Release Note for Cisco Wide Area Application Services (Software

Release Note for Cisco Wide Area Application

Services Software Version 6.2.3x

September 15, 2017

Note

The most current Cisco documentation for released products is available on Cisco.com.

Contents

This Release Note applies to the following software versions for the Cisco Wide Area Application

Services (WAAS) software:

•

6.2.3d

•

•

•

•

6.2.3c

6.2.3b

6.2.3a

6.2.3

For information on Cisco WAAS features and commands, see the Cisco WAAS documentation located at http://www.cisco.com/en/US/products/ps6870/tsd_products_support_series_home.html

.

This Release Note contains the following sections:

•

•

•

•

•

•

•

•

New and Changed Features

Interoperability and Support

Upgrading from a Release Version to Version 6.2.3x

Downgrading from Version 6.2.3x to a Previous Version

Cisco WAE and WAVE Appliance Boot Process

Operating Considerations

Software Version 6.2.3x Resolved and Open Caveats, and Command Changes

Cisco WAAS Documentation Set

Cisco Systems, Inc.

www.cisco.com

New and Changed Features

•

Obtaining Documentation and Submitting a Service Request


The following sections describe the new and changed features in Software Version 6.2.3x:

•

•

Cisco Software Version 6.2.3x New and Changed Features

Cisco Software Version 6.2.3x Filenames

•

•

Cisco WAAS Appliance System Firmware Update

Configuring ICA over Socket Secure (SOCKS) Server

Cisco Software Version 6.2.3x New and Changed Features

Cisco WAAS Software Version 6.2.3d includes the following new features and changes:

•

Alarm Email Notification- With release 6.2.3d, the WAAS software supports an email notification mechanism, that is triggered whenever the WAAS Central Manager receives an alarm notification for a raised or cleared alarm. To configure the alarm email notification feature:

–

From the WAAS Central Manager menu go to Devices > Configure > Monitoring > Email

Notification to configure the email server settings.

–

From the WAAS Central Manager go to Home > Admin > Alarm Email Notification >

Configure to configure the email notification settings.

•

You can enable the email notification for Raised and Cleared alarms, depending on the severity level. After you have configured this, you are notified of all alarms for the devices that are registered with the WAAS Central Manager.

Easy detection and resolution of configuration conflicts between WAAS Central Manager and

WAAS Devices.

To identify the configuration conflict pages, from the WAAS Central Manager navigate to Home >

Admin > Force Device Group > View Pages to see the impacted Device Name, Device Group

Name and Page Name. You can click on the page link to navigate to the corresponding page to correct the configuration conflict.

Cisco Software Version 6.2.3b New and Changed Features

•

•

Configuring ICA over Socket Secure (SOCKS) Server—For WAAS Version 6.2.3b and later, WAAS software supports optimizing ICA traffic redirected over SOCKS proxy servers. For details on how to configure ICA over SOCKS for WAAS, see

Configuring ICA over Socket Secure (SOCKS)

Server

.

SMART-SSL, an encryption service that enables L7 application network services (such as FTP,

HTTP, DNS) to optimize traffic on SSL/TLS encrypted applications. SMART-SSL enables content caching for SSL/TLS applications (HTTP object cache for HTTPS traffic) in single-sided deployment.

For how to configure and use this feature, see “Configuring SMART-SSL” in the “Configuring

Application Acceleration” chapter of the

Cisco Wide Area Application Services Configuration

Guide

.

2

Release Note for Cisco Wide Area Application Services Software Version 6.2.3x


•

•

Cisco WAAS Version 6.2.3 with Akamai Connect Version 1.4.2

vWAAS new and changed features:

–

vWAAS in KVM on CentOS

For a list of CLI commands added to or changed for WAAS Version 6.2.3x, see

Cisco WAAS Software

Version 6.2.3 Command Changes .

Cisco Software Version 6.2.3x Filenames

This section describes the Cisco WAAS Software Version 6.2.3x software image files for use on

Cisco WAAS appliances and modules and contains the following topics:

•

•

•

Standard Image Files

No Payload Encryption Image Files

For a list of vWAAS image files, see the

Cisco Virtual Wide Area Application Services Installation and Configuration Guide

.

Standard Image Files

Cisco WAAS Software Version 6.2.3x includes the following standard primary software image files for use on Cisco WAAS appliances and modules:

•

waas-universal-6.2.3.x-k9.bin—Universal software image that includes Central Manager and

Application Accelerator functionality. You can use this type of software file to upgrade a device operating in any device mode.

•

waas-accelerator-6.2.3.x-k9.bin—Application Accelerator software image that includes Application

Accelerator functionality only. You can use this type of software file to upgrade only an Application

Accelerator device. This software image file is significantly smaller than the Universal image.

Kdump analysis functionality is not included in the Accelerator-only image.

The following additional files are also included:

•

•

waas-rescue-cdrom-6.2.3.x-k9.iso—Cisco WAAS software recovery CD image.

waas-sre-installer-6.2.3.x-k9.zip—Image for SRE installer.

Note

From software version 6.2.3d, separate software images for the SRE installer are not supported.

If you want to upgrade your existing SRE deployments, you need to use the standard software image file WAAS-6.2.3.x-k9.bin.

For EOS announcement of select Cisco Services-Ready Engine Modules, please refer to the EOS document on cisco,com.

•

•

•

waas-x86_64-6.2.3.x-k9.sysimg—Flash memory recovery image for 64-bit platforms

(WAVE-294/594/694/7541/7571/8541).

waas-6.2.3.x-k9.sysimg—Flash memory recovery image for 32-bit platforms (all other devices).

waas-kdump-6.2.3.x-k9.bin—Kdump analysis component that you can install and use with the

Application Accelerator software image. The Kdump analysis component is intended for troubleshooting specific issues and should be installed following the instructions provided by Cisco

TAC.


3


•

waas-alarm-error-books-6.2.3.x.zip—Contains the alarm and error message documentation.

No Payload Encryption Image Files

Cisco WAAS Software Version 6.2.3x includes No Payload Encryption (NPE) primary software image files that have the disk encryption feature disabled. These images are suitable for use in countries where disk encryption is not permitted. NPE primary software image files include the following:

•

•

waas-universal-6.2.3.x-npe-k9.bin—Universal NPE software image that includes Central Manager and Application Accelerator functionality. You can use this type of software file to upgrade a device operating in any device mode.

waas-accelerator-6.2.3.x-npe-k9.bin—Application Accelerator NPE software image that includes

Application Accelerator functionality only. You can use this type of software file to upgrade only an

Application Accelerator device. This software image file is significantly smaller than the Universal image. Kdump analysis functionality is not included in the Accelerator-only image.

•

waas-sre-installer-6.2.3.x-npe-k9.zip—SM-SRE install .zip file that includes all the NPE files necessary to install Cisco WAAS on the SM-SRE module.

The following additional files are also included:

•

•

waas-rescue-cdrom-6.2.3.x-npe-k9.iso—Cisco WAAS NPE software recovery CD image.

waas-x86_64-6.2.3.x-npe-k9.sysimg—Flash memory NPE recovery image for 64-bit platforms

(WAVE-294/594/694/7541/7571/8541).

•

•

waas-6.2.3.x-npe-k9.sysimg—Flash memory NPE recovery image for 32-bit platforms (all other devices).

waas-alarm-error-books-6.2.3.x-npe.zip—Contains the NPE alarm and error message documentation.

Cisco WAAS Appliance System Firmware Update

On Cisco Wide Area Application Engine (WAE) and Cisco Wide Area Application Virtualization Engine

(WAVE) appliances, we recommend that you update the following three types of system firmware to the latest version to best support new Cisco WAAS features.

This section has the following topics:

•

BIOS Update

BIOS on the WAVE-294/594/694/7541/7571/8541 models. The latest BIOS is required for AppNav operation.

•

•

BMC Firmware Update

BMC firmware on the WAVE-294/594/694/7541/7571/8541 models. The latest BMC (Baseboard

Management Controller) firmware is required for Intelligent Platform Management Interface (IPMI) over LAN feature.

RAID Controller Firmware Update

RAID controller firmware on the WAVE-7541/7571/8541. The latest RAID (Redundant Array of

Independent Disks) controller firmware is recommended to avoid some rarely-encountered RAID controller issues.

4



BIOS Update

The latest BIOS is required for AppNav operation with a Cisco AppNav Controller Interface Module in

WAVE-594/694/7541/7571/8541 models. WAVE-294 models may also need a BIOS update.

Note

AppNav IOM is not supported in WAAS Software version 6.1.x and later.

WAVE-594/694/7541/7571/8541 appliances shipped from the factory with Cisco WAAS Version 5.0.1 or later have the correct BIOS installed. WAVE-294 appliances shipped from the factory with

Cisco WAAS Version 5.1.1 or later have the correct BIOS installed.

If you install a Cisco AppNav Controller Interface Module in a device that requires a BIOS update, the bios_support_seiom major alarm is raised, “I/O module may not get the best I/O performance with the installed version of the system BIOS firmware.”

To determine if a device has the correct BIOS version, use the show hardware command. The last three characters of the Version value, for example, “20a,” show the BIOS version installed on the device.

For the specific BIOS version required for WAVE-594/694 models, WAVE-7541/7571/8541 models, and

WAVE-294 models or if a BIOS firmware update is needed, you can download it from cisco.com at the

Cisco Wide Area Application Service (WAAS) Firmware download page ( registered customers only).

The firmware binary image for WAVE-294/594/694/7541/7571/8541 appliances is named waas6-bios-installer-20a-19a-13a-k9.bin.

You can use the following command to update the BIOS from the image file that is available through

FTP on your network:

copy ftp install ip-address remotefiledir waas6-bmc-installer-49a-49a-27a-k9.bin

Use the appropriate BIOS installer file for your appliance model.

The complete update process can take several minutes and the device may appear unresponsive but do not interrupt the process or power cycle the device. After the update is complete, you must reload the device.

After the device reboots, you can verify the firmware version by using the show hardware command.

BMC Firmware Update

IPMI over LAN requires that you install a specific BMC firmware version on the device. The minimum supported BMC firmware versions are as follows:

•

WAVE-294/594/694—49a

•

WAVE-7541/7571/8541—27a

Cisco WAAS appliances shipped from the factory with Cisco WAAS Version 4.4.5 or later have the correct firmware installed. If you are updating a device that was shipped with an earlier version of

Cisco WAAS software, you must update the BMC firmware, unless it was updated previously.


5


To determine if you are running the correct firmware version, use the show bmc info command. The following example displays the latest BMC firmware version installed on the device (49a here): wave# show bmc info

Device ID : 32

Device Revision : 1

Firmware Revision : 0.49

49

IPMI Version : 2.0

Manufacturer ID : 5771

Manufacturer Name : Unknown (0x168B)

Product ID : 160 (0x00a0)

Product Name : Unknown (0xA0)

Device Available : yes

Provides Device SDRs : no

Additional Device Support :

.

.

Sensor Device

SDR Repository Device

SEL Device

FRU Inventory Device

Aux Firmware Rev Info :

0x0b

0x0c

0x08

0x0a

<<<<<

.

If a BMC firmware update is needed, you can download it from cisco.com at the Cisco Wide Area

Application Service (WAAS) Firmware download page ( registered customers only). For example, if the firmware binary image is named waas-bmc-installer-49a-49a-27a-k9.bin, you can use the following command to update the firmware from the image file that is available through FTP on your network:

copy ftp install ip-address remotefiledir waas6-bmc-installer-49a-49a-27a-k9.bin

The update process automatically checks the health status of the BMC firmware. If the system detects that the BMC firmware is corrupted, BMC is recovered during the BMC firmware update procedure. The complete update process can take several minutes. If the device appears unresponsive, do not interrupt the process or power cycle the device. After the update is complete, you must reload the device.

After the device reboots, you can verify the firmware version by using the show bmc info command.

BMC recovery and BMC firmware update restores the factory defaults on the BMC and all the current

IPMI over LAN configurations are erased.

If the BMC firmware gets corrupted, a critical alarm is raised.

RAID Controller Firmware Update

We recommend that you upgrade to the latest RAID-5 controller firmware for your hardware platform, which can be found on cisco.com at the Cisco Wide Area Application Service (WAAS) Firmware download page ( registered customers only). The firmware differs depending on your hardware platform:

•

WAVE-7541/7571/8541—Update to the 12.12.0 (0060) RAID Controller Firmware (or later version).

The firmware binary image is named waas6-raid-fw-installer-12.12.0-0060-k9.bin. Instructions on how to apply the firmware update are posted on cisco.com together with the firmware in the file named M2_0060_FIRMWARE.pdf, which you can see when you hover the mouse over the firmware file.


6


Configuring ICA over Socket Secure (SOCKS) Server


•

About ICA over SOCKS Optimization

•

•

Limitations of ICA over SOCKS Optimization

Configuration Procedure for Optimizing ICA over SOCKS

About ICA over SOCKS Optimization

In a typical deployment where NetScaler is deployed as a SOCKS proxy, the connections from the client go to the SOCKS server instead of the XenApp server.

Since the ICA optimizer accepts and intercepts only ICA and CGP packets, the packets with SOCKS headers are not recognized and the connection is handed off. The ICA traffic does not get optimized in such scenarios.

For WAAS Version 6.2.3b and later, the WAAS software supports optimizing ICA traffic redirected over

SOCKS proxy servers.

Limitations of ICA over SOCKS Optimization

ICA over SOCKS optimization has the following limitations:

•

The NetScaler gateway does not support non-default ports configured with Multi-Port Policy on

XenApp for Multi-Stream ICA (MSI).

•

The NetScaler gateway does not support SOCKS with ICA over SSL.

Additionally, the NetScaler gateway does not support SOCKS v4. so the current functionality supports only SOCKS v5.

Configuration Procedure for Optimizing ICA over SOCKS

To support optimizing ICA over SOCKS, perform the following steps:

Step 1

Step 2

Step 3

Step 4

Make the necessary changes in the NetScaler Gateway to enable the SOCKS proxy (Cache redirection server) and also make the equivalent/required changes on the StoreFront server along with updates to the default.ica file. Refer to Citrix NetScaler documentation for more information.

From the WAAS Central Manager menu, choose Devices > device-name (or Device Groups > device-group-name). Next choose Configure > Acceleration > Optimization Class-Map.

