Guest

Cisco Catalyst 2950 Series Switches

Release Notes for the Catalyst 2950 Switch, 12.1(12c)EA1a

  • Viewing Options

  • PDF (603.3 KB)
  • Feedback
Release Notes for the Catalyst 2950 Desktop Switch, Release 12.1(12c)EA1a

Table Of Contents

Release Notes for the Catalyst 2950 Desktop Switch, Release 12.1(12c)EA1a

Contents

System Requirements

Hardware Supported

Hardware Not Supported

Software Compatibility

Recommended Platform Configuration for Web-Based Management

Operating System and Browser Support

Guidelines for Installing and Enabling the Java Plug-In

Installing the Required Plug-In

Creating Clusters with Different Releases of IOS Software

Downloading Software

Guidelines for Downloading Switch Software

Determining the Software Version and Feature Set

Which Files to Use

Upgrading a Switch by Using CMS

Upgrading a Switch by Using the CLI

Downloading the Software and TFTP Server Application

Copying the Current Startup Configuration from the Switch to a PC or Server

Using the CLI to Upgrade a Catalyst 2950 Switch

Upgrading Catalyst 2950, Catalyst 2900 XL, or Catalyst 3500 XL Member Switches

Upgrading Catalyst 1900 or Catalyst 2820 Member Switches

Recovering from Software Failure

Installation Notes

Setting Up the Catalyst 2950 Initial Configuration

Accessing CMS

Configuring the HTTP Server

Displaying CMS

New Features

New Hardware Features

New Software Features

Limitations and Restrictions

Crypto Software Image Guidelines

Immediate-Leave Limitation

RSPAN Limitation

ACL Limitations

Hardware and Software Compatibility Matrixes

Port Configuration Conflicts

SPAN Limitation

Important Notes

IOS Notes

CMS Notes

Read-Only Mode in CMS

Configuring CMS

VLAN Notes

IGMP Filtering

Open Caveats

Open IOS Caveats

Open Cluster Configuration Caveats

Open CMS Caveats

Resolved Caveats

IOS Caveat Resolved in Release 12.1(12c)EA1a

IOS Caveats Resolved in Release 12.1(12c)EA1

Cluster Caveat Resolved in Release 12.1(12c)EA1

CMS Caveat Resolved in Release 12.1(12c)EA1

Documentation Updates

References to the Cisco Documentation CD-ROM

Addition to the Command Reference

show controllers ethernet-controller

Corrections to the Software Configuration Guide

Corrections to the Hardware Installation Guide

Related Documentation

Obtaining Documentation

World Wide Web

Documentation CD-ROM

Ordering Documentation

Documentation Feedback

Obtaining Technical Assistance

Cisco.com

Technical Assistance Center

Cisco TAC Web Site

Cisco TAC Escalation Center


Release Notes for the Catalyst 2950 Desktop Switch, Release 12.1(12c)EA1a


January 2002

The Cisco IOS Release 12.1(12c)EA1a runs on Catalyst 2950 switches.

These release notes include important information about this IOS release and any limitations, restrictions, and caveats that apply to it. To verify that these are the correct release notes for your switch:

If you are installing a new switch, refer to the IOS release label on the rear panel of your switch.

If your switch is running, you can use the show version user EXEC command. See the "Determining the Software Version and Feature Set" section.

If you are upgrading to a new release, refer to the software upgrade filename for the IOS version.

For the complete list of Catalyst 2950 switch documentation, see the "Related Documentation" section.

You can download the switch software from these sites:

http://www.cisco.com/kobayashi/sw-center/sw-lan.shtml

(for registered Cisco.com users with a login password)

http://www.cisco.com/public/sw-center/sw-lan.shtml

(for nonregistered Cisco.com users)

This IOS release is part of a special release of Cisco IOS software that is not released on the same 8-week maintenance cycle that is used for other platforms. As maintenance releases and future IOS releases become available, they will be posted to Cisco.com (previously Cisco Connection Online [CCO]) in the Cisco IOS software area.


Note This software release does not support the Catalyst 2950 LRE switches. For information about these switches, refer to the Catalyst 2950 LRE release notes.


Contents

This information is in the release notes:

"System Requirements" section

"Downloading Software" section

"Installation Notes" section

"New Features" section

"Limitations and Restrictions" section

"Important Notes" section

"Open Caveats" section

"Resolved Caveats" section

"Documentation Updates" section

"Related Documentation" section

"Obtaining Documentation" section

"Obtaining Technical Assistance" section

System Requirements

The system requirements for this IOS release are described in these sections:

"Hardware Supported" section

"Hardware Not Supported" section

"Software Compatibility" section

Hardware Supported

The Catalyst 2950 switch is supported by either the standard software image (SI) or the enhanced software image (EI). The EI provides a richer set of features, including access control lists (ACLs), enhanced quality of service (QoS) features, extended-range VLANs, the IEEE 802.1W Rapid Spanning Tree Protocol (RSTP), and the IEEE 802.1S Multiple STP (MSTP). The enhanced crypto software image supports the Secure Shell (SSH) protocol.

For information about the software releases that support the switches listed in Table 1, see the "Limitations and Restrictions" section.

Each Catalyst 2950 switch has one fan.

Table 1 lists the hardware supported by this release:

Table 1 Hardware Supported 

Hardware
Software Image
Description

Catalyst 2950-12

SI

12 fixed autosensing 10/100 Ethernet ports

Catalyst 2950-24

SI

24 fixed autosensing 10/100 Ethernet ports

Catalyst 2950C-24

EI

24 fixed autosensing 10/100 Ethernet ports and 2 100BASE-FX ports

Catalyst 2950G-12-EI

EI

12 fixed autosensing 10/100 Ethernet ports and 2 GBIC1 module slots

Catalyst 2950G-24-EI 

EI

24 fixed autosensing 10/100 Ethernet ports and 2 GBIC module slots

Catalyst 2950G-24-EI-DC

EI

24 fixed autosensing 10/100 Ethernet ports and 2 GBIC module slots with DC-input power

Catalyst 2950G-48-EI

EI

48 fixed autosensing 10/100 Ethernet ports and 2 GBIC module slots

Catalyst 2950SX-24

SI

24 fixed autosensing 10/100 Ethernet ports and 2 1000BASE-SX ports

Catalyst 2950T-24

EI

24 fixed autosensing 10/100 Ethernet ports and 2 10/100/1000 Ethernet ports2

GBIC Modules

1000BASE-SX GBIC

1000BASE-LX/LH GBIC

1000BASE-ZX GBIC

1000BASE-T GBIC (model WS-5483)

Coarse Wave Division Multiplexer (CWDM) fiber-optic GBIC3

GigaStack GBIC

Redundant power system

Cisco RPS 300 Redundant Power System

1 GBIC = Gigabit Interface Converter

2 The 10/100/1000 ports operate only in full-duplex mode.

3 This feature is only supported when your switch is running the EI.


Hardware Not Supported

Table 2 lists the hardware that is not supported by this release:

Table 2 Hardware Not Supported

Hardware
Description

GBIC module

1000BASE-T GBIC (model WS-G4582)

Redundant power system

Cisco RPS 600 Redundant Power System


Software Compatibility

These are the software compatibility requirements for this IOS release:

"Recommended Platform Configuration for Web-Based Management" section

"Operating System and Browser Support" section

"Installing the Required Plug-In" section

"Creating Clusters with Different Releases of IOS Software" section

Recommended Platform Configuration for Web-Based Management

Table 3 lists the recommended platforms for web-based management.

Table 3 Recommended Platform Configuration for Web-Based Management

OS
Processor Speed
DRAM
Number of Colors
Resolution
Font Size

Windows NT 4.01

Pentium 300 MHz

128 MB

65,536

1024 x 768

Small

Solaris 2.5.1 or higher

SPARC 333 MHz

128 MB

Most colors for applications

Small (3)

1 Service Pack 3 or higher is required.


The minimum PC requirement is a Pentium processor running at 233 MHz with 64 MB of DRAM. The minimum UNIX workstation requirement is a Sun Ultra 1 running at 143 MHz with 64 MB of DRAM.

For information about supported operating systems, see the next section.

Operating System and Browser Support

You can access the web-based interfaces by using the operating systems and browsers listed in Table 4. The switch checks the browser version when starting a session to ensure that the browser is supported. If the browser is not supported, the switch displays an error message, and the session does not start.

Table 4 Supported Operating Systems and Browsers

Operating System
Minimum Service Pack or Patch
Netscape Communicator 1
Microsoft Internet Explorer 2

Windows 95

Service Pack 1

4.75 or 6.2

5.5 or 6.0

Windows 98

Second Edition

4.75 or 6.2

5.5 or 6.0

Windows NT 4.0

Service Pack 3 or later

4.75 or 6.2

5.5 or 6.0

Windows 2000

None

4.75 or 6.2

5.5 or 6.0

Windows XP

None

4.75 or 6.2

5.5 or 6.0

Solaris 2.5.1 or later

Sun-recommended patch cluster for the OS and Motif library patch 103461-24

4.75 or 6.2

Not supported

1 Netscape Communicator version 6.0 is not supported.

2 Service Pack 1 or higher is required for Internet Explorer 5.5.



Note If your browser is Internet Explorer and you receive an error message stating that the page might not display correctly because your security settings prohibit running activeX controls, this might mean that your security settings are set too high. To lower security settings, go to Tools > Internet Options, and select the Security tab. Select the indicated Zone, and move the Security Level for this Zone slider from High to Medium (the default).



Note In Cluster Management displays, Internet Explorer versions 4.01 and 5.0 might not display edge devices that are not connected to the command switch. Other functionality is similar to that of Netscape Communicator.


Guidelines for Installing and Enabling the Java Plug-In

If CMS does not launch automatically, you might not have a supported Java Plug-In installed or the Java Plug-In might not be enabled. CMS does not automatically detect if a supported Java plug-in is installed. If you start CMS without the required Java plug-in installed, you remain on the CMS splash screen, and CMS will not launch.

To make sure that a supported Java Plug-In is correctly installed and enabled, follow these guidelines:

If you are using a supported browser and are connected to the Internet, click the Java Plug-In link to download and install a supported Java Plug-In.

If you have installed the Java plug-in but CMS still does not launch, make sure that the plug-in is enabled by clicking Start > Settings > Control Panel > Java Plug-in. Click the Basic tab, select Enable Java Plug-in, and click Apply.

