The Catalyst 2960-X and Catalyst 2960-XR switches are Ethernet switches to which you can connect devices such as Cisco IP Phones, Cisco Wireless Access Points, workstations, and other network devices such as servers, routers, and other switches. Some models of the switches support stacking through the Cisco FlexStack-Plus technology. Unless otherwise noted, the term switch refers to both a standalone switch and to a switch stack.
What’s New in Cisco IOS Release 15.2(2)E
Table 1 Catalyst 2960-X Switch Models
Cisco IOS Image
Cisco Catalyst 2960X-48FPD-L Switch
Cisco Catalyst 2960-X Stackable 48 10/100/1000 Power over Ethernet Plus (PoE+) ports (PoE budget of 740 W) and two small form-factor pluggable (SFP)+1 module slots.
Cisco Catalyst 2960X-48LPD-L Switch
Cisco Catalyst 2960-X Stackable 48 10/100/1000 PoE+ ports (PoE budget of 370 W) and two SFP+ module slots.
Cisco Catalyst 2960X-24PD-L Switch
Cisco Catalyst 2960-X Stackable 24 10/100/1000 PoE+ ports (PoE budget of 370 W) and two SFP+ module slots.
Cisco Catalyst 2960X-48TD-L Switch
Cisco Catalyst 2960-X Stackable 48 10/100/1000 Ethernet ports and two SFP+ module slots.
Cisco Catalyst 2960X-24TD-L Switch
Cisco Catalyst 2960-X Stackable 24 10/100/1000 Ethernet ports and two SFP+ module slots.
Cisco Catalyst 2960X-48FPS-L Switch
Cisco Catalyst 2960-X Stackable 48 10/100/1000 PoE+ (PoE budget of 740 W) and four SFP2 module slots.
Cisco Catalyst 2960X-48LPS-L Switch
Cisco Catalyst 2960-X Stackable 48 10/100/1000 PoE+ ports (PoE budget of 370 W) and four SFP module slots.
Cisco Catalyst 2960X-24PS-L Switch
Cisco Catalyst 2960-X Stackable 24 10/100/1000 PoE+ ports (PoE budget of 370 W) and four SFP module slots.
Cisco Catalyst 2960X-24PSQ-L Cool Switch
Cisco Catalyst 2960-X Non-Stackable, fanless, 24 10/100/1000 Ethernet ports, including 8 PoE ports (PoE budget of 110 W), two copper module slots, and two SFP module slots.
Cisco Catalyst 2960X-48TS-L Switch
Cisco Catalyst 2960-X Stackable 48 10/100/1000 Ethernet ports and four SFP module slots.
Cisco Catalyst 2960X-24TS-L Switch
Cisco Catalyst 2960-X Stackable 24 10/100/1000 Ethernet ports and four SFP module slots.
Cisco Catalyst 2960X-48TS-LL Switch
Cisco Catalyst 2960-X 48 10/100/1000 Ethernet ports and two SFP module slots.
Cisco Catalyst 2960X-24TS-LL Switch
Cisco Catalyst 2960-X 24 10/100/1000 Ethernet ports and two SFP module slots.
Cisco Catalyst 2960-XR Stackable 48 10/100/1000 Power over Ethernet Plus (PoE+) ports (PoE budget of 740 W), two small form-factor pluggable (SFP)+4 module slots, 1025-W power supply.
Cisco Catalyst 2960XR-48LPD-I Switch
Cisco Catalyst 2960-XR Stackable 48 10/100/1000 PoE+ ports (PoE budget of 370 W), two SFP+ module slots, 640-W power supply.
Cisco Catalyst 2960XR-24PD-I Switch
Cisco Catalyst 2960-XR Stackable 24 10/100/1000 PoE+ ports (PoE budget of 370 W), two SFP+ module slots, 640-W power supply.
Cisco Catalyst 2960XR-48TD-I Switch
Cisco Catalyst 2960-XR Stackable 48 10/100/1000 Ethernet ports, two SFP+ module slots, and 250-W power supply.