Edit the class-map named Citrix and add the required port number using the Add Match Condition option.

The port number added in the class-map should be the same as the one configured for the SOCKS proxy, on the NetScaler gateway. Note that in case the SOCKS proxy port is running on ICA or CGP ports i.e.

1494 or 2498, then the existing configuration need not be modified.

Select the branch device and make the necessary changes for the port number.

Alternately use the class-map type match-any citrix global configuration command to make these changes.


7

Interoperability and Support


This section contains the following topics:

•

Hardware, Client, and Web Browser Support

•

•

Cisco WAAS Version Interoperability

Cisco WAAS and vWAAS Interoperability

•

•

•

•

Cisco WAAS, ISR-WAAS and IOS-XE Interoperability

Cisco AppNav and AppNav-XE Interoperability

Cisco WAAS, ASR/CSR, and IOS-XE Interoperability

Cisco WAAS Express Interoperability

•

•

•

•

WCCP Interoperability

NTLM Interoperability

Citrix ICA Interoperability

Citrix ICA Interoperability

Hardware, Client, and Web Browser Support

Table 1 lists the hardware, client, and web browser support for Cisco WAAS Software Version 6.2.3x

8


Table 1 WAAS 6.2.3x Hardware, Client and Web Browser Support



9


Hardware support The Cisco WAAS software operates on these hardware platforms:

•

•

WAVE-294, 594, 694, 7541, 7571, 8541

SM-SRE-700/710, 900/910

•

•

•

•

ISR-WAAS-200, 750, 1300, 2500 vWAAS-150, 200, 750, 1300, 2500, 6000, 12000, 50000 on ESXi. For information on minimum ESXi version supported for each vWAAS model, see the


.

vWAAS-150, vWAAS-200, 750, 1300, 2500, 6000, 12000, 50000 on

Microsoft Hyper-V. For information on the version of Windows supported for each vWAAS model on Microsoft Hyper-V, see the

Cisco

Virtual Wide Area Application Services Installation and Configuration

Guide

.

For WAAS Version 6.2.1 and later, vWAAS is supported on RHEL

KVM. For WAAS Version 6.2.3x and later, vWAAS is supported on

KVM on CentOS and Microsoft Azure.

For more information on vWAAS for RHEL KVM, KVM on CentOS, and vWAAS on Microsoft Azure, see the

Cisco Virtual Wide Area

Application Services Installation and Configuration Guide

.

Additionally, Cisco 880 Series, 890 Series, and ISR G2 routers running

Cisco WAAS Express are supported on the branch side (Cisco WAAS

Version 5.0.x or later is required on the data center side).

You must deploy the Cisco WAAS Central Manager on a dedicated device.

Web browser support The Cisco WAAS Central Manager GUI requires Internet Explorer Version

11, Windows Version 7 or later, Firefox Version 4 or later, Chrome Version

10 or later, or Safari version 5.x (only on Apple OS X) and the Adobe Flash

Player browser plug-in.

Note

For best results for Windows-based systems with WAAS, we recommend using FireFox as your browser.

•

•

For WAAS version 5.4.1 and later, you are no longer prompted to install the Google Frame plug-in when you access the Central Manager GUI using Internet Explorer. However, if Google Frame plug-in has already been installed earlier, IE will continue using it.

When using Internet Explorer, ensure that the Tools > Internet Options

> Advanced tab > Do not save encrypted pages to disk check box

(under Security) is checked. If this box is unchecked, some charts will not display.

Note

A known issue in Chrome Version 44.0 may prevent some WAAS

CM pages—including Device Listing, Reports, Software Update pages—from loading properly. In Chrome Version 43.0 all WAAS

CM pages work as expected.

10



Cisco WAAS Version Interoperability

Consider the following guidelines when operating a Cisco WAAS network that mixes Software Version

6.2.3x devices with devices running earlier software versions:

•

Cisco WAAS CM interoperability:

•

In a mixed version Cisco WAAS network, the Central Manager must be running the highest version of the Cisco WAAS software, and associated Cisco WAAS devices must be running Version 5.1.x or later.

Cisco WAAS system interoperability:

Cisco WAAS Version 6.2.3x is not supported running in a mixed version Cisco WAAS network in which any Cisco WAAS device is running a software version earlier than Version 5.1.x. Directly upgrading a device from a version earlier than Version 5.5.3 to 6.2.3x is not supported.

Cisco WAAS and vWAAS Interoperability

Table 2

shows the default number of CPUs, memory capacity, disk storage and supported ISR platforms for ISR models.

Table 3

shows the default number of CPUS, memory capacity and disk storage for vWAAS models.

Table 2

ISR Model

ISR-WAAS-200

ISR Models: CPUs, Memory, Disk Storage and Supported ISR Platforms

CPUs

1

Memory

3 GB

Disk Storage

151 GB

Supported ISR

Platform

ISR-4321

(for WAAS 5.x and 6.2.1)

ISR-WAAS-200

(for WAAS 6.2.3x and 6.3.1)

ISR-WAAS-750

1

2

4 GB

4 GB

151 GB

151 GB

ISR-4321

ISR-WAAS-1300

ISR-WAAS-2500

4

6

6 GB

8 GB

151 GB

338 GB

ISR-4351, ISR-4331,

ISR-4431, ISR-4451

ISR-4431, ISR-4451

ISR-4451

Note

For vWAAS with WAAS Version 6.2.3x or WAAS Version 6.3.1, ISR-4321 with profile ISR-WAAS-200,

ISR-WAAS RAM is increased from 3 GB to 4 GB. For this increase in ISR-WAAS RAM to be implemented, you must complete a new OVA deployment of WAAS version 6.2.3x or 6.3.1; the increase in ISR-WAAS RAM is not automatically implemented with an upgrade to WAAS 6.2.3x or 6.3.1.


11


Table 3

vWAAS Model

vWAAS-150

(for WAAS Version 6.x) vWAAS-200

(for WAAS Version 5.x through 6.2.1) vWAAS-200

(for WAAS Version 6.2.3x and 6.3.1) vWAAS-750 vWAAS-1300 vWAAS-2500 vWAAS-6000 vWAAS-12000 vWAAS-50000

vWAAS Models: CPUs, Memory and Disk Storage

CPUs

1

1

1

2

2

4

4

4

8

Memory

3 GB

3 GB

4 GB

4 GB

6 GB

8 GB

11 GB

12 GB

48 GB

Disk Storage

160 GB

260 GB

260 GB

500 GB

600 GB

750 GB

900 GB

750 GB

1500 GB

Consider the following guidelines when using Cisco vWAAS with WAAS:

•

vWAAS and DRE partitions:

When you deploy vWAAS using OVAs older than the 6.2.3d version, DRE's ackq and plz partitions are not created as expected for vWAAS-6000, 12000, and 50000 models (they are created of lesser size and no alarms will be displayed to indicate the mismatch in partition sizes). Because of this, the connection flow for vWAAS will not be optimized by DRE after a certain period. To ensure DRE optimization for vWAAS, after deployment you must use the disk delete-data-partitions command to re-create these partitions for vWAAS.

If the vWAAS device is upgraded from pre-6.2.3d version to 6.2.3d or later versions, the WAAS alarm filesystem_size_mismatch is displayed; it indicates that the partition was not created as expected. To clear the alarm, use the disk delete-data-partitions command to re-create the DRE partitions.

If you deploy vWAAS with WAAS version 6.2.3d or later, an issue will not be seen. Here, partitions will be created as expected.

Note

The disk delete-data-partitions command will re-create the partition and leads to cache loss.

For more information on the disk delete-data-partitions command, see the

Cisco Wide Area

Application Services Command Reference

. For more information on DRE compression, see the

Cisco Wide Area Application Services Configuration Guide

.

Note

For vWAAS with WAAS Version 6.2.3x or WAAS Version 6.3.1, ISR-4321 with profile ISR-WAAS-200,

ISR-WAAS RAM is increased from 3 GB to 4 GB. For this increase in ISR-WAAS RAM to be implemented, you must complete a new OVA deployment of WAAS version 6.2.3x or 6.3.1; the increase in ISR-WAAS RAM is not automatically implemented with an upgrade to WAAS 6.2.3x or 6.3.1.

12



Note

When selecting the format in the vSphere Client for the virtual machine’s disks for vWAAS with

VMware vSphere ESXi, you must choose the Thick Provision Eager Zeroed disk format for vWAAS deployment; this is the format recommended with vWAAS deployment for a clean installation.

•

For vWAAS in Azure, the supported traffic interception method is PBR (Police-Based Routing); vWAAS in Azure does not support WCCP or AppNav interception methods.

Caution

Multiple deployments of vWAAS on the same Hyper-V host in parallel may cause unexpected results, due to availability of free space when creating VHDs. We recommend that you do not deploy multiple vWAAS on Hyper-V in parallel, unless you have verified that you have enough free disk space required for the respective vWAAS models.

•

•

For vWAAS with WAAS Version 6.1.x and later, the vWAAS and vCM devices require both virtual

(network) interfaces to be present, but both need not be active. If only one virtual interface is active, the vWAAS and vCM devices will not be operational after power up. For more information, see the


.

To ensure reliable throughput with the following configuration—vWAAS on Windows Server 2012

R2 Hyper-V in Cisco UCS-E Series 160S-M3—we recommend that you do the following:

–

Upgrade to the latest UCS-E firmware (Version 3.1.2), available on the Cisco Download

Software Page for UCS E-Series Software, UCS E160S M3 Software .

–

Verify that you have installed the critical Windows Server updates, available on the Microsoft

Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update Rollup page. You can also obtain the standalone update package through the Microsoft Download Center by searching for

KB2887595.

Note

When upgrading vWAAS, do not upgrade more than five vWAAS nodes at the same time on a single

UCS box. Upgrading more than five vWAAS nodes at the same time may cause the vWAAS devices to go offline and diskless mode.

•

If the virtual host was created using an OVA file of vWAAS for WAAS Version 5.0 or earlier, and you have upgraded vWAAS within WAAS, you must verify that the SCSI Controller Type is set to

VMware Paravirtual. Otherwise, vWAAS will boot with no disk available and will fail to load the specified configuration.

If needed, change the SCSI controller type to VMware Paravirtual by following these steps:

a.

Power down the vWAAS.

b.

From the VMware vCenter, navigate to vSphere Client > Edit Settings > Hardware.

c.

Choose SCSI controller 0.

d.

From the Change Type drop-down list, verify that the SCSI Controller Type is set to VMware

Paravirtual. If this is not the case, choose VMware Paravirtual.

e.

Click OK.

f.

Power up the vWAAS, with WAAS Version 6.1.x or later.

For more information on setting the SCSI Controller Type and on the vWAAS VM installation procedure, see the

Cisco Virtual Wide Area Application Services Installation and Configuration

Guide

.


13


Note

For a vCM-100 model used with the RHEL KVM or KVM on CentOS hypervisor, with the default memory size of 2 GB:

When you upgrade to WAAS Version 6.2.3x from an earlier version, or downgrade from WAAS Version

6.2.3x to an earlier version, and use either the restore factory-default command or the restore

factory-default preserve basic-config command, the vCM-100 may not come up due to GUID Partition

Table (GPT) boot order errors.

CAUTION: The restore factory-default command erases user-specified configuration information

stored in the flash image, including the starting configuration of the device, and also removes data from the disk, user-defined partitions, and the entire Central Manager database.

To resolve this situation, follow these steps:

1.

Power down the vWAAS using the virsh destroy vmname command or the virt manager.

2.

Power up the vWAAS using the virsh start vmname command or the virt manager.

This upgrade/downgrade scenario does not occur for vCM-100 models whose memory size is upgraded to 4 GB.

Cisco WAAS, ISR-WAAS and IOS-XE Interoperability

Table 4 shows Cisco WAAS, ISR-WAAS and IOS-XE Interoperability.

Table 4

ISR-Platform

ISR-4451

Cisco WAAS, ISR-WAAS and IOS-XE Interoperability

ISR-4431, 4351, 4331, 43216

Minimum ISR-WAAS

Version

5.2.1

5.4.1

Minimum IOS-XE

Version

3.10

3.13

Operating Guidelines for Cisco WAAS, ISR-WAAS and IOS-XE Interoperability

•

•

•

•

ISR4321-B/K9 is not supported for ISR-WAAS installation.

Activating ISR-WAAS after formatting the Cisco 4000 Series ISR-router bootflash:

After you format the Cisco 4000 Series ISR-router bootflash, you must reload the router to ensure a successful activation of ISR-WAAS. If you do not reload the ISR router after formatting the bootflash, you will be unable to activate ISR-WAAS. For more information on formatting the Cisco

4000 Series ISR router bootflash, see the

Configuration Guide for Integrated AppNav/AppNav-XE and ISR-WAAS on Cisco 4000 Series ISRs

.

For ISR-4321 with IOS-XE, used with WAAS Version 6.2.3c or 6.3.1:

You must complete a new OVA deployment of WAAS version 6.2.3c or 6.3.1 for this configuration to work successfully. This configuration will not automatically work after an upgrade to WAAS

Version 6.2.3c or 6.3.1 from WAAS Version 5.x or 6.x.

Using the intrusion detection and prevention system Snort with ISR-WAAS and ISR-4000 Series with a hard disk that is less than or equal to 200 GB:


14


To ensure a successful WAAS installation of ISR-WAAS and Snort on an ISR router, you must install ISR-WAAS before you install Snort. If you do not follow this installation order, ISR-WAAS will not install and a disk error will be displayed.

Cisco AppNav and AppNav-XE Interoperability

Consider the following guidelines when deploying the Cisco AppNav solution, for AppNav and

AppNav-XE.

•

All Cisco WAAS nodes in an AppNav deployment must be running Cisco WAAS version 5.0 or later.

•

Cisco WAAS Express devices cannot operate as Cisco WAAS nodes in an AppNav deployment.

Note

WAAS Version 6.1.x and later does not support AppNav IOM.

•

•

All AppNav devices in a single cluster must be of the same exact type. This includes IOS-XE devices, down to memory and ESP configuration.

–

All Cisco ASRs (Aggregation Services Routers) in an AppNav Controller Group need to be the same model, with the same ESP (Embedded Services Processor) rate (in Gbps). For example, in an AppNav Controller Group, you cannot have one ASR-1006 40-Gbps ESP and one

ASR-1006 100-Gbps ESP.

