Table of Contents
Release Notes for Catalyst 3850 Series Switch, Cisco IOS XE Release 3.7.xE
What’s New in Cisco IOS XE Release 3.7.5E
What’s New in Cisco IOS XE Release 3.7.4E
What’s New in Cisco IOS XE Release 3.7.3E
What’s New in Cisco IOS XE Release 3.7.2E
What’s New in Cisco IOS XE Release 3.7.1E
What’s New in Cisco IOS XE Release 3.7.0E
Cisco Wireless LAN Controller Models
Access Points and Mobility Services Engine
OpenFlow Version and Cisco IOS Release Support
Wired Web UI (Device Manager) System Requirements
Wireless Web UI Software Requirements
Finding the Software Version and Feature Set
Interoperability with Other Client Devices
Resolved Caveats in Cisco IOS XE Release 3.7.5E
Resolved Caveats in Cisco IOS XE Release 3.7.4E
Resolved Caveats in Cisco IOS XE Release 3.7.3E
Resolved Caveats in Cisco IOS XE Release 3.7.2E
Resolved Caveats in Cisco IOS XE Release 3.7.1E
Resolved Caveats in Cisco IOS XE Release 3.7.0E
Obtaining Documentation and Submitting a Service Request
Release Notes for Catalyst 3850 Series Switch, Cisco IOS XE Release 3.7.xE
First Published: December 10, 2014
This release note gives an overview of the features for Cisco IOS XE 3.7E and later releases on the Catalyst 3850 series switch.
Unless otherwise noted, the terms switch and device refer to a standalone switch and to a switch stack.
Contents
- Introduction
- New Features
- Supported Hardware
- OpenFlow Version and Cisco IOS Release Support
- Wireless Web UI Software Requirements
- Finding the Software Version and Feature Set
- Upgrading the Switch Software
- Features
- Interoperability with Other Client Devices
- Important Notes
- Limitations and Restrictions
- Caveats
- Troubleshooting
- Related Documentation
- Obtaining Documentation and Submitting a Service Request
Introduction
The Catalyst 3850 switches are the next generation of enterprise class stackable access layer switches that provide full convergence between wired and wireless networks on a single platform. This convergence is built on the resilience of new and improved 480-Gbps StackWise-480 and Cisco StackPower. Wired and wireless security and application visibility and control are natively built into the switch.
The Catalyst 3850 switches also support full IEEE 802.3 at Power over Ethernet Plus (PoE+), modular and field replaceable network modules, redundant fans, and power supplies. The Catalyst 3850 switches enhance productivity by enabling applications such as IP telephony, wireless, and video for a true borderless network experience.
The Cisco IOS XE software represents the continuing evolution of the preeminent Cisco IOS operating system. The Cisco IOS XE architecture and well-defined set of APIs extend the Cisco IOS software to improve portability across platforms and extensibility outside the Cisco IOS environment. The Cisco IOS XE software retains the same look and feel of the Cisco IOS software, while providing enhanced future-proofing and improved functionality.
For more information about the Cisco IOS XE software, see http://www.cisco.com/en/US/prod/collateral/iosswrel/ps9442/ps11192/ps11194/QA_C67-622903.html
New Features
- What’s New in Cisco IOS XE Release 3.7.5E
- What’s New in Cisco IOS XE Release 3.7.4E
- What’s New in Cisco IOS XE Release 3.7.3E
- What’s New in Cisco IOS XE Release 3.7.2E
- What’s New in Cisco IOS XE Release 3.7.1E
- What’s New in Cisco IOS XE Release 3.7.0E
What’s New in Cisco IOS XE Release 3.7.4E
What’s New in Cisco IOS XE Release 3.7.3E
What’s New in Cisco IOS XE Release 3.7.2E
- Auto-LAG—The auto-LAG feature provides the ability to automatically create EtherChannels on ports connected to a switch. By default, auto-LAG is disabled globally and is enabled on all port interfaces. The auto-LAG applies to a switch only when it is enabled globally.
- LACP Rate Fast—Support for the new lacp rate command, to set the rate at which Link Aggregation Control Packets (LACP) packets are sent to LACP-supported interfaces.
- GRE tunneled packets switched on hardware—Support for forwarding GRE tunneled packets on the switch hardware.
