Cisco Systems 11000 manual Network Design and Command Notes, Secure Server Notes, GUI Notes

Operational Notes

•Changing terminal settings in variance with the actual window size can affect the readline capabilities of the device: the displayed cursor position might not be indicative of its actual position.

•No error message is displayed when deleting an access list that is referenced by certain subsystems. Access is denied.

Network Design and Command Notes

•If your firewall or router filters traffic based upon MAC address, you must allow multiple MAC addresses per IP address on the interface connected to the device.

•Changing the interface speed and duplex from autonegotiation does not display forced configuration if open connections are present. Forced speed and duplex settings are displayed only if a non-autonegotiated speed is specified.

•Adding a static route entry for duplicating a previously RIP-discovered route is not supported.

•Deleting a RIP-discovered route is not supported.

•A RIP-discovered default route cannot be cleared with the command clear ip routes or by disabling RIP alone. To remove this type of route, disable RIP and reload the device.

•The command ip route does not allow a change to an existing entry. To change an entry, delete the old entry first and then add the new one.

•In two-port mode services such as syslog, RIP, RDATE server, SNTP server, and SNMP are available only through the “Server” port.

•Multiple subsystems can be set to use the same access port. However, this causes undesirable results. Please ensure each subsystem “listening” port is unique on the device.

•To use the syslog ability, the configured syslog server must be set to listen for remote entries.

Secure Server Notes

•Non-transparent server objects are not updated if the device IP address is changed. Reloading the device or accessing the configuration of each server object resets the IP address assignment.

•A saved configuration file does not contain private keys or passwords. Private keys must be loaded separately with names exactly matching those referenced by the secure server. Additionally, old private keys are not removed from the startup-configuration by copying a new configuration to the device. To remove the old private keys, delete each private key, and write the running-configuration to the startup configuration or erase the startup-configuration.

•When using client authentication, individual Web browsers behave very differently in the way they filter requests for client certificates and how they cache certain aspects of the session.

GUI Notes

•When setting up the device with SSL client-side GUI access, do not configure a non-transparent secure server to use the same localport.

•Erasing the running-configuration of a device using the GUI disconnects the Web browser from the device. To continue configuration, reconnect to the device.

•Setting the localport in a secure server entry to the listening TCP port of the Web management subsystem renders the GUI is inaccessible. You must use a different listening TCP port for each entity.

Release Note for the Cisco 11000 Series Secure Content Accelerator: SCA/SCA2