To verify that a supported version of the Java Plug-In is installed, click Start > Settings > Control Panel. The Java Plug-In is listed with the version number in the Control Panel menu.

Installing the Required Plug-In

A Java plug-in is required for the browser to access and run the Java-based Cluster Management Suite (CMS). Download and install the plug-in before you start CMS. Each platform, Windows and Solaris, supports three plug-in versions. For information on the supported plug-ins, see the "Windows XP, Windows 2000, Windows 95, Windows 98, and Windows NT 4.0 Plug-Ins" section and the "Solaris Plug-Ins" section.

You can download the recommended plug-ins from this URL: http://www.cisco.com/pcgi-bin/tablebuild.pl/java


Note Uninstall any older versions of the Java plug-ins before installing the new Java plug-in.


If the Java applet does not initialize after you have installed the plug-in, open the Java Plug-in Control Panel (Start > Programs > Java Plug-in Control Panel), and verify these settings:

In the Proxies tab, verify that the Use browser settings is checked and that no proxies are enabled.


Note If you are running an Internet virus checker on Windows 2000 and the plug-in takes a long time to load, you can speed up CMS operation by disabling the virus checker filter option or download option or both.

On McAfee VirusScan, from the Start menu, to disable the VirusScan Internet Filter option, the Download Scan option, or both, select Start > Programs > Network Associates > Virus Scan Console > Configure.

or

From the taskbar, right-click the Virus Shield icon and in the Quick Enable menu, disable the options by deselecting Internet Filter or Download Scan.


Windows XP, Windows 2000, Windows 95, Windows 98, and Windows NT 4.0 Plug-Ins

These Java plug-ins are supported in the Windows environments:

Java plug-in 1.4

Java plug-in 1.3.1

Java plug-in 1.3.0

You can download these plug-ins from this URL:

http://www.cisco.com/pcgi-bin/tablebuild.pl/java

Solaris Plug-Ins

These Java plug-ins are supported on the Solaris platform:

Java plug-in 1.4

Java plug-in 1.3.1

Java plug-in 1.3.0

You can download these plug-ins and instructions from this URL:

http://www.cisco.com/pcgi-bin/tablebuild.pl/java

To install the Java plug-in, follow the instructions in the README_FIRST.txt file.

Creating Clusters with Different Releases of IOS Software

When a cluster consists of Catalyst 3550 switches and a mixture of other Catalyst switches, we strongly recommend using only the Catalyst 3550 switches as the command and standby command switches. When the command switch is a Catalyst 3550 switch, all standby command switches must also be Catalyst 3550 switches. The Catalyst 3550 switch that has the latest software should be the command switch.

If your cluster has Catalyst 2950, Catalyst 2900 XL, and Catalyst 3500 XL switches, the Catalyst 2950 switch should be the command switch. The Catalyst 2950 switch that has the latest software should be the command switch.

If your switch cluster has Catalyst 1900, Catalyst 2820, Catalyst 2900 XL, and Catalyst 3500 XL switches, either the Catalyst 2900 XL or Catalyst 3500 XL should be the command switch. The Catalyst 2900 or 3500 XL switch that has the latest software should be the command switch.

Table 5 lists the cluster capabilities and software versions for the switches.

Table 5 Switch Software and Cluster Capability 

Switch
IOS Release
Cluster Capability

Catalyst 3550

Release 12.1(4)EA1 or later

Member or command switch

Catalyst 3500 XL

Release 12.0(5.1)XU or later

Member or command switch

Catalyst 2950

Release 12.0(5.2)WC(1) or later

Member or command switch

Catalyst 2900 XL (8-MB switches)

Release 12.0(5.1)XU or later

Member or command switch

Catalyst 2900 XL (4-MB switches)

Release 11.2(8.5)SA6 (recommended)

Member switch only1

Catalyst 1900 and 2820

Release 9.00(-A or -EN)

Member switch only

1 Catalyst 2900 XL (4-MB) switches appear in the front-panel and topology views of CMS. However, CMS does not support configuration or monitoring of these switches.


Some versions of the Catalyst 2900 XL software do not support clustering, and if you have a cluster with switches that are running different versions of IOS software, software features added on the latest release might not be reflected on switches running the older versions. For example, if you start Visual Switch Manager (VSM) on a Catalyst 2900 XL switch running Release 11.2(8)SA6, the windows and functionality can be different from a switch running Release 12.0(5)WC(1) or later.


Note The CMS is not forward-compatible, which means that if a member switch is running a software version that is newer than the release running on the command switch, the new features are not available on the member switch. If the member switch is a new device supported by a software release that is later than the software release on the command switch, the command switch cannot recognize the member switch and it is displayed as an unknown device in the Front Panel view. You cannot configure any parameters or generate a report through CMS for that member; instead, you must launch the Device Manager application to perform configuration and obtain reports for that member.


Downloading Software

This section describes these procedures for downloading software:

"Guidelines for Downloading Switch Software" section

"Determining the Software Version and Feature Set" section

"Which Files to Use" section

"Upgrading a Switch by Using the CLI" section

"Recovering from Software Failure" section

For information about the software releases that support the Catalyst 2950 switches, see the "Limitations and Restrictions" section.


Note Before downloading software, read this section for important information.



Note The Catalyst 2950-12 and Catalyst 2950-24 switches cannot be upgraded to Release 12.1(6)EA2, Release 12.1(6)EA2a, or Release 12.1(6)EA2b. They can be upgraded to Release 12.1(6)EA2c or later.


Guidelines for Downloading Switch Software

When using CMS to upgrade multiple switches from the Cisco TFTP server, the Cisco TFTP server application can process multiple requests and sessions. When using CMS to upgrade multiple switches from the Cisco TFTP server, you must first disable the TFTP Show File Transfer Progress and the Enable Logging options to avoid TFTP server failures. If you are performing multiple-switch upgrades with a different TFTP server, it must be capable of managing multiple requests and sessions at the same time.

When you upgrade a switch, the switch continues to operate while the new software is copied to Flash memory. If Flash memory has enough space, the new image is copied to the selected switch but does not replace the running image until you reboot the switch. If a failure occurs during the copy process, you can still reboot your switch by using the old image. If Flash memory does not have enough space for two images, the new image is copied over the existing one. Features provided by the new software are not available until you reload the switch.

If a failure occurs while copying a new image to the switch, and the old image has already been deleted, refer to the "Recovering from Corrupted Software" section in the "Troubleshooting" chapter of the Catalyst 2950 Desktop Switch Software Configuration Guide.


Note If you are upgrading a switch that is running a release earlier than Release 12.1(11)EA1, this release includes a bootloader upgrade. The bootloader can take up to 30 seconds to upgrade.



Caution Do not power cycle the switch while you are copying an image to the switch. If a power failure occurs while you are copying the software image to the switch, call Cisco Systems immediately.

Determining the Software Version and Feature Set

The IOS image is stored as a .bin file in a directory that is named with the IOS release. A subdirectory contains the HTML files needed for web management. The image is stored on the system board Flash device (flash:).

You can use the show version user EXEC command to see the software version that is running on your switch. In the display, check the line that begins with System image file is. This line shows the directory name in Flash memory where the image is stored. A couple of lines below the image name, you see Running Enhanced Image if you are running the EI or Running Standard Image if you are running the SI.


Note Although the show version output always shows the software image running on the switch (SI or EI), the model name shown at the end of this display is the factory configuration and does not change if you upgrade the software image.


You can also use the dir filesystem: privileged EXEC command to see the directory names of other software images that you might have stored in Flash memory.

Which Files to Use

The upgrade procedures in these release notes describe how to perform the upgrade by using a combined .tar file. This file contains both the IOS image file and the HTML files (needed for the CMS). You must use the combined .tar file to upgrade the switch through the CMS.

The .tar file is an archive file from which you can extract files by using the archive tar command.


Note If you are upgrading from a release earlier than Release 12.1(6)EA2, use the tar command instead of the archive tar command.


Table 6 lists the software filenames for this IOS release.

Table 6 Catalyst 2950 IOS Software Files

Filename
Description

c2950-i6q4l2-mz.121-12c.EA1.bin

Catalyst 2950 SI and EI files

c2950-i6q4l2-tar.121-12c.EA1.tar

Catalyst 2950 SI, EI, and CMS files

c2950-i6k212q4-mz.121-12c.EA1a.bin

Catalyst 2950 SI1 and EI file. This includes the enhanced, standard, and crypto images.

c2950-i6k212q4-tar.121-12c.EA1a.tar

Catalyst 2950 SI 1 and EI files. This includes the enhanced IOS image, standard IOS image, crypto image, and CMS files.

1 Switches that support only the SI cannot run the crypto image. For more information, see the SI-only switches listed in Table 1 and the "Crypto Software Image Guidelines" section.


Upgrading a Switch by Using CMS

You can upgrade switch software by using CMS. From the menu bar, select Administration > Software Upgrade. For detailed instructions, click Help.

If you are using Cluster Manager to upgrade a switch cluster, you can use the Software Upgrade feature to upgrade all or some of the switches in a cluster at once. Consider these conditions when doing an upgrade:

You cannot upgrade Catalyst 2950, Catalyst 2900 XL, and Catalyst 3500 XL switches at the same time. However, you can group together and upgrade Catalyst 1900 and Catalyst 2820 switches at the same time.

Upgrade Catalyst 1900 and Catalyst 2820 switches last. To function efficiently, these switches need to be rebooted shortly after the upgrade occurs. If you do not click Reboot Cluster in 30 seconds after the upgrade, the Catalyst 1900 and Catalyst 2820 switches automatically reboot.

For Catalyst 2950, Catalyst 2900 XL, and Catalyst 3500 XL switches, enter the image_name.tar filename in the New File Name field. The .tar file contains both the IOS image and the web-management code.

For Catalyst 1900 and Catalyst 2820 switches, enter the image_name.bin filename in the New File Name field. The .bin file contains the software image and the web-management code.

Follow these steps to use Cluster Manager to upgrade software. Refer to the online help for more details.


Step 1 In Cluster Manager, select Administration > Software Upgrade to display the Software Upgrade window.

Step 2 Enter the .tar filename (for Catalyst 2950, Catalyst 2900 XL, and Catalyst 3500 XL switches) or the .bin filename (for Catalyst 1900 and Catalyst 2820 switches) that contains the switch software image and the web-management code.

