PDF(908.4 KB) View with Adobe Reader on a variety of devices
Updated:August 20, 2020
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Release Notes for Catalyst 3850 Series Switch, Cisco IOS XE Denali 16.3.x
First Published: August 03, 2016
Last Updated: February 28, 2020
This release note gives an overview of the features for the Cisco IOS XE Denali 16.3.x software on the Cisco Catalyst 3850 Series Switches.
Unless otherwise noted, the terms switch and device refer to a standalone switch and to a switch stack.
Note - For information about unsupported features, see Important Notes. - For information about software and hardware restrictions and limitations, see Limitations and Restrictions. - For information about open issues with the software and past opens that are resolved now, see Caveats.
Introduction
Cisco Catalyst 3850 Series Switches are the next generation of enterprise class stackable access layer switches that provide full convergence between wired and wireless networks on a single platform. This convergence is built on the resilience of new and improved 480-Gbps StackWise-480 and Cisco StackPower. Wired and wireless security and wireless application visibility and control are natively built into the switch.
Cisco Catalyst 3850 Series Switches also support full IEEE 802.3at Power over Ethernet Plus (PoE+), modular and field replaceable network modules, redundant fans, and power supplies. Cisco Catalyst 3850 Series Switches enhance productivity by enabling applications such as IP telephony, wireless, and video for a true borderless network experience.
Cisco IOS XE Denali 16.x.x and Cisco IOS XE represent the continuing evolution of the preeminent Cisco IOS operating system. The Cisco IOS XE architecture and well-defined set of APIs extend the Cisco IOS software to improve portability across platforms and extensibility outside the Cisco IOS environment. The Cisco IOS XE software retains the same look and feel of the Cisco IOS software, while providing enhanced future-proofing and improved functionality.
Whats New in Cisco IOS XE Denali 16.3.11
There are no new software or hardware features and no resolved caveats in Cisco IOS XE Denali 16.3.11.
Whats New in Cisco IOS XE Denali 16.3.10
There are no new software or hardware features and no resolved caveats in Cisco IOS XE Denali 16.3.10.
Whats New in Cisco IOS XE Denali 16.3.9
There are no new software or hardware features in Cisco IOS XE Denali 16.3.9.
Enables you to monitor optical input and output power, temperature, and voltage. The feature is supported on all transceivers that support DOM and is disabled by default.
RADIUS over Datagram Transport Layer Security protocol (DTLS)
DTLS provides encryption services over RADIUS, which is transported over a secure tunnel. RADIUS over DTLS is implemented in both client and server. Client side controls radius authentication, authorization, and accounting (AAA) and server side controls Change of Authorization (CoA)
(LAN Base, IP Base and IP Services)
New in Wireless Switching
Application Visibility and Control (AVC) Downstream Quality of Service (QoS)
AP downstream QoS is the process of marking traffic from the controller to the AP. This is achieved by using the flow information from AP on the downstream traffic.
(IP Base and IP Services)
XOR Radio Resource Management (RRM)
In Cisco Aironet 2800/3800 series access points, slot 0 is an XOR (Dual-Band) radio that offers the ability to serve either 2.4- or 5-GHz band, or passively monitor both bands on the same radio.
A network system virtualization technology that pairs two Cisco Catalyst 3850 Series Switches into one virtual switch to simplify operational efficiency with a single control and management plane.
Note The feature is available only on the WS-C3850-48XS-S, WS-C3850-48XS-E, WS-C3850-48XS-F-S, and WS-C3850-48XS-F-E models of the series.
Describes the role that security group-based access control lists (SGACLs) play in a Cisco TrustSec solution, to enforce role-based access control, identity-aware networking, and data confidentiality—thus securing the network and its resources.
Enhanced to support hierarchical QoS, which provides a two level parent-child policy. With hierarchical QoS, you can specify QoS behavior at multiple policy levels, which provides a high degree of granularity in traffic management.
AVB is supported on mGig interfaces on the following switch models:
Creates a checksum record for each stage of the boot loading activity. You can retrieve and compare the checksum record with a Cisco-certified record, to verify if your software image is genuine.
Federal Information Processing Standard Publication 140-2 (FIPS 140-2) and applicable Common Criteria compliance
Cisco IOS XE Denali 16.3.2 on the Cisco Catalyst 3850 Series Switches is being submitted for certification under FIPS 140-2 and Common Criteria compliance with the US Government, Security Requirements for Network Devices.
(For Base Configuration—LAN Base, IP Base, and IP Services)
(For IP Security—IP Services)
Media Access Control Security (MACSec):
256-bit AES MACsec (IEEE 802.1AE) host link encryption) with MACsec Key Agreement (MKA)
256-bit AES MACsec (IEEE 802.1AE) inter-network device encryption with MKA
Extensible Authentication Protocol - Transport Layer Security (EAP-TLS) method support for MKA
MACsec features are now available with IP Base and IP Services license levels.
Available with mGig interfaces. When downshift is enabled, the system automatically downshifts to a lower port speed if the link quality is poor or if the link is continuously down.
MVPN provides the ability to support multicast over a Layer 3 VPN. As enterprises extend the reach of their multicast applications, service providers can accommodate them over their MPLS core network. IP multicast is used to stream video, voice, and data over an MPLS VPN network core.
Individual device credential support, allowing the controller to manage devices that require individual TACACS or RADIUS credentials for access. The credentials are passed to the device securely and the password is not logged.
This feature requires Cisco IOS XE Denali 16.3.2 or a later software release on the device.
Wired Application Visibility and Control (Wired AVC) Flexible NetFlow (FNF)
Support for FNF is now enabled for wired AVC. The feature uses a flow record with an application name as the key, to provide statistics per interface, client, server, and application.
The record is similar to the Easy Performance Monitor (EzPM) application-client-server-stats traffic monitor, which is available in application-statistics and application-performance profiles.
Enables a switch joining an existing stack to be automatically upgraded to the same version as the existing stack, so that the switch can successfully join the existing stack.
Previously, Cisco IOS XE Denali 16.x.x releases supported this feature only on switches running an IOS XE Denali 16.x.x image joining an existing stack with a different Cisco IOS XE Denali 16.x.x image version. Starting with this release, the active switch can resolve a mismatch across Cisco IOS XE Release 3.xE and Cisco IOS XE Denali 16.3.x releases.
For this activity to happen automatically, you must have enabled the software auto-upgrade enable global configuration command, on the active switch. If not, you can start the process manually by entering the request platform software package install auto upgrade privileged EXEC command, on the active switch.
The software image installation process is now optimized:
The space required for installation is reduced—after you have copied the.bin file to flash, only 20MB of additional space is required to complete the installation.
The.bin file is automatically deleted after completion of installation.
Refers to standard IEEE 802.1 BA - AVB. This feature defines a mechanism whereby endpoints and the network function as a whole to enable high-quality streaming of professional audio and video (AV) over an Ethernet infrastructure. Instead of one-to-one, the network transport enables many-to-many seamless plug-n-play connections for multiple AV endpoints including talkers and listeners.
AVB is composed of the following:
Generalized Precision Time Protocol (gPTP)—IEEE 802.1AS. Provides a mechanism to synchronize clocks of the bridges and end point devices in an AVB network.
Quality of Service (QoS)—IEEE 802.1Qav. Guarantees bandwidth and minimum bounded latency for the time-sensitive audio and video streams.
Multiple Stream Reservation Protocol (MSRP)—IEEE 802.1Qat. Provides a mechanism for end stations to reserve network resources that will guarantee the transmission and reception of data streams across a network with the requested bandwidth.
Multiple VLAN Registration Protocol (MVRP)—Provides a mechanism for dynamic maintenance of the contents of Dynamic VLAN Registration Entries for each VLAN IDs, and for propagating the information they contain to other Bridges.
Provides fast forwarding path failure detection times for all media types, encapsulations, topologies, and routing protocols. It also provides a consistent failure detection method for network administrators.
A virtual topology that can be used to logically connect devices that are a part your physical network, facilitating simple segmentation constructs to build secure boundaries. Fabric Overlay uses alternative forwarding attributes to provide services such as host mobility and enhanced security, which are additional to normal switching and routing capabilities.
Cisco TrustSec: Virtual Routing and Forwarding Aware (VRF-Aware) Security Group Tag (SGT)
Enables a device to communicate with RADIUS servers through VRF interfaces. This feature allows protected access credential (PAC) and Environment-Data to be requested from the authentication device, Cisco Identity Services Engine (Cisco ISE), when Cisco ISE is in a VRF network.
Starting with this release, the amount of free memory is computed more accurately. The output of the following commands (privileged EXEC mode) displays this information:
show memory platform
show platform resources
show processes memory platform
show platform software status control-processor
show platform software process list switch active R0 summary
Federal Information Processing Standard Publication 140-2 (FIPS 140-2) and the Common Criteria for Information Technology Security Evaluation standard (Common Criteria or CC)
Cisco IOS XE Denali 16.3.1on the Cisco Catalyst 3850 Series Switches is being submitted for certification under FIPS 140-2 and Common Criteria compliance with the US Government, Security Requirements for Network Devices..
IPv4 Multicast over Point-to-Point Generic Routing Encapsulation (GRE) Tunnels
Supports the attachment of IPv6 ACLs to configure a secure HTTP server.
Note The existing CLIs that specify (only IPv4) ACLs are supported, but are going to be deprecated. Use the new CLIs that support both IPv4 and IPv6 ACLs instead.
256-bit AES MACsec (IEEE 802.1AE) host link encryption) with MACsec Key Agreement (MKA)
256-bit AES MACsec (IEEE 802.1AE) inter-network device encryption with MKA
Extensible Authentication Protocol - Transport Layer Security (EAP-TLS) method support for MKA
Supports the IEEE 802.1x standard-based Layer 2 encryption with MKA on both uplink (switch-to-switch) and downlink (switch-to-host device) ports for 256-bit level encryption using EAP-TLS and Preshared Key (PSK).
