Release Notes for Cisco IOS Release 15.2(4)EA9a
Feature Support in Cisco IOS Release 15.2(4)EA9a
Finding the Software Version and Feature Set
Upgrading a Switch by Using the CLI
Enabling Logging Alarms for Syslog Messages
Configuring Hardware Watchdog Reset
First Published: February 7, 2020
Last Updated: February 11, 2020
Cisco IOS Release 15.2(4)EA9a runs on these platforms:
■Cisco Industrial Ethernet 2000 Series Switches
■Cisco Industrial Ethernet 2000U Series Switches
■Cisco Industrial Ethernet 3000 Series Switches
■Cisco Industrial Ethernet 3010 Series Switches
■Cisco Industrial Ethernet 4000 Series Switches
■Cisco Industrial Ethernet 5000 Series Switches
■Cisco 2500 Series Connect Grid Switches
■Cisco Embedded Service 2020 Series Switches
■Cisco Ethernet Switch Module (ESM) for Cisco 2000 Series Connected Grid Routers
These release notes include important information about Cisco IOS Release 15.2(4)EA9a and any limitations, restrictions, and caveats that apply to the release. Verify that these release notes are correct for your switch.
■If you are installing a new switch, see the Cisco IOS release label on the rear panel of your switch.
■If your switch is on, use the show version command. See Finding the Software Version and Feature Set.
■If you are upgrading to a new release, see the software upgrade filename for the software version. See Deciding Which Files to Use.
For a complete list of documentation for the platforms associated with this release, see Related Documentation.
You can download the switch software from this site (registered Cisco.com users with a login password):
http://software.cisco.com/download/navigator.html
This document uses the following conventions.
Note: Means reader take note. Notes contain helpful suggestions or references to material not covered in the manual.
Caution: Means reader be careful. In this situation, you might perform an action that could result in equipment damage or loss of data.
Warning: IMPORTANT SAFETY INSTRUCTIONS
Means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. Use the statement number provided at the end of each warning to locate its translation in the translated safety warnings that accompanied this device.
SAVE THESE INSTRUCTIONS
Regulatory: Provided for additional information and to comply with regulatory and customer requirements.
Cisco IOS Release 15.2(4)EA9a is a bug fix only release; however, it supports all the features first introduced by Cisco IOS 15.2(4)EA1 as listed in New Feature Summary for Cisco IOS Release 15.2(4)EA1.
This release also supports the IE 5000 features introduced in Cisco IOS Release 15.2(2)EB and EB1.
This time service enhancement allows the IE switches to act as Grandmaster clocks to the PTP hierarchy with NTP as the time source. The NTP time source ties the PTP working clock to the everyday “wall clock.” This allows the customer to use PTP and NTP generated timestamps together during troubleshooting and analysis. In addition, NTP is more cost effective and robust than GPS for applications that only need 1 second precision for wide-area synchronization. |
■ Precision Time Protocol Software Configuration Guide for IE 4000 and |
||
MRP (Media Redundancy Protocol), an open standard industrial protocol, can support up to 50 nodes with maximum recovery time up to 200ms. MRP operates at the MAC layer and is commonly used in conjunction with the PROFINET standard for industrial networking in manufacturing. ■PROFINET stack upgrade to version 2.31. ■PROFINET support for MRP Manager (MRM) and Client (MRC) functionality. PROFINET (PNIO) Certification with v2.3 |
■ Media Redundancy Protocol Configuration Guide for IE 2000 and |
||
The Hardware Watchdog Reset feature causes the switch to reload if IOS software is unresponsive for a certain period of time (5 minutes). The CPU Hardware Watchdog ensures that the switch reloads if software is hung for whatever reason. |
|||
MACsec is the IEEE 802.1AE standard for providing strong cryptographic protection at Layer 2. MACsec provides secure (encryption and authentication) MAC Service on a frame-by-frame basis. MACsec provides secure communications between stations that are attached to the same LAN. MACsec is only supported on 1G uplinks. Note You must have the IP Service license installed to support the MACsec feature. |
|||
This feature enhances Express Startup to limit manual switch intervention. There are three options for using Express Setup:
■You must configure a new in the box (NIB) switch that has no configuration file loaded (config.text / vlan.dat) directly via a console cable. ■You can configure the switch with the existing Express Setup method. The existing Express Setup behavior is enhanced to improve the failure LED indication behavior. ■You can have an IP address assigned to the switch without using Device Manager if you installed the switch in an already running environment with certain services available (DHCP). |
■For details on Express Setup documentation for all IE switches, see the Express Setup Program entry in Methods for Assigning IP Information |
||
When enabled, Locate Switch causes all possible LED to glow in ALT_RED and GREEN once the locate switch is enabled with a specific time. This performance varies from previous releases. (CSCux75707) The Locate Switch time setting has been changed from <9-255> to <0-255> time in seconds: |
|||
■Ability to launch Device Manager in Express Setup medium press mode (as well as previously supported short press mode). |
This section describes the following system requirements for Cisco IOS Release 15.2(4)EA9a
This section summarizes the hardware and software requirements for the Windows platform.