- New switch models:
What’s New in Cisco IOS XE Release 3.7.1E
- New parameter call-station-id added to the wireless security dot1x radius mac-authentication command. The call-station-id parameter configures Call Station ID type for MAC authentication.
- SFP BiDirectional (BiDi) Optics—SFP BiDirectional (BiDi) optical transceivers are used to transmit and receive optical signals through only one single fiber. These make use of single strand of SMF. The deployment of BiDi optical transceivers instantly doubles the bandwidth capacity of the existing optical fiber infrastructure.
- Power Supplies for the Stacking Switch—The switch has two power supplies per system, allowing the power load to be split between them. This accommodates the increased maximum power of 30 watts per port provided to a powered device to meet the PoE+ standard (802.3at). With PoE+, a 48-port system would need 1440 Watts to provide 30 Watts per powered device for the PoE ports. Systems with fewer powered devices might require only one power supply. In this case, the additional power supply can provide one-to-one redundancy for the active supply.
In addition, the stacking switch supports StackPower, which allows the power supplies to share the load across multiple systems in a stack. By connecting the switches with power stack cables, you can manage the power supplies of up to four stack members as a one large power supply that provides power to all switches and to the powered devices connected to switch ports. Since power supplies are most effective when running at 30 to 90% of their maximum load, taking some of the power supplies offline provides maximum power efficiency. Switches in a power stack must be members of the same switch (data) stack.
The Cisco eXpandable Power System (XPS) 2200 is a standalone power system that you can connect to Catalyst switches. The XPS 2200 power ports and internal power supplies can operate in redundant power supply (RPS) mode or stack power (SP) mode.
- SGT and Destination SGT for Flexible Net Flow—Source group and destination group tags are automatically displayed for ingress and egress data based on the CTS configuration.
- Enhancement to port security configuration—Specify a MAC address that is forbidden by port security on all interfaces.
- Increased scale on Catalyst 3850 Switches to support up to 100 access points. Previously, support was up to 50 access points.
- Support for Media Access Control Security (MACsec). The switch supports 802.1AE encryption with MACsec Key Agreement (MKA) on downlink ports for encryption between the switch and host devices.
- New multi-Gigabit stackable switch model that support up to 36 ports at 1G and 12 ports at 100M, 1G, 2.5G, 5G and 10G.
What’s New in Cisco IOS XE Release 3.7.0E
- Wireless capability is added to Catalyst 4500E Series Switch Supervisor Engine 8-E .
- Support is added for the following access points:
– Cisco Aironet 1700 Series Access Point
– Cisco Aironet 1570 Series Access Point (supported only in Local mode)
- VLAN tagging is supported on Cisco Aironet 700W Series Access Points
- mDNS Service Discovery Gateway Phase 3—The Service Discovery Gateway feature enables multicast Domain Name System (mDNS) to operate across Layer 3 (L3) boundaries. In this phase, features such as de-congestion of incoming mDNS traffic, redistribution of service withdrawal messages, a filter criterion for learning services available on a specific interface, and the periodic browsing of services on specific interfaces are introduced.
- AVC top ‘N’ users per application—This feature enables you to know network usage information on a per user basis within an application. This feature is enabled by default and is available if AVC is enabled.
- AN Infra—Autonomic networking makes network devices intelligent by introducing self-management concepts that simplify network management for the network operator.
- CDP Bypass—The sessions are established in single and multi-host modes for IP Phones. However, if voice VLAN and 802.1x on an interface port is enabled, then the CDP Bypass is enabled when the host mode is set to single or multi host mode.
Note By default the host mode is set to single mode in <legacy> mode and multi-authentication in the edge mode.
Use the following commands to configure CDP bypass:
Switch(config)# interface <interface-id>
Switch(config-if)# switchport mode access
Switch(config-if)# switchport voice vlan <vlan-id>
Switch(config-if)# authentication port-control auto
Switch(config-if)# authentication host-mode single | multi-host
Switch(config-if)# dot1x pae authenticator
- WebAuth sleeping client—Allows successfully authenticated devices to stay logged in for a configured period without reauthentication.
