cc/td/doc/product/iaabu/csids
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table Of Contents

Release Notes for Cisco Intrusion Detection System Version 4.1

Contents

Before Upgrading to Cisco IDS Version 4.1

Upgrading to Cisco IDS Version 4.1

After Upgrading to Cisco IDS Version 4.1

Restrictions and Limitations

New and Changed Information

Common Criteria Evaluated Configuration

Caveats

Related Documentation

Obtaining Documentation

Cisco.com

Ordering Documentation

Documentation Feedback

Obtaining Technical Assistance

Cisco TAC Website

Opening a TAC Case

TAC Case Priority Definitions

Obtaining Additional Publications and Information

Release Notes for Cisco Intrusion Detection System Version 4.1


January 15, 2004

Contents

Before Upgrading to Cisco IDS Version 4.1

Upgrading to Cisco IDS Version 4.1

After Upgrading to Cisco IDS Version 4.1

Restrictions and Limitations

New and Changed Information

Common Criteria Evaluated Configuration

Caveats

Related Documentation

Obtaining Documentation

Obtaining Technical Assistance

Obtaining Additional Publications and Information

Before Upgrading to Cisco IDS Version 4.1

Before you upgrade your sensors to Cisco IDS version 4.1, you need to make sure you have performed the following tasks:

Upgraded the memory on the IDS-4220-E, IDS-4210, IDS-4210-K9, and IDS-4210-NFR

For detailed memory upgrade instructions, refer to "Upgrading the Memory" in the Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1.

Swapped the command and control interface cable with the sniffing interface cable on the IDS-4220 and IDS-4230


Note You only need to swap the cables if you are upgrading from version 3.1 to 4.1.


Refer to "Upgrading the IDS-4220-E and IDS-4230-FE to 4.x Software" in the Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1. for the procedure.

Installed the new maintenance partition image for the IDSM-2

Refer to "Obtaining Cisco IDS Software" and "Re-Imaging the Maintenance Partition from the Application Partition" in the Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1. for the procedures.

Upgraded the BIOS on the IDS-4235 and IDS-4250, if the BIOS version is earlier than A04

Refer to "Upgrading the BIOS" in the Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1. for the procedure.

Upgrading to Cisco IDS Version 4.1

You can find the Cisco IDS version 4.1 at the Software Center on Cisco.com at the following URL: http://www.cisco.com/kobayashi/sw-center/ciscosecure/ids/crypto/


Note You must be logged in to Cisco.com to access the Software Center.


You need a Cisco.com password to download updates. See "Applying for a Cisco.com Account with Cryptographic Access" in the Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1 for the procedure for obtaining a Cisco.com account with cryptographic access.

To access Software Center on Cisco.com, follow these steps:


Step 1 Go to Cisco.com.

Step 2 Log in to Cisco.com.

Step 3 Click Technical Support > Software Center.

Step 4 Under Software Products & Downloads, click Cisco Secure Software.

Step 5 Under Cisco Secure Software, click Cisco Intrusion Detection System (IDS).

Step 6 Under Version 4.X, locate your sensor, and then click Latest Software.

Step 7 On the Software Download page, select the update you need.

Step 8 Follow the instructions in the Readme to install the update.


Note Major version upgrades, minor version upgrades, service packs, and signature updates are the same for all sensors. Recovery and application files are unique per platform.



After Upgrading to Cisco IDS Version 4.1

Make sure you do the following after upgrading to Cisco IDS version 4.1:

Assign the sensing interface(s) for all sensors.

Refer to "Assigning and Enabling the Sensing Interface" in the Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1 for the procedure.

Restrictions and Limitations

The following restrictions and limitations apply to the Cisco IDS version 4.1 software and the products that run version 4.1:

You can only install eight IDSM-2s per switch chassis.

Do not confuse Cisco IOS IDS (a software-based intrusion-detection application that runs in the Cisco IOS) with the IDS that runs on the NM-CIDS. The NM-CIDS runs Cisco IDS version 4.1. Because performance can be reduced and duplicate alarms can be generated, we recommend that you do not run Cisco IOS IDS and Cisco IDS version 4.1 simultaneously.

Only one NM-CIDS is supported per Cisco 2600, 2600, and 2700 series router.

Jumbo frames are not supported on the NM-CDIDS.

New and Changed Information

This release has the following new features:

An updated version of IDS Device Manager that includes enhanced support for signature configuration with a new Signature Wizard.

