So I loaded the shiny new ASA 9.0(1) on a test/dev cluster of 5510's with the SecPlus license.
1. In 8.4.4 (or maybe 8.4.3?) new password-policy commands were introduced, which allowed for very granular password policies for local users. This appears to be gone in 9.0.1. Is this by design? These commands met certain compliance regulations.
2. EIGRP is supported in multiple context mode now, however the contexts dont appear to form EIGRP neighborships with each other on a shared interface. I did issue the mac-address auto command in system mode if that matters. All contexts do form EIGRP neighborships with a regular IOS device, however routes are still not propegated from CTX1 to CTX2, 3, etc.
CTX1 CTX2 CTX3
| | |
| | |
It's entirely possible I'm doing something wrong, this is my first stab at multiple contexts, or its possible this doesnt work by design?
Since it's a brand new software release, I would suggest that you open a case with TAC so it can be troubleshot and if there is any bug, the engineer can help to raise it immediately.
But yes, you are right, both features should work in this new version.
I did open a TAC case and will post the results here. I was hoping someone else had noticed this in their testing of the new software. Or maybe that Cisco has noticed this in their testing of the software
TAC called back pretty quick on the EIGRP issue, it's not supported on shared interfaces because of some multicast limitations, which kind of makes sense. It's in the notes, I must have missed it.
EIGRP instances cannot form adjacencies with each other across shared interfaces because inter-context exchange of multicast traffic is not supported.
For what it's worth, I was able to get the routes from one context to another by disabling EIGRP split horizion on an interface in the same subnet of an IOS device. Disabling split horizion seems like a bad idea, though.