The following CLI is added under the webauth parameter map:
sleeping-client timeout timeout-in-minutes
– There is one-to-one mapping between device MAC and username/password. Once an entry is added to sleeping-client cache, the device/user gets policies for the user stored in the cache. Therefore, any other user using the device also gets the same policies as the user stored in the sleeping-client cache. The user can force normal authentication by logging out. To do that, the user must explicitly enter the following URL:
– Mobility is not supported. If the client roams from one controller to another, the client undergoes normal authentication on the foreign controller.
- Regulatory domains for India (–D), Indonesia (–F), Brazil (–Z), Honk Kong (–S) are supported.
- New Flexible NetFlow Collect parameters:
– collect wireless afd drop bytes —Collects the fields for wireless approximate fair drop (AFD) drop bytes
– collect wireless afd accept bytes —Collects the fields for AFD accept bytes
Switch# show platform qos wireless stats ssid { ssid-value | all } client all
This CLI lists client MAC address, WLAN ID, BSSID, accept byte, and drop byte details.
Switch# show ap is-supported ap-model-part-number
- AutoQoS is supported for wireless.
- MC managing MA is supported.
- Private VLAN support is introduced.
- AutoQoS Compact: This feature hides the auto-QoS-generated commands from the running configuration.
- Netflow IPv6 Exporter/IPv6 Extended Host Mode: This feature enables FNF Export over IPv6.
- MACSec Encryption: Support for CTS (Cisco Trusted Security), which uses MACSec and SAP for securing links between Cisco Catalyst switches. It uses either 802.1x protocol or manual configuration for authentication and authorization between the peers, followed by the Cisco proprietary protocol SAP (Security Association Protocol) for key agreement to encrypt and decrypt traffic.
- IPv6 Source Guard: IPv6 source guard is an interface feature between the populated binding table and data traffic filtering. This feature enables the device to deny traffic when it is originated from an address that is not stored in the binding table. IPv6 source guard does not inspect ND or DHCP packets; rather, it works in conjunction with IPv6 neighbor discovery (ND) inspection or IPv6 address glean, both of which detect existing addresses on the link and store them into the binding table. IPv6 source guard is an interface between the populated binding table and data traffic filtering, and the binding table must be populated with IPv6 prefixes for IPv6 source guard to work.
- IPv6 Prefix Guard: The IPv6 Prefix Guard feature works within the IPv6 Source Guard feature, enabling the device to deny traffic originated from non-topologically correct addresses. IPv6 prefix guard is often used when IPv6 prefixes are delegated to devices (for example, home gateways) using DHCP prefix delegation. The feature discovers ranges of addresses assigned to the link and blocks any traffic sourced with an address outside this range.
- IPv6 Destination Guard: The IPv6 Destination Guard feature works with IPv6 neighbor discovery to ensure that the device performs address resolution only for those addresses that are known to be active on the link. It relies on the address glean functionality to populate all destinations active on the link into the binding table and then blocks resolutions before they happen when the destination is not found in the binding table.
- IPv6 First Hop Security support on Etherchannels: The IPv6 FHS policies can be attached to EtherChannel interfaces (Port Channels).
- IPv6 ACL Wild Card Masking: Support for IPv6 wild card masking when specifying the Layer 3 address of a IPv6 ACL entry.
- VLAN name extension: Maximum characters allowed for a VLAN name has been increased from 32 to 128.
- LDAP source interface and VRF support: Allows you to configure a dedicated LDAP source interface IP address and virtual routing and forwarding (VRF).
- VRF aware DHCPv6 Server/Relay for Prefix Delegation: Ensures that the DHCPv6 server and relay involved in delegating prefixes are VRF aware.
- Webauth Sleeping Client (Webauth remember me): Allows successfully authenticated devices to stay logged in for a configured period without re-authentication.
- VLAN RADIUS Attributes in Access Requests
- Enhances the security for access switches with the use of VLAN RADIUS attributes (VLAN name and ID) in the access requests and with an extended VLAN name length of 128 characters.
- Copy Aware VRF: Enables copying of files to and from a VRF via the copy command.
- CWDM SFP+ 10-Gigabit optics are supported.
Supported Hardware
Catalyst 3850 Switch Models
Network Modules
Table 3 lists the three optional uplink network modules with 1-Gigabit and 10-Gigabit slots. You should only operate the switch with either a network module or a blank module installed.
