|
|
These release notes describe the caveats for ACL Manager 1.0 running on Windows NT and Solaris. This document contains the following sections:
Use these publications to learn to install and use ACL Manager:
ACL Manager support is provided for devices running Cisco IOS Releases 10.3 to 12.0 only.
The Java Virtual Machine (2424) that comes with Internet Explorer 4.01 is not Y2K-compliant. To make Internet Explorer 4.01 Y2K-compliant, you should download one of the following from www.microsoft.com: 1520, 2436, 3165, or 3167.
This release of ACL Manager requires Service Pack 3 for Windows NT 4.0.
| DDTS No. | Description | Explanation |
|---|---|---|
None | Devices not supported in |
|
None | Device refresh is recommended after download | After a download, you should refresh a device or group of devices before you modify the device. |
None | Undo cannot be used for some operations | The Edit > Expand ACEs Inline and View > Recompute Physical View operations cannot be undone. |
None | Do not resize the Navigator window when running Essentials | When you resize the Essentials window, the last action you perform is redone because the applet page is reloaded. Therefore, if you resize the Essentials window, the Leaving ACL Manager dialog box appears and another instance of ACL Manager starts. |
None | Alternate method for applying a template on multiple interfaces or a group of routers | One method for applying a template on multiple interfaces of the same router or on a group of routers is to use the ACL Use wizard. From the Router Selection dialog box, select one or more routers, then perform multiple interfaces from the Interface Selection dialog box. |
None | Changing the date in the server requires a reboot | If the date changes in the server, you must reboot the machine. Otherwise some jobs might fail. If a job fails after you change the date without rebooting, all successive jobs might fail. To work around this problem, delete the device and add it again. |
None | During client installation on NT, excess space is required for temporary files | During client installation on NT, temporary files are created in the C:\ drive. 100 MB or more might be needed. The error message "System Error" means that the C:\ drive does not have enough available space. |
CSCdm07599 | Loss of modality on Solaris necessitates extra invocation of the ACE Edit and Config Download jobs windows | On Solaris systems, modal dialogs do not behave as expected. If you start a modal (child) dialog box from another (its parent) and click the Close Menu item in the window title/frame of the parent dialog, the parent dialog box closes even when the child modal dialog box is being displayed. This violates modality; you should not be able to select or close a parent dialog when its child is being displayed if the child is modal. |
CSCdm21645 | In Solaris, a second superuser opening Navigator causes file deletion | If the second user is the superuser, some of the temporary files needed for the first instance are deleted from the /tmp directory. This causes "file not found" messages. |
CSCdm11207 | Redraw does not work properly in the Properties window | This is a known Solaris problem. |
CSCdm06068 | ACEs using modified classes are not automatically updated | If a network, network class, service, or service class is modified, ACL Manager does not show a device as "modified." You must select View > Recompute Physical View to update the object definition on the device. |
CSCdm02104 | ACL Manager client cannot start with localhost or 127.0.0.1 as the URL | Change the URL to hostname. |
CSCdm02968 | Class Manager does not keep track of network or service class usage | To work around this problem, insert the network or service class in a template. If you change the network or service class, synch the template. |
CSCdm27282 | In Solaris, aborting the installation has unexpected results | If you abort the installation, JRM remains partially installed. |
CSCdm32292 | Focus jumps from the device selection to the scenario | This problem occurs on some JVMs in Internet Explorer 4.0. |
CSCdm41211 | Downloader Dialog Box and Use Wizard appear in a minimized state | This problem occurs on some JVMs in Internet Explorer 4.0. |
| Symptom | Probable Causes | Possible Solution |
|---|---|---|
Error message: | Navigator saves downloaded jar files as /tmp/jzip* file. If you have two instances of Navigator running on Solaris (one of them with system super user privileges), then it can potentially delete downloaded client jar files of the other instance. In such a situation the other instance of Navigator will see this message. However, if the second user is a normal user (not root) then it does not have the permission to delete the /tmp/jzip* file and proceeds to create a new one for itself. | On Solaris, run only one instance of Navigator. |
ACL Manager main window is grayed out | Windows NT did not refresh successfully. | Resize the ACL Manager main window to force a refresh. |
Template not visible in Template Selection Window | The Template Selection Window shows a list of Templates specific to the ACL Protocol. This means that if you are on ACL 100, you will see only IP Extended Templates and so on. However, Template Manager will list all templates. Note You have to have administrator privileges to access Template Manager. | Create a template appropriate to the ACL protocol. |
Message: ORG.OMG.CORBA. | Connectivity between the ACL Manager client and server is lost. | Restart both the ACL Manager client and server. |
