Table Of Contents
Release Notes for Cisco ACNS Software, Release 5.5.17
January 27, 2010
Note The most current Cisco documentation for released products is available on Cisco.com.
This release note contains information about the Cisco Application and Content Networking System (ACNS) software version 5.5.17.
Note If you are running ACNS version 5.5.13 we recommend that you upgrade to ACNS version 5.5.15 at your earliest convenience.
This release note contains the following topics:
New CLI—ntlm process periodic-restart
To enable the Content Engine to schedule a periodic restart of the NTLM authentication process, use the ntlm process periodic-restart global configuration command. To disable the periodic restart of the NTLM authentication process, use the no form of this command.
ntlm process periodic-restart days
no ntlm process periodic-restart
This feature is disabled by default.
The ntlm process periodic-restart command enables the Content Engine to schedule a periodic restart of the NTLM authentication process. The restart will occur only during the midnight hour (00Hrs).
Note This command will have no effect if any other authentication scheme other than NTLM is configured.
The following example shows how to restart the NTLM authentication process when the uptime is greater than 2 days:ContentEngine(config)# ntlm process periodic-restart 2
Hardware Platforms Supported in the ACNS Software
Table 1 shows the hardware platforms supported in each ACNS software release. An "X" indicates that the software supports the hardware models listed in that row.
Note The ACNS 5.4.3 release is the required minimum software release for the WAE-512 and WAE-612 appliances. The ACNS 5.3.3 release is the required minimum software release for the WAE-511, WAE-611, and WAE-7326 appliances. The ACNS 5.5.13 release is the required minimum software release for ACNS-VB running on WAAS virtual blade.
Software Component Versions Supported in the ACNS Software
Table 2 describes the integrated SmartFilter and Websense versions that are supported in the ACNS software.
Table 2 Component Versions Supported in the ACNS Software
ACNS Software Release SmartFilter Version Supported Websense Version Supported
1 The integrated Websense Enterprise software Version 5.5 in the ACNS software requires a minimum of 512 MB of RAM. We recommend that you upgrade the RAM on your device to 512 MB or greater, or move your integrated Websense server to another device that has at least 512 MB of RAM. When additional Websense components are enabled (such as the Network Agent), the ACNS software requires a minimum of 1 GB of RAM.
The following software component restrictions apply to the NME-WAE-502:
•On-box SmartFilter is not supported on the NME-WAE-502 running ACNS version 5.5.7 and later.
Off-box SmartFilter is supported on the NME-WAE-502 running ACNS version 5.5.7 and later.
•On-box Websense is not supported on the NME-WAE-502 running ACNS version 5.5.7 and later.
Off-box Websense is not supported on the NME-WAE-502 running ACNS versions 5.5.7 and 5.5.9. Off-box Websense is supported in ACNS version 5.5.11 and later.
Performance is optimal when Websense Enterprise Manager, the Websense Policy Server, and all other Websense components are situated in the same LAN. If all components are not in the same LAN, you may experience communication latency between Websense Enterprise Manager and other components. A significant increase in latency may lead to a communication failure.
Software Version 5.5.17 Resolved and Open Caveats
The following sections list the resolved and open caveats in the ACNS 5.5.17 release.
Software Version 5.5.17 Resolved Caveats
This section lists the resolved caveats in the ACNS 5.5.17 release.
•CSCef43371—The configuration command for assign-method-strict is not available for RTSP. This occurs when the device has been enabled for RTSP WCCP.
•CSCta25754—Syslog messages are not sent to the remote host after the system reboots. This occurs on every reboot and is specific to inline modules.
•CSCtb12566—SNMP walk fails during the query when SNMP is running on the WAE.
•CSCtb36745—When TACACS authentication is configured with multiple servers and there is an authentication reject from the primary TACACS server, the WAE will try to authenticate to the other servers before prompting the user for its credentials again. The CE should only query the other servers if the primary is not answering to the original request.
•CSCtb43427—The HTTP request in the non-standard port fails when transparently redirected to the CE. This occurs for HTTP when the HTTP request in the non-standard port is WCCP redirected to the CE, the HTTP header contains Host Header with no port information, and the upstream proxy is configured in the CE. This occurs for MMS-over-HTTP when the MMS-over-HTTP request in the non-standard port is WCCP redirected to the CE, and the Host Header contains no port information The workaround is to bypass the request which is redirected in the non-standard port with no port information in the HTTP header.