Cisco Catalyst 2960XR-24TD-I
Cisco Catalyst 2960-XR Stackable 24 10/100/1000 Ethernet ports, two SFP+ module slots, and 250-W power supply.
Cisco Catalyst 2960XR-48FPS-I Switch
Cisco Catalyst 2960-XR Stackable 48 10/100/1000 PoE+ (PoE budget of 740 W), four SFP5 module slots, and 1025-W power supply.
Catalyst WS-C2960XR-48LPS-I Switch
Cisco Catalyst 2960-XR Stackable 48 10/100/1000 PoE+ ports (PoE budget of 370 W), four SFP module slots, and 640-W power supply.
Cisco Catalyst 2960XR-24PS-I Switch
Cisco Catalyst 2960-XR Stackable 24 10/100/1000 PoE+ ports (PoE budget of 370 W), four SFP module slots and 640-W power supply.
Cisco Catalyst 2960XR-48TS-I Switch
Cisco Catalyst 2960-XR Stackable 48 10/100/1000 Ethernet ports, four SFP module slots, and 250-W power supply
Cisco Catalyst 2960XR-24TS-I Switch
Cisco Catalyst 2960-XR Stackable 24 10/100/1000 Ethernet ports, four SFP module slots, and 250-W power supply.
3.The 250-W power supply is not supported in any PoE switch. The 640-W power supply is not supported in a full PoE switch. If you insert an unsupported power supply, the following error message is displayed:%PLATFORM_ENV-1-FRU_PS_ACCESS: UNKNOWN or UNSUPPORTED Power Supply
4.SFP+ = 10-Gigabit uplink.
5.SFP = 1-Gigabit uplink.
The Catalyst 2960-X switches support a wide range of optics. Because the list of supported optics is updated on a regular basis, consult the tables at this URL for the latest SFP+ and SFP module compatibility information:
Windows 2000, XP, Vista, Windows 7, and Windows Server 2003.
You cannot create and manage switch clusters through Device Manager. To create and manage switch clusters, use the command-line interface (CLI) or the Network Assistant application.
When you create a switch cluster or add a switch to a cluster, follow these guidelines:
We recommend that you configure the highest-end switch in your cluster as the command switch.
If you are managing the cluster through Network Assistant, the switch with the latest software should be the command switch.
The standby command switch must be the same type as the command switch. For example, if the command switch is a Catalyst 2960-X switch, all standby command switches must be Catalyst 2960-X switches.
For additional information about clustering, see Getting Started with Cisco Network Assistant, Release Notes for Cisco Network Assistant, the Cisco-enhanced EtherSwitch service module documentation, the software configuration guide, and the command reference.
For Cisco IOS Release 15.2(2)E, CNA support is available on release version 5.8.9 and later.
For more information about Cisco Network Assistant, see the Release Notes for Cisco Network Assistant on Cisco.com.
Upgrading the Switch Software
Finding the Software Version and Feature Set
The Cisco IOS image is stored as a bin file in a directory that is named with the Cisco IOS release number. The files necessary for web management are contained in a subdirectory. The image is stored on the system board flash device (flash:).
You can use the show version privileged EXEC command to see the software version that is running on your switch.
Note Although the show version output always shows the software image running on the switch, the model name shown at the end of this display is the factory configuration and does not change if you upgrade the software license.
You can also use the dir filesystem : privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.
If you have a service support contract and order a software license or if you order a switch, you receive the universal software image and a specific software license.
Table 4 Software Image for Cisco Catalyst 2960-X
LAN Base and LAN Lite images.
LAN Base and LAN Lite cryptographic images with Device Manager.
Table 5 Software Images for Cisco Catalyst 2960-XR
Note Catalyst 2960-X supports LAN Lite and LAN Base images, and Catalyst 2960XR supports only IP Lite image.
Features Introduced in Cisco IOS Release 15.2(2)E5
No new features were introduced.
Features Introduced in Cisco IOS Release 15.2(2)E4
No new features were introduced.
