Guest

Cisco Catalyst 3650 Series Switches

Release Notes for Catalyst 3650 Series Switch, Cisco IOS XE Release 3.6E

  • Viewing Options

  • PDF (275.5 KB)
  • Feedback

Table of Contents

Release Notes for Catalyst 3650 Series Switch, CiscoIOSXERelease3.6E

Contents

Introduction

What’s New in Cisco IOS XE Release 3.6.0E

Supported Hardware

Switch Models

Optics Modules

Access Points and Mobility Services Engine

Compatibility Matrix

Wired Web UI (Device Manager) System Requirements

Hardware Requirements

Software Requirements

Wireless Web UI Software Requirements

Finding the Software Version and Feature Set

Upgrading the Switch Software

Important Upgrade Note

Features

Interoperability with Other Client Devices

Important Notes

Limitations and Restrictions

Caveats

Cisco Bug Search Tool

Open Caveats

Resolved Caveats

Troubleshooting

Related Documentation

Obtaining Documentation and Submitting a Service Request

Release Notes for Catalyst 3650 Series Switch, Cisco IOS XE Release 3.6E

First Published: June 27, 2014

 

OL-32647-01

This release note gives an overview of the features for the Cisco IOS XE 3.6.XE software on the Catalyst 3650 series switch.

Unless otherwise noted, the terms switch and device refer to a standalone switch and to a switch stack.

Introduction

The Catalyst 3650 switches are the next generation of enterprise class stackable access layer switches that provide full convergence between wired and wireless networks on a single platform. This convergence is built on the resilience of new and improved 160-Gbps StackWise-160 and Cisco StackPower. Wired and wireless security and application visibility and control are natively built into the switch.

The Catalyst 3650 switches also support full IEEE 802.3 at Power over Ethernet Plus (PoE+), modular and field replaceable network modules, redundant fans, and power supplies. The Catalyst 3650 switches enhance productivity by enabling applications such as IP telephony, wireless, and video for a true borderless network experience.

The Cisco IOS XE software represents the continuing evolution of the preeminent Cisco IOS operating system. The Cisco IOS XE architecture and well-defined set of APIs extend the Cisco IOS software to improve portability across platforms and extensibility outside the Cisco IOS environment. The Cisco IOS XE software retains the same look and feel of the Cisco IOS software, while providing enhanced future-proofing and improved functionality.

For more information about the Cisco IOS XE software, see http://www.cisco.com/en/US/prod/collateral/iosswrel/ps9442/ps11192/ps11194/QA_C67-622903.html

What’s New in Cisco IOS XE Release 3.6.0E

 

What’s New
Description

Use this URL for the Cisco IOS XE Release 3E Documentation Roadmap: http://www.cisco.com/c/en/us/support/ios-nx-os-software/ios-xe-3e/tsd-products-support-series-home.html

Provides quick and easy access to all relevant documentation for specific platforms. Look for Quick Links to Platform Documentation on the respective platform documentation pages.

Integrated Documentation Guides

Provides platform and software documentation for these technologies:

  • IP Multicast Routing Configuration Guide
  • Cisco Flexible Netflow Configuration Guide

Cisco IOS Device Sensor for ISE profiling

(IP Base and IP Services)

Supports Cisco Identity Services Engine (ISE) profiling for connected devices by using IOS Device Sensor

VRF-aware support for IPv6 routing protocols

(IP Services)

Introduces VRF-aware support for IPv6 routing protocols (VRF-aware OSPFv3, EIGRPv6, and BGPv6).

IEEE 802.1Q Tunnel (Q-in-Q)

(IP Base)

Supports IEEE 802.1Q tunneling.

Medianet Support (MSP, Metadata (no QoS), Perfmon, Mediatrace)

(IP Base and IP Services)

Supports Cisco Media Services Proxy, Cisco Medianet Metadata (no QoS), and Cisco Performance Monitor.

SMI Post-install

Eliminates the overhead of manual post install configuration on all the switches, in the smart install network.

Auto Security

Provides a single line CLI, to enable base line security features (Port Security, DHCP snooping, DAI)

IPv6 PBR

(IP Base and IP Enterprise Services)

Extends IOS and XE software to support a subset of the IOS IPv6 PBR feature

Cisco EnergyWise

Introduces support for Cisco EnergyWise Version 2.8. For more information, see the Cisco EnergyWise software release notes and configuration guide.

IPv6 Unicast Reverse Path Forwarding

(IP Base, IP Lite, and IP Services)

Introduces support for Unicast Reverse Path Forwarding in IPv6.

WCCP in IP base

(IP Services or IP Base)

Supports for Web Cache Communication Protocol (WCCP).

Object Tracking: IPv6 Route Tracking

(IP-Base and IP Services / IP Enterprise Services)

Expands the Enhanced Object Tracking (EOT) functionality to allow the tracking of IP version 6 (IPv6) routes.

