Table Of Contents
Release Notes for the Cisco Secure Access Control Server 4.2.1
Contents
Introduction
New and Changed Information
New Features
Windows 64-bit Support for Remote Agent
Ports to be added in Windows 2008 Firewall
Installation Notes
Installation Notes for ACS 4.2.1 for Windows
Upgrade Path for ACS 4.2.1 for Windows
System Requirements for ACS 4.2.1 for Windows
Installing ACS 4.2.1 for Windows
Installation Notes for ACS 4.2.1 Solution Engine
Upgrade Path for ACS 4.2.1 Solution Engine
System Requirements for ACS 4.2.1 Solution Engine
Installing ACS 4.2.1 for Solution Engine
Known Caveats
Resolved Caveats
Documentation Updates
Omissions
Changes
Updates
Product Documentation
Related Documentation
Notices
OpenSSL/Open SSL Project
License Issues
Obtaining Documentation and Submitting a Service Request
Release Notes for the Cisco Secure Access Control Server 4.2.1
Revised: January 15, 2010, OL-16293-01
These release notes pertain to the Cisco Secure Access Control Server, hereafter referred to as ACS version 4.2.1. These release notes contain information for the Windows and Solution Engine(SE) platforms. Where necessary, the appropriate platform is clearly identified.
Contents
•
Introduction
•New and Changed Information
•Installation Notes
•Known Caveats
•Resolved Caveats
•Documentation Updates
•Product Documentation
•Related Documentation
•Notices
•Obtaining Documentation and Submitting a Service Request
Introduction
ACS 4.2.1 is a maintenance release for ACS 4.2 that resolves customer and internally found defects. ACS 4.2.1 is available for download from Cisco.com only for upgrading the existing ACS 4.2 software deployment.
New and Changed Information
ACS 4.2.1 contains the following new and changed information:
•New Features
•Windows 64-bit Support for Remote Agent
•Ports to be added in Windows 2008 Firewall
New Features
•Cipher Suite Configuration—You will be able to construct your preferred order of Cipher-Suites. During the handshake phase of EAP-TLs and PEAP authentications, ACS will search for the Cipher-Suite in the same order that you have selected. If the client's Cipher-Suite list does not contain at least one of the Cipher-Suites that you have selected, the handshake will fail.
•Multi Instance and Multi line TACACS+ AV Pair—ACS 4.2.1 supports multiple instances of TACACS+ AV pair to help you overcome the limitation in length and multiple lines while specifying value for TACACS+ custom attributes. If the value of the AV pair exceeds 255 characters or if you want to give the value for the AV pair in multiple lines, then defining multiple instances for the AV pair will help you to achieve this.
•Configuration Dump for Auditing—ACS 4.2.1 provides an option to dump user, group, and administrator information in a more user-friendly format. The output will be dumped into a text file.
•64-bit Windows compatibility—ACS 4.2.1 provides 64-bit Windows support for ACS Windows and ACS remote agent.
•RSA 7.x compatibility—ACS 4.2.1 provides support for RSA version 7.x.
Windows 64-bit Support for Remote Agent
ACS 4.2.1 Remote Agent is supported on the following Windows 64-bit OS:
•Windows Server 2008, Standard Edition with Service Pack 2
•Windows Server 2008, Enterprise Edition with Service Pack 2
•Windows Server 2003, R2, Standard Edition with Service Pack 2
•Windows Server 2003, R2, Enterprise Edition with Service Pack 2
Ports to be added in Windows 2008 Firewall
In Windows 2008, the following firewall ports must remain open, as ACS uses them.
Port Name
|
Port Number
|
RADIUS Authentication and Authorization (original draft RFC)
|
1645
|
RADIUS Accounting (original draft RFC)
|
1646
|
RADIUS Authentication and Authorization (revised draft RFC)
|
1812
|
RADIUS Accounting (revised draft RFC)
|
1813
|
TACACS+ AAA
|
49
|
Replication and RDBMS Synchronization
|
2000
|
Cisco Secure ACS Remote Logging
|
2001
|
Cisco Secure ACS Distributed Logging (appliance only)
|
2003
|
HTTP Administrative Access (at login)
|
2002
|
DHCP
|
68
|
Installation Notes
This section contains installation information for ACS 4.2.1.
Installation Notes for ACS 4.2.1 for Windows
This section contains:
•Upgrade Path for ACS 4.2.1 for Windows
•System Requirements for ACS 4.2.1 for Windows
•Installing ACS 4.2.1 for Windows
Upgrade Path for ACS 4.2.1 for Windows
For more information on ACS 4.2.1 upgrade paths, see the Installation Guide for Cisco Secure ACS for Windows 4.2.1.
System Requirements for ACS 4.2.1 for Windows
For information on supported operating systems and web browsers, see the Installation Guide for Cisco Secure ACS for Windows 4.2.1.
Installing ACS 4.2.1 for Windows
For more information on installing ACS 4.2.1 on windows, see the Installation Guide for Cisco Secure ACS for Windows 4.2.1.
Installation Notes for ACS 4.2.1 Solution Engine
•Upgrade Path for ACS 4.2.1 Solution Engine
•System Requirements for ACS 4.2.1 Solution Engine
•Installing ACS 4.2.1 for Solution Engine
Upgrade Path for ACS 4.2.1 Solution Engine
For more information on ACS 4.2.1 upgrade paths, see the Installation Guide for Cisco Secure ACS Solution Engine 4.2.1.
System Requirements for ACS 4.2.1 Solution Engine
For information on the system requirements for the Solution Engine, see the Installation Guide for Cisco Secure ACS Solution Engine 4.2.1.
Installing ACS 4.2.1 for Solution Engine
For more information on installing ACS 4.2.1 on solution engine, see the Installation Guide for Cisco Secure ACS Solution Engine 4.2.1.
