Cisco IOS Software Releases 12.2 SX

New Features in Cisco IOS Software Release 12.2(33)SXI4

  • Viewing Options

  • PDF (297.1 KB)
  • Feedback


This product bulletin introduces Cisco IOS® Software Release 12.2(33)SXI4, highlighting the new features it offers.

Cisco IOS Software Release 12.2(33)SXI4 Introduction

Release 12.2(33)SXI4 provides new Borderless Network, Data Center and Data Center Interconnect (DCI) features along with hardware support for the Cisco® Catalyst® 6500 Series Switch. Cisco IOS Software Release 12.2(33)SXI4 delivers new Cisco Catalyst 6500 Series hardware and software innovations that span multiple technology areas, including IPv6, integrated security, and Borderless Networks functionality.
For detailed information about the features and hardware supported in Release 12.2SX and 12.2(33)SXI, refer to the Cisco IOS Software Release 12.2SX release notes and customer documentation at
Use the Cisco Feature Navigator to find information about platform support and Cisco IOS Software image support at You must have an account on to access the Cisco Feature Navigator.
Cisco IOS Release 12.2SX is developed for and intended to run on Cisco Catalyst 6500 Series Switches only.
Figure 1 shows the new 12.2(33)SXI4 features deliver in the borderless network services space.

Figure 1. New Features in Borderless Network Services

Feature Highlights of Cisco IOS Software Release 12.2(33)SXI4

The following sections include Release 12.2(33)SXI4 hardware and software feature highlights.
Release 12.2(33)SXI4, like all 12.2SX releases, integrates innovations that span multiple technology areas.


• 10G Base-T 16-Port 10 Gigabit Ethernet Copper Module


• VSS support for SIP-400

• Advanced VPLS support for SIP-400


• VSS Quad Sup Uplink Forwarding

• Service Advertisement Framework (SAF)

• Multicast Service Reflection

• Energywise Phase 1 & 2

• Advanced VPLS (A-VPLS)

• IPv6 HSRP Global Address

• IPv6 Port Access Control List (PACL)

• IPv6 Policy-Based Routing

• IPv6 RA-Guard Host Mode

• TrustSec IPv6 SGT Learning from Data-Path

• VPLS MAC Address Withdrawal

• Fast UDLD

• DHCP Server Port Based Address Allocation

• MPLS Egress Netflow

• Netflow Data Export to a Collector in a VRF

Hardware Support

Cisco Catalyst 6500 16-Port 10 Gigabit Ethernet Copper Module

The Cisco Catalyst 16-Port 10 Gigabit Ethernet Copper Module extends the 10 Gigabit Ethernet portfolio on the Cisco Catalyst 6500 Series, providing up to 130 copper ports of 10 Gigabit Ethernet in a single Cisco Catalyst 6509 Switch chassis. It is ideal for deployment in the data center for high-speed server connectivity and also for switch-to-switch connectivity within a 330-foot (100-meter) distance.
The 16-port 10 Gigabit Ethernet copper modules will support Cat6 unshielded twisted pair (UTP) and shielded twisted pair (STP), Cat6A UTP and STP, and Cat7 UTP and STP. Cat6-type cabling will provide 10-Gbps operation with distances of up to 181.5 feet (55 meters) over UTP and up to 330 feet (100 meters) over shielded cabling. Both Cat6A and 7 cabling will provide 10-Gbps operation with distances of up to 330 feet (100 meters) over UTP and shielded cabling. (See Figure 2.)
There are two versions of the Cisco Catalyst 6500 16-Port 10 Gigabit Ethernet Copper Module:

• WS-X6716-10T-3C 16-Port 10 Gigabit Ethernet Copper Module with Distributed Forwarding Card 3C (DFC3C)

• WS-X6716-10T-3CXL 16-Port 10 Gigabit Ethernet Copper Module with Distributed Forwarding Card 3CXL (DFC3CXL)

Figure 2. Cisco Catalyst 6500 16-Port 10 Gigabit Ethernet Copper Module

Small Form-Factor Pluggable with Long Reach Multimode (SFP+ LRM)

Cisco Catalyst 6500 Series is introducing the 10G LRM SFP+ (SFP-10G-LRM) transceiver module support with OneX adapter.
The OneX adapter converts an X2 port into SFP+ (CVR-X2-SFP10G) and offers investment protection for customers using X2-based 10Gigabit Ethernet ports.

