Table Of Contents
Release Note for the Cisco Traffic Anomaly Detector
Contents
New Feature in Software Release 3.1(2)
New Features in Software Release 3.1(0.12)
Enhanced TACACS+ Access Control Support
Exporting Reports in XML Format
Enhanced WBM Screens
New SNMP OID
Tab Completion for Interface Names
Caution When Upgrading the Software
Software Version 3.1(2) Open Caveats and Resolved Caveats
Software Version 3.1(2) Open Caveats
Software Version 3.1(2) Resolved Caveats
Software Version 3.1(0.12) Open Caveats and Resolved Caveats
Software Version 3.1(0.12) Open Caveats
Software Version 3.1(0.12) Resolved Caveats
Related Documentation
Obtaining Documentation, Obtaining Support, and Security Guidelines
Release Note for the Cisco Traffic Anomaly Detector
March 1, 2005
Note 
The most current Cisco documentation for released products is also available on Cisco.com. The online documents may contain updates and modifications made after the hardcopy documents were released.
Contents
This release note applies to software versions 3.1(2) and 3.1(0.12) for the Cisco Traffic Anomaly Detector (Detector). This release note contains the following sections:
•New Feature in Software Release 3.1(2)
•New Features in Software Release 3.1(0.12)
•Caution When Upgrading the Software
•Software Version 3.1(2) Open Caveats and Resolved Caveats
•Software Version 3.1(0.12) Open Caveats and Resolved Caveats
•Related Documentation
•Obtaining Documentation, Obtaining Support, and Security Guidelines
New Feature in Software Release 3.1(2)
The BIOS log provides system messages related to the BIOS and messages related to hardware events such as power off and restart.
To view the Detector BIOS log, use the show log bios command.
For example:
admin@GUARD# show log bios
To clear the BIOS log, use the clear log bios command at the configuration prompt.
New Features in Software Release 3.1(0.12)
The following new features have been added in software release 3.1(0.12):
•Enhanced TACACS+ Access Control Support
•Exporting Reports in XML Format
•Enhanced WBM Screens
•New SNMP OID
•Tab Completion for Interface Names
Enhanced TACACS+ Access Control Support
Software release 3.1(0.12) enhances TACACS+ support. You can configure the Detector as a client of a TACACS+ server to provide a method of authorization and accounting of configuration and non configuration commands, in addition to authentication of users.
The Detector supports two kinds of TACACS+ authorization:
•Exec authorization—Determines the user privilege level when the user is authenticated
•Command authorization—Consults a TACACS+ server to get authorization for commands once the user enters them.
The TACACS+ configuration applies for both the CLI and WBM management connections.
Exporting Reports in XML Format
You can export reports in Extensible Markup Language (XML) format in addition to text format. You can export a summarized or detailed report. To enable easy automation for exporting zone reports using external scripts, you can now export all reports in detail.
You can export the following reports:
•A comprehensive report of attacks detailing attacks on all zones
•A comprehensive report listing attacks on a specific zone
Enhanced WBM Screens
Various WBM screens have been redesigned to enable greater flexibility.
The new screens are:
•Policies statistics—This screen appears under the zone diagnostics menu. It provides statistical information, similar to the show policies statistics CLI command.
•Drop statistics—This screen appears under the zone diagnostics menu. It provides statistical information, similar to the show drop-statistics CLI command. This screen applies to the Cisco Guard.
•Add service—This screen appears under the zone configuration menu. Use this screen to manually add policies for a specific service under a policy template.
•Remove service—This screen appears under the zone configuration menu. Use this screen to manually remove policies for a specific service from a policy template.
•About—A new screen that shows the software version of the Detector.
New SNMP OID
A new SNMP OID, rhNEChassisSerialNumber, describing the Chassis serial number has been added. You can also view this information by issuing the show version command.
Tab Completion for Interface Names
You can now view the interface names when issuing the interface command. Enter the command and press TAB twice or enter ?.
Caution When Upgrading the Software
Do not press Ctrl-C during the upgrade process or the upgrade may fail.
Software Version 3.1(2) Open Caveats and Resolved Caveats
The following sections contain the open caveats and resolved caveats in software version 3.1(2):
•Software Version 3.1(2) Open Caveats
•Software Version 3.1(2) Resolved Caveats
Software Version 3.1(2) Open Caveats
The following caveats are open in software version 3.1(2):
•CSCuk51045—The upgrade process from software release 3.05 to software release 3.1(2) does not repartition the hard disk. To perform an upgrade, you must first upgrade to software release 3.07, and then upgrade to 3.1(2).