Featured Introduces in Cisco IOS Release 15.2(2)E3
Policy-Based Routing(PBR) using Object Tracking
(Catalyst 2960-XR | IP Lite) Provides the capability to configure Policy-Based Routing(PBR) to use object tracking to verify the reachability of the next-hop IP address to which to forward packets, using an Internet Control Message Protocol(ICMP) ping as the verification method.
Provides quick and easy access to all relevant documentation for specific platforms. Look for Quick Links to Platform Documentation on the respective platform documentation pages.
Integrated Documentation Guides
Provides platform and software documentation for two technologies:
IP Multicast Routing Configuration Guide
Cisco Flexible Netflow Configuration Guide
(Catalyst 2960-X | LAN Lite and LAN Base, 2960-XR | IP Lite) Eliminates the overhead of manual post install configuration on all the switches, in the smart install network.
(Catalyst 2960-X | LAN Lite and LAN Base, 2960-XR | IP Lite) Provides a single line CLI, to enable base line security features (Port Security, DHCP snooping, DAI)
EIGRPv6 stub routing & PIMv6 stub routing
(Catalyst 2960-XR | IP Lite) Support for EIGRP IPv6 stub routing and PIM IPv6 stub routing.
(Catalyst 2960-XR | IP Lite) Support for Web Cache Communication Protocol (WCCP).
IPv6 Static Route support for Object Tracking
(Catalyst 2960-XR | IP Lite) Allows an IPv6 Static Route to be associated with a tracked-object.
Open Plug-N-Play Agent
(Catalyst 2960-X | LAN Lite and LAN Base, and 2960-XR | IP Lite) Switch based agent support for zero touch automated device installation solution called NG-PNP.
HSRP: Global IPv6 Address
(Catalyst 2960-XR | IP Lite) Allows users to configure multiple non-link local addresses as virtual addresses. The Hot Standby Router Protocol (HSRP) ensures host-to-router resilience and failover, in case the path between a host and the first-hop router fails, or the first-hop router itself fails.
Banner Page and Inactivity timeout for HTTP/S connections
(Catalyst 2960-X | LAN Lite and LAN Base, 2960-XR | IP Lite) Allows you to create a banner page and set an inactivity timeout for HTTP or HTTP Secure (HTTPS) connections. The banner page allows you to logon to the server when the session is invalid or expired.
(Catalyst 2960-X | LAN Lite and LAN Base, 2960-XR | IP Lite) Allows you to select the type, length, value (TLV) fields that are sent on a particular interface to filter information sent through Cisco Discovery Protocol packets.
(Catalyst 2960-X | LAN Base, 2960-XR | IP Lite) Helps to resolve the destination domain name to an IP address, which is provided to the client as a part of the domain name system (DNS) response.
Web Authentication Redirection to Original URL
(Catalyst 2960-X | LAN Base, 2960-XR | IP Lite) Enables networks to redirect guest users to the URL they had originally requested. This feature is enabled by default and requires no configuration.
(Catalyst 2960-X | LAN Lite and LAN Base, 2960-XR | IP Lite) Determines the level of network access provided to an endpoint based on the type of the endpoint device. This feature also permits hardbinding between the end device and the interface. Autoconfig falls under the umbrella of Smart Operations solution.
(Catalyst 2960-X | LAN Lite and LAN Base, 2960-XR | IP Lite) Provides a mechanism to configure multiple commands at the same time and associate it with a target such as an interface. An interface template is a container of configurations or policies that can be applied to specific ports.
FIPS/CC Compliance for NMSP
(Catalyst 2960-X | LAN Lite and LAN Base, 2960-XR | IP Lite) Enables strong ciphers for new NMSP connections. The existing NMSP connections will use the default cipher.
8 Egress Queue Support
(Catalyst 2960-X | LAN Base) By default 4 egress queues are supported. This feature provides the flexibility to configure 8 egress queues on standalone only.
Support for Cisco SFP+ Active Optical Cables
(Catalyst 2960-X | LAN Base, 2960-XR | IP Lite) Support for Cisco SFP+ Active Optical Cables - Cisco SFP-10G-AOC1M Cisco SFP-10G-AOC2M Cisco SFP-10G-AOC3M, Cisco SFP-10G-AOC5M, Cisco SFP-10G-AOC7M, Cisco SFP-10G-AOC10.
