Downloads |
 Feedback
|
Table Of Contents
Release Notes for Cisco Secure ACS 4.1.2
RADIUS Key Wrap Extended to All EAP Protocols
Installation Notes for ACS 4.1.2 for Windows
Upgrade Path for ACS 4.1.2 for Windows
System Requirements for ACS 4.1.2 for Windows
Installing ACS 4.1.2 for Windows
Installation Notes for ACS 4.1.2 Solution Engine
Upgrade Path for ACS 4.1.2 Solution Engine
Installing ACS 4.1.2 Solution Engine
Obtaining Documentation, Obtaining Support, and Security Guidelines
Release Notes for Cisco Secure ACS 4.1.2
Revised: June 07, 2007, OL-13026-01CDC Date June 07, 2007
These release notes describe Cisco Secure Access Control Server (ACS) version 4.1.2. These release notes contain information for the Windows and Solution Engine platforms. Where necessary, the appropriate platform is clearly identified.
Contents
Obtaining Documentation, Obtaining Support, and Security Guidelines
Introduction
ACS 4.1.2 is a maintenance release for ACS 4.1 that consolidates ACS 4.1 customer patches, and resolves other customer and internally found defects. ACS 4.1.2 is available through the Cisco Technical Assistance Center (TAC) only for existing ACS software deployments.
This release includes the 4.1.2 software image.
CautionYou cannot upgrade from ACS 4.1.3 to 4.1.2, or from 4.1.2 to 4.1.3, and you cannot downgrade from 4.1.2 to 4.1.1.
New and Changed Information
ACS 4.1.2 contains information for the enhancement—RADIUS Key Wrap Extended to All EAP Protocols.
RADIUS Key Wrap Extended to All EAP Protocols
RADIUS Key Wrap is extended to all EAP protocols; previously, RADIUS key wrap was available only for EAP-TLS.
In previous ACS releases the Allow RADIUS Key Wrap check box resides in the EAP-TLS section of the Network Access Profiles > Protocols page.
ACS 4.1.2 has moved the Allow RADIUS Key Wrap check box to the top of the EAP Configuration section, in the new Key-Wrap area.
Product Documentation
Table 1 lists the product documentation for ACS 4.1.2.
Table 1 Product Documentation
Documentation Guide for Cisco Secure ACS 4.1
•
•
•
http://www.cisco.com/en/US/products/sw/secursw/ps5338/
prod_release_notes_list.htmlRelease Notes for Cisco Secure ACS 4.1
ACS 4.1 features, documentation updates, and resolved problems. Available on Cisco.com:
http://www.cisco.com/en/US/products/sw/secursw/ps2086/
prod_release_notes_list.htmlRelease Notes for Cisco Secure ACS 4.1.2
New features, documentation updates, and resolved problems. Available on Cisco.com:
Product online help
Help topics for all pages in the ACS web interface. Select an option from the ACS menu; the help appears in the right pane.
User Guide for Cisco Secure ACS 4.1
ACS functionality and procedures for using the ACS features. Available in the following formats:
•
•
•
sw/secursw/ps2086/products_user_guide_list.htmlSupported and Interoperable Devices and Software Tables for Cisco Secure ACS 4.1
Supported devices and firmware versions for all ACS features. Available on Cisco.com:
http://www.cisco.com/en/US/products/sw/secursw/ps2086/
products_device_support_tables_list.htmlInstallation and User Guide for User Changeable Passwords 4.1
Installation and user guide for the user-changeable password add-on. Available on Cisco.com:
http://www.cisco.com/en/US/products/sw/secursw/ps2086/
prod_installation_guides_list.htmlConfiguration Guide for Cisco Secure ACS 4.1.
Provides provide step-by-step instructions on how to configure and deploy ACS.