An updated version of IDS Event Viewer that includes enhanced support for viewing captured packets.

A new communications protocol, Remote Data Exchange Protocol (RDEP).

A new IDS appliance, the IDS-4215, which has the following features:

Compact Flash disk storage.

Two onboard Ethernet interfaces.

Two available PCI expansion slots.

The 4FE card with four Fast Ethernet (FE) interfaces (10/100) that can be installed in the lower PCI slot.

An RJ45 console port for command and control.

A 20-GB hard-disk drive to support logging.

Ability to sense Jumbo VLAN packets.

No monitor or keyboard—All configuration and control is done through the console port and/or the command and control FE port.

A new IDS module, the NM-CIDS, which has the following features:

Provides full-featured intrusion protection services within Cisco 2600/3600/3700 series routers.

Supports Cisco IOS Release 12.2(15)ZJ or later.

Common Criteria Evaluated Configuration

The Cisco IDS version 4.1 has been evaluated against the Intrusion Detection System Protection Profile, V1.4, February 4, 2002 using the Common Criteria Evaluation and Validation Scheme found at the following site:

http://niap.nist.gov/cc-scheme/

If you intend to use the Cisco IDS version 4.1 in the evaluated configuration, you must refer to the following guidelines and notes:


Warning The intent of this section is not to fully describe the evaluated configuration or to explain all the steps required to place your sensor in the evaluated configuration. Instead, you should be familiar with the evaluated configuration and know how to place the sensor in that configuration before referring to the guidelines and notes in this section.



Caution When adding, editing, or deleting allowed hosts, ensure that you do not delete the IP address used for remote management of the sensor.

Note The evaluated configuration assumes that you have physical access to and control of the sensor.



Note If you are upgrading an IDS-4220-E or IDS-4230-FE to IDS Version 4.x, be sure that you power off the IDS appliance before swapping the command and control interface cable with the sniffing interface cable. Then power on the IDS appliance.



Note In the evaluated configuration the IDS appliance must utilize internal resources for time setting and keeping. You cannot use an NTP server. Use the no ntpServers ipAddress <address> command (available from service Host submenu) to disable the NTP server and use the clock set command to set the system time.



Note After you download an update from Cisco.com, you must take steps to ensure the integrity of the downloaded file while it resides on your FTP or SCP server.


To configure the sensor to use the Common Criteria evaluated configuration, follow these steps:


Step 1 Create a service account on the sensor:

a. Log into the sensor using an account with administrator privileges (cisco).

b. Enter Configuration mode:

sensor# configure terminal

c. Specify the parameters for the service account:

sensor(config)# username service privilege service password serviceAccountPassword

Step 2 Log into the service account.

Step 3 At the prompt, execute the following command:

# su - root

Step 4 Enter the service account password.

Step 5 Change ownership of the sshd and cid-auth PAM configuration files to be owned by root.

# chown root /etc/ssh/sshd_config /etc/pam.d/cid-auth

Step 6 Copy the cid-auth PAM configuration file to the system-auth configuration file.

# cp /etc/pam.d/cid-auth /etc/pam.d/system-auth

Step 7 Edit the /etc/ssh/sshd_config file with vi.

a. Locate the following line:

#UsePAM yes

b. Remove the comment symbol #:

UsePAM yes

c. Locate the following line:

#UsePrivilegeSeparation yes

d. Remove the comment symbol #, and change yes to no:

UsePrivilegeSeparation no

e. Locate the following line:

#Protocol 2,1

f. Remove the comment symbol # and ,1:

Protocol 2

g. Save the changes and close the file.

Step 8 Edit the /usr/cids/idsRoot/etc/IDMSetup.xml file with vi.

a. Locate the following lines:

<title>Event Filters</title> <sourceURI activity="batchActivity">eventFilters</sourceURI>

b. Insert the following line:

<access>operator</access>

Example:

... <title>Event Filters</title> <access>operator</access> <sourceURI activity="batchActivity">eventFilters</sourceURI> ...

c. Save the changes and close the file.

Step 9 Reboot the sensor.


Caveats

For the most complete and up-to-date list of caveats, refer to the 4.1 Readme found at the following URL:

http://www.cisco.com/kobayashi/sw-center/ciscosecure/ids/crypto/

See Upgrading to Cisco IDS Version 4.1, for instructions on how to access and download IDS updates and Readmes.