IPv6 Static Route support for Object Tracking

(LAN-Base, IP-Lite, IP-Base, IP Services /IP Enterprise Services)

Allows an IPv6 Static Route to be associated with a tracked-object.

Open Plug-N-Play Agent

(LAN-Lite, LAN-Base, IP-Lite, IP-Base, IP Services / IP Enterprise Services)

Switch-based agent support for zero touch automated device installation solution called NG-PNP.

Cisco TrustSec Critical Authentication

(LAN-Base, IP-Lite, IP-Base, IP Services / IP Enterprise Services)

Ensures that the Network Device Admission Control (NDAC)-authenticated 802.1X links between Cisco TrustSec devices are in open state even when the Authentication, Authorization, and Accounting (AAA) server is not reachable.

Enabling Bidirectional SXP Support

(LAN-Base, IP-Lite, IP-Base, IP Services / IP Enterprise Services)

Enhances the functionality of Cisco TrustSec with SXP version 4 by adding support for Security Group Tag (SGT) Exchange Protocol (SXP) bindings that can be propagated in both directions between a speaker and a listener over a single connection.

Enablement of Security Group ACL at Interface Level

(LAN-Base, IP-Lite, IP-Base, IP Services /Ent. Serv.)

Controls and manages the Cisco TrustSec access control on a network device based on an attribute-based access control list. When a security group access control list (SGACL) is enabled globally, the SGACL is enabled on all interfaces in the network by default; use the Enablement of Security Group ACL at Interface Level feature to disable the SGACL on a Layer 3 interface.

Role-Based CLI Inclusive Views

(LAN-Base, IP-Lite, IP-Base, IP Services / IP Enterprise Services)

Enables a standard CLI view including all commands by default.

Custom Web Authentication Result Display Enhancement

Displays the authentication results on the main HTML page. There is no pop-up window to display the authentication results.

Custom Web Authentication Download Bundle

Ensures that one or more custom HTML pages can be downloaded and configured from a single tar file bundle.

The images and the custom pages containing the images are also part of the same downloadable tar file bundle.

Virtual IP Support for Images in Custom Web Authentication

Supports image file names without prefixes and removes the requirement of users having to specify the wireless management interface IP to indicate the source of image in the HTML code.

Service Discovery Gateway: mDNS enhancements

Enables multicast Domain Name System (mDNS) to operate across layer 3 boundaries.

Gateway Load Balancing Protocol

(IP-Base, IP Services / IP Enterprise Services)

Protects data traffic from a failed router or circuit while allowing packet load sharing between a group of redundant routers.

VRRPv3 Protocol Support

(IP-Base, IP Services/ IP Enterprise Services.)

Enables a group of routers to form a single virtual router to provide redundancy. This feature also provides the capability to support IPv4 and IPv6 addresses.

VRRPv3: Object Tracking Integration

(IP-Base, IP Services / IP Enterprise Services)

Allows you to track the behavior of an object and receive notifications of changes. This feature explains how object tracking, in particular the tracking of IPv6 objects, is integrated into VRRP version 3 (VRRPv3) and describes how to track an IPv6 object using a VRRPv3 group.

HSRP: Global IPv6 Address

(IP-Lite, IP-Base, IP Services/ IP Enterprise Services)

Allows users to configure multiple non-link local addresses as virtual addresses. The Hot Standby Router Protocol (HSRP) ensures host-to-router resilience and failover, in case the path between a host and the first-hop router fails, or the first-hop router itself fails.

HTTP Gleaning

(IP-Base, IP Services/Ent. Serv.)

Allows the device-sensor to extract the HTTP packet Type-Length-Value (TLV) to derive useful information about the end device type.

Banner Page and Inactivity timeout for HTTP/S connections

Allows you to create a banner page and set an inactivity timeout for HTTP or HTTP Secure (HTTPS) connections. The banner page allows you to log on to the server when the session is invalid or expired.

Secure CDP

(LAN-Lite, LAN-Base, IP-Lite, IP-Base, IP Services/ IP Enterprise Services)

Allows you to select the type, length, value (TLV) fields that are sent on a particular interface to filter information sent through Cisco Discovery Protocol packets.

OSPFv3 Authentication Trailer

Provides a mechanism to authenticate Open Shortest Path First version 3 (OSPFv3) protocol packets as an alternative to existing OSPFv3 IPsec authentication.

Policy Based Routing: Recursive Next Hop

Enhances route maps to enable configuration of a recursive next-hop IP address that is used by policy-based routing (PBR).

IPv6 Policy-Based Routing

(IP-Lite, IP-Base, IP Services/ IP Enterprise Services)

Allows you to manually configure how the received packets should be routed. PBR allows you to identify packets by using several attributes and to specify the next hop or the output interface to which the packet should be sent.

PBR Support for Multiple Tracking Options

Extends the capabilities of object tracking using Cisco Discovery Protocol (CDP) to allow the policy-based routing (PBR) process to verify object availability by using additional methods.

