Release Notes for Cisco Prime Infrastructure Plug and Play Gateway Patch 2.2.0.14 First Published: Aug 16, 2015 This Release Notes document contains the following sections: • Introduction • Compatibility Information • System Requirements • Installation Notes • Applying RHEL Patch • Disabling SSLv3 • Windows Application for Plug and Play Gateway • Plug and Play Gateway Patch Installation in High Availability Configuration • Caveats • Related Documentation • Obtaining Documentation and Submitting a Service Request Introduction The Cisco Prime Infrastructure Plug and Play (PnP) Gateway patch 2.2.0.14 provides the following feature support for Prime Infrastructure 2.2.1 and later. • Fix for Padding Oracle On Downgraded Legacy Encryption (POODLE) vulnerability and to disable SSLv3 on your server • HTTP/HTTPS configuration update support • JRE and Tomcat upgrade • Red Hat Enterprise Linux (RHEL) security issues addressed with a separate patch for RHEL rpm upgrade.The following vulnerabilities have been addressed: Cisco Systems, Inc. www.cisco.com Compatibility Information – GHOST—CVE-2015-0235 – Factoring Attack on RSA-EXPORT Keys (FREAK) — CVE-2015-0204, for more details, see Vulnerability Summary for CVE-2015-0204. – OpenSSL • March 2015—CVE-2015-4000 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792 CVE-2015-1791 CVE-2014-8176. For more details, see OpenSSL Security Advisory [19 Mar 2015]. • June 2015—CVE-2015-0291, CVE-2015-0204, CVE-2015-0290, CVE-2015-0207, CVE-2015-0286, CVE-2015-0208, CVE-2015-0287, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787, CVE-2015-0285, CVE-2015-0288. For more details, see OpenSSL Security Advisory [11 Jun 2015]. – Network Time Protocol Daemon (NTPD)—CVE-2015-1798 and CVE-2015-1799 Compatibility Information Cisco Prime Infrastructure Plug and Play Gateway Cisco Prime Infrastructure Patch Release Release-Supported Servers Cisco Plug and Play Deployment Application-Supported Releases 2.2.0.14 2.2.1 and above 2.0.0.28 2.2.0.10 2.2 and 2.2.1 2.0.0.28 2.2.0.9 2.2 2.0.0.28 2.0.0.30 2.0 and 2.1 2.0.0.28 1.2.1.8 1.3.2 2.0.0.28 1.2.1.5 1.3 or 1.3.1 2.0.0.19 System Requirements For information on hardware requirements, see the “Prime Infrastructure Plug and Play Gateway Server Requirements” section of the Cisco Prime Infrastructure 3.0 Quick Start Guide. The Cisco Prime Infrastructure Plug and Play Gateway patch 2.2.0.14 must be installed on the Cisco Prime Infrastructure Plug and Play Gateway Server 2.2.1 or 3.0. The system requirements are the same as that for the Cisco Prime Infrastructure 2.2 Plug and Play gateway server. Installation Notes This section contains instructions for installing the Cisco Prime Infrastructure Plug and Play Gateway. Release Notes for Cisco Prime Infrastructure Plug and Play Gateway Patch 2.2.0.14 2 Installation Notes Plug and Play Gateway Patch Installation in Standalone Configuration The Plug and Play Gateway standalone server patch is available in the pnp-packaging-2.2.0.14.tar.gz file. The patch upgrade procedure requires an FTP or TFTP server containing the patch file. You can access this server from the Cisco Prime Infrastructure 2.2.1 Plug and Play Gateway standalone server by following these steps: Step 1 Log in to the Plug and Play Gateway standalone server as admin user. The following is a sample output of the patch upgrade with the url FTP: pnp-server login: admin Password: pnp-server/admin# configure Enter configuration commands, one per line. End with CNTL/Z. pnp-server/admin(config)# repository <repository-name> pnp-server/admin(config-Repository)# url ftp://<server-host-name>/<folder-location> pnp-server/admin(config-Repository)# user <user-ID> password <option> <password> pnp-server/admin(config-Repository)# exit pnp-server/admin(config)# exit Step 2 Use the application upgrade command to install the pnp-packaging-2.2.0.14.tar.gz Plug and Play Gateway standalone patch. The following is a sample output of the Plug and Play gateway patch upgrade: bgl-de-rhel-pnp-ova/admin# application upgrade pnp-packaging-2.2.0.14.tar.gz <repository-name> Save the current ADE-OS running configuration? (yes/no) [yes] ? Generating configuration... Saved the ADE-OS running configuration to startup successfully Initiating Application Upgrade... Stage 1 of 7: Transferring file ... -- complete. Stage 2 of 7: Unpacking file ... -- complete. Stage 3 of 7: Executing pre-install ... -- complete. Stage 4 of 7: Upgrading binaries ... -- complete. Restore the Version 2.2.0.14 Restoring on a new installation setup required -----------------------------------------------Tue Jul 28 11:48:19 UTC 2015 Restore operation started -----------------------------------------------Backup Filename used is /tmp/pnp_upgrade/20150728114745.pnp_backup.tar.gz Upgrade from 2.2.0.10 setup required Upgrade operation no automatic setup possible Restore operation ended -----------------------------------------------Starting application ... -- complete. Application upgrade successful Step 3 Exit from the current terminal (shell) and re-login as admin user. Step 4 Execute the pnp setup command to