Guest

Cisco Industrial Ethernet 3000 Series Switches

Cisco IOS Software Release 12.2(50)SE for Cisco Catalyst 3750-E, 3560-E, 3750, 3560, and 2960 Series Switches, Cisco Industrial Ethernet 3000 Series Switches, and Cisco Catalyst Blade 3000 & 3100 Switch Series

  • Viewing Options

  • PDF (202.3 KB)
  • Feedback

PB523873

Cisco announces Cisco® IOS® Software updates for Cisco Catalyst® 3750-E, 3750, 3560-E, 3560, and 2960 Series Switches, Cisco Industrial Ethernet 3000 Series Switches, Cisco Catalyst Blade Switch 3000 and 3100 Series. This release introduces Cisco EnergyWise technology, and adds several enhancements in the areas of identity-based networking services and ease of use with Auto Smartports.

This product bulletin contains content and delivery information for Cisco IOS Software Release 12.2(50)SE.

New Features

The following new features for enterprise switches are available with this Cisco IOS Software release:

• Cisco EnergyWise: The inclusion of Cisco EnergyWise technology in this release enables companywide optimization of greenhouse gas (GhG) emissions by measuring, reporting, and reducing energy consumption across the entire corporate infrastructure.

• Identity-based networking: This release continues to enhance Cisco Identity-based Networking Services (IBNS) with several primary innovations to simplify configurations that support heterogeneous endpoint device environments. The release also includes innovations to transparently integrate with existing network and Internet Protocol Telephony (IPT) infrastructure and to provide IT administrators comprehensive policy enforcement options. These enhancements are covered in detail under "Security and Identity Enhancements" section.

• Auto Smartports: This release extends Smartports to allow dynamic switch port provisioning. The switch uses Cisco Discovery Protocol to determine the type of the device connected to the switch and automatically provisions the port based on the predefined macros. The switch integrates with RADIUS for device authentication and applies the macro based on the RADIUS-assigned tag.

• Wired location services: This enhancement enables switch port tracking of hosts or users connected to switches. As part of the location service, the switch integrates with Cisco wireless Mobility Services Engine, which can be used for host/user lookup in determining the switch connectivity for troubleshooting purposes.

• Cisco Catalyst 3750 Series with Cisco StackWise® enhancements for troubleshooting: This release provides new command-line interface (CLI) for StackWise stats and counters to aid in troubleshooting.

• LLDP-MED integration for class of service/diff services code point (CoS/DSCP): Switch will signal CoS/DSCP settings to connected IP telephone using Link Layer Discovery Protocol for Media Endpoint Devices (LLDP-MED) (so that the IP telephone can use the values for communication)

• Link Layer Discovery Protocol (LLDP) MIB: This release provides manageability for LLDP including local and remote MIBs.

• Secure copy (SCP) support for Configuration Copy Management Information Base (Config-Copy-MIB). This feature provides secure configuration copy capability.

• IP Source Guard (IPSG) and Dynamic Address Resolution Protocol (ARP) Inspection (DAI) support for Cisco Catalyst 2960 Series Switches with LAN Base software: This release introduces IPSG and DAI capabilities for Layer 2 security.

• Cisco Catalyst 2960 Series authentication-failed VLAN. This feature is now also available in LAN Lite package. Previously it was available only in LAN Base package.

• Cisco Configuration Engine support: Catalyst switches can be managed from Cisco Configuration Engine for zero-touch deployment.

• IS-ISv4: This release introduces Integrated Intermediate System-to-Intermediate System (IS-IS) routing protocol for IPv4 networks.

• RADIUS Server load balancing: This release allows access and authentication requests to be distributed evenly across all RADIUS servers in a server group.

• Cisco Entity Sensor MIB: This release adds manageability for Digital Optical Monitoring (DOM)-capable modules.

• X2 ZR: This release supports 10 Gigabit Ethernet X2 ZR optical modules.

• CPU utilization threshold: This release allows users to define thresholds and receive notification when thresholds are exceeded.

• Embedded Event Manager (EEM) 2.4: This release adds EEM 2.4 support.