–

The same principle is true for using the ISR (Integrated Services Router) 4000 series. You cannot have an ISR-4451 and an ISR-4321 in the same AppNav-XE cluster.

If you are connecting an AppNav Controller (ANC) to a Catalyst 6500 series switch and you have configured the ANC to use the Web Cache Communication Protocol (WCCP) with the L2 redirect method, do not deploy the ANC on the same subnet as the client computers. This configuration can cause packet loss due to a limitation of the Catalyst 6500 series switch.

Note

Although an IOS router can have a dot (“.”) in the hostname, this special character is not allowed in a WAAS device hostname. If you try to import an AppNav-XE device that has a dot in the hostname, the import will fail and the following error message is displayed:

Registration failed for the device devicename ConstraintException; Invalid AppNav-XE name: X.X since name includes invalid character ‘.’.

Cisco WAAS, ASR/CSR, and IOS-XE Interoperability

Table 5

shows Cisco WAAS, ASR/CSR and IOS-XE Interoperability.

Table 5 Cisco WAAS, ASR/CSR, and IOS-XE Interoperability

WAAS Version

5.2.1

5.3.1, 5.3.3, 5.3.5a

5.3.5f

5.4.x

5.5.1

ASR/CSR Series

ASR-1000x/CSR-1000V

ASR-1000x/CSR-1000V

ASR-1000x/CSR-1000V

ASR-1000x/CSR-1000V

ASR-1000x/CSR-1000V

IOS-XE Version Supported

3.9

3.9-3.12

3.15.2, 3.16.01a, 3.16.2, 3.17

3.13

3.13-3.15


15


WAAS Version

5.5.3

5.5.5,x

6.1.1a, 6.2.1x

6.2.3x

ASR/CSR Series

ASR-1000x/CSR-1000V

ASR-1000x/CSR-1000V

ASR-1000x/CSR-1000V

ASR-1000x/CSR-1000V

IOS-XE Version Supported

3.13-3.16

3.13-3.17

3.15.2, 3.16.01a, 3.16.2, 3.17

3.15.2, 3.16.01a, 3.16.2,

3.16.3, 3.17

Cisco WAAS Express Interoperability

Consider the following guideline when using Cisco WAAS Express devices in your Cisco WAAS network:

Note

When Cisco WAAS Express is used on the Cisco Integrated Services Router Generation 2 (ISR G2) with the Cisco VPN Internal Service Module (VPN-ISM) or with Group Encrypted Transport (GETVPN) enabled, the WAAS Express does not optimize FTP data.

To ensure that FTP data is optimized when WAAS Express is used with the Cisco ISR G2, use the ISR

G2's IOS crypto map software.

•

•

For a Cisco WAAS device running WAAS Version 6.x and a Cisco WAAS Express peer device running Cisco IOS Release 15.6(3)M, 15.6(2)T1 or later, TLS1 is supported, but SSL3 is removed.

Before upgrading WAAS Express to one of these IOS releases, configure TLS1 in the WAAS

Express Device Group > Peering Service page, and then upgrade the WAAS Express device to the specified IOS release.

When using a Cisco WAAS device running version 5.x and a Cisco WAAS Express peer device running Cisco IOS Release 15.2(2)T or earlier, connections originating from the Cisco WAAS device and sent to the Cisco WAAS Express peer are passed through instead of being optimized. We recommend upgrading to Cisco WAAS Express in Cisco IOS Release 15.2(3)T or later to take advantage of the latest enhancements.

Note

If you are upgrading the WAAS Express devices to IOS 15.3(3)M image, as part of the AppX/K9

(Application Experience) license support in WAAS Express IOS 15.3(3)M images, you need to upgrade the WAAS Central Manager to WAAS v5.3.1 or later, or else the devices will go offline.

Note

As listed in “Software Version 5.1.1 Open Caveats,” CSCug16298, “WAAS-X to WAAS 5.1.1 connections will be reset when using HTTP acceleration.” We recommend that you do not use HTTP

Application Optimizer (AO) between Cisco WAAS and Cisco WAAS Express unless you are running

Cisco IOS Release 15.3(1)T or later.

Table 6 lists the Cisco WAAS, WAAS Express and IOS Interoperability

16



Table 6 Cisco WAAS, WAAS Express and IOS Interoperability

WAAS Version WAAS Express Platform

5.2.1

89x,19xx, 29xx, 39xx

5.3.1

5.3.5x

5.4.1

5.5.x

6.1.x

6.2.x

89x,19xx, 29xx, 39xx

IOS Version Supported

15.2(4)M, 15.3(1)T

15.2(4)M, 15.3(1)T, 15.3(3)M, 15.4(2)T, 15.5(1)T,

15.5(2)T,

15.5(3)M, 15.6(1)T, 15.6(2)T

Note

39xxE series routers do not support WAAS Express.

WCCP Interoperability

Central Managers running Version 6.2.3x can manage WAEs running software Versions 5.x and later.

However, we recommend that all WAEs in a given WCCP service group be running the same version.

Note

All WAEs in a WCCP service group must have the same mask.

To upgrade the WAEs in your WCCP service group, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

You must disable WCCP redirection on the Cisco IOS router first. To remove the global WCCP configuration, use the following no ip wccp global configuration commands:

Router(config)# no ip wccp 61

Router(config)# no ip wccp 62

Perform the Cisco WAAS software upgrade on all WAEs using the Cisco WAAS Central Manager GUI.

Verify that all WAEs have been upgraded in the Devices pane of the Central Manager GUI. Choose

Devices to view the software version of each WAE.

If mask assignment is used for WCCP, ensure that all WAEs in the service group are using the same

WCCP mask value.

Reenable WCCP redirection on the Cisco IOS routers. To enable WCCP redirection, use the ip wccp global configuration commands:

Router(config)# ip wccp 61

Router(config)# ip wccp 62


17


NTLM Interoperability

Cisco WAAS Version 5.1 and later do not support Windows domain login authentication using the

NTLM protocol. Therefore, upgrading from a Cisco WAAS Version earlier than Version 5.1 with the device configured with Windows domain login authentication using the NTLM protocol is blocked. You must change the Windows domain authentication configuration to use the Kerberos protocol before proceeding with the upgrade.

Follow these steps to change from NTLM to Kerberos Windows domain login authentication:

Step 1

Step 2

Step 3

Step 4

Step 5

Unconfigure Windows domain login authentication. You can do this from the Central manager in the

Configure > Security > AAA > Authentication Methods window.

Change the Windows domain configuration setting to use the Kerberos protocol. You can do this from

Central manager in the Configure > Security > Windows Domain > Domain Settings window. For more information, see “Configuring Windows Domain Server Authentication Settings” in the

“Configuring Administrative Login Authentication, Authorization, and Accounting” chapter of the


.

Perform the Windows domain join again from the Central manager in the Configure > Security >

Windows Domain > Domain Settings window.

Configure Windows domain login authentication from the Central manager in the Configure >

Security > AAA > Authentication Methods window.

Upgrade your device.

Note

If you are upgrading the Central Manager itself from the GUI and the Windows domain login authentication on the Central Manager is configured to use the NTLM protocol, the upgrade fails with the following error logged in the device log:

Error code107: The software update failed due to unknown reason. Please contact Cisco TAC.

To view the device log for the Central Manager, choose the Central Manager device and then choose Admin > Logs > Device Logs. If you see this error, follow the steps above to change the

Central Manager device Windows domain login authentication from NTLM to Kerberos.

If you upgrade the Central Manager itself from the CLI and the upgrade fails due to NTLM being configured, you will get an appropriate error message. Once the Central Manager is upgraded to

Version 5.1, it can detect and display the reason for any upgrade failures for other devices.

Note

Cisco WAAS Version 5.1 and later do not support the Kerberos protocol running with a nonstandard port

(other than port 88). Upgrading from a Cisco WAAS Version earlier than 5.1 with the device configured with the Kerberos protocol on a nonstandard port is blocked. You must change the Kerberos server on your network to listen on port 88 and change the Kerberos configuration on the device to use port 88.

You can do this from the Central manager in the Configure > Security > Windows Domain > Domain

Settings window.

18



If you are trying to upgrade your device from the CLI and the upgrade fails due to NTLM configuration, then the kerberos_validation.sh script is installed on your device. This script can be used to verify that your network supports the Kerberos protocol before changing from NTLM to Kerberos. This script is not available if you are using the Central Manager to upgrade the device.

To run the script, follow these steps:

Step 1

(Optional) Run the Kerberos validation script command with the -help option to display the usage:

CM# script execute kerberos validation.sh -help

Step 2

Help:

This script does basic validation of Kerberos operation, when device is using NTLM protocol for windows-domain login authentication.

It can be used as a pre-validation before migrating from NTLM to Kerberos authentication method.

It does following tests:

1. Active Directory reachability test

2. LDAP server and KDC server availability test

3. KDC service functionality test

For this test to succeed device must have to join the domain before this test, if not have joined already.

4. Test for time offset between AD and Device (should be < 300s)

Script Usage: kerberos_validation.sh [windows-domain name]

For example if Device has joined cisco.com then you need to enter: kerberos_validation.sh cisco.com

Run the Kerberos validation script to verify that your network supports the Kerberos protocol before migrating from NTLM to Kerberos:

CM# script execute kerberos validation.sh windows_domain_name

WARNING: For windows authentication operation in 5.1.1, Device will use service on following ports.

Please make sure they are not blocked for outbound traffic.

==========================================================================================

53 UDP/TCP, 88 UDP/TCP, 123 UDP, 135 TCP, 137 UDP, 139 TCP, 389 UDP/TCP, 445 TCP,

464 UDP/TCP, 3268 TCP

Performing following tests on this device.

Test 1: Active Directory reachability test

Test 2: LDAP server and KDC server availability test

Test 3: KDC service functionality test

For this test to succeed device must have to join the domain before this test, if not have joined already.

Test 4: Test for time offset between AD and Device (should be < 300s)

Tests are in progress. It may take some time, please wait...

Test 1: Active Directory reachability test : PASSED

Test 2: LDAP server and KDC server availability test : PASSED

Test 3: KDC service functionality test : PASSED

Test 4: Test for time offset between AD and Device (should be < 300s) : PASSED

Validation completed successfully!


19

Upgrading from a Release Version to Version 6.2.3x

Step 3

Change the device Windows domain login authentication from NTLM to Kerberos and upgrade your device, as described in the first procedure in this section.

Citrix ICA Interoperability

Citrix ICA versions 7.x (XenApp and XenDesktop) contain changes affecting the optimization efficiency of WAAS compared to that achieved with Citrix ICA versions 6.x. To maximize the effectiveness of WAAS, the Citrix administrator should configure the following:

Adaptive Display: Disabled

Legacy Graphic Mode: Enabled


Upgrading to WAAS Version 6.2.3x is supported from WAAS Version 4.2.1 and later. For information on upgrade paths, see

Upgrade Paths and Considerations for Version 6.2.3x

.

To take advantage of new features and bug fixes, we recommend that you upgrade your entire deployment to the latest version. For an overview of the upgrade process from a release version to

Version 6.2.3xx, see

Workflow: Upgrading from a Release Version to Version 6.2.3x

.


•

Upgrade Paths and Considerations for Version 6.2.3x

•

•

Workflow: Upgrading from a Release Version to Version 6.2.3x

–

Upgrade Part 1: Create a Backup of the Primary WAAS CM Database

–

–

Upgrade Part 2: Upgrade the Standby WAAS CM

Upgrade Part 3: Upgrade the Primary WAAS CM

–

–

–

–

–

Upgrade Part 4: Upgrade the Branch WAE Devices

Upgrade Part 5: Upgrade the Data Center WAAS Software

Upgrade Part 6: Upgrade Each Data Center WAE

Upgrade Part 7: WCCP and Migration Processes

Upgrade Part 8: Post-Upgrade Tasks

Migrating a WAAS CM from an Unsupported to a Supported Platform

•

•

Migrating a Physical Appliance Being Used as a WAAS CM to a vCM

Ensuring a Successful RAID Pair Rebuild

For additional upgrade information and detailed procedures, refer to the

Cisco Wide Area Application

Services Upgrade Guide

.

Upgrade Paths and Considerations for Version 6.2.3x


•

•

•

Upgrade Paths for WAAS Version 6.2.3x

Upgrading from Cisco WAAS Version 5.x and Later to Version 6.2.3x

Upgrading from Cisco WAAS Version 4.2.x to Version 6.2.3x

20



Upgrade Paths for WAAS Version 6.2.3x

Upgrading to WAAS Version 6.2.3x is supported from WAAS Version 4.2.x and later.

Table 7 shows the

upgrade path for each of these versions.

Table 7

4.2.x

Upgrade Paths to WAAS Version 6.2.3x

Current WAAS Version

5.5.3 and later

4.3.x through 5.5.1

WAAS CM Upgrade Path

•

1.

2.

1.

2.

3.

Upgrade directly to 6.2.3x

Upgrade to 5.5.3, 5.5.5x

(5.5.5, 5.5.5a), or 5.5.7

Upgrade to 6.2.3x

Upgrade to version 4.3.x through 5.4.x

Upgrade to 5.5.3 or 5.5.5x

(5.5.5, 5.5.5a), or 5.5.7

Upgrade to 6.2.3x

WAAS Upgrade Path

•

Upgrade directly to 6.2.3x

1.


2.

Upgrade to 6.2.3x

1.

2.

3.

Upgrade to version 4.3.x through 5.4.x


Upgrade to 6.2.3x

Note

When you upgrade from WAAS Software Version 5.5.x to 6.2.3b, the expired SSL certificates do not get removed automatically and show up in the alarms.

Upgrading from Cisco WAAS Version 5.x and Later to Version 6.2.3x


•

•

WAAS Version 5.1 and Later: NTLM

WAAS Version 5.2 and Later: Usernames

•

•

•

WAAS Version 5.3 and Later: Name and Description Fields

WAAS Version 6.2.3x: vWAAS

WAAS Version 6.2.3x: vCM-100 with RHEL KVM or KVM on CentOS

WAAS Version 5.1 and Later: NTLM

Cisco WAAS Version 5.1 and later do not support NTLM Windows domain authentication or use of a nonstandard port (other than port 88) for Kerberos authentication.

