Cisco Services Modules

Table Of Contents

Release Note for the Cisco Traffic Anomaly Detector Module

Contents

Maximum Number of Modules Supported in a Catalyst 6500 Chassis

Caution When Upgrading the Software

Software Version 4.0(2) Open Caveats

Related Documentation

Obtaining Documentation, Obtaining Support, and Security Guidelines

Release Note for the Cisco Traffic Anomaly Detector Module

---

April 22, 2005

---

Note The most current Cisco documentation for released products is also available on Cisco.com. The online documents may contain updates and modifications made after the hardcopy documents were released.

---

Contents

This release note applies to software version 4.0(2) for the Cisco Traffic Anomaly Detector Module (Detector module). The Cisco Catalyst 6500 Series Switch and the Cisco 7600 Router support the Detector module.

•The Catalyst 6500 requires IOS 12.2(18)SXD3 or later to support the Detector module.

•The 7600 Router require IOS 12.2(18)SXE or later and a SUP720 to support the Detector module.

This release note contains the following sections:

•Maximum Number of Modules Supported in a Catalyst 6500 Chassis

•Caution When Upgrading the Software

•Software Version 4.0(2) Open Caveats

•Related Documentation

•Obtaining Documentation, Obtaining Support, and Security Guidelines

Maximum Number of Modules Supported in a Catalyst 6500 Chassis

The Catalyst 6500 9-slot chassis supports a combined maximum of eight Anomaly Guard modules and Traffic Anomaly Detector modules. You can install a maximum of eight Guard modules or a maximum of four Detector modules in a single chassis in any combination for a total of eight modules.

A Catalyst 6500 13-slot chassis supports a combined maximum of six Anomaly Guard modules and Traffic Anomaly Detector modules. You can install a maximum of four Guard modules or a maximum of four Detector modules in a single chassis in any combination for a total of six modules.

Caution When Upgrading the Software

Do not press Ctrl-C during the upgrade process or the upgrade may fail.

Software Version 4.0(2) Open Caveats

The following caveats are open in the Detector module software version 4.0(2):

•CSCuk56165—The Detector module may stop functioning when it receives Multi Protocol Label Switching (MPLS) traffic.

•CSCsa64914 - There is an inconsistency with the Flexible Filter Drop Count counter in the Web-Based Management Zone>Configuration>General menu, the Drop-statistics menu, and the Attack reports menu. The Flexible Filter Drop Count counter in the Zone>Configuration>General menu displays the drop rate of the flex-filter, instead of the drop count. The Flexible Filter Drop Count counter in the Drop-statistics menu and the Attack reports menu displays the actual drop count.

•CSCuk55584—When you compare the zone policies in the CLI using the diff command, and in the WBM by selecting Configuration > Compare policies from the zone main menu, the results are different.

•CSCuk55721—The Detector module identifies TCP and UDP fragmented packets with zeros at the beginning of payload as zero-port traffic and drops these packets.

•CSCsa64914 - The Web-Based Management Zone>Configuration>General menu contains the Flexible Filter Drop Count field, but it should not. Therefore, the value for this field will always be zero.

Related Documentation

The following documentation is available for the Cisco Traffic Anomaly Detector Module:

•Cisco Anomaly Guard Module and Traffic Anomaly Detector Module Installation Note

•Cisco Traffic Anomaly Detector Module Configuration Guide

•Cisco Traffic Anomaly Detector Module Web-Based Management Configuration Guide

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html