You can enter just the filename or a pathname into the New Image File Name field. You do not need to enter a pathname if the image file is in the directory that you have defined as the TFTP root directory.


Note If you are upgrading a switch that is running a release earlier than Release 12.1(11)EA1, this release includes a bootloader upgrade. The bootloader can take up to 30 seconds to upgrade.



Caution Do not power cycle the switch while you are copying an image to the switch. If a power failure occurs when you are copying the software image to the switch, call Cisco Systems immediately.



Note You can also use Device Manager to upgrade a single switch by following the same software upgrade procedure.



Note Close your browser after the upgrade process is complete.


Upgrading a Switch by Using the CLI

To download switch software by using the CLI, follow these procedures in this order:

Decide which software files to download from Cisco.com (see the "Determining the Software Version and Feature Set" section).

Download the .tar file from Cisco.com (see the "Downloading the Software and TFTP Server Application" section).

Use the archive tar command to extract the IOS image and the HTML files from the .tar file during the TFTP copy to the switch. If you are upgrading from a release earlier than Release 12.1(6)EA2, use the tar command instead of the archive tar command.

Copy the current startup configuration file (see the "Copying the Current Startup Configuration from the Switch to a PC or Server" section).

If the upgrade to the new software fails or if the new startup configuration fails, you can reinstall the previous version of the switch software and use the copy of the startup configuration file to start the switch. If a failure occurs while copying a new image to the switch, and the old image has already been deleted, see the "Guidelines for Downloading Switch Software" section.

If you are using the CLI to upgrade a Catalyst 2950 switch, see the "Using the CLI to Upgrade a Catalyst 2950 Switch" section.

If you are using the CLI to upgrade a member switch in a switch cluster, follow one of these procedures:

If you are upgrading Catalyst 2950, Catalyst 2900 XL, and Catalyst 3500 XL member switches, see the "Upgrading Catalyst 2950, Catalyst 2900 XL, or Catalyst 3500 XL Member Switches" section.

If you are upgrading Catalyst 1900 or Catalyst 2820 member switches, see the "Upgrading Catalyst 1900 or Catalyst 2820 Member Switches" section.

If you are upgrading a member switch in a switch cluster, because a member switch might not be assigned an IP address, command-line software upgrades through TFTP are managed through the command switch.


Note If you are upgrading from an IOS release earlier than Release 12.1(6)EA2, use the tar command instead of the archive tar command as described in the "Using the CLI to Upgrade a Catalyst 2950 Switch" section, the "Upgrading Catalyst 2950, Catalyst 2900 XL, or Catalyst 3500 XL Member Switches" section, and the "Upgrading Catalyst 1900 or Catalyst 2820 Member Switches" section.


Downloading the Software and TFTP Server Application

This procedure is for copying the combined .tar file to the Catalyst 2950 switch. You copy the file to the switch from a TFTP server and extract the files. You can download an image file and replace or keep the current image.

Follow these steps to download the software and, if necessary, the TFTP server application, from Cisco.com to your management station:


Step 1 Use Table 6 to identify the files that you want to download.

Step 2 Download the files from one of these locations:

If you have a SmartNet support contract, go to this URL, and log in to download the appropriate files:

http://www.cisco.com/kobayashi/sw-center/sw-lan.shtml

If you do not have a SmartNet contract, go to this URL, follow the instructions to register on Cisco.com, and download the appropriate files:

http://www.cisco.com/public/sw-center/sw-lan.shtml

To download the files, select Catalyst 2950 Software.

To obtain authorization and download the enhanced crypto software files, select Catalyst 2950 Strong Cryptographic (3DES) Software.

Step 3 Use the CLI or web-based interface to perform a TFTP transfer of the file or files to the switch after you have downloaded them to your PC or workstation.

The readme.txt file describes how to download the TFTP server application. New features provided by the software are not available until you reload the software.


Copying the Current Startup Configuration from the Switch to a PC or Server

When you make changes to a switch configuration, your changes become part of the running configuration. When you enter the command to save those changes to the startup configuration, the switch copies the configuration to the config.text file in Flash memory. To ensure that you can recreate the configuration if a switch fails, you might want to copy the config.text file from the switch to a PC or server.

This procedure requires a configured TFTP server such as the Cisco TFTP server available on Cisco.com.

Beginning in privileged EXEC mode, follow these steps to copy a switch configuration file to the PC or server that has the TFTP server application:


Step 1 Copy the file in Flash memory to the root directory of the TFTP server:

switch# copy flash:config.text tftp

Step 2 Enter the IP address of the device where the TFTP server resides:

Address or name of remote host []? ip_address

Step 3 Enter the name of the destination file (for example, config.text):

Destination filename [config.text]? yes/no

Step 4 Verify the copy by displaying the contents of the root directory on the PC or server.


Using the CLI to Upgrade a Catalyst 2950 Switch

This procedure is for upgrading Catalyst 2950 switches by copying the .tar file to the switch. You copy the files to the switch from a TFTP server and extract the files by entering the archive tar command, with these results:

Changes the name of the current image file to the name of the new file that you are copying and replaces the old image file with the new one. Perform this step only if you have space available on your switch.

Disables access to the HTML pages and deletes the existing HTML files before the software upgrade to avoid a conflict if users access the web pages during the software upgrade.

Reenables access to the HTML pages after the upgrade is complete.


Note If you are upgrading a switch that is running a release earlier than Release 12.1(11)EA1, this release includes a bootloader upgrade. The bootloader can take up to 30 seconds to upgrade.



Caution Do not power cycle the switch while you are copying an image to the switch. If a power failure occurs when you are copying the software image to the switch, call Cisco Systems immediately.

Follow these steps to upgrade the switch software by using a TFTP transfer:


Step 1 If your PC or workstation cannot act as a TFTP server, copy the file to a TFTP server to which you have access.

Step 2 Access the CLI by starting a Telnet session or by connecting to the switch console port through the RS-232 connector.

To start a Telnet session on your PC or workstation, enter this command:

server% telnet switch_ip_address

Enter the Telnet password if you are prompted to do so.

Step 3 Enter privileged EXEC mode:

switch> enable 
switch#

Enter the password if you are prompted to do so.

Step 4 Remove the HTML files:

switch# delete flash:html/* 

Press Enter to confirm the deletion of each file. Do not press any other keys during this process.

Step 5 Enter this command to copy the new image and HTML files to Flash memory:


Caution In this step, the archive tar command copies the .tar file that contains both the image and the HTML files. If you are upgrading from a release earlier than Release 12.1(6)EA2, use the tar command instead of the archive tar command.

switch# archive tar /x tftp://server_ip_address/path/filename.tar flash: 
Loading /path/filename.tar from server_ip_address (via VLAN1):!) 
extracting info (110 bytes)
extracting c2950-i6q4l2-mz.121-12c.EA1.bin (2239579 bytes)!!!!!!!!!!!!!!!!!!!!
html/ (directory)
extracting html/Detective.html.gz (1139 bytes)!
extracting html/ieGraph.html.gz (553 bytes)
extracting html/DrawGraph.html.gz (787 bytes)
extracting html/GraphFrame.html.gz (802 bytes)!
... 

Depending on the TFTP server being used, you might need to enter only one slash (/) after the server_ip_address in the archive tar command.

Step 6 Display the name of the running (default) image file (BOOT path-list). This example shows the name in italic:

switch# show boot 
BOOT path-list:    flash:current_image 
Config file:       flash:config.text 
Enable Break:      1 
Manual Boot:       no 
HELPER path-list:  
NVRAM/Config file 
buffer size: 32768

Step 7 Enter global configuration mode:

switch# configure terminal 
Enter configuration commands, one per line. End with CNTL/Z. 

Step 8 Enter the boot command with the name of the new image filename:

switch(config)# boot system flash:new_image

For example:

switch(config)# boot system flash:c2950-i6q4l2-mz.121-12c.EA1.bin

Note If the show boot command entered in Step 6 displays no image name, you do not need to enter this command; the switch automatically finds the correct file to use when it resets.


Step 9 Return to privileged EXEC mode:

switch(config)# end

Step 10 Reload the new software with this command:

switch# reload 
System configuration has been modified. Save? [yes/no]:y 
Proceed with reload? [confirm] 

Step 11 Press Return to confirm the reload.

Your Telnet session ends when the switch resets.

After the switch reboots, use Telnet to return to the switch, and enter the show version user EXEC command to verify the upgrade procedure. If you have a previously opened browser session to the upgraded switch, close the browser, and start it again to ensure that you are using the latest HTML files.


Upgrading Catalyst 2950, Catalyst 2900 XL, or Catalyst 3500 XL Member Switches


Note If you are upgrading a switch that is running a release earlier than Release 12.1(11)EA1, this release includes a bootloader upgrade. The bootloader can take up to 30 seconds to upgrade.



Caution Do not power cycle the switch while you are copying an image to the switch. If a power failure occurs when you are copying the image to the switch, call Cisco Systems immediately.

Follow these steps to upgrade the software on a member switch:


Step 1 In privileged EXEC mode on the command switch, display information about the cluster members:

switch# show cluster members

From the output, select the number of the member switch that you want to upgrade. The member number is in the SN column of the display. You need this member number for Step 2.

Step 2 Log in to the member switch (for example, member number 1):

switch# rcommand 1

Step 3 Enter privileged EXEC mode:

switch> enable 
switch#

Enter the password if you are prompted to do so.

Step 4 Display the name of the running (default) image file (BOOT path-list). This example shows the name in italic:

switch# show boot 
BOOT path-list:       flash:current_image
Config file:          flash:config.text
Private Config file:  flash:private-config.text
Enable Break:         no
Manual Boot:          no
HELPER path-list:
NVRAM/Config file
      buffer size:    32768

Step 5 If there is no software image defined in the BOOT path-list, enter dir flash: to display the contents of Flash memory.

Step 6 Using the exact, case-sensitive name of the .tar file that you downloaded, rename the running image file to that name, and replace the .tar extension with .bin. The image filename is then the same as the downloaded filename but with a .bin extension. This step does not affect the operation of the switch.


Note Perform this step only if you have space available on your switch and want to retain a copy of the old image.


switch# rename flash:current_image flash:new_image 
Source filename [current_image]?  
Destination filename [new_image]? 

