border Gateway Protocol Route-Map Continue Support for Outbound Policy
7.8.3) Border Gateway Protocol Selective Next-Hop Route Filtering
8) Release 12.4(2)T Feature Technology Highlights
8.1.1) Cisco 850 Series Integrated Services Routers
8.1.2) Cisco 870 Series Integrated Services Routers
8.1.3) Cisco 1800 Series Integrated Services Routers-Fixed Configuration Models
8.1.4) Cisco High-Speed Intra Chassis Module Interconnect
8.1.5) Inline Power Auto Negotiation
8.2.1) Cisco Router and Security Device Manager 2.1.2
8.2.2) Transparent Cisco IOS Intrusion Prevention System
8.2.3) Easy VPN Dynamic Virtual Tunnel Interfaces
8.2.4) Other Easy VPN Enhancements
8.2.5) Certificate Authority Key Rollover
8.2.6) Configurable Certificate Storage Location
8.2.7) Network Address Translation Optimize Media Path for Session Initiation Protocol Traffic
8.3.1) Session Initiation Protocol Support of Resource Priority Header and Reason Header
8.3.2) Session Initiation Protocol: User Agent MIB
8.3.3) Configurable Hostname in Locally Generated Session Initiation Protocol Headers
8.3.4) Secure Communication between IP-STE Endpoint and STE Endpoint
8.3.5) Land Mobile Radio over IP Enhancement
8.3.6) Media Gateway Control Protocol Controlled Backhaul of Basic Rate Interface Signaling
8.3.8) E1 R2 Collect Call Blocking
8.4.1) Cisco IOS Embedded Event Manager Version 2.2
8.5.1) Authentication, Authorization, and Accounting CLI Stop Record Enhancement
8.5.2) Calling Number Suppression for Layer 2 Tunnel Protocol Setup
8.5.3) Multilink Frame Relay (FRF.16.1) Variable Bandwidth Class Support
8.5.4) Service Selection Gateway-Configurable Maximum Number of Allowed Subscribers
8.5.5) Service Selection Gateway Support of WISPr RADIUS Attributes
8.5.6) Routed Bridge Encapsulation Client Side Encapsulation with Quality of Service
8.5.7) Define Interface Policy-Map AV Pairs Authentication, Authorization, and Accounting
8.6) Management Instrumentation
8.6.1) Cisco IOS IP Service Level Agreements Random Scheduler
8.6.2) NetFlow Top Talker CLI-Phase 2
8.7.1) BitTorrent Packet Description Language Modules Native Implementation
8.7.2) Citrix ICA Published Applications Native Implementation
8.7.3) Multiple Matches Per Port
8.8.1) Multicast Listener Discovery Group Limits
8.8.2) IPv6 Boot Strap Router-Ability to Configure Rendezvous Point Mapping
8.8.3) IPv6 Source Specific Multicast Mapping
8.8.4) Multicast Source Discovery Protocol MD5 Password Authentication
8.9.1) Application-Aware Routing: Policy Based Routing
8.9.3) Internet Control Message Protocol Unreachable Rate Limiting User Feedback
8.10.1) IPv6 Access Control List Extensions for Mobile IPv6
8.10.2) IPv6 Default Router Preference
8.10.3) Foreign Agent Local Route Optimization
PB3001
Last Updated: July 2008
1) Introduction: Cisco IOS Software Release 12.4T
1.2) Release 12.4T Additional Information
2) Release 12.4(20)T Highlights
3) Release 12.4(15)T Highlights
4) Release 12.4(11)T Highlights
5) Release 12.4(9)T Highlights
6) Release 12.4(6)T Highlights
7) Release 12.4(4)T Highlights
8) Release 12.4(2)T Feature Technology Highlights
1) Introduction: Cisco IOS Software Release 12.4T
1.1) Migration Guide
Note: Release 12.3T reached End of Software maintenance on March 15, 2008. For additional information please visit: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps6947/ps5187/prod_end-of-life_notice0900aecd8052e110.html
Figure 1. Release 12.4T Migration Plan
Note: Cisco IOS Software Release 12.4(20)T and later IOS T releases will not support several Cisco hardware platforms that were supported in prior Release 12.4T releases. These platforms will be supported by Release 12.4(15)T via regularly scheduled software maintenance rebuilds and bug fix support until the end of software maintenance date for the respective platform is reached.