Available on Cisco.com:
Installation Guide for Cisco Secure ACS 4.1 Windows
Details on installation and upgrade of ACS software and post-installation tasks. Available in the following formats:
•
•
sw/secursw/ps2086/prod_installation_guides_list.htmlInstallation Guide for Cisco Secure ACS Solution Engine 4.1
Details on ACS SE 1112 and ACS SE 1113 hardware and hardware installation, and initial software configuration. Available in the following formats:
•
•
prod_installation_guides_list.htmlRegulatory Compliance and Safety Information for Cisco Secure ACS Solution Engine 4.1
Translated safety warnings and compliance information. Available in the following formats:
•
•
•
http://www.cisco.com/en/US/products/sw/secursw/ps5338/
prod_installation_guides_list.html.Installation and Configuration Guide for Cisco Secure ACS Remote Agents
Installation and configuration guide for ACS remote agents for remote logging. Available in the following formats:
•
•
Known Caveats
Table 2 contains known caveats in ACS for Windows and Solution Engine 4.1.2. You can also use the Bug Toolkit to find open bugs.
Table 2 Known Caveats in ACS Windows and Solution Engine 4.1.2
CSCea91690
Event Viewer errors on startup/shutdown in .NET
Symptom On Windows .Net Server 2003 shutdown and startup you may see errors that falsely indicate that Cisco Secure ACS service have failed. At startup, you may see a dialog box indicating that a service, such as CSLog, encountered a problem and needs to close. The same error logged to Event Viewer, as in the following example:
"Reporting queued error: faulting application CSLog.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000."
The problem is that in Windows Server 2003, the Service Manager queries the Cisco Secure ACS services status during startup and shutdown, but Cisco Secure ACS services may not have started yet or may have stopped already. Even though this is normal behavior for Cisco Secure ACS services, Windows perceives this as an error and logs it to the Event Viewer.
On startup, all errors from event viewer displayed to user, which is why, when users logs into Windows right after startup, they see errors from the previous login session.
This behaviour observed on Windows Server 2003 only.
Workaround
CSCec72911
Win2003-password aging page display issue
Symptom ACS is installed on Windows 2003 Server and Password Aging feature is enabled. Only the option "Generate greetings for successful logins" in Password Aging settings is checked. After pressing Submit or Submit + Restart ACS for the first time displays the valid error message: "Error: Generation of greetings on successful logins requires at least one password aging rule to be configured". But on the second press to one of these buttons page bwrong error "active canceled" or "the page connot be displayed" is shown.
Conditions
Workaround
CSCee89510
dates are logged in local time instead of GMT
Symptom NAC attributes that are in date format are in GMT timezone. When ACS logs these attributes, it converts them to ACS local timezone (the timezone of the ACS server).
Workaround
CSCef85310
Group dACL is downloaded if Users dACL content is empty
Symptom It is possible to define an ACL with an empty content. Following this defect, if a user with an empty ACL, belongs to a group on which a non-empty ACL is defined, authenticates, the ACL of the group is downloaded to the device, instead of the user's one. (While the user's dACL content is not empty, it is downloaded to the device, as it should).
Workaround
CSCef96208
ACS reports incorrect privilege level
Symptom ACS may report users with the incorrect authorized privilege level. In particular, when using TACACS+ user who are correctly being authenticated with a privilege level of 15 are being reported with a level of 1.
Workaround
CSCeh13105
WinDB maps all other combinations instead of selected groups
Symptom Mapping an AD group to an ACS group may fail. After configuring a map, the result may be that the AD group which was selected is now mapped to the "all other combinations" group instead of the intended group.
Workaround
CSCeh52700
AD expired-user passed EAP-TLS authentication; should be rejected!
Symptom EAP-TLS authentication will still pass for users in Active Directory even if their account has expired - no error is given from ACS.
Conditions
Conditions
CSCeh60564
AD locked-out User passed EAP-TLS authentication, should be rejected!
Symptom EAP-TLS authentication will still pass for users in Active Directory even if their account is locked-out. There is no error indication from ACS.
Conditions
Workaround
CSCeh79954
EAP-TLS time of day restriction in AD doesn't fail user - authen succ
Symptom EAP-TLS authentication of users in Windows Active Directory will still pass when a users time-of-day setting (located in AD) is outside the hours they are allowed - no error is given from ACS.