Known Caveats
Table 1 contains known caveats in ACS for Windows and Solution Engine 4.2.1. You can also use the Bug Toolkit on Cisco.com to find any open bugs that might not appear here.
Table 1 Known Caveats in ACS Windows and Solution Engine 4.2.1
Bug ID
|
Summary
|
Explanation
|
CSCta89022
|
Win2008 on 64-bit machine, problem in stopping and starting services occasionally.
|
Symptom In Win2008 64-bit machine, sometimes there is a problem
in stopping or starting the ACS services. For example, attempting to
stop CSAdmin will take longer time to stop or it will not stop at all.
Conditions The symptom occurs during installation of ACS 4.2.1 or in any other flow where stopping of a service is required.
Workaround When you install ACS 4.2.1 on Win2008 64-bit machine, you must first install ACS 4.2. At the end of ACS 4.2 installation, do not start the ACS services
|
CSCtb75397
|
Changing IP address from static to DHCP sets the server values to default.
|
Symptom When you change the IP address from static to DHCP with
the set ip command, the AAA server name changes from self to
hostname. Authentication fails and ACS becomes unresponsive.
Conditions The symptom occurs while setting the IP address through the DHCP server.
Workaround Update the shared secret and other attributes for the self entry present under Network configuration section.
|
CSCta75366
|
Custom attributes of TACACS new service do not get updated.
|
Symptom Create a New Services name in Interface Configuration
> TACACS (Cisco IOS), with space in protocol name and submit
the page. In the User and Group Setup, specify custom attribute for
the new service, submit the form and open again. The values in the
services are not updated.
Conditions Protocol name of the new service has space in it.
Workaround Do not use space in the protocol name.
|
CSCta06382
|
ACS SE- Changing communication or RADIUS port requires new admin session.
|
Symptom In ACS SE, if you change the communication port from
System configuration > Service Control, then ACS GUI session
is lost. The same behavior is seen when you make any change and
click Submit + Apply for self entry under AAA Server pane of the
Network Configuration page.
Conditions It occurs only in ACS SE when you change either the communication port configuration under System Configuration > Service Control page or click Submit + Apply for self entry under AAA server pane of the Network Configuration page.
Workaround Restart the CSAdmin services.
|
CSCsv27592
|
ACS upgrade from 3.x to 4.x does not warn if NAS devices are lost.
|
Symptom After an upgrade from ACS 3.3.x to ACS 4.1.x or to
ACS 4.2.x, NAS entries that contain more than 16K characters of IP
addresses are truncated to 4K characters with no error message in
the install.log.
Conditions Upgrade from ACS 3.3.x to ACS 4.1.1.24 or to
ACS 4.2.0.124. If you have a NAS entry with more than 16000 characters.
Workaround None. You have to manually check the NAS entries after the upgrade to find out which entries are with missing IP addresses.
|
CSCsm20214
|
ACS 4.2 uninstall fails when a read-only file is present in the program files folder.
|
Symptom Upgrade or uninstall failure.
Conditions During upgrade or uninstalling ACS, if there is a read-only file in the ACS folder under program files.
Workaround Provide full read and write permission.
|
CSCsb22897
|
Generating package, displays run time error message instead of disk space error message.
|
Symptom Running CSSupport throws run time error when sufficient
disk space is not available.
Conditions The machine on which ACS is installed does not have sufficient disk space.
Workaround Make some free space in the disk and then try to run CSSupport again. At least 4 GB of free hard drive space is required. 16 GB of free hard drive space is recommended.
|
CSCsx31696
|
CSDBsync failing to parse IP address with trailing blanks.
|
Symptom RDBMS sync (CSDBSync) does not trim the trailing
spaces in the IP address before importing it to ACS. This leads to IP
address being represented as 0.0.0.0 in ACS.
Conditions The DB from which RDBMS sync takes the data for import has trailing spaces in the IP address.
Workaround Remove the trailing space from the IP address and then use RDBMS sync.
|
CSCta13106
|
Logging in Cipher Suite needs improvisation.
|
Symptom If the Cipher Suite selected in ACS and the one sent by the
supplicant are not matching, it displays a generic error message
EAP-TLS or PEAP authentication failed during SSL handshake, in
reports.
Conditions Mismatch of Cipher Suite between the one selected in ACS and the one sent by the supplicant.
Workaround None.
|
CSCta69034
|
Cipher suite names in Cipher Suite Configuration page are not RFC compliant.
|
Symptom Names of the ciphers that are displayed in ACS GUI under
Cipher Suite Selection page, are not RFC complaint.
Conditions When EAP-TLS or PEAP protocol is enabled in ACS.
Workaround ACS uses OpenSSL library for certificate based authentication. The names of the cipher suite are also taken from OpenSSL. Hence there is no work around.
|
CSCta93462
|
MOTD with maximum characters are not displayed properly in Firefox.
|
Symptom If the text given for Message of the Day does not have
space between the words, then in FireFox browser, the text is not
displayed properly.
Conditions If ACS GUI is launched using FireFox then this issue may be seen.
Workaround While adding text for the Message of the Day, give space between words.
|
CSCtb21359
|
Auth, TCS logs and CSUtil throws Bad EndPoint Address trapped error message.
|
Symptom CSUtil throws the error Bad EndPoint Address
<0x00000000> trapped, while importing users when the file
contains ONLINE, but the user gets added successfully in ACS. The
message is not appearing when the file contains OFFLINE.
Conditions The issue is seen when the input file used for CSUtil import user functionality contains ONLINE.
Workaround Use OFFLINE in the input file used for CSUtil import user.
|
CSCtb51914
|
After upgrade, Time bound alternate Group option becomes disabled.
|
Symptom Time bound alternate Group option configured under User
settings becomes disabled after upgrading to ACS 4.2.1
Conditions The issue occurs for Time bound alternate Group option after upgrading to ACS 4.2.1.