Web Authentication Redirection to Original URL

(LAN-Base, IP-Lite, IP-Base, IP Services/Ent. Serv.)

Enables networks to redirect guest users to the URL they had originally requested. This feature is enabled by default and requires no configuration.

Auto configuration

(LAN-Lite, LAN-Base, IP-Lite, IP-Base,  IP Services/ IP Enterprise Services)

Determines the level of network access provided to an endpoint based  on the type of the endpoint device. This feature also permits hardbinding between the end device and the interface. Autoconfig falls under the umbrella of Smart Operations solution.

Interface templates

(LAN-Lite, LAN-Base, IP-Lite, IP-Base,  IP Services/ IP Enterprise Services)

Provides a mechanism to configure multiple commands at the same time and  associate it with a target such as an interface. An interface template is a container of  configurations or policies that can be applied to specific ports.

NMSP

Enables strong ciphers (SHA2) for NMSP connections.

IPv6 Multicast Routing

(IP Services)

Introduces IPv6 multicast routing.

Embedded Event Manager (EEM) 4.0

Provides unique customization capabilities and event driven automation within Cisco products.

MediaTrace 1.0

Provides the capability to diagnose Media Stream on top of various instrumentations in Cisco routers/switches and endpoints. Also addresses the MediaNet Video monitoring requirement to discover the signaling path and provides end-to-end diagnostics along the media stream routes.

CleanAir Express for 1600 APs

Supports CleanAir Express on the Cisco 1600 Series Access Points. For more information about CleanAir Express, see http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/cleanair-technology/aag_c22-594304.pdf

New AP Platform Support

Support is added to the following APs in this release:

  • AP2700I, AP2700E
  • AP1532I, AP1532E

Note The Cisco Aironet 1530 Series APs are supported operating only in Local mode; these APs in mesh mode are not supported.

  • AP702W, AP702I

FQDN ACLs

Access control lists (ACLs) when configured using fully qualified domain name (FQDN) enables ACLs to be applied based on the destination domain name. The destination domain name is then resolved to an IP address, which is provided to the client as a part of DNS response. Guest users can log in using web authentication with parameter map that consists of FQDN ACL name. You can apply access list to a specific domain. RADIUS server has to send AAA attribute fqdn-acl-name to the controller. The operating system checks for the pass through domain list, its mapping, and permits the FQDN. FQDN ACL allows clients to access only configured domains without authentication. The FQDN ACL is supported only for IPv4 wireless session.

Local Policies

Local policies can profile devices based on HTTP and DHCP to identify the end devices on the network. Users can configure device-based policies and enforce the policies per user or per device policy on the network. Local policies allow profiling of mobile devices and basic onboarding of the profiled devices to a specific VLAN. They also assign ACL and QoS or configure session timeouts

Auto MAC Learning of Valid Client via MSE

You can validate the rogue clients by utilizing the resources available in the Cisco Mobility Services Engine (MSE). Using MSE, you can dynamically list the clients joining to the controller. The list of clients joined to the controller is stored in the MSE as a centralized location, where the controller communicates with MSE and validates the client before reporting if the rogue client is a valid one or not. MSE maintains the MAC addresses of clients joined to the controller. The communication between the controller and MSE is an on-demand service as the controller requests this service from MSE.

QoS Upstream

Marking and policing actions for ingress SSID and client policies are applied at the access point. The SSID and client ingress policies that you configure in the controller are pushed to the AP. The AP performs policing and marking actions for each packet. However, the controller selects the QoS policies. Marking and policing of egress SSID and client policies are applied at the controller. QoS statistics are collated for client and SSID targets in ingress direction. Statistics are supported only for ingress policies with a maximum of five classes on wireless targets. For very large policies, statistics for ingress policies are not visible at the controller. The frequency of the statistics depends on the number of clients associated with the access point.

Implement Control part of AVC (Tie-in to QOS)

Application Visibility and Control (AVC) classifies applications using deep packet inspection techniques with the Network-Based Application Recognition (NBAR2) engine, and provides application-level visibility and control (QoS) in wireless networks. After the applications are recognized, the AVC feature enables you to either drop, mark, or police the data traffic. AVC is configured by defining a class map in a QoS client policy to match a protocol. AVC QoS actions are applied with AVC filters in both upstream and downstream directions. The QoS actions supported for upstream flow are drop, mark, and police, and for downstream flow are mark and police. AVC QoS is applicable only when the application is classified correctly and matched with the class map filter in the policy map.

Note This feature is applicable only to wireless clients.

Optical Feature Interface support

Supports new hardware for DWDM SFP+ and 10G ZR SFP+ modules. For a list of all supported SFP+ modules, see http://www.cisco.com/c/en/us/td/docs/interfaces_modules/transceiver_modules/compatibility/matrix/OL_6974.html

Flexible Netflow Enhancement

Support for IPv6 destination server export. For more information, see the Cisco Flexible NetFlow Configuration Guide.

Support for NetFlow Data Export Format Version 10 (IPFIX). For more information, see the Cisco Flexible NetFlow Configuration Guide .