For example:

switch# rename flash:c2950-i6q4l2-mz.121-11.EA1.bin flash:c2950-i6q4l2-mz.121-12c.EA1.bin 

Step 7 Display the contents of Flash memory to verify the renaming of the file:

switch# dir flash: 

Directory of flash:/
  3  drwx       10176   Mar 01 2001 00:04:34  html
  6  -rwx        2343   Mar 01 2001 03:18:16  config.text
171  -rwx     1667997   Mar 01 2001 00:02:39 c2950-i6q4l2-mz.121-12c.EA1.bin
  7  -rwx        3060   Mar 01 2001 00:14:20  vlan.dat
172  -rwx         100   Mar 01 2001 00:02:54  env_vars

7741440 bytes total (4788224 bytes free)

Step 8 Enter global configuration mode:

switch# configure terminal 
Enter configuration commands, one per line. End with CNTL/Z. 

Step 9 Enter the boot command with the name of the new image filename:

switch(config)# boot system flash:new_image

For example:

switch(config)# boot system flash:c2950-i6q4l2-mz.121-12c1.EA1.bin

Note If the show boot command entered in Step 6 displays no image name, you do not need to enter this command; the switch automatically finds the correct file to use when it resets.


Step 10 Return to privileged EXEC mode:

switch(config)# end

Step 11 Remove the HTML files:

switch# delete flash:html/* 

Press Enter to confirm the deletion of each file. Do not press any other keys during this process.

Step 12 Start the TFTP copy function as if you were initiating it from the command switch.


Caution In this step, the archive tar command copies the .tar file that contains both the image and the HTML files. If you are upgrading from a release earlier than Release 12.1(6)EA2, use the tar command instead of the archive tar command.

switch-1# archive tar /x tftp://server_ip_address/path/filename.tar flash:
Source IP address or hostname [server_ip_address]?  
Source filename [path/filename]?  
Destination filename [flash:new_image]?  
Loading /path/filename.bin from server_ip_address (via!) 
[OK - 843975 bytes]

Step 13 Reload the new software with this command:

switch-1# reload 
System configuration has been modified. Save? [yes/no]:y 
Proceed with reload? [confirm]

Press Enter to start the download.


You lose contact with the switch while it reloads the software. For more information on the rcommand command, refer to the Catalyst 2950 Desktop Switch Command Reference.

Upgrading Catalyst 1900 or Catalyst 2820 Member Switches

Follow these steps to upgrade the software on a Catalyst 1900 or Catalyst 2820 member switch:


Step 1 In privileged EXEC mode on the command switch, display information about the cluster members:

switch# show cluster members

From the display, select the number of the member switch that you want to upgrade. The member number is in the SN column of the display. You need this member number for Step 2.

Step 2 Log in to the member switch (for example, member number 1):

switch# rcommand 1

Step 3 For switches running the standard edition software, enter the password (if prompted), access the Firmware Configuration menu from the menu console, and perform the upgrade. Follow the instructions in the installation and configuration guide that shipped with your switch. When the download is complete, the switch resets and begins using the new software.

The Telnet session accesses the menu console (the menu-driven interface) if the command switch password is privilege level 15. If the command switch password is privilege level 1, you are prompted for the password.

You lose contact with the switch while it reloads the software.

Step 4 For switches running Enterprise Edition Software, start the TFTP copy as if you were initiating it from the member switch:

switch-1# copy tftp://host/src_file opcode

For example, copy tftp://spaniel/op.bin opcode downloads new system operational code op.bin from the host spaniel.


You should see the TFTP successfully downloaded operational code message. When the download is complete, the switch resets and begins using the new software. If this message does not appear, refer to the installation and configuration guide that shipped with your switch for more information.

You can also upgrade the switch software through the Firmware Configuration menu from the menu console. For more information, refer to the installation and configuration guide that shipped with your switch.

You lose contact with the switch while it reloads the software.

Recovering from Software Failure

If the software fails, you can reload the software. For detailed recovery procedures, refer to the "Troubleshooting" chapter in the Catalyst 2950 Desktop Switch Software Configuration Guide.

Installation Notes

You can assign IP information to your switch by using the setup program, the Dynamic Host Configuration Protocol (DHCP)-based autoconfiguration (refer to the Catalyst 2950 Desktop Switch Software Configuration Guide), or by manually assigning an IP address (refer to the Catalyst 2950 Desktop Switch Software Configuration Guide).

This section describes these installation procedures:

"Setting Up the Catalyst 2950 Initial Configuration" section

"Accessing CMS" section

Setting Up the Catalyst 2950 Initial Configuration

The first time that you access the switch, it runs a setup program that prompts you for an IP address and other configuration information necessary for the switch to communicate with the local routers and the Internet. This information is also required if you plan to use the CMS to configure and manage the switch.


Note If the switch will be a cluster member managed through the IP address of the command switch, it is not necessary to assign IP information or a password. If you are configuring the switch as a standalone switch or as a command switch, you must assign IP information.


Follow these steps to create an initial configuration for the switch:


Step 1 Enter Yes at the first two prompts.

Would you like to enter the initial configuration dialog? [yes/no]: yes

At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.

Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system.

Would you like to enter basic management setup? [yes/no]: yes

Step 2 Enter a host name for the switch, and press Return.

On a command switch, the host name is limited to 28 characters; on a member switch to 31 characters. Do not use -n, where n is a number, as the last character in a host name for any switch.

Enter host name [Switch]: host_name

Step 3 Enter a secret password, and press Return.

The password can be from 1 to 25 alphanumeric characters, can start with a number, is case sensitive, allows spaces, but ignores leading spaces.

Enter enable secret: secret_password

Step 4 Enter an enable password, and press Return.

Enter enable password: enable_password

Step 5 Enter a virtual terminal (Telnet) password, and press Return.

The password can be from 1 to 25 alphanumeric characters, is case sensitive, allows spaces, but ignores leading spaces.

Enter virtual terminal password: terminal-password

Step 6 (Optional) Configure the Simple Network Management Protocol (SNMP) by responding to the prompts.

Step 7 Enter the interface name (physical interface or VLAN name) of the interface that connects to the management network, and press Return. For this release, always use vlan 1 as that interface.

Enter interface name used to connect to the
management network from the above interface summary: vlan 1

Step 8 Configure the interface by entering the switch IP address and subnet mask and pressing Return:

Configuring interface vlan1:
Configure IP on this interface? [yes]: yes 
IP address for this interface: 10.4.120.106
Subnet mask for this interface [255.0.0.0]: 255.255.255.0

Step 9 Enter Y to configure the switch as the cluster command switch. Enter N to configure it as a member switch or as a standalone switch.

If you enter N, the switch appears as a candidate switch in the CMS. In this case, the message in Step 10 does not appear.

Would you like to enable as a cluster command switch? [yes/no]: yes

Step 10 Assign a name to the cluster, and press Return.

Enter cluster name: cluster_name

The cluster name can be 1 to 31 alphanumeric characters, dashes, or underscores.

The initial configuration appears:

The following configuration command script was created:

hostname host_name
enable secret 5 $1$Max7$Qgr9eXBhtcBJw3KK7bc850
enable password my
line vty 0 15
password my_password
snmp-server community public
!
no ip routing
!
interface Vlan1
no shutdown
ip address 172.20.139.145 255.255.255.224
!
interface Vlan2
shutdown
no ip address
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
...<output abbreviated)
!!!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
end

Step 11 These choices appear:

[0] Go to the IOS command prompt without saving this config.

[1] Return back to the setup without saving this config.

[2] Save this configuration to nvram and exit.

Enter your selection [2]:

Make your selection, and press Return.


After you complete the setup program, the switch can run the created default configuration. If you want to change this configuration or want to perform other management tasks, use one of these tools:

Command-line interface (CLI)

CMS from your browser

Accessing CMS

Before using the web-based CMS tools, see the "Software Compatibility" section and the "Installing the Required Plug-In" section to set up the appropriate browser options. After you have assigned an IP address to the switch and installed the plug-in, you can access the switch from your browser and use the CMS to configure other switches.


Note If you have downloaded a new version of the CMS, you must clear your browser cache before launching the new CMS version.


The browser prompts for a username and password when you access CMS:

If no username is configured on your switch (the default), you only need to enter the enable password in the appropriate field. For more information, see the "Displaying CMS" section.

If you are not using the default method of authentication (the enable password), you need to configure the HTTP server interface with the method of authentication used on the switch. For more information, see the "Configuring the HTTP Server" section.

Configuring the HTTP Server

Beginning in privileged EXEC mode, follow these steps to configure the HTTP server interface:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip http authentication {aaa | enable | local | tacacs}

Configure the HTTP server interface for the type of authentication you want to use.

aaa—Indicates that the AAA facility is used for authentication.

enable—Indicates that the enable password, which is the default method of HTTP server user authentication, is being used.

local—Indicates that the local user database as defined on the Cisco router or access server is used for authentication.

tacacs—Indicates that the TACACS server is used for authentication.

Step 3 

end

Return to privileged EXEC mode.

Step 4 

show running-config

Verify your entries.

After you have configured the HTTP server interface, display the CMS access page as described in "Displaying CMS" section.

Displaying CMS

To display the CMS access page, follow these steps:


Step 1 Enter the switch IP address in the browser Location field (Netscape Communicator) or Address field (Internet Explorer), and press Return.

Step 2 Enter your username and password when prompted.

The Cisco Systems Access page appears. For more information on setting passwords and privilege levels, refer to the Catalyst 2950 Multilayer Switch Software Configuration Guide.

Step 3 Click Web Console to launch the CMS applet.

When you access CMS from a standalone or a cluster-member switch, Device Manager appears.


New Features

These are the new supported hardware and the new software features provided in Release 12.1(12c)EA1a.

New Hardware Features

There is no new hardware offered with this release. For a list of supported hardware, see the "Hardware Supported" section.

New Software Features

Cisco IOS Release 12.1(12c)EA1a contains these new features or enhancements:

Secure Shell (SSH) for an encrypted Telnet session over the network. This feature requires the crypto software image, listed in Table 6. SSH is supported only on the crypto EI image.

Simple Network Management Protocol Version 3 (SNMPv3) to increase network security by encrypting packets. This feature requires the crypto software image, listed in Table 6.

Automatic QoS (auto-QoS) to simplify the deployment of existing QoS features by classifying traffic and configuring egress queues (voice over IP only). Auto-QOS is supported only on the EI.

Layer 2 traceroute to identify the physical path that a packet takes from a source device to a destination device.