Conditions
Workaround
CSCeh86479
CSUtil import -85 errors to be changed to info msg-not error
Symptom The csutil utlity with the options -n, -g, and -u may print an ODBC error message similar to the following:
ODBC Error. Message=[Sybase][ODBC Driver][Adaptive Server Anywhere]Communication error, SqlState=08S01, NativeError=-85Conditions
Workaround
CSCsb19051
TCP checksum error from CiscoSecure ACS Solution Engine 1111
A Cisco Secure Access Control Server Solution Engine (ACS SE) 1111 (CSACSE-1111-UP-K9) may generate transient TCP Checksum errors which may cause error logging on other devices in the network. In particular, Cisco switches would generate the following error message:
%IP-3-TCP_BADCKSUM:TCP bad checksum.
The cause of the error is the NIC Software Driver. Not every packet being transmitted will be affected. Given that TCP will retransmit any unacknowledged packet, the system will recover. Excessive logging of the error message within the network might occur. The problem only affects TCP packets; therefore, TACACS may be affected, while RADIUS will not. This problem might also occur on an ACS SE 1112 (Quanta).
Workaround
CSCsb27597
Limitation on the custom attributes (of 31k as CSAdmin indicates)
Symptom In the T+ Settings per User/group Configuration page, which is accessed from the Interface Configuration page, if you add 1201st entry in the custom attribute field, the browser crashes. The custom attribute field is currently limited to 31KB (which is around 1200 attributes).
Workaround
CSCsb93223
Policy created when template profile not added upon error
Symptom If for any reason, when using the NAC 802.1x template, you cannot create a profile (for example, Global Authentication Setup is not configured properly), an internal posture validation policy is created in any case.
Workaround
CSCsb95897
ACS cant display long list of Disabled accounts correctly
Symptom The ACS web interface has problems in displaying disabled accounts lists if they contain several pages. Next is working as needed, but Previous is available only once.
Workaround
CSCsc41638
ACS doesn't check if the CA certificate that issued to user exist in CTL
Symptom A user who presents a certificate in EAP-TLS or EAP-FAST/EAP-TLS may be authenticated; even though the ACS machine no longer trusts the certificate issuer.
Workaround
CSCsc63854
ODBC Mapping exists after restoring image created on software
Symptom After restoring the appliance image from the software version of ACS 4.0.1, there is still ODBC configuration in Unknown User Policy and in NAP/Authentication.
Workaround
CSCsc77154
Proxy authentications fail when no DHCP is present at installation
Symptom When an ACS appliance is installed where the IP configuration is manual (for example, no DHCP server), subsequent proxy authentications may fail.
The ACS Appliance will proxy the authentication packets to an incorrect ip address, while the proxy configuration still presents the default appliance name of deliverance1.
Workaround
1.
2.
3.
4.
CSCsc90467
After Install from Recovery CD, no CLI access.
Symptom This problem occurs on ACS SE 1111 (HP), when performing a full upgrade including appliance base image. When installing from the ACS SE 1111 (HP) Recovery CD, after installation completes, the ACS SE reboots, performs some configurations, and reboots again. The configurations that occur after the first reboot take a significant amount of time, during which there is no feedback, which is normal system behavior. After this time, the CLI Initial Configuration screen should appear, but does not.
Conditions
Workaround
CSCsd18172
After Installing Appliance the default windows IP remains in the AAA ser
Symptom If the user does re-image from the ACS SE CD (quanta model 1112), they should NOT connect the device on the network during the installation. During installation, the configuration (such as hostname, IP) can be some bogus information. After the reboot, using console port to reset the hostname and IP address.
Workaround
CSCsd88833
Manual setup of ip configuration failed, cli is not foolproof enough
Symptom An ACS Appliance may not operate correctly after installation, if there were any problems or changes with the IP addressing. In particular, if there is no DHCP server, or the DHCP server is configured incorrectly, or if the installation occurs with the NIC disconnected.