802.11r Mixed Mode Support

You do not have to create a separate WLAN for 802.11r support. You can specify the non-802.11r clients to associate with an SSID that is enabled with 802.11r.

Support for Cisco SFP+ Active Optical Cables

Support for Cisco SFP+ Active Optical Cables - Cisco SFP-10G-AOC1M Cisco SFP-10G-AOC2M Cisco SFP-10G-AOC3M, Cisco SFP-10G-AOC5M, Cisco SFP-10G-AOC7M, Cisco SFP-10G-AOC10.

For a list of all supported SFP+ modules, see http://www.cisco.com/c/en/us/td/docs/interfaces_modules/transceiver_modules/compatibility/matrix/OL_6974.html

Supported Hardware

Switch Models

 

Table 1 Catalyst 3650 Switch Models

Switch Model
Cisco IOS Image
Description

Catalyst 3650-24TS-L

LAN Base

Stackable 24 10/100/1000 Ethernet downlink ports, four 1-Gigabit SFP (small form-factor pluggable) uplink ports, 250-W power supply

Catalyst 3650-48TS-L

LAN Base

Stackable 48 10/100/1000 Ethernet downlink ports, four 1-Gigabit SFP uplink ports, 250-W power supply

Catalyst 3650-24PS-L

LAN Base

Stackable 24 10/100/1000 PoE+1 downlink ports, four 1-Gigabit SFP uplink ports, 640-W power supply

Catalyst 3650-48PS-L

LAN Base

Stackable 48 10/100/1000 PoE+ downlink ports, four 1-Gigabit SFP uplink ports, 640-W power supply

Catalyst 3650-48FS-L

LAN Base

Stackable 48 10/100/1000 Full PoE downlink ports, four 1-Gigabit SFP uplink ports, 1025-W power supply

Catalyst 3650-24TD-L

LAN Base

Stackable 24 10/100/1000 Ethernet downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 250-W power supply

Catalyst 3650-48TD-L

LAN Base

Stackable 48 10/100/1000 Ethernet downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 250-W power supply

Catalyst 3650-24PD-L

LAN Base

Stackable 24 10/100/1000 PoE+ downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 640-W power supply

Catalyst 3650-48PD-L

LAN Base

Stackable 48 10/100/1000 PoE+ downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 640-W power supply

Catalyst 3650-48FD-L

LAN Base

Stackable 48 10/100/1000 Full PoE downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 1025-W power supply

Catalyst 3650-48FQ-L

LAN Base

Stackable 48 10/100/1000 Full PoE downlink ports, four 10-Gigabit SFP+ uplink ports, 1025-W power supply

Catalyst 3650-48PQ-L

LAN Base

Stackable 48 10/100/1000 PoE+ downlink ports, four 10-Gigabit SFP+ uplink ports, 640-W power supply

Catalyst 3650-48TQ-L

LAN Base

Stackable 48 10/100/1000 Ethernet downlink ports, four 10-Gigabit SFP+ uplink ports, 250-W power supply

Catalyst 3650-24TS-S

IP Base

Stackable 24 10/100/1000 Ethernet downlink ports, four 1-Gigabit SFP uplink ports, 250-W power supply

Catalyst 3650-48TS-S

IP Base

Stackable 48 10/100/1000 Ethernet downlink ports, four 1-Gigabit SFP uplink ports, 250-W power supply

Catalyst 3650-24PS-S

IP Base

Stackable 24 10/100/1000 PoE+ downlink ports, four 1-Gigabit SFP uplink ports, 640-W power supply

Catalyst 3650-48PS-S

IP Base

Stackable 48 10/100/1000 PoE+ downlink ports, four 1-Gigabit SFP uplink ports, 640-W power supply

Catalyst 3650-48FS-S

IP Base

Stackable 48 10/100/1000 Full PoE downlink ports, four 1-Gigabit SFP uplink ports, 1025-W power supply

Catalyst 3650-24TD-S

IP Base

Stackable 24 10/100/1000 Ethernet downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 250-W power supply

Catalyst 3650-48TD-S

IP Base

Stackable 48 10/100/1000 Ethernet downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 250-W power supply

Catalyst 3650-24PD-S

IP Base

Stackable 24 10/100/1000 PoE+ downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 640-W power supply

Catalyst 3650-48PD-S

IP Base

Stackable 48 10/100/1000 PoE+ downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 640-W power supply

Catalyst 3650-48FD-S

IP Base

Stackable 48 10/100/1000 Full PoE downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 1025-W power supply

Catalyst 3650-48FQ-S

IP Base

Stackable 48 10/100/1000 Full PoE downlink ports, four 10-Gigabit SFP+ uplink ports, 1025-W power supply

Catalyst 3650-48PQ-S

IP Base

Stackable 48 10/100/1000 PoE+ downlink ports, four 10-Gigabit SFP+ uplink ports, 640-W power supply