For a listing of Express Setup documentation, see New Feature Summary for Cisco IOS Release 15.2(4)EA1.
■1 gigahertz (GHz) or faster 32-bit (x86) or 64-bit (x64) processor
■1 gigabyte (GB) RAM (32-bit) or 2 GB RAM (64-bit)
■16 GB available hard disk space (32-bit) or 20 GB (64-bit)
■PC with Windows 7, or Mac OS 10.6.x
■Web browser (Internet Explorer 9.0, 10.0, and 11.0, or Firefox 32) with JavaScript enabled
■Straight-through or crossover Category 5 or 6 cable
Express Setup verifies the browser version when starting a session, and it does not require a plug-in.
These are the procedures for downloading software. Before downloading software, read these sections for important information:
■Finding the Software Version and Feature Set
■Upgrading a Switch by Using the CLI
The Cisco IOS image is stored as a bin file in a directory that is named with the Cisco IOS release. A subdirectory contains the files needed for web management. The image is stored on the compact flash memory card.
You can use the show version privileged EXEC command to see the software version that is running on your switch. The second line of the display shows the version.
You can also use the dir filesystem : privileged EXEC command to see the directory names of other software images stored in flash memory. For example, use the dir flash: command to display the images in the flash memory.
The upgrade procedures in these release notes describe how to perform an upgrade by using a combined tar file which contains the Cisco IOS image and the files needed for PROFINET GSD, CIP EDS and the Web Device Manager; and, in some cases, the FPGA upgrade files.
To upgrade the switch through the CLI, use the combined tar file and the archive download-sw privileged EXEC command to overwrite the older image completely.
Cisco IOS Software Image Files lists the filenames for this software release.
Before upgrading your switch software, make sure that you archive copies of both your current Cisco IOS release and the Cisco IOS release to which you are upgrading. Keep these archived images until you have upgraded all devices in the network to the new Cisco IOS image and verified that the new Cisco IOS image works properly in your network.
Cisco routinely removes old Cisco IOS versions from Cisco.com. See Product Bulletin 2863 for information:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps6969/ps1835/prod_bulletin0900aecd80281c0e.html
You can copy the bin software image file on the flash memory to the appropriate TFTP directory on a host by using the copy flash: tftp: privileged EXEC command.
Note: Although you can copy any file on the flash memory to the TFTP server, it is time consuming to copy all of the HTML files in the tar file. We recommend that you download the tar file from Cisco.com and archive it on an internal host in your network.
You can also configure the switch as a TFTP server to copy files from one switch to another without using an external TFTP server by using the tftp-server global configuration command.
This procedure is for copying the combined tar file to the switch. You copy the file to the switch from a TFTP server and extract the files. You can download an image file and replace or keep the current image.
Note: Make sure that the compact flash card is in the switch before downloading the software.
To download software, follow these steps:
1. Use Cisco IOS Software Image Files to identify the file that you want to download.
2. Download the software image file. If you have a SMARTNet support contract, go to this URL, and log in to download the appropriate files:
http://software.cisco.com/download/navigator.html
For example, to download the image for an IE 4000 switch, select Products > Switches > Industrial Ethernet Switches > Cisco Industrial Ethernet 4000 Series Switches, then select your switch model. Select IOS Software for Software Type, then select the image you want to download.
3. Copy the image to the appropriate TFTP directory on the workstation, and make sure that the TFTP server is properly configured.
For more information, see the “Assigning the Switch IP Address and Default Gateway” chapter in the applicable document for your switch as listed in Methods for Assigning IP Information.
4. Log into the switch through the console port or a Telnet session.
5. (Optional) Ensure that you have IP connectivity to the TFTP server by entering this privileged EXEC command:
For more information about assigning an IP address and default gateway to the switch, see Methods for Assigning IP Information.
