Cisco Network Assistant

Release Notes for Cisco Network Assistant 3.0 and Later

  • Viewing Options

  • PDF (383.3 KB)
  • Feedback
Release Notes for Cisco Network Assistant 3.0 and Later

Table Of Contents

Release Notes for Cisco Network Assistant 3.0 and Later


New Features

System Requirements

Installation Requirements

Devices Supported



Access Points


Cluster Compatibility

Downloading Network Assistant

Updating Network Assistant

Upgrading a Switch by Using Network Assistant

Minimum Cisco IOS Release

Limitations and Restrictions

Cluster Limitations and Restrictions

Network Assistant Limitations and Restrictions

All Devices

Catalyst 4500 Series Switches

Community Limitations

Cluster Limitations

Community and Cluster Limitations

Important Notes

Compatibility with Cisco IOS

Community Notes

Cluster Notes

Network Assistant Notes

Open Caveats

Resolved Caveats

Caveats Resolved in Network Assistant 3.1

Caveats Resolved in Network Assistant 3.0(1)

Caveats Resolved in Network Assistant 3.0

Related Documentation

Obtaining Documentation

Product Documentation DVD

Ordering Documentation

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Obtaining Technical Assistance

Cisco Technical Support & Documentation Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information

Release Notes for Cisco Network Assistant 3.0 and Later

January 30, 2006

These release notes include important information about Cisco Network Assistant 3.0, 3.0(1), and 3.1, and any limitations, restrictions, and caveats that apply to these releases.


This information is in the release notes:

"New Features" section

"System Requirements" section

"Downloading Network Assistant" section

"Updating Network Assistant" section

"Upgrading a Switch by Using Network Assistant" section

"Minimum Cisco IOS Release" section

"Limitations and Restrictions" section

"Important Notes" section

"Open Caveats" section

"Resolved Caveats" section

"Related Documentation" section

"Obtaining Documentation" section

"Cisco Product Security Overview" section

"Obtaining Technical Assistance" section

"Obtaining Additional Publications and Information" section

New Features

When you install and launch Cisco Network Assistant 3.0, you can

Receive notices of key network events, such as the availability of a new version of Cisco Network Assistant, an issue with a device in your network, or the need for a configuration change. The Event Notification window describes these events and, in many cases, helps you to respond appropriately.

Specify security settings for hosts that are connected to Catalyst Express 500 switches by choosing low, medium, or high security in the Network Security window. The low setting (default) provides port security and protection against broadcast storms. The medium setting adds MAC address authentication. The high setting adds IEEE 802.1x authentication to permit or deny network connectivity and to control VLAN access based on user or machine identity.

Apply Smartports roles to quickly configure Catalyst Express 500 ports for connections to desktops, IP phones, switches, routers, access points, printers, servers, guest devices, and diagnostic devices.

Configure the wireless security settings of Cisco Aironet Access Points, like Service Set Identifiers (SSIDs) and Wired Equivalent Privacy (WEP), using the Secure Wireless window.

Test the connectivity of any two devices, so long as one of them is a Catalyst Express 500 switch or one of them is directly connected to a Catalyst Express 500 switch.

Navigate through network features more intuitively with a feature bar that is organized by major tasks: Configure, Monitor, Troubleshoot, and Maintenance. Keyboard shortcuts are also available for easy navigation.

View a report that has details about the connections between Catalyst Express 500 switches and their neighbors.

Search for a port by entering a MAC address, an IP address, or a description.

See the percentage of bandwidth utilized on Catalyst Express 500 switches in the past minute, hour, day, or 2-week period.

System Requirements

The system requirements are described in these sections:

"Installation Requirements" section

"Devices Supported" section

"Cluster Compatibility" section

Installation Requirements

The PC on which you install Network Assistant must meet these minimum hardware requirements:

Processor speed: Pentium 3, 1 GHz

DRAM: 256 MB

Hard-disk space: 200 MB recommended (the actual application requires around 70 MB)

Number of colors: 65536

Resolution: 1024 x 768

Font size: Small

These operating systems support Network Assistant:

Windows XP, Service Pack 1 or later

Japanese Windows XP, Service Pack 1 or later

Windows 2000, Service Pack 3 or later

Japanese Windows 2000, Service Pack 3 or later

Devices Supported

Network Assistant manages these routers, switches, access points, and firewalls. It manages Catalyst Express 500 switches, routers, access points, and firewalls only as community members; these devices cannot be cluster members.