Workaround After upgrading to ACS 4.2.1, select the user and enable the Time bound alternate Group option again.
|
CSCsx21304
|
File generation error occurs when adding NAC attribute on ACS SE.
|
Symptom In ACS SE, File generation error occurs when you add
NAC attribute from the NAC Attributes Management page.
Conditions In ACS SE 4.2.0.124.7, using NAC Attributes Management page to add NAC attribute.
Workaround Stop the CSAgent (as it blocks the file generation when adding NAC attribute on ACS SE) and add the NAC attribute. To fix the problem permanently, take the NACattrFix_Patch from Cisco.com and apply it on ACS SE.
|
CSCsz69843
|
ACS SE - Problem when default proxy is updated with different ACS server.
|
Symptom No proxy to default proxy servers.
Conditions When ACS SE 4.2.0.124.10 is configured with the following three entries in the proxy distribution table:
•@domain1 > proxy to ACS itself
• @fake.domain > proxy to 2 Linux Radius servers
• @domain2 > proxy to 2 Linux Radius servers
and you remove the second dummy entry to proxy requests for @fake.domain, ACS stops forwarding the access-challenges from the Linux Radius servers to the AAA client, when you try to authenticate users from domain2. If you keep the second entry for the non-existing @fake.domain, then access-challenges are correctly forwarded by ACS from the RADIUS servers to the AAA client, when authenticating user is in domain2.
Workaround Keep a second dummy entry in the proxy distribution table.
|
CSCtd48247
|
ACS SE 4.2.1 - OS updates are not part of 4.2.1.
|
Symptom OS update or hotfixes are not part of ACS SE 4.2.1.
Conditions Applicable for ACS SE 4.2.1.
Workaround The OS updates or hot fixes are applicable only when the related vulnerability is affecting ACS SE. Cisco publishes the appliance patches containing the relevant hotfix if ACS SE is found to be affected by the related vulnerability. Such patches posted for ACS SE 4.2, are applicable to ACS 4.2.1 as well. If those patches are already applied on top of ACS 4.2, then it is not necessary to update the same patch on top of ACS 4.2.1.
|
Resolved Caveats
Table 2 contains the resolved caveats for ACS 4.2.1. Check the Bug Toolkit on Cisco.com for any resolved bugs that might not appear here.
Table 2 Resolved Caveats
Bug ID
|
Description
|
CSCee33692
|
Deceptive message displayed on enabling of a disabled group.
|
CSCef31265
|
ACS UI can not accept more than 160 characters while it should accept 255.
|
CSCeg34532
|
FTP to ACS Appliance fails if colon (:) is present in the user password.
|
CSCse92069
|
ACS database replication port should be configurable.
|
CSCse93831
|
Number of IP addresses per AAA client is limited in ACS 4.0.
|
CSCsf02761
|
ACS sends the accounting response to a wrong NAS IP address.
|
CSCsf06481
|
HTTPS option is passed along for the improper component in replication.
|
CSCsf25057
|
ACS support for TACACS single-connection.
|
CSCsg07191
|
After replication, machine authentication is not working till restart.
|
CSCsg19053
|
Need to update TCS max session logging for ACS 4.0.
|
CSCsg24486
|
Two TACACS New Services with similar names have issues with data.
|
CSCsh37811
|
RDS log message is not clear.
|
CSCsh56547
|
Enhancement: ACS and Remote Agent should support 64-bit systems.
|
CSCsh58524
|
Username does not get strip in radius accounting log.
|
CSCsi18979
|
ACS WIndows and SE missing Juniper VSA.
|
CSCsi27554
|
ACS 4.1: EAP-FAST secondary does not switch to Slave.
|
CSCsi43841
|
RADIUS ports should be configurable to other ports apart from the standard ports.
|
CSCsi55085
|
ACS services not started after replicate/reboot on machine with dual CPU.
|
CSCsj12604
|
When trying to bulk import ODBC, operation failed.
|
CSCsj60407
|
ACS Backup filename is changed to uppercase letters.
|
CSCsj87562
|
Remote Logging Reports shows wrong information.
|
CSCsj88727
|
ACS Windows and SE Juniper VSAs incomplete.
|
CSCsk06231
|
Renaming NDG with same name but changing case cause devices to disappear.
|
CSCsk09761
|
Called station ID value not logged in passed/failed attempts reports.
|
CSCsk27193
|
Can not use <cr> while entering multiple MAC addresses.
|
CSCsk46283
|
AAA client shows empty shared secret while displaying-Intermittently.
|
CSCsk89270
|
Extra certificates copied into ACS backup file.
|
CSCsk94878
|
Windows password change does not work when PDC Emulator is down.
|
CSCsl14811
|
AND/OR comparisons should be dimmed if Enter OIDs option is disabled.
|
CSCsl14964
|
EAP-TLS fails when CA has Cert Policies Field marked as critical attribute.
|
CSCsl16871
|
CSUtil is stripping username while creating PAC.
|
CSCsl50122
|
ACS SE needs configurable RA timeout value.
|
CSCsl79098
|
ACS does not verify SubjectKeyID / AuthorityKeyID in CertChain building.
|
CSCsl87951
|
Server IP address changed to loopback IP address after upgrade of PingOn patch.
|
CSCsl96222
|
Appliance RDBMS Sync: Failed to connect to FTP server.
|
CSCsl99170
|
Logged in Users not functional in Proxy Scenario.
|
CSCsm07762
|
Drop Down Menu not functional for posture token - do not audit groups.
|
CSCsm20261
|
TCS.log does not show TACACS arguments for requests coming from multi-NAS.
|
CSCsm35434
|
Scheduled replication for logging configuration does not happen.
