Cisco Cisco Secure Access Control System 5.1 Release Notes
14
Release Notes for the Cisco Secure Access Control System 5.1
OL-18997-01
Resolved ACS Issues
Resolved ACS Issues
This section lists the issues that are resolved in the ACS 5.1 release.
lists the resolved issues in ACS 5.1.
CSCta26007
CSSC 5.1 on
Windows Vista
Windows Vista
EAP-FAST-GTC
This issue occurs in the fallback
flow. There are two fallback flows
for the expired PAC. The first
fallback flow stops after ACS sends
to the client the last server Hello
message. After that, a second
fallback flow is begun that
completes successfully. After two
minutes, ACS displays an EAP
timeout message for the first
fallback.
flow. There are two fallback flows
for the expired PAC. The first
fallback flow stops after ACS sends
to the client the last server Hello
message. After that, a second
fallback flow is begun that
completes successfully. After two
minutes, ACS displays an EAP
timeout message for the first
fallback.
The client and ACS perform two
fallback flows, consuming time
and resources.
fallback flows, consuming time
and resources.
Note
This issue is not seen in
CSSC 5.1 on Windows
XP.
CSSC 5.1 on Windows
XP.
CSCtc75371
CSSC 5.1 on
Windows Vista
Windows Vista
EAP-GTC
Machine authentication fails with
EAP-GTC. CSSC Vista attempts to
use an inner method of MSCHAPv2
even though it is not configured on
CSSC or ACS.
EAP-GTC. CSSC Vista attempts to
use an inner method of MSCHAPv2
even though it is not configured on
CSSC or ACS.
EAP-GTC machine
authentication works for ACS
with CSSC 5.1 on Windows XP.
authentication works for ACS
with CSSC 5.1 on Windows XP.
Note
This issue is not seen
with other clients.
with other clients.
Table 3
Known Client Issues (continued)
Bug ID
Client Name
and Version
and Version
Protocols
Description of the Problem
Comments
Table 4
Resolved Issues in ACS 5.1
Bug ID
Description
CSCsu88426
In ACS 5.0, the SSL web interface certificate used for administrative access via HTTPS is
self-signed during installation, and it is not possible to replace it with customer’s certificate. ACS
5.1 does support the feature of replacing the self-signed certificate with customer-signed certificate.
self-signed during installation, and it is not possible to replace it with customer’s certificate. ACS
5.1 does support the feature of replacing the self-signed certificate with customer-signed certificate.
CSCsv90055
ACS 5.1 to support network device name length of 64 characters.
CSCsw18800
When a specific identity sequence is selected, authentications fail and replications stop.
CSCsw21781
The web interface of a secondary ACS server displays the following error:
Required container of HierarchyLabel is empty.
CSCsw45207
An ACS server makes use of only one CPU, even if two CPUs are available.
CSCsw49239
An ACS server gets deleted from the AD when the server is restarted.
CSCsw80396
Installation of Certificate Authority (CA) fails if Certificate Revocation List (CRL) cannot be
parsed.
parsed.
CSCsw92788
When an ACS node is deregistered and registered again, the configuration for each instance of log
category is lost.
category is lost.
CSCsw95667
If you create a Certificate Authentication Profile (CAP) and use it in a policy, the CAP cannot be
deleted.
deleted.
CSCsx17179
ACS 5.0 overrides the class attribute configured to return after successful authentication.