The following caveats apply to Cisco IDS version 4.1:

CSCdy54921 Reset powerdown not working

Symptoms: After issuing the "reset powerdown" cli command the sensor does not completely shutdown.

Workaround: Wait a reasonable amount of time after issuing the reset command and then power the sensor off using the physical power switch.

CSCdz18839 Manually change IEV host system time affects Realtime Graph view

Symptom: If you manually change the system time for the IDS Event Viewer host while the IDS Event Viewer services are running, the alarm count displayed in the Realtime Graph view is no longer correct.

Condition: If the system time is manually set backward, the alarm count in the Realtime Graph view no longer reflects the alarms that occurred since that time. Likewise, if the system time is manually set forward, then some of the previously recorded alarm counts may be reset to zero. The problem is caused by the Timer thread which is used to aggregate sensor alarms received within each minute. When the system time is manually changed, the scheduled task in the Timer thread can no longer be executed every minute. This causes a miscalculation of the alarm count displayed in the Realtime Graph view.

Workaround: First, close IDS Event Viewer GUI if it is open. Second, locate the Cisco IDS Event Viewer service in the Windows Services panel. Stop and then restart the service.

After the Cisco IDS Event Viewer service has restarted, the Realtime Graph view will start displaying the correct alarm count.

CSCdz49418 CLI - cannot apply entire backup-config if sensorApp is busy

Symptom: If the copy command is executed before the AnalysisEngine has had time to process previous changes, one of the following errors may occur:

Error: The application is processing configuration, please try again later.

Error: Control transaction can not be completed at this time.

Some changes to the signature engine regular expressions may take minutes to complete.

Workaround: If the copy command fails with one of the "busy" error messages, wait a few minutes and re-run the command until it completes successfully.

CSCdz86438 mainapp - not changing timezone if switch time changes

Symptom: Event timestamps are incorrect after entering or exiting summertime or auto updates are not occurring when expected.

Workaround: Reboot the sensor.

CSCea13676 Modem - difficulty in connecting to serial through modem

Symptom: Unable to connect to serial port through a modem connection.

Condition: If the modem is not configured as designated in the documentation this can prevent the modem from connecting. There have been situations where even with the modem configured correctly it is unable to connect to the sensor.

Workaround: Use terminal server or laplink cable to connect to the sensor serial port.

CSCea45097 Multiple regexes with star operator cause cache creation failure

Symptom: The sensor fails to create regex cache files for STATE.STRING based engines such as CISCOLOGIN, LPRFORMATSTRING, and SMTP.

Condition: When adding a signature(s) to the STATE.SMTP engine that contains several * operators, the state table generator fails to handle the large state created by the repeat operators.

Workaround: Upgrade to 4.0(2)Sxx or later.

CSCea49229 4.0(1.5) IDM not taking the sensor to powerdown mode

Symptoms: cli error: "Cannot communicate with system processes. Please contact your system administrator."

Workaround: Reboot from physical reset switch or through a service account.

CSCea56011 incorrect description for filters

Symptom: The documentation in the cli for the DestAddrs in alarm filters is incorrect.

Conditions: Using the ? in the cli when editing the event filters will show incorrect documentation.

For example:

sensor13(config-acc-virtualAlarm-Eve)# Filters

DestAddrs Source Addresses of Events to which this filter should be applied. Exception Does this filter describe an exception to an event filter? This allows creating 'General Case' exclusions then adding more specific inclusions. SIGID Signature ID's of Events to which this filter should be applied. SourceAddrs Source Addresses of Events to which this filter should be applied. SubSig SubSigID's of Events to which this filter should be applied

This should read:

sensor13(config-acc-virtualAlarm-Eve)# Filters

DestAddrs Destination Addresses of Events to which this filter should be applied. Exception Does this filter describe an exception to an event filter? This allows creating 'General Case' exclusions then adding more specific inclusions. SIGID Signature ID's of Events to which this filter should be applied. SourceAddrs Source Addresses of Events to which this filter should be applied. SubSig SubSigID's of Events to which this filter should be applied

Workaround: Use the argument name instead of the description to understand what should be entered.

CSCea59687 Default Password Can Contain Special Characters

Symptom: When a user logs into the IDS console for the first time, the user is prompted to change the default password "cisco" to something else. Although the user should not do this, the user is allowed enter special characters, such as arrow keys, for the password. Entering passwords that contain special characters causes a couple problems.