Support for Link Aggregation Control Protocol (LACP) to facilitate the automatic creation of EtherChannels by exchanging packets between Ethernet interfaces. LACP is defined in IEEE 802.3AD.

Support for the capabilities keyword with the show interfaces privileged EXEC command

Support for these new security features:

802.1X with VLAN assignment for restricting 802.1X-authenticated users to a specified VLAN (available only with the EI)

802.1X with port security for authenticating the port and managing network access for all MAC addresses, including that of the client (available only with the EI)

802.1X with voice VLAN to permit an IP phone access to the voice VLAN irrespective of the authorized or unauthorized state of the port

CMS support for these features:

Ping and Trace—Perform a ping or Layer 2 traceroute operation on or to a specific address.

Front Panel View Enhancements—Choose the switches in a cluster that are displayed in the Front Panel view window.

Limitations and Restrictions

You should review this section before you begin working with the switches. These are known limitations that will not be fixed, and there is not always a workaround. Some features might not work as documented, and some features could be affected by recent changes to the switch hardware or software.

These are the limitations and restrictions:

"Crypto Software Image Guidelines" section

"Immediate-Leave Limitation" section

"RSPAN Limitation" section

"ACL Limitations" section

"Hardware and Software Compatibility Matrixes" section

"Port Configuration Conflicts" section

"SPAN Limitation" section

Crypto Software Image Guidelines

The SSH feature uses a large amount of switch memory, which limits the number of VLANs, trunk ports, and cluster members that you can configure on the switch. Before you download the crypto software image, your switch configuration must meet these conditions:

The number of trunk ports multiplied by the number of VLANs on the switch must be less than or equal to 128. These are examples of switch configurations that meet this condition:

If the switch has 2 trunk ports, it can have up to 64 VLANs.

If the switch has 32 VLANs, it can have up to 4 trunk ports.

If your switch is a cluster command switch, it can only support up to eight cluster members.


Note A switch that runs the SI cannot run the crypto image. If a crypto image is loaded on an SI-only switch, the switch will perform a forced reload.


If your switch has a saved configuration that does not meet the previous conditions and you upgrade the switch software to the crypto software image, the switch might run out of memory. If this happens, the switch does not operate properly. For example, it might continuously reload.

If the switch runs out of memory, this message appears:

%SYS-2-MALLOCFAIL: Memory allocation of (number_of_bytes) bytes failed ...

The workaround is to check your switch configuration and ensure that it meets the previous conditions. (CSCdw66805)

Immediate-Leave Limitation

When the Internet Group Management Protocol (IGMP) Immediate-Leave is configured, new ports are added to the group membership each time a join message is received, and ports are pruned (removed) each time a leave message is received.

If the join and leave messages arrive at high rate, the CPU can become busy processing these messages. For example, the CPU usage is approximately 50 percent when 50 pairs of join and leave messages are received each second. Depending on the rate at which join and leave messages are received, the CPU usage can go very high, even up to 100 percent, as the switch continues processing these messages.

The workaround is to only use the Immediate-Leave processing feature on VLANs where a single host is connected to each port. (CSCdx95638)

RSPAN Limitation

In a Remote Switched Port Analyzer (RSPAN) session, if at least one Catalyst 2950 switch is used as an intermediate or destination switch and if traffic for a port is monitored in both directions, traffic does not reach the destination switch. (CSCdy38476)

These are the workarounds:

Use a Catalyst 3550 or Catalyst 6000 switch as an intermediate or destination switch.

Monitor traffic in only one direction if a Catalyst 2950 switch is used as an intermediate or destination switch.

ACL Limitations

Follow these guidelines for applying access control lists (ACLs) to interfaces:

From IOS version 12.1(9)EA1d and later, you can create ACLs with access control entries (ACEs) that have different masks. However, these ACLs can only be applied to a management VLAN or to any traffic that is going directly to the CPU, such as SNMP, Telnet, or web traffic. (CSCdz06177)

When you apply an ACL to a physical interface, some keywords are not supported, and certain mask restrictions apply to the ACLs. For information on creating ACLs for physical interfaces, refer to the "Creating a Numbered Standard ACL" section and the "Creating a Numbered Extended ACL" section of the software configuration guide for Release 12.1(9)EA1 or later. (CSCdw56650)

You can apply ACLs to a management VLAN or to any traffic that is going directly to the CPU, such as SNMP, Telnet, or web traffic. For information on creating ACLs for these interfaces, refer to the "Configuring IP Services" section of the Cisco IOS IP and IP Routing Configuration Guide and the Command Reference for IOS Release 12.1.

Hardware and Software Compatibility Matrixes

Some switches are not supported by certain software releases. In Table 7 and Table 8, Yes means that the switch is supported by the software release; No means that the switch is not supported by the release.

Table 7 lists the Catalyst 2950-12, 2950-24, 2950C-24, and 2950T-24 switches and the software releases supporting them. The serial numbers are on the switch rear panel.

Table 8 lists the Catalyst 2950G-12-EI, 2950G-24-EI, 2950G-24-EI-DC, 2950G-48-EI, and 2950SX-24 switches and the software releases supporting them. The serial numbers are on the switch rear panel.

Table 7 Catalyst 2950-12, 2950-24, 2950C-24, and 2950T-24 Switches  

Hardware
Serial Number
Release 12.0(5)WC2b or Earlier
Release 12.1(6)EA2, Release 12.1(6)EA2a, and Release 12.1(6)EA2b
Release 12.1(6)EA2c
Release 12.1(9)EA1 or Later

Catalyst 2950-12

Any serial number beginning with FAA or FAB

Yes

No

Yes

Yes

Lower than FOC0616W1H6 or
FHK0616W34M

Yes

No

Yes

Yes

FOC0616W1H6, FHK0616W34M, or higher

No

No

Yes

Yes

Catalyst 2950-24

Any serial number beginning with FAA or FAB

Yes

No

Yes

Yes

Lower than FOC0616Z1ZM or FHK0617Y0N3

Yes

No

Yes

Yes

FOC0616Z1ZM, FHK0617Y0N3,
or higher

No

No

Yes

Yes

Catalyst 2950C-24

Any serial number beginning with FAA or FAB

Yes

Yes

Yes

Yes

Lower than FOC0616TOJH or FHK0617W0YA

Yes

Yes

Yes

Yes

FOC0616TOJH, FHK0617W0YA,
or higher

No

No

Yes

Yes

Catalyst 2950T-24

Any serial number beginning with FAA or FAB

Yes

Yes

Yes

Yes

Lower than FOC0617X11P or FHK0617Y1M2

Yes

Yes

Yes

Yes

FOC0617X11P, FHK0617Y1M2,
or higher

No

No

Yes

Yes


Table 8 Catalyst 2950G-12-EI, 2950G-24-EI, 2950G-24-EI-DC, 2950G-48-EI, and 2950SX-24 Switches 

Hardware
Release 12.0(5)WC2b or Earlier
Release 12.1(6)EA2, Release 12.1(6)EA2a, and Release 12.1(6)EA2b
Release 12.1(6)EA2c
Release 12.1(9)EA1
Release 12.1(9)EA1d or Later

Catalyst 2950G-12-EI

No

Yes

Yes

Yes

Yes

Catalyst 2950G-24-EI 

No

Yes

Yes

Yes

Yes

Catalyst 2950G-24-EI-DC

No

Yes

Yes

Yes

Yes

Catalyst 2950G-48-EI

No

Yes

Yes

Yes

Yes

Catalyst 2950SX-24

No

No

No

No

Yes


Port Configuration Conflicts

Certain combinations of port features create configuration conflicts (see Table 9). If you try to enable incompatible features, CMS issues a warning message, and you cannot make the change. Reload the page to refresh CMS.

In Table 9, No means that the two referenced features are incompatible, and both should not be enabled; Yes means that both can be enabled at the same time and do not cause an incompatibility conflict. A dash means not applicable.

Table 9 Conflicting Features 

 
Port Group
Port Security
SPAN Source Port
SPAN Destination Port
Connect to Cluster?
Protected Port
802.1X Port
Port Group

-

No

Yes

No

Yes

Yes

No

Port Security

No

-

Yes

No

Yes

Yes

Yes1

SPAN Source Port

Yes

Yes

-

No

Yes

Yes

Yes

SPAN Destination Port

No

No

No

-

Yes

Yes

No

Connect to Cluster

Yes

Yes

Yes

Yes

-

Yes

-

Protected Port

Yes

Yes

Yes

Yes

Yes

-

-

802.1X Port

No

Yes1

Yes

No

-

-

-

1 The switch must be running the EI.


SPAN Limitation

When using the SPAN feature, the monitoring port receives copies of sent and received traffic for all monitored ports. If the monitoring port is oversubscribed, it will probably become congested. This might also affect how one or more of the monitored ports forwards traffic.

Important Notes

This section describes important information related to this IOS release. These sections are included:

"IOS Notes" section

"CMS Notes" section

"VLAN Notes" section

"IGMP Filtering" section

IOS Notes

These notes applies to IOS configuration:

When an 802.1X-authenticated client is disconnected from an IP phone, hub, or switch and does not send an EAPOL-Logoff message, the switch interface does not transition to the unauthorized state. If this happens, it can take up to 60 minutes for the interface to transition to the unauthorized state when the re-authentication time is the default value (3600 seconds).

The workaround is to change the number of seconds between re-authentication attempts by using the dot1x timeout re-authperiod seconds global configuration command. (CSCdz38483)

When you configure a dynamic switchport by using the switchport access VLAN dynamic interface configuration command, the port might allow unauthorized users to access network resources if the interface changes from access mode to trunk mode through Dynamic Trunking Protocol (DTP) negotiation.

The workaround is to configure the port as a static access port. (CSCdz32556)

CMS Notes

This section describe this information:

Read-Only Mode in CMS

Configuring CMS

Read-Only Mode in CMS

CMS provides two levels of access to the configuration options. If your privilege level is 15, you have read-write access to CMS. If your switch privilege level is from 1 to 14, you have read-only access to CMS. In the read-only mode, some data is not displayed, and an error message appears when these switches are running these software releases:

Catalyst 2900 XL or Catalyst 3500 XL member switches running Release 12.0(5)WC2 or earlier

Catalyst 2950 member switches running Release 12.0(5)WC2 or earlier

Catalyst 3550 member switches running Release 12.1(6)EA1 or earlier

In the Front Panel view or Topology view, CMS does not display error messages. In the Front Panel view, if the switch is running one of the software releases listed previously, the device LEDs do not appear. In Topology view, if the member is a Long-Reach Ethernet (LRE) switch, the customer premises equipment (CPE) devices that are connected to the switch do not appear. The Bandwidth and Link graphs also do not appear in these views.

