|
Table Of Contents
Release Notes for Cisco Secure
User Registration Tool Release 2.5.5 and VLAN Policy ServerHardware and Software Requirements
Feature Enhancements in Release 2.5.1
Clarification about Auto-Install
Collecting Troubleshooting Data from the VLAN Policy Server
Changes to AdminServerAttributes
vlancmd Feature Available on Linux Clients
Setting DNS Settings on the VLAN Policy Server
Support for International Java Runtime Environment
Switches Supported in URT 2.5.5
Upgrading URT to Release 2.5.5
Upgrading the URT Administrative Server
Creating a VLAN Policy Server Recovery CD
Upgrading the VLAN Policy Server 1101 Software
Verifying the VLAN Policy Server 1101 Upgrade
Upgrading the VLAN Policy Server 1102
Verifying the VLAN Policy Server 1102 Upgrade
URT Installation and Setup Guide Update
Cisco 1102 VLAN Policy Server Installation and Setup Guide Updates
Anomalies Resolved in URT 2.5.1
Anomalies Resolved in URT 2.5.3
Anomalies Resolved in URT 2.5.4
Anomalies Resolved in URT 2.5.5
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support Website
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Release Notes for Cisco Secure
User Registration Tool Release 2.5.5 and VLAN Policy Server
These release notes are for use with Cisco Secure User Registration Tool (URT) Release 2.5.5 and the VLAN Policy Server (VPS).
These release notes contain:
• Hardware and Software Requirements
• Feature Enhancements in Release 2.5.1
• New Features in Release 2.5.3
• Switches Supported in URT 2.5.5
• Upgrading URT to Release 2.5.5
• Additional Information Online
• Caveats
• Obtaining Technical Assistance
• Obtaining Additional Publications and Information
Hardware and Software Requirements
Table 1 lists hardware and software required for installing and using URT 2.5.5. Table 2 lists software required for installing and using URT.
New Features in Release 2.5
The VLAN Policy Server hardware has been superseded by the Cisco 1101 VLAN Policy Server.
URT Release 2.5 contains the following new features:
•Web-based logon from Windows, Macintosh, and Linux clients.
•Support for Lightweight Directory Access Protocol (LDAP) directory authentication for Active Directory (AD) and Novell Directory Service (NDS).
•RADIUS web authentication and accounting.
•Secure link between the client and VLAN Policy Server (VPS).
•Support for Windows XP clients.
•Support for multiple users per port based on user ID (web logons only). This feature allows several users to connect to the Internet through a hub that is served by a single switch port. (All users behind the hub must be assigned to the same VLAN.)
•Protection against network access by unregistered MAC addresses.
•Viewing of MAC registration events through the user interface.
•Automatic save of all changes to the URT database; database changes are reflected immediately in the network.
•Support for additional Cisco Catalyst switches.
Feature Enhancements in Release 2.5.1
URT Release 2.5.1 contains the following feature enhancements:
• Clarification about Auto-Install
• Collecting Troubleshooting Data from the VLAN Policy Server
• Changes to AdminServerAttributes
• vlancmd Feature Available on Linux Clients
• Setting DNS Settings on the VLAN Policy Server
• Support for International Java Runtime Environment
Clarification about Auto-Install
For the auto-install feature to work properly, the PC domain membership must match the domain of the domain\domain_user logging into the PC.
Collecting Troubleshooting Data from the VLAN Policy Server
You can collect data from VLAN Policy Server (VPS) log files and XML files to provide troubleshooting information to the Cisco Technical Assistance Center (TAC). The log files (UrtVmpsServer.log) and XML files reside in the /opt/CSCOpx/objects/urt/data directory on the VPS.
To collect this information, you must first enable trace on the primary (active) VPS:
Step 1 Open a browser window.
Step 2 Enter the following URL in the address field:
http://VPS_address:1741
where VPS_address is the IP address of the active VPS.
Step 3 In the CiscoWorks2000 Login Manager window, enter admin in both the Username and Password fields.
Step 4 Under the Diagnostics tab, click URT Debugging.
Step 5 At the bottom of the window, click Enable Debug Trace Mode.
Step 6 In the URT Debugging window, click Confirm.
The following message is displayed:
URT VPS Server has been restarted and debug trace mode is now enabled.
Step 7 Under the Diagnostics tab, click URT Debugging again.
Step 8 To download the .tgz file, click the Download URT Debug Information link.
Step 9 In the next dialog box, select Save to Disk.