Catalyst 3650 Switch Models
Stackable 24 10/100/1000 Ethernet downlink ports, four 1-Gigabit SFP (small form-factor pluggable) uplink ports, 250-W power supply
Stackable 48 10/100/1000 Ethernet downlink ports, four 1-Gigabit SFP uplink ports, 250-W power supply
Stackable 24 10/100/1000 PoE+1 downlink ports, four 1-Gigabit SFP uplink ports, 640-W power supply
Stackable 48 10/100/1000 PoE+ downlink ports, four 1-Gigabit SFP uplink ports, 640-W power supply
Stackable 48 10/100/1000 Full PoE downlink ports, four 1-Gigabit SFP uplink ports, 1025-W power supply
Stackable 24 10/100/1000 Ethernet downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 250-W power supply
Stackable 48 10/100/1000 Ethernet downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 250-W power supply
Stackable 24 10/100/1000 PoE+ downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 640-W power supply
Stackable 48 10/100/1000 PoE+ downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 640-W power supply
Stackable 48 10/100/1000 Full PoE downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 1025-W power supply
Stackable 48 10/100/1000 Full PoE downlink ports, four 10-Gigabit SFP+ uplink ports, 1025-W power supply
Stackable 48 10/100/1000 PoE+ downlink ports, four 10-Gigabit SFP+ uplink ports, 640-W power supply
Stackable 48 10/100/1000 Ethernet downlink ports, four 10-Gigabit SFP+ uplink ports, 250-W power supply
Stackable 24 10/100/1000 Ethernet downlink ports, four 1-Gigabit SFP uplink ports, 250-W power supply
Stackable 48 10/100/1000 Ethernet downlink ports, four 1-Gigabit SFP uplink ports, 250-W power supply
Stackable 24 10/100/1000 PoE+ downlink ports, four 1-Gigabit SFP uplink ports, 640-W power supply
Stackable 48 10/100/1000 PoE+ downlink ports, four 1-Gigabit SFP uplink ports, 640-W power supply
Stackable 48 10/100/1000 Full PoE downlink ports, four 1-Gigabit SFP uplink ports, 1025-W power supply
Stackable 24 10/100/1000 Ethernet downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 250-W power supply
Stackable 48 10/100/1000 Ethernet downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 250-W power supply
Stackable 24 10/100/1000 PoE+ downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 640-W power supply
Stackable 48 10/100/1000 PoE+ downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 640-W power supply
Stackable 48 10/100/1000 Full PoE downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 1025-W power supply
Stackable 48 10/100/1000 Full PoE downlink ports, four 10-Gigabit SFP+ uplink ports, 1025-W power supply
Stackable 48 10/100/1000 PoE+ downlink ports, four 10-Gigabit SFP+ uplink ports, 640-W power supply
Stackable 48 10/100/1000 Ethernet downlink ports, four 10-Gigabit SFP+ uplink ports, 250-W power supply
Stackable 24 10/100/1000 Ethernet downlink ports, four 1-Gigabit SFP uplink ports, 250-W power supply
Stackable 48 10/100/1000 Ethernet downlink ports, four 1-Gigabit SFP uplink ports, 250-W power supply
Stackable 24 10/100/1000 PoE+ downlink ports, four 1-Gigabit SFP uplink ports, 640-W power supply
Stackable 48 10/100/1000 PoE+ downlink ports, four 1-Gigabit SFP uplink ports, 640-W power supply
Stackable 48 10/100/1000 Full PoE downlink ports, four 1-Gigabit SFP uplink ports, 1025-W power supply
Stackable 24 10/100/1000 Ethernet downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 250-W power supply
Stackable 48 10/100/1000 Ethernet downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 250-W power supply
Stackable 24 10/100/1000 PoE+ downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 640-W power supply
Stackable 48 10/100/1000 PoE+ downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 640-W power supply
Stackable 48 10/100/1000 Full PoE downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 1025-W power supply
Stackable 48 10/100/1000 Full PoE downlink ports, four 10-Gigabit SFP+ uplink ports, 1025-W power supply
Stackable 48 10/100/1000 PoE+ downlink ports, four 10-Gigabit SFP+ uplink ports, 640-W power supply
Stackable 48 10/100/1000 Ethernet downlink ports, four 10-Gigabit SFP+ uplink ports, 250-W power supply
Optics Modules
Catalyst switches support a wide range of optics. Because the list of supported optics is updated on a regular basis, consult the tables at this URL for the latest (SFP) compatibility information:
http://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html
Cisco Wireless LAN Controller Models
Access Points and Mobility Services Engine
Table 6 lists the supported products of the Catalyst 3850 Switch.