To view switch information, you need to upgrade the member switch software. For information about upgrading switch software, see the "Downloading Software" section.

Configuring CMS

These notes apply to the CMS configuration:

If you use CMS on Windows 2000, it might not apply configuration changes if the enable password is changed from the CLI during your CMS session. You have to restart CMS and enter the new password when prompted. Platforms other than Windows 2000 prompt you for the new enable password when it is changed.

If you use Internet Explorer Version 5.5 and select a URL with a nonstandard port at the end of the address (for example, www.add.com:84), you must enter http:// as the URL prefix. Otherwise, you cannot launch CMS.

Within an ACL, you can change the sequence of ACEs that have the host keyword. However, because such ACEs are independent of each other, the change has no effect on the way the ACL filters traffic.

If you use the Netscape browser to view the CMS GUI and you resize the browser window while CMS is initializing, CMS does not resize to fit the window.

Resize the browser window again when CMS is not busy.

CMS does not start if the temporary directory on your computer runs out of memory. This problem can occur because of a bug in the 1.2.2 version of the Java plug-in. The plug-in creates temporary files in the directory whenever it runs CMS, and the directory eventually runs out of plug-in space.

The workaround is to remove all the jar_cache*.tmp files from the temporary directory. The path to the directory is different for different operating systems:

Solaris: /var/tmp
Windows NT and Windows 2000: \TEMP
Windows 95 and 98: \Windows\Temp

VLAN Notes

These notes apply to VLAN configuration:

The management interface configuration command is not supported in Release 12.1(6)EA2 or later. To shut down the current management VLAN interface and to enable the new management VLAN interface, use the shutdown and no shutdown interface configuration commands. Refer to the Catalyst 2950 Desktop Switch Command Reference for information about using the shutdown interface configuration command.

If VLAN1 or VLANs 1002 to 1005 are removed from a trunk port, the switch no longer receives CDP or VTP frames. VLAN minimization is not supported on the Catalyst 2950 switch. You cannot remove VLAN1 or VLANs 1002 to 1005 from the allowed VLAN list. (CSCdz22629)

IGMP Filtering

IGMP filtering controls only group specific query and membership reports, including join and leave reports. It does not control general IGMP queries.

Open Caveats

Open caveats in this release are described in these sections:

"Open IOS Caveats" section

"Open Cluster Configuration Caveats" section

"Open CMS Caveats" section

Open IOS Caveats

These are the severity 3 IOS configuration caveats:

CSCdp85954

Root guard is inconsistent when configured on a port that is in the STP blocked state at the time of configuration.

There is no workaround.

CSCdr96565

Aging of dynamic addresses does not always occur exactly after the specified aging time elapses. It might take up to three times this time period before the entries are removed from the table.

There is no workaround.

CSCds58369

If the switch gets configured from the dynamic IP pool, a duplicate or different IP address might be assigned.

The workaround is to make sure that the DHCP server contains reserved addresses that are bound to each switch by the switch hardware address so that the switch does not obtain its IP address from the dynamic pool.

CSCds20365

Internal loopback in half-duplex mode causes input errors. We recommend that you configure the PHY to operate in full duplex before setting the internal loopback.

There is no workaround.

CSCdt24814 (formerly CSCdt2481)

A source-based distribution port group does not share the broadcast with all the group members. When the destination of the packets is a broadcast or unknown unicast or multicast, the packets are forwarded only on one port member of a port group, instead of being shared among all members of the port group.

There is no workaround.

CSCdt27223

When you enter the show controllers ethernet-controller interface-id or show interfaces interface-id counters privileged EXEC command, if a large number of erroneous frames are received on an interface, the receive-error counts might be smaller than the actual values, and the receive-unicast frame count might be larger than the actual frame count.

There is no workaround.

CSCdt48011

Two problems occur when the Catalyst 2950 switch is in transparent mode:

If the switch is a leaf switch, any new VLANs added to it are not propagated upstream through VTP messages. As a result, the switch does not receive flooded traffic for that VLAN.

If the switch is connected to two VTP servers, it forwards their pruning messages. If the switch has a port on a VLAN that is not requested by other servers through their pruning messages, it does not receive flooded traffic for that VLAN.

There is no workaround.

CSCdu83640

The receive count output for the show controllers ethernet-controller interface-id privileged EXEC command shows the incoming packets count before the ASIC makes a decision of whether to drop the packet or not. Therefore, for ports in the STP blocking states, even though the receive count shows incoming frames, the packet is not forwarded to the other port.

There is no workaround.

CSCdv02941

In some network topologies, when UplinkFast is enabled on all Catalyst 2950 switches and BackboneFast is not enabled on all switches, a temporary loop might be caused when the STP root switch is changed.

The workaround is to enable BackboneFast on all switches.

CSCdv19671

At times, the Window-XP pop-up window might not appear while authenticating a client (supplicant) because the user information is already stored in Windows XP. However, the Extensible Authentication Protocol over LAN (EAPOL) response to the switch (authenticator) might have an empty userid that causes the 802.1X port to be deauthenticated.

The workaround is to manually re-initiate authentication by either logging off or detaching the link and then re-connecting it.

CSCdv27247

If two Catalyst 2950 switches are used in a network and if access ports are used to connect two different VLANs whose VLAN IDs are separated by the correct multiple of 64, it is possible to create a situation where the two switches use the same bridge ID in the same spanning-tree instances. This might cause a loss of connectivity in the VLAN as the spanning tree blocks the ports that should be forwarding.

The workaround is to not cross-connect VLANs. For example, do not use an access port to connect VLAN 1 to VLAN 65 on either the same switch or from one switch to another switch.

CSCdv34505

The Catalyst 2950 command switch might not show the Catalyst 1900, Catalyst 2820, and Catalyst 2900 XL 4-MB (models C2908-XL, C2916M-XL, C2924C-XL, and C2924-XL) switches as candidates even though their management VLAN is the same as the command switch. This occurs only when their management VLAN is not VLAN 1.

There is no workaround.

CSCdv44005

A Catalyst 2950 command switch running Release 12.1(6)EA2 cannot use the rcommand privileged EXEC command to start a Telnet session on a Catalyst 3550 member running
IOS Release 12.1(4)EA1, when the aaa authorization exec default group tacacs+ global configuration command is configured on both the command switch and the member.

The workaround is to upgrade the Catalyst 3550 switch to Release 12.1(6)EA1a.

CSCdv45190

On a Catalyst 2950 switch, the Multicast VLAN Registration (MVR) receiver port joins only 255 groups when the Internet Group Management Protocol (IGMP) join message is sent to all 256 MVR groups configured. Multicast data for the 256th group is not received.

The workaround is to set the mode to dynamic for Catalyst 2950 switches that are connected to IGMP-capable devices. Then, MVR members can join any group but can only support 255 IP multicast streams at any given time.

CSCdv49871

A Catalyst 2950 command switch can discover only the first Catalyst 3550 switch if the link between the Catalyst 3550 switches is an 802.1Q trunk and the native VLAN is not the same as the management VLAN of the Catalyst 2950 switch or if the link between the Catalyst 3550 switches is an ISL trunk and the management VLAN is not VLAN 1.

The workaround is to connect Catalyst 3550 switches by using the access link on the command switches management VLAN or to configure an 802.1Q trunk with a native VLAN that is the same as the management VLAN of the command switch.

CSCdv62271

There might be a link on the Fast Ethernet port of the Catalyst 2950 switch when it is forced to 10 Mbps and full-duplex mode and its link partner is forced to 100 Mbps and forced duplex mode. The LED on the Catalyst 2950 switch might display the link, and the error counters might increment.

The workaround is to configure both sides of a link to the same speed or use auto-negotiation.

CSCdv67047

The ip http authentication enable global configuration command is not saved to the configuration file because this is the default configuration. Therefore, this configuration is lost after a reboot.

The workaround is to manually enter the command again after a reboot.

CSCdv82224

If a stack that has Catalyst 2950 switches also has Catalyst 2900 XL or Catalyst 3500 XL switches, cross-stack UplinkFast (CSUF) does not function if the management VLAN on the Catalyst 2900 XL or Catalyst 3500 XL switches is changed to a VLAN other than VLAN 1 (the default).

The workaround is to make sure that the management VLANs of all Catalyst 2900 XL or 3500 XL switches in the stack are set to VLAN 1.

CSCdw02638

If a port is configured as a secure port with the violation mode as restrict, the secure ports might process packets even after maximum limit of MAC addresses is reached, but those packets are not forwarded to other ports.

There is no workaround.

CSCdw48441

The discarded frames count of the show controllers ethernet-controller privileged EXEC command output and the ignored count of the show controller ethernet privileged EXEC command output can increment for these reasons:

The source and destination ports are the same.

The spanning-tree state of the ingress port is not in the forwarding state.

Traffic is filtered because of unicast or multicast storms are on the port.

Traffic is dropped because a VLAN has not been assigned by VLAN Query Protocol (VQP).


Note This error occurs only on switches that can run Release 12.1(6)EA2 or earlier.


There is no workaround.

CSCdx75308

When you use the policy-map global configuration command to create a policy map, and you do not specify any action for a class map, the association between that class map and policy map is not saved when you exit policy-map configuration mode.

The workaround is to specify an action in the policy map.

CSCdx79221

When you set the c2900PortUseageApplication object value in the CISCO-C2900 MIB to monitor, portgroupDest, portGrouping, network, or networkGroup, the setting is rejected.

The workaround for the monitor keyword is to use the CLI to configure a SPAN session.

The workaround for the portGroupDest and portGrouping values is to use the EtherChannel CLI commands to configure load balancing.

There are no workarounds for the network and networkGroup values. These are unsupported values.

CSCdy08716

A switch does not use the default gateway address in the DHCP offer packet from the server during automatic-install process.

The workaround is to manually assign an IP address to the switch.

CSCdy30416

When you enter an snmp-server host global configuration command with a non-existent community-string value, the Community Strings tag shows a non-existent community string. This creates a community with only notification-view access.


Note When you remove the command, the configuration needs to be checked for any other instances of snmp-server host for a given community. If there are none, the community (view) should be deleted.