reconfigure the Plug and Play standalone server and start the plug and play process. Release Notes for Cisco Prime Infrastructure Plug and Play Gateway Patch 2.2.0.14 3 Applying RHEL Patch Applying RHEL Patch After upgrading the Plug and Play gateway application to 2.2.0.14, apply the RHEL patch to address security issues of RHEL server. To apply RHEL patch, follow these steps: Step 1 Install the RHEL patch by entering the following command in CARS CLI: application install <rhel-patch-package name> <repository name> Step 2 After successful installation, verify if the patch is successfully installed by entering the following commands in CARS CLI: show version show application Note The RHEL patch application should not be removed, once it is installed because this causes CARS environment to be unstable. Disabling SSLv3 Plug and Play-gateway 2.2.0.14 provides fix for POODLE vulnerability and for enabling/disabling SSLv3 on your server. You can disable SSLv3 and other lower versions only if you setup the Plug and Play gateway in Advanced mode. To disable SSLv3, follow these steps: Step 1 After upgrading to 2.2.0.14, use the following command to setup the Plug and Play gateway in Advanced mode. pnp setup advanced Step 2 The following prompt appears after you setup the Plug and Play gateway 2.2.0.14 in Advanced mode. Do you want to disable SSLv3 and below (y/n) ? [n] Select Yes or No (y/n). Step 3 Note If SSLv3 is enabled by default, enter ‘y’ in the prompt to disable SSLv3. If SSLv3 is disabled on Standalone Plug and Play server, then IOS image of the devices must be upgraded to a version which supports protocols other than SSLv3 such as TLS. The Plug and Play gateway does not work if this upgrade is not done. Windows Application for Plug and Play Gateway A new version of windows application for Plug and Play is available with this release. This addresses the connectivity issue with Cisco Prime Infrastructure 3.0. Release Notes for Cisco Prime Infrastructure Plug and Play Gateway Patch 2.2.0.14 4 Plug and Play Gateway Patch Installation in High Availability Configuration Note There is no changes in the backend functionality. In the GUI, Refresh button appears in Home and Deploy Downloaded Configuration pages. You must refresh the COM port list before starting the deployment in both the pages. Plug and Play Gateway Patch Installation in High Availability Configuration If the Plug and Play Gateway is configured in high availability mode, then follow the below steps to upgrade the patch on both primary or secondary servers: Step 1 Stop primary Plug and Play gateway server. Step 2 Install the patch in primary server as explained in Step 2 in Plug and Play Gateway Patch Installation in Standalone Configuration. Step 3 After successful upgradation, start the primary Plug and Play gateway server. Step 4 Stop the secondary Plug and Play gateway server. Step 5 Install the patch in secondary server as explained in Step 2 in Plug and Play Gateway Patch Installation in Standalone Configuration Step 6 After successful upgradation, start the secondary Plug and Play gateway server. Caveats This section lists the open and resolved caveats for Cisco Prime Infrastructure Plug and Play Gateway Patch 2.2.0.14: • Open Caveats, page 5 • Resolved Caveats, page 6 Open Caveats There are no open caveats for Cisco Prime Infrastructure Plug and Play Gateway Patch 2.2.0.14. Release Notes for Cisco Prime Infrastructure Plug and Play Gateway Patch 2.2.0.14 5 Caveats Resolved Caveats Click the identifier to view the impact and workaround for the caveat. This information is displayed in the Bug Search Tool. You can track the status of the resolved caveats using the Bug Search Tool. Table 1 Resolved Caveats Identifier Description CSCus76397 Standalone Plug and Play installation fails CSCut88786 Older version is shown after upgrading from 2.2.0.9 to 2.2.0.X CSCus91128 Plug and Play standalone is vulnerable to POODLE on SSLv3 CSCut92692 Automatic download of certificate fails for secondary Prime Infrastructure High Availability server using physical Prime Infrastructure address. CSCuu91192 Plug and Play configuration download fails after upgrading Prime Infrastructure to 2.2.2 Release Notes for Cisco Prime Infrastructure Plug and Play Gateway Patch 2.2.0.14 6 Related Documentation Related Documentation You can access the following additional Cisco Prime Infrastructure documentation on Cisco.com: • Cisco Prime Infrastructure 3.0 Quick Start Guide • Cisco Prime Infrastructure 3.0 User Guide Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html. Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service. This document is to be used in conjunction with the documents listed in the “Related Documentation” section. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. © 2015 Cisco Systems, Inc. All rights reserved. Release Notes for Cisco Prime Infrastructure Plug and Play Gateway Patch 2.2.0.14 7 Obtaining Documentation and Submitting a Service Request Release Notes for Cisco Prime Infrastructure Plug and Play Gateway Patch 2.2.0.14 8
© Copyright 2026 Paperzz