Product Bulletin No. 3228
Cisco Systems® announces Cisco IOS® Software updates for Cisco® Catalyst® 3750, Catalyst 3560, Catalyst 3550, Catalyst 2970, and Catalyst 2960 series Intelligent Ethernet switches. This new release furthers Cisco leadership in providing secure, reliable, and feature-rich LAN switching solutions.
This product bulletin contains content and delivery information for Cisco IOS Software Release 12.2(25)SEE.
The following new features are available with Cisco IOS Software Release 12.2(25)SEE:
· IPv6 neighbor discovery throttling—Implements the mechanism to drop in hardware of any additional IPv6 packets whose next hop is the same neighbor the switch is actively resolving. Performing this drop in hardware will avoid adding further load on the switch.
· Cisco Discovery Protocol support for IPv6—Cisco Discovery Protocol support for an IPv6 address adds the ability to transfer IPv6 addressing information between two Cisco devices using Cisco Discovery Protocol, providing IPv6 information to network management products and troubleshooting tools.
· Secure Shell (SSH) Protocol over IPv6—SSH connections can be made to and from the switch. SSH connections to the switch are accepted over IPv6 transport with no command-line interface (CLI) implications. When making connections from the switch, the CLI is identical to the existing SSH CLI except that either an IPv4 or an IPv6 address can be used where previously only an IPv4 address was allowed. A hostname that resolves to an IPv6 address can also be used
· IPv6 MIBs
– CISCO-IETF-IP-MIB maps to http://www.ietf.org/internet-drafts/draft-ietf-ipv6-rfc2011-update-11.txt. This draft describes managed objects used for implementations of IP in a version-independent manner.
– CISCO-IETF-IP-FORWARD-MIB maps to http://www.ietf.org/internet-drafts/draft-ietf-ipv6-rfc2096-update-08.txt. This draft describes managed objects related to the forwarding of IP packets in a version-independent manner.
· IEEE 802.1x MAC-Authentication-Bypass—This feature allows clientless end users (with no 802.1x supplicant) to authenticate to the network, utilizing the MAC address of the device. The switch will initiate an Extensible Authentication Protocol (EAP) conversation with an authentication, authorization, and accounting (AAA) server on behalf of a device to authenticate the MAC address itself. This process is transparent to the end user and utilizes a prepopulated database.
· IEEE 802.1x inaccessible authentication bypass—Provides a way for the network administrator to configure “critical” ports that are allowed access to the network if the 802.1x authentication process cannot reach any of the configured AAA servers. This feature is also known as “Critical Auth” or “AAA-Down.”
· LAN port IP inaccessible authentication bypass—As with 802.1X, failure of the AAA server to respond can prevent network access to hosts in a Network Admissions Control (NAC) Layer 2 IP environment. The LAN Port IP AAA-Down feature uses the same AAA infrastructure as “802.1x inaccessible authentication bypass” to detect when all configured servers are unavailable. During this period, a per-port local policy can be applied until the servers become available again.
· Generic Online Diagnostics Framework (GOLD)—GOLD provides a fault detection framework that provides troubleshooting tools for customers and the Cisco Technical Assistance Center (TAC) and can be either run on demand or scheduled.
– This initial implementation includes support for items listed in Table 1.
Table 1. Supported Features
Feature |
Description |
Nondisruptive Testing |
Stack heartbeat status. |
Disruptive Testing |
Port application-specific integrated circuit (ASIC) memory test, CPU Media Interface Controller (MIC)PortAsic interface test, PortASIC Content-Addressable Memory (CAM) test, PortASIC ring loopback test, PortASIC stack port loopback test. |
Health Monitoring |
Periodically run nondisruptive tests. |
On-Demand Diagnostics |
Run tests interactively. |
Scheduled Diagnostics |
Run a test at a specific time daily, weekly, or just once. |
Remote Switch Management |
The user will be able to control GOLD on all units in a stack from the primary switch. |
· Stackwise MIB—A new MIB specifically for a Catalyst 3750 stack, providing all relevant information about individual switches in a stack.