(Catalyst 2960-X | LAN Base, 2960-XR | IP Lite) Support for Multi-auth per user VLAN assignment.
Auto QoS with 8 Egress Queues
(Catalyst 2960-X | LAN Lite and LAN Base, 2960-XR | IP Lite) Auto QoS is supported with 8 egress queues configuration in standalone only.
ISE Device Sensor
(Catalyst 2960-X | LAN Base, 2960-XR | IP Lite) Support for ISE Device Sensor.
Note Device Classifier has been disabled by default starting from Release 15.2(2)E. Any features dependent on device classifier should enable it if required.
Features of the Switch
The Catalyst 2960-X switch supports two different feature sets:
LAN Lite feature set—Provides standard Layer 2 security, quality of service (QoS), and up to 64 active VLANs. LAN Lite models have reduced functionality and scalability with entry level features in layer 2 and provide no routing capability. They do not support stacking.
LAN Base feature set—In addition to the LAN Lite feature set, the LAN Base feature set provides more advanced Layer 2 features, extended scalability, routing capability, and support for stacking with FlexStack-Plus. It supports upto 1024 active VLANs.
Specific differences between the two feature sets are described in the following sections.
Cisco Catalyst Smart Operations is a comprehensive set of features that simplify LAN deployment, configuration, and troubleshooting. Catalyst Smart Operations enable zero touch installation and replacement of switches and fast upgrade, as well as ease of troubleshooting with reduced operational cost. Catalyst Smart Operations is a set of features that includes Smart Install, Auto Smartports, Smart Configuration, and Smart Troubleshooting to enhance operational excellence:
– Cisco Smart Install is a transparent plug-and-play technology that can configure the Cisco IOS software image and switch configuration without user intervention. Smart Install uses dynamic IP address allocation and the assistance of other switches to facilitate installation.
– Cisco Auto Smartports provide automatic configuration as devices connect to the switch port, allowing auto detection and plug and play of the device onto the network.
– Cisco Smart Configuration provides a single point of management for a group of switches and in addition adds the ability to archive and back up configuration files to a file server or switch allowing seamless zero touch switch replacement.
– Cisco Smart Troubleshooting is an extensive array of debug diagnostic commands and system health checks within the switch, including Generic Online Diagnostics (GOLD) and Onboard Failure Logging (OBFL).
NetFlow Lite enables monitoring, capturing, and recording of network traffic for further analysis. NetFlow Lite support is available on the LAN Base image. On the IP Lite image, NetFlow Lite support is available on physical ports configured as either a switch port or a routed port.
Cisco Prime Infrastructure is a set of tools that enables you to automate much of the management of your Cisco network. It is supported with device pack1 (2.1) 4.
The Cisco Catalyst 2960-X Series Switches provide a range of security features to limit access to the network and mitigate threats.
Port security secures the access to an access or trunk port based on MAC address. It limits the number of learned MAC addresses to deny MAC address flooding.
DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers.
IP source guard to restrict traffic on nonrouted interfaces by filtering traffic based on the DHCP snooping database and IP source bindings.
Dynamic ARP inspection (DAI) to prevent malicious attacks on the switch by not relaying invalid ARP requests and responses to other ports in the same VLAN.
Flexible authentication that supports multiple authentication mechanisms including 802.1X, MAC Authentication Bypass and web authentication using a single, consistent configuration.
Open mode that creates a user friendly environment for 802.1X operations.
Comprehensive RADIUS Change of Authorization capability for asynchronous policy management.
Unicast Reverse Path Forwarding (RPF) feature helps mitigate problems caused by the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a verifiable IP source address.
Cisco security VLAN ACLs on all VLANs prevent unauthorized data flows from being bridged within VLANs.
Cisco standard and extended IP security router ACLs define security policies on routed interfaces for control-plane and data-plane traffic. IPv6 ACLs can be applied to filter IPv6 traffic.