Step 10 In the Save As... dialog box, navigate to the location in which you wish to save the debug file.
Step 11 Click Save.
The diagnostic information is saved (in compressed format) to the location you specified in Step 10. You can send this file to the Cisco TAC for troubleshooting assistance.
Step 12 To disable trace on the VPS, select URT VPS Servers from the URT Administrative interface.
Step 13 Double-click the appropriate VPS.
Step 14 In the URT VPS Server Configuration window, deselect the Enable Trace setting.
Disabling the URT Event Bus
In the Options dialog box of the Administrative tab, the Disable URT Event Bus feature allows you to disable the TIBCO event bus to suppress the display of exception messages during client logon and logoff.
Changes to AdminServerAttributes
Three of the administrative options previously saved in the UrtOptions.xml file are now saved in the UrtAttributes.xml file.
These options, available from the URT Administrative interface by selecting View > Options, then clicking the Admin tab, are:
•Enabling and disabling trace on the Administrative Server.
•The UrtAdminServer.log file location.
•The Group Membership setting.
A new administrative option, Disable URT Event Bus, is also saved in the UrtAttributes.xml file.
vlancmd Feature Available on Linux Clients
The vlancmd feature is now available for use on Linux clients.
Setting DNS Settings on the VLAN Policy Server
When the VPS is used as a DNS server, the clients in the logon VLAN must know the Windows domain controller host names and corresponding IP addresses.
You can use the new option in the URT Administrative interface, Customize > Options > DNS > DNS Settings > Add, to enter the host name and IP address mappings.
Support for International Java Runtime Environment
Release 2.5.1 includes the English JRE plug-in and the International JRE plug-in. By default, the English JRE plug-in is used. However, if the client system is running a non-US-localized Windows operating system (for example, Japanese), you must use the International JRE plug-in.
Caution You must use only the English JRE on systems running a US English (non-localized) Windows operating system.
To change the JRE default from English to International, go to the Customize tab, then select Options. In the Options window, click the Web tab, then select the check box Use International JRE Version as default download. (If the check box is deselected, the English version is used).
Note The JRE is downloaded only if the client system does not already have a JRE or native Java installed.
New Features in Release 2.5.3
The following new features are available in URT release 2.5.3:
URT Client Login
An alternative method for logging client systems into URT is available. This new method runs an executable file (urtlogon.exe) on the client system after a user logs in. The advantage of this method is that the executable file runs in the background, so the user cannot incorrectly cancel it, as is possible with the older method, which runs the file urt.bat after the user logs in.
The file urtlogon.exe is located in the same directory as the urt.bat file. To enable this new logon method for a client, place the urtlogon.exe file in the logon script of that client's Windows profile, replacing the urt.bat file if necessary.
New Device Support
URT release 2.5.3 adds support for new Cisco Catalyst switches in the following series:
•C2940
•C2950
•C2970
•C3550
•C3560
•C3750
•C4503
•C4506
•C4507
•C4510
Switches Supported in URT 2.5.5
Table 3 lists the switches supported by Cisco Secure URT 2.5.5.
Upgrading URT to Release 2.5.5
This section describes the procedure for upgrading Cisco Secure URT software from any URT 2.5 release to URT release 2.5.5.
As part of the upgrade, you must perform some reconfiguration tasks to activate URT Release 2.5.5 in the network.
• Upgrading the URT Administrative Server
• Creating a VLAN Policy Server Recovery CD
• Upgrading the VLAN Policy Server 1102
Downloading the Application
Step 1 Navigate to the Cisco.com Software Download page at the following URL:
http://www.cisco.com/cgi-bin/tablebuild.pl/urt-3des
Step 2 Download the Cisco Secure User Registration Tool v 2.5.5 - AdminServer:
fcs-urt-v255-admin-k9.zip
Step 3 Download any of the following images depending on your hardware platform requirements:
•The Cisco Secure User Registration Tool VLAN Policy Server 1101, Release 2.5.5 Recovery Image is required to create a recovery CD for URT VPS 1101.
fcs-urt-v255-vps1101recv-k9.iso
•The Cisco Secure User Registration Tool VLAN Policy Server 1102, Release 2.5.5 Recovery Image is required to create a recovery CD for URT VPS 1102.
fcs-urt-v255-vps1102recv-k9.iso
•The Cisco Secure User Registration Tool v 2.5.5 - VLAN Policy Server1102 can be used to upgrade URT VPS 1102 software.
fcs-urt-v255-vps1102upgr-k9.zip
Upgrading the URT Administrative Server
Note A single URT Administrative Server is recommended. If more than one URT Administrative Server is installed, URT will not coordinate logons between the servers.
