Примечания к выпуску для Cisco Cisco MGX-FRSM-HS2 B Serial Frame Service Module
54
Release Notes for Catalyst 6500 Series Switch SSL Services Module Software Release 2.x
OL-5277-13
Documentation Updates
Resolved Caveats in Release 2.1(1)
This section describes resolved caveats in SSL Services Module, software release 2.1(1):
•
TACACS authentication is not supported in SSL Services Module.
This problem is resolved in SSL software release 2.1(1). (CSCea76618)
•
On systems running Catalyst operating software on the supervisor engine, you might not be able to
session to the SSL module, and the module might not recover from a software reset.
session to the SSL module, and the module might not recover from a software reset.
This problem is resolved in SSL software release 2.1(1). (CSCeb17020)
•
Making a Telnet connection from supervisor engine console to the administration VLAN IP address
on the SSL module does not work. This problem exists in SSL software 1.1(1) and 1.2(1).
on the SSL module does not work. This problem exists in SSL software 1.1(1) and 1.2(1).
Workaround 1: Enter the session slot slot-number proc 1 command to session from the supervisor
engine console to the SSL module.
engine console to the SSL module.
Workaround 2: On the MSFC, enter the ip telnet tos 0 command. You can then make a Telnet
connection to the SSL Services Module.
connection to the SSL Services Module.
This problem is resolved in SSL software release 2.1(1). (CSCdy81460)
•
The output from the show ssl-proxy stats ssl command shows the overload drops counter
incrementing even though the SSL module is not overloaded. The SSL module then rejects all
connections. This situation occurs if the SSL record header spans across multiple TCP segments.
incrementing even though the SSL module is not overloaded. The SSL module then rejects all
connections. This situation occurs if the SSL record header spans across multiple TCP segments.
This problem is resolved in SSL software release 2.1(1). (CSCeb83024)
•
When you run the cryptographic self-test, run-time performance is impacted. Run the self-test to
troubleshoot persistent failures in cryptographic operations. When you finish troubleshooting, stop
the test. If you run the cryptographic self-test continuously for more than three days, the system
could exhaust memory and fail to set up new connections or forward traffic under heavy loads.
troubleshoot persistent failures in cryptographic operations. When you finish troubleshooting, stop
the test. If you run the cryptographic self-test continuously for more than three days, the system
could exhaust memory and fail to set up new connections or forward traffic under heavy loads.
Workaround: Reboot the system to regain the memory.
This problem is resolved in SSL software release 2.1(1). (CSCed39184)
Documentation Updates
This section describes updates to the product documentation. These changes will be included in the next
update to the documentation.
update to the documentation.
Changes
The [no] nagle subcommand was added to the ssl-proxy policy tcp command in SSL software
release 2.1(8). Refer to the Catalyst 6500 Series SSL Services Module Configuration Note, 2.1 and the
Catalyst 6500 Series SSL Services Module Command Reference, 2.1 for details regarding the use of this
subcommand.
release 2.1(8). Refer to the Catalyst 6500 Series SSL Services Module Configuration Note, 2.1 and the
Catalyst 6500 Series SSL Services Module Command Reference, 2.1 for details regarding the use of this
subcommand.
The tls-rollback [current | any] and cert-req empty subcommands were added to the ssl-proxy policy
ssl command in SSL software release 2.1(5). Refer to the Catalyst 6500 Series SSL Services Module
Configuration Note, 2.1, and the Catalyst 6500 Series SSL Services Module Command Reference, 2.1,
for details regarding the use of these subcommands.
ssl command in SSL software release 2.1(5). Refer to the Catalyst 6500 Series SSL Services Module
Configuration Note, 2.1, and the Catalyst 6500 Series SSL Services Module Command Reference, 2.1,
for details regarding the use of these subcommands.