Cisco Cisco IOS XE 3.5E Release Notes

Cisco TrustSec Critical 
Authentication 

Ensures that the Network Device Admission Control (NDAC)-authenticated 802.1X 
links between Cisco TrustSec devices are in open state even when the Authentication, 
Authorization, and Accounting (AAA) server is not reachable. 

Enabling Bidirectional SXP 
Support 

Enhances the functionality of Cisco TrustSec with SXP version 4 by adding support for 
Security Group Tag (SGT) Exchange Protocol (SXP) bindings that can be propagated in 
both directions between a speaker and a listener over a single connection.

Enablement of Security Group 
ACL at Interface Level 

(IP Base, IP Services)

Controls and manages the Cisco TrustSec access control on a network device based on 
an attribute-based access control list. When a security group access control list (SGACL) 
is enabled  globally, the SGACL is enabled on all interfaces in the network by default; 
use the Enablement of Security Group ACL at Interface Level feature to disable the 
SGACL on a Layer 3 interface. 

Role-Based CLI Inclusive Views 

(IP Base, IP Services)

Enables a standard CLI view including all commands by default. 

Custom Web Authentication Result 
Display Enhancement

Displays the authentication results on the main HTML page. There is no pop-up window 
to display the authentication results. 

Custom Web Authentication 
Download Bundle

Ensures that one or more custom HTML pages can be downloaded and configured from 
a single tar file bundle.

The images and the custom pages containing the images are also part of the same 
downloadable tar file bundle.

Virtual IP Support for Images in 
Custom Web Authentication 

Supports image file names without prefixes and removes the requirement of users having 
to specify the wireless management interface IP to indicate the source of image in the 
HTML code. 

Service Discovery Gateway: 
mDNS enhancements 

Enables multicast Domain Name System (mDNS) to operate across layer 3 boundaries. 

HSRP: Global IPv6 Address 

(IP Base, IP Services) 

Allows users to configure multiple non-link local addresses as virtual addresses. The Hot 
Standby Router Protocol (HSRP) ensures host-to-router resilience and failover, in case 
the path between a host and the first-hop router fails, or the first-hop router itself fails. 

HTTP Gleaning 

(IP Base, IP Services) 

Allows the device-sensor to extract the HTTP packet Type-Length-Value (TLV) to derive 
useful information about the end device type. 

Banner Page and Inactivity timeout 
for HTTP/S connections

Allows you to create a banner page and set an inactivity timeout for HTTP or HTTP 
Secure (HTTPS) connections. The banner page allows you to log on to the server when 
the session is invalid or expired.

Secure CDP

(LAN Base, IP Base, IP Services) 

Allows you to select the type, length, value (TLV) fields that are sent on a particular 
interface to filter information sent through Cisco Discovery Protocol packets.

OSPFv3 Authentication Trailer

Provides a mechanism to authenticate Open Shortest Path First version 3 (OSPFv3) 
protocol packets as an alternative to existing OSPFv3 IPsec authentication.