SPA Interface Processor-400 (SIP-400) Support on Virtual Switching System 1440 (VSS)

This feature enables VSS support for the SPA Interface Processor-400 (SIP-400) to enable data center interconnect functionality with A-VPLS. VSS 1440 combines two Cisco Catalyst 6500 switches based on Virtual Switching Supervisor 720-10GE adapting SIP 400 CWAN line cards with Ethernet SPAs and POS SPAs, providing increased operational efficiency, scalability, and availability. This functionality will be used in conjunction with the new Advanced-VPLS feature. This feature gives VSS support across a WAN distances which are ideal for data center interconnect functionality.

Cisco Catalyst 6500 802.3af PoE, ePoE, and PoEP capable Module and Daughter Card

The enhanced PoE card WS-X6148E-GE-45AT supports 16.8 watts per port at FCS.
The WS-X6148E-GE-45AT line card is IEEE 802.3af PoE standard compliant and also enhanced PoE (ePoE) compliant. The WS-X6148E-GE-45AT line card has 48 ports of RJ-45 10/100/1000. The WS-X6148E-GE-45AT line card is IEEE 802.3at compliant for a future software release.
The WS-X6148E-GE-TX is a new line card that is not PoE. The daughter card, WS-F6K-48-AT is PoE+ capable, and enables PoE/ePoE at FCS. The new line card, WS-X6148E-GE-TX, is an evolution of WS-X6148A-GE-TX (non-PoE) and WS-X6148A-GE-45AF (PoE) to support enhanced PoE at 20 watts per port.

• WS-X6148E-GE-TX (line card without daughter card)

• WS-X6148E-GE-45AT (line card with preconfigured daughter card)

• WS-F6K-48-AT (daughter card, Enhanced PoE at FCS, but PoE+ ready)


Service Advertisement Framework (SAF)

Cisco's Service Advertisement Framework (SAF) is a dynamic, plug-and-play communications framework for network applications that allows servers and clients to advertise, discover, and select services. Cisco SAF is network based and distributes information by using IP routing technologies. This allows our customers greater scalability, availability, and flexibility to deploy and manage applications across the enterprise. An end-to-end network-based service discovery protocol is needed to increase service scalability while simplifying deployment tasks.
SAF benefits:

• Provides real-time service advertisement, discovery, presence, and selection

• Reduces ongoing operational costs by eliminating manual configuration

• Reduces services deployment time to realize faster return on investment (ROI)

In this first release, SAF enables Cisco Unified Communications Release 8.0 Call Control Discovery (CCD). This allows call agent discovery to create dynamic dial plans within the enterprise to decrease service deployment time (See Figure 3.).

Figure 3. SAF Improve Business Continuity, Avoiding Potentially Costly Network Downtime

Multicast Service Reflection

The multicast service reflection feature provides the capability for users to translate externally received multicast destination addresses to addresses that conform to their organization's internal addressing policy. Using this feature, users do not need to redistribute routes at the translation boundary into their network infrastructure. Users can also receive identical feeds from two ingress points in the network and route them independently.
Multicast service reflection supports the translation of the destination multicast address in packets as well as packet replication in a highly customizable manner. This feature allows connections to outside networks with multicast traffic and translates the multicast address using Network Address Translation (NAT). This feature is used extensively for rich media multicast traffic by financial companies, media companies, and other enterprises.
Figure 4 shows how multicast multimedia using streams can be received and used within an organization with the multicast service reflection.