Essentials > Tasks > Edit ACLs shows "ACL Manager Client Component Installation" screen | You did not install ACL Manager client. | Install ACL Manager client. |
You did not start Essentials from the desktop shortcut on the client machine. |
| |
Error Message: | You tried to start Essentials or ACL Manager before the applications were initialized. | Wait 1 minute for Essentials and ACL Manager processes to start. |
TCP port 15349 is in use. | Use netstat -a -n to view status of TCP port 15349. If the port is in use, change the AclmPort value in aclm.properties. | |
The ACL Manager server is not running. | Select Essentials > Admin > System Admin > | |
The JRM or Change Audit processes are not running. | Make sure JRM and Change Audit processes are running. | |
Download Job status: 'Pre- Download Failed" | Device went stale during download. | Step 1 Select Device in ACL Manager. Step 2 Right click and select Refresh Device (refer to user guide). Step 3 Download to the device again. |
Download Job status: "Download Failed" and "Device Results" reports that telnet credentials did not match. | Essentials Telnet and enable passwords do not match device. | Match Telnet and enable passwords in Essentials Inventory with the device. |
TACACS username and password in Essentials do not match device. | If using TACACS, match TACACS username and password in Essentials inventory with the device. Do not specify local username and password in Essentials inventory. | |
Download Job status: "Download Failed" and the device used is a Catalyst 8510. | You attempted to download a rate-limit ACL on a Catalyst 8510. | On 8510, download fails if you try to download a rate-limit ACL. |
If the IP address is reassigned while the browser is connected to the Essentials server for either the ACL Manager client or server, the connection will be lost.
When you select any ACL management task, a Java applet is launched within the context of the browser. If you then select another task, the context is lost and the ACL Manager window closes. To run another task from Essentials or ACL Manager, open a new window from the browser File menu.
When a device becomes stale, the device icon is grayed out and its status is set to STALE. A device becomes stale in the following situations:
Representation of ACLs and ACL Use statements in user scenarios are based on a device configuration obtained from the device when the scenario was created.
If the device configuration from which the scenario was derived is modified outside the scenario (for example, from the CLI, or by another scenario being downloaded while you are editing the device in the original scenario), the basis for the edits in the original scenario is invalidated. The IOS commands needed to implement the ACL and ACL Use statement modifications are no longer valid, causing ACL Manager to set the status to STALE. You can continue to modify the device, but you will not be able to download the modifications.
A stale device must be refreshed before you try to download ACL and ACL Use statement modifications. Refreshing a device reconciles the configuration in the scenario with the configuration on the device. You can lose modifications on a device that becomes stale unless you take the following precautions before refreshing:
Alternatively, you could save the scenario under another name to save the edits.
If you do not select "Overwrite existing ACLs and Uses," the creation of the Uses fails. If you select the option, the predefined ACL contents are replaced with the selected template. Any previously defined uses are replaced with new uses selected from the Use Wizard.
ACL Manager notifies you whenever another ACL Manager user opens a scenario that contains one or more devices existing in your scenario. It polls the server to detect a new user every 2 minutes. If it finds a new user, ACL Manager displays an icon on the right corner of the status window. Click on the icon to see the list of new users, select one or more devices from the menu. To see a list of all users, select View > Users.
ACL Manager provides two views of ACEs in an ACL on a device:
The ACEs in the logical view do not map one to one with the IOS statements implementing the ACL to which they belong on the device. For example, a logical view ACE (or logical ACE) that references a network class comprising multiple hostnames might translate to multiple IOS statements.
Basic optimizations (redundant and duplicate ACE removal) are performed after the expansions take place and the resulting ACEs are displayed. The ACEs in the physical view can be mapped one to one with IOS statements implementing the ACEs on the device.
This operation might be necessary if services/service classes, networks/network classes, DNS hostnames and/or templates change after an ACE is created. The physical view will reflect the current definition before download.
No, ACL Manager client is supported only on Windows NT 4.0 Workstation and Server and Solaris 2.5.1 and 2.6.
Versions 4.5 and later.
Versions 4.01 with Service Pack 1 or later using JVM 1520, 2436, 3165, or later.
If you check Recover in the Recover Scenario dialog box and both a normal scenario and a recover scenario exist, the recover scenario opens. If only the recover scenario exists, only the recover scenario opens.
For more information, refer to Using ACL Manager.
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can access CCO in the following ways:
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.
Posted: Tue Sep 26 00:52:50 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.