Saturday, March 06, 2004

Security Articles in Newest Cisco Packet Magazine

The first quarter 2004 issue of Cisco's Packet magazine is all about security. The Locking Down IOS article mentions enhancements in IOS 12.3T. The "T" means this IOS release is from the "advanced technology" "software train," from which the 12.4 mainline train will be released.

For me the most interesting addition is IP Traffic Export. This feature tells the router to export selected traffic out a LAN or VLAN interface, where a monitoring platform watches the traffic. Cisco touts these benefits:

"Without the ability to export IP traffic, the Intrusion Detection System (IDS) probe must be inline with the network device to monitor traffic flow. IP traffic export eliminates the probe placement limitation, allowing users to place an IDS probe in any location within their network or direct all exported traffic to a VLAN that is dedicated for network monitoring. Allowing users to choose the optimal location of their IDS probe reduces processing burdens.

Also, because packet processing that was once performed on the network device can now be performed away from the network device, the need to enable IDS with the Cisco IOS software can be eliminated."

A visit to the Cisco Feature Navigator for "RAW IP Traffic Export" shows only the 3640 (already end-of-lifed) and 7200 series routers support this feature. IOS 12.3(4)XD, 12.3(4)T3, 12.3(4)T2, and 12.3(4)T support the feature.

Using the search by release option, I found that although the 2651XM can run 12.3(4)T3, 12.3(4)T2, and 12.3(4)T, the RAW IP Traffic Export feature does not appear on that platform. SSH version 2 is available, though.

I've discovered the Cisco Software Advisor is hopelessly broken, at least for all of the 2600 series router configurations I've tried. I was able to get it to work months ago, but now I get errors like the following.

This shows "no support" for a new 2651XM router which is not at end-of-sale or discontinued. I get similar errors when trying to "research software" for the 2651XM.