Step 1 Log into URT using an account that has local Administrator privileges.
If you are installing from downloaded software, skip to Step 5.
Step 2 Insert the URT 2.5.5 Administrative Server CD in the Windows system.
Step 3 Select Start > Run, then enter:
drive:\setup.exe
where drive: is your CD-ROM drive.
Step 4 Click OK.
The installation program starts. Proceed to Step 7.
Step 5 If you downloaded the software, unzip the Cisco Secure User Registration Tool v 2.5.5 - AdminServer image that you downloaded.
Step 6 Run UrtAdminServer.exe.
The installation program starts.
Step 7 In the uninstallation dialog box, select Yes to uninstall.
Step 8 In the confirmation dialog box, select Yes.
The uninstallation program begins. When uninstallation is complete, a dialog box opens.
Step 9 Click OK.
The installation program begins.
Step 10 In the Welcome window, click Next to continue.
Step 11 In the User Information text box, enter the username and the company name.
The installation program displays the destination location.
Step 12 To continue, click Next.
Step 13 In the URT VPS Port Number dialog box, click Next.
Note Do not change the port number that the VPS uses to connect to the URT Administrative Server. This setting is preconfigured on the server.
Step 14 In the Create URT Administrative Services text box, enter the user ID and the system password. (The user ID must have administrator privileges on this system.)
The installation program begins copying files to your system.
Step 15 To complete the installation, select Yes to reboot.
After you restart the system, the URT Administrative Server begins to run, the URT Administrative Client Interface is installed, and URT is added to the program list in the Start > Programs menu.
Creating a VLAN Policy Server Recovery CD
To upgrade the VLAN Policy Server 1101, you must create a VLAN Policy Server Recovery CD to reimage the VLAN Policy Server. You can also use this procedure to create a recovery CD for VPS 1102.
Step 1 Download the VLAN Policy Server Recovery CD image from Cisco.com:
See Downloading the Application for information about downloading the image.
Step 2 Use a CD creation tool to create the recovery CD using the downloaded image.
Upgrading the VLAN Policy Server 1101 Software
To upgrade the VLAN Policy Server 1101 software, use a VLAN Policy Server Recovery CD. See Creating a VLAN Policy Server Recovery CD for information about how to create the VLAN Policy Server Recovery CD.
Note During the upgrade, the VPS will reboot twice.
Step 1 Connect a console to the VLAN Policy Server console port.
For the location of the console port, see the Front Panel Features section at the following URL:
Step 2 Log on as user administrator, and enter the password created when the VLAN Policy Server was configured.
Step 3 Insert the VLAN Policy Server Recovery CD into the VPS CD-ROM device.
Step 4 Enter the reload command:
reload
The VLAN Policy Server reboots.
Step 5 At the prompt
Do you wish to continue (yes/[no]/rescue):
, enter rescue. For more information about the rescue image, see the section Using the Rescue Image at the following URL:Step 6 When the VLAN Policy Server ejects the recovery CD, remove it.
Step 7 Wait until the system reboots twice and the logon prompt is displayed.
Step 8 Delete the URT VLAN Policy Server from the URT Admin GUI.
Step 9 Add the URT VLAN Policy Server back into the URT Admin GUI.
Verifying the VLAN Policy Server 1101 Upgrade
After upgrading the VPS 1101, you should verify the upgrade.
Step 1 On the system where you performed the upgrade, open a web browser.
Step 2 Enter the following address:
http://VPS_IP_address:1741/index.html.
Step 3 In the login window, enter the administrator userID and password in the Username and Password fields.
Step 4 From the desktop, select Software Management > Software Update History.
Step 5 To verify that the last installation was successful, review the information in the Status column.
Upgrading the VLAN Policy Server 1102
Caution A recovery of the VPS 1102 may have to be done before attempting upgrade. Refer to Bug ID CSCed89609 (see page 51) regarding an issue with new VPS 1102 running URT 2.5.3
Note During the upgrade, the VPS will reboot twice.
Step 1 Obtain the upgrade image in one of the following ways:
•Download it from Cisco.com—From any system on the network that can connect to the VPS, open a web browser, then download the URT VLAN Policy Server Release 2.5.5 upgrade (fcs-urt-v255-vps1102upgr-k9.zip). The upgrade image folder opens. Proceed to Step 2.