Workaround
CSCsd91218
Appliance filter may not work if during initiate config set invalid ip
—
CSCsd93779
Backup every X minutes is not functioning for specific configuration
—
CSCsd94022
Shifting system clock forward disrupting scheduled backup proccess
—
CSCsd98589
authentications fail when NIC reconnected after reboot
Symptom Authentications on an ACS Appliance may fail after the following sequence of events:
1.
2.
3.
Workaround
CSCse01363
Appliance Configuration page is not replicated from Quanta 4.0.1.42
—
CSCse04125
SNMP ports in Appliance S27 can get wrong values
—
CSCse69819
Custom UDV, Replication don't replicate. Faiulre to create on secondary
Symptom When try to create a custom UDV on a secondary ACS server, you get the message of: Vsa attribute [UDV-Vendor-Attribute] already defined by vsa vendor [UDV-Vendor]. Must be unique
Conditions
Workaround
CSCsf13603
Cisco-PEAP authentication against RSA API server provide an error msg
Symptom Working with RSA API as the external DB, and trying to Auth using funk. The Supplicant is using CISCO - PEAP authentication. in the log the following lines appears:
AUTH 10/03/2006 16:20:00 I 0396 3396 External DB [SecurID.dll]: Response from user [rsauser] with state [0]
AUTH 10/03/2006 16:20:00 I 0396 3396 External DB [SecurID.dll]: NULL response supplied
AUTH 10/03/2006 16:20:00 I 0396 3396 External DB [SecurID.dll]: SecurID_AbortSession state [0]
AUTH 10/03/2006 16:20:00 E 0396 3396 External DB [SecurID.dll]: Invalid session state detected [0]CSCsf16737
CSAuth/CSAdmin/CSRadius/CSTacacs are not started up after reboot
Symptom After system reboot, the following Services are not started up when Windows service, "Windows Firewall/Internet Connection Sharing (ICS)" is started:
•
•
•
•
Workaround
or
Workaround
CSCsf25057
ACS support for TACACS single-connection
Symptom ACS does not support the TACACS single-connect flag.
Workaround
CSCsg19044
Acs syslog/ODBC configuration missing listing for trend, mcafee, qualys
Symptom Under system configuration, logging configuration, configure failed attempts or passed attempts for syslog and ODBC. The attributes for trend, qualys and mcafee are not listed in either column but are listed under the CSV configuration.
Conditions
Workaround
CSCsg24408
ACS Syslog facility needs to be configurable for localX, not fixed AUTH
Symptom Currently ACS doesn't state what facility is used in the system specifications as far I as I have read into them. I had to trace the traffic coming from ACS that was destined for my syslog server on port 514 to determine what facility was being used.
Workaround
CSCsg40727
ACS 4.0: RDMS fails account action 220 250 with Synchronization Partners
Symptom - NDG is not getting added to "Synchronization Partners", but an additional (duplicated) entry is getting added to "primary" - AAA-Client may can't be deleted anymore afterwards
Conditions
Workaround
CSCsg56677
After upgrade re-authenticate EAP-FAST user with UPN or SAM format fails
Symptom When authenticating user with SAM/UPN format (Domain\username or username@domain) on ACS 4.0.1.49 or ACS 4.1, it succeeds at the first time and also after trying to re-authenticate with the same PAC. However, if we try to upgrade ACS 4.0 (i.e. 4.0.1.27, 4.0.1.42/43/44) to build 4.0.1.49 or to ACS 4.1, we will see that the re-authentication (i.e. stateless session resume) will fail with the error - "Access denied:fast-reconnect was successful but user was not found in cache". This bug has the same behavior as describe in CSCsd82223, but after performing the above upgrade.
Workaround
Case #1: Customers using Manual PAC provisioning. Advise a customer to reprovision PACs with correct usernames (i.e. usernames containing domains).
