Manualsbrain.com
  1. Handbücher
  2. Marken
  3. Cisco
  4. Cisco MGX-FRSM-HS2 B Serial Frame Service Module

Cisco Cisco MGX-FRSM-HS2 B Serial Frame Service Module

Download
Seite von 32
29
Release Notes for Catalyst 6500 Series Switch SSL Services Module Software Release 3.x
OL-9138-05
Caveats
All connections enter ESTABLISHED state in TCP before the HTTP requests are sent on any 
of the connections. 
The HTTP requests are more than three times the size of the negotiated MSS value. 
Workaround: Do one of the following:
Stabilize the real server so that it is reachable.
If the SSLM is used with a Content Switching Module (CSM), enable the health probe for a real 
server on the CSM. (CSCed53976)
When you upgrade an SSLM that is configured with the default configuration to software release 
3.1(1) and boot up the module for the first time, the console displays a “Would you like to enter the 
initial configuration dialogue?” message. If you do not reply to the message, or if you reply “yes” 
to the message but do not complete the initial configuration, the module might reboot after a few 
minutes. 
Workaround: Complete the initial configuration, or reply no to the message. (CSCek39233)
When the SSLM configuration contains an expired certificate authority certificate, the module resets 
after downloading the certificate revocation list (CRL).
Workaround: Remove expired certificate authority certificates from the configuration. 
(CSCin70309)
If you delete the route to the real server from the SSL proxy VLAN, and then configure another SSL 
proxy VLAN with the same network as the server IP address, the SSL proxy service goes into a 
“down” state, and the proxy status shows “No Server VLAN,” even though the real server is 
reachable from the SSLM. 
Workaround: Save the configuration, and reset the SSLM. (CSCee46096)
On systems that are running Catalyst operating software on the supervisor engine and are configured 
with high availability, if you reset the SSLM after a switchover, the supervisor engine displays the 
following error:
Error: Module mod didn't shutdown complete within 3 min.Module resetting...
The supervisor engine then successfully resets the SSLM. (CSCec69592)
If you add a trailing slash (/) to the url value in the enrollment url url command for a trustpoint, 
the SSLM sends the following GET request during certificate authority authentication:
GET //pkiclient.exe?operation=GetCACert&message=t1 HTTP/1.0
The pkiclient.exe file is usually located in the /cgi-bin/ directory of the certificate authority server.
Workaround: Do not enter a trailing slash (/) to the url value in the enrollment url url command 
for a trustpoint. (CSCed33492)
Automatic enrollment might not work correctly if the router does not have a hardware clock 
(calendar) or if you have not configured a Network Time Protocol (NTP) server. 
Workaround 1: Remove the auto-enroll configuration, and then reconfigure auto-enroll to reset the 
clock manually.
Workaround 2: Reset the enrollment timer by doing the following:
a.
Copy the crypto pki trustpoint trustpoint_label and crypto pki certificate chain name 
command information from the running configuration. 
b.
Delete the trustpoint by entering the no crypto pki trustpoint trustpoint_label command. 
c.
Paste the trustpoint and certificate chain information to the configuration. (CSCec19596)