|
CSCsm36747
|
Increasing memory consumption in the CSAdmin during import process.
|
CSCsm37923
|
Feature Request: ACS to accept multiple lines per AV-pair service.
|
CSCsm43674
|
Fields edited for an upgraded user gives wrong information in AdminstrnAudit.
|
CSCsm45861
|
Windows DB Group Mapping failing when username is in UPN format.
|
CSCsm57566
|
Windows user fails when ODBC has placed above windB in UnkwnUserPolicy.
|
CSCsm60215
|
ACS Appliance has authorization issues with extended attributes.
|
CSCsm64286
|
Request from NAS fails when default NAS is defined under NDG.
|
CSCsm64931
|
NAR does not filter users when "Apply password change rule " is selected.
|
CSCsm66268
|
Group Mapping fails with Ext DB when service-type=10, if there is no NAP.
|
CSCsm69491
|
Disable user accounts still check external databases.
|
CSCsm71037
|
CSAgent does not start after bootup.
|
CSCsm73656
|
Cannot set static IP address.
|
CSCsm76971
|
Remote Agent replication interferes with scalability.
|
CSCsm80294
|
NAR should block users from changing their password.
|
CSCsm81318
|
Windows Remote Agent 'PermittedClients' value not working as expected.
|
CSCsm94926
|
Group name should not contain quotes (` ").
|
CSCsm99518
|
ACS does not log authentication timeouts with Failed Attempts.
|
CSCsm99926
|
ACS 4.1 EAP-FAST provisioning repeatedly prompts for username.
|
CSCso18058
|
Update ASA attribute IETF code 3076/220.
|
CSCso25557
|
Need toggle option for ACS and cross domain authentication.
|
CSCso27533
|
CSUtil should not import device names with length more than 32 characters.
|
CSCso36620
|
Toggle nic command changes AAA server IP address to 127.0.0.1 in GUI.
|
CSCso39795
|
Disable and Enable Network Card in S/W ACS results in Loop Back.
|
CSCso40236
|
Update ACS VSA dictionary to include Nortal VSA.
|
CSCso42219
|
ACS GUI - IP Length Checking should be increased to 16000.
|
CSCso45115
|
ACS-SE: unable to set IP address with last octet being "0" or "255".
|
CSCso48631
|
Authen-failure-code 107 message should be changed.
|
CSCso49824
|
Help about Single connect option on AAA client configuration needs modification.
|
CSCso55280
|
ACS session handling for EAP packet retransmission need improvement.
|
CSCso62885
|
ACS incorrectly parses VSA subattributes.
|
CSCso75686
|
Support for Multiple LDAP servers for MAB.
|
CSCso84928
|
ACS 4.1.4 - Multiple LDAP bindings with wrong user credentials.
|
CSCso87631
|
Authentication request reject during the EAP-FAST(GTC) with NAP.
|
CSCsq00710
|
ACS: RDBMs VSA Import creates invalid vendor length.
|
CSCsq00793
|
Add MS attributes 28-31 to ACS dictionary.
|
CSCsq10103
|
Crafted RADIUS EAP Message Attribute vulnerability.
|
CSCsq12377
|
After Replication, Remote Agent is not working in Slave.
|
CSCsq13749
|
Started and Completed Inbound Replication logs shows different ACS name.
|
CSCsq16917
|
ACS failed to Restore Remote Agent.
|
CSCsq24607
|
Replication creates new CSV report files on the secondary server.
|
CSCsq29364
|
Password change does not work using XP supplicant against AD.
|
CSCsq31732
|
External DB is checked for Cached Expired user (Account Disabled).
|
CSCsq36634
|
CSMON configured for event notification but does not always notify.
|
CSCsq43088
|
ACS: Token Caching for Session not allowing multiple logins.
|
CSCsq45036
|
ACS 4.2 RAC/NAP Authentication - User assigned to Default Group VLAN.
|
CSCsq45858
|
Remote Agent log level should follow ACS Config Provider log level.
|
CSCsq52930
|
With NDG, services not starting after upgrade to ACS 4.1.4.13.9 or ACS 4.2.0.124.1.
|
CSCsq58224
|
Need to select the database for TACSACS+ authentication at NDG level.
|
CSCsq65591
|
Windows authentications fails when ACS install on Windows 2008 member server.
|
CSCsq68508
|
ACS: Tunneling-Protocols missing SVC combo attributes.
|
CSCsq79127
|
CSUpdate does not behave correctly when doing an upgrade.
|
CSCsq81191
|
Problem in initializing the logging component of the RsaDserv.dll.
|
CSCsq86723
|
Need to select the database for TACACS+ authentication at NAS level.
|
CSCsq87007
|
Machine Authentication fail host is not in PrimaryDNSSuffix.
|
CSCsq93877
|
LDAP bind fails first time with clients using RSA token.
|
CSCsq96755
|
ACS needs manual restart to recover machine authentication.
|
CSCsr07796
|
Doc: How to manually uninstall the Remote Agent for the ACS 4.2.
|
CSCsr08890
|
CSUtil import fails when user does not exist.
|
CSCsr08901
|
CSUtil import misleading when given invalid group number.
|
CSCsr56625
|
Telnet service is available once after getting a DHCP address.
|
CSCsr68278
|
ACS 4.2 does not allow a blank TACACS+ key.
|
CSCsr73840
|
ACS does not try all the DBs when dynamic user created and DB is dead.
|
CSCsr77405
|
ACS and RSA version 7.x capability.
|
CSCsr95985
|
CSRadius does not terminate when it cannot bind to its socket.
|
CSCsr97958
|
Replication: password aging on primary does not take effect on secondary.
|
CSCsr98419
|
SSL based EAP authentication fails after replication.
|
CSCsu24347
|
Reporting Needed for Multiple LDAP servers for MAB.