Case #2: Customers using Automatic PAC provisioning. Advise a customer to do the next workaround: 1. Set the next values for the EAP-FAST settings (see EAP-FAST Configuration page) : Active master key TTL = 1 hours Retired master key TTL = 2 hours Tunnel PAC TTL = 30 minutes Authorization PAC TTL = 10 minutes
Note
1.
2.
3.
CSCsg96534
ACS support for Windows 2003 R2 needs clarification.
Symptom ACS 4.1 and previous releases have not been tested on Windows 2003 server R2. Authentication to ACS on this platform might have unpredictable results. The release notes and documentation might not make it clear that there is a distinction between Windows 2003 and Windows 2003 R2.
Conditions
Workaround
CSCsh42920
Online help has old Key Wrap functionality description.
Symptom RADIUS Key Wrap was extended to all EAP protocols instead of only EAP-TLS.
Workaround
CSCsh77806
EAP-TLS will fail authentication if name contains forward slash /
Symptom EAP-TLS users authenticating to ACS (and in turn to Active Directory) fail authentication if the Distinguished Name returned from the LDAP server contains a forward slash. Logs from the ACS will cite this as a permissions issue and do not make it clear that it's the format of the username at fault.
Conditions
Distinguished Name: CN=Lastname\, Firstname Department1/Department2,OU=....but presumably will be seen in any instance in which the Distinguished Name contains a forward slash. Windows Domain controllers will allow the forward slash as a part of the username and do not appear to use an escape character prior to the forward slash (the above example does include an escape character prior to the comma).
Workaround
Further Problem Description:
Issue is possibly a bug in Microsoft's handling of the forward slash character. Since this character is used as a separator in LDAP, the LDAP replies back should be padded with a backslash prior to the forward slash.
CSCsh90602
MAB no more functional after installing accumulative patch 4.1.1.23.3
Symptom After installing the Accumulative Patch 4.1.1.23.3 on ACS 4.1.1.23 the Mac Authentication Bypaas feature is no longer functional. The Failed Attempts.csv file shows the following error -
Authentication protocol is not allowed for this network access profile.Workaround
Note
After you apply the patch, if:
•
•
This correction retains the ACS 4.1 functionality for MAB and the ACS 4.0 functionality for MAC authentication.
CSCsh95071
Database replication does not propagate certain log settings
Symptom After customizing the columns to log configuration on the primary, the corresponding settings are not replicated to the secondary servers.
Conditions
Workaround
CSCsi04187
ACS: MS-PEAP Machine authentication fails with host/<dns name> format
Symptom PEAP MS-CHAP machine authentication will fail with machine not found if host/<dns name> format is sent from client. This only happens if the machine is authenticating to a domain forest that the ACS is not a member of.
Conditions
Workaround
CSCsi10581
CSlogagent application error/crashes
Symptom ACS Remote Agent 4.1.1.23.
MS is faulting cslogagent.exe because of module msvcrt.dll.
Workaround
CSCsi13785
ACS won't replicate users previously set for dynamic mapping
Symptom ACS Database replication may inappropriately flag users as "learned dynamically" and fail to replicate them in certain cases.
Conditions
•
•
•
Conditions
CSCsi17499
Remote password change setting isn't replicated
Symptom The setting of the remote password management feature, found under Local Password Management in the System Configuration tab, is not replicated from the primary ACS server to any of the secondaries.
Conditions
Workaround
CSCsi50359
Enable authentications are rejected with Internal Error message
Symptom Users on CatOS switches are denied enable authentication, even though they're entering the correct password. Login authentications work correctly.
Conditions
Workaround
CSCsi55085
ACS services not started after replicate/reboot on machine with dual cpu
Symptom ACS services are not started when rebooting Secondary ACS machine within 30 minutes after the DB replication.
Conditions
Workaround
CSCsi56892
'Logged Remotely' Radius Attribute not available for Remote Agent Log
Symptom 'Logged Remotely' Radius attribute is not available to be chosen in the Remote Logging section of Radius Accounting.