Cisco 3800 series, models 3825 and 3845

Cisco 3700 series, models 3725 and 3745

Cisco 2800 series, models 2801, 2811, 2821, and 2851

Cisco 2600 series, models 2610XM, 2611XM, 2620XM, 2621XM, 2650XM, 2651, 2651XM, and 2691

Cisco 1800 series, models 1801, 1801W, 1802, 1802W, 1803, 1803W, 1811, 1811W, 1812, 1812W, and 1841

Cisco 1700 series, models 1701, 1711, 1710, 1712, 1721, 1751, 1751-V, and 1760

Cisco 800 series, models 831, 836, 837, 851, 857, 876, 877, and 878


Catalyst 4900 series

Catalyst 4948 (WS-C4948)

Catalyst 4948-10GE (WS-C4948-10GE)

Catalyst 4500 series

Catalyst 4503 (WS-C4503)
Catalyst 4506 (WS-C4506)
Catalyst 4507R (WS-C4507R)
Catalyst 4510R (WS-C4510R)

Supervisor Engine II-Plus (WS-X4013+)
Supervisor Engine IV (WS-X4515)
Supervisor II-Plus-TS (WS-X4013+TS)
Supervisor Engine V (WS-X4516)
10-Gigabit Supervisor Engine V (WS-X4516-10GE)

Supervisor Daughter Card: NetFlow Services daughter card (WS-F4531)

Switching modules:
24-port 10/100 with RJ-45 connectors (WS-X4124-RJ45)
24-port Fast Ethernet 100BASE-FX, multimode fiber with MT-RJ connectors (WS-X4124-FX-MT)
48-port Fast Ethernet 100BASE-FX, multimode fiber with MT-RJ connectors (WS-X4148-FX-MT)
48-port Fast Ethernet 100BASE-LX10, single-mode fiber with MT-RJ connectors (WS-X4148-FE-LX-MT)
48-port 10/100 with RJ-45 connectors (WS-X4148-RJ)
48-port Ethernet 10/100-Mbps with 4 telco connectors (WS-X4148-RJ21)
24-port 10/100 PoE 802.3af compliant with RJ-45 connectors (WS-X4224-RJ45V)
32-port Ethernet 10/100 and 2 GBIC uplinks (WS-X4232-GB-RJ)
48-port 10/100 PoE 802.3af compliant with telco connectors (WS-X4248-RJ21V)
48-port 10/100 PoE 802.3af compliant with RJ-45 connectors (WS-X4248-RJ45V)
2 GBIC ports (WS-X4302-GB)
24-port 10/100/1000 with RJ-45 connectors (WS-X4424-GB-RJ45)
18 GBIC ports (WS-X4418-GB)
48-port Ethernet 10/100/100 with RJ-45 connectors (WS-X4448-GB-RJ45)
48-port 1000BASE-X, SFP-based with LC connectors—SFP optics included (WS-X4448-LX)
48-port 1000BASE-X ports, SFP-based with LC connectors (WS-X4448-SFP)
Enhanced 48-port 10/100/1000 with RJ-45 connectors (WS-X4548-GB-RJ45)
24-port 10/100/1000 PoE 802.3af compliant with RJ-45 connectors (WS-X4524-GB-RJ45V)
48-port 10/100/1000 PoE 802.3af compliant with RJ-45 connectors (WS-X4548-GB-RJ45V)
6 GBIC ports (WS-X4306-GB)
6-port 10/100/1000 PoE 802.3af compliant or SFP-based (WS-X4506-GB-T)

Power supplies:
PWR-C45-1000 AC
PWR-C45-1300 ACV
PWR-C45-1400 AC
PWR-C45-1400 DC-P
PWR-C45-2800 ACV
PWR-C45-4200 ACV

Catalyst 3750 switches, all models

Catalyst 3560 switches, all models

Catalyst 3550 switches, all models

Catalyst 3500 XL switches, all models

Catalyst 2970 switches, all models

Catalyst 2960 switches, all models

Catalyst 2955 switches, all models

Catalyst 2950 switches, all models

Catalyst 2940 switches, all models

Catalyst 2900 XL switches, all models

Catalyst Express 500 switches, all models

Cisco EtherSwitch service modules:







Note The Topology view of Network Assistant supports Catalyst 6500 switches. You cannot add these devices to a community or cluster, but you can launch device manager for them from the Topology view.

Access Points

Cisco Aironet 350, 1100, and 1200 series. Network Assistant supports them only if they run a Cisco IOS image.


Cisco PIX 515E Firewalls

Note PIX Firewalls do not support the Cisco Discovery Protocol, so they are not automatically shown as neighbors in the Topology view. They are shown only after you add them to a community by using a Create Community or Modify Community window. To see a PIX Firewall link to another community member, you must add the link manually by selecting Add Link in a Topology popup menu.