Catalyst 3650-48TQ-S

IP Base

Stackable 48 10/100/1000 Ethernet downlink ports, four 10-Gigabit SFP+ uplink ports, 250-W power supply

Catalyst 3650-24TS-E

IP Services

Stackable 24 10/100/1000 Ethernet downlink ports, four 1-Gigabit SFP uplink ports, 250-W power supply

Catalyst 3650-48TS-E

IP Services

Stackable 48 10/100/1000 Ethernet downlink ports, four 1-Gigabit SFP uplink ports, 250-W power supply

Catalyst 3650-24PS-E

IP Services

Stackable 24 10/100/1000 PoE+ downlink ports, four 1-Gigabit SFP uplink ports, 640-W power supply

Catalyst 3650-48PS-E

IP Services

Stackable 48 10/100/1000 PoE+ downlink ports, four 1-Gigabit SFP uplink ports, 640-W power supply

Catalyst 3650-48FS-E

IP Services

Stackable 48 10/100/1000 Full PoE downlink ports, four 1-Gigabit SFP uplink ports, 1025-W power supply

Catalyst 3650-24TD-E

IP Services

Stackable 24 10/100/1000 Ethernet downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 250-W power supply

Catalyst 3650-48TD-E

IP Services

Stackable 48 10/100/1000 Ethernet downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 250-W power supply

Catalyst 3650-24PD-E

IP Services

Stackable 24 10/100/1000 PoE+ downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 640-W power supply

Catalyst 3650-48PD-E

IP Services

Stackable 48 10/100/1000 PoE+ downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 640-W power supply

Catalyst 3650-48FD-E

IP Services

Stackable 48 10/100/1000 Full PoE downlink ports, two 1-Gigabit SFP and two 10-Gigabit SFP+ uplink ports, 1025-W power supply

Catalyst 3650-48FQ-E

IP Services

Stackable 48 10/100/1000 Full PoE downlink ports, four 10-Gigabit SFP+ uplink ports, 1025-W power supply

Catalyst 3650-48PQ-E

IP Services

Stackable 48 10/100/1000 PoE+ downlink ports, four 10-Gigabit SFP+ uplink ports, 640-W power supply

Catalyst 3650-48TQ-E

IP Services

Stackable 48 10/100/1000 Ethernet downlink ports, four 10-Gigabit SFP+ uplink ports, 250-W power supply

1.PoE+ = Power over Ethernet plus (provides up to 30 W per port).

Optics Modules

Catalyst switches support a wide range of optics. Because the list of supported optics is updated on a regular basis, consult the tables at this URL for the latest (SFP) compatibility information:

http://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html

Access Points and Mobility Services Engine

Table 2 lists the supported products of the Catalyst 3650 Switch.

 

Table 2 Catalyst 3650 Switch Supported Products

Product
Platform Supported

Access Point

Cisco Aironet 700, 1040, 1140, 1260, 1530, 1600, 2600, 2700, 3500, 3600, 3700

Mobility Services Engine

3355, Virtual Appliance

Table 3 lists the specific supported Cisco access points.

 

Table 3 Supported Access Points

Access Points

Cisco Aironet 700 Series

AIR-CAP702W-x-K9

AIR-CAP702I-x-K9

AIR-CAP702I-xK910

Cisco Aironet 1040 Series

AIR-AP1041N

AIR-AP1042N

AIR-LAP1041N

AIR-LAP1042N

Cisco Aironet 1140 Series

AIR-AP1141N

AIR-AP1142N

AIR-LAP1141N

AIR-LAP1142N

Cisco Aironet 1260 Series

AIR-LAP1261N

AIR-LAP1262N

AIR-AP1261N

AIR-AP1262N

Cisco Aironet 1530 Series

AIR-CAP1532I-x-K9

AIR-CAP1532E-x-K9

Cisco Aironet 1600 Series

AIR-CAP1602E

AIR-CAP1602I

Cisco Aironet 2600 Series

AIR-CAP2602E

AIR-CAP2602I

Cisco Aironet 2700 Series

AIR-CAP2702I-x-K9

AIR-CAP2702E-x-K9

Cisco Aironet 3500 Series

AIR-CAP3501E

AIR-CAP3501I

AIR-CAP3501P

AIR-CAP3502E

AIR-CAP3502I

AIR-CAP3502P

Cisco Aironet 3600 Series

AIR-CAP3602E

AIR-CAP3602I

Cisco Aironet 3700 Series

AIR-CAP3702I

AIR-CAP3702E

AIR-CAP3702P

Compatibility Matrix

Table 4 lists the software compatibility matrix.

 

Table 4 Software Compatibility Matrix

Catalyst 3650
Cisco 5700 WLC
Cisco 5508 or WiSM2
MSE
ISE
ACS
Cisco PI

03.06.00E

03.06.00E

8.02

7.6

8.03

1.2

5.2, 5.3

2.1.1 if MSE is also deployed4

2.1.0 if MSE is not deployed

03.03.03SE

03.03.02SE

03.03.01SE

03.03.00SE

03.03.03SE

03.03.02SE

03.03.01SE

03.03.00SE

7.55

7.5

1.2

5.2, 5.3

2.0

2.Cisco Wireless Release 8.0 is targeted to be available by August 2014.

