Cisco® announces Cisco IOS® Software updates for Cisco Catalyst® 3750-E and 3560-E Series Switches. This new release furthers Cisco leadership in providing secure, reliable, integrated data and voice LAN switching solutions.
• Multi Domain Authentication (MDA)-MDA provides enhanced security for IP phone deployments. This allows an IP phone (Cisco or third-party) and a single host behind the IP phone to independently authenticate using 802.1x. Using this method, a switch can place the host in the data VLAN and IP phone in the voice VLAN, though they appear on the same switch port. Data VLAN can be downloaded from the authentication, authorization, and accounting (AAA) server. For non-802.1x devices, MAC Authentication Bypass (MAB) can be used as the fallback to authenticate using the MAC address of the device. For non-802.1x deployments, MAB can be used to authenticate both IP phones and hosts.
• Local Web Authentication-Allows non-802.1x users to authenticate using a login page. The switch intercepts an HTTP packet from the host and sends an HTML login page. The user keys in the credentials (such as username and password) and gets authenticated by an AAA server.
• MAC Authentication Bypass (MAB) for Voice VLAN-This feature allows non-802.1x IP phones (with no 802.1x supplicant) to authenticate to the network, utilizing the MAC address of the IP phone. The switch will initiate an Extensible Authentication Protocol (EAP) conversation with an AAA server on behalf of the IP phone to authenticate the MAC address itself. This process is transparent to the end user and utilizes a prepopulated database on the AAA server.
• MAB aging timer-Provides a mechanism to detect inactive hosts after they have authenticated using MAB. The switch flushes the entries for hosts that remain inactive for this duration, thus allowing new hosts to get authenticated on the same port.
• Fast Stack Image Update-Updates the software images for all the stack members in parallel, improving the speed and performance of image updates.
• Generic Online Diagnostics Framework (GOLD) for Cisco Catalyst 3560-GOLD is a fault detection framework that provides troubleshooting tools for customers and the Cisco Technical Assistance Center (TAC) and can be either run on demand or scheduled.
– Supports the same level of GOLD functionality available on the Cisco Catalyst 3750.
• Power over Ethernet (PoE) MIB-A new CISCO-POWER-ETHERNET-EXE-MIB provides PoE visibility and allows administrators to proactively monitor power usage. Table 1 describes managed objects related to PoE.
Table 1. Overview of New PoE MIB Object Types
• Enhanced Object Tracking (EoT)-Provides ability for Hot Standby Router Protocol (HSRP)-like protocols to monitor the link and route state objects and dynamically adjust to state changes. This provides increased network availability during failover.
• STACK MAC Persistent Timer-Currently, when a stack master is removed and a new master takes over, by default, the MAC address of the new stack master becomes the new stack MAC router address. This feature enables users to configure a timer to allow a time delay before stack MAC address changes to the new master MAC address. A value of "0" helps ensure the original master MAC address remains the stack MAC router address, thus making it transparent to the endpoints.
Table 2. Cisco IOS Software Release 12.2(35)SE2 New Features for Catalyst 3750-E and 3560-E Series Switches
• IPB = IP Base Feature Set
• IPS = IP Services Feature Set
• AIS = Advanced IP Services Feature Set
• X = supported ; N = not supported
• 3750-E = Catalyst 3750-E Series Switches
• 3750 = Cisco Catalyst 3750 Series Switches
• 3560-E = Catalyst 3560-E Series Switches
• 3560 = Cisco Catalyst 3560 Series Switches
Note: New with the 3750-E and 3560-E is the IOS Universal Image, a single IOS image file that contains all of the features previously found in the IP Base, IP Services, and Advanced IP Services IOS images. The new Cisco IOS Software Licensing infrastructure called "Software Activation" now authorizes and enables the usage of the three existing IOS software feature sets. A special file contained in the switch's flash memory, called a license file, is examined by IOS when the switch is powered on. Based on the license's type, IOS enables the appropriate IOS feature set. License types can be changed or upgraded to enable a different feature set through the purchase of a product activation key (PAK). A particular license file only functions with the switch for which it was created, meaning license files cannot be copied to different switches.
Table 3. Cisco Catalyst Switches Supported with Cisco IOS Software Release 12.2(35)SE2
• Cisco IOS Software Upgrade Planner: http://www.cisco.com/cgi-bin/Software/Iosplanner/Planner-tool/iosplanner.cgi?majorRel=
• Guest Level Access Planner: http://www.cisco.com/kobayashi/sw-center/index.shtml
• Cisco Catalyst 3750-E Series switches: http://www.cisco.com/go/3750-E
• Cisco Catalyst 3560-E Series switches: http://www.cisco.com/go/3560-E
• Cisco Catalyst 3750-E, 3560-E Series release notes:
Software Image Migration Guide
Figure 1. Cisco IOS Software Release 12.2 Release Train