Cluster Compatibility

This section describes how to choose command and standby command devices when a cluster consists of a mixture of Catalyst switches. When creating a device cluster or adding a devices to a cluster, follow these guidelines:

When you create a device cluster, we recommend configuring the highest end device in your cluster as the command device.

If you are managing the cluster through Network Assistant, the device that has the latest software release should be the command device.

The standby command device must be the same type as the command device. For example, if the command device is a Catalyst 3750 switch, all standby command devices must be Catalyst 3750 switches.

Note Catalyst 4500 series switches cannot be configured as standby command devices.

Downloading Network Assistant

You can download Network Assistant from this site:

For information on installing, launching, and connecting to Network Assistant, see Getting Started with Cisco Network Assistant at this site:

Updating Network Assistant

To update Network Assistant, follow these steps:

1. Launch Network Assistant.

2. Choose Applications > Application Updates.

3. In the Authentication window, enter your username and password.

4. In the Application Updates window, select Latest from the Show list.

5. Select all the listed packages.

6. Click Install Packages.

Upgrading a Switch by Using Network Assistant

You can upgrade switch software by using Network Assistant in two ways:

Drag and drop a software-image file from your PC, mapped drive, or network drive to a device icon in the Topology view.

Select Maintenance > Software Upgrade from the feature bar.

For detailed instructions, click Help.

Minimum Cisco IOS Release

Table 1 lists the minimum software releases required for the devices that Network Assistant manages.

Table 1 Minimum Cisco IOS Release Required 

Minimum Software Release

All supported Cisco routers


Catalyst 4500 series switches


Catalyst 3750 switches


Catalyst 3560 switches


Catalyst 3550 switches


Catalyst 2970 switches


Catalyst 2960 switches


Catalyst 2955 switches


Catalyst 2950 switches


Catalyst 2950 LRE1 switches


Catalyst 2940 switches


Catalyst 3500 XL switches


Catalyst 2900 XL switches (8-MB)


Catalyst Express 500 switches


Cisco EtherSwitch service modules

12.2(25)EZ (switch software)
12.3(14)T (router software)

All supported Cisco access points


Cisco PIX Firewalls


1 LRE = Long-Reach Ethernet

Limitations and Restrictions

You should review this section before you begin working with the device. These are known limitations that will not be fixed, and there is not always a workaround. Some features might not work as documented, and some features could be affected by recent changes to the device hardware or software.

These sections describe the limitations and restrictions:

"Cluster Limitations and Restrictions" section

"Network Assistant Limitations and Restrictions" section

Cluster Limitations and Restrictions

These limitations apply only to the Catalyst 4500 series switches:

By default, clustering is disabled on the Catalyst 4500 series switches.

You must assign an IP address to the Catalyst 4500 series switch if it is a cluster command switch candidate. If the switch is a cluster member candidate, you might not need to assign an IP address.

By default, the HTTP server is disabled on the Catalyst 4500 series switch. To connect the switch to Network Assistant, you must enable the HTTP server on all cluster members.

The HTTP port number on Network Assistant and the Catalyst 4500 series switch must match.

A Catalyst 4500 switch can be a cluster member only if another Catalyst 4500 switch is the command device.

By default, the Catalyst 4500 series switch is configured with five vty lines. If the switch (such as a cluster command device with multiple cluster members) is connected to Network Assistant, you must configure at least eight + x vty lines, where x is the number of vty lines used by other applications. A maximum of 16 vty lines can be configured.

Create a switch virtual interface (SVI) to use for intracluster communication. The SVI must be in the no shut state.

This limitation applies only to the Catalyst 4500 series and Catalyst 3750, 3560, 3550, and 2970 switches:

If a Catalyst 2900 XL or 3500 XL cluster command device is connected to a Catalyst 3550 or a 3750 switch, the command device does not find any cluster candidates beyond the 3550 or the 3750 switch candidates. You must add the 3550 or the 3750 switch to the cluster to see other cluster candidates. (CSCdt09918)

These limitations apply only to the Catalyst 3750, 3560, 3550, and 2970 switches:

If both the active command device and the standby command device fail at the same time, the cluster is not automatically recreated. Even if there is a third passive command device, it might not recreate all cluster members because it might not have all the latest cluster configuration information. You must manually recreate the cluster if both the active and standby command devices simultaneously fail. (CSCdt43501)

When the active device fails in a device cluster that uses Hot Standby Routing Protocol (HSRP) redundancy, the new active device might not contain a full cluster member list.