The workaround is to:

a. Remove the command.

b. Configure the community as read-write.

c. Remove the community as read-write.

d. Configure the community as read-only.

e. Remove the community as read-only.

CSCdy65850

If you assign a non-existent VLAN ID to a static-access EtherChannel by setting the ciscoVlanMembershipMIB:vmVlan object, the switch does not create the VLAN in the VLAN database.

There is no workaround.

CSCdy65883

On Gigabit Ethernet interfaces, if the pagpEthcOperationMode object value is set to pagpOn, the running configuration on the CLI incorrectly shows that the PAgP mode is set to auto. The PAgP mode should be desirable.

There is no workaround.

CSCdy74927

If ports in an EtherChannel do not meet specific conditions, you might not be able to create or modify the EtherChannel.

The workaround is to follow these guidelines:

If the port is already assigned to an EtherChannel, do not change the mode from an LACP mode (active or passive mode) to a PAgP mode (auto or desirable mode) or from the on mode to an LACP or PAgP mode.

Set all ports in the EtherChannel to the same mode, such as a PAgP mode, an LACP mode, or the on mode.

If the ports are set to a PAgP mode, set the port priority from 0 to 255.

If the ports are set to an LACP mode, set the port priority from 1 to 65535.

If the ports are set to on mode, do not set a port-priority.

Do not assign a port to an EtherChannel when SPAN, port security, or 802.1X is configured on the port.

Make sure that the channel-group members belong to the same allowed range of VLANs and that members are either all static-access or all trunk ports. For all trunk ports, the native VLAN, allowed VLANs on the trunk, and the VLANs in the pruning-eligible list must be the same.

Dynamic-access ports cannot belong to a channel group.

CSCdy75471

After a Catalyst 2950 switch reloads, if a multicast dynamic MAC address is manually configured on a trunk port, traffic to this multicast address is sent to the incorrect native VLAN.

The workaround is to remove the multicast dynamic MAC address that was manually configured and then configure the multicast address as a static MAC address.

CSCdy80581

The dot3StatsTable in the ETHERLIKE-MIB incorrectly shows high values. For example, it can show these values for the VLAN interface statistics:

dot3StatsMultipleCollisionFrames (5) = 2162549484

dot3StatsDeferredTransmissions (7) = 2152977356

dot3StatsLateCollisions (8) = 161

There is no workaround.

CSCdy87390

When IGMP snooping is enabled on a switch, if it receives an IGMP report from a client port and sends the packet to a router port, the switch adds a 4-byte frame check sequence (FCS) to the end of the frame, which changes the length of the frame from 64 bytes to 68 bytes.

There is no workaround.

CSCdz00065

When a link is down, this message might not appear:

Interface changed state to down

There is no workaround.

CSCdz00380

If you reconfigure a dynamic access port as a static access port and manually assign the same VLAN that was allocated by the VLAN Membership Policy Server (VMPS) server, the port does not learn new addresses and behaves as dynamic access port.

The workaround is to shut down the port and then enable it by using the shutdown and no shutdown interface configuration commands.

CSCdz12991

If the system board test fails during the power-on self-test (POST), the polling c2900InfoSelfTestFailed object value is 0x80, which means the test failed, but the output from the show post privileged EXEC command shows that the system board test passed.

There is no workaround.

CSCdz13456

If you change a management VLAN so that it is no longer the default VLAN, you might not be able to ping the VLAN Membership Policy Server (VMPS) server that is directly connected to it.

The workaround is to reload the switch.

CSCdz14682

Time-based DSCP quality of service (QoS) filters that have inactive access control lists (ACLs) can still be in effect after the timerange has expired.

There is no workaround.

CSCdz22925

When you attach four access control lists (ACLs) that each have different masks to different interfaces, and then try to attach a policy to one of those interfaces, a no free mask error is displayed, but the policy is still attached to the interface.

This error only occurs with class maps of this type:

class-map cm match ip dscp <dscp-value>

There is no workaround.

CSCdz24645

On Gigabit Ethernet interfaces, you cannot remove static MAC addresses by using the dot1dStaticStatus object in SNMP.

The workaround is to remove static MAC addresses by using the CLI.

CSCdz31076

When configuring 802.1X with dynamic VLAN assignment on a switch, the Tunnel-Private-Group-ID field in the Radius server must be configured with a VLAN number.

The Catalyst 2950 switch does not support the Tunnel-Private-Group-ID field when it is configured as a VLAN name.

There is no workaround.

CSCdz34545

The output from the show stack privileged EXEC command might show a large number of spurious interrupts.

There is no workaround. The number of interrupts does not affect the switch functionality.

CSCdz72613

Before and after the switch reloads, this message appears:

Bootstrap Emulator called with code 45

There is no workaround. This message does not affect the switch functionality.

Open Cluster Configuration Caveats

These are the severity 3 cluster caveats:

CSCdp82354

You can use Cluster Manager to configure a HSRP standby group and bind it to a cluster. However, you cannot use Cluster Manager to configure more than one standby group. If you want to configure more than one standby group, use the CLI.

There is no workaround.

CSCdt09918

When the cluster command switch is a:

Catalyst 2900 XL switch

Catalyst 2950 switch running software earlier than Release 12.1(6)EA2

Catalyst 3500 XL switch that is connected to either a Catalyst 2950 switch running Release 12.1(6)EA2 or later or a Catalyst 3550 switch

The command switch then does not find any cluster candidates beyond the Catalyst 2950 or 3550 switch if it is not a member of the cluster.

The workaround is to add the Catalyst 2950 or 3550 switch to the cluster. You can then see any cluster candidates connected to it.

Open CMS Caveats

These are the severity 3 CMS configuration caveats:

CSCdv56582

In the CMS topology view, icons for the fiber-optic, ATM, and FDDI links are not visible.

There is no workaround.

CSCdv82352

A red border appears around the text-entering area of some CMS dialogs. The color of the border changes to green when text is entered. This is only a cosmetic error. The colored border does not prevent you from entering text.

There is no workaround.


Note This error only occurs with Java plug-in 1.4.0.


CSCdw87550

You cannot switch modes (for example, from Guide Mode to Expert Mode) for an open CMS window.

The workaround is to close the open window, select the mode that you want, and then reopen the CMS window.


Note For the mode change to take effect on any other CMS window that is open, you need to close that window and then reopen it after you select the new mode.


CSCdx73168

Log scaling does not appear in a link graph until the first data values appear in the graph. This happens when you are using any of the supported operating systems, browsers, or java plug-ins.

There is no workaround.

CSCdx88994

In read-only mode, time ranges are not displayed. See the "CMS Notes" section for more information about CMS modes.

There is no workaround.

CSCdy36743

You cannot add a switch that does not have Terminal Access Control Access System Plus (TACACS+) configured on it to a cluster if all the other cluster members are configured with TACACS+.

The workaround is to configure TACACS+ on the switch before adding it to the cluster.

CSCdy47214

You cannot add a class to a new policy when you launch Device > QoS > Policies in Guide Mode.

The workaround is to launch Device > QoS > Policies in Expert Mode, and then add the class to the policy.

CSCdz04048

When a Catalyst 2950 switch is using a Cisco Redundant Power System (RPS) 300, the icon for that switch might appear yellow instead of green.

There is no workaround.

CSCdz05782

When you click the Create button to create a quality of service (QoS) policy, enter a policy name that already exists, and then click Add Class, the Add Class to QoS Policy window appears. CMS should not open this window for an existing QoS policy.

There is no workaround.

CSCdz07672

When one of two switches in a link is down, the link might appear green. This could happen when you are using any of the supported operating systems, browsers, or java plug-ins.

There is no workaround.

CSCdz11352

When you select multiple interfaces from the quality of service (QoS) window, you cannot override the class of service (CoS) settings for these interfaces.

The workaround is to select each interface and override their CoS settings one at a time.

CSCdz17299

If you delete an access control list (ACL) that is associated with a QoS and then launch the Modify QoS Trust Settings window, the wrong ACL is shown to be associated with the QoS.

There is no workaround.

CSCdz21201

If you create a time-range entry that is active only on specific days, it might not work if you modify it later.

The workaround is to delete that time-range entry and create it again.

CSCdz21478

When you select and delete multiple time ranges from the access control list (ACL) window, not all of the time ranges are deleted.

This is an intermittent problem. The workaround is to reselect the time ranges and try to delete them again.

CSCdz23548

When you use Visual Switch Manager (VSM) to configure Catalyst 2900 XL and Catalyst 3500 XL switches, the configuration is not saved if you save it in VSM.

The workaround is to save the configuration by using the CLI.

CSCdz26503

You cannot use CMS to disable port security on cluster members.

The workaround is to use the no port security interface configuration command to disable port security on each cluster member.

CSCdz26631

When you run a link graph report on a connected port selected from the Front Panel view, the graph displays data for the first connected port, regardless of the port you select.

The workaround is to select a port from the Link Graph window instead of the Front Panel view.

CSCdz38000

CMS does not work when a switch is running the crypto software image and the vty lines are configured to use only secure shell (SSH) by using the transport input ssh line vty 0 15 interface configuration command.

The workaround is to allow SSH and Telnet access through the vty lines by using the transport input ssh telnet interface configuration command.

Resolved Caveats

These are the caveats that were resolved in this release:

"IOS Caveat Resolved in Release 12.1(12c)EA1a" section

"IOS Caveats Resolved in Release 12.1(12c)EA1" section

"Cluster Caveat Resolved in Release 12.1(12c)EA1" section

"CMS Caveat Resolved in Release 12.1(12c)EA1" section

IOS Caveat Resolved in Release 12.1(12c)EA1a

This IOS caveat was resolved in Release 12.1(12c)EA1a:

CSCdz60229

A security fix prevents incorrectly-formed Secure Shell (SSH) packets from halting a switch.

For more information, refer to this URL:

http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml

IOS Caveats Resolved in Release 12.1(12c)EA1

These IOS caveats were resolved in Release 12.1(12c)EA1:

CSCds68177

The UniDirectional Link Detection (UDLD) protocol now detects a unidirectional link when there is a loop between the TX and RX strands on the same port (TX/RX loop condition).

CSCdw06074

Layer 3 CPU packets from a SPAN-source port configured to monitor sent traffic are now mirrored to the SPAN-destination port on a Catalyst 2950 switch.