Figure 4. Multicast Service Reflection between two separate networks

Virtual Switching System (VSS) Quad-Supervisor Uplink Forwarding

Cisco IOS Software Release 12.2(33)SXI4 introduces support for dual-supervisors in each of the active and standby VSS chassis, together forming a quad-supervisor VSS system. These secondary supervisors can also be used to forward traffic on the uplink ports thereby enabling all four supervisors in a VSS system to actively forward traffic under normal conditions. Furthermore, the additional supervisors can act as standby supervisors within each chassis to provide resilient network connectivity to single-homed devices and maximum bandwidth availability to both upstream and downstream connected devices.
Figure 5 shows two Catalyst 6500 switches in a VSS configuration with four supervisors on-line and forwarding uplink traffic.

Figure 5. Virtual Switching System (VSS) Quad Supervisor Uplink Forwarding

For more information visit:

Cisco EnergyWise

Cisco EnergyWise is an energy management framework that allows IT operations and facilities to measure and manage power usage to realize significant cost savings. Cisco EnergyWise uses an intelligent network-based approach, allowing IT and building facilities operations to understand, optimize, and control power across an entire corporate infrastructure, potentially affecting any powered device. Cisco EnergyWise Orchestrator, a dedicated power management solution for IT assets, administers the energy requirements of Power over Ethernet (PoE) devices and extends enterprise power management to desktop and laptop PCs. Cisco IOS Software Release 12.2(33)SXI4 supports both Phase I and Phase II of Cisco EnergyWise solution. Phase 2 supports PCs, Cisco EnergyWise Orchestrator and third-party applications such as Surveyor.
Figure 6 shows how EnergyWise regulates, measures, and reports energy usage.

Figure 6. Cisco Catalyst 6500 supports EnergyWise

Hot Standby Router Protocol: Global IPv6 Address

This software release supports Hot Standby Router Protocol (HSRP) with global IPv6 addresses. This feature allows the use of the IPv6 virtual address with a scope wider than the link. This feature allows an IPv4 like behavior with global IPv6 addresses. A virtual address with a scope wider than the link is needed when remote monitoring or routing protocol redistribution is needed.

IPv6 Port-Based Access Control List Support

Port-based access control list (PACL) provides a mechanism to filter incoming packets based on Layer 2 through 4 parameters at Layer 2 port level for IPv6 traffic. This feature increases the level of security available to the Cisco Catalyst 6500 when IPv6 is configured.
IPv6 PACLs function the same way as IPv4 PACLs except that they apply to IPv6 traffic.
EtherChannels also behave the same way as with IPv4 PACLs.

IPv6 Policy-Based Routing

IPv6 policy-based routing PBR provides a flexible mechanism for implementing routing of IPv6 traffic based on the policies defined by the network administrator rather than standard routing table entries. PBR in both IPv6 and IPv4 allows a user to manually configure how received packets should be routed. PBR allows the user to identify packets using several attributes and to specify the next hop or output interface to which the packet should be sent. PBR also provides a basic packet-marking capability.
The Cisco Catalyst 6500 supports IPv6 policy-based routing (PBR) in hardware for most scenarios and in software for others.
PBR provides a flexible means of routing packets by allowing configuration of a defined policy for traffic flows, which reduces reliance on routes derived from routing protocols. PBR gives more control over routing by extending and complementing the existing mechanisms provided by routing protocols.
Hardware Support:

• match IPv6 address

• set ipv6 next hop

• set vrf

• set ipv6 next-hop

• set ipv6 default next-hop

Software Support:

• match length

• set interface

• set default interface

• set ipv6 precedence

IPv6 PBR policies are not supported on IPv6 multicast traffic or IPv6 link local addresses

IPv6 RA-Guard Host Mode

IPv6 RA-Guard Host Mode blocks router advertisement and router redirect ICMP packets from Layer 2 ports.
The Cisco Catalyst 6500 can protect against rogue IPv6 router advertisements generated maliciously or unintentionally. This sometimes happens due to unauthorized or improperly configured IPv6 hosts when operating IPv6 in a shared Layer 2 network environment. In this software release, support for host mode is available.
For more information visit:

Advanced-Virtual Private LAN Services (A-VPLS)