•

•

Upgrading from a Cisco WAAS Version earlier than 5.1 is blocked if either of these configurations are detected. You must change these configurations and ensure that your domain controller is configured for Kerberos authentication before proceeding with the upgrade.

A script is provided to verify that your network supports Kerberos protocol before migrating from

NTLM. For more information, see

NTLM Interoperability

. If no application is using the unsupported configurations on the device, then remove the unsupported configurations to upgrade.

WAAS Version 5.2 and Later: Usernames

Cisco WAAS Version 5.2 and later restrict the characters used in usernames to letters, numbers, period, hyphen, underscore, and @ sign, and a username must start with a letter or number.


21


Any username not meeting these guidelines is prevented from logging in. Prior to upgrading the Central

Manager to Version 5.2 or later, we recommend that you change any such usernames to valid usernames to allow login.

For local users—Change usernames in the Central Manager Admin > AAA > Users page.

For remotely authenticated users—Change usernames on the remote authentication server.

Note

Prior to upgrading the Central Manager to Version 5.2 or later, we strongly encourage you to change any usernames that use restricted characters; however if you must maintain existing usernames unchanged, please contact Cisco TAC.

WAAS Version 5.3 and Later: Name and Description Fields

Cisco WAAS Version 5.3 and later restricts the use of characters in the name and description field to alphanumeric characters, periods (.), hyphens (-), underscores (), and blank spaces when you create custom reports. When you upgrade from Cisco WAAS Version 4.x and you have custom reports that have special characters in the name or description field, Cisco WAAS automatically removes the special characters from the report name and description, and logs the modification in the Centralized

Management System (CMS) logs.

WAAS Version 6.2.3x: vWAAS

When upgrading vWAAS, do not upgrade more than five vWAAS nodes at the same time on a single

UCS box. Upgrading more than five vWAAS nodes at the same time may cause the vWAAS devices to go offline and diskless mode.

WAAS Version 6.2.3x: vCM-100 with RHEL KVM or KVM on CentOS

If you upgrade to WAAS Version 6.2.3x, or downgrade from WAAS Version 6.2.3x to an earlier version, and use a vCM-100 model with the following parameters, the vCM-100 may not come up due to GUID

Partition Table (GPT) boot order errors.

•

•

•

vCM-100 has default memory size of 2 GB vCM-100 uses the RHEL KVM or KVM on CentOS hypervisor

You use either the restore factory-default command or the restore factory-default preserve

basic-config command

Note

The restore factory-default command erases user-specified configuration information stored in the flash image, including the starting configuration of the device, and also removes data from the disk, user-defined partitions, and the entire Central Manager database.

To resolve this situation, follow these steps:

1.

2.

Power down the vWAAS using the virsh destroy vmname command or the virt manager.

Power up the vWAAS using the virsh start vmname command or the virt manager.

This upgrade/downgrade scenario does not occur for vCM-100 models whose memory size is upgraded to 4 GB.

22



Upgrading from Cisco WAAS Version 4.2.x to Version 6.2.3x

When you upgrade from Cisco WAAS Version 4.x, you must reconfigure the custom EPM policy for a device or device group. You must first restore the default policy setting by selecting the Restore default

Optimization Policies link for the device group in the Modifying Device Group window and then

reconfigure your custom policy rules for the device. For more information on upgrade paths, see Table 7 .

Workflow: Upgrading from a Release Version to Version 6.2.3x

To upgrade from a Release Version to Version 6.2.3x, complete the tasks listed in

Table 8

.

Table 8 Workflow: Upgrading from a Release Version to Version 6.2.3x

Workflow Task

•

Upgrade Part 1: Create a Backup of the Primary WAAS CM Database

Description

•

Before you start the upgrade process from a release version to Version 6.2.3x, create a backup of the primary WAAS CM database and save it to a remote location.

•

Upgrade Part 2: Upgrade the

Standby WAAS CM

•

•


Primary WAAS CM

•

If your WAAS system has a standby WAAS CM, upgrade the standby WAAS CM before you upgrade the primary WAAS CM.

Upgrade the primary WAAS CM, including verifying that the new WAAS image is loaded correctly, verifying connectivity between WAAS CM and all

WAE devices, and verifying that all WAE devices are online.

•

•

•

3.

4.

Upgrade Part 4: Upgrade the Branch

WAE Devices

Upgrade Part 5: Upgrade the Data

Center WAAS Software

Upgrade Part 6: Upgrade Each Data

Center WAE

Upgrade Part 7: WCCP and

Migration Processes

•

•

•

•

Upgrade the branch WAE devices, including verifying that new WAAS image is loaded correctly, verifying that correct licenses are installed, and saving the new configuration.

Upgrade the data center WAAS software, including upgrading each data center WAE device.

Upgrade each data center WAE device, including disabling and re-enabling WCCP

For information on the sets of tasks to enable and reconfigure WCCP, and information on configuring accelerators, switches and routers for migration, see the

Cisco Wide Area Application Services Upgrade

Guide

.

Upgrade Part 8: Post-Upgrade Tasks

•

After you complete the WAAS system upgrade to

Version 6.2.3x, perform tasks including clearing your browser cache, verifying licenses, and verifying proper configuration of applications accelerators, policies, and class maps.


23


Upgrade Part 1: Create a Backup of the Primary WAAS CM Database


•

Prerequisite for Primary WAAS CM Database Backup

•

Creating a Primary WAAS CM Database Backup

Prerequisite for Primary WAAS CM Database Backup

Note the following different CMS database backup scenarios, depending on the size of /sw and /swstore:

•

If you are upgrading your vCM, vWAAS, ISR-WAAS, or SRE device from an earlier WAAS version to WAAS Version 6.2.3x, and the /sw and /swstore partition size is less than 2GB, you must back up the CMS database before creating a backup of the primary WAAS CM database, following the instructions described in the

Caution

note.

•

•

For devices using WAAS Version 5.x, the /sw and /swstore partition size is 1GB, so you must back up the CMS database, you must back up the CMS database before creating a backup of the primary

WAAS CM database, following the instructions described in the Caution note.

For devices using WAAS Version 6.x, the /sw and /swstore partition size is 2GB, so you do not need to create a backup of the CMS database before creating a backup of the primary WAAS CM database.

Caution

If you are upgrading your WAAS device from an earlier WAAS version to WAAS Version 6.2.3x, and

the /sw and /swstore partition size is less than 2 GB, it is crucial that you create a backup of the WAAS

CM database and save it to an external file (FTP/SFTP) before you upgrade to WAAS Version 6.2.3x.

The upgrade process on this type of configuration will automatically clear system and data partition, which will erase the WAAS CM database.

After upgrade is complete, restore the saved WAAS CM database to your system.

Creating a Primary WAAS CM Database Backup

Before upgrading to WAAS Version 6.2.3x, follow these steps to create a backup of the WAAS CM database:

Step 1

Step 2

Step 3

Step 4

Step 5

Use Telnet or SSH to access the primary WAAS CM IP address.

Create the database backup, using the cms database backup command: waas-cm# cms database backup

The cms database backup command displays the following information: creating backup file with label ‘backup’ backup file local1/filename filedate.dump is ready. use ‘copy’ command to move the backup file to a remote host.

Copy the backup database file to a remote location, using the copy disk command: waas-cm# copy disk ftp hostname ip-address remotefiledir remotefilename localfilename

Verify that the backup file was copied correctly by verifying file size and time stamp.

24



Upgrade Part 2: Upgrade the Standby WAAS CM

Follow these steps to upgrade the standby WAAS CM, if present in your WAAS system.

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

Step 8

Use Telnet or SSH to access the standby WAAS CM IP address:

Copy the new software image to the standby WAAS CM with the WAAS CLI copy ftp command.

The following example shows the file in the root directory. Provide the correct path on your WAAS system, if different from the root directoy path.

wae# copy ftp install ftpserver / waas-image.bin

Reload the standby WAAS CM, using the reload command

Verify that the new image is loaded correctly, using the show version command.

To confirm connectivity, ping the primary WAAS CM and branch WAE devices.

Wait at least five minutes.

To ensure that the database has been synchronized, confirm the database last synchronization time, using the show cms info command.

From the primary WAAS CM, confirm that the status indicator for the standby WAAS CM is online and green.

Upgrade Part 3: Upgrade the Primary WAAS CM

Perform the following tasks before you upgrade the primary WAAS CM:

•

Before upgrading the primary WAAS CM, create a backup copy of the primary WAAS CM database.

For more information, see

Upgrade Part 1: Create a Backup of the Primary WAAS CM Database .

•

If your WAAS system has a standby WAAS CM, you must upgrade the standby WAAS CM before you upgrade the primary WAAS CM. For more information, see


Standby WAAS CM .

Follow these steps to upgrade the primary WAAS CM.

Step 1

Step 2

Step 3

Use Telnet or SSH to access the primary WAAS CM IP address:

Copy the new software image to the primary WAAS CM, either from the WAAS CM or the CLI.

From the WAAS CM:

a.

b.

In the Standby WAAS CM, navigate to Admin > Versioning > Software Update.

From the Software Files listing, select the new software version.

c.

Click Submit.

From the CLI:

a.

Use the copy ftp command.



Copy the new Version 6.2.3x software image to the primary WAAS CM, using the copy ftp command:


25



Note

This example shows the file in the root directory. Provide the correct path on your WAAS system, if different from the root directory path.

Step 4

Step 5

Step 6

Step 7

Step 8

Step 9

Reload the primary WAAS CM, using the reload command

Verify that the new Version 6.2.3x image is loaded correctly, using the show version command.

To confirm connectivity, ping the standby WAAS CM (if present in your WAAS system) and branch

WAE devices.

Confirm that the CMS services are running, using the show cms info command.

Choose Devices > All Devices and verify that all WAE devices are online.

Choose Device Groups > AllWAASGroups > Assign Devices and verify that each WAE device is listed with a green check mark.

Upgrade Part 4: Upgrade the Branch WAE Devices

Before you upgrade the branch WAE devices, verify that you have completed the following tasks:

•

Created a backup copy of the primary WAAS CM database. For more information, see

Upgrade Part

1: Create a Backup of the Primary WAAS CM Database

.

•

•

Upgraded the standby WAAS CM, if one is present on your WAAS system. For more information, see

Upgrade Part 2: Upgrade the Standby WAAS CM .

Upgraded the primary WAAS CM. For more information, see

Upgrade Part 3: Upgrade the Primary

WAAS CM .

Follow these steps to upgrade the branch WAE devices.

Step 1

Step 2

Step 3

Step 4

Step 5

Access the primary WAAS CM GUI: https://cm-ip-address:8443

Verify that all WAE devices are online (displaying green).

Resolve any alarm conditions that may exist.

Copy the new software image to the branch WAE, either from the WAAS CM or the CLI.

From the WAAS CM:

a.

In the branch WAE, navigate to Admin > Versioning > Software Update.

b.

c.


Click Submit.

From the CLI:

a.

Use the copy ftp command. You can use either Universal or Accelerator-only images.



Reload the WAE using the reload command.


26


Step 6

Step 7

Step 8

Step 9

Step 10

Step 11

Step 12

Verify that the new Version 6.2.3x software image has installed correctly, using the show version command.

Verify that the correct licenses are installed, using the show license command.

If you have purchased an Enterprise license and have enabled it, proceed to Step 10 .

If you have purchased an Enterprise license and have not yet enabled it, perform the following tasks:

a.

Clear the Enterprise license, using the clear license transport command.

b.

Add the Enterprise license, using the license add enterprise command.

Save the changed configuration, using the copy running-config startup-config command.

From the primary WAAS CM, choose Devices > branchWAE, to verify that the WAE device is online and has a green status.

Verify the following WAE device functionalities:

a.

b.

If you are using WCCP for traffic interception, verify that WCCP is working properly, using the

show running -config wccp command.

(Optional) Confirm that flows are being optimized, using the show statistics connection command.

c.

1.

Confirm that the Enterprise license is enabled, using the show license command.

If you have purchased the Enterprise license and it is enabled, proceed to

Step 12 .

If you have purchased an Enterprise license and have not yet enabled it, perform the following tasks:

Clear the Transport license, using the clear license transport command.

2.

3.

Add the Enterprise license, using the license add enterprise command.


The branch WAE devices within the active WAAS network are now upgraded to the current WAAS

Version 6.2.3x.

Upgrade Part 5: Upgrade the Data Center WAAS Software

Follow these steps to upgrade the data center WAAS software.

Step 1

Step 2

Step 3

Step 4

Access the primary WAAS CM GUI: https://cm-ip-address:8443

Verify that all WAE devices are online (displaying green).

Resolve any alarm conditions that may exist.

Upgrade each data center WAE (

Upgrade Part 6: Upgrade Each Data Center WAE ).


27


Note

For deployments using WCCP as the traffic interception method, each data center WAE is automatically removed from the interception path. If your deployment does not use WCCP, use one of the following methods to remove each data center WAE from the interception path during the upgrade process:

For an inline deployment, use the interface InlineGroup slot/grpnumber shutdown global configuration command to bypass traffic on the active inline groups.

For a deployment using serial inline cluster, shut down the interfaces on the intermediate WAE in the cluster, then shut down the interfaces on the optimizing WAE in the cluster.

Upgrade Part 6: Upgrade Each Data Center WAE

Follow these steps to upgrade each data center WAE.

Step 1

Step 2

Use the following sequence of commands to disable WCCP on the WAE and allow a graceful termination of existing TCP flows that are optimized by WAAS:

a.

Disable WCCP with the no wccp tcp-promiscuous service-pair serviceID serviceID global configuration command.

b.

c.

Wait until the countdown expires, or use CTL-C to skip the countdown.

Verify that WCCP is disabled, using the show wccp status command.

d.


(Optional) Disable WCCP on the intercepting router or switch, using the no ip wccp global configuration command.

Note

We recommend this step only if the Cisco IOS release on the router or switch has not been scrubbed for WCCP issues for your specific platform.

Step 3

Step 4

Step 5

(Optional) Verify that WCCP is disabled, using the show ip wccp command, if you have used

Step 2 .

Upgrade the data center WAE software:

Copy the new software image to the data center WAE, either from the WAAS CM or the CLI.

From the WAAS CM:

a.