Table 2. Overview of new Stackwise MIB Object Types
MIB Object Type |
Object Description |
SET |
Enable stack notification |
GET |
• Max number of switches in the stack
• Highest switch priority that can be configured
• Indicates if the stackports are connected such that ring redundancy is available
• List of switches in the stack
• Current switch number and next switch number after next reload
• Switch role in the stack
• Switch priority
• Switch state (for example, waiting, progressing, added, and so on)
• Switch MAC
• Switch image
• Switch stackport info
• Switch stackport neighbor
• Switch stackport status
|
TRAP |
• Switch stackport state change
• New primary elected
• Stack mismatch for a new member joining
• Stack ring redundancy change
• New member added
• Member removed
|
· CISCO-PORT-QOS-MIB—Provides information about quality-of-service (QoS) statistics, which are currently available via the CLI, using Simple Network Management Protocol (SNMP).
· CISCO-DHCP-SNOOPING-MIB—Provides SNMP support for the Dynamic Host Configuration Protocol (DHCP) snooping capability.
· Virtual routing and forwarding (VRF)–aware IP-directed broadcast—Provides per-interface support for IP-directed broadcasts to be transmitted within a VRF domain. Access lists can be used to control which broadcasts are forwarded. Broadcasts stay within the VRF domain, even if there is a duplicate address of the destination interface in a different VRF or in a global routing interface.
· Trunk failover—Link state tracking, also known as trunk failover, provides Layer 2 redundancy in the network when used in conjunction with server network interface card (NIC) adapter teaming.
· DHCP option-82 configurable remote ID and circuit ID—DHCP option 82 provides customers a great deal of flexibility when it comes to identifying individual users for various reasons (for example, location of attachment or controlling how many IP addresses a device or user is allowed from the DHCP server). This enhancement provides customers additional flexibility to determine what information is provided within the option-82 remote ID suboption and option-82 circuit ID suboption.
– Remote ID—The customer now has the option to use a switch’s configured hostname or specify an ASCII text string; both are subject to a maximum length of 63 bytes. The default is to provide the MAC address of the switch.
– Circuit ID—The customer now has the option to configure an ASCII text string up to 63 bytes and override the default circuit ID, which is vlan-module-port in binary format.
· Cisco Network Service (CNS) Image Agent—Enhances the existing CNS functionality implemented on the IE2100 with support of the new Image Agent capability. CNS Image Agent works with the CNS Image Server and allows for the distribution of images to the switch.
· IP phone enhancement—PHY loop detection—This enhancement implements a mechanism to detect external loopback conditions on Fast Ethernet ports and prevent the links from coming up.
· Enhanced Interior Gateway Routing Protocol (EIGRP) stub—EIGRP stub provides full routing support for only those Layer 3 devices directly connected to the switch and not for routers downstream of the switch. Available in the IP Base images for the Catalyst 3750 and 3560 switches. Complete EIGRP routing support is available on those switches in the IP Services and Advanced IP Services images.
· EIGRP-VRF Lite—Allows EIGRP to route into a VRF domain.
· Flex links preemption—Currently within flex links, the switch port backup interface feature allows users to configure a Layer 2 interface to back up another Layer 2 interface. The two interfaces provide mutual backup to each other—that is, only one of the interfaces forwards traffic and is called the “active interface.” The other one is in backup mode, which is not forwarding traffic and is ready to take over in case the forwarding interface is down, and is called the “backup interface.” When the active interface goes down, the backup interface takes over as active and starts forwarding traffic.
With this enhancement the customer can control the behavior of the “original” active interface when it comes back up:
– If preemption mode is off, this interface will go into backup mode.
– Configure preemption mode to always force a switchover to the “original” active.
– Configure preemption mode to switch over to higher available bandwidth interface.
· Flex links on the Catalyst 3550—Support for flex links is now available on the Catalyst 3550 switch in both IP Base (SMI) and IP Services (EMI) images.
Table 3 describes new features of Cisco IOS Software Release 12.2(25)SEE.