•Use the upgrade CD:
a. Insert the User Registration Tool VPS Upgrade CD (version 2.5.5 Cisco 1102 VLAN Policy Server) into the CD-ROM drive of any Windows system on the network that can connect to the VPS.
b. Using Windows Explorer, access the CD-ROM drive.
c. Double-click the vps1102UpgradeCDImage folder.
The upgrade image folder opens.
Step 2 Double-click autorun.bat.
Note A DOS command window opens; do not close this window.
Step 3 In the next dialog box, click Select to update VPS.
The Setup dialog box is displayed.
Step 4 In the Appliance Host field, enter the VPS IP address.
Step 5 Click Install.
Step 6 In the User name and Password fields, enter admin.
Step 7 Click Login.
Step 8 Select the radio button for the URT Release 2.5.5 upgrade.
Step 9 Click Install.
The installation process begins.
After installation has completed, you are asked if you wish to upgrade another VPS.
Step 10 To upgrade another VPS, select Install next; otherwise, select Cancel to end the upgrade.
Verifying the VLAN Policy Server 1102 Upgrade
After upgrading the VPS 1102, you should verify the upgrade.
Step 1 On the system where you performed the upgrade, open a web browser.
Step 2 Enter the following address:
http://VPS_IP_address:1741/index.html.
Step 3 In the login window, enter the administrator userID and password in the Username and Password fields.
Step 4 From the desktop, select Software Management > Software Update History.
Step 5 To verify that the last installation was successful, review the information in the Status column.
URT Documentation
Note Although every effort has been made to validate the accuracy of the information in the printed and electronic documentation, you should also review the URT documentation on Cisco.com for any updates.
The following documents are provided in PDF on your product CD:
•User Guide for the Cisco Secure User Registration Tool
•Installation and Setup Guide for the Cisco Secure User Registration Tool
•Installation and Setup Guide for the Cisco 1102 VLAN Policy Server
•Regulatory Compliance and Safety Information for the Cisco 1102 VLAN Policy Server
•User Registration Tool Software Developer's Guide
Note Adobe Acrobat Reader 4.0 or later is required.
Use these documents to learn how to install and use URT:
•Installation and Setup Guide for the Cisco Secure User Registration Tool—Provides instructions for installing URT, and quick-start steps for using URT. This publication is available on the URT CD-ROM in PDF.
•User Guide for the Cisco Secure User Registration Tool—Describes URT and provides instructions for configuring, administering, and operating it. This publication is available on the URT CD-ROM in PDF.
•URT online help—Contains all of the information available in User Guide for the Cisco Secure User Registration Tool. This ensures that you have complete information, even if you do not have the manual readily available while
using URT.Use this publication to learn how to install the Cisco 1102 VLAN Policy Server:
•Installation and Setup Guide for the Cisco 1102 VLAN Policy Server (DOC-7816255=)—Provides instructions for installing and setting up the 1102 VLAN Policy Server. This publication is available on the URT CD-ROM in PDF.
Additional Information Online
For information about URT supported devices, check the URT documentation on Cisco.com.
Documentation Updates
This section contains updates to the URT documentation.
User Guide Updates
This section contains updates to User Guide for the Cisco Secure User Registration Tool.
Chapter 1 Update
The following information was omitted after the second note in the "Understanding Traditional Logons and Web Logons" section on page 1-5:
For traditional logons, you can specify the same Active Directory server as both an NT domain and an LDAP directory; users can be associated with both. The LDAP association takes precedence over the NT domain association.
Chapter 4 Updates
These topics contain updates to Chapter 4:
• Overview of RADIUS Authentication Support
Managing LDAP Servers
On page 4-11, the following italicized information was omitted after the second paragraph in the section:
URT supports redundant LDAP servers. If the primary LDAP server fails, URT can query a second or third LDAP server for the user, group, or organizational unit assignment.
It is recommended that redundant LDAP servers use the same Base Distinguished Name.
In the Add Directory window, you can select multiple LDAP servers from the list of IP addresses. During logons, the VPS queries a random LDAP server from the list. If a connection to that server fails, logon attempts continue with other servers in the list until an available server is located.
LDAP associations are arranged in a hierarchical tree. An example tree might be structured as follows:
United States : Western States : California : San Francisco : Ken
URT might assign a VLAN to any place in the tree. If the username Ken has multiple organizational unit associations, URT searches for the username Ken first when looking for a VLAN association, and uses the first association it finds.