Port-based ACLs for Layer 2 interfaces allow security policies to be applied on individual switch ports.
Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management Protocol Version 3.
(SNMPv3) provide network security by encrypting administrator traffic during Telnet and SNMP sessions. SSH Protocol, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software image because of U.S. export restrictions.
Bidirectional data support on the Switched Port Analyzer (SPAN) port allows Cisco Intrusion Detection.
System (IDS) to take action when an intruder is detected.
TACACS+ and RADIUS authentication facilitates centralized control of the switch and restricts unauthorized users from altering the configuration.
MAC address notification allows administrators to be notified of users added to or removed from the network.
Multilevel security on console access prevents unauthorized users from altering the switch configuration.
Bridge protocol data unit (BPDU) Guard shuts down Spanning Tree PortFast-enabled interfaces when BPDUs are received to avoid accidental topology loops.
Spanning Tree Root Guard (STRG) prevents edge devices not in the network administrator's control from becoming Spanning Tree Protocol root nodes.
IGMP filtering provides multicast authentication by filtering out non-subscribers and limits the number of concurrent multicast streams available per port.
TrustSec uses the Security Group Tag Exchange Protocol (SXP) tags to enable network segmentation through identity based security groups.
802.1x monitor mode allows companies to enable authentication across the wired infrastructure in an audit mode without affecting wired users or devices. It helps IT administrators smoothly manage 802.1x transitions by allowing access and logging system messages when a device requires reconfiguration or is missing an 802.1x supplicant.
Deployment and Control Features
FlexStack-Plus technology creates a resilient single unified system (a stack) of up to eight switches in a homogeneous stack and up to four switches in a mixed stack. With a stack bandwidth of up to 80 Gbps, the stack functions as a single switching unit that is managed by the stack master. If the stack master fails, a new stack master is elected, keeping the stack operational. The new stack master is elected based on factors such as stack member priority value or lowest MAC address.
Dynamic Host Configuration Protocol (DHCP) Auto-configuration of multiple switches through a boot server eases switch deployment.
Automatic QoS (AutoQoS) simplifies QoS configuration in voice over IP (VoIP) networks by issuing interface and global switch commands to detect Cisco IP phones, classify traffic, and help enable egress queue configuration.
Auto-negotiation on all ports automatically selects half- or full-duplex transmission mode to optimize bandwidth.
Dynamic Trunking Protocol (DTP) facilitates dynamic trunk configuration across all switch ports.
Port Aggregation Protocol (PAgP) automates the creation of Cisco Fast EtherChannel groups and Gigabit groups.
EtherChannel groups to link to another switch, router, or server. The LAN Base image supports up to 24 EtherChannels. In a mixed stack, up to six EtherChannels are supported. The IP Lite image supports up to 48 EtherChannels.
Link Aggregation Control Protocol (LACP) allows the creation of Ethernet channeling with devices that conform to IEEE 802.3ad.
Unidirectional Link Detection Protocol (UDLD) and Aggressive UDLD allow unidirectional links caused by incorrect fiber-optic wiring or port faults to be detected and disabled on fiber-optic interfaces.
Switching Database Manager (SDM) templates allow the administrator to automatically optimize the TCAM memory allocation to the desired features based on deployment-specific requirements.
Local Proxy Address Resolution Protocol (ARP) works in conjunction with Private VLAN Edge to minimize broadcasts and maximize available bandwidth.
Internet Group Management Protocol (IGMP) v1, v2, v3 Snooping for IPv4. MLD v1 and v2 Snooping provide fast client joins and leaves of multicast streams and limit bandwidth-intensive video traffic to only the requestors.
Voice VLAN simplifies telephony installations by keeping voice traffic on a separate VLAN for easier administration and troubleshooting.
Remote Switch Port Analyzer (RSPAN) allows administrators to remotely monitor ports in a Layer 2 switch network from any other switch in the same network.
The Embedded Remote Monitoring (RMON) software agent supports four RMON groups (history, statistics, alarms, and events) for enhanced traffic management, monitoring, and analysis.