In the data center WAE, navigate to Admin > Versioning > Software Update.

b.

c.


Click Submit.

From the CLI:

a.

Use the copy ftp command. You can use either Universal or Accelerator-only images.




28


Step 6

Step 7

Step 8

Step 9

Step 10

Step 11

Step 12

Step 13

Reload the WAE using the reload command.

Verify that the new Version 6.2.3x software image has installed correctly, using the show version command.

Verify that WCCP is disabled, using the show wccp status command.


From the primary WAAS CM, choose Devices > branchWAE, to verify that the WAE device is online and has a green status.

(Optional) Enable WCCP on all intercepting routers or switches in the list, if you have used

Step 2

.

a.

Telnet to each core router or switch.

b.

Enable WCCP, using the ip wccp 61 redirect-list acl-name command and the ip wccp 62

redirect-list acl-name command.

•

WCCP Service ID 61—Source IP address. The WCCP Service ID (service group) is applied closest to the LAN interface.

•

•

WCCP Service ID 62—Destination IP address. The WCCP Service ID (service group) is applied closest to the WAN interface.

You can change the WCCP redirect list as needed by changing the redirect in/out statement.

Verify the following WAE device functionalities:

a.

Enable WCCP, using the wccp tcp-promiscuous service-pair serviceID serviceID global configuration command. If you are using WCCP single-service, use the wccp tcp-promiscuous

serviceID global configuration command.

b.

c.

d.

e.

Verify that redirecting router IDs are seen, using the show wccp routers command.

Verify that all WAEs in the cluster are seen, using the show wccp clients command.

Verify that the packet count to the WAE is increasing and no loops are detected, using the show wccp

statistics command.

Verify that the buckets assigned for Service Group 61 match those of Service Group 62, and are assigned to the WAE, using the show wccp flows tcp-promiscuous detail command.

f.

g.

Verify that flows are being optmized, using the show statistics connection command.

If you are using WCCP for traffic interception, verify that WCCP is working properly, using the

show running -config wccp command.

Each data center WAE within the active WAAS network is now upgraded to the current WAAS Version

6.2.3x.

Upgrade Part 7: WCCP and Migration Processes

For information on the sets of tasks to enable and reconfigure WCCP, and information on configuring accelerators, switches and routers for migration, see the

Cisco Wide Area Application Services Upgrade

Guide

.

Upgrade Part 8: Post-Upgrade Tasks

Perform the following tasks after you have completed the upgrade to WAAS Version 6.2.3x:


29


•

•

•

•

•

•

After upgrading a Central Manager, you must clear your browser cache, close the browser, and restart the browser before reconnecting to the Central Manager.

After upgrading application accelerator WAEs, verify that the proper licenses are installed by using the show license EXEC command. The Transport license is enabled by default. If any of the application accelerators were enabled on the device before the upgrade, you should enable the

Enterprise license. Configure any additional licenses as needed by using the license add EXEC command. For more information on licenses, see the “Managing Software Licenses” section in the


. a;lkdsjhf;laksjf

After upgrading application accelerator WAEs, verify that the proper application accelerators, policies, and class maps are configured. For more information on configuring accelerators, policies, and class maps, see the “Configuring Application Acceleration” chapter in the

Cisco Wide Area

Application Services Configuration Guide

.

If you use the setup utility for basic configuration after upgrading to 6.2.3x, WCCP router list 7 is used. Because the setup utility is designed for use on new installations, any existing configuration for WCCP router list 7 is replaced with the new configuration.

If you have two Central Managers that have secure store enabled and you have switched primary and standby roles between the two Central Managers, before upgrading the Central Managers to Version

6.2.3x, you must reenter all passwords in the primary Central Manager GUI. The passwords that need to be reentered include user passwords. If you do not reenter the passwords, after upgrading to

Version 6.2.3x, the Central Manager fails to send configuration updates to WAEs and the standby

Central Manager until after the passwords are reentered.

If you use the setup utility for basic configuration after upgrading to 6.2.3x, WCCP router list 7 is used. Because the setup utility is designed for use on new installations, any existing configuration for WCCP router list 7 is replaced with the new configuration.

Migrating a WAAS CM from an Unsupported to a Supported Platform

If you have a Cisco WAAS Central Manager that is running on a hardware platform that is unsupported in Version 6.1 and later (such as a WAE-274/474/574/674/7341/7371), you are not allowed to upgrade the device to Version 6.1 or later. You must migrate the WAAS CM to a supported platform by following the procedure in this section, which preserves all of the WAAS CM configuration and database information.

Caution

Database backup is intended for recovery of the current WAAS CM only. Restoring to a different device will retain the device identity and will not allow you to re-use the current hardware in a different role. If you want to migrate the service to a new device, register the device as a standby WAAS CM first, and then change its role after database synchronization.

Follow these steps to migrate a primary WAAS CM from an unsupported platform to a platform that is supported for WAAS Version 6.2.3x:

Step 1

From the primary Central Manager CLI, create a database backup by using the cms database backup

EXEC command. Move the backup file to a separate device by using the copy disk ftp command.

CM# cms database backup

Creating database backup file backup/cms-db-03-18-2016-15-08_5.0.1.0.15.dump

Backup file backup/cms-db-03-18-2016-15-08_5.0.1.0.15 is ready.

Please use `copy' commands to move the backup file to a remote host.

CM# cd /local1/backup

CM# copy disk ftp 10.11.5.5 / cm-backup.dump cms-db-03-18-2016-15-08_5.0.1.0.15.dump


30


Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

Display and write down the IP address and netmask of the Central Manager.

CM# show running-config interface primary-interface GigabitEthernet 1/0

!

interface GigabitEthernet 1/0

ip address 10.10.10.25 255.255.255.0

exit interface GigabitEthernet 2/0

shutdown

exit

!

Shut down all the interfaces on the primary Central Manager.

CM# configure

CM(config)# interface GigabitEthernet 1/0 shutdown

Replace the existing Central Manager device with a new hardware platform that can support

Cisco WAAS Version 6.1. Ensure that the new Central Manager device is running the same software version as the old Central Manager.

Configure the new Central Manager with the same IP address and netmask as the old Central Manager.

You can do this in the setup utility or by using the interface global configuration command.

newCM# configure newCM(config)# interface GigabitEthernet 1/0 ip address 10.10.10.25 255.255.255.0

Copy the backup file created in Step 1 from the FTP server to the new Central Manager.

newCM# copy ftp disk 10.11.5.5 / cm-backup.dump cms-db-03-18-2016-15-08_5.0.1.0.15.dump

Restore the database backup on the new Central Manager by using the cms database restore command.

Use option 1 to restore all CLI configurations.

newCM# cms database restore backup/cms-db-03-18-2016-15-08_5.0.1.0.15.dump

Backup database version is from an earlier version than the current software version.

Restored data will be automatically upgraded when cms services are enabled.

Restoring the backed up data. Secure-Store will be re-initialized.

Successfully migrated key store

***** WARNING : If Central Manager device is reloaded, you must reopen Secure Store with the correct passphrase. Otherwise Disk encryption, SSL, AAA and other secure store dependent features may not operate properly on WAE(s).*****

Successfully restored secure-store. Secure-store is initialized and opened.

Overwrite current key manager configuration/state with one in backup (yes|no) [no]?yes

Restoring CLI running configuration to the state when the backup was made. Choose type of restoration.

1. Fully restore all CLI configurations.

2. Partially restore CLI configurations, omitting network configuration settings.

3. Do not restore any CLI configurations from the backup.

Please enter your choice : [2] 1

Please enable the cms process using the command 'cms enable' to complete the cms database restore procedure.

Database files and node identity information successfully restored from file

`cms-db-03-18-2016-15-08_5.0.1.0.15.dump'

Step 8

Step 9

Enable the CMS service.

newCM# configure newCM(config)# cms enable

Verify that the Central Manager GUI is accessible and all Cisco WAAS devices are shown in an online state in the Devices window.


31


Step 10

(Optional) If you have a standby Central Manager that is running on unsupported hardware and is registered to the primary Central Manager, deregister the standby Central Manager.

standbyCM# cms deregister

Step 11

Step 12

Step 13

Upgrade the primary Central Manager to Cisco WAAS Version 6.2.3x. You can use the Central Manager

Software Update window or the copy ftp install command.

Verify that the Central Manager GUI is accessible and all Cisco WAAS devices are shown in an online state in the Devices window.

(Optional) Register a new standby Central Manager that is running Cisco WAAS Version 5.1.x or later.

.

.

.

newstandbyCM# configure newstandbyCM(config)# device mode central-manager newstandbyCM(config)# exit newstandbyCM# reload

Wait for the device to reload, change the Central Manager role to standby, and register the standby

Central Manager to the primary Central Manager.

newstandbyCM# configure newstandbyCM(config)# central-manager role standby newstandbyCM(config)# central-manager address 10.10.10.25 newstandbyCM(config)# cms enable

Migrating a Physical Appliance Being Used as a WAAS CM to a vCM

Follow these steps to migrate a physical appliance being used as a primary WAAS CM to a vCM:

Step 1

Step 2

Step 3

Step 4

Introduce vCM as the Standby Central Manager by registering it to the Primary Central Manager.

Configure both device and device-group settings through Primary CM and ensure that devices are getting updates. Wait for two to three data feed poll rate so that the Standby CM gets configuration sync from the Primary CM.

Ensure that the Primary CM and Standby CM updates are working.

Switch over CM roles so that vCM works as Primary CM. For more information, see the “Converting a

Standby Central Manager to a Primary Central Manager” section of the

Cisco Wide Area Application

Services Configuration Guide .

32


Downgrading from Version 6.2.3x to a Previous Version

Ensuring a Successful RAID Pair Rebuild

RAID pairs rebuild on the next reboot after you use the restore factory-default command, replace or add a hard disk drive, delete disk partitions, or reinstall Cisco WAAS from the booted recovery

CD-ROM.

Caution

You must ensure that all RAID pairs are done rebuilding before you reboot your WAE device. If you reboot while the device is rebuilding, you risk corrupting the file system.

To view the status of the drives and check if the RAID pairs are in “NORMAL OPERATION” or in

“REBUILDING” status, use the show disk details command in EXEC mode. When you see that RAID is rebuilding, you must let it complete that rebuild process. This rebuild process may take several hours.

If you do not wait for the RAID pairs to complete the rebuild process before you reboot the device, you may see the following symptoms that could indicate a problem:

•

The device is offline in the Central Manager GUI.

•

•

CMS cannot be loaded.

Error messages say that the file system is read-only.

•

The syslog contains errors such as “Aborting journal on device md2,” “Journal commit I/O error,”

“Journal has aborted,” or “ext3_readdir: bad entry in directory.”

Other unusual behaviors occur that are related to disk operations or the inability to perform them.

•

If you encounter any of these symptoms, reboot the WAE device and wait until the RAID rebuild finishes normally.



•

Downgrading the WAAS System from Version 6.2.3x to a Previous Version

•

Downgrading the WAAS CM from Version 6.2.3x to a Previous Version

Downgrading the WAAS System from Version 6.2.3x to a Previous Version


•

•

Downgrade Path Considerations

Downgrade Component and Data Considerations

Downgrade Path Considerations

•

•

Downgrading from 6.2.3x is supported to 6.2.1x, 6.1.1a, 6.1.1, 5.5.7, 5.5.5a, 5.5.5 and 5.5.3.

Downgrading directly from 6.x to a version earlier than 5.5.3 is not supported.

On the Cisco 4451-X Integrated Services Router running ISR-WAAS, downgrading to a version earlier than 5.2.1 is not supported.


33


•

•

•

•

On the UCS E-Series Server Module installed in a Cisco ISR G2 Router and running vWAAS, downgrading to a version earlier than 5.1.1 is not supported. On the UCS E-Series Server Module installed in the Cisco 4451-X Integrated Services Router and running vWAAS, downgrading to a version earlier than 5.2.1 is not supported. On other vWAAS devices you cannot downgrade to a version earlier than 4.3.1.

On WAVE-294/594//8541 models with solid state drives (SSDs) you cannot downgrade to a version earlier than 5.2.1.

On WAVE-694 model with solid state drives (SSDs), you cannot downgrade to a version earlier than

5.5.1.

On vCM-500/vCM-1000, you cannot downgrade to a version earlier than 5.5.1.

Downgrade Component and Data Considerations

•

•

•

•

•

Locked-out user accounts are reset upon a downgrade.

Any reports and charts that are not supported in the downgrade version are removed from managed and scheduled reports when you downgrade to an earlier version. Any pending reports that were carried forward from an upgrade from a version earlier than 5.0 are maintained.

When downgrading to a version earlier than 4.4.1, the DRE cache is cleared and the DRE caching mode for all application policies is changed to bidirectional (the only available mode prior to 4.4.1).

Before downgrading a WAE, we recommend that you use the Central Manager GUI to change all policies that are using the new Unidirectional or Adaptive caching modes to the Bidirectional caching mode.

Current BMC (Baseboard Management Controller) settings are erased and restored to factory default settings when you downgrade Cisco WAAS to a version earlier than 4.4.5.

If you have configured disk cache for ISR-WAAS device, downgraded from 6.2.3x to 5.5.3, and then restore rollback to 6.1.1x, you must reload the disk cache configuration for the new configuration to take effect. If you do not perform a reload after the rollback to 6.2.3x, the new configuration will not take effect, and output from the show disks cache-details command will display the error message "Disk cache has been configured. Please reload for the new configuration to take effect."

Downgrading the WAAS CM from Version 6.2.3x to a Previous Version


•

•

•

WAAS CM Downgrade Path Considerations

WAAS CM Downgrade Procedure Considerations

Procedure for Downgrading the WAAS CM to a Previous Version

WAAS CM Downgrade Path Considerations

•

•

•

Downgrading from 6.2.3x WAAS CM directly to a version earlier than Version 5.5.3 is blocked.

If the 6.2.3x WAAS CM is downgraded to a version earlier than 5.2.1, it can no longer manage

AppNav-XE clusters and devices and all related configuration records are removed.

When downgrading a 6.2.3x WAAS CM to a version earlier than 4.4.1, and secure store is in auto-passphrase mode, the downgrade is blocked. You must switch to user-passphrase mode before you can downgrade to a software version that does not support auto-passphrase mode.