Advanced-Virtual Private LAN Services (Advanced-VPLS) allows you to use multipoint VPLS for easier deployment within data center interconnect environments. A-VPLS uses an integrated solution that offers faster convergence and recovery that can be used with VSS. A-VPLS offers easy configuration (no EEM required), efficient bandwidth utilization, and simple redundancy.
A-VPLS makes a loopfree topology for VPLS while making it easier to configure multipoint VPLS tunnels. Advanced VPLS benefits include subsecond convergence, easy configuration, and end-to-end Layer 2, 3 and 4 load balancing for applications such as VMotion across data centers. This feature can be used in the campus for Layer 2 extensions when configuring network virtualization.
Figure 7 shows how load balancing is occurring across data centers using A-VPLS and VSS.

Figure 7. Load Balancing Across Data Centers Using Advanced VPLS and VSS

VPLS MAC Address Withdrawal

MAC address withdrawal provides faster convergence by removing (or unlearning) MAC addresses that have been dynamically learned. This feature enhances data center interconnect (DCI) connectivity. It allows A-VPLS to be more scalable due to faster convergence as devices in the Layer 2 segment change.

Dynamic Host Configuration Protocol: Server Port-Based Address Allocation

Dynamic Host Configuration protocol (DHCP) server port-based address allocation is a feature that enables DHCP to maintain the same IP address on an Ethernet switch port regardless of the attached device client identifier or client hardware address.
When Cisco Catalyst 6500 switches are deployed in the network, they offer connectivity to the directly connected devices. In some environments, such as retail or on a factory floor, if a device fails, the replacement device must be working immediately in the existing network. With the current DHCP implementation, there is no guarantee that DHCP would offer the same IP address to the replacement device. Control, monitoring, and other software expect a stable IP address associated with each device. If a device is replaced, the address assignment should remain stable even though the DHCP client has changed.
When configured, the DHCP server port-based address allocation feature ensures that the same IP address is always offered to the same connected port even as the client identifier or client hardware address changes in the DHCP messages received on that port. The DHCP protocol recognizes DHCP clients by the client identifier option in the DHCP packet. Clients that do not include the client identifier option are identified by the client hardware address. When you configure this feature, the port name of the interface overrides the client identifier or hardware address and the actual point of connection, the switch port, becomes the client identifier.
In all cases, by connecting the Ethernet cable to the same port, the same IP address is allocated through DHCP to the attached device.
The DHCP server port-based address allocation feature is only supported on a Cisco IOS DHCP server and not a third-party server.

Fast UniDirectional Link Detection (UDLD)

Fast UniDirectional Link Detection (UDLD) Allows UDLD timer configuration from 100 through 1000 ms. The previous UDLD timer configuration was 7 to 90 seconds. Fast UDLD allows subsecond failure detection on UDLD links.
Enterprises run mission critical applications. When there is a failure in the network due to a unidirectional link is being detected, UDLD shuts down the affected LAN port and alerts the user. Unidirectional links can cause a variety of problems, including spanning tree topology loops. Currently with hello interval range of 7 seconds to 90 seconds, even with the shortest hello interval of 7 seconds, Standard UDLD would detect a failure nearly 30 seconds (3 x hello interval + detection period) after it occurs. This new feature enhancement reduces the time of detection to sub-second failover.

IEEE 802.1x: RADIUS Change of Authorization (CoA)

IEEE 802.1x support for RADIUS Change of Authorization (CoA) will be used in NAC and TrustSec deployments. CoA is an extension to the RADIUS protocol to allow a management entity to create dynamic and unsolicited changes to the authorization information of an active session hosted by a network access device such as the Cisco Catalyst 6500. CoA allows the ability to change the authorization of an individual session already connected, and it can also trigger a network device acting as an enforcement point to update the contents of an enforcement policy that has previously been downloaded by that device.

MPLS Egress NetFlow (Tag to IP)

This feature allows NetFlow of IP packets after the last label has been removed and allows NetFlow statistics collection. MPLS ingress NetFlow (IP to Tag) has already been supported before this. NetFlow on the current Cisco Catalyst 6500 Supervisor 720 family is only an ingress interface feature.