Note On platforms that run Cisco IOS XE releases, the WSSI/3G modules on access points are not supported.
Table 7 lists the specific supported Cisco access points.
Compatibility Matrix
Table 8 lists the software compatibility matrix.
For more information on the compatibility of wireless software components across releases, see the Cisco Wireless Solutions Software Compatibility Matrix.
OpenFlow Version and Cisco IOS Release Support
The OVA package is available for download in the same location as your system image (.bin) file, on cisco.com
Note The OVA package is compatible only with its corresponding system image file name - as listed in the table below. Do not use an older version of the OVA package with a newer system image file, or a newer OVA package with an older system image file.
Finding the Software Version and Feature Set
Table 10 shows the mapping of the Cisco IOS XE version number and the Cisco IOS version number.
The package files for the Cisco IOS XE software are stored on the system board flash device (flash:).
You can use the show version privileged EXEC command to see the software version that is running on your switch.
Note Although the show version output always shows the software image running on the switch, the model name shown at the end of this display is the factory configuration and does not change if you upgrade the software license.
You can also use the dir filesystem : privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.
Upgrading the Switch Software
For information about how to upgrade the switch software, see the System Management Configuration Guide, Cisco IOS XE Release 3E (Catalyst 3850 Switches) at the following URL:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3e/system_management/configuration_guide/b_sm_3e_3850_cg.html.
Important Upgrade Note
After you upgrade to Cisco IOS XE Release 3.7E, the WebAuth success page behavior is different from the behavior seen in Cisco IOS XE Release 3.3.X SE. After a successful authentication on the WebAuth login page, the original requested URL opens in a pop-up window and not on the parent page. Therefore, we recommend that you upgrade the Web Authentication bundle so that the bundle is in the format that is used by the AireOS Wireless LAN Controllers.
To download a sample Web Authentication bundle, follow these steps:
Step 1 Browse to http://software.cisco.com/download/navigator.html .
Step 2 Navigate to Products > Switches > Campus LAN Switches - Access > Cisco Catalyst 3850 Series Switches .
Step 4 Click Wireless Lan Controller Web Authentication Bundle .
Step 5 Choose Release 3.7.0 and click Download .
Step 6 After the download, follow the instructions provided in the Read Me file that is attached in the bundle.
Note When you upgrade to Cisco IOS XE Release 3.7.5E the SSH access is lost, because it cannot use the CISCO_IDEVID_SUDI_LEGACY RSA server key. Before upgrade, generate the server key using the crypto key generate rsa command in global configuration mode.
To verify whether the RSA server key is available on your device, run the show crypto key command.
Note In a High Availability scenario, if you download the Web Authentication bundle to the active controller, the bundle cannot be synchronized with the standby controller. Therefore, we recommend that you also manually download the Web Authentication bundle to the standby controller.
Note During an IOS image upgrade or downgrade on a PoE or UPoE switch, the microcode is updated to reflect applicable feature enhancements and bug fixes. Do not restart the switch during the upgrade or downgrade process. With Cisco IOS 3.7E and later releases, the process takes approximately 9 minutes to complete. The microcode update occurs only during an image upgrade or downgrade on PoE or UPoE switches. It does not occur during switch reloads or on non-PoE switches.
Features
The Catalyst 3850 switch supports three different feature sets:
- LAN Base feature set—Provides basic Layer 2+ features, including access control lists (ACLs) and quality of service (QoS) and up to 255 VLANs.
- IP Base feature set—Provides Layer 2+ and basic Layer 3 features (enterprise-class intelligent services). These features include access control lists (ACLs), quality of service (QoS), ACLs, QoS, static routing, EIGRP stub routing, IP multicast routing, Routing Information Protocol (RIP), basic IPv6 management, the Open Shortest Path First (OSPF) Protocol, and support for wireless controller functionality. The license supports up to 4094 VLANs.