6. Download the image file from the TFTP server to the switch.
If you are installing the same version of software that currently exists on the switch, overwrite the current image by entering this privileged EXEC command:
The command above untars/unzips the file.The system prompts you when it completes successfully.
–The /overwrite option overwrites the software image in flash memory with the downloaded one.
If you specify the command without the /overwrite option, the download algorithm verifies that the new image is not the same as the one on the switch Flash device. If the images are the same, the download does not occur. If the images are different, the old image is deleted, and the new one is downloaded. If there is not enough space to install the new image and keep the current running image, the download process stops, and an error message displays.
–The /reload option reloads the system after downloading the image unless the configuration has been changed and not saved.
–For // location, specify the IP address of the TFTP server. or hostname.
–For / directory / image-name .tar, specify the directory and the image to download. Directory and image names are case sensitive. The directory is for file organization and it is generally a tftpboot/user-ID path.
This example shows how to download an image from a TFTP server at 198.30.20.19 and to overwrite the image on the switch:
You can also download the image file from the TFTP server to the switch and keep the current image by replacing the /overwrite option with the /leave-old-sw option. If there is not enough space to install the new image and keep the current running image, the download process stops, and an error message displays.
You can assign IP information to your switch using the methods shown in Methods for Assigning IP Information.
Cisco IE 2000 Switch Hardware Installation Guide, Device Manager Online Help |
||
Cisco IE 3000 Switch Getting Started Guide, Device Manager Online Help |
||
Cisco IE 3000 Switch Getting Started Guide, Device Manager Online Help Note: The Cisco IE 3000 Switch Getting Started Guide serves as Express Setup reference for the IE 3010. |
||
Cisco IE 5000 Hardened Aggregator Hardware Installation Guide |
||
Cisco IE 5000 Hardened Aggregator Hardware Installation Guide |
||
Cisco Industrial Ethernet 4000 Series Switch Software Configuration Guide |
||
Cisco IE 5000 Hardened Aggregator Hardware Installation Guide |
||
Cisco Industrial Ethernet 4000 Series Switch Software Configuration Guide |
||
Cisco IE 5000 Hardened Aggregator Hardware Installation Guide |
We recommend that you review this section before you begin working with the switch. These are known limitations that will not be fixed, and there is not always a workaround for these issues. Some features might not work as documented, and some features might be affected by recent changes to the switch hardware or software. These caveats have a status of Closed.
Symptom When a port gets congested, classes with a larger queue-limit size are not receiving more frames per second than the classes with a smaller queue-limit size.
Conditions This issue occurs on the IE 4000 when queue-limit sizes are configured unequally in classes. Classes with a larger queue-limit size are not receiving more frames per second than the classes with a smaller queue-limit sizes.
Workaround There is no workaround for this issue.
Symptom In-line editing becomes unresponsive on the Device Manager Port Thresholds page on IE 2000, IE 3000 and IE 4000 switches.
Conditions Editing a field too quickly can cause in-line editing to become unresponsive.
Workaround Editing the box repeatedly works if the user waits one or two seconds for Device Manager to push the update to the device.
Symptom The PRP LED did not light up correctly. Observed anomalies in PRP LED in the events below:
Conditions Impacted platform: IE4K
1. Issue a shut/no shut on logical PRP interface (interface prp-channel 1|2).
2. Unplug and plug in cables for uplink ports.
3. Certain sequence issues observed with issuing shut/no shut on logical interface PRP-channel 1 followed by logical interface PRP-channel 2 and vice versa.
Workaround There is no workaround for this issue.
Symptom show cip object v4router 0 does not display correct routes in some scenarios. Issue was first seen on an IE 2000; however, it applies to all IE and CG switches that support VLAN configuration and CIP features.
Conditions If you configure a cip unsupported route, for example, ip route 0.0.0.0 0.0.0.0 fa 1/1 172.27.168.129. the route will not be displayed properly in the sh cip object v4router command output. All following routes (including supported routes such as ip route 0.0.0.0 0.0.0.0 fa 1/1 or ip route 172.27.168.129 vlan 1) also will not be displayed properly.
Symptom Switch running Parallel Redundancy Protocol (PRP) disables PRP1 interface at least twice at random periods.
Conditions IE 4000 running release 15.2(2) with Parallel Redundancy Protocol (PRP) configured.
Workaround To re-enable PRP on the switch, connect to the switch via a console port and enter shut and then no shut commands on the PRP1 interface.