Supported on the Cisco Catalyst 3850 Series MultiGigabit Switches and Cisco Catalyst 3850 Series 10G SFP+ Switches. The model numbers are listed below:
Combines the performance and capabilities of Layer 2 (data link layer) switching with the proven scalability of Layer 3 (network layer) routing.
MPLS enables service providers to meet the challenges of explosive growth in network utilization while providing the opportunity to differentiate services without sacrificing the existing network infrastructure.
Enables extended secure access in areas outside the wiring closet. It allows you to configure a switch to act as a supplicant to another switch. NEAT utilizes the Client Information Signalling Protocol (CISP) to propagate client MAC addresses and VLAN information between supplicant and authenticator switches.
Enables network-powered lighting capability on a switch. It includes the following components:
Two Event Classification for PoE – A physical layer mechanism to rapidly negotiate and grant PoE power to capable end-devices in less than 1sec without traditional Link Layer Discovery Protocol (LLDP) power negotiation.
Perpetual-PoE – A mechanism to deliver power to PoE end-devices without interruption during warm reboot (image upgrades, switch reload etc.)
Fast PoE – A mechanism to restore power to end-devices within 30s of resumption of power after an outage without waiting for complete control plane boot-up.
CoAP Proxy Server – CoAP is a lightweight IoT optimized standard protocol specified in RFC 7252. An On-Switch standards based COAP Proxy Server provides secure messaging, discovery mechanism, local resource directory and RESTful API access for applications. Resources can be organized in a hierarchical manner across the network in a parent/child fashion and accessed by querying the CoAP proxy server.
Autosmart Ports - Enhanced to include lighting endpoint specific macros, to be triggered on detecting a lighting endpoint.
An Address Resolution Protocol (ARP)-like protocol that dynamically maps a nonbroadcast multiaccess (NBMA) network. With NHRP, systems attached to an NBMA network can dynamically learn the NBMA (physical) address of the other systems that are part of that network,allowing these systems to directly communicate.
NHRP is a client and server protocol where the hub is the Next Hop Server (NHS) and the spokes are the Next Hop Clients (NHCs). The hub maintains an NHRP database of the public interface addresses of each spoke. Each spoke registers its real address when it boots and queries the NHRP database for real addresses of the destination spokes to build direct tunnels.
Yet Another Next Generation (YANG) data-modeling language
Support for the YANG data-modeling language, which replaces the process of manual configuration with a programmatic and standards-based way of writing configurations to any network device. It supports the automation of configuration for multiple switches across the network using data models.
The FCC (USA) rule making on 5 GHz released on April 1, 2014 (FCC 14-30 Report and Order) goes into effect for products that are sold or shipped on or after June 2, 2016. Cisco APs and Cisco WLCs will comply with the new rules by supporting the new regulatory domain, –B, for the US and will create new AP SKUs that are certified under the new rules. Examples of new rules include new 5-GHz band channels permitted for indoor and outdoor use, and transmission (Tx) power level increased for indoor, outdoor, and point-to-point transmissions.
Cisco APs and Cisco WLCs that are in the –A domain category can continue to operate and even coexist with –B domain devices without any issues.
We recommend that you upgrade Cisco APs and Cisco WLCs to the appropriate software release that supports –B domain.
AP2800 802.11 ac Wave 2 and AP3800 802.11 ac Wave 2: Cisco Multi-Gig (mGig) Enabled Ethernet Ports
Enables the current network to carry a higher bandwidth using mGig enabled Ethernet Ports. Speeds that cap at 1Gbps can now go upto 2.5Gpbs and 5Gbps speeds. These speeds can be achieved on the existing CAT5e and above type of LAN cables.
Note Flexible Radio Assignment and 160 MH Channel width is not supported.
(IP Base and IP Services)
AVC Support on 802.11 ac Wave2 APs
Support for Application Visibility and Control (AVC) on the following Access Points (APs):
Cisco Aironet 1810w Series APs
Cisco Aironet 1830 Series APs
Cisco Aironet 1850 Series APs
Cisco Aironet 2800 Series APs
Cisco Aironet 3800 Series APs
You can now also capture AVC statistics for the last 48 hours. Use the show platform software fed switch active avc statistics byte-count-window hours 48 raw privilege EXEC command.
(IP Base and IP Services)
Cisco Hyperlocation Module with Integrated Bluetooth Low Energy (BLE) Radio
Enables transmission of BLE broadcast messages by using up to 5 BLE transmitters. The Cisco Wireless Controller (Cisco WLC) is used to configure the transmission parameters such as interval for the beacons, UUID, and transmission power, per beacon globally for all the access points. Also, the Cisco WLC can configure major, minor, and transmission power value of each access point, thus providing more beacon granularity. This feature works in conjunction with Cisco Hyperlocation Radio Module and the Cisco Hyperlocation feature.
Provides reporting of location performance via data packets RSSI through Local Mode radios through CPU cycle stealing when Cisco Hyperlocation radio module is not installed on an AP. This is available on the following APs:
Cisco Aironet 700 Series APs
Cisco Aironet 1700 Series APs
Cisco Aironet 2600 Series APs
Cisco Aironet 2700 Series APs
Cisco Aironet 3600 Series APs
Cisco Aironet 3700 Series APs
You can now configure Cisco Hyperlocation for an AP group. Previously, Cisco Hyperlocation configuration was applicable to all APs globally
Provide control over the data rates and power (TPC) values. These RF profiles allows you to optimize the RF settings for AP groups which operate in different environments or coverage zones. These profiles can be created for both radio bands - 2.4-GHz and 5-GHz.
Support for Remote-LAN. This feature is similar to Wireless LAN (WLAN). While WLAN is used for wireless connection, Remote-LAN is used for wired ports.
Configuring a Remote-LAN profile on the local Gigabit Ethernet ports enables the traffic from wired devices to connect to the WLAN controller.
Cisco 1810W T series APs come with three local Gigabit Ethernet ports, one uplink Gigabit Ethernet port and one passive pass-through RJ-45 port.
Web UI support for BLE Beacons and RF Profiles, Cisco Hyperlocation FastLocate
Features introduced and updated on the Web UI in this release:
BLE Beacons (IP Base and IP Services)
RF Profiles (IP Base and IP Services)
Cisco Hyperlocation Fast Locate (IP Base and IP Services)
Cisco Application Visibility for Wired Devices
Wired Alerts (LAN Base, IP Base, and IP Services)
Support for access points that have Ethernet ports to which the device can securely connect. (IP Base and IP Services)
Important Notes
Starting with Cisco IOS XE Denali 16.1.x, a DHCP client that includes option 61 (used by DHCP clients to specify their unique client identifier) in their DHCP discover/offer packet must accept the response message with option 61 from the DHCP server/relay. A client that fails to accept the response message with option 61, is not in compliance with RFC 6842 and requires a firmware upgrade.
In a Smart Install network when vstack is enabled, system log messages are generated every hour. The running configuration displays whether vstack is enabled or disabled. When running the command show vstack config, there are a few output differences compared to the older releases.
Starting with Cisco IOS XE Denali 16.3.x, Secure Shell (SSH) Version 1 is deprecated. Use SSH Version 2 instead.
Although visible in the CLI, the following commands are not supported:
– collect flow username
– authorize-lsc-ap (CSCui93659)
The Cisco Plug-In for OpenFlow (OpenFlow 1.0 and 1.3) feature is available in Cisco IOS XE Release 3.7.3E, and is not supported in Cisco IOS XE Denali 16.3.x:
The Cisco Discovery Protocol (CDP) Bypass feature is available in Cisco IOS XE Release 3.6.3, but is not supported in Cisco IOS XE Denali 16.3.x:
The following features are not supported in Cisco IOS XE Denali 16.3.x:
– 802.1x Configurable username and password for MAB
– AAA: TACACS over IPv6 Transport
– Auto QoS for Video endpoints
– Cisco Group Management Protocol (CGMP)
– Cisco TrustSec 802.1x
– Cisco TrustSec Critical Auth
– Cisco TrustSec for IPv6
– CNS Config Agent
– Command Switch Redundancy
– Device classifier for ASP
– DHCP snooping ASCII circuit ID
– DHCPv6 Relay Source Configuration
– DVMRP Tunneling
– Dynamic Access Ports
– EX SFP Support (GLC-EX-SMD)
– Fallback bridging for non-IP traffic
– Fast SSID support for guest access WLANs
– IEEE 802.1X-2010 with 802.1AE support
– Improvements in QoS policing rates
– Ingress Strict Priority Queuing (Expedite)
– Ingress/egress Shared Queues
– IP-in-IP (IPIP) Tunneling
– IPsec with FIPS
– IPSLA Media Operation
– IPv6 IKEv2 / IPSecv3
– IPv6 Ready Logo phase II - Host
– IPv6 Static Route support on LAN Base images
– IPv6 Strict Host Mode Support
– Layer 2 Tunneling Protocol Enhancements
– Link-State Tracking
– Mesh, FlexConnect, and OfficeExtend access point deployment
– Medianet
– MSE 8.x is not supported with Cisco IOS XE Denali 16.x.x.
– Packet Based Storm Control
– Passive Monitoring
– Per VLAN Policy & Per Port Policer
– Performance Monitor (Phase 1)
– Port Security on EtherChannel
– Pragmatic General Multicast (PGM)
– Protocol Storm Protection
– RFC 4292 IP-FORWARD-MIB (IPv6 only)
– RFC 4293 IP-MIB (IPv6 only)
– RFC4292/RFC4293 MIBs for IPv6 traffic
– RFC5460 DHCPv6 Bulk Leasequery
– Trust Boundary Configuration
– UniDirectional Link Routing (UDLR)
– VACL Logging of access denied
– Weighted Random Early Detect (WRED)
– Wireless Guest Anchor Controller (Cisco Catalyst 3850 Series Switches can be configured as a foreign controller.)
