Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco IOS Security

Cisco IOS Software Release 12.2(18)SXD Security Features

Downloads

Table Of Contents

Cisco IOS Software Release 12.2(18)SXD Security Features

1. Cisco IOS Software Release 12.2S Introduction

1.1 Release 12.2SX Ordering Information, Feature Sets, and Image Names

1.2 Additional Information

2 Release 12.2(18)SXD Security Features


Product Bulletin, No. 2534

Cisco IOS Software Release 12.2(18)SXD Security Features

1. Cisco IOS Software Release 12.2S Introduction

Cisco IOS® Software Release 12.2S is designed for Enterprise campus and Service Provider edge networks that require world-class IP and Multiprotocol Label Switching (MPLS) services. The Cisco Catalyst® Switches and high-end routers in Release 12.2S provide secure, converged network services in the most demanding Enterprise and Service Provider environments, from the wiring closet and data center to the WAN aggregation edge.

The infrastructure innovation and technology leadership in Release 12.2S enable advanced Ethernet LAN switching, Metro Ethernet, and Broadband Aggregation services through enhancements in High Availability, Security, MPLS, VPNs, and IP Routing and Services.

Releases 12.2(22)S, 12.2(20)S, 12.2(18)S, and 12.2(14)S are available from Cisco.com. For detailed information about the features and hardware supported in each of these releases, refer to Release 12.2S New Features and Hardware Support, Product Bulletin No. 2216.

Derived from Release 12.2(14)S, Release 12.2SX provides Release 12.2S functionality and new features and hardware support for the Cisco Catalyst 6500 Series Switch and Cisco 7600 Series Router.

In addition to Release 12.2(18)SXD, Releases 12.2(17d)SXB, 12.2(17b)SXA, 12.2(17a)SX, and 12.2(14)SX are available from Cisco.com. For detailed information about the features and hardware supported in each of these releases, please visit:

http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/prod_bulletins_list.html

http://www.cisco.com/en/US/products/hw/switches/ps708/prod_bulletins_list.html

1.1 Release 12.2SX Ordering Information, Feature Sets, and Image Names

Refer to the "Feature Sets" section of the Release 12.2SX release notes for information about Release 12.2SX orderable product numbers, feature sets, and image names.

http://www.cisco.com/en/US/products/hw/switches/ps708/prod_release_note09186a00801c8339.html

http://www.cisco.com/en/US/products/hw/switches/ps708/prod_release_note09186a008019e1e9.html

1.2 Additional Information

Cisco IOS Software Release 12.2S

http://www.cisco.com/go/release122s/

Cisco IOS Software Release feedback and questions

http://www.cisco.com/warp/public/732/feedback/release/

Cisco IOS Software Product Lifecycle Dates & Milestones

http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/prod_bulletin09186a00801a1349.html

2 Release 12.2(18)SXD Security Features

2.1 Control Plane Policing

Even the most robust software implementations and hardware architectures are vulnerable to Denial of Service (DoS) attacks. DoS attacks are malicious acts designed to cause failures in a network infrastructure by flooding it with worthless traffic camouflaged as specific types of control packets directed at the control plane processor. By involving hundreds of sources, distributed DoS attacks multiply the amount of worthless IP traffic, sometimes by as much as many gigabytes per second. These IP streams contain packets that are destined for processing by the control plane of Cisco route processors. Based on the high rate of rogue packets presented to the route processor, the control plane must spend an inordinate amount of time processing and discarding the DoS traffic.

Control Plane Policing provides users with a mechanism to control the type and rate of traffic that hits the control-plane of the device, and thereby helps to maintain packet forwarding and protocol states while the router is under attack. Control Plane Policing leverages Modular Quality of Service (QoS) CLI (MQC) to provide a programmable policing functionality on routers that filter and rate limit (or police) traffic destined to the control plane. This policing functionality can be used in conjunction with Cisco IOS QoS classification mechanisms to identify and limit certain traffic types completely, or to target only those that exceed a specified threshold level.

Benefits

Streamlines incoming rate of traffic destined to the control plane

Protects against attacks targeted towards the network infrastructure

Easily defines global policy commands to address the aforementioned security goals using the Cisco MQC infrastructure

Hardware

Routers

Cisco 7600 Series Router

Switches

Cisco Catalyst 6500 Series Switch


Additional Information

http://www.cisco.com/go/autosecure/

Product Management Contact

IOS-Security-PM@cisco.com

2.2 Secure Copy

Description

The Secure Copy (SCP) feature provides a secure and authenticated method for copying router configuration or router image files.

Benefits

SCP allows a user who has appropriate authorization to copy any file that exists in the Cisco IOS File System (IFS) to and from a router by using the copy command. An authorized administrator may also perform this action from a workstation.

Hardware

Routers

Cisco 7600 Series, Supervisor Engine 720, Supervisor Engine 2

Switches

Cisco Catalyst Series, Supervisor Engine 720, Supervisor Engine 2


Additional Information

://www.cisco.com/go/iossecurity/

Product Management Contact

ios-security-pm@cisco.com