•CSCtb52523—The CE experiences high CPU (up to 100%) constantly while trying continuously to open a corrupt asf file. This occurs with ACNS and WMT streaming.
•CSCtb64581—CE is unable to serve HTTPS traffic when it has "http append x-forwarded-for-header" configured and has an upstream proxy in which NTLM authentication is enabled. This occurs when "http append x-forwarded-for-header" is configured on the CE having upstream proxy which has NTLM authentication enabled, and a new client sends https traffic to the CE. Workaround: Access an HTTP resource prior, which will authenticate the machine.
•CSCtb84811—The Acquirer does not handle ETag containing the "=" sign correctly. It stops storing the ETag when "=" is encountered. This causes ACNS to download all content that has the "=" sign in the ETag every time the TTL for content expires, placing a higher load on the webserver. It can be verified by using cdnfs browse on ACNS to view the content that keeps downloading and using info on the content to show the ETag value. This applies to both weak ("W/") and normal ETag values.
•CSCtc40217—ACNS will not notice a missing MSS option from a client and will assume that it can send traffic with a bigger MTU than the 536+40 that is allowed. In some circumstances this prevents ACNS from communicating with the server as it will send a packet that is too big, which will get lost. This requires not only a very old server that does not send MSS, but also a slightly broken network that does not send the ICMP "packet too big" message back.
•CSCtd01529—An industry-wide vulnerability exists in the Transport Layer Security (TLS) protocol that could impact any Cisco product that uses any version of TLS and SSL. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack. This advisory is posted at:
•CSCtd26315—The CDM GUI crashes and displays a null pointer exception after scheduling several programs.
•CSCtd43840—Live splitting does not happen for SSPL Live. This occurs when the server is ACNS 5.4.
•CSCtd50425—The new CLI ntlm process periodic-restart was added to schedule a periodic restart of the NTLM authentication process.
Software Version 5.5.17 Open Caveats
This section lists the open caveats in the ACNS 5.5.17 release.
•CSCtc71254—In some circumstances the CE uses the DNS cache to resolve an address even if a DNS pin is configured. Workaround: A possible workaround is to clear the DNS cache.
•CSCtc91227—In a rare scenario, the CE sends a malformed GET request containing two IMS headers to the server. This occurs when the CE is configured to revalidate all objects. Workaround: None.
•CSCtd10677—The multicast sender stops. Workaround: Restart the CE.
•CSCtd25322—Java-based application fails. This happens when the device is running ACNS 5.5.x and the client sends FIN before all server data is sent. Workaround: None.
•CSCtd97063—In a rare scenario, the unireceiver process gets aborted. This occurs when acquisition and distribution is enabled. Workaround: None. The process restarts on its own.
Product Documentation Set
In addition to this release note, the following document types are included in the product documentation set. An online help system is included in the product software.
•Cisco Wide Area Application Engine 7341, 7371, and 674 Hardware Installation Guide
•Cisco Wide Area Application Engine 7326 Hardware Installation Guide
•Cisco Wide Area Application Engine 512 and 612 Hardware Installation Guide
•Cisco Wide Area Application Engine 511 and 611 Hardware Installation Guide
•Installing Hard Disk Drives in the Cisco Wide Area Application Engine 611
•Installing the Cisco WAE Inline Network Adapter
•Regulatory Compliance and Safety Information for the Cisco Content Networking Product Series
•Cisco WAAS Installation and Configuration Guide for ACNS on a Virtual Blade
•Cisco ACNS Software Upgrade and Maintenance Guide, Release 5.5.13
•Cisco ACNS Software Configuration Guide for Centrally Managed Deployments, Release 5.5.13
•Cisco ACNS Software Configuration Guide for Locally Managed Deployments, Release 5.5.13
•Configuring Cisco Access Routers and the NME-WAE Network Module for ACNS Deployments
•Cisco ACNS Command Reference, Release 5.5.13
•Cisco ACNS Software API Guide, Release 5.5
The Content Distribution Manager GUI and the Content Engine GUI both have context-sensitive online help that can be accessed by clicking the HELP button. ACNS software includes the following online help systems:
•Content Distribution Manager GUI online help system for centrally managed ACNS networks
•Content Engine GUI online help system for locally deployed Content Engines
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flip Video, Flip Video (Design), Flipshare (Design), Flip Ultra, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Store, and Flip Gift Card are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0907R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2009, 2010 Cisco Systems, Inc. All rights reserved.