– WIPs is not supported with Cisco IOS XE Denali 16.x.x since the CMX WIPs solution is not available
Supported Hardware
Catalyst 3850 Switch Models
Table 1 Catalyst 3850 Switch Models
Switch Model
Cisco IOS Image
Description
WS-C3850-24T-L
LAN Base
Cisco Catalyst 3850 Stackable 24 10/100/1000 Ethernet ports, with 350-WAC power supply 1 RU, LAN Base feature set (StackPower cables must be purchased separately)
WS-C3850-48T-L
LAN Base
Cisco Catalyst 3850 Stackable 48 10/100/1000 Ethernet ports, with 350-WAC power supply 1 RU, LAN Base feature set (StackPower cables must be purchased separately)
WS-C3850-24P-L
LAN Base
Cisco Catalyst 3850 Stackable 24 10/100/1000 Ethernet PoE+ ports, with 715-WAC power supply 1 RU, LAN Base feature set (StackPower cables must be purchased separately)
WS-C3850-48P-L
LAN Base
Cisco Catalyst 3850 Stackable 48 10/100/1000 Ethernet PoE+ ports, with 715-WAC power supply 1 RU, LAN Base feature set (StackPower cables must be purchased separately)
WS-C3850-48F-L
LAN Base
Cisco Catalyst 3850 Stackable 48 10/100/1000 Ethernet PoE+ ports, with 1100-WAC power supply 1 RU, LAN Base feature set (StackPower cables must be purchased separately)
WS-C3850-24U-L
LAN Base
Stackable 24 10/100/1000 Cisco UPOE3 ports, 1 network module slot, 1100 W power supply
WS-C3850-48U-L
LAN Base
Stackable 48 10/100/1000 Cisco UPOE ports, 1 network module slot, 1100 W power supply
WS-C3850-12X48U-L
LAN Base
Stackable 12 100M/1G/2.5G/5G/10G and 36 1G UPoE ports, 1 network module slot, 1100 W power supply
WS-C3850-24XU-L
LAN Base
Stackable 24 100M/1G/2.5G/5G/10G UPoE ports, 1 network module slot, 1100 W AC power supply 1RU
WS-C3850-24T-S
IP Base
Cisco Catalyst 3850 Stackable 24 10/100/1000 Ethernet ports, with 350-WAC power supply 1 RU, IP Base feature set
WS-C3850-48T-S
IP Base
Cisco Catalyst 3850 Stackable 48 10/100/1000 Ethernet ports, with 350-WAC power supply 1 RU, IP Base feature set
WS-C3850-24P-S
IP Base
Cisco Catalyst 3850 Stackable 24 10/100/1000 Ethernet PoE+ ports, with 715-WAC power supply 1 RU, IP Base feature set
WS-C3850-48P-S
IP Base
Cisco Catalyst 3850 Stackable 48 10/100/1000 Ethernet PoE+ ports, with 715-WAC power supply 1 RU, IP Base feature set
WS-C3850-48F-S
IP Base
Cisco Catalyst 3850 Stackable 48 10/100/1000 Ethernet PoE+ ports, with 1100-WAC power supply, 1 RU.
WS-C3850-24U-S
IP Base
Stackable 24 10/100/1000 Cisco UPOE ports, 1 network module slot, 1100 W power supply
WS-C3850-48U-S
IP Base
Stackable 48 10/100/1000 Cisco UPOE ports, 1 network module slot, 1100 W power supply
WS-C3850-48W-S
IP Base
Cisco Catalyst 3850 48-port PoE IP Base with 5-access point license
WS-C3850-24PW-S
IP Base
Cisco Catalyst 3850 24-port PoE IP Base with 5-access point license
WS-C3850-48PW-S
IP Base
Cisco Catalyst 3850 48-port PoE IP Base with 5-access point license
WS-C3850-24UW-S
IP Base
Cisco Catalyst 3850 24-port UPOE IP Base with 5-access point license
WS-C3850-48UW-S
IP Base
Cisco Catalyst 3850 48-port UPOE IP Base with 5-access point license
Catalyst 3850 12-port SFP+ transceiver, 1 network module slot, support for up to 10 G SFP+, 350 W power supply
WS-C3850-16XS-S
IP Base
Catalyst 3850 16-port SFP+ transceiver, 1 network module slot, support for up to 10 G SFP+, 350 W power supply.
16 ports are available when the C3850-NM-4-10G network module is plugged into the WS-C3850-12XS-S switch.
WS-C3850-24XS-S
IP Base
Catalyst 3850 24-port SFP+ transceiver, 1 network module slot, support for up to 10 G SFP+, 715 W power supply.
WS-C3850-32XS-S
IP Base
Catalyst 3850 32-port SFP+ transceiver, 1 network module slot, support for up to 10 G SFP+, 715 W power supply.
32 ports are available when the C3850-NM-8-10G network module is plugged into the WS-C3850-24XS-S switch.
WS-C3850-48XS-S
IP Base
Standalone Cisco Catalyst 3850 Switch, that supports SFP+ transceivers, 48 ports that support up to 10G, and 4 QSFP ports that support up to 40G, and 750WAC front-to-back power supply. 1 RU.
WS-C3850-48XS-F-S
IP Base
Standalone Cisco Catalyst 3850 Switch that supports SFP+ transceivers, 48 ports that support up to 10G, and 4 QSFP ports that support up to 40G, and 750WAC back-to-front power supply. 1 RU.
WS-C3850-12X48U-S
IP Base
Stackable 12 100M/1G/2.5G/5G/10G and 36 1 G UPoE ports, 1 network module slot, 1100 W power supply
WS-C3850-12X48UW-S
IP Base
Stackable 12 100M/1G/2.5G/5G/10G and 36 1 G UPoE ports, 1 network module slot, 1100 W power supply
WS-C3850-24XU-S
IP Base
Stackable 24 100M/1G/2.5G/5G/10G UPoE ports, 1 network module slot, 1100 W AC power supply 1RU
Catalyst 3850 12-port SFP+ transceiver, 1 network module slot, support for up to 10 G SFP+, 350 -W power supply
WS-C3850-16XS-E
IP Services
Catalyst 3850 16-port SFP+ transceiver, 1 network module slot, support for up to 10 G SFP+, 350 W power supply
16 ports are available when the C3850-NM-4-10G network module is plugged into the WS-C3850-12XS-E switch.
WS-C3850-24XS-E
IP Services
Catalyst 3850 24-port SFP+ transceiver, 1 network module slot, support for up to 10 G SFP+, 715 W power supply
WS-C3850-32XS-E
IP Services
Catalyst 3850 32-port SFP+ transceiver, 1 network module slot, support for up to 10 G SFP+, 715 W power supply
32 ports are available when the C3850-NM-8-10G network module is plugged into the WS-C3850-24XS-E switch
WS-C3850-12X48U-E
IP Services
Stackable 12 100M/1G/2.5G/5G/10G and 36 1 G UPoE ports, 1 network module slot, 1100 W power supply
WS-C3850-24XU-E
IP Services
Stackable 24 100M/1G/2.5G/5G/10G UPoE ports, 1 network module slot, 1100 W AC power supply 1RU
WS-C3850-48XS-E
IP Services
Standalone Cisco Catalyst 3850 Switch that supports SFP+ transceivers, 48 ports that support up to 10G, and 4 QSFP ports that support up to 40G, and 750 WAC front-to-back power supply. 1 RU.
WS-C3850-48XS-F-E
IP Services
Standalone Cisco Catalyst 3850 Switch that supports SFP+ transceivers, 48 ports that support up to 10G, and 4 QSFP ports that support up to 40G, and 750WAC back-to-front power supply. 1 RU.
Network Modules
Table 2 lists the three optional uplink network modules with 1-Gigabit and 10-Gigabit slots. You should only operate the switch with either a network module or a blank module installed.
Table 2 Supported Network Modules
Network Module
Description
C3850-NM-4-1G
This module has four 1 G SFP module slots. Any combination of standard SFP modules are supported. SFP+ modules are not supported.
If you insert an SFP+ module in the 1G network module, the SFP+ module does not operate, and the switch logs an error message.
Note This is supported on the following switch models:
– WS-C3850-24T/P/U
– WS-C3850-48T/F/P/U
– WS-C3850-12X48U
– WS-C3850-24XU
– WS-C3850-12S
– WS-C3850-24S
C3850-NM-2-10G
This module has four slots:
Two slots (left side) support only 1 G SFP modules and two slots (right side) support either 1 G SFP or 10 G SFP modules.
Note This is supported on the following switch models:
– WS-C3850-24T/P/U
– WS-C3850-48T/F/P/U
– WS-C3850-12X48U
– WS-C3850-24XU
– WS-C3850-12S
– WS-C3850-24S
C3850-NM-4-10G
This module has four 10 G slots or four 1 G slots.
Note This is supported on the following switch models:
– WS-C3850-48T/F/P/U
– WS-C3850-12X48U
– WS-C3850-24XU
– WS-C3850-12XS
– WS-C3850-24XS
C3850-NM-8-10G
This module has eight 10 G slots with an SFP+ port in each slot. Each port supports a 1 G or 10 G connection
Note This is supported on the following switch models:
– WS-C3850-12X48U
– WS-C3850-24XU
– WS-C3850-24XS
C3850-NM-2-40G
This module has two 40 G slots with a QSFP+ connector in each slot.
Note This is supported on the following switch models:
– WS-C3850-12X48U
– WS-C3850-24XU
– WS-C3850-24XS
Optics Modules
Catalyst switches support a wide range of optics. Because the list of supported optics is updated on a regular basis, consult the tables at this URL for the latest (SFP) compatibility information:
4.Cisco 5700 (with Cisco IOS XE Release 03.06.03E/Cisco IOS XE Release 03.07.02E) inter-operates as a Peer MC with Catalyst 3850 running Cisco IOS XE Denali 16.1.1.
5.The Cisco IOS XE Denali 16.2.1 features are not available with 3.0.2, but 3.0.2 is compatible with Cisco IOS XE Denali 16.2.1.