• Support for 64 EtherChannel ports: This release increases EtherChannel scaling to 64 per switch. Available only on Cisco Catalyst 3100 Series blade switches

• Resilient Ethernet Protocol (REP) for the Cisco Industrial Ethernet (IE) 3000 Series: This protocol provides fast convergence for Layer 2 ring topologies.

• IPv6 packaging changes: Cisco has announced the end of life for Advanced IP Services (AIS). Functionality previously available in AIS has been migrated to IP Services or IP Base as documented in Table 1.

Table 1. Feature Migration for Catalyst 3k Advanced IP Services

Feature

Current IPv6 Features before EOL

Location of IPv6 after EOL

EIGRPv6, OSPFv3

Advanced IP Services

IP Services

ACL

Advanced IP Services

IP Base

HSRPv6

Advanced IP Services

IP Base

DHCP Server/Client/Relay

Advanced IP Services

IP Base

RIPng

Advanced IP Services

IP Base

Static Routes

Advanced IP Services

IP Base

Security and Identity Enhancements

The following security and identity enhancements are included in this release.

Flexible Authentication Sequencing

Flexible authentication sequencing (Figure 1) provides a flexible fallback mechanism among IEEE 802.1X, MAC authentication bypass (MAB), and web authentication methods. It also allows switch administrators to control the sequence of the authentication methods. This simplifies identity configuration by providing a single set of configuration commands to handle different types of endpoints connecting to the switch ports. In addition, it allows users to configure any authentication method on a standalone basis. For example, MAB can be configured without IEEE 802.1X configuration required.

Figure 1. Flexible Authentication

IEEE 802.1X with Open Access

This feature allows users to have limited network access, such as the Intel Preboot Execution Environment (PXE) boot server, prior to IEEE 802.1X authentication. The limited access is controlled by an access control list (ACL) that is defined by the switch administrator and applied on the switch port.

IEEE 802.1X, MAB, and Web Authentication with Downloadable ACL

This feature allows per-user ACLs to be downloaded from the Cisco Access Control Server (ACS) as policy enforcement after authentication using IEEE 802.1X, MAC authentication bypass, or web authentication.

Cisco Discovery Protocol Enhancement for Second Port Disconnect

For IP telephony environments, Cisco Discovery Protocol is enhanced to add a new Type-Length-Value (TLV) for the IP phone to indicate when a PC disconnects from the IP phone. Upon receiving this notification, the switch can clear the security record for the PC.

IEEE 802.1X with Multiple Authentication

Multiple authentication (multiauth) allows more than one host to authenticate on an IEEE 802.1X enabled switch port. With multiauth, each host must authenticate individually before it can gain access to the network resources. Multiauth is limited to eight hosts per port on Catalyst 3000 and 2000 Series Switches.

Centralized Web Authentication

This feature allows the switch to redirect users using HTTP URL redirection to a central web authentication server or a guest access server for authentication before accessing the network resources.

Common Session ID

IEEE 802.1X and MAB use a session ID identifier for all 802.1X and MAB authenticated sessions. The session ID is used for all reporting purposes such as show commands, MIBs, and RADIUS messages. The ID allows users to distinguish messages for one session from messages for other sessions.

Conditional Logging

To simplify troubleshooting, IEEE 802.1X and MAB provide a capability to filter debug messages for a range of interfaces.

802.1X Switch Supplicant with Network Edge Access Topology (NEAT)

NEAT extends identity to areas outside the wiring closet (such as conference rooms) through the following.

• 802.1X switch supplicant : switch with 802.1X supplicant authenticates with upstream switch for secure connectivity, protecting the network against rogue switches. Switch supplicant also supports authentication over trunk ports.

• Host Authorization : NEAT also ensures only traffic from authorized hosts (connecting to the switch with supplicant) is allowed on the network mitigating man-in-middle attacks.

• Auto enablement. Automatically enables trunk configuration on the authenticator switch, allowing user traffic from multiple VLANs.

Authentication Framework Manager and MAC Authentication MIBs

These features make it possible to manage the identity enhancements described earlier.
Table 2 describes product support for new features of Cisco IOS Software Release 12.2(50)SE for Cisco Catalyst 3750, 3750-E, 3560 and 3560-E Series Switches.

