Features and Important Notes for Cisco IOS Release 15.5(3)M

These release notes describe the following topics:

New and Changed Information

This section lists the new hardware and software features supported in Cisco IOS Release 15.5(3)M:

New Hardware Features Supported in Cisco IOS Release 15.5(3)M

This section describes new and changed features in Cisco IOS Release 15.5(3)M. Some features may be new to Cisco IOS Release 15.5(3)M but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 15.5(3)M. To determine if a feature is new or changed, see the feature information table at the end of the feature module for that feature. Links to feature modules are included. If a feature does not have a link to a feature module, that feature is documented only in the release notes.

New Software Features Supported in Cisco IOS Release 15.5(3)M

This section describes new and changed features in Cisco IOS Release 15.5(3)M. Some features may be new to Cisco IOS Release 15.5(3)M but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 15.5(3)M. Links to feature modules are included. If a feature listed does not have a link to a feature module, that feature is documented only in the release notes.

Crypto Serviceability

The Crypto Serviceability feature enhances the serviceability and debugging of the Cisco Integrated Services Routers Generation 2 (ISR G2) routers.

Custom App Based on Any NBAR2 Extracted Field

The Custom App Based on any NBAR2 Extracted Field feature provides additional custom protocol capabilities to NBAR2, which are provided through Protocol Packs in accordance with Cisco’s Protocol Packs release policy.

ISM-VPN Hardening

The Cisco VPN Internal Service Module (VPN ISM) is a compact, versatile high-performance VPN blade for the Cisco Integrated Services Routers Generation 2 (ISR G2). It provides up to three times better performance for IPsec VPN encrypted traffic. The ISM-VPN Hardening feature enhances serviceability and debugging by displaying the following information in the show crypto engine accelerator statistics and show crypto ruleset commands:

  • Policy database to identify the policy downloaded to ISM.
  • Statistics from ISM on Cisco IOS software.
  • Count of all counters and exceptions generated from ISM and on Cisco IOS driver.
  • Datapath information to Ace-crashinfo.

Routing Protocol for Low Power and Lossy Networks

Low Power and Lossy Networks (LLNs) are a class of network in which both routers and their interconnect are constrained. LLN routers typically operate with constraints on (any subset of) processing power, memory and energy (battery), and their interconnects are characterized by (any subset of) high loss rates, low data rates, and instability. LLNs comprises of anything from a few dozen to thousands of LLN routers, and support point-to-point traffic (between devices inside the LLN), point-to-multipoint traffic (from a central control point to a subset of devices inside the LLN) and multipoint-to-point traffic (from devices inside the LLN towards a central control point).

The Routing Protocol for Low Power and Lossy Networks feature specifies the IPv6 routing protocol for LLNs, thereby providing a mechanism whereby multipoint-to-point traffic from devices inside the LLN towards a central control point, and point-to-multipoint traffic from the central control point to the devices inside the LLN, is supported. Point-to-point traffic is also supported.

For detailed information about this feature, see the following document:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/rpl/configuration/15-mt/rpl-15-mt-book.html

SSL - TLS 1.2 Support

Cisco IOS SSL uses OpenSSL to perform SSL handshakes. To be on par with the standards in the industry and also to cater to your requirements for TLS 1.2 Cisco IOS SSL supports TLS 1.2 through the SSL - TLS 1.2 Support feature.

MIBs

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use the Cisco MIB Locator found at the following URL:

http://tools.cisco.com/ITDIT/MIBS/servlet/index

If the Cisco MIB Locator does not support the MIB information that you need, you can obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

To access the Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:

http://tools.cisco.com/RPF/register/register.do

Important Notes

The following sections contain important notes about Cisco IOS Release 15.5M&T:

Maintenance Operation Protocol

Maintenance Operation Protocol (MOP) is used for uploading and downloading system software, remote testing and problem diagnosis. In certain feature-sets and licenses, the no mop enabled command might not be available on a device. Use the show subsys | inc mop | decnet command to verify if MOP is available. If MOP is listed, it indicates MOP is enabled (by default) and must be disabled via the no mop enabled on the physical interface. If MOP is not listed, it indicates that MOP is not available on the device and the protocol is removed from the software.

Logging into the Embedded AP and Etherswitch Modules

Starting from Cisco IOS Release 15.5(03)M06, you must configure the transport input all command under line configuration mode to log in to the embedded AP and Etherswitch modules.

authentication and dot1x Commands

All authentication and dot1x commands must be removed from the Cisco 1921 Series Integrated Services Routers to disable dot1x. If authentication port-control auto and dot1x pae authenticator commands are only removed, the interface does not pass traffic, unless the interface is shut.