6.Because of SHA-2 certificate implementation, MSE 7.6 is not compatible with Cisco IOS XE Release 3.6E and later. Therefore, we recommend that you upgrade to MSE 8.0.
7.If MSE is deployed on your network, we recommend that you upgrade to Cisco Prime Infrastructure 2.1.2.
8.Cisco WLC Release 7.6 is not compatible with Cisco Prime Infrastructure 2.0.
9.Prime Infrastructure 2.0 enables you to manage Cisco WLC 7.5.102.0 with the features of Cisco WLC 7.4.110.0 and earlier releases. Prime Infrastructure 2.0 does not support any features of Cisco WLC 7.5.102.0 including the new AP platforms.
For more information on the compatibility of wireless software components across releases, see the Cisco Wireless Solutions
– Microsoft Internet Explorer—Versions 10 and later (On Windows)
– Mozilla Firefox—Version 33 and later (On Windows and Mac)
– Safari—Version 10 and later (On Mac)
Finding the Software Version and Feature Set
Table 7 shows the mapping of the Cisco IOS XE version number and the Cisco IOS version number.
Table 7 Cisco IOS XE to Cisco IOS Version Number Mapping
Cisco IOS XE Version
Cisco IOSd Version
Cisco Wireless Control Module Version
Access Point Version
Denali 16.3.9
Not applicable
Denali 16.3.9
15.3(3)JPC11
Denali 16.3.8
Not applicable
Denali 16.3.8
15.3(3)JPC10
Denali 16.3.7
Not applicable
Denali 16.3.7
15.3(3)JPC9
Denali 16.3.6
Not applicable
Denali 16.3.6
15.3(3)JPC7
Denali 16.3.5b
Not applicable
Denali 16.3.5b
15.3(3)JPC6
Denal 16.3.5
Not applicable
Denali 16.3.5
15.3(3)JPC5
Denali 16.3.3
Not applicable
Denali 16.3.3
15.3(3)JPC3
Denali 16.3.2
Not applicable
Denali 16.3.2
15.3(3)JPC2
Denali 16.3.1
Not applicable
Denali 16.3.1
15.3(3)JPC
Denali 16.2.2
Not applicable
Denali 16.2.2
15.3(3)JPB1
Denali 16.2.1
Not applicable
Denali 16.2.1
15.3(3)JPB
Denali 16.1.3
Not applicable
Denali 16.1.3
15.3(3)JNP2
Denali 16.1.2
Not applicable
Denali 16.1.2
15.3(3)JNP1
Denali 16.1.1
Not applicable
Denali 16.1.1
15.3(3)JNP
03.07.03E
15.2(3)E3
10.3.130.0
15.3(3)JNB3
03.07.02E
15.2(3)E2
10.3.100.0
15.3(3)JNB1
03.07.01E
15.2(3)E1
10.3.100.0
15.3(3)JNB1
03.07.00E
15.2(3)E
10.3.100.0
15.3(3)JNB
03.06.04E
15.2(2)E4
10.2.140.0
15.3(3)JN8
03.06.03E
15.2(2)E3
10.2.131.0
15.3(3)JN7
03.06.02aE
15.2(2)E2
10.2.120.0
15.3(3)JN4
03.06.01E
15.2(2)E1
10.2.111.0
15.3(3)JN3
03.06.00E
15.2(2)E
10.2.102.0
15.3(3)JN
03.03.05SE
15.0(1)EZ5
10.1.150.0
15.2(4)JB7
03.03.04SE
15.0(1)EZ4
10.1.140.0
15.2(4)JB6
03.03.03SE
15.0(1)EZ3
10.1.130.0
15.2(4)JB5h
03.03.02SE
15.0(1)EZ2
10.1.121.0
15.2(4)JB5
03.03.01SE
15.0(1)EZ1
10.1.110.0
15.2(4)JB2
03.03.00SE
15.0(1)EZ
10.1.100.0
15.2(4)JN
The package files for the Cisco IOS XE software are stored on the system board flash device (flash:).
You can use the show version privileged EXEC command to see the software version that is running on your switch.
Note Although the show version output always shows the software image running on the switch, the model name shown at the end of this display is the factory configuration and does not change if you upgrade the software license.
You can also use the dir filesystem : privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.
Note You cannot use the Web UI to install, upgrade to, or downgrade from Cisco IOS XE Denali 16.1.x, 16.2.x or 16.3.x.
Table 8 Software Images
Release
Image
File Name
Cisco IOS XE Denali 16.3.9
Universal
cat3k_caa-universalk9.16.03.09.SPA.bin
Universal without DTLS
cat3k_caa-universalk9ldpe.16.03.09.SPA.bin
Cisco IOS XE Denali 16.3.8
Universal
cat3k_caa-universalk9.16.03.08.SPA.bin
Universal without DTLS
cat3k_caa-universalk9ldpe.16.03.08.SPA.bin
Cisco IOS XE Denali 16.3.7
Universal
cat3k_caa-universalk9.16.03.07.SPA.bin
Universal without DTLS
cat3k_caa-universalk9ldpe.16.03.07.SPA.bin
Cisco IOS XE Denali 16.3.6
Universal
cat3k_caa-universalk9.16.03.06.SPA.bin
Universal without DTLS
cat3k_caa-universalk9ldpe.16.03.06.SPA.bin
Cisco IOS XE Denali 16.3.5b
Universal
cat3k_caa-universalk9.16.03.05b.SPA.bin
Universal without DTLS
cat3k_caa-universalk9ldpe.16.03.05b.SPA.bin
Cisco IOS XE Denali 16.3.5
Universal
cat3k_caa-universalk9.16.03.05.SPA.bin
Universal without DTLS
cat3k_caa-universalk9ldpe.16.03.05.SPA.bin
Cisco IOS XE Denali 16.3.3
Universal
cat3k_caa-universalk9.16.03.03.SPA.bin
Universal without DTLS
cat3k_caa-universalk9ldpe.16.03.03.SPA.bin
Cisco IOS XE Denali 16.3.2
Universal
cat3k_caa-universalk9.16.03.02.SPA.bin
Universal without DTLS
cat3k_caa-universalk9ldpe.16.03.02.SPA.bin
Cisco IOS XE Denali 16.3.1a
Universal
cat3k_caa-universalk9.16.03.01a.SPA.bin
Universal without DTLS
cat3k_caa-universalk9ldpe.16.03.01a.SPA.bin
Cisco IOS XE Denali 16.3.1
Universal
cat3k_caa-universalk9.16.03.01.SPA.bin
Universal without DTLS
cat3k_caa-universalk9ldpe.16.03.01.SPA.bin
Table 9 Changes in Software Installation CLI Commands
Cisco IOS XE 3.xE
Switch#software ?
auto-upgrade
Initiate auto upgrade for switches running incompatible software
clean
Clean unused package files from local media
commit
Commit the provisioned software and cancel the automatic rollback timer
expand
Expand a software bundle to local storage, default location is where the bundle currently resides
install
Install software
rollback
Rollback the committed software
Cisco IOS XE Denali 16.x Commands
Switch#request platform software package ?
clean
Clean unnecessary package files from media
copy
Copy package to media
describe
Describe package content
expand
Expand all-in-one package to media
install
Package installation
uninstall
Package uninstall
verify
Verify ISSU software package compatibility
Automatic Boot Loader Upgrade
When you upgrade from any prior IOS 3.xE release to an IOS XE 16.x.x release for the first time, the boot loader may be automatically upgraded, based on the hardware version of the switch. If the boot loader is automatically upgraded, it will take effect on the next reload. If you go back to an IOS 3.xE release, your boot loader will not be downgraded. The updated boot loader supports all previous IOS 3.xE releases.
For subsequent IOS XE 16.x.x releases, if there is a new bootloader in that release, it may be automatically upgraded based on the hardware version of the switch when you boot up your switch with the new image for the first time.
Caution
Do not power cycle your switch during the upgrade.
Scenario
Automatic Boot Loader Response
If you boot Cisco IOS XE Denali 16.3.5 or Cisco IOS XE Denali 16.3.5b or Cisco IOS XE Denali 16.3.6 or Cisco IOS XE Denali 16.3.7 or Cisco IOS XE Denali 16.3.7 or Cisco IOS XE Denali 16.3.8 or Cisco IOS XE Denali 16.3.9 for the first time
The boot loader may be upgraded to version 4.68. For example:
BOOTLDR:CAT3K_CAA Boot Loader (CAT3K_CAA-HBOOT-M) Version 4.68, RELEASE SOFTWARE (P)
During the automatic boot loader upgrade, while booting Cisco IOS XE Denali 16.3.5, you will see the following on the console:
%IOSXEBOOT-Wed-###: (rp/0): Sep 27 20:53:16 Universal 2017 PLEASE DO NOT POWER CYCLE ### BOOT LOADER UPGRADING
During an IOS image upgrade or downgrade on a PoE or UPoE switch, the microcode is updated to reflect applicable feature enhancements and bug fixes. Do not restart the switch during the upgrade or downgrade process. With the Cisco IOS XE Denali 16.x.x release, it takes approximately an additional 4 minutes to complete the microcode upgrade in addition to the normal reload time. The microcode update occurs only during an image upgrade or downgrade on PoE or UPoE switches. It does not occur during switch reloads or on non-PoE switches.
The following console messages are displayed during microcode upgrade:
Front-end Microcode IMG MGR: found 4 microcode images for 1 device.
Image for front-end 0: /tmp/microcode_update/front_end/fe_type_6_0
Image for front-end 0: /tmp/microcode_update/front_end/fe_type_6_1
Image for front-end 0: /tmp/microcode_update/front_end/fe_type_6_2
Image for front-end 0: /tmp/microcode_update/front_end/fe_type_6_3
Front-end Microcode IMG MGR: Preparing to program device microcode...
Front-end Microcode IMG MGR: Preparing to program device[0]...594412 bytes....
Skipped[0].
Front-end Microcode IMG MGR: Preparing to program device[0]...381758 bytes.