The workaround is to ensure that the ports on the standby cluster members are not in the Spanning Tree Protocol (STP) blocking state. See the "Configuring STP" chapter in the software configuration guide for more information about verifying port status. (CSCec31495)

These limitations apply only to the Catalyst 2955, 2950, and 2940 switches:

When a cluster of devices have Network Time Protocol (NTP) configured, the command device is not synchronized with the rest of the devices. (CSCdz88305)

Network Assistant Limitations and Restrictions

The Network Assistant limitations and restrictions are described in these sections.

All Devices

These limitations apply to all the devices described in the "Devices Supported" section:

A red border appears around the text-entering area of some Network Assistant windows. The color of the border changes to green when text is entered. The colored border does not prevent you from entering text. (CSCdv82352)

You cannot switch modes (for example, from guide mode to expert mode) for an open Network Assistant window. The workaround is to close the open window, select the mode that you want, and then reopen the Network Assistant window. For the mode change to take effect on any other Network Assistant window that is open, you need to close that window and then reopen it after you select the new mode. (CSCdw87550)

If you open a window in which you can enter text, open another window, and return to the first window, right-clicking in the text field might make the cursor in this field disappear. You can still enter text in the field. (CSCdy44189)

If you select multiple ports and open the Port Settings window from the popup menu of the Front Panel view, it might take approximately 7 seconds to open.

The workaround is to open the Port Settings window from the feature bar. (CSCee96650)

When the active device fails in a device cluster that uses HSRP redundancy, the new active device might not contain a full cluster member list.

The workaround is to ensure that the ports on the standby cluster members are not in the STP blocking state. See the "Configuring STP" chapter in the software configuration guide for information about verifying port status. (CSCec31495)

When there are more than one neighbor devices of same device type and they have same hostname, the Topology view displays only one neighbor device instead of displaying all the neighbor devices.

The workaround is to not have same hostname for more than one device. (CSCsb50280).

Catalyst 4500 Series Switches

On Catalyst 4500 series switches, Network Assistant supports only the features shown in Table 2:

Table 2 Features Supported by Catalyst 4500 Series Switches 

Menu Path


Smartports, Save Configuration

Configure > Ports

Port Settings

Configure > Security

Security Wizard, Port Security

Configure > Switching

VLANs, MAC Addresses, Voice VLAN

Configure > Device Properties

IP Addresses, Hostname, System Time, HTTP Port, Users and Passwords, SNMP

Configure > Clusters

Cluster Conversion Wizard, Create Cluster, Delete Cluster, Add To Cluster, Remove From Cluster, Hop Count


Event Notification, System Messages

Monitor > Reports

Inventory, Bandwidth Graphs, Link Graphs, ARP

Monitor > Views

Front Panel, Topology


Ping and Trace


Software Upgrade, Configuration Archive, System Reload

This limitation applies to the Catalyst 4500 Series Switches:

In Network Assistant, some windows such as VLAN, Hostname, and so on might not open from the Front Panel view popup menu for Catalyst 4500 series switches.

The workaround is to close Network Assistant and restart it. (CSCef67553)

Community Limitations

These limitations apply only to communities:

A community can contain up to 20 devices. This limit is enforced whenever you add devices to a community.

Furthermore, a community cannot contain more than 16 nonmodular switches, 4 modular switches, 12 access points, and 2 routers. These limits are checked during the launch of Network Assistant; you receive a warning if they are exceeded.

Changes to the topology or network do not propagate across all open Network Assistant sessions connected to the same community. You see this inconsistency when multiple Network Assistant sessions are open on one desktop, and they point to the same community.

Open one Network Assistant session per desktop per community. (CSCeh53619)

The Topology view sometimes displays duplicate devices and links. There is no workaround. (CSCeh61352)

In the Topology view, the horizontal scrollbar sometimes does not scroll far enough left to show the complete topology. The workaround is to right-click the Topology view and to select Automatic Topology Layout from the popup menu. (CSCeh56952)

In the Topology view, if there are multiple links between community members and one of the links is blocked, it is shown in green, not in gray. There is no workaround. (CSCeh60050)

In the Topology view, the redundant link for an HSRP group is not shown. There is no workaround. (CSCeh54526)

If a community has members that are connected to a member through a hub or a Gigastack module, the Topology view shows all the connections. But if nonmembers are connected to a community member through a hub or a Gigastack module, the Topology view shows only the connection of the first nonmember.

Accessing a community through a router running NAT (Network Address Translation) is not supported.

