Cisco Cisco MGX-FRSM-HS2 B Serial Frame Service Module Release Notes
8
Release Notes for Catalyst 6500 Series Switch SSL Services Module Software Release 2.x
OL-5277-13
Caveats
•
The SSL Services Module supports only one route per VLAN. If you add multiple routes using the
ssl-proxy vlan command, only the last route entered is added. (CSCdy44647)
ssl-proxy vlan command, only the last route entered is added. (CSCdy44647)
•
Do not use any routing protocols on the SSL Services Module. Although you can configure the
Routing Information Protocol (RIP), we do not recommend it. The module supports administrative
VLAN for all management (non-SSL) traffic. (CSCdz23816)
Routing Information Protocol (RIP), we do not recommend it. The module supports administrative
VLAN for all management (non-SSL) traffic. (CSCdz23816)
•
If ARP requests are sent at wire speed to the SSL Services Module, traceback messages are
displayed that warn that the module is receiving heavy traffic in its control plane, which is not a
normal condition. Avoid sending wire-speed traffic to a services module. (CSCdz36033)
displayed that warn that the module is receiving heavy traffic in its control plane, which is not a
normal condition. Avoid sending wire-speed traffic to a services module. (CSCdz36033)
•
Operations affecting NVRAM (such as deleting a file or exporting a trustpoint to NVRAM) displays
a message regarding downgrade compatibility. This message is similar to the message displayed
after you enter the copy system:running-config nvram:startup-config command. (CSCea69515)
a message regarding downgrade compatibility. This message is similar to the message displayed
after you enter the copy system:running-config nvram:startup-config command. (CSCea69515)
•
The SSL Services Module is not Federal Information Processing Standards (FIPS) certified in SSL
software release 1.x. or 2.x.
software release 1.x. or 2.x.
•
If there is more than one level of certificate authority, only the lowest level certificate authority
trustpoint that is authenticated and enrolled is exported in PEM files.
trustpoint that is authenticated and enrolled is exported in PEM files.
Workaround: Export the enrolled trustpoint to a PKCS12 file. All levels of CA trustpoints in the
certificate chain will be automatically included in the same file. (CSCea75462)
certificate chain will be automatically included in the same file. (CSCea75462)
•
The clear ssl-proxy stats ssl command does not clear the counters in the max handshake conns
and the max device q len fields. The clear ssl-proxy stats service backend-ssl command does not
clear the counters in the valid sessions field. These counters are running counters and are not meant
to be cleared when you enter a clear command. (CSCeh70549)
and the max device q len fields. The clear ssl-proxy stats service backend-ssl command does not
clear the counters in the valid sessions field. These counters are running counters and are not meant
to be cleared when you enter a clear command. (CSCeh70549)
Caveats
These sections describe open and resolved caveats in SSL software for all 2.1(x) software releases:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•