Table 2. New Features in Cisco IOS Software Release 12.2(50)SE for Cisco Catalyst 3750, 3750-E, 3560 and 3560-E Series Switches

Feature

3750 and 3750-E IP Base Feature Set

3750 and 3750-E IP Services Feature Set

3560 and 3560-E IP Base Feature Set

3560 and 3560-E IP Services Feature Set

EnergyWise

Yes

Yes

Yes

Yes

Flexible authentication

Yes

Yes

Yes

Yes

802.1X switch supplicant

Yes

Yes

Yes

Yes

802.1X over trunk port

(between switch supplicant and authenticator)

Yes

Yes

Yes

Yes

802.1X with open access

Yes

Yes

Yes

Yes

802.1X, MAB, and web authentication with downloadable ACL

Yes

Yes

Yes

Yes

Cisco Discovery Protocol enhancement for second port disconnect

Yes

Yes

Yes

Yes

802.1X with multiauth

Yes

Yes

Yes

Yes

Centralized web authentication

Yes

Yes

Yes

Yes

Common session ID

Yes

Yes

Yes

Yes

Conditional logging

Yes

Yes

Yes

Yes

Authentication Framework Manager and MAC authentication MIBs

Yes

Yes

Yes

Yes

Auto Smartports

Yes

Yes

Yes

Yes

Wired location services

Yes

Yes

Yes

Yes

StackWise enhancements for troubleshooting

Yes

Yes

No

No

LLDP_MED integration for CoS/DSCP

Yes

Yes

Yes

Yes

Secure copy support for Config-Copy MIB

Yes

Yes

Yes

Yes

Configuration Engine support

Yes

Yes

Yes

Yes

IS-ISv4

No

Yes

No

Yes

IPv6 packaging changes

Yes

Yes

Yes

Yes

RADIUS server load balancing

Yes

Yes

Yes

Yes

LLDP MIB

Yes

Yes

Yes

Yes

X2 ZR

Yes

Yes

Yes

Yes

Cisco Entity Sensor MIB

Yes

Yes

Yes

Yes

EEM 2.4

No

Yes

No

Yes

Table 3 describes product support for new features of Cisco IOS Software Release 12.2(50)SE for Cisco Catalyst 2960, Cisco Industrial Ethernet Switches, and Cisco Catalyst Blade Switch Series

Table 3. New Features in Cisco IOS Software Release 12.2(50)SE for Cisco Catalyst 2960, Cisco Industrial Ethernet Switches, and Cisco Catalyst Blade Switch Series

Feature

2960 Series LAN Base Feature Set

2960Series LAN Lite Feature Set

Industrial Ethernet 3000 Series

Catalyst Blade Switch 3000 Series

CBS 3100 Series IP Base Feature Set

CBS 3100 Series IP Services Feature Set

EnergyWise

Yes

No

Yes

Yes

Yes

Yes

Flexible authentication

Yes

No

Yes

Yes

Yes

Yes

802.1X switch supplicant

Yes

No

Yes

Yes

Yes

Yes

802.1X over trunk port

(between switch supplicant and authenticator)