3.Because of SHA-2 certificate implementation, MSE 7.6 is not compatible with Cisco IOS XE Release 3.6E. Therefore, we recommend that you upgrade to MSE 8.0.

4.If MSE is deployed on your network, we recommend that you upgrade to Cisco Prime Infrastructure 2.1.1.

5.Prime Infrastructure 2.0 enables you to manage Cisco WLC c7.5.102.0 with the features of Cisco WLC 7.4.110.0 and earlier releases. Prime Infrastructure 2.0 does not support any features of Cisco WLC 7.5.102.0 including the new AP platforms.

For more information on the compatibility of wireless software components across releases, see the Cisco Wireless Solutions Software Compatibility Matrix .

Wired Web UI (Device Manager) System Requirements

Hardware Requirements

 

Table 5 Minimum Hardware Requirements

Processor Speed
DRAM
Number of Colors
Resolution
Font Size

233 MHz minimum6

512 MB7

256

1024 x 768

Small

6.We recommend 1 GHz.

7.We recommend 1 GB DRAM.

Software Requirements

Windows 2000, XP, Vista, or Windows server 2003, Windows 7

Internet Explorer 6.0 and 7.0, Firefox version up to 26.0 or later with JavaScript enabled.

Wireless Web UI Software Requirements

  • Operating Systems

Windows 7

Windows 8

Mac OS X 10.8

  • Browsers

Google Chrome—Version 35

Microsoft Internet Explorer—Versions 10 or 11

Mozilla Firefox—Version 30

Safari—Version 6.1

Finding the Software Version and Feature Set

Table 6 shows the mapping of the Cisco IOS XE version number and the Cisco IOS version number.

 

Table 6 Cisco IOS XE to Cisco IOS Version Number Mapping

Cisco IOS XE Version
Cisco IOSd Version
Cisco Wireless Control Module Version
Access Point Version

03.06.00E

15.2(2)E

10.2.102.0

15.3(3)JN

03.03.03SE

15.0(1)EZ3

10.1.130.0

15.2(4)JB5h

03.03.02SE

15.0(1)EZ2

10.1.121.0

15.2(4)JB5

03.03.01SE

15.0(1)EZ1

10.1.110.0

15.2(4)JB2

03.03.00SE

15.0(1)EZ

10.1.100.0

15.2(4)JN

The package files for the Cisco IOS XE software are stored on the system board flash device (flash:).

You can use the show version privileged EXEC command to see the software version that is running on your switch.


NoteAlthough the show version output always shows the software image running on the switch, the model name shown at the end of this display is the factory configuration and does not change if you upgrade the software license. Although the show version output always shows the software image running on the switch, the model name shown at the end of this display is the factory configuration and does not change if you upgrade the software license.


You can also use the dir filesystem : privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.

Upgrading the Switch Software

For information about how to upgrade the switch software, see the System Management Configuration Guide, Cisco IOS XE Release 3E (Catalyst 3650 Switches) at the following URL:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/3e/system_management/configuration_guide/b_sm_3e_3650_cg.html

 

 
 

Table 7 Software Images

Image
File Name

Universal

cat3k_caa-universalk9.SPA.03.06.00.E.152-2.E.bin

Universal without DTLS

cat3k_caa-universalk9ldpe.SPA.03.06.00.E.152-2.E.bin

Important Upgrade Note

After you upgrade to Cisco IOS XE Release 3.6E, the WebAuth success page behavior is different from the behavior seen in Cisco IOS XE Release 3.3.X SE. After a successful authentication on the WebAuth login page, the original requested URL opens in a pop-up window and not on the parent page. Therefore, we recommend that you upgrade the Web Authentication bundle so that the bundle is in the format that is used by the AireOS Wireless LAN Controllers.

To download a sample Web Authentication bundle, follow these steps:


Step 1 Browse to http://software.cisco.com/download/navigator.html .

Step 2 Navigate to Products > Switches > Campus LAN Switches - Access > Cisco Catalyst 3650 Series Switches .

Step 3 Click a switch model.

Step 4 Click Wireless Lan Controller Web Authentication Bundle .

Step 5 Choose Release 3.6.0 and click Download .

Step 6 After the download, follow the instructions provided in the Read Me file that is attached in the bundle.


 


NoteIn a High Availability scenario, if you download the Web Authentication bundle to the active controller, the bundle cannot be synchronized with the standby controller. Therefore, we recommend that you also manually download the Web Authentication bundle to the standby controller. In a High Availability scenario, if you download the Web Authentication bundle to the active controller, the bundle cannot be synchronized with the standby controller. Therefore, we recommend that you also manually download the Web Authentication bundle to the standby controller.