Table 3. Cisco IOS Software Release 12.2(25)SEE New Features
Feature |
Cisco Catalyst 3750 Series Advanced Services |
Cisco Catalyst 3750 Series IP Services |
Cisco Catalyst 3750 Series IP Base Services |
Cisco Catalyst 3560 Series Advanced Services |
Cisco Catalyst 3560 Series IP Services |
Cisco Catalyst 3560 Series IP Base Services |
Cisco Catalyst 3550 Series IP Services |
Cisco Catalyst 3550 Series IP Base Services |
Cisco Catalyst 2970 Series LAN Base |
Cisco Catalyst 2960 Series LAN Base |
IPv6 Neighbor Discovery Throttling |
X |
N |
N |
X |
N |
N |
N |
N |
N |
N |
Cisco Discovery Protocol Support for IPv6 |
X |
X |
X |
X |
X |
X |
N |
N |
N |
N |
SSH over IPv6 |
X |
X |
X |
X |
X |
X |
N |
N |
N |
N |
IPv6 MIBs |
X |
N |
N |
X |
N |
N |
N |
N |
N |
N |
IEEE 802.1x MAC-Auth-Bypass |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
IEEE 802.1x AAA-Fail-Open |
E |
E |
E |
E |
E |
E |
X |
X |
X |
X |
LAN Port IP AAA open |
X |
X |
X |
X |
X |
X |
X |
X |
N |
N |
GOLD |
X |
X |
X |
N |
N |
N |
N |
N |
N |
N |
Stackwise MIB |
X |
X |
X |
– |
– |
– |
– |
– |
– |
– |
CISCO-PORT-QOS-MIB |
X |
X |
X |
X |
X |
X |
E |
E |
X |
X |
CISCO-DHCP-SNOOPING-MIB |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
VRF-Aware IP-Directed Broadcast |
X |
X |
N |
X |
X |
N |
X |
N |
N |
N |
Trunk Failover |
X |
X |
X |
X |
X |
X |
N |
N |
X |
X |
DHCP Option-82 Configurable Remote ID and Circuit ID |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
CNS Image Agent |
N |
N |
N |
N |
N |
N |
X |
X |
N |
N |
IP Phone Enhancement—PHY Loop Detection |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
EIGRP Stub |
N |
N |
X |
N |
N |
X |
N |
N |
N |
N |
EIGRP-VRF Lite |
X |
X |
N |
X |
X |
N |
E |
N |
N |
N |
Flex Links Preemption |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
Flex links |
E |
E |
E |
E |
E |
E |
X |
X |
E |
E |
Table 4. Cisco Catalyst Switches Supported with Cisco IOS Software Release 12.2(25)SEE
Cisco Catalyst 3750 and Catalyst 3560 Series License CD Part Numbers |
Cisco Catalyst 3750 Series IP Services Part Numbers |
Cisco Catalyst 3750 Series IP Base Part Numbers |
Cisco Catalyst 3560 Series IP Services Part Numbers |
Cisco Catalyst 3560 Series IP Base Part Numbers |
Cisco Catalyst 2970 Series Part Numbers |
• CD-3750-EMI=
• CD-3750G-EMI=
• CD-3750G-48EMI=
• 3750-AISK9-LIC-B
• 3750-AISK9-LIC-S
• 3750G-AISK9-LIC-B
• 3750G-AISK9-LIC-S
• 3750G48-AISK9LIC-B
• 3750G48-AISK9LIC-S
• CD-3560-EMI=
• CD-3560G-EMI=
• 3560-AISK9-LIC-B
• 3560-AISK9-LIC-S
• 3560G-AISK9-LIC-B
• 3560G-AISK9-LIC-S
|
• 3750-48TS-E
• 3750-24TS-E
• 3750G-24T-E
• 3750G-48TS-E
• 3750G-24TS-E
• 3750G-12S-E
• 3750G-16TD
• 3750-48PS-E
• 3750-24PS-E
• 3750G-24TS-1U-E
• 3750G-24PS-E
• 3750G-48PS-E
|
• 3750-48TS-S
• 3750-24TS-S
• 3750G-24T-S
• 3750G-48TS-S
• 3750G-24TS-S
• 3750G-12S-S
• 3750G-16TD
• 3750-48PS-S
• 3750-24PS-S
• 3750G-24TS-1U-S
• 3750G-24PS-S
• 3750G-48PS-S
|
• 3560-24TS-E
• 3560-48TS-E
• 3560-48PS-E
• 3560-24PS-E
• 3560G-48PS-E
• 3560G-24PS-E
• 3560G-48TS-E
• 3560G-24TS-E
|
• 3560-24TS-S
• 3560-48TS-S
• 3560-48PS-S
• 3560-24PS-S
• 3560G-48PS-S
• 3560G-24PS-S
• 3560G-48TS-S
• 3560G-24TS-S
|
• 2970G-24T-E
• 2970G-24TS-E
|
Cisco Catalyst 3550 Series EMI Part Numbers |
Cisco Catalyst 3550 Series SMI Part Numbers |
• 3550-12G Switch
• 3550-12T Switch
• 3550-24-EMI Switch