CSCdx65965

The Catalyst 2950 Desktop Switch Software Configuration Guide now describes when a switch can automatically obtain an IP address from a Dynamic Host Configuration Protocol (DHCP) server and when you must manually assign an IP address to the switch.

CSCdx93122

You can remove default VLANs from the allowed list on a trunk port.

Cluster Caveat Resolved in Release 12.1(12c)EA1

This cluster caveat was resolved in Release 12.1(12c)EA1:

CSCdw10837

When a Catalyst 2950 cluster command switch is running Release 12.1(6)EA2 or later and you enter the no cluster commander-address global configuration command on a member switch in this cluster, that member switch can now be removed from the cluster even if there are member switches beyond that switch.

CMS Caveat Resolved in Release 12.1(12c)EA1

This CMS caveat was resolved in Release 12.1(12c)EA1:

CSCdw01109

When a Catalyst 3550 switch is a member switch and a Catalyst 2950 switch is the command switch in a cluster, the Catalyst 3550 switch now shows egress policy information in the Attach tab of the QoS Policies window.

Documentation Updates

You can access all Catalyst 2950 documentation at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/index.htm

This section provides these updates to the product documentation:

"References to the Cisco Documentation CD-ROM" section

"Addition to the Command Reference" section

"Corrections to the Software Configuration Guide" section

"Corrections to the Hardware Installation Guide" section

These changes will be included in the next version of the documentation.

References to the Cisco Documentation CD-ROM

The documentation for the Catalyst 2950 switches incorrectly refers to the Cisco Documentation CD-ROM. The Catalyst 2950 switches no longer ship with this CD-ROM.

Addition to the Command Reference

The show controllers ethernet-controller privileged EXEC command was omitted in the Catalyst 2950 Desktop Switch Command Reference for this release.

show controllers ethernet-controller

Use the show controllers ethernet-controller privileged EXEC command without keywords to display per-interface send and receive statistics read from the hardware. Use with keywords to display the interface internal registers.

show controllers ethernet-controller

no show controllers ethernet-controller

Syntax Description

interface-id

The physical interface.

asic

(Optional) Display the state of the internal registers on the forwarding application-specific integrated circuit (ASIC) for the interface.

phy

(Optional) Display the status of the internal registers on the switch physical layer device (PHY) for the interface.

| begin

(Optional) Display begins with the line that matches the expression.

| exclude

(Optional) Display excludes lines that match the expression.

| include

(Optional) Display includes lines that match the specified expression.

expression

Expression in the output to use as a reference point.


Command Modes

Privileged EXEC

Command History

Release
Modification

12.1(12c)EA1

This command was introduced.


Usage Guidelines

This display without keywords provides traffic statistics, basically the RMON statistics for the interface.

When you enter the asic or phy keyword, the displayed information is useful primarily for Cisco technical support representatives troubleshooting the switch.

Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.

Examples

This is an example of output from the show controllers ethernet-controller command:

Switch# show controllers ethernet-controller gigabitethernet0/2

  Transmit GigabitEthernet0/2        Receive
3617834078 Bytes                 39726165 Bytes
    419261 Unicast frames          161535 Unicast frames
  82798461 Multicast frames        146421 Multicast frames
     12718 Broadcast frames             1 Broadcast frames
         0 Discarded frames             0 No dest, unicast
         0 Too old frames              43 No dest, multicast
         0 Deferred frames              0 No dest, broadcast
         0  1 collision frames
         0  2 collision frames          0 Alignment errors
         0  3 collision frames          0 FCS errors
         0  4 collision frames          0 Oversize frames
         0  5 collision frames          0 Undersize frames
         0  6 collision frames          0 Collision fragments
         0  7 collision frames
         0  8 collision frames     220108 Minimum size frames
         0  9 collision frames      60959 65 to 127 byte frames
         0 10 collision frames          0 128 to 255 byte frames
         0 11 collision frames      26931 256 to 511 byte frames
         0 12 collision frames          0 512 to 1023 byte frames
         0 13 collision frames          0 1024 to 1518 byte frames
         0 14 collision frames
         0 15 collision frames          0 Flooded frames
         0 Excessive collisions         0 Overrun frames
         0 Late collisions             16 VLAN filtered frames
         0 Good (1 coll) frames         0 Source routed frames
         0 Good(>1 coll) frames         0 Valid oversize frames
         0 Pause frames                 0 Pause frames
         0 VLAN discard frames          0 Symbol error frames
         0 Excess defer frames          0 Invalid frames, too large
         0 Too large frames             0 Valid frames, too large
  80469577 64 byte frames               0 Invalid frames, too small
   2605574 127 byte frames              3 Valid frames, too small
     58711 255 byte frames
     26956 511 byte frames
     70222 1023 byte frames

0 1518 byte frames

Related Commands

Command
Description

show interfaces

Displays the administrative and operational status of all interfaces or a specified interface.


Corrections to the Software Configuration Guide

These are corrections for the Catalyst 2950 Desktop Switch Software Configuration Guide:

In the "Using 802.1X with VLAN Assignment" section on page 9-6 of the Catalyst 2950 Desktop Switch Software Configuration Guide, the information about assigning vendor-specific attributes in the RADIUS server is incorrect. This is the correct information:

Assign vendor-specific tunnel attributes in the RADIUS server. The RADIUS server must return these attributes to the switch:

[64] Tunnel-Type = VLAN

[65] Tunnel-Medium-Type = 802

[81] Tunnel-Private-Group-ID = VLAN NUMBER

Attribute [64] must contain the value VLAN (type 13). Attribute [65] must contain the value 802 (type 6). Attribute [81] specifies the VLAN number assigned to the 802.1X-authenticated user.


Note You can assign only one VLAN number to the 802.1X-authenticated user.


The Catalyst 2950 switch does not support the Tunnel-Private-Group-ID field when it is configured as a VLAN name. (CSCdz31076)

In the "Displaying QoS Information" section on page 26-35, this information is incorrect in Table 26-8: You can define up to 13 DSCP values for which byte or packet statistics are gathered by hardware by using the show mls qos interface statistics privileged EXEC command.

The Catalyst 2950 switch does not support the show mls qos interface statistics privileged EXEC command.

Corrections to the Hardware Installation Guide

These are corrections for the Catalyst 2950 Desktop Switch Hardware Installation Guide:

The Catalyst 2950 Desktop Switch Hardware Installation Guide shows an incorrect RPS cover. Figure 1 shows the correct RPS cover.

Figure 1 RPS Cover

The Catalyst 2950 Desktop Switch Hardware Installation Guide states incorrect maximum cable lengths for 100BASE-FX and 1000BASE-SX ports in full-duplex mode. These are the correct maximum cable lengths:

In full-duplex mode, the cable length from the 100BASE-FX port on a switch to an attached device cannot exceed 6562 feet (2 kilometers).

In full-duplex mode, the cable length from the 1000BASE-SX port on a switch to an attached device cannot exceed 1804 feet (550 meters).

Related Documentation

These documents provide complete information about the switch and are available from this Cisco.com site:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/index.htm

The software documents are not shipped with the product, but you can access them under the appropriate IOS software release on Cisco.com. You can order printed copies of documents with a DOC-xxxxxx= number from the Cisco.com sites and from the telephone numbers listed in the "Obtaining Documentation" section.

These publications provide more information about the switches:

Catalyst 2950 Desktop Switch Software Configuration Guide (order number DOC-7811380=)

Catalyst 2950 Desktop Switch Command Reference (order number DOC-7811381=)

Catalyst 2950 Desktop Switch System Message Guide (order number DOC-7814233=)

Catalyst 2950 Desktop Switch Hardware Installation Guide (order number DOC-7811157=)

Catalyst GigaStack Gigabit Interface Converter Hardware Installation Guide (DOC-786460=)

Cluster Management Suite (CMS) online help

CWDM Passive Optical System Installation Note (not orderable but is available on Cisco.com)

1000BASE-T Gigabit Interface Converter Installation Notes (not orderable but is available on Cisco.com)

Obtaining Documentation

These sections explain how to obtain documentation from Cisco Systems.

World Wide Web

You can access the most current Cisco documentation on the World Wide Web at this URL:

http://www.cisco.com

Translated documentation is available at this URL:

http://www.cisco.com/public/countries_languages.shtml

Documentation CD-ROM

Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which is shipped with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual subscription.

Ordering Documentation

You can order Cisco documentation in these ways:

Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Networking Products MarketPlace:

http://www.cisco.com/cgi-bin/order/order_root.pl

Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store:

http://www.cisco.com/go/subscription

Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, U.S.A.) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).

Documentation Feedback

You can submit comments electronically on Cisco.com. In the Cisco Documentation home page, click the Fax or Email option in the "Leave Feedback" section at the bottom of the page.

You can e-mail your comments to bug-doc@cisco.com.

You can submit your comments by mail by using the response card behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain online documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site.

Cisco.com

Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.

Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you with these tasks:

Streamline business processes and improve productivity

Resolve technical issues with online support

Download and test software packages

Order Cisco learning materials and merchandise

Register for online skill assessment, training, and certification programs

If you want to obtain customized information and service, you can self-register on Cisco.com. To access Cisco.com, go to this URL:

http://www.cisco.com

Technical Assistance Center

The Cisco Technical Assistance Center (TAC) is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two levels of support are available: the Cisco TAC Web Site and the Cisco TAC Escalation Center.

Cisco TAC inquiries are categorized according to the urgency of the issue:

Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration.

Priority level 3 (P3)—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.

Priority level 2 (P2)—Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available.

Priority level 1 (P1)—Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available.

The Cisco TAC resource that you choose is based on the priority of the problem and the conditions of service contracts, when applicable.

Cisco TAC Web Site

You can use the Cisco TAC Web Site to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to this URL:

http://www.cisco.com/tac

All customers, partners, and resellers who have a valid Cisco service contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to this URL to register:

http://www.cisco.com/register/

If you are a Cisco.com registered user, and you cannot resolve your technical issues by using the Cisco TAC Web Site, you can open a case online by using the TAC Case Open tool at this URL:

http://www.cisco.com/tac/caseopen

If you have Internet access, we recommend that you open P3 and P4 cases through the Cisco TAC Web Site.

Cisco TAC Escalation Center

The Cisco TAC Escalation Center addresses priority level 1 or priority level 2 issues. These classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer automatically opens a case.

To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to this URL:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled: for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). When you call the center, please have available your service agreement number and your product serial number.