PB380237
Cisco® announces Cisco IOS® Software updates for Cisco Catalyst® 3750-E and 3560-E Series Switches. This new release furthers Cisco leadership in providing secure, reliable, integrated data and voice LAN switching solutions.
This product bulletin contains content and delivery information for Cisco IOS Software Release 12.2(35)SE2.
This release adds support for newly launched Catalyst 3750-E and 3560-E Series Switches and offers the following new features (introduced with Cisco IOS Software Release 12.2(35)SE for Catalyst 3750 and 3560 Series Switches):
● Multi Domain Authentication (MDA)—MDA provides enhanced security for IP phone deployments. This allows an IP phone (Cisco or third-party) and a single host behind the IP phone to independently authenticate using 802.1x. Using this method, a switch can place the host in the data VLAN and IP phone in the voice VLAN, though they appear on the same switch port. Data VLAN can be downloaded from the authentication, authorization, and accounting (AAA) server. For non-802.1x devices, MAC Authentication Bypass (MAB) can be used as the fallback to authenticate using the MAC address of the device. For non‑802.1x deployments, MAB can be used to authenticate both IP phones and hosts.
● Local Web Authentication—Allows non-802.1x users to authenticate using a login page. The switch intercepts an HTTP packet from the host and sends an HTML login page. The user keys in the credentials (such as username and password) and gets authenticated by an AAA server.
● MAC Authentication Bypass (MAB) for Voice VLAN—This feature allows non-802.1x IP phones (with no 802.1x supplicant) to authenticate to the network, utilizing the MAC address of the IP phone. The switch will initiate an Extensible Authentication Protocol (EAP) conversation with an AAA server on behalf of the IP phone to authenticate the MAC address itself. This process is transparent to the end user and utilizes a prepopulated database on the AAA server.
● MAB aging timer—Provides a mechanism to detect inactive hosts after they have authenticated using MAB. The switch flushes the entries for hosts that remain inactive for this duration, thus allowing new hosts to get authenticated on the same port.
● Fast Stack Image Update—Updates the software images for all the stack members in parallel, improving the speed and performance of image updates.
● Generic Online Diagnostics Framework (GOLD) for Cisco Catalyst 3560—GOLD is a fault detection framework that provides troubleshooting tools for customers and the Cisco Technical Assistance Center (TAC) and can be either run on demand or scheduled.
◦ Supports the same level of GOLD functionality available on the Cisco Catalyst 3750.
● Power over Ethernet (PoE) MIB—A new CISCO-POWER-ETHERNET-EXE-MIB provides PoE visibility and allows administrators to proactively monitor power usage. Table 1 describes managed objects related to PoE.
Table 1. Overview of New PoE MIB Object Types
MIB Object Type |
Object Description |
SET |
● Enable PoE mode (auto/static and so on)
● Max power allowed on this port (optional)
● Threshold for allocated power
|
TRAP |
● When allocated power exceeds specified threshold
|
GET |
● PoE mode (auto/static and so on)
● Operational status (power deny/on/off scenarios)
● Power allocated (through Cisco Discovery Protocol negotiation or power class) on the interface
● Type of the device plugged into the port
● IEEE power classification class
|
● Enhanced Object Tracking (EoT)—Provides ability for Hot Standby Router Protocol (HSRP)-like protocols to monitor the link and route state objects and dynamically adjust to state changes. This provides increased network availability during failover.
● STACK MAC Persistent Timer—Currently, when a stack primary is removed and a new primary takes over, by default, the MAC address of the new stack primary becomes the new stack MAC router address. This feature enables users to configure a timer to allow a time delay before stack MAC address changes to the new primary MAC address. A value of “0” helps ensure the original primary MAC address remains the stack MAC router address, thus making it transparent to the endpoints.
Table 2 describes product support for new features of Cisco IOS Software Release 12.2(35)SE2 for enterprise switches.