Layer 2 traceroute eases troubleshooting by identifying the physical path that a packet takes from source to destination.
Trivial File Transfer Protocol (TFTP) reduces the cost of administering software upgrades by downloading from a centralized location.
Network Timing Protocol (NTP) provides an accurate and consistent timestamp to all intranet switches.
Cross-Stack EtherChannel provides the ability to configure Cisco EtherChannel technology across different members of the stack for high resiliency.
FlexLink provides link redundancy with convergence time less than 100 ms.
IEEE 802.1s/w Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) provide rapid spanning-tree convergence independent of spanning-tree timers and also offers the benefit of Layer 2 load balancing and distributed processing. Stacked units behave as a single spanning-tree node.
Per-VLAN Rapid Spanning Tree (PVRST+) allows rapid spanning-tree reconvergence on a per-VLAN spanning-tree basis, without requiring the implementation of spanning-tree instances.
Switch-port auto-recovery (error-disable) automatically attempts to reactivate a link that is disabled because of a network error.
FlexStack-Plus provides switch redundancy.
Quality of Service
MLS QoS provides the ability to configure granular policies and classes on every interface. These policies include policers, markers, and classifiers.
Cross-stack QoS to enable QoS configuration across the entire stack.
802.1p class of service (CoS) and differentiated services code point (DSCP) field classification are provided, using marking and reclassification on a per-packet basis by source and destination IP address, MAC address, or Layer 4 TCP/UDP port number.
Up to eight egress queues per port and strict priority queuing.
– Catalyst 2960-X can support the option to configure 8 egress queues on standalone only. By default it supports 4 egress queues with finer flow segregation using three threshold markers for non-strict-priority queues.
– Catalyst 2960-XR supports 8 queues with finer flow segregation using three threshold markers for non-strict-priority queues.
Shaped Round Robin (SRR) scheduling to ensure differential prioritization of packet flows.
Strict priority queuing to ensure that the highest-priority packets are serviced ahead of all other traffic.
Flow-based rate limiting and up to 256 aggregate or individual policers per port.
High Performance Routing (IP Lite Image)
IP unicast routing protocols (Static, Routing Information Protocol Version 1 (RIPv1) and RIPv2) are supported for small-network routing applications.
Advanced IP unicast routing protocols (OSPF for routed access) are supported for load balancing and constructing scalable LANs. IPv6 routing (OSPFv3 for routed access) is supported in hardware for maximum performance.
Equal-cost routing facilitates Layer 3 load balancing and redundancy across the stack.
Policy-based routing (PBR) allows superior traffic control by providing flow redirection regardless of the routing protocol configured.
Hot Standby Routing Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP) provide dynamic load balancing and failover for routed links.
Protocol Independent Multicast (PIM) for IP multicast is supported, including PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), PIM sparse-dense mode and Source Specific Multicast (SSM).
Limitations and Restrictions
Although you can configure up to 1,024 VLANs in a mixed stack configuration where the Catalyst 2960-S is the stack master, configuring more than 255 VLANs can cause the stack master to unexpectedly reload. (CSCue82689)
In a stackable switch, if VRF configuration is changed and this is followed by a master switchover, VRF stops working.
The workaround is to reload the switch stack after the VRF configuration is changed. (CSCtn71151)
The 250-W power supply is not supported in any PoE switch. The 640-W power supply is not supported in a full PoE switch. If you insert an unsupported power supply, the following error message is displayed:
%PLATFORM_ENV-1-FRU_PS_ACCESS: UNKNOWN or UNSUPPORTED Power Supply
Note Device Classifier has been disabled by default starting from Release 15.2(2)E. Any features dependent on device classifier should enable it if required.
Service and Support
Information About Caveats
If you need information about a specific caveat that does not appear in these release notes, you can use the Cisco Bug Toolkit to find caveats of any severity. Click this URL to browse to the Bug Toolkit:
The Bug Search Tool (BST), which is the online successor to Bug Toolkit, is designed to improve the effectiveness in network risk management and device troubleshooting. The BST allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.
To view the details of a caveat listed in this document:
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.