Adding LDAP Servers
On page 4-12, the following italicized information was omitted from Step 7:
Step 7 Select the interval at which the Client Module looks up the user in the LDAP tree to determine if the user's Distinguished Name (DN) has changed.
•When you use a long interval, the LDAP server is queried less frequently, resulting in less network traffic. If you change the interval, the change is not recognized until the original interval has elapsed.
For example, if you first set the interval to 3 hours, and you make changes every hour thereafter, the changes are not recognized until 3 hours have passed.
•When you use a short interval, network load on the LDAP server and the URT VPS increases.
Overview of RADIUS Authentication Support
At the top of page 4-16, the following note was omitted from the description of the RADIUS attribute syntax example:
URT:Vlan-Association=URT-1:Vlan6;
URT:Vlan-Association=URT-2:Vlan16;
URT:Allow-Multiple-Users=TRUE;
URT:Logon-User-Only=FALSE
Note For a description of these attributes, see Step 4 in the "Setting Web Associations" section on page 6-3.
Adding RADIUS Servers
On page 4-18, the following italicized information was omitted from Step 8:
Step 8 Enter the interval for verifying client attributes. A client sync message takes 5 minutes and the default interval is 12 minutes; therefore, verification occurs every 60 minutes (12 x 5).
•When you use a long interval, the RADIUS server is queried less frequently, resulting in less network traffic. If you change the interval, the change is not recognized until the original interval has elapsed.
For example, if you first set the interval to 3 hours, and you make changes every hour thereafter, the changes are not recognized until 3 hours have passed.
•When you use a short interval, network load on the RADIUS server and the URT VPS increases.
Chapter 6 Update
This information supersedes the information documented in the "Logging on as a Web Client" section on page 6-7 and the information published at http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/fam_prod/user_reg/2_5/user/urt_web.htm#xtocid12.
To achieve URT web logon, you must log in twice, as follows:
Step 1 Logon to the local system from an account that has privileges to release and renew IP addresses.
•On Windows systems, you must logon to the local system as Administrator.
•On Macintosh systems, you must logon as root.
•On Linux systems, you can either:
–Logon as root.
–Allow non-root users to perform web logon. To do so, enter the following command to allow non-root users to control the dhcp client (pump, dhcpcd, or dhclient):
chmod u+s /sbin/pump
Note If you are using the dhcpcd or dhclient dhcp client instead of pump, make the appropriate command substitution.
Caution This method provides users with higher privileges than they would normally have. If non-root users are allowed to control the dhcp client on the Linux client systems, those users can release and renew IP addresses on that system. Therefore, verify your security policy before doing this.
Step 2 Launch a supported web browser, then logon to URT.
URT Installation and Setup Guide Update
This section contains late-breaking updates to Installation and Setup Guide for the Cisco Secure User Registration Tool.
Chapter 1 Update
In Table 1-1 on page 1-4, eDirectory should not be listed as a supported domain server.
Chapter 5 Update
The following information was omitted from the beginning of Chapter 5:
Note To ensure proper operation, you must be running the same URT environment on each component of your network (the URT Administrative Server, the VLAN Policy Server, and the URT client system).
For example, you can run a combination of Release 2.0.7 with 2.0.8, or a combination of Release 2.5 with 2.5.1; however, you cannot run a combination of Release 2.0.x with Release 2.5.x.Cisco 1102 VLAN Policy Server Installation and Setup Guide Updates
This section contains late-breaking updates to Installation and Setup Guide for the Cisco 1102 VLAN Policy Server.
Chapter 4 Updates
Disregard the information in the "Administering User Accounts" and "Backing Up and Restoring Your VLAN Policy Server" sections.
Shutting Down and Reloading the VLAN Policy Server
Substitute the following procedure for the second paragraph:
To restart the VLAN Policy Server using the web interface:
Step 1 Select Diagnostic > Restart.
Step 2 Click Yes in the dialog box.
The VLAN Policy Server restarts.
Preparing to Install the Replacement VLAN Policy Server
Disregard Step 3.