Cluster Limitations

These limitations apply only to clusters:

When you add a new member with a username and password that is different from the existing cluster member usernames and passwords, Network Assistant produces an exception error because of an authentication failure. The workaround is to add the new member without a username and password. When the new member is added to the cluster, remove the existing username and password from the Username and Password fields, enter a new username and password, and then apply it to all cluster members. (CSCdz07957)

Changing the password or current authentication while Network Assistant is running causes HTTP requests to fail. The workaround is to close all Network Assistant sessions and then to restart it. (CSCeb33995)

When TACACS authentication is enabled only on a command device, member devices cannot be configured. The workaround is to enable TACACS authentication on the member devices. (CSCed27723)

When there are Catalyst 2950 and 2955 devices in a cluster, and you launch the QoS Queue window to configure the devices, and then try to view the settings for other devices by using the device selection menu, Network Assistant halts after 20 to 30 selections.

The workaround is to close and then to restart Network Assistant. (CSCed39693)

A Java exception error occurs when Network Assistant is in read-only mode and you launch the Port Settings window. This only occurs on Catalyst 3500 XL, 2950 LRE, and 2900 XL switches.

The workaround is to open the Port Settings window with Network Assistant in read-write mode. (CSCee25870)

Community and Cluster Limitations

These limitations apply to both communities and clusters:

Network Assistant fails when a device is running the cryptographic software image and the vty lines have been configured with the transport input ssh and line vty 0 15 global configuration commands to use only SSH. The workaround is to use the transport input ssh telnet and line vty 0 15 global configuration commands to allow SSH and Telnet access through the vty lines. (CSCdz01037)

When the Link Graphs application has run for hours displaying packet drop and error information, sometimes the X-axis crosses the Y-axis at a negative Y value instead of at Y= 0. This condition occurs with all supported operating systems, browsers, and Java plug-ins. There is no workaround. (CSCdz32584)

After you click Apply or Refresh in the Simple Network Management Protocol (SNMP) window, the window size changes. (CSCdz75666, CSCdz84255)

When you enable log scaling for Link Graphs, the Y-axis scale becomes illegible. There is no workaround. (CSCdz81086)

If an access control list (ACL) is deleted from a device, all QoS classes on Catalyst 2970 and 3750 switches that use this ACL for traffic classification become unusable. The modification of these classes to use any other traffic classification (match statement) fails. The workaround is to delete the QoS class that uses the undefined ACL and then to recreate it with the intended traffic classification (match statement). (CSCed40866)

When an Open Shortest Path First (OSPF) summary address is added for a 10.x.x.x network, a Windows exception error sometimes occurs.

The workaround is to add the address by using the router ospf <process-id>, area <area-id>, and range <address> <mask> configuration commands. (CSCed87031)

Hostnames and Domain Name System (DNS) server names with commas for a cluster command device, member device, or candidate device can cause Network Assistant to behave unexpectedly. You can avoid this instability in the interface by not using commas in hostnames or DNS names. Do not enter commas when also entering multiple DNS names in the IP Configuration tab of the IP Management window in Network Assistant.

Access control entries (ACEs) that contain the host keyword precede all other ACEs in standard ACLs. You can reposition the ACEs in a standard ACL with one restriction: No ACE with the any keyword or a wildcard mask can precede an ACE with the host keyword.

When you reload a device with Network Assistant, it saves the running configuration. If you want to reload without saving the running configuration, use the CLI. (CSCeh24259)

Important Notes

These sections contain important notes related to Network Assistant:

"Compatibility with Cisco IOS" section

"Community Notes" section

"Cluster Notes" section

"Network Assistant Notes" section

Compatibility with Cisco IOS

If you run Cisco IOS 12.2(25)SEE or later or Cisco IOS 12.1(22)EA7 or later, you must run Network Assistant 3.1 or later.

Community Notes

This note applies to community on all the devices described in the "Devices Supported" section:

All the devices for the topology of a community are derived from the CDP (Cisco Device Protocol) table of Cisco IOS. Therefore, the Topology view shows duplicate devices when CDP discovers duplicate devices. This happens for a single device when the command show cdp neighbor is entered. Two devices are displayed: one with the actual hostname (for example, abc), the other with hostname.domainname (for example,

Cluster Notes

This note applies to cluster configuration only on the Catalyst 3550 switches:

The cluster setup privileged EXEC command and the standby mac-address interface configuration command have been removed from the command-line interface (CLI) and the documentation because they did not function correctly.

Network Assistant Notes

These notes apply to Network Assistant configuration on all the devices described in the "Devices Supported" section:

If you use Network Assistant on Windows 2000, it might not apply configuration changes if the enable password is changed from the CLI during your Network Assistant session. You have to restart Network Assistant and enter the new password when prompted. Platforms other than Windows 2000 prompt you for the new enable password when it is changed.

Network Assistant does not display QoS classes that are created through the CLI if these classes have multiple match statements. When using Network Assistant, you cannot create classes that match more than one match statement. Network Assistant does not display policies that have such classes.