34



WAAS CM Downgrade Procedure Considerations

•

As it applies to your WAAS CM and the current version of your WAAS system, perform the following tasks before a WAAS CM downgrade:

–

–

If you have a standby Central Manager, it must be registered to the primary Central Manager

before the downgrade.

Prior to downgrading the WAAS CM to a version up to 5.2.1, you must remove Backup WNG from the AppNav-XE cluster and verify that the WAAS CM and AppNav-XE device are in sync.

–

Before downgrading to a version earlier than 4.4.1, we recommend that you change the following WCCP parameters, if they have been changed from their default values:

——Change service IDs back to their default values of 61 and 62.

——Change the failure detection timeout back to the default value of 30 seconds.

Note

Only these WCCP default values are supported in versions prior to 4.4.1; any other values are lost after the downgrade. If a WAE is registered to a Central Manager, it is configured with the default service IDs of 61 and 62 after it is downgraded and comes back online.

•

•

Each of the following WAAS CM downgrade procedures requires a particular task sequence:

–

–

If the WAAS CM is downgraded to a version up to 5.2.1 and if the AppNav-XE cluster has more than 32 WAAS nodes: prior to downgrade, we recommend that you reduce the number of WAAS nodes to a maximum of 32 WAAS nodes.

When downgrading Cisco WAAS devices, first downgrade application accelerator WAEs, then the standby Central Manager (if you have one), and lastly the primary Central Manager.

When downgrading an AppNav Controller device to a version earlier than 5.0.1, you must perform the following tasks:

1.

Deregister the device from the WAAS CM.

2.

3.

4.

Change the device mode to application-accelerator.

Downgrade the device.

Re-register the device (or, alternatively, you can reregister the device before downgrading).

If you do not deregister the device before downgrading, the device goes offline and the device mode is not set correctly. In that case, use the cms deregister force EXEC command to deregister the device and then reregister it by using the cms enable global configuration command.

Note

All Cisco WAAS nodes in an AppNav deployment must be running Cisco WAAS version 5.0 or later.

Procedure for Downgrading the WAAS CM to a Previous Version

To downgrade the Cisco WAAS Central Manager (not required for WAE devices), follow these steps:

Step 1

(Optional) From the Central Manager CLI, create a database backup by using the cms database backup

EXEC command. Move the backup file to a separate device by using the copy disk ftp command.


35

Cisco WAE and WAVE Appliance Boot Process

Step 2

CM# cms database backup

Creating database backup file backup/cms-db-03-18-2016-15-08_5.0.1.0.15.dump

Backup file backup/cms-db-02-18-2016-15-08_5.0.1.0.15 is ready.

Please use `copy' commands to move the backup file to a remote host.

CM# cd /local1/backup

CM# copy disk ftp 10.11.5.5 / 06-28-backup.dump cms-db-03-18-2016-15-08_5.0.1.0.15.dump

Install the downgrade Cisco WAAS software image by using the copy ftp install EXEC command.

CM# copy ftp install 10.11.5.5 waas/4.4 waas-universal-4.4.5c.4-k9.bin

Note

After downgrading a WAAS CM, you must clear your browser cache, close the browser, and restart the browser before reconnecting to the Central Manager.

Step 3

Reload the device.

Note

Downgrading the database may trigger full updates for registered devices. In the WAAS CM GUI, ensure that all previously operational devices come online.

Cisco WAE and WAVE Appliance Boot Process

To monitor the boot process on Cisco WAE and WAVE appliances, connect to the serial console port on the appliance as directed in the Hardware Installation Guide for the respective Cisco WAE and WAVE appliance.

Cisco WAE and WAVE appliances may have video connectors that should not be used in a normal operation. The video output is for troubleshooting purposes only during BIOS boot and stops displaying output as soon as the serial port becomes active.

Operating Considerations

This section includes operating considerations that apply to Cisco WAAS Software Version 6.2.3x:

•

•

Central Manager Report Scheduling

In the Cisco WAAS Central Manager, we recommend running system wide reports in device groups of 250 devices or less, or scheduling these reports at different time intervals, so multiple system wide reports are not running simultaneously and do not reach the limit of the HTTP object cache.

Cisco WAAS Express Policy Changes

Making policy changes to large numbers of Cisco WAAS Express devices from the Central Manager may take longer than making policy changes to Cisco WAAS devices.

•

HTTP Object Cache and Akamai Connect

HTTP application optimization with Akamai Connect (HTTP object cache) may deliver unexpected

HTTP objects to a client, which may create a risk of delivering malicious content. This scenario can occur after a different—erroneously configured, or otherwise failing—client device has retrieved the object with a matching URL from an invalid HTTP server. A check for this scenario will be implemented in a future WAAS release.


36

Operating Considerations

Device Group Default Settings

When you create a device group in WAAS Version 6.2.3x, the Configure > Acceleration > DSCP

Marking page is automatically configured for the group, with the default DSCP marking value of copy.

•

Using Autoregistration with Port-Channel and Standby Interfaces

Autoregistration is designed to operate on the first network interface and will not work if this interface is part of a port-channel or standby. Do not enable the auto-register global configuration command when the interface is configured as part of a port-channel or standby group.

CIFS Support of FAT32 File Servers

The CIFS accelerator does not support file servers that use the FAT32 file system. You can use the policy rules to exclude from acceleration any file servers that use the FAT32 file system.

Using the HTTP Accelerator with the Cisco ASR 1000 Series Router and

WCCP

When using the Cisco ASR 1000 Series router and WCCP to redirect traffic to a WAE that is using

WCCP GRE return as the egress method and the HTTP accelerator is enabled, there may be an issue with

HTTP slowness due to the way the ASR router handles proxied HTTP connections (see CSCtj41045 ).

To work around this issue, on the ASR router, create a web cache service in the same VRF as that of the

61/62 service by using the following command: ip wccp [vrf vrf-name] web-cache

•

•

Disabling WCCP from the Central Manager

If you use the Central Manager to disable WCCP on a Cisco WAAS device, the Central Manager immediately shuts down WCCP and closes any existing connections, ignoring the setting configured by the wccp shutdown max-wait global configuration command (however, it warns you). If you want to gracefully shut down WCCP connections, use the no enable WCCP configuration command on the Cisco WAAS device.

Changing Device Mode To or From Central Manager Mode

If you change the device mode to or from Central Manager mode, the DRE cache is erased.

•

•

•

TACACS+ Authentication and Default User Roles

If you are using TACACS+ authentication, we recommend that you do not assign any roles to the default user ID, which has no roles assigned by default. If you assign any roles to the default user, external users that are authenticated by TACACS+ and who do not have the waas_rbac_groups attribute defined in TACACS+ (meaning they are not assigned to any group) can gain access to all the roles that are assigned to the default user.

Internet Explorer Certificate Request

If you use Internet Explorer to access the Central Manager GUI Version 4.3.1 or later and Internet

Explorer has personal certificates installed, the browser prompts you to choose a certificate from the list of those installed in the personal certificate store. The certificate request occurs to support Cisco

WAAS Express registration and is ignored by Internet Explorer if no personal certificates are installed. Click OK or Cancel in the certificate dialog to continue to the Central Manager login page. To avoid this prompt, remove the installed personal certificates or use a different browser.

Default Settings with Mixed Versions


37

Software Version 6.2.3x Resolved and Open Caveats, and Command Changes

If a Central Manager is managing Cisco WAAS devices that have different versions, it is possible that a feature could have different default settings in those different versions. If you use the Central

Manager to apply the default setting for a feature to mixed devices in a device group, the default for the Central Manager version is applied to all devices in the group.

Software Version 6.2.3x Resolved and Open Caveats, and

Command Changes

This section contains the resolved caveats, open caveats, and command changes in Software Version

6.2.3x, fixed and known and contains the following topics:

•

Cisco WAAS Software Version 6.2.3d Resolved Caveats

•

•

•

•

Cisco WAAS Software Version 6.2.3d Open Caveats

Cisco WAAS Software Version 6.2.3c Resolved Caveats

Cisco WAAS Software Version 6.2.3c Open Caveats

Cisco WAAS Software Version 6.2.3b Resolved Caveats

•

•

•

•

•

•

•

Cisco WAAS Software Version 6.2.3b Open Caveats

Cisco WAAS Software Version 6.2.3a Resolved Caveats

Cisco WAAS Software Version 6.2.3a Open Caveats

Cisco WAAS Software Version 6.2.3 Resolved Caveats

Cisco WAAS Software Version 6.2.3 Open Caveats

Cisco WAAS Software Version 6.2.3 Command Changes

Using Previous Client Code

Cisco WAAS Software Version 6.2.3d Resolved Caveats

The following caveats, impacting earlier software versions of WAAS, were resolved in Software Version

6.2.3d.

Caveat ID

Number Description

CSCvd81077 httpcache service died multiple times

CSCvf21935 httpcache service has been disabled with akamai enabled

CSCve79892 Observed HTTP traffic-interruption in Branch due to malformed http request

CSCvf53563 Traffic_server process restarted while accessing corrupted gzip file

CSCvf42490 Flow segment is not released by HTTP AO while running single-sided Https traffic via

Proxy

CSCve59122 HTTP AO restarted while running sharepoint traffic

CSCvf35961 HTTP AO service died due to http traffic run

CSCve20802 Stuck connections observed due to sendsocket event

CSCve71887 SCCM/PXE traffic interrupted while WAAS is in the path


38


Caveat ID


CSCve74457 Core dump seen in ICA AO and restarted

CSCve72253 Rarely Core dump generated for MAPI AO with RPCHTTP(s) traffic

CSCva52094 SR-Server CORE observed reactivating ISR WAAS with Hostname change

CSCvd08821 Stuck Connection with TM, under load conditions for MAPI-RPCHTTP Traffic

CSCve05349 Akamai status going to ERROR state while clicking on ovverride group settings button from CM GUI

CSCvd68640 Akamai Status to added in GUI as "Pending with reload" when reload is required manually

CSCvd87574 Cisco Wide Area Application Services Central Manager Information Disclosure

Vulnerability

CSCvd78045 CM GUI shouldn't allow to create trigger with invalid mib name in interop

CSCve15397 CM-AppNav polling sessions get stuck and result in AppNav remaining offline forever

CSCvd77681 DG configurations are not pushed to WAE when SSL AO is disabled in WAE

CSCvd81462 DG dropdown "select a device group" option is not working in SSL global settings page

CSCve64337 DG- Remove Settings is throwing error messages

CSCvd48873 Force device group appears due to config not sync for Securestore page while register fresh device

CSCvd61131 ForceDeviceGroup appears when device automatically assign to DeviceGroup if

DiskEncryption enabled

CSCva54052 NTP server CM GUI configuration push is failed for vWAAS deployed in KVM

CSCvc12651 Remote Authentication user without privileges to be deleted during Upgrade

CSCvd82891 SNMP host community/ user special char restriction should be parity with CLI

CSCvb78641 TACACS authentication failing after upgrade

CSCve53942 WCM AppNavXE statistics collection thread may freeze for a while

CSCve91472 In some cases Object Cache Server (ocserver) process stopped and restarted

CSCve78125 OC process stopped and restarted when garbage collector failed to update db

CSCvd89141 SMB AO restarted due to "oc_client_ipc_send_error_response_msg" function

CSCuz29040 SMBAO load test resulting in OC_Open Pending counter remaining constant

CSCve29588 SMBAO Object cache Rename file descriptor leak observed during load condition

CSCvc23114 Looped Packets from 2 RTRS with lesser mtu goes with invalid checksum

CSCvf47948 Client sending kerberos security blob in two session setup requests cause reset

CSCve16092 encryption-service process reloaded unexpectedly while optimizing SMBv3 signed connections

CSCve49142 Failure processing split server response with non success status

CSCve11987 Object cache File descriptor leaks due to "current open file handles" are closed by smbao

CSCvc06665 Observed connection resets observed in DBO cache eviction scenario

CSCve74033 Process restarted due to DirBrowsingResource while running the long load test


39


Caveat ID


CSCvf56703 SMB AO FD leak while running heavy directory browsing traffic

CSCvf77875 SMB AO service restarts when accessing security layer in unsigned sesstion setup packet.

CSCve47337 SMB Core Files due to windows-domain encryption-service, on Upgrading WAAS

CSCvf47958 SMBAO client denial list is not getting updated for SMB AO generated reset

CSCvf58709 SMBAO process restarted unexpectedly with dbo 2.1 traffic pattern.

CSCvf41079 SMBAO restarted with OC memory corruption

CSCve19211 SMBAO Unexpected restart while handling Lib Crypto

CSCvd91293 ASVC_Transport core seen on 623c while running Mixed AO traffic

CSCva95837 NGSSL: ASVC with server-name does not get configured in ASVCStore

CSCvd73314 Stuck Connections observed in Single sided NGSSL traffic via proxy

CSCve75509 DRE partition is full and getting lot of 'No space left on device' logs

CSCva45688 Shutdown CLI need to shutdown the vWAAS instance

CSCve58163 vWAAS Never Powers Down VM

CSCvd32072 Failed to generate sysreport in SN while running more than 30k connection

CSCvd62595 Top command showing Garbage value with AppNav Interception

CSCve86619 Cannot SSH to WAAS By Using InlineGroup Interface

CSCve70447 ISR-WAAS becomes unreachable after upgrade to 623c on 4321

CSCvc67937 lowmem_reserve and memory allocation failure

CSCve00712 Multiple AO service got disabled on multiple SN's while mixed AO traffic is running

CSCvc10545 Need to show interface details when receiving SNMP Link up/ down traps

CSCvd50984 SNMP restarts unexpectedly leaving a core file

CSCuz56155 WAAS SR server failed in Key retrieval

CSCvd90139 PMD memory leak occurs while configuring bulk class map policy

CSCvf04748 PMD service restarted after WAASNET Restart

CSCvd88250 Processing time is more after configuring class-map having 800+ entries

CSCva00161 TFO:capped on speed: low latency between WAAS and server in Cloud

CSCve82523 HTTPS stuck connections on Core and Edge both

CSCve29255 Observed THSDL stuck connections while accessing http/https websites via squid proxy

CSCvd02911 Waasnet core in fg_endp_close_ext function in ICA traffic during load test

CSCvf05107 Waasnet error logging when timestamp option not found

CSCve53939 waasnet service restarted when enabling InlineGroup

CSCvd38216 WNDFT core file seen in WAAS when serving mixed AO traffic.

