Filter
Top Products
4
Release Note for the Cisco 11000 Series Secure Content Accelerator: SCA/SCA2
78-14640-03
Operational Notes
• Changing terminal settings in variance with the actual window size can affect the readline
capabilities of the device: the displayed cursor position might not be indicative of its actual position.
• No error message is displayed when deleting an access list that is referenced by certain subsystems.
Access is denied.
Network Design and Command Notes
• If your firewall or router filters traffic based upon MAC address, you must allow multiple MAC
addresses per IP address on the interface connected to the device.
• Changing the interface speed and duplex from autonegotiation does not display forced configuration
if open connections are present. Forced speed and duplex settings are displayed only if a
non-autonegotiated speed is specified.
• Adding a static route entry for duplicating a previously RIP-discovered route is not supported.
• Deleting a RIP-discovered route is not supported.
• A RIP-discovered default route cannot be cleared with the command clear ip routes or by disabling
RIP alone. To remove this type of route, disable RIP and reload the device.
• The command ip route does not allow a change to an existing entry. To change an entry, delete the
old entry first and then add the new one.
• In two-port mode services such as syslog, RIP, RDATE server, SNTP server, and SNMP are available
only through the “Server” port.
• Multiple subsystems can be set to use the same access port. However, this causes undesirable
results. Please ensure each subsystem “listening” port is unique on the device.
• To use the syslog ability, the configured syslog server must be set to listen for remote entries.
Secure Server Notes
• Non-transparent server objects are not updated if the device IP address is changed. Reloading the
device or accessing the configuration of each server object resets the IP address assignment.
• A saved configuration file does not contain private keys or passwords. Private keys must be loaded
separately with names exactly matching those referenced by the secure server. Additionally, old
private keys are not removed from the startup-configuration by copying a new configuration to the
device. To remove the old private keys, delete each private key, and write the running-configuration
to the startup configuration or erase the startup-configuration.
• When using client authentication, individual Web browsers behave very differently in the way they
filter requests for client certificates and how they cache certain aspects of the session.
GUI Notes
• When setting up the device with SSL client-side GUI access, do not configure a non-transparent
secure server to use the same localport.
• Erasing the running-configuration of a device using the GUI disconnects the Web browser from the
device. To continue configuration, reconnect to the device.
•
Setting the localport in a secure server entry to the listening TCP port of the Web management subsystem
renders the GUI is inaccessible. You must use a different listening TCP port for each entity.