Netflow Data Export to a Collector in a VRF

This feature enables export of netflow data to a destination whose route is in a virutal routing table other than the global table.
This allows administrators to set up multiple different destinations on different VRFs for their netflow data export. This is ideal when there are different destinations per VRF.

Open Shortest Path First (OSPF) for Routed Access

Open Shortest Path First (OSPF) for routed access is designed specifically to enable customers to extend Layer 3 routing capabilities to the access or wiring closet.
OSPF for routed access supports only one OSPFv2 and one OSPFv3 instance with a maximum number of 200 dynamically learned routes.
With the typical topology (hub and spoke) in a campus environment, where the wiring closets (spokes) are connected to the distribution switch (hub) forwarding all nonlocal traffic to the distribution layer, the wiring closet switch need not hold a complete routing table. A best practice design, where the distribution switch sends a default route to the wiring closet switch to reach interarea and external routes (OSPF stub or totally stubby areas configuration), should be used when OSPF for routed access is used in the wiring closet.

TrustSec IPv6 Security Group Tag Learning from Data-Path

TrustSec IPv6 security group tag (SGT) learning from Data-Path feature detects IPv6 to SGT mapping of single stack (IPv6) or dual stack (IPv4/IPv6) hosts. This feature allows customers to continue using TrustSec with their IPv6 deployments. The feature makes sure of the binding of IPv6 and IPv4 (dual-stack) to a single SGT, so SGACL enforcement can be done for IPv6 single- or dual-stack hosts.


12.2(33) SXI4 New MIB Support:

12.2(33)SXI4 MIB Enhancements:


Support traffic utilization monitor feature


Notification on learning new dynamic bindings


Support for error disable feature


Support for managing port flow control


Configuration and control information


TrustSec feature support for Dot1x supplicant


Support for additional TCAM usage


Support for DSCP-to-queue assignment and additional counters


Support for SXP information in TrustSec feature


Support for fast UDLD feature


Support for counters and 4 VSS SUPs


Support for VLAN group feature


Support for auto VLAN creation


Support for VTP config change trap


Support for auto VLAN creation


Support for VTP config change trap


Added EIGRP support


Support for port flow control


Support TrustSec NDAC

Product Management Contact

6500 Marketing Team (

Cisco IOS Software Center

Download Cisco IOS Software releases and access software upgrade planners at

Ordering Information

To place an order, visit the Cisco Ordering homepage. To download software, visit the Cisco Software Center.

Table 1. Ordering Information

Product Name

Part Number

Cisco Catalyst 6500 16-Port Gigabit Ethernet Module with DFC3C


Cisco Catalyst 6500 16-Port Gigabit Ethernet Module with DFC3CXL


Cisco 10GBASE-LRM SFP+ Module for MMF and SMF


Cisco Catalyst 6500 48-port 10/100/1000 module, field upgradable to IEEE 802.3af and enhanced PoE, RJ-45


Cisco Catalyst 6500 48-port 10/100/1000 module, IEEE 802.3af, and enhanced PoE compliant RJ-45


Catalyst 6500 series IEEE 802.3af and enhanced PoE compliant daughter card for WS-X6148E-GE-TX.


Cisco Services

Cisco Services integrate closely with CMO teams as an essential element of any technology solution. If you have not already received targeted services content blocks for integration, contact your Cisco Services marcom manager. If you are not sure of the appropriate contact, send an email to
Cisco Services make networks, applications, and the people who use them work better together.
Today, the network is a strategic platform in a world that demands better integration between people, information, and ideas. The network works better when services, together with products, create solutions aligned with business needs and opportunities.
The unique Cisco Lifecycle approach to services defines the requisite activities at each phase of the network lifecycle to help ensure service excellence. With a collaborative delivery methodology that joins the forces of Cisco, our skilled network of partners, and our customers, we achieve the best results.

For More Information

For more information about the Cisco Catalyst 6500 Series, visit the product homepage at or contact your local account representative.