40



Cisco WAAS Software Version 6.2.3d Open Caveats

The following caveats are open in Software Version 6.2.3d. Note that there might be additional open caveats from previous releases that are applicable to this release, unless they are specifically listed as resolved.

Caveat ID

Number

CSCvf58933

CSCvf50909

CSCvf51154

CSCvf71387

CSCvf55798

CSCvf26917

CSCvf29847

CSCvf83883

CSCva58191

CSCvd96948

CSCvf51931

CSCvf58709

CSCvf55876

CSCve21589

CSCvf83563

CSCve68201

CSCvf02875

CSCve43393

CSCvd93324

CSCvf58729

CSCvf01245

CSCvf58746

CSCvd78539

CSCvf32228

CSCvf55664

CSCve71066

Description

THDL stuck connection observed while running http/ssl traffic

HTTP Stuck connections and sysreport could not be generated

THs stuck connection observed intermittently when sending HTTPs traffic via proxy

AlarmEMailNotification page,mail is not triggered for the combination of valid and dummy addresses

Email notification is not triggered for CM based alarms like CMS-Secure-store , clock mismatch

ForceDeviceGroup seen in port channel page for round-robin option

Raised alarm counter not updated in Email when alarms raised and cleared within the polling interval

SSH enable failed only 1st time from GUI if device upgraded without SSH and without Key

SMB AO restarted druign eviction of object cache at load condition.

SMB AO restarted during object cache file invalidation

SIA Invalid Pkt Alarms seen on 7571

SMBAO process restarted unexpectedly with dbo 2.1 traffic pattern.

SMBAO: Consuming too much resources causing network down

WAAS SR_DRS_CRACK_NAME alarm occurring frequently.

ISR-WAAS goes to ActivateFailed state on multiple events

Permanent connectivity issue on virtual ethernet

Reducing the memory utilized by ISR-WAAS-200

Non encoded messages are sent to DRE decoder after disabled by AO

SO_DRE service restarted due to segmentation fault seen on 623c while running

Mixed Traffic

Stuck connection observed while running load test

Cluster went to down Due to "TFO accelerator load level has been set to 0" in SN

Device going unresponsive due to delay in processing IO waits

Device hung and unavailable on network due to TX Hung

Device was unreachable for a brief period fda service triggers reload while waasnet restarts

FTP connection failure with WAAS after FTP client "MLSD" request.


41


Caveat ID

Number

CSCve53302

CSCve81510

CSCvf51307

CSCvc80702

CSCvf82199

CSCvf81284

CSCvd94539

CSCva11610

Description

Name Service Cache Daemon restarted in WAAS

Rarely seeing waasnet service restart with interface flap in Inline interception

WAAS Packet Capture command failed to work

Losing connectivity to WAAS after changing the NTP Server IP with traffic

Ocassionally wn_dft0 core file generated while restoring policies after reload

Optimization stops silently upon flow table overflow

Timestamps missing after negotiated in single sided scenario

Waasnet terminated during negative test conditions

Cisco WAAS Software Version 6.2.3c Resolved Caveats


6.2.3c.

42

Caveat_ID_Number Headline

CSCvd94539 Timestamps missing after negotiated in single sided scenario

CSCvd76202

CSCvd06515

CSCvd44988

CSCvb81972

Connection stuck seen with HTTP traffic- dual sided

WAAS box raising TFO limit alarm due to stuck connections in TH state

'TFO: Statistics server not running' message is displayed with show stat tfo cli

Improve memory resource in CE

CSCvd46295

CSCva65775

Memory leaks in policy engine module during class-policy config push

SMB accelerator and OC server process reloaded unexpectedly after 4 days of soak test

CSCvc13956

CSCvd75610

CSCve06332

CSCva33283

CSCvc76036

CSCvc84457

CSCvc49776

CSCvc59105

CSCvc17688

CSCuy81194

CSCvc97114

CSCva55682

SMB AO restarted while clearing object cache

SMB AO restarted due to "smb2ReadLaunchOCRead ()" in Mega profile soak

SMBAO : Directories Disappearing on Remote Files Shares connection reset for SMB2 connections while doing file upload

Connections stuck for SMB due to failuer between WAASNET and SMBAO smb connection consuming time in sessionsetup due to key-retrieval wait

Slow SMBAO Performance with oc_mgr: IO_BUSY: and write queue messages in logs

SMB AO coredump or deadlocked when evicting the front LRU node

Core file alarm may raise for Object Cache Server or SMB Accelerator.

Core generated by smbao

Key failure resets while running unsigned smbv3 soak profile

SMB accelerator's Object Cache not disabled when config is pushed from

CM's device group




CSCvd10188

CSCvd53303

CSCvc12602

CSCvd00762

Object-cache initialization stuck with 70% inodes and 90% cache size fill

Akamai process restarted in accessing cached headers in stale/POST txn

Core file dumped when Akamai connect is enabled

SMB accelerator reloads unexpectedly in soak run due to a conditional assert failure

CSCvd54413

CSCvd25445

CSCvd70864

CSCvc29189

Traffic Server core

Http object-cache traffic_server stops event_base_loop core dump observed during Mega profile soak test vwaas partitions missing after upgrade in one scenario

CSCvd28998

CSCvc14370

CSCvd34739

CSCvd39567

CSCvc64841

CSCvc95550

CSCvd53336

CSCvd45642

CSCvc94792

WAAS devices unable to retrieve key and mark identity as blacklist.

SNMP Trigger not removed after downgrade from 623a to 557 in CM

SNMP Configuration not in sync with WCM and FDG appears in SNMP-DG snmp sub-agent ccore file detected

Level 3 messages related to classifier name not found while querying snmp

WAN opt mib

Failures seen with polling snmp mibs iFTable, iFXTable on inline device

Inline interface delays link propagation

Restrict number of ssl_request_log.date and access_log.date logs files to 5

CSCvd81787

CSCvb60453

CSCvc67819

CSCvb88945

CSCvc15749

CSCvc66013

CSCvc74609

CSCvc44940

CSCvc83156

CSCvc99271

CSCvb48643

Logs in service_logs folder are not getting rolled over and compressed causing disk full

System message in Video Acceleration Transaction Log CM GUI and exceptions are seen in WCM cms_logs monitoring log file not logging any details in sysreport

Unexpected reload of smb accelerator process during long soak test.

External SN blocks traffic when jumbo MTU is enabled

Empty server reply in a specific scenario with appnav interception

Unable to change/ edit nested policy in Appnav cluster policies sn_unreachable between AppNav and Service Node causing network outage

Unknown frame type from peer -- WAAS-RE-3-690412

Missing ability to determine reasons for AO keepalive failure

Policy configuration fails programming into engine

Evaluation of waas for Openssl September 2016

CSCvc23536

CVE-2016-6304 CVE-2016-6305 CVE-2016-2183 CVE-2016-6303

CVE-2016-6302 CVE-2016-2182 CVE-2016-2180 CVE-2016-2177

CVE-2016-2178 CVE-2016-2179 CVE-2016-2181 CVE-2016-6306

CVE-2016-6307 CVE-2016-6308 CVE-2016-6309 CVE-2016-7052

Evaluation of waas for NTP November 2016

CVE-2016-9311 CVE-2016-9310 CVE-2016-7427 CVE-2016-7428

CVE-2016-9312 CVE-2016-7431 CVE-2016-7434 CVE-2016-7429

CVE-2016-7426 CVE-2016-7433


43



CSCva62833

CSCvc55023

CSCvd36676

CSCvd45107

Disk encryption does not enable with AAA accounting enabled

Scheduled reports do not get generated on the required date

After fresh device Registration, Enabled features page is getting overriden cms_cdm service will be restarted in WCM when primary int of WAE is removed in a scenario

CSCvc58689

CSCvc57012

CSCvc51740

CSCvc53678

Central manager fails to generate config for waas express routers

WAAS CM API showing 0 for passthroughpeerin and passthroughpeerout packet-capture command does not work

Waasnet service restart while running single sided HTTP/HTTPs traffic

CSCvc69416

CSCvc76621

CSCvc07847

CSCvc95534

CSCvc97255

CSCvd03489

CSCvd26805

CSCvd39655 http accelerator dumps core file rarely core.httpmuxd while sharepoint prefetch

Sharepoint prefetch is not working for word document with xml extension

DRE cored during WAE shutdown

Enable/Disable of AO based on dependency to be notified during upgrade rserverd64 Core file when clearing blacklist for domain not part of blacklist.

Not able to enable SSH service from Device group sysmon process terminated unexpectedly

Cisco WAAS Software Version 6.2.3c Open Caveats

The following caveats are open in Software Version 6.2.3c. Note that there might be additional open caveats from previous releases that are applicable to this release, unless they are specifically listed as resolved.

Caveat_ID_Numb er

CSCuw60169

CSCve29255

CSCve29588

CSCve11987

CSCve15397

CSCvd65317

CSCuz29040

CSCve28074

CSCvd89141

Headline

http object-cache does not validate server IP address BB509

Observed THSDL stuck connections while accessing http/https websites via squid proxy

SMBAO Object cache Rename file descriptor leak observed during soak profile execution

Object cache File descriptor leaks due to "current open file handles" are closed by smbao

CM-AppNav polling sessions get stuck and result in AppNav remaining offline forever

File destriptors not getting released while executing "show stats conn" command

SMBAO SOAK run resulting in OC_Open Pending counter remaining constant

SMB AO restarted with function "oc_server_ipc_read".

SMB AO restarted due to "oc_client_ipc_send_error_response_msg" function

44




CSCve20802

CSCvd73314

CSCva80599

CSCvd48873

CSCvd61131

CSCvd97120

CSCva52094

CSCvd46635

CSCvd81077

CSCvd69827

CSCvd88250

CSCvd90139

CSCvd39397

CSCvc83974

CSCvd35983

Headline

Stuck connections observed due to sendsocket event

Stuck Connections observed in Single sided NGSSL traffic via proxy

NGSSL : Stucks are in HTTP when restarted HTTP AO on the flow-THs (-ve)

Force device group appears due to config not sync for Securestore page while register fresh device

ForceDeviceGroup appears when device automatically assign to DeviceGroup if

DiskEncryption enabled

Rescue doesn't work with 623c image.

SR-Server CORE observed reactivating ISR WAAS with Hostname change

Solution TB : Stuck connections on THs and Ts - 623c

Solution TB-httpcache service died multiple times

Device got Hung while running ICA Traffic

Processing time is more after configuring class-map having 800+ entries

PMD memory leak occurs while configuring bulk class map policy

Major delays in DNS Query initiated by WAAS

Akamai process restarts unexpectedly, leaves a dump file wget for preposition should handle the space in URL

Cisco WAAS Software Version 6.2.3b Resolved Caveats


6.2.3b.

Caveat_ID_Numbe r

CSCvc27623

CSCvc33933

CSCvc21161

CSCvc26500

CSCvb81704

CSCuz15911

CSCvc56666

CSCvc39906

CSCvc41636

CSCvc43363

CSCvb69383

Headline

Waasnet service restart while running continuous soak test

SMB preposition not starting with host logging enabled

Waasnet core while running singled sided HTTPs/HTTP traffic

“Identity not configured” alarm clears and raises several time.

Observed Waasnet core”Wn_dft” file after upgrading from 5.x to 6.3.x

SMB AO office files are failing to open after save via SMBv2

SMB File operation is getting failed due to OC “write queue” is getting stuck

HTTPS connections are stuck on data center resulting in tfo overload

SMB AO coredump due to inconsistency of read bytes state

Coredump created by SMB AO when trying to access data from packet content not present snmpv3 not working on 6.2.1 Waas in a specific scenario


45



CSCvc50650

CSCvc19814

Headline

Appnav Intercept:pkts received for the flows that are in

FTM_WAAS_FLOW_STATE_HISTORICAL are dropped

Wrong Counter getting updated in auto-discovery stats.

Cisco WAAS Software Version 6.2.3b Open Caveats

The following caveats are open in Software Version 6.2.3b. Note that there might be additional open caveats from previous releases that are applicable to this release, unless they are specifically listed as resolved.


CSCvc24763

CSCvc57012

CSCvc55023

CSCvc58689

CSCva33283

CSCva62833

CSCvb56318

CSCvb69139

CSCvb78641

CSCvc53678

CSCvc67819

CSCvc21298

CSCvc59481

CSCuy17271

Headline

WAAS version 5.5.7 noticed Core dump for smb.

WAAS CM API showing 0 for passthroughpeerin and passthroughpeerout

Scheduled reports do not get generated on the required date

Central manager fails to generate config for waas express routers connection reset for SMB2 connections while doing file upload

Disk encryption does not enable with AAA accounting enabled

WAAS Corrupted chard after modifying available report.

regular database maintenance not performed in all device-modes

TACACS authentication failing after upgrade

Waasnet service restart while running single sided HTTP/HTTPs traffic

Unexpected reload of smb accelerator process during long soak test.

Memory leak seen during the DBO SOAK profile execution

OC server core while running smbv3sign & smbv3 encryption large file cases oc core malloc_printerr while running SMB Regression

Cisco WAAS Software Version 6.2.3a Resolved Caveats


6.2.3a.