Features

The Catalyst 3650 switch supports three different feature sets:

  • LAN Base feature set—Provides basic Layer 2+ features, including access control lists (ACLs) and quality of service (QoS) and up to 4094 VLANs.
  • IP Base feature set—Provides Layer 2+ and basic Layer 3 features (enterprise-class intelligent services). These features include access control lists (ACLs), quality of service (QoS), ACLs, QoS, static routing, EIGRP stub routing, IP multicast routing, Routing Information Protocol (RIP), basic IPv6 management, the Open Shortest Path First (OSPF) Protocol, and support for wireless controller functionality.
  • IP Services feature set—Provides a richer set of enterprise-class intelligent services and full IPv6 support. It includes all IP Base features plus full Layer 3 routing (IP unicast routing, IP multicast routing, and fallback bridging). The IP Services feature set includes protocols such as the Enhanced Interior Gateway Routing Protocol (EIGRP), the Open Shortest Path First (OSPF) Protocol, and support for wireless controller functionality.

Note A separate access point count license is required to use the switch as a wireless controller.


For more information about the features, see the product data sheet at this URL:

http://www.cisco.com/en/US/products/ps13133/products_data_sheets_list.html

 

Interoperability with Other Client Devices

This section describes the interoperability of this version of the switch software release with other client devices.

Table 8 lists the client types on which the tests were conducted. The clients included laptops, handheld devices, phones, and printers.

 

Table 8 Client Types

Client Type and Name
Version
Laptop

Intel 4965

11.5.1.15 or 12.4.4.5, v13.4

Intel 5100/6300

v14.3.0.6

Intel 6205

v15.10.5.1

Intel 6235

V15.10.5.1

Intel 6300

v15.10.4.2

Intel 7260(11AC)

17.0.0.34, Windows 8.1

Dell 1395/1397

XP/Vista: 5.60.18.8 Win7: 5.30.21.0

Dell 1505/1510/Broadcom 4321MCAG/4322HM

5.60.18.8

Dell 1515 (Atheros)

8.0.0.239

Dell 1520/Broadcom 43224HMS

5.60.48.18

Dell 1530 (Broadcom BCM4359)

v5.100.235.12

Cisco CB21

v1.3.0.532

Atheros HB95

7.7.0.358

MacBook Pro (Broadcom)

5.10.91.26

Broadcom 4360(11AC)

6.30.163.2005

Macbook Air (11AC)

10.9.3

Macbook Air

10.9.3
Handheld Devices

Apple iPad

iOS 5.0.1

Apple iPad2

iOS 6.0.1

Apple iPad3

7.1.1(11D201)

Apple iPad Air

7.1.1(11D201)

Apple iPad Mini

7.1.1(11D201)

Samsung Galaxy Tab

Android 3.2

Intermec CK70

Windows Mobile 6.5 / 2.01.06.0355

Intermec CN50

Windows Mobile 6.1 / 2.01.06.0333

Symbol MC5590

Windows Mobile 6.5 / 3.00.0.0.051R

Symbol MC75

Windows Mobile 6.5 / 3.00.2.0.006R

Phones and Printers

Cisco 7921G

1.4.2.LOADS

Cisco 7925G

1.4.2.LOADS

Ascom i75

1.8.0

Spectralink 8030

119.081/131.030/132.030

Vocera B1000A

4.1.0.2817

Vocera B2000

4.0.0.345

Apple iPhone 4

iOS 6.0.1

Apple iPhone 4S

7.1.1(11D201)

Apple iPhone 5s

7.1.1(11D201)

Apple iPhone 5c

7.1.1(11D201)

Ascom i62

2.5.7

HTC Sensation

Android 2.3.3

Samsung Galaxy S II

Android 2.3.3

SpectraLink 8450

3.0.2.6098/5.0.0.8774

Samsung Galaxy Nexus

Android 4.0.2

Samsung Galaxy S4 (GT-I9500)

4.4.2

Samsung Galaxy Note (SM-900)

4.4.2

Important Notes

  • A switch stack containing a mix of Catalyst 3850 and Catalyst 3650 switches is not supported.
  • Although visible in the CLI, the following commands are not supported:

collect flow username

authorize-lsc-ap (CSCui93659)

  • The following features are not supported in Cisco IOS XE Release 3.6E:

Outdoor Access Points

Mesh, FlexConnect, and OfficeExtend access point deployment

Wireless Guest Anchor Controller (The Catalyst 3850 switch can be configured as a foreign controller.)