Loading cat3k_caa-universalk9.16.03.05.SPA.bin from 5.28.11.250 (via GigabitEthernet0/0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!O!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 489159804 bytes]
489159804 bytes copied in 143.802 secs (3401620 bytes/sec)
Switch#
Step 3 Use the dir flash command to confirm that the image has been successfully copied to flash.
Switch#dir flash:*.bin
Directory of flash:/*.bin
14 -rw- 489159804 Aug 1 2016 20:50:59 +00:00 cat3k_caa-universalk9.16.03.05.SPA.bin
1621966848 bytes total (827838464 bytes free)
Switch#
Software Install Image to Flash
Step 4 Use the software install command with the ‘new’ and ‘force’ options to expand the target image to flash. You can point to the source image on your TFTP server or in flash if you have it copied to flash.
Note When you upgrade to Cisco IOS XE Denali 16.3.5 the SSH access is lost, because it cannot use the CISCO_IDEVID_SUDI_LEGACY RSA server key. Before upgrade, generate the server key using the crypto key generate rsa command in global configuration mode. To verify whether the RSA server key is available on your device, run the show crypto key command.
Switch# software install file flash:cat3k_caa-universalk9.16.03.05.SPA.bin new force
Preparing install operation...
[1]: Copying software from active switch 1 to switches 2,3,4
[1 2 3 4]: Finished installing software. New software will load on reboot.
[1 2 3 4]: Committing provisioning file
[1 2 3 4]: Do you want to proceed with reload? [yes/no]: yes
[1 2 3 4]: Reloading
Switch#
Note Old files listed in the logs should be removed using the request platform software package clean switch all command, after reload
Reload
Step 5 If you said ‘Yes’ to the prompt in software install and your switches are configured with auto boot, the stack will automatically boot up with the new image. If not, you can manually boot flash:packages.conf
switch: boot flash:packages.conf
Note When you boot the new image, it will automatically update the boot loader.
Step 6 When the new image boots up, you can verify the version of the new image, by checking show version
Step 7 After you have successfully installed the image, you no longer need the.bin image and the file can be deleted from flash of each switch if it was copied to flash.
Upgrading from Cisco IOS XE 3.xE to Cisco IOS XE Denali 16.1.x, 16.2.x, or 16.3.x in Bundle Mode
Warning You cannot boot Cisco IOS XE Denali 16.1.1 via TFTP for the first time with a Cisco IOS XE 3.xE boot loader. The Cisco IOS XE 3.xE boot loaders have a limitation that they cannot boot an image larger than 400MB via the TFTP server. Since Cisco IOS XE Denali 16.1.x is larger than 400MB, you must boot the image via flash drive. Refer to the upgrade sections in install mode.
Warning Starting from 16.3.5 release, you will not be able to boot Cisco IOS XE Denali 16.3.5 in bundle mode via flash drive for the first time with a Cisco IOS XE 3.xE boot loader. The Cisco IOS XE 3.xE boot loaders have a limitation that they cannot boot an image larger than 512MB via flash. Refer to the upgrade sections in install mode.
Upgrading from Cisco IOS XE Denali 16.1.1 to 16.1.x, 16.2.x, or 16.3.x in Install Mode
Follow these instructions to upgrade from Cisco IOS XE Denali 16.1.1 to Cisco IOS XE Denali 16.1.x, 16.2.x, or 16.3.x in install mode. In order to do a software image upgrade, you must be booted into IOS using the boot flash:packages.conf.
Clean Up
Step 1 Ensure you have enough space in flash to expand a new image by cleaning up old installation files.
Note Use the switch all option to clean up all switches in your stack.
Switch#request platform software package clean switch all file flash:
Running command on switch 1
Cleaning up unnecessary package files
Scanning boot directory for packages... done.
Preparing packages list to delete...
cat3k_caa-rpbase.16.01.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-srdriver.16.01.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-wcm.16.01.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-webui.16.01.01.SPA.pkg
File is in use, will not delete.
packages.conf
File is in use, will not delete.
done.
SUCCESS: No extra package or provisioning files found on media. Nothing to clean.
Running command on switch 2
Cleaning up unnecessary package files
Scanning boot directory for packages... done.
Preparing packages list to delete...
cat3k_caa-rpbase.16.01.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-srdriver.16.01.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-wcm.16.01.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-webui.16.01.01.SPA.pkg
File is in use, will not delete.
packages.conf
File is in use, will not delete.
done.
SUCCESS: No extra package or provisioning files found on media. Nothing to clean.
Running command on switch 3
Cleaning up unnecessary package files
Scanning boot directory for packages... done.
Preparing packages list to delete...
cat3k_caa-rpbase.16.01.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-srdriver.16.01.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-wcm.16.01.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-webui.16.01.01.SPA.pkg
File is in use, will not delete.
packages.conf
File is in use, will not delete.
done.
SUCCESS: No extra package or provisioning files found on media. Nothing to clean.
Running command on switch 4
Cleaning up unnecessary package files
Scanning boot directory for packages... done.
Preparing packages list to delete...
packages.conf
File is in use, will not delete.
cat3k_caa-rpbase.16.01.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-srdriver.16.01.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-wcm.16.01.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-webui.16.01.01.SPA.pkg
File is in use, will not delete.
done.
SUCCESS: No extra package or provisioning files found on media. Nothing to clean.
Copy New Image to Stack
Step 2 Copy the new image to flash: (or skip this step if you want to use the new image from your TFTP server).
489159804 bytes copied in 143.802 secs (3401620 bytes/sec)
Switch#
Step 3 Use the dir flash command to confirm that the image has been successfully copied to flash.
Switch# dir flash:*.bin
Directory of flash:/*.bin
Directory of flash:/
7759 -rw- 489159804 Aug 1 2016 04:35:43 +00:00 cat3k_caa-universalk9.16.03.05.SPA.bin
1621966848 bytes total (598597632 bytes free)
Switch#
Software Install Image to Flash
Step 4 Use the request platform software package install switch all file flash: new auto-copy command to install the target image to flash. We recommend copying the image to a TFTP server or the flash drive of the active switch.
If you point to an image on the flash or USB drive of a member switch (instead of the active), you must specify the exact flash or USB drive - otherwise installation fails. For example, if the image is on the flash drive of member switch 3:
request platform software package install switch all file flash-3:cat3k_caa-universalk9.16.03.05.SPA.bin new auto-copy
[3]: Copying flash-3: cat3k_caa-universalk9.16.03.05.SPA.bin from switch 3 to switch 1 2 4
<output truncated>
Note Use the switch all option to upgrade all switches in your stack Use the new option to upgrade from Cisco IOS XE Denali 16.1.1 to Cisco IOS XE Denali 16.1.x, 16.2.x, or 16.3.x. (There are packaging changes in Cisco IOS XE Denali 16.1.2 and later releases.) Use the auto-copy option to copy the.bin image from flash: to all other switches in your stack
Note When you execute the command, the following message is displayed: Unknown package type 21 This is expected and does not affectthe upgrade. See CSCux82059
Switch# request platform software package install switch all file flash:cat3k_caa-universalk9.16.03.05.SPA.bin new auto-copy
SUCCESS: Software provisioned. New software will load on reboot.
[1]: Finished install successful on switch 1
[2]: install package(s) on switch 2
--- Starting list of software package changes ---
Old files list:
Removed cat3k_caa-rpbase.16.01.01E.SPA.pkg
Removed cat3k_caa-srdriver.16.01.01E.SPA.pkg
Removed cat3k_caa-wcm.16.01.01E.SPA.pkg
Removed cat3k_caa-webui.16.01.01E.SPA.pkg
New files list:
Added cat3k_caa-guestshell.16.03.05.prd1.SPA.pkg
Added cat3k_caa-rpbase.16.03.05.prd1.SPA.pkg
Added cat3k_caa-rpcore.16.03.05.prd1.SPA.pkg
Added cat3k_caa-srdriver.16.03.05.prd1.SPA.pkg
Added cat3k_caa-wcm.16.03.05.prd1.SPA.pkg
Added cat3k_caa-webui.16.03.05.prd1.SPA.pkg
Finished list of software package changes
SUCCESS: Software provisioned. New software will load on reboot.
[2]: Finished install successful on switch 2
[3]: install package(s) on switch 3
--- Starting list of software package changes ---
Old files list:
Removed cat3k_caa-rpbase.16.01.01E.SPA.pkg
Removed cat3k_caa-srdriver.16.01.01E.SPA.pkg
Removed cat3k_caa-wcm.16.01.01E.SPA.pkg
Removed cat3k_caa-webui.16.01.01E.SPA.pkg
New files list:
Added cat3k_caa-guestshell.16.03.05.prd1.SPA.pkg
Added cat3k_caa-rpbase.16.03.05.prd1.SPA.pkg
Added cat3k_caa-rpcore.16.03.05.prd1.SPA.pkg
Added cat3k_caa-srdriver.16.03.05.prd1.SPA.pkg
Added cat3k_caa-wcm.16.03.05.prd1.SPA.pkg
Added cat3k_caa-webui.16.03.05.prd1.SPA.pkg
Finished list of software package changes
SUCCESS: Software provisioned. New software will load on reboot.
[3]: Finished install successful on switch 3
[4]: install package(s) on switch 4
--- Starting list of software package changes ---
Old files list:
Removed cat3k_caa-rpbase.16.01.01E.SPA.pkg
Removed cat3k_caa-srdriver.16.01.01E.SPA.pkg
Removed cat3k_caa-wcm.16.01.01E.SPA.pkg
Removed cat3k_caa-webui.16.01.01E.SPA.pkg
New files list:
Added cat3k_caa-guestshell.16.03.05.prd1.SPA.pkg
Added cat3k_caa-rpbase.16.03.05.prd1.SPA.pkg
Added cat3k_caa-rpcore.16.03.05.prd1.SPA.pkg
Added cat3k_caa-srdriver.16.03.05.prd1.SPA.pkg
Added cat3k_caa-wcm.16.03.05.prd1.SPA.pkg
Added cat3k_caa-webui.16.03.05.prd1.SPA.pkg
Finished list of software package changes
SUCCESS: Software provisioned. New software will load on reboot.