Table 2. Cisco IOS Software Release 12.2(35)SE2 New Features for Catalyst 3750-E and 3560-E Series Switches
Feature |
3750-E-IPB |
3750-E-IPS |
3750-E-AIS |
3560-E-IPB |
3560-E-IPS |
3560-E-AIS |
Multiple Domain Auth |
X |
X |
X |
X |
X |
X |
Web Auth for Non-802.1x Clients |
X |
X |
X |
X |
X |
X |
MAC Auth Bypass for Voice VLAN |
X |
X |
X |
X |
X |
X |
MAB Aging Timer |
X |
X |
X |
X |
X |
X |
Fast Stack Image Update |
X |
X |
X |
– |
– |
– |
PoE MIB |
X |
X |
X |
X |
X |
X |
Enhanced Object Tracking (No SAA Objects) |
X |
X |
X |
X |
X |
X |
STACK MAC Persistent Timer |
X |
X |
X |
– |
– |
– |
● IPB = IP Base Feature Set
● IPS = IP Services Feature Set
● AIS = Advanced IP Services Feature Set
● X = supported ; N = not supported
● 3750-E = Catalyst 3750-E Series Switches
● 3750 = Cisco Catalyst 3750 Series Switches
● 3560-E = Catalyst 3560-E Series Switches
● 3560 = Cisco Catalyst 3560 Series Switches
Note: New with the 3750-E and 3560-E is the IOS Universal Image, a single IOS image file that contains all of the features previously found in the IP Base, IP Services, and Advanced IP Services IOS images. The new Cisco IOS Software Licensing infrastructure called “Software Activation” now authorizes and enables the usage of the three existing IOS software feature sets. A special file contained in the switch’s flash memory, called a license file, is examined by IOS when the switch is powered on. Based on the license’s type, IOS enables the appropriate IOS feature set. License types can be changed or upgraded to enable a different feature set through the purchase of a product activation key (PAK). A particular license file only functions with the switch for which it was created, meaning license files cannot be copied to different switches.
For more information on Software Activation, refer to: http://www.cisco.com/en/US/products/ps7077/prod_configuration_guide09186a00807bb49f.html
Table 3 lists switches supported.
Table 3. Cisco Catalyst Switches Supported with Cisco IOS Software Release 12.2(35)SE2
Cisco Catalyst 3750-E and Catalyst 3560-E Series License Part Numbers |
Cisco Catalyst 3750-E Series IP Services Part Numbers |
Cisco Catalyst 3750-E Series IP Base Part Numbers |
Cisco Catalyst 3560-E Series IP Services Part Numbers |
Cisco Catalyst 3560-E Series IP Base Part Numbers |
● 3750E-IPB-LIC
● 3750E-IPS-LIC-B
● 3750E48-IPS-LIC-B
● 3750E-AISK9-LIC-B
● 3750E-AISK9-LIC-S
● 3750E48-AISK9LC-B
● 3750E48-AISK9LC-S
● 3560E-IPB-LIC
● 3560E-IPS-LIC-B
● 3560E-AISK9-LIC-B
● 3560E-AISK9-LIC-S
|
● 3750E-24TD-E
● 3750E-24PD-E
● 3750E-48TD-E
● 3750E-48PD-E
● 3750E-48PD-EF
|
● 3750E-24TD-S
● 3750E-24PD-S
● 3750E-48TD-S
● 3750E-48PD-S
● 3750E-48PD-SF
|
● 3560E-24TD-E
● 3750E-24PD-E
● 3560E-48TD-E
● 3560E-48PD-E
● 3560E-48PD-EF
|
● 3560E-24TD-S
● 3750E-24PD-S
● 3560E-48TD-S
● 3560E-48PD-S
● 3560E-48PD-SF
|
Additional Resources
Software Download
Software is available for download from the following links:
● Cisco IOS Software Upgrade Planner: http://www.cisco.com/cgi-bin/Software/Iosplanner/Planner-tool/iosplanner.cgi?majorRel=
● Guest Level Access Planner: http://www.cisco.com/kobayashi/sw-center/index.shtml
You must purchase the EMI/IP Services or Advanced IP Services software upgrade kit when upgrading a switch from SMI/IP Base to EMI/IP Services or Advanced IP Services software. Downloads of SMI/IP Base, EMI/IP Services, and Advanced IP Services files are monitored for adherence to this requirement. Catalyst 3750-E and 3560-E support the new Cisco IOS Software Licensing infrastructure which authorizes and enables the usage of the three existing IOS software feature sets. A special file contained in the switch’s flash memory, called a license file, is examined by IOS when the switch is powered on. Based on the license’s type, IOS software enables the appropriate IOS feature set.
Because of export restrictions on strong cryptography software, a separate image is required for the cryptographic features (Secure Shell [SSH] Protocol, Simple Network Management Protocol Version 3 [SNMPv3], and Kerberos Protocol). These software images can be downloaded from the corresponding Triple Data Encryption Standard (3DES) area of the links provided in this section. Note that the Cisco Advanced IP Services license is available only in cryptographic format.
Product Information
Additional product information is available at the following URLs:
● Cisco Catalyst 3750-E Series switches: http://www.cisco.com/go/3750-E
● Cisco Catalyst 3560-E Series switches: http://www.cisco.com/go/3560-E
● Cisco Catalyst 3750-E, 3560-E Series release notes:
◦ http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750e/index.htm
◦ http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560e/index.htm
Support
Cisco IOS Software Release 12.2(35)SE2 follows the standard Cisco support policy indicated at: http://www.cisco.com/en/US/products/products_end-of-life_policy.html
Software Image Migration Guide
Figure 1 displays Cisco IOS Software Release 12.2(35)SE2 functions relative to the 12.2S and 12.2SE releases and identifies the recommended migration path.