- IP Services feature set—Provides a richer set of enterprise-class intelligent services and full IPv6 support. It includes IP Base features plus Layer 3 routing (IP unicast routing and IP multicast routing). The IP Services feature set includes protocols such as the Enhanced Interior Gateway Routing Protocol (EIGRP), the Open Shortest Path First (OSPF) Protocol, and support for wireless controller functionality. The license supports up to 4094 VLANs.
Note A separate access point count license is required to use the switch as a wireless controller.
For more information about the features, see the product data sheet at this URL:
http://www.cisco.com/en/US/products/ps12686/products_data_sheets_list.html
Interoperability with Other Client Devices
This section describes the interoperability of this version of the switch software release with other client devices.
Table 12 lists the client types on which the tests were conducted. The clients included laptops, handheld devices, phones, and printers.
Important Notes
- A switch stack containing a mix of Catalyst 3850 and Catalyst 3650 switches is not supported.
- With Cisco Prime Infrastructure 2.1.1, the refresh config and inventory collection tasks from the switch might take anywhere from 20 minutes to 40 minutes. For more information, see CSCum62747 on the Bug Search Tool.
- Sometimes a delay is seen in the handling of ICMP reply packets when the packet timer is set to milliseconds (if the value is under 1 second). This is an expected behavior.
- Although visible in the CLI, the following commands are not supported:
– authorize-lsc-ap (CSCui93659)
– Mesh, FlexConnect, and OfficeExtend access point deployment
– Wireless Guest Anchor Controller (The Catalyst 3850 switch can be configured as a foreign controller.)
– MVR (Multicast VLAN Registration)
– IPv6 routing - OSPFv3 Authentication
– Port Security on EtherChannel
– 802.1x Configurable username and password for MAB
– Link State Tracking (L2 Trunk Failover)
– Disable Per VLAN MAC Learning
– IEEE 802.1X-2010 with 802.1AE support
– IPv6 Ready Logo phase II - Host
– OSPFv3 Graceful Restart (RFC 5187)
– Fallback bridging for non-IP traffic between VLANs
– DHCP snooping ASCII circuit ID
– Per VLAN Policy & Per Port Policer
– Ingress/egress Shared Queues
– Trust Boundary Configuration
– Cisco Group Management Protocol (CGMP)
– Performance Monitor (Phase 1)
– AAA: RADIUS over IPv6 transport
– AAA: TACACS over IPv6 Transport
– Auto QoS for Video endpoints
– IPv6 Strict Host Mode Support
– IPv6 Static Route support on LAN Base images
– VACL Logging of access denied
– RFC5460 DHCPv6 Bulk Leasequery
– DHCPv6 Relay Source Configuration
– RFC 4292 IP-FORWARD-MIB (IPv6 only)
– RFC4292/RFC4293 MIBs for IPv6 traffic
– Layer 2 Tunneling Protocol Enhancements
– UniDirectional Link Routing (UDLR)
– Pragmatic General Multicast (PGM)
– Ingress Strict Priority Queuing (Expedite)
– Weighted Random Early Detect (WRED)
Limitations and Restrictions
- You cannot configure NetFlow export using the Ethernet Management port (g0/0).
- The maximum committed information rate (CIR) for voice traffic on a wireless port is 132 Mb/sec.
- On WS-C3850-48 switches, if the cable plugged into port 1 has a long cable boot, the boot may stay in contact with the mode button and cause the switch to reload and reset the configuration. To workaround this issue, use the no setup express command to disable Express Setup, or remove the cable boot from the cable in port 1.
- MACSec Key Agreement (MKA) encryption is not supported between switches and host devices.
- Outdoor access points are supported only when they are in Local mode.
- VRRPv3 for IPv4 and IPv6 is not supported.
- When configuring QoS queuing policy, the sum of the queuing buffer should not exceed 100%.
- For QoS policies, only switched virtual interfaces (SVI) are supported for logical interfaces.
- QoS policies are not supported for port-channel interfaces, tunnel interfaces, and other logical interfaces.
- Restrictions for Cisco TrustSec:
– Cisco TrustSec can be configured only on physical interfaces, not on logical interfaces.
– Cisco TrustSec for IPv6 is not supported.
– Dynamic binding of IP-SGT is not supported for hosts on Layer 3 physical routed interfaces because the IP Device Tracking feature for Layer 3 physical interfaces is not supported.