Within an ACL, you can change the sequence of ACEs that have the host keyword. However, because such ACEs are independent of each other, the change has no effect on the way the ACL filters traffic.

In the Front Panel view or Topology view, Network Assistant does not display error messages in read-only mode for these devices:

Catalyst 3550 member switches running Cisco IOS Release 12.1(6)EA1 or earlier

Catalyst 2950 member switches running Cisco IOS Release 12.0(5)WC2 or earlier

Catalyst 2900 XL or 3500 XL member switches running Cisco IOS Release 12.0(5)WC2 or earlier

In the Front Panel view, if the device is running one of the software releases listed previously, the device LEDs do not appear. In Topology view, if the member is an LRE switch, the CPE devices that are connected to the switch do not appear. The Bandwidth and Link graphs also do not appear in these views.

Open Caveats

These sections describe the open caveats that could create possibly unexpected activity in this software release.

These caveats apply to all the devices described in the "Devices Supported" section:


If Network Assistant loses IP connectivity to the switch and an action is performed in the IP Address window, a Java exception error occurs.

The workaround is to close and to reopen the IP Address window when connectivity is restored.


After a cluster member loses connectivity, the connect icon in the status bar incorrectly displays a connect status instead of a disconnect status.

There is no workaround.


The Network Assistant window flickers if you click Cancel in the Application > Print window.

There is no workaround.


If a Catalyst 2970 switch is a cluster command device and a Catalyst 3750 or 3550 switch is a cluster member, enabling IGRP on a network on the Catalyst 3750 or 3550 switch creates a Premature EOF error.

There is no workaround. Make the Catalyst 3750 or 3550 switch the command device.

After you click Finish, you see the commands that are actually applied to the device.


Access points and routers are not supported in the Front Panel view, but sometimes the check boxes for these devices are checked, even if they are grayed out.

There is no workaround.


In the Link Graphs window, when you choose the Packet Drops & Errors option for a Catalyst 4500 or 4900 switch, you see inaccurate link traffic statistics.

There is no workaround.


If you change the default setting of the Graph Display Type in the Bandwidth Graph window, the change is not retained for your next use of the window.

Check that the Graph Display Type setting is what you want whenever you use the window.


The Smartports Port Setup window does not show the LED status of the ports.

You can use the window to configure ports even if status information is not shown.


When you select a VLAN and assign an aging time in the MAC Addresses window, if you check Apply to Other VLANs, the box does not remain checked.

The aging time is nevertheless applied to all the VLANs.


If a dual-media port on a Catalyst 4500 switch, model WS-C4948 or model WS-X4506-GB-T, is configured to RJ-45 and you apply a Smartports port macro, the port is changed to SFP, the default setting. The connection to the port is lost.

Reconfigure the media type to RJ-45 through the Port Settings window.


If you change a hostname while a Network Assistant window is open, the window might not display the new hostname, even if you refresh the window.

To see the new hostname, close the window and then reopen it.


The Media Type column in the Port Settings window appears even if the modules of a Catalyst 4500 switch do not support AWP (alternate wired ports). If this case, the column fields display as N/A.

There is no workaround. The other columns in the window are not affected.


In the Port Settings window, you must apply a change to some speed settings before you can change a duplex setting.

After you configure a speed setting, click Apply; then configure a duplex setting.


If you try to close Network Assistant while a task is running, Network Assistant asks whether you really want to exit but does not say what might happen if you do.

Decide whether an important task is in progress. If it is, answer by clicking no.


The Security Wizard sometimes does not show a warning message when it applies an ACL to a port that already has an ACL applied to it.

There is no workaround.


In a Topology view for a community, the link icons for routed, trunk, and Gigastack links are not shown.

There is no workaround.


When you create an enable password through Network Assistant, you create an enable secret (encrypted) password. Therefore, no entry for the password appears on the Enable Password tab of the Users and Passwords window.

If you do not want to create an encrypted password, the workaround is to use the CLI to create a nonencrypted password. Network Assistant will prompt users for this password when they connect, even though the password does not appear on the Enable Password tab.


Even if you see the message Port security is only supported on static access interfaces, it is also supported on ISL trunk ports and IEEE 802.1Q trunk ports if these ports are supported by the Cisco IOS image.

The Port Security window lists all the ports that are eligible for port security. If a port is not listed, configure the port as necessary through the VLAN window, and return to Port Security window to configure the port security settings.


When the media type is changed on a S-X4506-GB-T linecard through the CLI or through another instance of Network Assistant, your instance of Network Assistant might be put into an inconsistent state, resulting in a blank Port Settings window.

The workaround is to close your instance of Network Assistant and then restart it. You can then use the Port Settings window without a problem.