|
CSCsu29010
|
Incorrect Prompt for 'Next Token Code' from RSA.
|
CSCsu35277
|
ACS needs consistent method of ordering MAB LDAP query order.
|
CSCsu39804
|
ACS generates "Internal Error" when supplicant responses with fail.
|
CSCsu42166
|
Incorrect group name in failed attempts report for MAB.
|
CSCsu75688
|
Local PWD Management Restrictions not enforced on TACACS Outbound PWD.
|
CSCsu76869
|
Upgrade fails to list Internal DB under "Selected MAC DB" for MAB.
|
CSCsu79556
|
Replication: NAP enabled, Log config disabled, Log Config replication occurs.
|
CSCsu86423
|
Password expiration warning sent with no warning configured.
|
CSCsu86529
|
ACS attempts to contact RSA server at 0.0.0.0.
|
CSCsu92279
|
ACS Appliance: Config on AAA Server Names is changed after the Reboot.
|
CSCsv04715
|
Excessive logging with "no challenge provided by client".
|
CSCsv05172
|
Notification message is not shown at the end of the configuration.
|
CSCsv10062
|
CSTacacs service restarts frequently.
|
CSCsv12463
|
Package.cab does not contain active log files.
|
CSCsv14521
|
RA per check box should not be replicated with NAP by default.
|
CSCsv45003
|
Update Sybase engine to version 9.0.2.
|
CSCsv46161
|
For disabled users, ACS sends an Access-Reject with empty EAP message.
|
CSCsv49287
|
PEAP-GTC and EAP-TLS might fail after replication.
|
CSCsv65072
|
Importing VSA results in incorrect value added.
|
CSCsv70331
|
Restore from database backup fails to register XML files from Common Services.
|
CSCsv97332
|
LDAP inside NAP not functional after replication in slave.
|
CSCsw18106
|
ASA 8.0: ACS 3076/11 attribute still needs more enumerations for SVC proto.
|
CSCsw37291
|
CSAuth memory leak after replication.
|
CSCsw45464
|
NIC goes administratively down in some 1113 appliances after toggling.
|
CSCsw61276
|
Copyright information needs to be corrected.
|
CSCsw74922
|
Need support of including message of session timeout for EAP-FAST GTC.
|
CSCsw98391
|
TACACS ACS Application does not display a Message of the day (MOTD) Banner.
|
CSCsw99081
|
RSA SecurID Token and LDAP Group Mapping not able to browse full AD tree.
|
CSCsx20586
|
InsistOnDomain should be manual configurable.
|
CSCsx21304
|
File generation error occurred when adding NAC attribute on ACS SE.
|
CSCsx31676
|
EAP performance degrades as load increases.
|
CSCsx33471
|
CSUtil fail if you add and delete users continuously.
|
CSCsx37420
|
CSTacacs service is crashing on ACS 4.2 on Windows 2000 Server.
|
CSCsx47459
|
The ACS server certificate chain will always be trusted by ACS.
|
CSCsx50157
|
ACS: Firefox 3 causes mangled shared secrets.
|
CSCsx50169
|
Connection timeout for ASLog to be reduced.
|
CSCsx79898
|
ACS 4.2 Command Authorization Crashing TACACS.
|
CSCsx95621
|
Events of ACS for Windows are not properly displayed in Event Viewer.
|
CSCsy00896
|
CAA fails to prompt for password change in ACS 4.2.0.124.7 code.
|
CSCsy03746
|
New Airespace attributes 7-11 are missing in ACS dictionary.
|
CSCsy10257
|
Extra failed attempt shows less informations.
|
CSCsy10302
|
ACS SE - CLI password with space or quotation (") causes loss of CLI access.
|
CSCsy14207
|
Two Failed Attempts are created for one authentication failure.
|
CSCsy20277
|
ACS Web GUI becomes unresponsive after making changes to configuration.
|
CSCsy28493
|
Error message occurred when adding a user using CSUtil.
|
CSCsy51412
|
Make the cipher suite selection configurable.
|
CSCsy51419
|
Include user and group configuration information in package.cab.
|
CSCsy53254
|
After RDBMS sync large DB causes: CPU 100% CSAdmin Unresponsive.
|
CSCsy64782
|
ACS caught an exception if EAP fragment has invalid length.
|
CSCsy66599
|
Password reset fails for username as administrator.
|
CSCsy66614
|
Accidental password exposure during password reset.
|
CSCsy68882
|
Fast reconnect fails w/PEAP when outer identity is different from inner.
|
CSCsy74073
|
Incorrect external DB reference in 'unknown user policy' while upgrading.
|
CSCsy76007
|
Database upgraded from ACS 4.0 has RA with empty name.
|
CSCsy76079
|
Auth log shows the user password while doing password change through UCP.
|
CSCsy78568
|
Fails to show help description for few CLI commands.
|
CSCsy79246
|
Wrong error message when CLI admin password contains last ten passwords.
|
CSCsy87086
|
Support for ACS 4.2 in CSACS-1120 appliance.
|
CSCsy93504
|
Cascade replication fails if master key replication is configured.
|
CSCsz08867
|
Merge issue on UCP in 4.2.1.
|
CSCsz09925
|
Server hostname with more than 15 chars causes ACS backup to fail.
|
CSCsz25693
|
LDAP PAP authentications stop working intermittently.
|
CSCsz31543
|
4.2.1 should not be allowed for fresh install.
|
CSCsz32016
|
ACS 4.2 patch 9 takes wrong group authorization attributes for MAB user.
|
CSCsz63498
|
ACS installed on 64-bit machine to work for PAP & MSCHAP against AD.
|
CSCsz66715
|
UCP version must be modified to 4.2.1.
|
CSCsz72292
|
Unable to upgrade to ACS 4.2.1 in 64 bit Windows 2008.