Appendix C Updates
Command Summary
In Table C-1, disregard the following commands:
•backup
•backupconfig
•restore
•show anilog
•show backupconfig
•show collectorlog
In Table C-1, note the following changes to these commands:
Old Command New Commandshow hseaccesslog
show webaccesslog
show hseerrorlog
show weberrorlog
show hsesslaccesslog
show websslaccesslog
Privilege Level 15 Commands
In the "Privilege Level 15 Commands" section and all subsections, disregard the following commands:
•backup
•backupconfig
•restore
•show anilog
•show backupconfig
•show collectorlog
In the "repository" section, substitute the following italicized paragraph for the existing first paragraph:
To configure the VLAN Policy Server to be a repository, and to download software updates and images from an ftp server (or the product CD-ROM), enter the following command:
Note the following changes to these commands:
Old Command New Commandshow hseaccesslog
show webaccesslog
show hseerrorlog
show weberrorlog
show hsesslaccesslog
show websslaccesslog
Caveats
This section lists the known anomalies in URT 2.5.5 and the anomalies resolved in this and previous releases of URT 2.5.
Known Anomalies in URT 2.5.5
This section lists the known problems in URT 2.5.5. Known problems (bugs) in URT are graded according to severity level. These release notes contain descriptions of:
•All severity level 1 or 2 bugs.
•Significant severity level 3 bugs.
•All customer-found bugs (regardless of severity level).
You can search for problems using the Cisco Software Bug Toolkit. To access the Software Bug Toolkit:
Step 1 Log into Cisco.com.
Step 2 Select Service & Support > Technical Support Help—Cisco TAC > Tool Index.
Step 3 In the Jump to: links at the top of the page, click the letter S, then select Software Bug Toolkit.
You can also access the Software Bug Toolkit by entering the following URL in your web browser:
http://www.cisco.com/cgi-bin/Support/Bugtool/home.pl.
Table 4 describes the anomalies known to exist in all releases or URT 2.5.
Anomalies Resolved in URT 2.5
Table 5 describes the anomalies resolved in URT 2.5.
Anomalies Resolved in URT 2.5.1
Table 6 describes the anomalies resolved in URT 2.5.1.
Table 6 Anomalies Resolved in URT Release 2.5.1
Bug ID
(Severity) DescriptionCSCdv31361
(3)URT installed the English (not international) JRE.
In the Customize tab, a new check box, Use International JRE Version as default download, has been added to the Web tab of the Options window. Use this option to download the international JRE for use by URT web clients. (If the box is deselected, the US English version is used.)
Note This JRE is downloaded only if the client system does not already have a JRE or native Java installed.
CSCdx24830
(3)vlancmd on Linux was hanging occasionally.
This problem has been resolved.
CSCdy00232
(2)Windows 95 client IP address was not changed dynamically during login and logout.
To resolve this problem, you must download an updated version of the Microsoft Windows Sockets 2 (Winsock 2.0) run-time components for Windows 95 from the Microsoft web site:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q177719
Note This web site is Copyright © 2002, Microsoft Corporation.
At this location, you can obtain msvcrt.dll and a working version of winicpfg (4.10.0.x or later) for URT.
CSCdy10491
(3)History Logging by date wrote one event to an earlier file.
This problem has been resolved.
CSCdy10901
(2)XML data files were not synchronized on the VPS.
The XML data files were not properly synchronizing on the URT VPS. Some files had the correct version number but incorrect data. Other XML files had incorrect version numbers. Therefore, the data was not synchronizing properly with the URT Administrative Server.
This problem has been resolved.
CSCdy11117
(3)Windows 95 and Windows 98 systems only supported 22 VPSs from the command line.
Entering more than 22 VPSs resulted in an error message.
This problem has been resolved.
CSCdy11129
(3)LDAP bounced a logged on user every 60 minutes.
When users log into the network using the URT web client, they are authenticated by Active Directory as the LDAP server.
Using LDAP, URT verified the user associations and domain name settings after 60 minutes. The domain name failed and returned a NULL, indicating to URT that there was no user assigned to the VLAN. The user then returned to the logon VLAN. The user's confirmation packet determined the correct domain name and association for that user; the user then returned to the user VLAN. As a result, the user was bounced and returned to the user VLAN every 60 minutes.
This problem has been resolved.
CSCdy12415
(2)Web option to close window after logon returned user to the logon VLAN.
When a user set the web option to close the browser window after logging on, the user could log on as expected, and the browser window closed. However, after approximately 15 minutes, the VPS returned the user to the logon VLAN.
This problem has been resolved.
CSCdy12691
(2)Apache Web Server vulnerability.
URT uses the Apache web server to upgrade the URT VPS and to service the URT Web Client module on the VPS.
This patch release resolves the security vulnerability described in:
http://httpd.apache.org/info/security_bulletin_20020617.txt
Note This web site is Copyright © The Apache Software Foundation.
and
http://www.cert.org/advisories/CA-2002-17.html
Note This web site is Copyright CERT© Coordination Center. CERT© is a registered trademark and service mark of Carnegie Mellon University.