Yes

No

Yes

Yes

Yes

Yes

802.1X with open access

Yes

No

Yes

Yes

Yes

Yes

802.1X, MAB, and web authentication with downloadable ACL

Yes

No

Yes

Yes

Yes

Yes

Cisco Discovery Protocol enhancement for second port disconnect

Yes

No

Yes

Yes

Yes

Yes

802.1X with multiauth

Yes

No

Yes

Yes

Yes

Yes

Centralized web authentication

Yes

No

Yes

Yes

Yes

Yes

Common session ID

Yes

No

Yes

Yes

Yes

Yes

Conditional logging

Yes

No

Yes

Yes

Yes

Yes

Authentication Framework Manager and MAC authentication MIBs

Yes

No

Yes

Yes

Yes

Yes

Auto Smartports

Yes

No

Yes

Yes

Yes

Yes

Wired location services

Yes

No

Yes

Yes

Yes

Yes

IPSG and DAI

Yes

No

Yes

Existing support

Existing support

Existing support

Authentication Fail VLAN

Existing support

Yes

Yes

Existing support

Existing support

Existing support

StackWise enhancements for troubleshooting

No

No

No

No

Yes

Yes

LLDP_MED Integration for Cos/DSCP

Yes

No

Yes

Yes

Yes

Yes

Secure copy support for Config-Copy MIB

Yes

Yes

Yes

Yes

Yes

Yes

Configuration Engine support

Yes

Yes

Yes

Yes

Yes

Yes

IS-ISv4

No

No

No

No

No

Yes

IPv6 packaging changes

No

No

No

Yes

Yes

Yes

RADIUS server load balancing

Yes

No

Yes

Yes

Yes

Yes

LLDP MIB

Yes

Yes

Yes

Yes

Yes

Yes

X2 ZR support

No

No

No

No

No

No

Cisco Entity Sensor MIB

No

No

No

No

No

No

EEM 2.4

No

No

No

No

No

Yes

64 Etherchannel support

No

No

No

No

Yes

Yes

REP

No

No

Yes

No

No

No

Table 4 lists the part numbers for the switches supported by Cisco IOS Software Release 12.2(50)SE.

Table 4. Part Numbers for Cisco Catalyst Switches Software Licenses Supported by Cisco IOS Software Release 12.2(50)SE

Cisco Catalyst 3750-E and 3560-E Series License Part Numbers

Cisco Catalyst 3750-E Series IP Services Part Numbers

Cisco Catalyst 3750-E Series IP Base Part Numbers

Cisco Catalyst 3560-E Series IP Services Part Numbers

Cisco Catalyst 3750 and 3560 Series License CD Part Numbers

• 3750E-LIC=
• 3750E-IPSLCB-QTY
• 3750E48-IPSLCB-QTY
• 3560E-LIC=
• 3560E-IPSLCB-QTY
• 3750E-24TD-E
• 3750E-24PD-E
• 3750E-48TD-E
• 3750E-48PD-E
• 3750E-48PD-EF
• 3750E-24TD-S
• 3750E-24PD-S
• 3750E-48TD-S
• 3750E-48PD-S
• 3750E-48PD-SF
• 3560E-24TD-E
• 3750E-24PD-E
• 3560E-48TD-E
• 3560E-48PD-E
• 3560E-48PD-EF
• WS-C3560E-12D-E
• WS-C3560E-12SD-E
• CD-3750-EMI=
• CD-3750G-EMI=
• CD-3750G-48EMI=
• CD-3560-EMI=
• CD-3560G-EMI=
• CD-3750V2-EMI=
• CD-3560V2-EMI=