|
CSCsz72298
|
Unable to install ACS 4.2.1 Remote Agent in 64 bit Windows 2008.
|
CSCsz74768
|
CSUtil - Option for dumping configuration information of users and group.
|
CSCsx31676
|
EAP performance degrades as load increases.
|
CSCsz74810
|
SSH option to dump configuration information of users, groups and ACS administrators.
|
CSCsz81288
|
Request to add new fields in user audit log.
|
CSCsz81792
|
Replication component missing when ACS 4.2 dump is restored in ACS 4.2.1.
|
CSCsz82783
|
Logging is misleading when cascade replication delayed.
|
CSCsz86771
|
Invalid string in CSAuth log.
|
CSCsz87427
|
ACS 4.2.1 upgrade allows ACS 4.2 trial to become as licensed.
|
CSCsz93644
|
Unable to access ACS SE console after upgrade.
|
CSCsz94410
|
After configuring SSH FTP settings return to System Configuration page.
|
CSCsz94452
|
AdminAuditInfo file shows wrong info on group permissions.
|
CSCsz94495
|
AdminAuditInfo file in software contains appliance information.
|
CSCsz94562
|
Cipher Suite selection is allowed when no certificate in ACS.
|
CSCsz94633
|
Able to select cipher suites without selecting the "Use the list" option.
|
CSCsz96618
|
Able to select ext. dbs without selecting "check the following ext db".
|
CSCsz96706
|
Check box under failed Report gets enabled after restore of ACS 4.2.0 dump.
|
CSCsz96911
|
Information on Restore from 4.1 backup file needs to be removed in ACS 4.2.1.
|
CSCsz96936
|
ACS 4.2.1 to remove option to restore ACS 4.1 database. To support restore of ACS 4.2 database.
|
CSCta02818
|
Attributes are missing after taking package.cab.
|
CSCta06399
|
Backup - Add hostname does not work in Windows 2000.
|
CSCta07863
|
After upgrade, Global Loggin config options gets unselected.
|
CSCta10548
|
Unable to remove ACS with use of clean utility on Windows 2008 server.
|
CSCta13082
|
Max session for group is missing in GroupAuditInfo.txt.
|
CSCta13337
|
CSTacacs becomes unresponsive intermittently on Windows 2008 server.
|
CSCta17714
|
Page not displayed while creating RAC after selecting 3 comusr.
|
CSCta29722
|
NAC attribute logging fails.
|
CSCta32567
|
Profile data in GroupAuditInfo.txt should have delimiters.
|
CSCta34964
|
AD password change does not try remote domains if username has no domain.
|
CSCta35539
|
Reset Admin not working after ACS 4.2.1.
|
CSCta41339
|
Unable to uncheck support check box under Administration control.
|
CSCta42116
|
ACS 4.2.1 appliance package should allow upgrade only from ACS 4.2.
|
CSCta43892
|
Logging Configuration component missing after upgrade from ACS 4.2 to ACS 4.2.1.
|
CSCta44199
|
Irrelevant error message while adding GUI admin via CLI.
|
CSCta44301
|
Cipher suites are replicated to slave without certificates installed.
|
CSCta47036
|
Enable password missing shows wrong informatiom in userAuditInfo.txt.
|
CSCta48558
|
EAP-FAST master key replication is redundant after manual replication.
|
CSCta49246
|
GroupAuditInfo is different in package.cab and CSUtil file.
|
CSCta53207
|
ACS for Windows box replicates with an ACS SE.
|
CSCta60100
|
NAP sends down Framed-IP-Address from group when configured not to.
|
CSCta61744
|
Remote agent reaches maximum connections limit and does not accept new ones.
|
CSCta62147
|
Slow leak in ACS SE CSAuth memory during replication.
|
CSCta63451
|
ACS 4.2 GUI incorrectly states fast reconnect not supported w/eap-gtc.
|
CSCta65617
|
ACS fails to authenticate users when their base DN is greater than 255 characters.
|
CSCta66819
|
ACS CSLog service stale threads can cause remote logging failure.
|
CSCta68928
|
ACS fails to negotiate selected cipher suites.
|
CSCta68955
|
Fast reconnect fails, when outer identity is username.
|
CSCta69410
|
Tunneling-Protocols value is always '= (null)' in GroupAuditInfo.txt.
|
CSCta69414
|
Replication from master to slave makes all the slave component dirty.
|
CSCta69421
|
Wrong message when import device name with length more than 32 characters.
|
CSCta69425
|
Replication logs needs to be improved.
|
CSCta73160
|
CSAuth crashing in ACS 4.2.
|
CSCta74731
|
Incorrect error message when custom attribute added beyond 255 characters.
|
CSCta75344
|
ACS become unresponsive after changing IP address from static to DHCP.
|
CSCta93979
|
ACS 4.2 returns malformed tunnel-password if > 15 characters.
|
CSCta98045
|
Framed-Ip-Address is not logged in passed authentication report.
|
CSCtb01147
|
Blank Radius Port values are accepted for AAA server.
|
CSCtb06125
|
Outbound replication is triggered immediately after the inbound replicate.
|
CSCtb07726
|
EAP-FAST Mkey and policies replicated twice from middle to slave.
|
CSCtb08136
|
Could not configure RSA SecurID with RSA Agent 7.x.
|
CSCtb11304
|
NDG is not replicating during scheduled replication.
|
CSCtb20776
|
Changes by DBSync/CSUtil not triggering schedule replication for some components.
|
CSCtb22764
|
Memory leak while loading domain cache.
|
CSCtb27702
|
Could not replicate RemoteAgent in schedule replication.
|
CSCtb29022
|
Cipher suite option becomes default after overinstall.
|
CSCtb29060
|
Replication starts when there is change in replication component in the replication page.
|
CSCtb44114
|
UDB_HOST_DB_FAILURE message appears frequently in CSAuth.