CSCdy15341
(3)After a GroupUpdate, user no longer displayed in the UrtGroupMemberships.
This problem has been resolved.
CSCdy16111
(4)Null pointer exception when shutting down LDAP server, then double-clicking that server.
When shutting down the LDAP server, then double-clicking that server from the URT Administrative interface, a null pointer exception was displayed in the DOS window, suspending the user interface.
This problem has been resolved.
CSCdy25989
(3)Reconfirm of switch did not set VMPS Server settings.
The URT VPS now sets the VMPS Server settings before issuing the SNMP reconfirm.
CSCdy27258
(3)TibrvException error displayed during client logon and logoff.
This problem has been resolved.
CSCdy33847
(3)Could not add task item to ClientScheduler queue because the queue limit had been reached.
Users were not being switched from the logon VLAN to the user VLAN.
This problem has been resolved.
CSCdy38114
(3)Client sent out 300 ping packets to verify that the link was up.
The ping interval has been significantly shortened.
CSCdy40380
(3)Windows XP Professional host could not join Windows domain with VPS/DNS.
To use the web logon feature, the VPS must be configured as a DNS server for the logon VLAN. During a traditional logon, a DNS query to resolve the Windows domain controller name from Windows XP Professional systems was not resolved to the correct IP address by the VPS being used as a DNS server.
This problem has been resolved.
CSCdy45202
(3)VPS/DNS was resolving Windows domain controller names.
A VPS used as a DNS server should not have resolved all incoming requests to its own IP address. During a traditional logon, the client system sends a DNS query to resolve the Windows domain controller name.
The VPS/DNS behavior has been changed so that it does not resolve the domain controller name to its own IP address. Hostnames are now resolved to IP addresses based on a list of hostnames added using the URT Administrative interface. You can use the DNS Option tab to add a list of names to the IP addresses. The VPS will resolve those names to the specified IP addresses.
CSCdy45387
(4)On Windows XP systems, Netscape 6.2 installed JRE 1.3.x when JRE was 1.4.0 needed.
On Windows XP systems, URT requires the Sun Java JRE 1.4.0_01 plug-in.
While installing Netscape 6.2 for the first time:
•A full installation installs JRE 1.3.1_02.
•A recommended installation does not install the JRE.
When you introduce this client system to URT, URT detects that either the incorrect JRE or no JRE has been installed. A Java Plug-in dialog box informs you that, for the page to display properly, you must download and install the 1.4.0_01 plug-in (which resides on the VPS).
You can download the US English (the default) or All Languages (International) version of the plug-in.
In the dialog box, click the link that takes you to the download; then follow the installation instructions.
CSCdy46710
(4)JRE 1.4.0_01 sometimes does not plug into Netscape 6.2.3.
When you install JRE 1.4.0_01 and select Netscape 6 to use the Java plug-in as the default Java Runtime, the installation sometimes fails and the URT web client is repeatedly prompted to download and install JRE 1.4.0.
Note This behavior was most often observed on Windows XP systems.
This failure is not detrimental to the operation of the URT web client; however, to work around this behavior:
1. Select Start > Settings > Control Panel > Java Plug-In 1.4.0_01.
2. Click the Browser tab.
3. Select Netscape 6 again.
CSCdy47395
(2)Space embedded in the system variable was not recognized.
On some clients, the %TEMP% system variable is defined as:
C:\DOCUME~1\ADMINI~1\LOCAL SETTINGS\Temp
The space between LOCAL and SETTINGS caused the remainder of the command to be truncated.
The URT.BAT script has been changed so that all occurrences of the %TEMP% variable are enclosed in quotation marks, as in the following example:
"%TEMP%\OnOffHandler" -domain
domain_name -trace -logoffDelay 7 -exec "y:\posturt.bat"CSCdy49007
(4)URT client file system needed domain access rights.
If the file system on the client system is locked, the domain controller, which requires right access to the files, cannot update the client files upon logon. In these situations:
•The client remains in the logon VLAN.
•Each client must be manually updated by an admin user with the appropriate rights (a prohibitively time-consuming solution in environments with a large number of PCs).
•A "Permission Denied" error message is generated.
To work around this problem, you must grant Domain Controller rights to the client.
CSCdy49949
(2)Client service pings the switch gateway continuously.
