Release Notes for Cisco TrustSec 2.0
General Deployability 2011 Release
Published: November 30, 2011
The most current version of this document is available on Cisco.com at the following URL:
http://www.cisco.com/en/US/docs/switches/lan/trustsec/release/notes/rn_cts_crossplat.html
Contents
This document contains the following sections:
•New Features, Supported Hardware and Software
•Cisco Validated Design Documents
•Caveats - TrustSec 2.0 General Availability 2011 Release
•Related Documentation
New Features, Supported Hardware and Software
For a complete table of features, platforms, IOS images, and servers included in the TrustSec 2.0 release, see the Cisco TrustSec 2.0 Product Bulletin at the following URL:
http://www.cisco.com/en/US/netsol/ns1051/networking_solution_solution_overview_list.html
Cisco Validated Design Documents
For TrustSec 2.0 validated deployment and configuration scenarios, see the Cisco TrustSec 2.0 Design and Implementation Guide at the following URL:
http://www.cisco.com/en/US/netsol/ns1090/networking_solutions_design_guidances_list.html
Find all Cisco TrustSec CVD documents at the following URL:
http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns744/landing_DesignZone_TrustSec.html
Find CVD documents of other Cisco solutions at the following URL:
http://www.cisco.com/go/designzone
Caveats - TrustSec 2.0 General Availability 2011 Release
Open Caveats
Cisco AnyConnect
Release notes for Cisco AnyConnect VPN Client:
http://www.cisco.com/en/US/products/ps8411/prod_release_notes_list.html
|
|
|
|
CSCto05313 |
Network Access Manager |
3.0 |
EAP-FAST:user authorization PAC issue anyconnect nam |
Cisco ASR 1000 Router Series
Release notes for the Cisco ASR 1000 Series Aggregation Services Routers:
http://www.cisco.com/en/US/products/ps9343/prod_release_notes_list.html
|
|
|
|
CSCtr29831 |
CTS |
15.1(03)S |
ASR1000-WATCHDOG: Process = SXP CORE when adding 1k sxp connection |
Cisco Secure Access Control System (Cisco ACS)
Release notes for Cisco Secure Access Control System :
http://www.cisco.com/en/US/products/ps9911/prod_release_notes_list.html
Note Open and resolved caveats are referred to as Known and Resolved Issues in Cisco ACS release notes.
There are no caveats reported in TrustSec General Availability Release 2.0 for the
Cisco Secure Access Control System.
Cisco Identity Services Engine (Cisco ISE)
Release notes for the Cisco Identity Services Engine (ISE):
http://www.cisco.com/en/US/products/ps11640/prod_release_notes_list.html
Note Cisco TrustSec is referred to as SGA, and CTS in Cisco ISE release notes.
|
|
|
|
CSCtt22863 |
TrustSec |
1.1 |
ISE 1.1: Issues with SGACL Addition with Internet Explorer -8 |
Cisco Catalyst 3500 Series Switches
Release notes for Catalyst 3750-X, 3750-E, 3560-X, 3560-E, 3750, 3560, 2960-S, and 2960 switches:
http://www.cisco.com/en/US/products/ps10144/prod_release_notes_list.html
|
|
|
|
CSCti32286 |
ACLs |
12.2(53)SE2 |
Failed to apply DACL on member port if it has more than 64ACEs |
Cisco Catalyst 4500 Series Switches
Release notes for Catalyst 4500 Series switches:
http://www.cisco.com/en/US/products/hw/switches/ps4324/prod_release_notes_list.html
There are no caveats reported in TrustSec General Availability Release 2.0 for the
Cisco Catalyst 4500 Series switches.