– Cisco TrustSec cannot be configured on a pure bridging domain with IPSG feature enabled. You must either enable IP routing or disable the IPSG feature in the bridging domain.
– Cisco TrustSec on the switch supports up to 255 security group destination tags for enforcing security group ACLs.
– Cisco TrustSec VLAN-to-SGT binding cannot be enabled in pure bridging domain. You have to either manually enable IP device tracking on the ports in the VLAN, or enable SVI interface for the VLAN.
– For Cisco IOS Release 3.7E and later, Cisco TrustSec VLAN-to-SGT binding cannot be enabled in pure bridging domain. You have to either manually enable IP device tracking on the ports in the VLAN, or enable SVI interface for the VLAN.
- Cisco TrustSec MACSec for switch-to-switch security is supported only on switches running the IP base or IP services feature set. It is not supported on switches running the NPE or LAN base feature set.
- For the WS-C3850-12X48U-L, WS-C3850-12X48U-S and WS-C3850-12X48U-E switch models, a maximum of 28 ports are available for UPoE connections.
- Restrictions for Cisco Plug-in for OpenFlow:
– STRIP VLAN cannot work for L2 packets that do not have a payload.
– Support for Observe not implemented
– Blockwise requests are not supported.
– DTLS support is only for RawPublicKey and Certificate Based modes.
– IPv6 DTLS is not supported on Catalyst 3850 series switches.
– Switch does not act as DTLS client, but only as DTLS endpoints.
– Endpoints are expected to handle and respond with CBOR payloads.
– Client side requests are expected to be in JSON.
– Due to an IPv6 broadcast issue, switch cannot advertise itself to other Resource Directories as IPv6.
– Configuration of Fast PoE, Perpetual PoE or 2-event classification has to be done before physically connecting any endpoint. Alternatively, do a manual shut/no-shut of the ports drawing power.
– Power to the ports will be interrupted in case of MCU firmware upgrade and ports will be back up immediately after the upgrade.
- When a logging discriminator is configured and applied to a device, memory leak is seen under heavy syslog or debug output. The rate of the leak is dependent on the quantity of logs produced. In extreme cases, the device may crash. As a workaround, disable the logging discriminator on the device.
- The switch supports physical ports and Etherchannel ports in access and trunk modes.
Caveats
- Cisco Bug Search Tool
- Open Caveats
- Resolved Caveats in Cisco IOS XE Release 3.7.5E
- Resolved Caveats in Cisco IOS XE Release 3.7.4E
- Resolved Caveats in Cisco IOS XE Release 3.7.3E
- Resolved Caveats in Cisco IOS XE Release 3.7.2E
- Resolved Caveats in Cisco IOS XE Release 3.7.1E
- Resolved Caveats in Cisco IOS XE Release 3.7.0E
Cisco Bug Search Tool
The Bug Search Tool (BST), which is the online successor to Bug Toolkit, is designed to improve the effectiveness in network risk management and device troubleshooting. The BST allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.
To view the details of a caveat listed in this document:
1. Access the BST (use your Cisco user ID and password) at https://tools.cisco.com/bugsearch/ .
Open Caveats
Resolved Caveats in Cisco IOS XE Release 3.7.5E
Resolved Caveats in Cisco IOS XE Release 3.7.4E
Resolved Caveats in Cisco IOS XE Release 3.7.3E
Resolved Caveats in Cisco IOS XE Release 3.7.2E
Resolved Caveats in Cisco IOS XE Release 3.7.1E
Resolved Caveats in Cisco IOS XE Release 3.7.0E
Troubleshooting
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at this URL:
http://www.cisco.com/en/US/support/index.html
Choose Product Support > Switches. Then choose your product and click Troubleshoot and Alerts to find information for the problem that you are experiencing.
Related Documentation
http://www.cisco.com/c/en/us/support/ios-nx-os-software/ios-xe-3e/tsd-products-support-series-home.html
http://www.cisco.com/go/cat3850_docs
http://www.cisco.com/en/US/products/hw/modules/ps5455/tsd_products_support_series_home.html
http://www.cisco.com/go/designzone
https://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation , which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation , which lists all new and revised Cisco Technical documentation, as an RSS feed and deliver content directly to your desktop using a read application. The RSS feeds are a free service.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.