Conditions
Workaround
CSCsi60213
Last character of RADIUS IETF attr 81 is truncated
Symptom Accounting reports show that the last character on VLAN id for 802.1x supplicants is truncated. The clients are placed on the correct VLAN, however.
Conditions
Workaround
CSCsi62622
system replication partners table empty
Symptom -ACS replication Master GUI is not visually populating the partner replication table with the slave hostname/IP address
Conditions
Workaround
1.
2.
3.
4.
FURTHER PROBLEM DESCRIPTION:
-DE does not see the issue rectified in v4.1.1b23 patch 4.
CSCsi63656
Unknown Radius Token Server after replication.
Symptom After replication users show up with a Database of 'Unknown Radius Token Server'.
Conditions
Workaround
1.
2.
CSCsi65427
ACS SE: Hostname greater then 15 characters locks out GUI and CLI
Symptom After initial setup of the ACS Appliance the user is prompted to reboot the SE. After the reboot CLI and GUI access is lost and can not be regained with out reinstalling the SE.
Conditions
Workaround
CSCsi71613
Cannot login to UCP when password contains an '&' symbol
Symptom If a user wants to change their password in UCP, but their current password contains an '&' in it, then the user will be unable to login to the UCP application to begin the password change process.
The error in the ACS logs shows:
AUTH 11/04/2007 11:27:52 E 2489 1180 Plain DB pass check for 30419 failedConditions
Workaround
CSCsi78265
CSRadius mem leak when some MS RADIUS Attributes are selected in group
—
CSCsi82393
CiscoAAA Event ID 5 error in Windows Event Viewer|Applcaition log
Symptom Event ID (5) in Source (CiscoAAA) error generated in MS Windows Application Event log on the primary ACS every time when ACSs is replicating its database.
Conditions
Workaround
CSCsi84005
During stresses of EAP-FAST(TLS/GTC inner)+LDAP on Dual CPU CSAuth crash
—
Resolved Caveats
Table 3 contains the resolved caveats for ACS 4.1.2. Check the Bug Toolkit on Cisco.com for any resolved bugs that might not appear here.
Installation Notes
This section contains installation information for ACS 4.1.2.
Installation Notes for ACS 4.1.2 for Windows
This section contains:
•
•
•
Upgrade Path for ACS 4.1.2 for Windows
Cisco tested the upgrade to ACS for Windows Server 4.1.2 from release 4.1. For ACS 4.1 updgrade paths, see the Installation Guide for Cisco Secure ACS for Windows 4.1.
Note
System Requirements for ACS 4.1.2 for Windows
The system requirements for ACS 4.1.2 are the same as for ACS 4.1. For information on supported operating systems and web browsers, see the Installation Guide for Cisco Secure ACS for Windows 4.1.
Installing ACS 4.1.2 for Windows
You must have ACS 4.1 installed before you install ACS 4.1.2. ACS 4.1.2 is available through the Cisco Technical Assistance Center (TAC) only for upgrading existing ACS software deployments. The installation instructions for ACS 4.1.2 are the same as for ACS 4.1. For information about installing ACS, see the Installation Guide for Cisco Secure ACS for Windows 4.1.
Installation Notes for ACS 4.1.2 Solution Engine
This section contains:
•
•
Upgrade Path for ACS 4.1.2 Solution Engine
Cisco tested the upgrade to ACS Solution Engine 4.1.2 from release 4.1. For ACS 4.1 upgrade paths, see the Installation Guide for Cisco Secure ACS Solution Engine 4.1.
Installing ACS 4.1.2 Solution Engine
ACS 4.1 is pre-installed on the 1113 appliance. The ACS 4.1.2 Solution Engine upgrade package is available through the Cisco Technical Assistance Center (TAC) only for upgrading existing ACS software deployments. The installation instructions for ACS 4.1.2 Solution Engine are the same as ACS 4.1. For information about installing ACS, see the Installation Guide for Cisco Secure ACS Solution Engine 4.1.
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
CCVP, the Cisco logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networking Academy, Network Registrar, Packet, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0705R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2007 Cisco Systems, Inc. All rights reserved.