•CSCuk51099, CSCuk51368—The Detector may stop responding during a reload if it receives network traffic over a virtual interface (VLAN or tunnel) while it is reloading. Workaround: Reload the Detector.
•CSCuk52900—After you issue the reload command, the Detector may report a failure to start the Cisco proprietary accelerator card. If you issue additional commands, the following error message appears:
Cannot connect to management system, System not operational
Workaround: Re-issue the reload command.
•CSCuk52975—The Detector does not report the install new-version and reload commands to the accounting server.
•CSCuk55666—When you issue the show running-config command, the Detector displays multiple TACACS+ accounting commands in its configuration.
•CSCuk55671—When you import a configuration to a newly installed Detector (installed from base) using the copy ftp running-config command, the Detector does not import the TACACS+ server configuration.
•CSCuk56165—The Detector stops functioning when it receives Multi Protocol Label Switching (MPLS) traffic.
•CSCsa64914 - The name of the Flexible Filter Drop Count counter in the Web-Based Management Zone>Configuration>General menu should be Flexible Filter Drop Rate. This counter accurately displays the drop rate of the flex-filter. The General menu also contains the Flexible Filter Action and Flexible Filter Count fields. When the Flexible Filter Action value is displayed as:
–Drop - the Flexible Filter Count value displays the number of dropped packets
–Count - the Flexible Filter Count value displays the number of counted packets
Software Version 3.1(2) Resolved Caveats
The following caveats were resolved in software version 3.1(2):
•CSCuk52712—SNMP interface indexes in ifAdEnIfindex are changed during reload and stop being correlated with iftable indexes.
•CSCuk52018—On some occasions the Detector watchdog reported an irrelevant hardware Error about unavailable LED information.
•CSCuk51373—Adding an ssh-dsa key longer than 1024 bytes causes the CLI to crash when issuing the show running-config command. The key remove command fails to remove the key.
•CSCuk52710—After setting the date to a date in the past using the date command, SNMP may display cached information rather than updated information.
•CSCuk54898—The copy debug-core command fails when exporting to a Windows FTP server.
•CSCuk55806—DNS queries with additional resource records are considered malformed and are therefore dropped.
•CSCeg57556—You must issue the reload command for an NTP configuration change to take effect.
•CSCuk55584—When you compare the zone policies in the CLI using the diff command, and in the WBM by selecting Configuration > Compare policies from the zone main menu, the results are different.
•CSCuk55755—The password length restriction between CLI and WBM is now consistent.
•CSCuk55721—The Detector identifies TCP and UDP fragmented packets with zeros at the beginning of payload as zero-port traffic and drops these packets.
Software Version 3.1(0.12) Open Caveats and Resolved Caveats
The following sections contain the open caveats and resolved caveats in software version 3.1(0.12):
•Software Version 3.1(0.12) Open Caveats
•Software Version 3.1(0.12) Resolved Caveats
Software Version 3.1(0.12) Open Caveats
The following caveats are open in software version 3.1(0.12):
•CSCuk55076—The upgrade process may fail when managing from the inband interface. Workaround: We highly recommend that you do not perform the upgrade from the inband interface. Connect to the serial console or the physical console to perform the upgrade. If these are not available, connect to the out of band interface.
•CSCuk51045—The upgrade process from software release 3.05 to software release 3.1(0.12) does not repartition the hard disk. To perform an upgrade, you must first upgrade to software release 3.07, and then upgrade to 3.1(0.12).
•CSCuk51099, CSCuk51368—The Detector may stop responding during a reload if it receives network traffic over a virtual interface (VLAN or tunnel) while it is reloading. Workaround: Perform a power cycle.
•CSCuk52900—After you issue the reload command, the Detector may report a failure to start the Cisco proprietary accelerator card. If you issue additional commands, the following error message appears:
Cannot connect to management system, System not operational
Workaround: Issue the reload command again.
•CSCuk52975—The Detector does not report the install new-version and reload commands to the accounting server.
Software Version 3.1(0.12) Resolved Caveats
The following caveats were resolved in software version 3.1(0.12):
•CSCuk52712—The SNMP interface indexes in ifAdEnIfindex are changed during reload and stop being correlated with iftable indexes.
•CSCuk52018—On some occasions the Detector watchdog reported an irrelevant hardware Error about unavailable LED information.
•CSCuk51373—Adding an ssh-dsa key longer than 1024 bytes causes the CLI to crash when issuing the show running-config command. The key remove command fails to remove the key.
•CSCuk52710—After setting the date to a date in the past using the date command, SNMP may display cached information rather than updated information.
Related Documentation
The following Detector documents are available:
•Cisco Traffic Anomaly Detector User Guide
•Cisco Traffic Anomaly Detector Web-Based Management User Guide
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
.
