Cisco Cisco IOS XE 3.5E Release Notes

Restrictions for Cisco TrustSec: 

Cisco TrustSec can be configured only on physical interfaces, not on logical interfaces.

Cisco TrustSec for IPv6 is not supported.

Dynamic binding of IP-SGT is not supported for hosts on Layer 3 physical routed interfaces 
because the IP Device Tracking feature for Layer 3 physical interfaces is not supported.

Cisco TrustSec cannot be configured on a pure bridging domain with IPSG feature enabled. You 
must either enable IP routing or disable the IPSG feature in the bridging domain.

Cisco TrustSec on the switch supports up to 255 security group destination tags for enforcing 
security group ACLs.

The WEB UI home page may not load when ip http access class command is enabled. When you 
encounter this issue, we recommend that you do the following:

Run the show iosd liin command.

Get the internet-address and configure the same IP as permit in the access-list.

For WEB UI access using TACACS server, the custom method-list for authentication and 
authorization pointing to the TACACS server group does not work. You should use the default 
authorization method-list pointing to the same TACACS server group for the WEB UI to work.

We recommend that you run the exception dump device second flash command after the install 
process. This helps to store the crash files into a secondary flash during a crash when there is no 
available space in the main memory area to store the crash information.

When a logging discriminator is configured and applied to a device, memory leak is seen under 
heavy syslog or debug output. The rate of the leak is dependent on the quantity of logs produced. In 
extreme cases, the device may crash. As a workaround, disable the logging discriminator on the 
device.