|
CSCtb33686
|
Creating DSN in 64 bit ACS.
|
CSCtb31284
|
CSUtil -b creates extra file, when file format contains decimal point.
|
CSCtb44926
|
Upgrade from 4.2 to 4.2.1.10 overrides the cipher values in the ACS DB.
|
CSCtb62208
|
Improve ACS Active Directory TLS support.
|
CSCtb55104
|
Authentication fails against internal database if password contains either u or a.
|
CSCtb47428
|
Unable to edit default AAA server shared secret key.
|
CSCtb63994
|
Password change is failing when Apply Password Change Rule field is configured.
|
CSCtb75403
|
CSAuth crash in appliance during multi forest test - RA on 64 bit Windows 2008.
|
CSCsh42898
|
Key Wrap description still under EAP TLS section in short help.
|
CSCsm20214
|
ACS 4.2 uninstall fails when read-only file is in program files folder.
|
CSCso44662
|
Doc problem with upgrade path.
|
CSCso55299
|
Help in Support page gives wrong info about service restart.
|
CSCso61543
|
Configuring Remote Agent for Domain Controller Authentication.
|
CSCso68370
|
"set dbpassword" is not working in CLI.
|
CSCsq11763
|
Help not available for Remote Agent Configuration under Replication.
|
CSCsq28953
|
CSAuth crashes during outbound replication.
|
CSCsq46254
|
ACS SE 1113 has flashing amber light on front panel.
|
CSCsq72908
|
Junk character gets added in secret value field when creating new NDG.
|
CSCsq76020
|
UCP support Japanese Windows.
|
CSCsq77689
|
Help section not available for the new option to select ext DB in NDG.
|
CSCsq79080
|
ACS SE 1113 power requirements improperly documented.
|
CSCsu57008
|
Doc- Support for Win/AD 2008 should go into doc.
|
CSCsv02441
|
Reimaging installation process is incomplete.
|
CSCsv04865
|
ACS SE 1112 Enable Ping instructions unclear.
|
CSCsv04886
|
ACS SE Reimaging the SE section needs update.
|
CSCsw37321
|
Improve diagnostic logging for group mapping of AD users.
|
CSCsw43074
|
Maximum characters allowed in the AAA client IP is not documented.
|
CSCsw78364
|
ACS User Guide should say Machine Password change with AD not supported.
|
CSCsx46876
|
Exception can occur with CSAuth compiled in debug mode.
|
CSCsz92605
|
Remove the unwanted up and down buttons from Cipher selection.
|
CSCta05746
|
Online documentation needs to be updated on Cipher Suite Selection.
|
CSCta41347
|
Access denied to "SSH FTP Settings" when support is unselected in admin.
|
CSCta62633
|
ACS 4.2.1 - Readme needs to be updated.
|
CSCtb10522
|
Selecting search result from Online documentation is not working.
|
CSCtb33852
|
Edit CTL section needs to be updated in the user guide.
|
CSCtb38601
|
Diagnostic logs needs to be improved for replication flows.
|
CSCtb82999
|
CSlogAgent crash observed during remote logging with remote agent.
|
CSCtb85227
|
Client side validation required for "configurable radius port" feature.
|
CSCtb85495
|
SE Status page should not show default RDS port as opened after changed.
|
CSCtb87659
|
ACS GUI page not displayed. Unstable after changing ACS communication port.
|
CSCtb87732
|
Successful/failed changes by DBsync replicates some components by default.
|
CSCtb88490
|
In Slave after replication, Interface Configuration page shows Cannot switch off NDGs.
|
CSCtb90906
|
User guide to be updated for RSA support in 4.2.1.
|
CSCtb91507
|
CSUtil import using ONLINE statement throws exception.
|
CSCtb99885
|
Intermittent CSAuth crash while replication when first replication is in progress.
|
CSCtc17025
|
Remote Logging config lost after changing ACS Communication Port.
|
CSCtc17033
|
Service Restart takes more time after enabling disabling ACS Communication port.
|
CSCtc41491
|
ACS auth.log Error 1808L and event log Error Code: 0xc0000199.
|
CSCtc54696
|
ACS: Crash in CSDBSync.
|
CSCtc67489
|
CSRadius service might stop if it receives a malformed request.
|
CSCtc67739
|
Windows Remote Agent Selection is not replicated during scheduled rep.
|
CSCtc81506
|
Correction in diagnostic log.
|
CSCtc84255
|
Could not configure RSA SecurID in appliance.
|
CSCtc90082
|
Restoring both user and SysConf when only UserAndGroupDB is selected.
|
CSCtc94007
|
RADIUS Ports are not replicating when sent with NAP.
|
CSCtc93636
|
No Warning message is displayed for password expiry.
|
CSCtd00510
|
Need ACS Services restart in proxy auth with RADIUS port change.
|
CSCtd15941
|
Manual restart needed after change the radius port no for authentication.
|
CSCtd18667
|
Client side validation required for ACS Service Connection Timeout.
|
CSCtd19858
|
ACS Replication may fail with bad secret.
|
CSCtd30608
|
Timeout during RSA SecurID authentication in appliance.
|
CSCtc86913
|
CSAuth hangs occasionally as replication flow is not able to delete temporary table.
|
CSCtd18394
|
CSlogAgent crashed when changing logging level in ACS Service Control.
|
Documentation Updates
This section provides the following documentation updates:
•Omissions
•Changes
•Updates
Omissions
Flashing Amber Light on Front Panel of ACS SE 1113
In the online Installation Guide for Cisco Secure ACS Solution Engine 4.2, the following information was omitted from the Front Panel Features for the Cisco 1113 section in Chapter 1:
When ACS 4.1 or ACS 4.2 is run on the ACS SE 1113 appliance, an amber light flashes on the front panel of the 1113 appliance.