• 3550-24 PWR Switch EMI
• 3550-48-EMI Switch
• 3550-24-FX-SMI Switch with EMI upgrade
• 3550-24-DC-SMI Switch with EMI upgrade
• CD-3550-EMI
|
• 3550-24-SMI Switch
• 3550-24PWR-SMI
• 3550-48-SMI Switch
• 3550-24-FX-SMI Switch
• 3550-24-DC-SMI Switch
|
Cisco Catalyst 2960 Series Part Numbers |
Cisco EtherSwitch Service Modules for Cisco 2600, 2800, 3700, and 3800 Series Routers Part Numbers |
• Cisco Catalyst 2960-24TC
• Cisco Catalyst 2960-24TT
• Cisco Catalyst 2960-48TC
• Cisco Catalyst 2960-48TT
• Cisco Catalyst 2960G-24TC
|
• NME-16ES-1G
• NME-16ES-1G-P
• NME-X-23ES-1G
• NME-X-23ES-1G-P
• NME-XD-24ES-1S-P
• NME-XD-48ES-2S-P
|
ADDITIONAL RESOURCESd
Software Download
The following software is available for download:
· Cisco Catalyst 3750 Series software: http://www.cisco.com/cgi-bin/tablebuild.pl/cat3750
· Cisco Catalyst 3560 Series software: http://www.cisco.com/cgi-bin/tablebuild.pl/cat3560
· Cisco Catalyst 3550 Series software: http://www.cisco.com/cgi-bin/tablebuild.pl/cat3550
· Cisco Catalyst 2970 Series software: http://www.cisco.com/cgi-bin/tablebuild.pl/cat2970
· Cisco Catalyst 2960 Series software: http://www.cisco.com/pcgi-bin/tablebuild.pl/cat2960
You must purchase the EMI/IP Services or Advanced IP Services software upgrade kit when upgrading a switch from SMI/IP Base to EMI/IP Services or Advanced IP Services software. Downloads of SMI/IP Base, EMI/IP Services, and Advanced IP Services files are monitored for adherence to this requirement.
Because of export restrictions on strong cryptography software, a separate image is required for the cryptographic features (SSH, SNMPv3, and Kerberos Protocol). These software images can be downloaded from the corresponding Triple Data Encryption Standard (3DES) area of the links provided in this section. Note that the Cisco Advanced IP Services license is available only in cryptographic format.
Product Information
Additional product information is available at the following URLs:
· Cisco Catalyst 3750 Series switches: http://www.cisco.com/go/catalyst3750
· Cisco Catalyst 3560 Series switches: http://www.cisco.com/go/catalyst3560
· Cisco Catalyst 3550 Series switches: http://www.cisco.com/go/catalyst3550
· Cisco Catalyst 2970 Series switches: http://www.cisco.com/go/catalyst2970
· Cisco Catalyst 2960 Series switches: http://www.cisco.com/go/catalyst2960
· Cisco Catalyst 3750, 3560, 3550, 2970, and 2960 series release notes:
– http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/index.htm
– http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/index.htm
– http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/index.htm
– http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2970/index.htm
– http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2960/index.htm
· Cisco EtherSwitch Service Modules for Cisco 2600, 2800, 3700, and 3800 series routers http://www.cisco.com/en/US/products/ps5854/products_data_sheet0900aecd8028d15f.html
Support
Cisco IOS Software Release 12.2(25)SEE follows the standard Cisco support policy indicated at http://www.cisco.com/en/US/products/products_end-of-life_policy.html.
Software Image Migration Guide
Figure 1 displays Cisco IOS Software Release 12.2(25)SEE functions relative to the 12.2S and 12.2SE releases and identifies the recommended migration path.