You cannot see the PoE columns in the Port Settings window for Catalyst 4503, 4506, or 4507R switches that run Cisco IOS 12.2(20)EWA and have a WS-4548, WS-4524, or WS-4506-GB-T PoE line card.

The workaround is to upgrade the software on the switch to a later version of Cisco IOS.


If you open the Modify Port Settings or the Modify Port Mode window twice in succession from the Front Panel view by right-clicking a port, selecting Port Settings or VLAN from the popup menu, and repeating these actions for another port, the windows display the settings for the port that you selected first.

Ensure that the Interface field in these windows applies to the port that you selected. Be sure to close these windows between port selections.


If you cancel the printing of the Topology view, its background turns white.

There is no workaround.


After you perform a search, the TAB key moves the focus in the search results. If you press the TAB key enough to reach the end of the results, the next TAB keystroke moves the focus out of the search results and into the next-in-focus window on the Network Assistant desktop.

Press ALT-s to return to the search results.


If you set the configuration bits through the CLI to 0x2100 or 0x2101 and then restore a configuration with the Configuration Archive window, you might not be able to reload the device.

Set the configuration bits to 0x2102, and specify a boot variable through the CLI.


A device is counted more than once in determining whether the community limits have been exceeded if the device has multiple IP addresses and more than one of these IP addresses has been added to the community.

To remove the additional IP addresses, follow these steps:

1. Select Application > Communities.

2. Select a community, and click Modify.

3. Select the additional IP addresses, click Remove, and then click OK.

4. Click OK in the Communities window.


Zooming in or zooming out on the time axis of a bandwidth graph when the axis approaches noon or midnight might cause the time increments to be incorrectly labeled.

Close the Bandwidth Graph window, reopen it, and zoom in or out again.


If you change the hostname of a community member in a Network Assistant session and then try to change it in a session with a different community, you see a message that the name change failed. However, the name change is actually successful.

There is no workaround.


On Catalyst 4500 and 4900 series switches, you cannot edit flow control values from the Port Settings window; they are read-only.

The workaround is to open the Front Panel view, right-click on the port to be configured, and select Port Settings from the drop-down list. From the Modify Port Settings window, you can configure the flow control values.


Network Assistant does not verify if the VLAN and the native VLAN are the same on the access point and the switch port that is connected to the access point. VLAN differences might cause wireless connectivity problems when you use the Secure Wireless feature.

The workaround is to ensure that the VLANs and the native VLAN are the same on the access point and the switch port.


On a Catalyst 4500 or Catalyst 4900 series switch, when you select Security > Port Security and try to associate a secure address with a trunk port, an "Invalid input detected" error is displayed.

There is no workaround for a trunk port. Open the VLANs window, select the device and port, click Modify, and select an administrative mode that is not for a trunk port.


When you connect to Network Assistant in read-only mode, choose Configure > Port > Port Settings on the feature bar, and select a Catalyst 4500 series switch, you are prompted to request level-15 access. This is the read/write access level, which is incompatible with read-only mode. You cannot view the Port Settings window.

The only workaround is to get permission from your administrator to connect to Network Assistant in read/write mode.


Upgrading the Cisco IOS software on a device to a cryptographic image from an noncryptographic image is not sufficient to make an HTTPS connection with the device.

After the upgrade, remove the device from the community, configure it for HTTPS, and add it back to the community. You can then use HTTPS to communicate with the device.

These caveats apply to Cisco EtherSwitch service modules:


The Front Panel view on EtherSwitch service modules NME-16ES-1G-P, NME-X-23ES-1G-P, NME-XD-24ES-1S-P, and NME-XD-48ES-2S-P shows the EN-LED as not enabled.

There is no workaround.


The Topology view does not show the internal Gigabit Ethernet link between routers and the EtherSwitch service modules NME-16ES-1G and NME-X-23ES-1G.

There is no workaround.


The Smartports window shows the NME-XD-24ES-1S-P EtherSwitch service module with two Mode buttons instead of one

There is no workaround.

Resolved Caveats

This section describes the resolved caveats.

Caveats Resolved in Network Assistant 3.1

These caveats were resolved in Network Assistant 3.1


Network Assistant now recognizes WS-X4306-GB linecards whose firmware is 2.0 or lower.


On Catalyst Express 500 switches, you can now associate a Cisco-Voice VLAN with a Smartports role other than IP Phone.

Caveats Resolved in Network Assistant 3.0(1)

These caveats were resolved in Network Assistant 3.0(1):


When you apply a Smartports role to a Catalyst 4500 or 4900 switch, the switch no longer resets or switches over to the standby supervisor, regardless of the Cisco IOS version that it runs.