ACS for Windows Server UCP Requirements
In the online Installation Guide for Cisco Secure ACS for Windows 4.2, the following information was omitted from Table1-1 ACS for Windows Server UCP Requirements in Chapter 1.
•Japanese Windows 2003 server, Service Pack 2, Enterprise Edition.
•Japanese Windows 2003 server, Service Pack 2, R2, Enterprise Edition.
•Japanese Windows 2003 server, Service Pack 2, Standard Edition.
•Japanese Windows 2003 server, Service Pack 2, R2, Standard Edition.
This information pertains to the minimum requirements for User Changeable Password (UCP) Web Server Product Documentation.
Number of Characters for AAA Client IP Configuration
In the online User Guide for Cisco Secure Access Control Server 4.2, the following information was omitted from the AAA Client IP Address section, in Configuring AAA Clients, Chapter 3.
The maximum number of characters that can be configured for a AAA client IP configuration varies for different version of ACS. The following table provides details on the number of characters that can be used for different releases of ACS.
Table 3 Number of Characters
Release Version
|
Size of IP-List
|
4.1.1.23
|
1024 characters
|
4.2.0.124
|
4096 characters
|
4.2.1
|
16k
|
Changes
Permission for the AD folder
In the online Installation Guide for Cisco Secure ACS Solution Engine 4.2, Chapter 2, Configuring for Domain Controller Authentication section, Step 4b on granting permission for the AD folders needs to be changed to:
1. To grant permission for AD folders, access AD by using the MMC or open Active Directory Users and Computers.
2. Right-click on USER folder, select Delegate Control, and add the above created domain user.
Collect Log files
In the online User Guide for Cisco Secure Access Control Server 4.2, Chapter 7, Running Support section, the following changes need to be made:
•From Step 3, the following information needs to be removed:
If you select this option, ACS services are not restarted during the generation of package.cab.
•After Step 6, the following needs to be added:
a. A message appears, displaying Services will restart.
b. Click OK.
Updates
Change Password with AD
In the online User Guide for Cisco Secure Access Control Server 4.2, Chapter 12, Windows User Database Configuration Options, MS-CHAP Settings section, the following Note must be added to this section:
Note Changing the machine password with AD is not supported.
Enable ICMP Ping
In the online Installation Guide for Cisco Secure ACS Solution Engine 4.2, Chapter 3, Enable ICMP Ping section, Step 1 and the Note need to be revised.
Extract the files in the applAcs_4.x-PingTurnOn_CSCsf15057_Patch.zip folder to the windows system that runs the .bat file.
Note To enable ICMP ping, you must copy the applAcs_4.x-PingTurnOn_CSCsf15057_Patch.zip file to a windows system that runs the .bat file. After this, you must install the applAcs_4.x-PingTurnOn_CSCsf15057_Patch.zip file on the appliance.
Uninstalling ACS Remote Agent for Windows Manually
In the online Installation and Configuration Guide for Cisco Secure ACS Remote Agents 4.2, Chapter 2, Uninstalling ACS Remote Agent for Windows, the information on uninstalling the ACS Remote Agent needs to be revised.
If you cannot uninstall Remote Agent for Windows via the control panel, you can uninstall the Remote Agent for Windows manually.
To uninstall the Remote Agent for Windows manually:
Step 1 Navigate to the system registry and delete the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CiscoSecure ACS Agent registry key.
Step 2 Navigate to C:\Program Files\Cisco and delete the CiscoSecure ACS Agent folder.
Step 3 Delete the HKEY_LOCAL_MACHINE\SOFTWARE\Cisco\CiscoSecure ACS Agent registry key.
Remote Agent for Windows is uninstalled.
Re-imaging the Solution Engine Hard Drive
In the online Installation Guide for Cisco Secure ACS Solution Engine 4.2, Chapter 4, Reimaging the Solution Engine Hard Drive section, the following updates need to be made:
•Step 1 needs to be updated to:
Connect an external keyboard and monitor to the video and keyboard ports. For the location of these ports, see Figure 1-3.
•The result for Step 3 and Step 4, needs to be updated to:
Result: The monitor displays.
•The result for Step 5 needs to be updated to:
Result: The appliance processes the new image (reimaging might take approximately 50 minutes) while displaying odd characters and then displays the following message on the console.
•The following note must be added to Step 5.
Note ACS 4.2 provides three CDs for the installation process. During the middle of the installation process, you will be prompted to insert the second CD.
Back Panel Features for the Cisco 1113
In the online Installation Guide for Cisco Secure ACS Solution Engine 4.2, Chapter 1, the table for Figure 1-3, the description for No.5 needs to be updated to:
Video connector is supported.
Updates to the Release Notes for the Cisco Secure Access Control Server 4.2.1
Table 4 provides the details of the updates made to the Release Notes for the Cisco Secure Access Control Server 4.2.1.
Product Documentation
Note We sometimes update the printed and electronic documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.
Table 5 describes the product documentation that is available. To find end-user documentation for all the products on Cisco.com, go to:
http://www.cisco.com/go/techdocs
Related Documentation
Note We sometimes update the printed and electronic documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.
Table 6 describes the related documentation that is available.
Notices
The following notices pertain to this software license.
OpenSSL/Open SSL Project
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
This product includes software written by Tim Hudson (tjh@cryptsoft.com).
License Issues
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.
OpenSSL License:
Copyright © 1998-2007 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".
4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.
5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following acknowledgment:
"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS"' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).
Original SSLeay License:
Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
The implementation was written so as to conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).
Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgement:
"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)".
The word `cryptographic' can be left out if the routines from the library being used are not cryptography-related.
4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)".
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0910R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Release Notes for the Cisco Secure Access Control Server 4.2.1
© 2009 Cisco Systems, Inc. All rights reserved
Feedback