CSCvb30731

CSCva59805

CSCva96691

Headline

Waasnet service terminates and generates a core file

Device going to offline in a senario

SMBAO Core when Authentication fails and Server downgrade the

Authentication from Kerberos to NTLM


46


CSCvb52967

CSCvb55927

CSCvb45413

CSCvb10628

CSCvb25141

CSCva26420

CSCuh86284

CSCvb17887

CSCvb25734

CSCvb41805

CSCvb40281

CSCva95254

CSCva84398

CSCvb59314


CSCvb42434

CSCvb49052

CSCvb44718

CSCvb40213

CSCvb55730

CSCvb57872

CSCvb38240

CSCvb70443

CSCvb57207

CSCvb63549

CSCvb81006

CSCvb76604

CSCvb53474

CSCvb58833

CSCva92135

CSCvb81995

CSCvb58618

CSCva77075

CSCva92728

Headline

SMB AO coredump created in a specific situation

DRE disk_full "Cache disk is full" alarm on WAVE-694 after upgrade to WAAS

6.2.3

WAAS - AppNav communication issue with ServiceNodes

SMB timeout alarm is raised and the accelerator remains in timeout state forever

HTTPS (443) connections stuck on core long after closed on edge

ISR-WAAS can ignore updates of name- or ntp-server from IOS

Local Device config is getting pushed every PCM config from CM

WAAS Edge is dropping packets when it gets multi-packet 407 response

Issue with daily consolidation hour system property

WAAS CM will show changes in data on the HTTP bandwidth savings chart

Mon API TrafficStats.retrieveCPUUtilization fails to retrieve stats

SMBAO process cores due to internal mismatch in URL names

Outlook pst files are not bypassed by WAAS

WAAS CM removing crypto certificates on WAAS Express routers

Alarm raised about user space core file created of process pidof

Connections to particular websites may fail through WAAS in a specific situation

Unable to use underscore in trap host community via GUI

Sorting of device groups is not possible

Connections fail hitting the expected class-map and policy

WAAS device goes Offline in CM GUI

SNMP configuration from DG is not reflecting in device

Core WAAS with ASVC causes extra rDNS queries for proxy CONNECT SSL requests

Unable to install Akamai License smbao core with smb2LeaseAckCleanup Function

SMBAO terminates in bufferCreateView

Optimized traffic on port 23 fills disk with debug output

SNMP: No space left on device while querying iso mib during stress sn_sia_invld_pkt alarm seen on ANC with traffic waasnet process restarted with single sided TLS 1.2 connections running

ECDHE cipher

HTTP: Traffic server stopped working during tar/zip/Microsoft update

HTTP: Traffic server stopped working while downloading Windows update

HTTP: Traffic server stopped working while handling TSContMutexGet

Unexpected reload while running SSL traffic on Nextgen SSL


47



CSCvb97356

CSCvb92954

CSCuz55920

CSCvb43838

CSCvb86397

CSCvb86429

CSCvc04836

CSCvb58171

Headline

Directory browsing optimization causes deadlock when we hit the max nodes

SMB AO can cache

SMB preposition config does not get pushed out to ISR-WAAS

Empty server response found in Web-Pages in a specific scenario snmp-server mib persist event cli is failing while configuring

Modification of SNMP host is not happening from CLI

Modification of SNMP Trigger is not happening from CLI.

Looped Packets from SN to SC going out with Invalid IP Checksum

SMB AO restarts with coredump in particular scenario

Cisco WAAS Software Version 6.2.3a Open Caveats

The following caveats are open in Software Version 6.2.3a. Note that there might be additional open caveats from previous releases that are applicable to this release, unless they are specifically listed as resolved.


CSCva52094

CSCva00161

CSCvb95306

CSCvb88945

CSCva54052

CSCva80599

CSCvc29774

Headline

SR-Server CORE observed reactivating ISR WAAS with Hostname change

TFO:capped on speed: low latency between WAAS and server in Cloud

After upgrade from 5.5.3 to 6.3.0 able to see FDG in SNMP general settings page

External SN blocks traffic when jumbo MTU is enabled

NTP server configuration push is failed for KVM-vWAAS from CM GUI

NGSSL: Stucks are in HTTP when restarted HTTP AO on the flow-THs (-ve)

Few stuck connections seen rarely on BR WAE after long duration of browsing internet

CSCvc21161

CSCvc27623

CSCvc27941

CSCvc26500

CSCvc26475

CSCvb81704

CSCvb83252

CSCvc12079

Waasnet core while running single sided HTTPs/HTTP traffic

Waasnet service restart while running continuous soak test

"SSL accelerator overloaded " alarm raised on vWAAS-50k during SOAK test

"Identity not configured" alarm clears and raises several time.

Crash at SO_DRE while running SSL traffic in NGSSL dual-sided topo - TsDL

Observed waasnet core"Wn_dft" file after upgrading from 5.x to 6.3.x

SSL AO's operational status doesn't come up after "Restore factory-default preserve basic-config "

Unable to create snmp trigger in 5.x from device level when cm is in 6.3.x

48



Cisco WAAS Software Version 6.2.3 Resolved Caveats


6.2.3.

CSCuy73435

CSCuz11211

CSCuz12323

CSCuz18876

CSCuz18923

CSCuz39661

CSCuz42604

CSCuz55707

CSCuz59552

CSCva02503

CSCva14731

CSCva39357

CSCuc52663

CSCuu71549

CSCux74907

CSCuz47444


CSCva30228

CSCuy06186

CSCuy06942

CSCuz10327

CSCuz22537

CSCva18411

CSCuz34038

CSCuz41637

CSCuz47571

CSCuz49231

CSCut83135

CSCux30779

CSCux76467

CSCuy46644

CSCuy55846

CSCuy59549

Headline

WAAS cons are retransmitting packets very quickly and are getting reset.

Lan devices are not accessible after shutting port-channel mem interface

ISR-WAAS: SMB accelerator gets disabled upon ISR router upgrade/reload

File transfer failed in a specific scenario in Azure vWAAS

SMB Preposition tasks with multiple domains fail when run in parallel cms server logfiles not cleaned up

ISR-WAAS goes offline after long duration traffic

Rarely policy engine doesn't push connection to HTTP AO during upgrade

Akamai:Object-Cache top-hosts counters are not getting incremented ssh login to Azure vWAAS not working

core.dispatcher.x.x.x created while configuring machine account identity

SMB Preposition task status shows completed if connection not optimized

Outlook not connect to exchange with Wan secure interoperable mode

Interception access-list not working

WAAS 6.1.1a SMB AO restart generating core file

WAAS 6.1.1a SMB AO core file on DC device

SMB preposition task may get fail when running more than 15 in parallel

AO Timeouts seen during longevity test

Force device group not pushing enable feature config in specific scenario snmp core file observed in SM-SRE devices while query Host Resources MIB preinstall script does not check current version for supported upgrade service-insertion swap src-ip feature doesnt required config match SC&SN

Akamai: Could not write statistics value to ts_thrift_stats_uds-error

All devices cannot use CM as proxy for http object cache

Akamai: Preposition logging missing, PP-IMS sometimes doesn't happen.

serial-to-IP converter packets dropped by WAAS 6.1 with inline

Unable to login with Radius user configured in Cisco ACS 5.x

CM-WAE connectivity impacted in inline interception

System property edit page shown after submit

Central manager not responsive due to no space on /state

Network unreachable warning message in cms_httpd server log

WAAS 6.1.1a show statistic tfo detail output is showing incorrect value


49



CSCup30376

CSCus80217

CSCux25652

CSCuy46947

CSCva00437

Headline

Error messages are seen for /dev/ceflash during SRE image upgrade

Apache HTTP Server upgrade in WAAS

Need dedicated thread in PMD to handle Keep alive request from AO

Move to stronger crypto certificates

Move to stronger crypto certificates

Cisco WAAS Software Version 6.2.3 Open Caveats

The following caveats are open in Software Version 6.2.3.


CSCuw17054

CSCuy82470

CSCuz34303

CSCuz94568

CSCva26420

CSCva40790

CSCuy30007

CSCuz15000

CSCuz61982

CSCva56509

CSCva59451

CSCvb30731

Headline

MAPI AO gets disabled and MAPI Core observed for RPC-HTTPS with

Kerberos

New connection established while sending mail with attachments

Processor P0 CATERR error in BMC event log

WAAS appliance not responding to SNMP

WAAS Edge is dropping packets when it gets multi-packet 407 response

Central manager reporting insufficient data from WAAS Express routers

SMB Preposition does not support Extended Unicode Characters vWAAS-Azure pending Development from Microsoft

SMBAO preposition is not working with NetApp filer with SMBv2 Signing

High CPU on WAAS for process httpcache-akamai traffic_server

WCM reporting inconsistencies when different timezone configured

WAASnet service terminates and generates a core file

Cisco WAAS Software Version 6.2.3 Command Changes

This section lists the new and modified commands in Cisco WAAS Software Version 6.2.3.

Table 9 lists the commands and options that have been added or changed in Cisco WAAS Software

Version 6.2.3.

Table 9

Mode

Global configuration

CLI Commands Added or Modified in Version 6.2.3

Command

crypto encryption-service enable

Description

Enables and configures encryption services on a WAAS device.

50



Table 9

Mode

EXEC

CLI Commands Added or Modified in Version 6.2.3 (continued)

Command

show accelerator show statistics encryption-services

Description

New interposer-ssl parameter added, which displays the status for the

SSL Interposer accelerator.

Displays encryption-services general statistics for a WAE, including

SSL Interposer statistics and Security Assistant Key Escrow (SAKE) server statistics.

Using Previous Client Code

If you have upgraded to Cisco WAAS Version 6.2.3x and are using the WSDL2Java tool to generate client stubs that enforce strict binding, earlier version client code (prior to 4.3.1) may return unexpected exceptions due to new elements added in the response structures in 4.3.1 and later releases. The observed symptom is an exception related to an unexpected subelement because of the new element (for example, a deviceName element) in the XML response.

To work around this problem, we recommend that you patch the WSDL2Java tool library to silently consume exceptions if new elements are found in XML responses and then regenerate the client stubs.

This approach avoids future problems if the API is enhanced with new elements over time.

You must modify the ADBBeanTemplate.xsl file in the axis2-adb-codegen-version.jar file.

To apply the patch, follow these steps:

Step 1

List the files in the axis2-adb-codegen-version.jar file:

# jar tf axis2-adb-codegen-1.3.jar

META-INF/

META-INF/MANIFEST.MF

org/ org/apache/ org/apache/axis2/ org/apache/axis2/schema/ org/apache/axis2/schema/i18n/ org/apache/axis2/schema/template/ org/apache/axis2/schema/typemap/ org/apache/axis2/schema/util/ org/apache/axis2/schema/writer/ org/apache/axis2/schema/i18n/resource.properties

org/apache/axis2/schema/i18n/SchemaCompilerMessages.class

org/apache/axis2/schema/template/ADBDatabindingTemplate.xsl

org/apache/axis2/schema/template/CADBBeanTemplateHeader.xsl

org/apache/axis2/schema/template/CADBBeanTemplateSource.xsl

org/apache/axis2/schema/template/PlainBeanTemplate.xsl

org/apache/axis2/schema/template/ADBBeanTemplate.xsl

org/apache/axis2/schema/c-schema-compile.properties

org/apache/axis2/schema/schema-compile.properties

org/apache/axis2/schema/typemap/JavaTypeMap.class

org/apache/axis2/schema/typemap/TypeMap.class

org/apache/axis2/schema/typemap/CTypeMap.class

org/apache/axis2/schema/util/PrimitiveTypeWrapper.class

org/apache/axis2/schema/util/PrimitiveTypeFinder.class

org/apache/axis2/schema/util/SchemaPropertyLoader.class

org/apache/axis2/schema/SchemaConstants$SchemaPropertyNames.class

org/apache/axis2/schema/SchemaConstants$SchemaCompilerArguments.class

org/apache/axis2/schema/SchemaConstants$SchemaCompilerInfoHolder.class

org/apache/axis2/schema/SchemaConstants.class


51


Step 2

Step 3

Step 4

org/apache/axis2/schema/ExtensionUtility.class

org/apache/axis2/schema/CompilerOptions.class

org/apache/axis2/schema/writer/BeanWriter.class

org/apache/axis2/schema/writer/JavaBeanWriter.class

org/apache/axis2/schema/writer/CStructWriter.class

org/apache/axis2/schema/SchemaCompilationException.class

org/apache/axis2/schema/BeanWriterMetaInfoHolder.class

org/apache/axis2/schema/SchemaCompiler.class

org/apache/axis2/schema/XSD2Java.class

META-INF/maven/

META-INF/maven/org.apache.axis2/

META-INF/maven/org.apache.axis2/axis2-adb-codegen/

META-INF/maven/org.apache.axis2/axis2-adb-codegen/pom.xml

META-INF/maven/org.apache.axis2/axis2-adb-codegen/pom.properties

Change the ADBBeanTemplate.xsl file by commenting out the following exceptions so that the generated code consumes the exceptions:

<xsl:if test="$ordered and $min!=0"> else{

// A start element we are not expecting indicates an invalid parameter was passed

// throw new org.apache.axis2.databinding.ADBException("Unexpected subelement " + reader.getLocalName());

}

</xsl:if>

.

.

.

while (!reader.isStartElement() && !reader.isEndElement()) reader.next();

//if (reader.isStartElement())

// A start element we are not expecting indicates a trailing invalid property


</xsl:if>

.

.

.

<xsl:if test="not(property/enumFacet)"> else{

// A start element we are not expecting indicates an invalid parameter was passed


}

Re-create the jar file and place it in the CLASSPATH. Delete the old jar file from the CLASSPATH.

Use the WDL2Java tool to execute the client code using the modified jar.

Note

IOS-XE 3.14 should not be used for ISR-WAAS.

52


Cisco WAAS Documentation Set

Cisco WAAS Documentation Set

In addition to this document, the WAAS documentation set includes the following publications:

•

Cisco Wide Area Application Services Upgrade Guide

•

•

Cisco Wide Area Application Services Quick Configuration Guide


•

•

•

•

Cisco Wide Area Application Services Command Reference

Cisco Wide Area Application Services API Reference

Cisco Wide Area Application Services Monitoring Guide

Cisco Wide Area Application Services vWAAS Installation and Configuration Guide

•

•

•

•

•

•

•

•

•

•

Configuring WAAS Express

Cisco WAAS Troubleshooting Guide for Release 4.1.3 and Later

Cisco WAAS on Service Modules for Cisco Access Routers

Cisco SRE Service Module Configuration and Installation Guide

Regulatory Compliance and Safety Information for the Cisco Wide Area Virtualization Engines

Cisco Wide Area Virtualization Engine 294 Hardware Installation Guide

Cisco Wide Area Virtualization Engine 594 and 694 Hardware Installation Guide

Cisco Wide Area Virtualization Engine 7541, 7571, and 8541 Hardware Installation Guide

Regulatory Compliance and Safety Information for the Cisco Content Networking Product Series

Installing the Cisco WAE Inline Network Adapter

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.


53

Obtaining Documentation and Submitting a Service Request

This document is to be used in conjunction with the documents listed in the “Cisco WAAS Documentation Set”

section.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of

Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2017 Cisco Systems, Inc. All rights reserved.

54


No results