[4]: Finished install successful on switch 4
Checking status of install on [1 2 3 4]
[1 2 3 4]: Finished install in switch 1 2 3 4
SUCCESS: Finished install: Success on [1 2 3 4]
Switch#
Note Old files listed in the logs will not be removed from flash.
Step 5 After you have successfully installed the software, verify that the flash partition has six new.pkg files and one updated packages.conf file. See sample output below:
30994 -rw- 4676 Aug 1 2016 04:42:26 -07:00 packages.conf
30995 -rw- 4667 Aug 1 2016 04:41:40 -07:00 cat3k_caa-universalk9.16.03.05.SPA.conf
1621966848 bytes total (132620288 bytes free)
Switch#
Step 6 After you have successfully installed the image, you no longer need the.bin image. If you copied the file to flash, you can delete it from the flash of each switch.
Step 8 If the switch is configured with auto boot, then the stack automatically boots up with the new image. If not, you can manually boot flash:packages.conf
switch:boot flash:packages.conf
Step 9 When the new image boots up, you can verify the version of the new image, by using the show version command:
Upgrading from Cisco IOS XE Denali 16.3.x to Cisco IOS XE 16.x in Install Mode
Follow these instructions to upgrade from Cisco IOS XE Denali 16.3.x to a future IOS XE 16.x release in Install mode. In order to do a software image upgrade, you must be booted into IOS via “boot flash:packages.conf.”
Clean Up
Step 1 Ensure you have enough space in flash to expand a new image by cleaning up old installation files.
Note Use the switch all option to clean up all switches in your stack.
Switch# request platform software package clean switch all file flash:
Running command on switch 1
Cleaning up unnecessary package files
Scanning boot directory for packages... done.
Preparing packages list to delete...
packages.conf
File is in use, will not delete.
cat3k_caa-rpbase.16.03.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-rpcore.16.03.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-srdriver.16.03.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-wcm.16.03.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-webui.16.03.01.SPA.pkg
File is in use, will not delete.
done.
SUCCESS: No extra package or provisioning files found on media. Nothing to clean.
Running command on switch 2
Cleaning up unnecessary package files
Scanning boot directory for packages... done.
Preparing packages list to delete...
packages.conf
File is in use, will not delete.
cat3k_caa-rpbase.16.03.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-rpcore.16.03.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-srdriver.16.03.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-wcm.16.03.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-webui.16.03.01.SPA.pkg
File is in use, will not delete.
done.
SUCCESS: No extra package or provisioning files found on media. Nothing to clean.
Running command on switch 3
Cleaning up unnecessary package files
Scanning boot directory for packages... done.
Preparing packages list to delete...
packages.conf
File is in use, will not delete.
cat3k_caa-rpbase.16.03.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-rpcore.16.03.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-srdriver.16.03.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-wcm.16.03.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-webui.16.03.01.SPA.pkg
File is in use, will not delete.
done.
SUCCESS: No extra package or provisioning files found on media. Nothing to clean.
Running command on switch 4
Cleaning up unnecessary package files
Scanning boot directory for packages... done.
Preparing packages list to delete...
packages.conf
File is in use, will not delete.
cat3k_caa-rpbase.16.03.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-rpcore.16.03.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-srdriver.16.03.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-wcm.16.03.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-webui.16.03.01.SPA.pkg
File is in use, will not delete.
done.
SUCCESS: No extra package or provisioning files found on media. Nothing to clean.
Switch#
Copy New Image to Stack
Step 2 Copy the new image to flash: (or skip this step if you want to use the new image from your TFTP server)
465466221 bytes copied in 118.175 secs (3938788 bytes/sec)
Switch#
Step 3 Use the dir flash command to confirm that the image has been successfully copied to flash.
Switch# dir flash:*.bin
Directory of flash:/*.bin
Directory of flash:/
7759 -rw- 465466221 Aug 1 2016 04:35:43 +00:00 cat3k_caa-universalk9.16.05.01a.SPA.bin
1621966848 bytes total (598597632 bytes free)
Switch#
Software Install Image to Flash
Step 4 Use the request platform software package install switch all file flash: auto-copy command to install the target image to flash. We recommend copying the image to a TFTP server or the flash drive of the active switch.
If you point to an image on the flash or USB drive of a member switch (instead of the active), you must specify the exact flash or USB drive. For example, if the image is on the flash drive of member switch 3:
request platform software package install switch all file flash-3:cat3k_caa-universalk9.16.03.05.SPA.bin new auto-copy
[3]: Copying flash-3: cat3k_caa-universalk9.16.03.05.SPA.bin from switch 3 to switch 1 2 4
<output truncated>
Note Use the switch all option to upgrade all switches in your stack Use the auto-copy option to copy the.bin image from flash: to all other switches in your stack
SUCCESS: Software provisioned. New software will load on reboot.
[4]: Finished install successful on switch 4
Checking status of install on [1 2 3 4]
[1 2 3 4]: Finished install in switch 1 2 3 4
SUCCESS: Finished install: Success on [1 2 3 4]
Switch#
Note Old files listed in the logs will not be removed from flash.
Step 5 After the software has been successfully installed, verify that the flash partition has five new.pkg files and 1 updated packages.conf file. See sample output below.
7766 -rw- 5137 Aug 1 2016 06:10:39 +00:00 cat3k_caa-universalk9.16.05.01a.SPA.conf
7769 -rw- 5125 Aug 1 2016 06:11:19 +00:00 packages.conf
1621966848 bytes total (137928704 bytes free)
Switch#
Step 6 After you have successfully installed the image, you do not need the.bin image and the file can be deleted from the flash of EACH switch if you had it copied to flash.
Step 8 If your switches are configured with auto boot, then the stack will automatically boot up with the new image. If not, you can manually boot flash:packages.conf
switch: boot flash:packages.conf
Note When you boot the new image, it will automatically update the boot loader.
Step 9 When the new image boots up, you can verify the version of the new image, using the show version command:
311154824 bytes copied in 68.781 secs (4523849 bytes/sec)
Switch#
Step 3 Use the dir flash command to confirm that the image has been successfully copied to flash.
Switch# dir flash:*.bin
Directory of flash:/*.bin
Directory of flash:/
47718 -rw- 311154824 Nov 25 2015 18:17:21 +00:00
cat3k_caa-universalk9.SPA.03.07.02.E.152-3.E2.bin
3458338816 bytes total (2468995072 bytes free)
Switch#
Downgrade Software Image
Step 4 Use the request platform software package install command with the new option to downgrade your stack. You can point to the source image on your tftp server or in flash if you have it copied to flash.
Note Use the switch all option is needed to upgrade all switches in your stack. Use the auto-copy option to copy the.bin image from flash: to all other switches in your stack.
Switch# request platform software package install switch all file flash:cat3k_caa-
universalk9.SPA.03.07.02.E.152-3.E2.bin new auto-copy
SUCCESS: Software provisioned. New software will load on reboot.
[1]: Finished install successful on switch 1
[2]: install package(s) on switch 2
--- Starting list of software package changes ---
Old files list:
Removed cat3k_caa-rpbase.16.03.01.SPA.pkg
Removed cat3k_caa-rpcore.16.03.01.SPA.pkg
Removed cat3k_caa-srdriver.16.03.01.SPA.pkg
Removed cat3k_caa-wcm.16.03.01.SPA.pkg
Removed cat3k_caa-webui.16.03.01.SPA.pkg
New files list:
Added cat3k_caa-base.SPA.03.07.02E.pkg
Added cat3k_caa-drivers.SPA.03.07.02E.pkg
Added cat3k_caa-infra.SPA.03.07.02E.pkg
Added cat3k_caa-iosd-universalk9.SPA.152-3.E2.pkg
Added cat3k_caa-platform.SPA.03.07.02E.pkg
Added cat3k_caa-wcm.SPA.10.3.120.0.pkg
Finished list of software package changes
SUCCESS: Software provisioned. New software will load on reboot.
[2]: Finished install successful on switch 2
[3]: install package(s) on switch 3
--- Starting list of software package changes ---
Old files list:
Removed cat3k_caa-rpbase.16.03.01.SPA.pkg
Removed cat3k_caa-rpcore.16.03.01.SPA.pkg
Removed cat3k_caa-srdriver.16.03.01.SPA.pkg
Removed cat3k_caa-wcm.16.03.01.SPA.pkg
Removed cat3k_caa-webui.16.03.01.SPA.pkg
New files list:
Added cat3k_caa-base.SPA.03.07.02E.pkg
Added cat3k_caa-drivers.SPA.03.07.02E.pkg
Added cat3k_caa-infra.SPA.03.07.02E.pkg
Added cat3k_caa-iosd-universalk9.SPA.152-3.E2.pkg
Added cat3k_caa-platform.SPA.03.07.02E.pkg
Added cat3k_caa-wcm.SPA.10.3.120.0.pkg
Finished list of software package changes
SUCCESS: Software provisioned. New software will load on reboot.
[3]: Finished install successful on switch 3
[4]: install package(s) on switch 4
--- Starting list of software package changes ---
Old files list:
Removed cat3k_caa-rpbase.16.03.01.SPA.pkg
Removed cat3k_caa-rpcore.16.03.01.SPA.pkg
Removed cat3k_caa-srdriver.16.03.01.SPA.pkg
Removed cat3k_caa-wcm.16.03.01.SPA.pkg
Removed cat3k_caa-webui.16.03.01.SPA.pkg
New files list:
Added cat3k_caa-base.SPA.03.07.02E.pkg
Added cat3k_caa-drivers.SPA.03.07.02E.pkg
Added cat3k_caa-infra.SPA.03.07.02E.pkg
Added cat3k_caa-iosd-universalk9.SPA.152-3.E2.pkg
Added cat3k_caa-platform.SPA.03.07.02E.pkg
Added cat3k_caa-wcm.SPA.10.3.120.0.pkg
Finished list of software package changes
SUCCESS: Software provisioned. New software will load on reboot.
[4]: Finished install successful on switch 4
Checking status of install on [1 2 3 4]
[1 2 3 4]: Finished install in switch 1 2 3 4
SUCCESS: Finished install: Success on [1 2 3 4]
Note The old files listed in the logs should be removed using the software clean command, after reload
Step 5 After you have successfully installed the image, you no longer need the.bin image and the file can be deleted from flash of each switch if you copied it to flash.
Step 7 If your switches are configured with auto boot, then the stack will automatically boot up with the new image. If not, you can manually boot flash:packages.conf
Switch: boot flash:packages.conf
Note When you downgrade to a Cisco IOS XE 3.xE image, your boot loader will not automatically downgrade. It will remain updated. The new boot loader can support booting both Cisco IOS XE 3.xE releases as well as Cisco IOS XE Denali16.x releases.
Downgrade from Cisco IOS XE 16.x to Cisco IOS XE 3.xE in Bundle Mode
Follow these instructions to downgrade from Cisco IOS XE 16.x in Bundle mode to an older Cisco IOS XE 3.xE release in Bundle mode.
Copy New Image to Stack
Step 1 Make sure your TFTP server is reachable from IOS via GigabitEthernet0/0.
Switch# show run | i tftp
ip tftp source-interface GigabitEthernet0/0
ip tftp blocksize 8192
Switch#
Switch# show run | i ip route vrf
ip route vrf Mgmt-vrf 5.0.0.0 255.0.0.0 5.30.0.1
Switch#
Switch# show run int GigabitEthernet0/0
Building configuration...
Current configuration : 115 bytes
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
ip address 5.30.12.121 255.255.0.0
negotiation auto
end
Switch#
Switch# ping vrf Mgmt-vrf ip 5.28.11.250
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.28.11.250, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
Step 2 Copy the image from your TFTP server to flash.
Step 9 If your switches are configured with auto boot, the stack will automatically boot up with the new image. If not, you can manually boot flash:cat3k_caa-universalk9.SPA.03.07.02.E.152-3.E2.bin
Note When you downgrade to a Cisco IOS XE 3.xE image, your boot loader will remain updated, and will automatically be downgraded. The new boot loader can support booting both Cisco IOS XE 3.x releases as well as Cisco IOS XE Denali 16.x releases.
Step 10 When the new image boots up, you can verify the version of the new image, by checking show version
Move from Cisco IOS XE 3.xE Bundle Mode to Install Mode
Step 11 Ensure you have enough space in flash to expand a new image by cleaning up old installation files. This command will erase your Cisco IOS XE 3.xE bin image file, so ensure that you copy it to your Active again.
Switch# software clean file flash:
Preparing clean operation...
[1 2 3 4]: Cleaning up unnecessary package files
[1 2 3 4]: Preparing packages list to delete...
[1]: Files that will be deleted:
cat3k_caa-rpbase.16.03.01.SPA.pkg
cat3k_caa-rpcore.16.03.01.SPA.pkg
cat3k_caa-srdriver.16.03.01.SPA.pkg
cat3k_caa-universalk9.16.03.01.SPA.bin
cat3k_caa-wcm.16.03.01.SPA.pkg
cat3k_caa-webui.16.03.01.SPA.pkg
packages.conf
[2]: Files that will be deleted:
cat3k_caa-rpbase.16.03.01.SPA.pkg
cat3k_caa-rpcore.16.03.01.SPA.pkg
cat3k_caa-srdriver.16.03.01.SPA.pkg
cat3k_caa-universalk9.16.03.01.SPA.bin
cat3k_caa-wcm.16.03.01.SPA.pkg
cat3k_caa-webui.16.03.01.SPA.pkg
packages.conf
[3]: Files that will be deleted:
cat3k_caa-rpbase.16.03.01.SPA.pkg
cat3k_caa-rpcore.16.03.01.SPA.pkg
cat3k_caa-srdriver.16.03.01.SPA.pkg
cat3k_caa-universalk9.16.03.01.SPA.bin
cat3k_caa-wcm.16.03.01.SPA.pkg
cat3k_caa-webui.16.03.01.SPA.pkg
packages.conf
[4]: Files that will be deleted:
cat3k_caa-rpbase.16.03.01.SPA.pkg
cat3k_caa-rpcore.16.03.01.SPA.pkg
cat3k_caa-srdriver.16.03.01.SPA.pkg
cat3k_caa-universalk9.16.03.01.SPA.bin
cat3k_caa-wcm.16.03.01.SPA.pkg
cat3k_caa-webui.16.03.01.SPA.pkg
packages.conf
[1 2 3 4]: Do you want to proceed with the deletion? [yes/no]: yes
[1 2 3 4]: Clean up completed
Switch#
Step 12 Copy the image from your TFTP server to flash
311154824 bytes copied in 68.781 secs (4523849 bytes/sec)
Switch#
Step 13 Use the software expand command to expand the target image to flash and move from bundle mode to install mode. You can point to the source image on your TFTP server or in flash if you have it copied to flash.
Step 15 Edit the boot variable to point to the new image.
Switch(config)# boot system flash:packages.conf
Step 16 Use the write memory command to save the configuration change.
Switch#write memory
Step 17 Use the show boot command to confirm that your boot variable is pointing to the new image
Switch# show boot
---------------------------
Switch 1
---------------------------
Current Boot Variables:
BOOT variable = flash:packages.conf;
Boot Variables on next reload:
BOOT variable = flash:packages.conf;
Manual Boot = yes
Enable Break = yes
Switch#
Reload
Step 18 Reload the switch
Switch# reload
Step 19 If your switches are configured with auto boot, the stack will automatically boot up with the new image. If not, you can manually boot flash:packages.conf
switch:boot flash:packages.conf
Step 20 When the new image boots up, you can verify the version of the new image, by checking show version
Step 21 After you have successfully installed the image, you no longer need the.bin image and the file can be deleted from the flash of each switch if you had copied to flash.
The sub-package upgrade steps are similar to the bundle package upgrade, except that you only install one sub-package and not all packages. In order to perform a sub-package software image upgrade, you must be booted into IOS using boot flash:packages.conf.
Step 1 Copy new sub-package image to flash. For example, cat3k_caa-wcm.16.02.01.SPA.pkg for WCM module for the WCM module.
Step 2 Use the request platform software package install switch <switch id> file flash:<image> command to upgrade your switch.
SUCCESS: Software provisioned. New software will load on reboot.
[1]: Finished install successful on switch 1
Step 3 When you upgrade the WCM sub-package, and you have AP(s) connected and joined to the controller, you can pre-download the newly upgraded AP images to APs before restarting the APs. The pre-download steps are as follows:
Step
Command
Purpose
1.
# show ap join stats summary
Shows all APs connected to the controller, includes joined and not joined APs.
2.
# show ap image
Only joined AP(s) can perform the image pre-downloading process.
3.
# ap image predownload
While pre-downloading the AP image(s), use #show ap image to monitor the pre-downloading status. Go to the next step after image pre-downloading is completed.
4.
# ap image swap
Swaps the backup AP image with the bootup AP image on AP device.
5.
# ap image reset
Restarts all the APs that have connected to the controller.
6.
# reload
Restart the controller.
Upgrading RTU Licenses
In Cisco IOS XE Denali 16.1.1, right-to-use (RTU) licensing has been modified to allow stack members to join a stack without having the same license level as the rest of the existing stack. The mismatched switch will not be put into Lic-Mismatch state. Even though the switch with the mismatched license is allowed to join the stack, the following syslog message is displayed periodically reminding you to fix the RTU license level:
%STACK_RTU_LICENSE-6-IOSD_LIC_MISMATCH:Switch 5 R0/0: stack_mgr: Switch #5: Current IOSd runs on lanbase license while RTU active license is ipservices. Please configure RTU license to current IOSd license.
The EXEC mode Right to Use License command allows you to activate or deactivate feature set licenses or Adder AP Count Licenses. This command provides options to activate or deactivate any license supported on the platform.
Activate IP Base license on all the switches in the stack. EULA will be prompted, accept the EULA by typing ‘yes’.
2
Show license right-to-use
Check the reboot license level is ipbase for all the switches.
3
Reload
Reboot the switch to boot with ipbase.
Changing the License Level of License Mismatch Switch from Active’s Console
If the license mismatch switch has a lower license level than other switches in the stack, and the stack is running at IP Services and the mismatch switch is booted with IP Base license.
Step
Command
Purpose
1
show switch
Get the switch number in license mismatch state.
2
show license right-to-use mismatch
Check the license level of the license mismatch switch.
Activate IP Services license on all the mismatch switches in the stack. EULA will be prompted, accept the EULA by typing ‘yes’.
4
Reload slot <switch-id>
Reboot the license mismatch switch to boot with ipservices and join the stack.
If the license mismatch switch has a higher license level than other switches in the stack, and the stack is running at IP Base and the mismatch switch is booted with IP Services license.
Step
Command
Purpose
1
show switch
Get the switch number in license mismatch state.
2
show license right-to-use mismatch
Check the license level of the license mismatch switch.
Pass the number of AP count licenses to add as count. Pass the switch-id on which the Adder AP count licenses are to be added. EULA is prompted, accept it by typing ‘yes’.
2
Show license right-to-use slot <switch-id>
Check the adder AP count licenses are incremented on the given switch.
3
Show license right-to-use summary
Check the total Adder AP count licenses are incremented and the Total available AP count are incremented.
Deactivates evaluation AP Count licenses on the stack.
2
Show license right-to-use summary
Base and Adder AP Count licenses are displayed. Total available AP Count is sum of Base and Adder AP Count.
Feature Sets
The Catalyst 3850 switch supports three different feature sets:
LAN Base feature set—Provides basic Layer 2+ features, including access control lists (ACLs) and quality of service (QoS), and up to 255 VLANs.