The user cannot log in to user interfaces, such as IDM, that do not allow the entry of passwords with special characters. *

The user cannot change the password for this account using the CLI command "password", since the user is prompted to first enter their existing password.

Condition: The issue is present in IDS versions 4.0(1), 4.0(2) and 4.1(1).

Workaround: To prevent this issue, the user should not enter passwords that contain non-printable characters such as arrow keys or control characters. If the user does create a password with special characters, the password can be changed by logging into a CLI account that has administrative privileges. The CLI command, "password <username>", can be used to change the password. When the username is specified in the password command, the command does not prompt for the existing password prior to prompting the user for the new password.

CSCea91157 IDS 4.0 DOC needs to indicate BIOS needs upgrading on SOME 4235/4250

Description: The current IDS 4.0 IDS Appliance Installation Document indicates that all IDS 4235 and 4250 sensors need their BIOS upgraded before the user can install IDS 4.0 on them. This is incorrect. Only IDS 4235 and 4250 sensors with BIOS revision A03 need to upgrade the BIOS to A04 before installing IDS 4.0. If the IDS 4235 or 4250 sensor currently has BIOS revision A04, there is no need to upgrade the BIOS, because it is already at the correct revision. Note: The BIOS revision can be obtained by watching the IDS Sensor boot. The revision number is displayed during bootup.

CSCeb12288 sensor had wrong sensor ip address in access-list

Symptom: When blocking on a router or switch the wrong IP address is used when allowing the sensor in the blocking ACLs.

Conditions: Affects 4.0 sensors. If the user has a router or switch configured for blocking and changes the sensor IP address without rebooting, then this problem can occur. Unless the sensor is allowed to block itself, the first ACL entry will be to permit the sensor IP. When this problem occurs, that IP is the old value instead of the new value.

Workaround: Reboot the sensor after changing the IP address.

CSCeb17537 IDS - setting time should be greyed out like idsm2

Symptom: Device/Sensor setup/Time field allows user input on the NM-CIDS module. Conditions: Affects all 4.1 NM-CIDS modules.

Workaround: Do not try to change the system time on the NM-CIDS. Time on the module is obtained from the router or an NTP server.

CSCeb21685 4.1(0.3) Fragment Reassembly not using crit node for mem management

Problem: The Fragment Reassembly Unit (FRU) of the SensorApp does not use the Crit Level to limit the amount of memory it will use.

Symptom: Extremely heavy fragmented traffic between relatively few IP Addresses may lead to memory starvation and possible instability.

Workaround: Tune the Fragment Reassembly Unit, decreasing the number of total fragments allowed using the FragmentReassembly.IPReassembleMaxFrags variable. Set this variable to a low value to minimize the possibility of memory starvation caused by the FRU.

CSCeb38804 sensorApp does not come up the first time after XL card is removed

Symptom: The first time the system starts after removing an XL upgrade from a 4250 IDS appliance, the AnalysisEngine will not be running. A show version command will show the status of the Analysis Engine. Conditions: This symptom only occurs on the 4520 IDS appliance that has previously been running with an XL accelerator card and has had that card removed.

Workaround: Reset the system. The AnalysisEngine will be running after the restart. There will be no sensing interfaces in the interface group, so an interface will have to be added before packets can be analyzed.

CSCeb38945 IDSM2 sensing interfaces disabled after software upgrade

Symptom: Upgrading from Cisco IDS version 4.0 to 4.1(1) will cause the XL interfaces int7 and int8 to be disabled regardless of their enabled state prior to the upgrade.

Conditions: This symptom will only occur on the IDSM2 module (WG-SVC-IDSM2).

Workaround: Enable the interfaces (adding them to the interface group if necessary). This will only need to be done once after the software upgrade.

CSCeb39297 IDM - Restore defaults does not restore all configs to default

Symptom: Restore defaults button on the signature configuration page does not restore all defaults for the virtual sensor.

Conditions: Affects all 4.0 sensors. When the user clicks Restore Defaults, only the signatures are restored to the default values.

Workaround: Manually set the default values for non signature virtual sensor settings.

CSCeb39644 4250XL: int3 enabled but not in interface group after upgrade

Symptom: When upgrading a 4250xl IDS Appliance from version 4.0 to 4.1(1), the interface int3 will be enabled even though it is not in the interface group. Since it is enabled, any packets presented on that interface will be processed even though it is not listed in the interface group. This behavior is consistent with 4.0 in which int2 and int3 were both controlled by the settings for int2.