Cisco Catalyst 3750 Series IP Services Part Numbers

Cisco Catalyst 3750 Series IP Base Part Numbers

Cisco Catalyst 3560 Series IP Services Part Numbers

Cisco Catalyst 2960 Series Part Numbers

Cisco Catalyst Blade Switches Part Numbers

• 3750-48TS-E
• 3750-24TS-E
• 3750G-24T-E
• 3750G-48TS-E
• 3750G-24TS-E
• 3750G-12S-E
• 3750G-16TD-E
• 3750-48PS-E
• 3750-24PS-E
• 3750G-24TS-1U-E
• 3750G-24PS-E
• 3750G-48PS-E
• 3750V2-48TS-E
• 3750V2-24TS-E
• 3750V2-48PS-E
• 3750V2-24PS-E
• 3750-48TS-S
• 3750-24TS-S
• 3750G-24T-S
• 3750-24FS-S
• 3750G-48TS-S
• 3750G-24TS-S
• 3750G-12S-S
• 3750G-16TD-S
• 3750-48PS-S
• 3750-24PS-S
• 3750G-24TS-1U-S
• 3750G-24PS-S
• 3750G-48PS-S
• 3750G-24WS-S50
• 3750G-24WS-S25
• 3750V2-48TS-S
• 3750V2-24TS-S
• 3750V2-48PS-S
• 3750V2-24PS-S
• 3560-24TS-E
• 3560-48TS-E
• 3560-48PS-E
• 3560-24PS-E
• 3560G-48PS-E
• 3560G-24PS-E
• 3560G-48TS-E
• 3560G-24TS-E
• 3560V2-24TS-E
• 3560V2-48TS-E
• 3560V2-24PS-E
• 3560V2-48PS-E
• 2960PD-8TT-L
• 2960-8TC-L
• 2960-24TT-L
• 2960-24TC-L
• 2960-24PC-L
• 2960-24LT-L
• 2960-48TT-L
• 2960-48TC-L
• 2960-48PST-L
• 2960G-8TC-L
• 2960G-24TC-L
• 2960G-48TC-L
• 2960-24-S
• 2960-24TC-S
• 2960-48TC-S
• C2960-48TT-S
• C2960-8TC-S
• WS-CBS3130X-S
• WS-CBS3130X-S-F
• WS-CBS3130G-S
• WS-CBS3130G-S-F
• WS-CBS3110X-S
• WS-CBS3110X-S-I
• WS-CBS3110G-S
• WS-CBS3110G-S-I
• 3110-IPS-LIC
• 3110-IPS-IBM
• WS-CBS3120G-S
• WS-CBS3120X-S
• 3120-IPS-LIC
• WS-CBS3032-DEL
• WS-CBS3032-DEL-F
• WS-CBS3020-HPQ
• WS-CBS3012-IBM
• WS-CBS3012-IBM-I
• WS-CBS3125G-S
• WS-CBS3125X-S
• WS-CBS3120G-S
• WS-CBS3120X-S

Additional Resources

Software Download

Software is available for download from the following sites:

• Cisco IOS Software upgrade planner: www.cisco.com/cgi-bin/Software/Iosplanner/Planner-tool/iosplanner.cgi?majorRel=

• Guest-level access planner: www.cisco.com/kobayashi/sw-center/index.shtml

You must purchase the EMI/IP Services software upgrade kit when upgrading a switch from SMI/IP Base to EMI/IP Services software. Downloads of SMI/IP Base, EMI/IP Services files are monitored for adherence to this requirement. The Cisco Catalyst 3750-E and 3560-E Series Switches support the new Cisco IOS Software licensing infrastructure, which authorizes and enables the use of the two existing Cisco IOS Software feature sets. A special file contained in the switch's flash memory, called a license file, is examined by Cisco IOS Software when the switch is powered on. Based on the license's type, Cisco IOS Software enables the appropriate Cisco IOS Software feature set.
Because of export restrictions on strong cryptography software, a separate image is required for the cryptographic features (Secure Shell [SSH] Protocol, Simple Network Management Protocol [SNMP] v3, and Kerberos Protocol). These software images can be downloaded from the corresponding Triple Data Encryption Standard (3DES) area of the links provided in this section. Note that the Cisco Advanced IP Services license is available only in cryptographic format.

Product Information

Additional product information is available at the following sites:

• Cisco Catalyst 3750-E Series Switches: www.cisco.com/go/3750-E

• Cisco Catalyst 3750 Series Switches: www.cisco.com/go/catalyst3750

• Cisco Catalyst 3560-E Series Switches: www.cisco.com/go/3560-E

• Cisco Catalyst 3560 Series Switches: www.cisco.com/go/catalyst3560

• Cisco Catalyst 2960 Series Switches: www.cisco.com/go/catalyst2960

• Cisco Catalyst 3750-E, 3560-E, 3750, 3560, and 2960 Series release notes:

– www.cisco.com/en/US/products/ps7077/prod_release_notes_list.html

– www.cisco.com/en/US/products/ps7078/prod_release_notes_list.html

– www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/index.htm

– www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/index.htm

– www.cisco.com/univercd/cc/td/doc/product/lan/cat2960/index.htm

• Cisco Catalyst Blade Switches: www.cisco.com/en/US/products/ps6748/index.html

Support

Cisco IOS Software Release 12.2(46)SE follows the standard Cisco support policy. For more information, visit: www.cisco.com/en/US/products/products_end-of-life_policy.html.

Software Image Migration Guide

Figure 2 displays Cisco IOS Software Release 12.2(46)SE functions relative to the 12.2S and 12.2SE releases and identifies the recommended migration path.

Figure 2. Cisco IOS Software Release 12.2 Release Train