Cisco Catalyst 6500 Series Switches
Release notes for Catalyst 6500 Series switches:
http://www.cisco.com/en/US/products/hw/switches/ps708/prod_release_notes_list.html
|
|
|
|
CSCto47606 |
Dot1x |
12.2(33)SXI6 |
port-security does not work with dot1x cat6000 |
CSCto68925 |
Dot1x |
12.2(33)SXI6 |
Dot1X Multi-AUTH- Subsequent Authz failed when addtl dACL added. |
CSCtr54445 |
CTS |
12.2(50)SY |
Ping fails when cts manual is configured between C2K and C4K |
Cisco Nexus 7000 Series Switches
Release notes for Nexus 7000 Series switches:
http://www.cisco.com/en/US/products/ps9402/prod_release_notes_list.html
|
|
|
|
CSCtt06094 |
CTS |
5.2 |
cts links bundled into L3 port channel, the port will reauthen every 30s |
Resolved and Closed Caveats
CiscoWorks LAN Management Solution Server
Release notes for the CiscoWorks LAN Management Solution:
http://www.cisco.com/en/US/products/ps11200/prod_release_notes_list.html
|
|
|
Description (Closed or Resolved)
|
CSCtj59501 |
Identity |
4.0 |
When Selecting Low impact, you can not change the host mode |
CSCtj64984 |
Identity |
4.0 |
LMS doesnt allow to modify the AAA RADIUS configure if AAA already set lms |
CSCtj65188 |
Identity |
4.0 |
Identity Readiness Assessment does not show all devices |
Cisco Secure Access Control System (Cisco ACS)
Release notes for Cisco Secure Access Control System:
http://www.cisco.com/en/US/products/ps9911/prod_release_notes_list.html
Note Open and resolved caveats are referred to as Known and Resolved Issues in Cisco ACS release notes.
Note Cisco TrustSec is referred to as Security Group Access (SGA) and CTS in Cisco ACS release notes.
There are no caveats reported in TrustSec General Availability Release 2.0 for the
Cisco Secure Access Control System.
Cisco Identity Services Engine (Cisco ISE)
Release notes for the Cisco Identity Services Engine:
http://www.cisco.com/en/US/products/ps11640/prod_release_notes_list.html
Note Cisco TrustSec is referred to as Security Group Access (SGA) and CTS in Cisco ISE release notes.
|
|
|
|
CSCtn40585 |
Profiler |
1.0 |
Poor GUI response time for listing of default Profiling Policies |
CSCtn99145 |
Authorization |
1.1 |
multi match authorization (authz) does not match on state (access-accept |
CSCtq66518 |
CTS |
1.1 |
Deleting the SGACL mapping from ISE does not clear the downloaded policy |
CSCtq76895 |
TrustSec |
1.1 |
ISE: Cannot create RBACL list with 110 entries positron |
CSCtr92353 |
TrustSec |
1.1 |
ISE : Positron sending wrong SGT during AUTHEN phase positron |
CSCtt10180 |
TrustSec |
1.1 |
ISE292: Environment data lifetime not updated with Device Changes-CoA positron |
Cisco Catalyst 3500 Series Switches
Release notes for Catalyst 3750-X, 3750-E, 3560-X, 3560-E, 3750, 3560, 2960-S, and 2960 switches:
http://www.cisco.com/en/US/products/ps10144/prod_release_notes_list.html
|
|
|
|
CSCtt05256 |
MACsec |
15.0(1)SE1 |
No traffic is passing through btw 3k-7k link when sap mode null is set |
CSCtt06233 |
CTS |
15.0(1)SE1 |
ping traffic failed to pass through ndac link btw 3k-7k on some config |
Cisco Catalyst 4500 Series Switches
Release notes for Catalyst 4500 Series switches:
http://www.cisco.com/en/US/products/hw/switches/ps4324/prod_release_notes_list.html
There are no caveats reported in TrustSec General Availability Release 2.0 for the
Cisco Catalyst 4500 Series switches.
Cisco Catalyst 6500 Series Switches
Release notes for Catalyst 6500 Series switches:
http://www.cisco.com/en/US/products/hw/switches/ps708/prod_release_notes_list.html
|
|
|
|
CSCtk84193 |
CTS |
12.2(50)SY |
Seeing "TCP-6-BADAUTH: No MD5 digest" msg although sxp connection is on |
CSCto03011 |
Dot1x |
12.2(33)SXI5 |
dACLs not always applied to interface |
CSCto56787 |
Dot1x |
12.2(33)SXI6 |
CWA environment does not apply ACL in EPM 6503 |
CSCtr54445 |
CTS |
12.2(50)SY |
Ping fails when cts manual is configured between C2K and C4K |
CSCtr92862 |
CTS |
12.2(50)SY |
Switch failed to download RBACL policy associating to static SGT |
Cisco Nexus 7000 Series Switches
Release notes for Nexus 7000 Series switches:
http://www.cisco.com/en/US/products/ps9402/prod_release_notes_list.html
|
|
|
|
CSCtr95105 |
CTS |
5.2 |
When sxp default passwd is set, N7k will disable & reenable sxp feature |
CSCts33115 |
CTS |
5.2 |
Unable to ping across CTS link between N7k and ASR |
Related Documentation
Cisco IOS Software Documentation