The URT client sometimes continues to ping the gateway repeatedly, even after the logon process has completed.
No user intervention is required.
CSCdy50233
(5)Need more information about resynchronizing mobile clients.
URT allows a client to disconnect from one port and move to another port without logging off. If a user disconnects their system by unplugging a cable, logoff takes approximately 10 minutes (the time it takes for two synchronizing messages to be generated).
When connecting to a new port, it takes the VPS approximately 4 to 5 minutes to reinitialize the client on the new port.
There is no workaround.
CSCdy50463
(3)Menu item for Update URT Server Group Entries was not intuitive.
To use the Update URT Server Group Entries feature in URT Release 2.0.x, you would select the Windows domain name under the NT and NDS Domains folder, then select Customize > Update Server Group Entries.
In Release 2.5, this feature was grayed out and unavailable from the menu if you did not first select the Groups icon from within the NT and NDS Domains folder. (You can find the Groups icon by expanding the NT and NDS Domains folder, then looking under the Windows domain name, then looking under the Users icon.)
This function has been changed back to an available selection when only the domain name or group is selected.
CSCdy50490
(3)No online help associated with DNS Attributes in URT Options.
In the URT Administrative interface, when you select Customize > Options > DNS >
DNS Settings > Add, no help topic is associated with the Help button.The following information should be associated with the Help button:
"When the VPS is used as a DNS server, the clients in the logon VLAN must know the Windows domain controller hostnames and corresponding IP addresses. You can use this feature to enter the hostname and IP address mappings."
CSCdy50527
(3)No online help associated with Disable Event Bus feature.
At the bottom of the Customize > Options > Administrative window is a check box to enable or disable the "Disable URT Event Bus feature." If you click Help, no help topic is available.
The following information should be associated with the Help button:
"Use this option to enable or disable the TIBCO event bus."
CSCdy61171
(2)Auto-install failed on some Windows clients.
This problem has been resolved.
Anomalies Resolved in URT 2.5.3
Table 7 describes the anomalies resolved in URT 2.5.3.
Anomalies Resolved in URT 2.5.4
Table 8 describes the anomalies resolved in URT 2.5.4.
Anomalies Resolved in URT 2.5.5
Table 9 describes the anomalies resolved in URT 2.5.5.
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Documentation DVD
Cisco documentation and additional literature are available in a Documentation DVD package, which may have shipped with your product. The Documentation DVD is updated regularly and may be more current than printed documentation. The Documentation DVD package is available as a single unit.
Registered Cisco.com users (Cisco direct customers) can order a Cisco Documentation DVD (product number DOC-DOCDVD=) from the Ordering tool or Cisco Marketplace.
Cisco Ordering tool:
http://www.cisco.com/en/US/partner/ordering/
Cisco Marketplace:
http://www.cisco.com/go/marketplace/
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
•Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:
http://www.cisco.com/en/US/partner/ordering/
•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 1 800 553-NETS (6387).
Documentation Feedback
You can send comments about technical documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Cisco Product Security Overview
Cisco provides a free online Security Vulnerability Policy portal at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
From this site, you can perform these tasks:
•Report security vulnerabilities in Cisco products.
•Obtain assistance with security incidents that involve Cisco products.
•Register to receive security information from Cisco.
A current list of security advisories and notices for Cisco products is available at this URL:
If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:
http://www.cisco.com/en/US/products/products_psirt_rss_feed.html
Reporting Security Problems in Cisco Products
Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a vulnerability in a Cisco product, contact PSIRT:
•Emergencies — security-alert@cisco.com
•Nonemergencies — psirt@cisco.com
Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product to encrypt any sensitive information that you send to Cisco. PSIRT can work from encrypted information that is compatible with PGP versions 2.x through 8.x.
Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one that has the most recent creation date in this public key server list:
http://pgp.mit.edu:11371/pks/lookup?search=psirt%40cisco.com&op=index&exact=on
In an emergency, you can also reach PSIRT by telephone:
•1 877 228-7302
•1 408 525-6532
Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.
Cisco Technical Support Website
The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year, at this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support Website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.
Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:
http://www.cisco.com/go/marketplace/
•Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:
•Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:
•iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:
http://www.cisco.com/go/iqmagazine
•Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:
•World-class networking training is available from Cisco. You can view current offerings at this URL:
http://www.cisco.com/en/US/learning/index.html
© 2005 Cisco Systems, Inc. All rights reserved.
Posted: Tue May 17 13:22:54 PDT 2005
All contents are Copyright © 1992--2005 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.