Symptom Interface link flaps occurred on the IE 4000 with use of aggressive lsl-age timer under REP port configuration.
Conditions This issue occurs in a REP Ring with three or more nodes with lsl-age timer set to 120 msecs and after a period of a few minutes to a couple of hours.
Another side affect could be a malloc failure (CAM flush) with repeated link flaps which may cause the switch to crash.
Workaround Increase rep lsl-age timer to a value greater then 120 msec. Recommended value is 3000 msec.
Symptom On IE platforms, Flex-Link failover time could be around 700msec when using Gigabit Ethernet ports.
Conditions Steps to reproduce:
1. Configure two Gig links on the IE switch as flex links.
2. Shut a member link and wait for the traffic to switch over to the other link. Failover time of around 700 msec is seen.
This section addresses the open and resolved caveats in this release and provides information on how to use the Bug Search Tool to find further details on those caveats. This section includes the following topics:
Modify Reload Reason: When switch reloads due to Profinet DCP reset request (all IE platforms) |
|
Self-signed certificates expire on 00:00 1 Jan 2020 UT (IE2000, IE3000, IE4000, IE4010, IE5000) |
The Bug Search Tool (BST), which is the online successor to Bug Toolkit, is designed to improve the effectiveness in network risk management and device troubleshooting. The BST allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.
To view the details of a caveat listed in this document:
1. Access the BST (use your Cisco user ID and password) at https://tools.cisco.com/bugsearch/
This section includes the following late updates to documentation for IE switches:
■Enabling Logging Alarms for Syslog Messages
Please note that MAB + NEAT is not supported on CGS2520s in the Cisco 15.2(4)EA Releases (15.2(4)EA1 through 15.2(4)EA9a). MAB + NEAT may be incorrectly noted as supported in the “802.1x Supplicant and Authenticator Switches with Network Edge Access Topology (NEAT)” sections of 15.2(4)EA User Documentation.
The following information is relevant to all IE Switches software releases from Release 12.2(58)SE onward (CSCvg26502).
On IE switches, there is an option to configure temperature alarm levels as noted in the “ Configuring the Switch Alarms: Associating the Temperature Alarms to a Relay ” section within IE Switch Software Configuration Guides.
However, configured alarms do not generate any syslogs until you set Major alarm logging alarm 2 and Minor alarm l ogging alarm 3 for temperature threshold alarms.
IMPORTANT: The logging alarm must be enabled to generate syslog messages.
The expected behavior on the switch when there is an IOS software problem is for the switch to crash, save the information that helps software engineers debug the crash, and then reload. However, there can be rare occurrences of the switch hanging without crashing. Hangs are very hard to reproduce and even harder to fix because there is no trace of what caused the hang. Following are some of the symptoms when the switch hangs:
■Switch becomes totally unresponsive to the CLI
■Switch does not save any crash information
The switch not reloading is a very serious issue, especially for IoT deployments in remote and sometimes hard to reach locations where sending personnel to reload the box is expensive, time consuming, and leads to the system being rendered unusable for that time.
The Hardware Watchdog Reset feature causes the switch to reload if IOS software is unresponsive for a certain period of time (5 minutes). The CPU Hardware Watchdog ensures that the switch reloads if software is hung for whatever reason.
This feature is enabled by default. The following CLI command disables and re-enables this feature:
This command requires a reboot to take effect.
The scheduler process-watchdog (software) remains in effect even after this feature is disabled.
Express Setup has three options to meet the needs of different installer roles. You select an option based on how long you press the Express Setup button.
■Short press mode—You want to use the existing Express Setup method.
The existing Express Setup behavior has improved failure LED indication.
■Medium press mode—You are installing a switch into an already running environment with certain services available (DHCP) or you want to have the device receive an IP address without using Device Manager.
■Long press mode—You are confident and knowledgeable in the use of Cisco IOS CLI and can configure the switch directly using a console cable.
Express Setup Modes summarizes Express Setup for each mode.
You can configure Locate Switch using CLI and the Device Manager.
When enabled, Locate Switch causes all possible LEDs to glow ALT_RED and GREEN (LEDs that are in one color blink) once the switch is enabled with a specific time. This performance varies from previous releases (CSCux75707).
The Locate Switch time setting has been changed from <9-255> to <0-255> time in seconds:
Enter the following show command to verify your settings:
The locate-switch command is a volatile command and will not be saved or displayed in running or startup configuration.