Resilient Ethernet Protocol

Private VLANs

Device Sensor

MVR (Multicast VLAN Registration)

IPv6 routing - OSPFv3 Authentication

Call Home

DVMRP Tunneling

Port Security on EtherChannel

802.1x Configurable username and password for MAB

Link State Tracking (L2 Trunk Failover)

Disable Per VLAN MAC Learning

IEEE 802.1X-2010 with 802.1AE support

IEEE 802.1AE MACsec (MKA & SAP)

Command Switch Redundancy

CNS Config Agent

Dynamic Access Ports

IPv6 Ready Logo phase II - Host

IPv6 IKEv2 / IPSecv3

OSPFv3 Graceful Restart (RFC 5187)

Fallback bridging for non-IP traffic between VLANs

DHCP snooping ASCII circuit ID

Protocol Storm Protection

802.1x NEAT

Per VLAN Policy & Per Port Policer

Packet Based Storm Control

Ingress/egress Shared Queues

Trust Boundary Configuration

Cisco Group Management Protocol (CGMP)

Device classifier for ASP

IPSLA Media Operation

Passive Monitoring

Performance Monitor (Phase 1)

AAA: RADIUS over IPv6 transport

AAA: TACACS over IPv6 Transport

Auto QoS for Video endpoints

EX SFP Support (GLC-EX-SMD)

IPv6 Strict Host Mode Support

IPv6 Static Route support on LAN Base images

VACL Logging of access denied

RFC5460 DHCPv6 Bulk Leasequery

DHCPv6 Relay Source Configuration

RFC 4293 IP-MIB (IPv6 only)

RFC 4292 IP-FORWARD-MIB (IPv6 only)

RFC4292/RFC4293 MIBs for IPv6 traffic

Layer 2 Tunneling Protocol Enhancements

UniDirectional Link Routing (UDLR)

Pragmatic General Multicast (PGM)

PVLAN, DAI, IPSG Interoperability

Ingress Rate Limiting

Ingress Strict Priority Queuing (Expedite)

Weighted Random Early Detect (WRED)

Improvements in QoS policing rates

Fast SSID support for guest access WLANs

  • Be careful when connecting a “snagless” Ethernet cable to port 1 on a 48-port switch. The protective boot of the cable might inadvertently press the Mode button, causing the switch to erase its startup configuration and reboot. (CSCuj17317)

There is no workaround except to avoid connecting a “snagless” Ethernet cable to port 1 on a 48-port switch.

Limitations and Restrictions

  • You cannot configure NetFlow export using the Ethernet Management port (g0/0).
  • The switch does not support CDP bypass.
  • The maximum committed information rate (CIR) for voice traffic on a wireless port is 132 Mb/sec.

Caveats

Cisco Bug Search Tool

The Bug Search Tool (BST), which is the online successor to Bug Toolkit, is designed to improve the effectiveness in network risk management and device troubleshooting. The BST allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.

To view the details of a caveat listed in this document:

1. Access the BST (use your Cisco user ID and password) at https://tools.cisco.com/bugsearch/ .

2. Enter the bug ID in the Search For: field.

Open Caveats

Use the BST to view the details of a caveat listed in this section. For more information about the BST, see the “Cisco Bug Search Tool” section.

 

Bug ID
Severity
Headline

CSCul98104

2

WCCP in multicast mode stops working after changing mask on CE

CSCum92274

2

Guest Access: AAA overridden QoS policies are not getting precedence

CSCun82579

3

Set IP next-hop verify-avail cmd might remove ip policy route-map config

CSCun92013

2

Clients do not get IP from the right VLAN after adding VLANs to the group

CSCuo00561

2

Switch unusable for eight minutes after “default interface” with L3 CTS config

CSCup40892

2

Wireless clients may be stuck in idle state when FQDN feature is enabled

CSCup62150

2

Client QoS policy is not applied for Inter-controller roamed client

CSCup28930

3

CLI output for "show memory" command shows ”0” for config on device.

Resolved Caveats

Use the BST to view the details of a caveat listed in this section. For more information about the BST, see the “Cisco Bug Search Tool” section.

 

Bug ID
Severity
Headline

CSCui69119

2

IPDT: rejected channel conf and standby failed to boot up

CSCuj17317

2

XE: Certain snagless cables may press on the mode button causing reload

CSCuj92028

2

WCCP Crash @edison_wccp_cam_write_event_handler

CSCun68485

2

Router ACL (RACL) on SVI in output direction applied to bridged traffic

CSCun78227

2

Incorrect temperature thresholds reported via SNMP

CSCun97765

2

Unable to disable IPDT

Troubleshooting

For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at this URL:

http://www.cisco.com/en/US/support/index.html

Choose Product Support > Switches. Then choose your product and click Troubleshoot and Alerts to find information for the problem that you are experiencing.

Related Documentation

  • Cisco IOS XE 3E Release documentation at this URL:

http://www.cisco.com/c/en/us/support/ios-nx-os-software/ios-xe-3e/tsd-products-support-series-home.html

  • Catalyst 3650 switch documentation at this URL:

http://www.cisco.com/go/cat3650_docs

  • Error Message Decoder at this URL:

https://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation , which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation , which lists all new and revised Cisco Technical documentation, as an RSS feed and deliver content directly to your desktop using a read application. The RSS feeds are a free service.


 

© 2014 Cisco Systems, Inc. All rights reserved.