If you manage a Catalyst 2900 XL switch as a standalone device, Network Assistant now shows its links to neighbor devices in a Topology view. If you manage it in a community, you can now see a popup window in the Topology view when you right-click one of its links.


Cisco IP phones that do not appear in the Topology view will appear when their firmware is upgraded.


If you change the network security settings on Catalyst Express 500 community members from low to medium, hosts originally connected at the low setting can now reconnect to the network after they are disconnected or shut down.

Caveats Resolved in Network Assistant 3.0

These caveats were resolved in Network Assistant 3.0:


After the cluster command device is reloaded, it can now re-establish communication with the cluster members connected through its routed ports.


In the columns of the Inventory window, when you click the arrow that shows ascending sorting (an arrow pointing downwards) or the arrow that shows descending sorting (arrow pointing upwards), the results are no longer incorrect. This also applies to all the other feature windows that have ascending and descending arrows.


Changing the severity criteria for notifications of some system messages no longer causes changes to the criteria for other system messages.


You can now upgrade Cisco IOS software with a third-party TFTP server by using the remote TFTP option of the Software Upgrade feature. However, we recommend that you select the standard mode option so that you can use the Network Assistant embedded TFTP server.


Network Assistant now displays an error if you lose connectivity to a device while Network Assistant is saving or backing up its configuration.


Network Assistant now displays an error if there is not enough hard-disk space to allow a backup to succeed.


Network Assistant now displays an error if there is not enough flash memory in the device to save a configuration.


Network Assistant now displays the configured HTTP port number for devices that run Cisco IOS 12.1.


A community member no longer becomes unmanageable if its Cisco IOS image is changed from a cryptographic image to a noncryptographic image.


The port colors on the Front Panel view are no longer inaccurate when ports on Catalyst 2950, 3550, and 3750 switches are set to half duplex.


You can now change the default HTTP port number from 80 to another value by using Network Assistant on a switch running Cisco IOS 12.2(20)EWA or later.

Related Documentation

This online document provides complete information about Network Assistant:

Getting Started with Cisco Network Assistant

You can order printed copies of documents with a DOC-xxxxxx= number from the sites and from the telephone numbers listed in the "Obtaining Documentation" section.

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

You can access the most current Cisco documentation at this URL:

You can access the Cisco website at this URL:

You can access international Cisco websites at this URL:

Product Documentation DVD

The Product Documentation DVD is a comprehensive library of technical product documentation on a portable medium. The DVD enables you to access multiple versions of installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the same HTML documentation that is found on the Cisco website without being connected to the Internet. Certain products also have .PDF versions of the documentation available.

The Product Documentation DVD is available as a single unit or as a subscription. Registered users (Cisco direct customers) can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at this URL:

Ordering Documentation

Registered users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL:

Nonregistered users can order technical documentation from 8:00 a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by calling 011 408 519-5055. You can also order documentation by e-mail at or by fax at 1 408 519-5001 in the United States and Canada, or elsewhere at 011 408 519-5001.

Documentation Feedback

You can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on

You can submit comments about Cisco documentation by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Cisco Product Security Overview

Cisco provides a free online Security Vulnerability Policy portal at this URL:

From this site, you will find information about how to:

Report security vulnerabilities in Cisco products.

Obtain assistance with security incidents that involve Cisco products.

Register to receive security information from Cisco.

A current list of security advisories, security notices, and security responses for Cisco products is available at this URL:

To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL:

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT:

For Emergencies only —

An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.

For Nonemergencies —

In an emergency, you can also reach PSIRT by telephone:

1 877 228-7302

1 408 525-6532

Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x.

Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:

The link on this page has the current PGP key ID in use.

If you do not have or use PGP, contact PSIRT at the aforementioned e-mail addresses or phone numbers before sending any sensitive material to find other means of encrypting the data.

Obtaining Technical Assistance

Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.

Cisco Technical Support & Documentation Website

The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, at this URL:

Access to all tools on the Cisco Technical Support & Documentation website requires a user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.

Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:

For S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447

For a complete list of Cisco TAC contacts, go to this URL:

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—An existing network is down, or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of the network is impaired, while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

The Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product overviews, key features, sample part numbers, and abbreviated technical specifications for many Cisco products that are sold through channel partners. It is updated twice a year and includes the latest Cisco offerings. To order and find out more about the Cisco Product Quick Reference Guide, go to this URL:

Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:

iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:

or view the digital edition at this URL:

Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

Networking products offered by Cisco Systems, as well as customer support services, can be obtained at this URL:

Networking Professionals Connection is an interactive website for networking professionals to share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL:

World-class networking training is available from Cisco. You can view current offerings at this URL: