Release Notes for Cisco TrustSec General Availability Releases
Release Notes for Cisco TrustSec 2.0 General Deployability 2011 Release
Downloads: This chapterpdf (PDF - 399.0KB) | Feedback

Release Notes for Cisco TrustSec 2.0 General Deployability 2011 Release

Table Of Contents

Release Notes for Cisco TrustSec 2.0
General Deployability 2011 Release

Contents

New Features, Supported Hardware and Software

Cisco Validated Design Documents

Caveats - TrustSec 2.0 General Availability 2011 Release

Open Caveats

Cisco AnyConnect

Cisco ASR 1000 Router Series

Cisco Secure Access Control System (Cisco ACS)

Cisco Identity Services Engine (Cisco ISE)

Cisco Catalyst 3500 Series Switches

Cisco Catalyst 4500 Series Switches

Cisco Catalyst 6500 Series Switches

Cisco Nexus 7000 Series Switches

Resolved and Closed Caveats

CiscoWorks LAN Management Solution Server

Cisco Secure Access Control System (Cisco ACS)

Cisco Identity Services Engine (Cisco ISE)

Cisco Catalyst 3500 Series Switches

Cisco Catalyst 4500 Series Switches

Cisco Catalyst 6500 Series Switches

Cisco Nexus 7000 Series Switches

Related Documentation

Cisco IOS Software Documentation


Release Notes for Cisco TrustSec 2.0
General Deployability 2011 Release


Published: November 30, 2011

The most current version of this document is available on Cisco.com at the following URL:

http://www.cisco.com/en/US/docs/switches/lan/trustsec/release/notes/rn_cts_crossplat.html

Contents

This document contains the following sections:

New Features, Supported Hardware and Software

Cisco Validated Design Documents

Caveats - TrustSec 2.0 General Availability 2011 Release

Related Documentation

New Features, Supported Hardware and Software

For a complete table of features, platforms, IOS images, and servers included in the TrustSec 2.0 release, see the Cisco TrustSec 2.0 Product Bulletin at the following URL:

http://www.cisco.com/en/US/netsol/ns1051/networking_solution_solution_overview_list.html

Cisco Validated Design Documents

For TrustSec 2.0 validated deployment and configuration scenarios, see the Cisco TrustSec 2.0 Design and Implementation Guide at the following URL:

http://www.cisco.com/en/US/netsol/ns1090/networking_solutions_design_guidances_list.html

Find all Cisco TrustSec CVD documents at the following URL:

http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns744/landing_DesignZone_TrustSec.html

Find CVD documents of other Cisco solutions at the following URL:

http://www.cisco.com/go/designzone

Caveats - TrustSec 2.0 General Availability 2011 Release

Open Caveats

Cisco AnyConnect

Release notes for Cisco AnyConnect VPN Client:
http://www.cisco.com/en/US/products/ps8411/prod_release_notes_list.html

Identifier
Technology
Software Release
Description

CSCto05313

Network Access Manager

3.0

EAP-FAST:user authorization PAC issue anyconnect nam


Cisco ASR 1000 Router Series

Release notes for the Cisco ASR 1000 Series Aggregation Services Routers:
http://www.cisco.com/en/US/products/ps9343/prod_release_notes_list.html

Identifier
Technology
Software Release
Description

CSCtr29831

CTS

15.1(03)S

ASR1000-WATCHDOG: Process = SXP CORE when adding 1k sxp connection


Cisco Secure Access Control System (Cisco ACS)

Release notes for Cisco Secure Access Control System :
http://www.cisco.com/en/US/products/ps9911/prod_release_notes_list.html


Note Open and resolved caveats are referred to as Known and Resolved Issues in Cisco ACS release notes.


There are no caveats reported in TrustSec General Availability Release 2.0 for the
Cisco Secure Access Control System.

Cisco Identity Services Engine (Cisco ISE)

Release notes for the Cisco Identity Services Engine (ISE):
http://www.cisco.com/en/US/products/ps11640/prod_release_notes_list.html


Note Cisco TrustSec is referred to as SGA, and CTS in Cisco ISE release notes.


Identifier
Technology
Software Release
Description

CSCtt22863

TrustSec

1.1

ISE 1.1: Issues with SGACL Addition with Internet Explorer -8


Cisco Catalyst 3500 Series Switches

Release notes for Catalyst 3750-X, 3750-E, 3560-X, 3560-E, 3750, 3560, 2960-S, and 2960 switches:
http://www.cisco.com/en/US/products/ps10144/prod_release_notes_list.html

Identifier
Technology
Software Release
Description

CSCti32286

ACLs

12.2(53)SE2

Failed to apply DACL on member port if it has more than 64ACEs


Cisco Catalyst 4500 Series Switches

Release notes for Catalyst 4500 Series switches:
http://www.cisco.com/en/US/products/hw/switches/ps4324/prod_release_notes_list.html

There are no caveats reported in TrustSec General Availability Release 2.0 for the
Cisco Catalyst 4500 Series switches.

Cisco Catalyst 6500 Series Switches

Release notes for Catalyst 6500 Series switches:
http://www.cisco.com/en/US/products/hw/switches/ps708/prod_release_notes_list.html

Identifier
Technology
Software Release
Description

CSCto47606

Dot1x

12.2(33)SXI6

port-security does not work with dot1x cat6000

CSCto68925

Dot1x

12.2(33)SXI6

Dot1X Multi-AUTH- Subsequent Authz failed when addtl dACL added.

CSCtr54445

CTS

12.2(50)SY

Ping fails when cts manual is configured between C2K and C4K


Cisco Nexus 7000 Series Switches

Release notes for Nexus 7000 Series switches:
http://www.cisco.com/en/US/products/ps9402/prod_release_notes_list.html

Identifier
Technology
Software Release
Description

CSCtt06094

CTS

5.2

cts links bundled into L3 port channel, the port will reauthen every 30s


Resolved and Closed Caveats

CiscoWorks LAN Management Solution Server

Release notes for the CiscoWorks LAN Management Solution:
http://www.cisco.com/en/US/products/ps11200/prod_release_notes_list.html

Identifier
Technology
Software Release
Description (Closed or Resolved)

CSCtj59501

Identity

4.0

When Selecting Low impact, you can not change the host mode

CSCtj64984

Identity

4.0

LMS doesnt allow to modify the AAA RADIUS configure if AAA already set lms

CSCtj65188

Identity

4.0

Identity Readiness Assessment does not show all devices


Cisco Secure Access Control System (Cisco ACS)

Release notes for Cisco Secure Access Control System:
http://www.cisco.com/en/US/products/ps9911/prod_release_notes_list.html


Note Open and resolved caveats are referred to as Known and Resolved Issues in Cisco ACS release notes.



Note Cisco TrustSec is referred to as Security Group Access (SGA) and CTS in Cisco ACS release notes.


There are no caveats reported in TrustSec General Availability Release 2.0 for the
Cisco Secure Access Control System.

Cisco Identity Services Engine (Cisco ISE)

Release notes for the Cisco Identity Services Engine:
http://www.cisco.com/en/US/products/ps11640/prod_release_notes_list.html


Note Cisco TrustSec is referred to as Security Group Access (SGA) and CTS in Cisco ISE release notes.


Identifier
Technology
Software Release
Description

CSCtn40585

Profiler

1.0

Poor GUI response time for listing of default Profiling Policies

CSCtn99145

Authorization

1.1

multi match authorization (authz) does not match on state (access-accept

CSCtq66518

CTS

1.1

Deleting the SGACL mapping from ISE does not clear the downloaded policy

CSCtq76895

TrustSec

1.1

ISE: Cannot create RBACL list with 110 entries positron

CSCtr92353

TrustSec

1.1

ISE : Positron sending wrong SGT during AUTHEN phase positron

CSCtt10180

TrustSec

1.1

ISE292: Environment data lifetime not updated with Device Changes-CoA positron


Cisco Catalyst 3500 Series Switches

Release notes for Catalyst 3750-X, 3750-E, 3560-X, 3560-E, 3750, 3560, 2960-S, and 2960 switches:
http://www.cisco.com/en/US/products/ps10144/prod_release_notes_list.html

Identifier
Technology
Software Release
Description

CSCtt05256

MACsec

15.0(1)SE1

No traffic is passing through btw 3k-7k link when sap mode null is set

CSCtt06233

CTS

15.0(1)SE1

ping traffic failed to pass through ndac link btw 3k-7k on some config


Cisco Catalyst 4500 Series Switches

Release notes for Catalyst 4500 Series switches:
http://www.cisco.com/en/US/products/hw/switches/ps4324/prod_release_notes_list.html

There are no caveats reported in TrustSec General Availability Release 2.0 for the
Cisco Catalyst 4500 Series switches.

Cisco Catalyst 6500 Series Switches

Release notes for Catalyst 6500 Series switches:
http://www.cisco.com/en/US/products/hw/switches/ps708/prod_release_notes_list.html

Identifier
Technology
Software Release
Description

CSCtk84193

CTS

12.2(50)SY

Seeing "TCP-6-BADAUTH: No MD5 digest" msg although sxp connection is on

CSCto03011

Dot1x

12.2(33)SXI5

dACLs not always applied to interface

CSCto56787

Dot1x

12.2(33)SXI6

CWA environment does not apply ACL in EPM 6503

CSCtr54445

CTS

12.2(50)SY

Ping fails when cts manual is configured between C2K and C4K

CSCtr92862

CTS

12.2(50)SY

Switch failed to download RBACL policy associating to static SGT


Cisco Nexus 7000 Series Switches

Release notes for Nexus 7000 Series switches:

http://www.cisco.com/en/US/products/ps9402/prod_release_notes_list.html

Identifier
Technology
Software Release
Description

CSCtr95105

CTS

5.2

When sxp default passwd is set, N7k will disable & reenable sxp feature

CSCts33115

CTS

5.2

Unable to ping across CTS link between N7k and ASR


Related Documentation

Document Title
TrustSec Topics

Cisco TrustSec Switch Configuration Guide

TrustSec feature configurations for Cisco Catalyst series switches

System error messages

Cisco Secure Access Control System

Cisco Secure Access Control System Release Notes

Open and resolved caveats, referred to as Known and Resolved issues in Cisco ACS documentation

Cisco Secure Access Control System End-User Guides

Cisco Security Group Access configurations for Cisco ACS 5.1 and more recent releases

Cisco Identity Services Engine

Release Notes for Cisco Identity Services Engine

Open and resolved caveats

Cisco Identity Services Engine User Guide

Configuring Cisco Security Group Access policies

Catalyst 3000 Series Switches

Release Notes for Catalyst 3560 and 3750 Switches

Open and resolved caveats

Catalyst 3560 Software Configuration Guides

802.1x configuration procedures

Catalyst 3750 Switch Software Configuration Guides

Catalyst 3750-X Switch Software Configuration Guides

802.1x configuration procedures

SXP

MACsec

Catalyst 4500 Series Switches

Release Note for the Catalyst 4500 Series Switch

Open and resolved caveats

Catalyst 4500 Series Switch Software Configuration Guides

802.1x configuration procedures

Catalyst 6500 Series Switches

Catalyst 6500 Series Release Notes

Open and resolved caveats

Catalyst 6500 Series
Software Configuration Guides

802.1x and TrustSec configuration procedures

Nexus 7000 Series Switches

Cisco Nexus 7000 Series Switches Release Notes

Open and resolved caveats

Cisco Nexus 7000 Series Switches Configuration Guides

TrustSec feature configurations for Cisco Nexus 7000 Series switches, Release 4.1 and more recent releases

802.1x configuration procedures


Cisco IOS Software Documentation

Cisco IOS Document Title
TrustSec Topics

Cisco TrustSec Configuration Guide Cisco IOS XE Release 3S

Router-based SXP configuration

Cisco IOS Master Command List, All Releases

802.1x; SXP