Conditions: This symptom only applies to the 4250xl IDS Appliance and only when upgrading from 4.0 to 4.1(1).

Workaround: If traffic from int3 is not desired, the interface may be shutdown from the sensing interface configuration mode in the CLI or management platforms. If the traffic from int3 is desired, the interface may be added to the interface group. This will not change the behavior, but will make the configuration more accurately reflect the actual behavior.

CSCeb41336 max shun entries not working

Symptom: Can not set the max block (shun) entries in IDM. Conditions: Affects all 4.0 sensors.

Workaround: Set the max block entries using the CLI.

CSCeb41427 improve update error messages

Symptom: When running automatic updates the software checks for available service packs. If you have a base image without any service packs you will get a log message indicating that no version information was found.

Workaround: Apply the available service pack to the 4.0 base image.

CSCeb41483 IDSM2: Module occasionally fails to go online

Symptom: IDSM2 module fails to come online following a reset or power up of the module. The output of a show module command indicates the module state as faulty. Usually the module will recover following a second reset, but may recur until the module is powered down and then powered back up.

Conditions: This seems to occur occasionally for no apparent reason. It typically occurs less than 1% of the time.

Workaround: If the module fails to come online (faulty), try resetting the module again. If that fails, power the module down and back up. If it still fails, try shutting down the module and remove it from the chassis, then re-insert it.

CSCeb51849 shunHost for signatures breaking the GlobalSummarize mode

Problem: When an EventAction is configured for a signature that is summarizing, the alarms that are supposed to be muted by the summarizer are not muted.

Symptom: You will see alarms as if they were in FireAll mode when EventAction is specified on a signature that is summarizing. You will still get the end-of-the-interval summary report with the count of alarms that happened in the summary interval, but the intermediate alarms were not muted.

Workaround: No field workaround exists.

CSCea93699 alertDetails do not show IDS-NM traffic source on summary alarms

Problem: Summary alerts do not show the traffic source information in the alertDetails field.

Symptom: The regular alert in a summary pair will have the traffic source information, but summary alerts which are sent in the future relative to the actual alerts do not have this information.

Workaround: No workaround for this issue.

CSCeb52865 alertDetails should provide standard IOS interface name

Problem: Users prefer to see the standard Cisco IOS interface name in the alertDetails where the source of the traffic is identified. Currently, the alertDetails appear as follows:

alertDetails: Traffic Source: int0; SlotNum 0 SubSlotNum 0 PortNum 1 SubIntNum 1 IntType 18 VlanId 149;

The standard Cisco IOS interface name that was the source of this traffic would be:

"FastEthernet-0/1" (IntType 18 = "FastEthernet").

CSCeb55720 Analysis Engine terminates if clock set to wrong year

Symptoms: After changing the sensor configuration, such as enabling the sensing interface or tuning a signature, the sensor fails to generate any alarms. Any attempts to modify the sensor configuration result in a warning message indicating that the sensor is still processing the configuration.

Conditions: Occurs when the sensor configuration is changed while the IDS system clock is set to a past year. On IDSM2 (catalyst IDS blade) or NM-CIDS (router IDS NM module), this can occur if NTP is not in use and the router or switch has its clock set to a past year.

Workaround: Correct the system clock and then reboot the IDS appliance or module. On IDSM2 or NM-CIDS modules, the router or switch clock must be set to the correct year. As always, on IDSM2 and NM-CIDS it is important to set the correct time, time zone and summertime mode on the router or switch and to set the correct time zone and summertime mode on the module.

CSCeb54963 Sig 3123 is missing ports 12345 & 12346 in the DstPort

Symptom: Alerts for sig 3123 do not fire for ports 12345 and 12346.

Condition: The xml description for the signature 3123 does not contain these ports in the DstPorts field.

Workaround: Tune the signature to have DstPorts to be "12345,12346,20034."

CSCeb47181 sensorApp unresponsive on multi-nic e100 systems when oversubscribed

Problem: sensorApp does not respond after hours of being seriously oversubscribed. All system memory, including SWAP, is exhausted when a 700 Mbps traffic feed is sent to the 250 Mbps appliance 4235 over several hours.

Symptom: The CLI show version command may say "AnalysisEngine Not Running" or control transactions will timeout with error about sensorApp not responding. You will see 993 missed packet alarms before the unresponsive state (if that alarm is Enabled).