IP Base feature set—Provides Layer 2+ and basic Layer 3 features (enterprise-class intelligent services). These features include access control lists (ACLs), quality of service (QoS), static routing, EIGRP stub routing, IP multicast routing, Routing Information Protocol (RIP), basic IPv6 management, the Open Shortest Path First (OSPF) Protocol (for routed access only), and support for wireless controller functionality. The license supports up to 4094 VLANs.
IP Services feature set—Provides a richer set of enterprise-class intelligent services and full IPv6 support. It includes IP Base features plus Layer 3 routing (IP unicast routing and IP multicast routing). The IP Services feature set includes protocols such as the Enhanced Interior Gateway Routing Protocol (EIGRP), the Open Shortest Path First (OSPF) Protocol, and support for wireless controller functionality. The license supports up to 4094 VLANs.
Note A separate access point count license is required to use the switch as a wireless controller.
For more information about the features, see the product data sheet at this URL:
Open, WEP, PSK (WPA and WPA2), 802.1X (WPA-TKIP and WPA2-AES) (LEAP, PEAP, EAP-FAST, EAP-TLS)
RADIUS
ACS 5.3, ISE 1.2
Types of tests
Connectivity, traffic, and roaming between two access points
Table 11 lists the client types on which the tests were conducted. The clients included laptops, handheld devices, and phones.
Table 11 Client Types
Client Type and Name
Version
Laptop
Intel 5100/5300
v14.3.2.1
Intel 6200
15.15.0.1
Intel 6300
15.16.0.2
Intel 6205
15.16.0.2
Intel 1000/1030
v14.3.0.6
Intel 7260
18.33.0.2
Intel 7265
18.40.0.9
Intel 3160
18.33.0.2
Broadcom 4360
6.30.163.2005
Linksys AE6000 (USB)
5.1.2.0
Netgear A6200 (USB)
6.30.145.30
Netgear A6210(USB)
5.1.18.0
D-Link DWA-182 (USB)
6.30.145.30
Engenius EUB 1200AC(USB)
1026.5.1118.2013
Asus AC56(USB)
1027.7.515.2015
Dell 1395/1397/Broadcom 4312HMG(L)
5.30.21.0
Dell 1501 (Broadcom BCM4313)
v5.60.48.35/v5.60.350.11
Dell 1505/1510/Broadcom 4321MCAG/4322HM
5.60.18.8
Dell 1515(Atheros)
8.0.0.239
Dell 1520/Broadcom 43224HMS
5.60.48.18
Dell 1530 (Broadcom BCM4359)
5.100.235.12
Dell 1540
6.30.223.215
Cisco CB21
1.3.0.532
Atheros HB92/HB97
8.0.0.320
Atheros HB95
7.7.0.358
MacBook Pro
OSX 10.11.5
MacBook Air old
OSX 10.11.5
MacBook Air new
OSX 10.11.5
Macbook Pro with Retina Display
OSX 10.11.5
Macbook New 2015
OSX 10.11.5
Tablets
Apple iPad2
iOS 9.3.1(13E238)
Apple iPad3
iOS 9.3.1(13E238)
Apple iPad mini with Retina display
iOS 9.3.1(13E238)
Apple iPad Air
iOS 9.3.1(13E238)
Apple iPad Air 2
iOS 9.3.1(13E238)
Samsung Galaxy Tab Pro SM-T320
Android 4.4.2
Samsung Galaxy Tab 10.1- 2014 SM-P600
Android 4.4.2
Samsung Galaxy Note 3 – SM-N900
Android 5.0
Microsoft Surface Pro 3
Windows 8.1
Driver: 15.68.3073.151
Microsoft Surface Pro 2
Windows 8.1
Driver: 14.69.24039.134
Google Nexus 9
Android 6.0
Google Nexus 7 2nd Gen
Android 5.0
Phones
Cisco 7921G
1.4.5.3.LOADS
Cisco 7925G
1.4.5.3.LOADS
Cisco 8861
Sip88xx.10-2-1-16
Apple iPhone 4S
iOS 9.2(13C75)
Apple iPhone 5
iOS 9.3.1(13E238)
Apple iPhone 5s
iOS 9.3.1(13E238)
Apple iPhone 5c
iOS 9.3.1(13E238)
Apple iPhone 6
iOS 9.3.1(13E238)
Apple iPhone 6 Plus
iOS 9.3.1(13E238)
Apple iPhone SE
iOS 9.3.1(13E238)
HTC One
Android 5.0
OnePlusOne
Android 4.3
Samsung Galaxy S4 – GT-I9500
Android 5.0.1
Sony Xperia Z Ultra
Android 4.4.2
Nokia Lumia 1520
Windows Phone 8.1
Google Nexus 5
Android 5.1
Nexus 6
Android 5.1.1
Samsung Galaxy S5-SM-G900A
Android 4.4.2
Huawei Ascend P7
Android 4.4.2
Samsung Galaxy S III
Android 4.4.2
Google Nexus 9
Android 6.0
Samsung Galaxy Nexus GTI9200
Android 4.4.2
Samsung Galaxy Mega SM900
Android 4.4.2
Samsung Galaxy S6
Android 6.0.1
Samsung Galaxy S5
Android 5.0.1
Xiaomi Mi 4i
Android 5.1.1
Samsung Galaxy S7
Android 6.0.1
Scaling Guidelines
Table 12 Scaling Guidelines
System Feature
Maximum Limit
Number of HTTP session redirections system-wide
Up to 100 clients per second (wired/wireless)
Number of HTTPS session redirections system-wide
Up to 5 clients per second (wireless)
Up to 20 clients per second (wired)
Limitations and Restrictions
Limitations for YANG data modeling—A maximum of 20 simultaneous NETCONF sessions are supported.
Limitations for RF Profiles—Configuration with Cisco Prime Infrastructure is not supported. You must use the CLI to configure the feature.
Limitations for Wired AVC:
– NBAR2 (QOS and Protocol-discovery) configuration is allowed only on wired physical ports. It is not supported on virtual interfaces, for example, VLAN, port channel nor other logical interfaces.
– NBAR2 based match criteria ‘match protocol’ is allowed only with marking or policing actions. NBAR2 match criteria will not be allowed in a policy that has queuing features configured.
– ‘Match Protocol’: up to 256 concurrent different protocols in all policies.
– NBAR2 attributes based QOS is not supported (‘match protocol attribute’).
– NBAR2 and Netflow cannot be configured together at the same time on the same interface.
– Only IPv4 unicast (TCP/UDP) is supported.
– AVC is not supported on management port (Gig 0/0)
– NBAR2 attachment should be done only on physical access ports. Uplink can be attached as long as it is a single uplink and is not part of a port channel.
– Performance—Each switch member is able to handle 500 connections per second (CPS) at less than 50% CPU utilization. Above this rate, AVC service is not guaranteed.
– Scale—Able to handle up to 5000 bi-directional flows per 24 access ports.
Restrictions for QoS:
– When configuring QoS queuing policy, the sum of the queuing buffer should not exceed 100%.
– For QoS policies, only switched virtual interfaces (SVI) are supported for logical interfaces.
– QoS policies are not supported for port-channel interfaces, tunnel interfaces, and other logical interfaces.
– QoS marking is not supported on COS-AP (Wave-2 APs) in any Cisco IOS XE Denali 16.x.x release. In these releases, QoS marking is based on table-maps and table-maps are not supported on COS-APs.
Starting with Cisco IOS XE Denali 16.3.1, Centralized Management Mode (CMM) is no longer supported.
You cannot configure NetFlow export using the Ethernet Management port (g0/0).
The maximum committed information rate (CIR) for voice traffic on a wireless port is 132 Mb/sec.
Flex Links are not supported. We recommend that you use spanning tree protocol (STP) as the alternative.
Outdoor access points are supported only when they are in Local mode.
Restrictions for Cisco TrustSec:
– Dynamic SGACL download is limited to 6KB per destination group tag (DGT).
– Cisco TrustSec can be configured only on physical interfaces, not on logical interfaces.
– Cisco TrustSec cannot be configured on a pure bridging domain with IPSG feature enabled. You must either enable IP routing or disable the IPSG feature in the bridging domain.
Restriction for VLAN: It is advisable to have well-defined segregation while defining data and voice domain during switch configuration and to maintain a data VLAN different from voice VLAN across the switch stack. If the same VLAN is configured for data and voice domains on an interface, the resulting high CPU utilization might affect the device.
When a logging discriminator is configured and applied to a device, memory leak is seen under heavy syslog or debug output. The rate of the leak is dependent on the quantity of logs produced. In extreme cases, the device may crash. As a workaround, disable the logging discriminator on the device.
For the WS-C3850-12X48U-L, WS-C3850-12X48U-S and WS-C3850-12X48U-E switch models, a maximum of 28 ports are available for UPoE connections.
Caveats
Caveats describe unexpected behavior in Cisco IOS releases. Caveats listed as open in a prior release are carried forward to the next release as either open or resolved.
The Bug Search Tool (BST), which is the online successor to Bug Toolkit, is designed to improve the effectiveness in network risk management and device troubleshooting. The BST allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.
NTP-PTP: Invalid PTP time during NTP leap second insertion/deletion
Resolved Caveats in Cisco IOS XE Denali 16.3.1
The following is the list of Cisco IOS XE Denali 16.1.x and Cisco IOS XE Denali 16.2.x caveats that are resolved in Cisco IOS XE Denali 16.3.1. Click on the identifier to view the details of a caveat in the BST.
Choose Product Support > Switches. Then choose your product and click Troubleshoot and Alerts to find information for the problem that you are experiencing.
Related Documentation
Cisco IOS XE Denali 16.x.x documentation at this URL:
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What’s New in Cisco Product Documentation, which lists all new and revised Cisco Technical documentation, as an RSS feed and deliver content directly to your desktop using a read application. The RSS feeds are a free service.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.