• Cisco SOHO 90 Series
• Cisco 831, 836, and 837 Series
• Cisco 1701, 1711, 1712, 1721, 1751, 1751-V, and 1760 Series
• Cisco 2610XM-2611XM, 2620XM-2621XM, 2650XM-2651XM, and 2691 Series
• Cisco 3631 and 3660 Series
• Cisco 3725 and 3745 Series
• Cisco 7400 Series
• Cisco AS5850 Universal Gateway
Figure 2. New Technology (T) and Maintenance Release Relationship
1.2) Release 12.4T Additional Information
• Release 12.4T
Cisco IOS Software Releases 12.4 T-Products & Services-Cisco Systems
• Cisco IOS Software Product Lifecycle Dates & Milestones, Product Bulletin No. 2214
http://www.cisco.com/en/US/products/ps6441/prod_bulletin0900aecd801eda8a.html
• Changes to Cisco IOS Software Product Support in Release 12.4T, Product Bulletin No. 3000
http://www.cisco.com/go/124thardware/
• Cisco IOS Software Download Center
Download Cisco IOS Software releases and access software upgrade planners.
http://www.cisco.com/public/sw-center/sw-ios.shtml
• Cisco Feature Navigator
A web-based application that allows you to quickly match Cisco IOS Software releases to features, to hardware.
• Cisco Software Advisor
Determine the minimum supported software for selected hardware.
http://tools.cisco.com/Support/Fusion/FusionHome.do
• Cisco IOS Upgrade Planner
View all major releases, hardware, and software features from a single interface.
http://www.cisco.com/pcgi-bin/Software/Iosplanner/Planner-tool/iosplanner.cgi
1.3) Cisco IOS Packaging
Figure 3. Cisco IOS Packaging for Cisco Routers
2) Release 12.4(20)T Highlights
Table 1. Release 12.4(20)T Feature Highlights
2.1) Cisco IOS Security
2.1.1) Group Encrypted Transport VPN (GET VPN) Support for the Cisco VPN Services Adapter (VSA) for Cisco 7200 NPE-G2 Series Routers
2.1.2) Cisco IOS Content Filtering
Figure 4. IOS Content Filtering Use Case Scenario
• Secures Internet access to branch, without the need for additional devices
• Controls spyware and malware at the remote site; conserves WAN bandwidth
• Improves employee productivity and protects network resources by enabling content filtering
2.1.3) VRF-Aware Cisco IOS Intrusion Prevention System (IPS)
• Vendor-provided applications vs. native applications
• Administrative users vs. regular employees vs. contractors/guests
• Vendor (photo shop, deli, pharmacy, etc.) network vs. point-of-sale network
• Students vs. faculty members vs. school administration
Figure 5. Typical Use Case for VRF Aware Cisco IOS IPS
• Allows the configuration of IPS on only certain virtual network segments (VRFs) or in a different way on each VRF
• Distinguishes between IPS alarms/events generated within each group (VRF segment) based on VRF ID
• Supports IPS on VRF interfaces in addition to physical interfaces with or without overlapping IP addresses
2.1.4) User-based Cisco IOS Firewall
Figure 6. User based Cisco IOS Firewall Example
• Facilitates the support of Enterprise mobile workers where user access is dynamic, while maintaining source IP address and user group associations
• Secures granular access to the branch, without the need for additional devices
• Enforces non-intrusive, per-user security policies
2.1.5) Application Inspection and Control for Simple Mail Transfer Protocol (SMTP)
• Inspects SMTP at a more granular level
• Scans actual e-mail data like attachment types and encoding types
• Detects a limited number of attack signatures
• Ability to use signatures in SYSLOG message alerts to warn of a possible attack, such as the detection of illegal SMTP commands in a packet
2.1.6) Cisco IOS Firewall Support for Skinny Local Traffic
1. Cisco Call Manager Express (CME) is enabled on the Cisco IOS Firewall and manages the VoIP phones using SCCP over intranet or Internet.
2. Analog and VoIP phones are connected and managed by the Cisco IOS Firewall-enabled CME router.
• Improves user groups SCCP locally generated traffic support
• Provides inspection of CME using SCCP over the intranet/Internet