Workaround: 1) Do not seriously oversubscribe the sensor. Chose the right appliance for your network segment and partition the traffic accordingly. 2) If sensorApp (aka AnalysisEngine) is listed as Not Running or is not responsive, issue a RESET command on the CLI. Do this after examining the traffic feed and adjusting the feed to the sensor so it is within the rating for the specific appliance.

CSCeb38804 sensorApp does not come up the first time after XL card is removed

Symptom: The first time the system starts after removing an XL upgrade from a 4250 IDS appliance, the AnalysisEngine will not be running. A show version command will show the status of the Analysis Engine.

Conditions: This symptom only occurs on the 4520 IDS appliance that has previously been running with an XL accelerator card and has had that card removed.

Workaround: Use the reset command to restart the system. The AnalysisEngine will be running after the restart. There will be no sensing interfaces in the interface group, so an interface will have to be added before packets can be analyzed.

Related Documentation

Refer to the following documentation for more information on IDS version 4.1:

Cisco Intrusion Detection System (IDS) Hardware and Software Version 4.1 Documentation Guide

Quick Start Guide for the Cisco Intrusion Detection System Version 4.1

Regulatory Compliance and Safety Information for the Cisco Intrusion Detection System 4200 Series Appliance Sensor

Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1

Installing and Using the Cisco Intrusion Detection System Device Manager and Event Viewer Version 4.1

Cisco Intrusion Detection System Command Reference Version 4.1

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation on the World Wide Web at this URL:

http://www.cisco.com/univercd/home/home.htm

You can access the Cisco website at this URL:

http://www.cisco.com

International Cisco websites can be accessed from this URL:

http://www.cisco.com/public/countries_languages.shtml

Ordering Documentation

You can find instructions for ordering documentation at this URL:

http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm

You can order Cisco documentation in these ways:

Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:

http://www.cisco.com/en/US/partner/ordering/index.shtml

Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).

Documentation Feedback

You can submit e-mail comments about technical documentation to bug-doc@cisco.com.

You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, the Cisco Technical Assistance Center (TAC) provides 24-hour-a-day, award-winning technical support services, online and over the phone. Cisco.com features the Cisco TAC website as an online starting point for technical assistance. If you do not hold a valid Cisco service contract, please contact your reseller.

Cisco TAC Website

The Cisco TAC website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The Cisco TAC website is available 24 hours a day, 365 days a year. The Cisco TAC website is located at this URL:

http://www.cisco.com/tac

Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a login ID or password, register at this URL:

http://tools.cisco.com/RPF/register/register.do

Opening a TAC Case

Using the online TAC Case Open Tool is the fastest way to open P3 and P4 cases. (P3 and P4 cases are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Case Open Tool automatically recommends resources for an immediate solution. If your issue is not resolved using the recommended resources, your case will be assigned to a Cisco TAC engineer. The online TAC Case Open Tool is located at this URL:

http://www.cisco.com/tac/caseopen

For P1 or P2 cases (P1 and P2 cases are those in which your production network is down or severely degraded) or if you do not have Internet access, contact Cisco TAC by telephone. Cisco TAC engineers are assigned immediately to P1 and P2 cases to help keep your business operations running smoothly.

To open a case by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447

For a complete listing of Cisco TAC contacts, go to this URL:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

TAC Case Priority Definitions

To ensure that all cases are reported in a standard format, Cisco has established case priority definitions.

Priority 1 (P1)—Your network is "down" or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Priority 2 (P2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Priority 3 (P3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Priority 4 (P4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Go to this URL to visit the company store:

http://www.cisco.com/go/marketplace/

The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as ordering and customer support services. Access the Cisco Product Catalog at this URL:

http://cisco.com/univercd/cc/td/doc/pcat/

Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press online at this URL:

http://www.ciscopress.com

Packet magazine is the Cisco quarterly publication that provides the latest networking trends, technology breakthroughs, and Cisco products and solutions to help industry professionals get the most from their networking investment. Included are networking deployment and troubleshooting tips, configuration examples, customer case studies, tutorials and training, certification information, and links to numerous in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/packet

iQ Magazine is the Cisco bimonthly publication that delivers the latest information about Internet business strategies for executives. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

Training—Cisco offers world-class networking training. Current offerings in network training are listed at this URL:

http://www.cisco.com/en/US/learning/index.html


hometocprevnextglossaryfeedbacksearchhelp

Posted: Wed Oct 6 12:58:35 PDT 2004
All contents are Copyright © 1992--2004 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.