Release Notes for the Catalyst 3750, 3560, and 2960 Switches, Cisco IOS Release 12.2(53)SE and Later
Device Manager System Requirements
Finding the Software Version and Feature Set
Catalyst 3750G Integrated Wireless LAN Controller Switch Software Compatibility
Upgrading a Switch by Using the Device Manager or Network Assistant
Upgrading a Switch by Using the CLI
Recovering from a Software Failure
Minimum Cisco IOS Release for Major Features
Stacking (Catalyst 3750 or Cisco EtherSwitch service module switch stack only)
Cisco IOS Caveats Resolved in Cisco IOS Release 12.2(53)SE2
Cisco IOS Caveats Resolved in Cisco IOS Release 12.2(53)SE1
Cisco IOS Caveats Resolved in Cisco IOS Release 12.2(53)SE
Updates to the Catalyst 3750 and 3560 Software Configuration Guides
Updates for the “Unsupported Commands” Appendix
New Section for the “Configuring IP Unicast Routing” Chapter
New Information for the “Overview” Chapter
New Information for the “Configuring Switch Stacks” Chapter
Updates to the Software Configuration Guides
Understanding TelePresence E911 IP Phone Support
Configuring TelePresence E911 IP Phone Support
Updates to the Command References
Updates to the System Message Guides
Updates to the Catalyst 3750 and 3560, and 2960 Hardware Installation Guide
Updates for the Catalyst 2960 Switch Hardware Installation Guide
Update to the Getting Started Guide
Correction to the Getting Started Guide for the Catalyst2960 Switch
Update to the Regulatory Compliance and Safety Information for the Catalyst2960 Switch
Statement 266—Switch Installation Warning
Obtaining Documentation and Submitting a Service Request
Cisco IOS Release 12.2(53)SE and later runs on all Catalyst 3750 and 3560, and 2960 switches and on Cisco EtherSwitch service modules.
Note Cisco IOS Release 12.2(53)SE1 does not support the Cisco EtherSwitch service modules.
The Catalyst 3750 switches and the Cisco EtherSwitch service modules support stacking through Cisco StackWise technology. The Catalyst 3560 and 2960 switches do not support switch stacking. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack.
These release notes include important information about Cisco IOS Release 12.2(53)SE and later and any limitations, restrictions, and caveats that apply to the releases. Verify that these release notes are correct for your switch:
For the complete list of Catalyst 3750and 3560, and 2960 switch documentation and of Cisco EtherSwitch service module documentation, see the “Related Documentation” section.
You can download the switch software from this site (registered Cisco.com users with a login password):
http://www.cisco.com/cisco/web/download/index.html
This software release is part of a special release of Cisco IOS software that is not released on the same maintenance cycle that is used for other platforms. As maintenance releases and future software releases become available, they will be posted to Cisco.com in the Cisco IOS software area.
The system requirements are described in these sections:
Table 1 lists the hardware supported on this release.
24 10/100/1000 PoE1 ports, 2 SFP2 module slots, and an integrated wireless LAN controller supporting up to 25 access points. |
Cisco IOS Release 12.2(25)FZ or Cisco IOS Release 12.2(35)SE |
|
24 10/100/1000 PoE ports, 2 SFP module slots, and an integrated wireless LAN controller supporting up to 50 access points |
Cisco IOS Release 12.2(25)FZ or Cisco IOS Release 12.2(35)SE |
|
16 10/100/1000 Ethernet ports and 1 XENPAK 10-Gigabit Ethernet module slot |
||
8 10/100 PoE ports and 1 dual-purpose port3 (one 10/100/1000BASE-T copper port and one SFP module slot) |
||
12 Ethernet 10/100 ports with PoE and 1 dual-purpose 10/100/1000 or SFP uplink |
||
48 10/100 PoE ports, 2 10/100/1000 ports, and 2 SFP module slots |
||
24 10/100 PoE ports and 2 dual-purpose ports |
||
24 10/100 ports (8 of which are PoE) and 2 dual-purpose ports |
||
8 10/100 ports and 1 dual-purpose port3 (1 10/100/1000BASE-T copper port and1 SFP module slot) |
||
48 10/100 PoE ports, 1 10/100/1000 ports and 2 SFP module slots |
||
24 10/100BASE-T Ethernet ports and 2 dual-purpose ports (two 10/100/1000BASE-T copper ports and two SFP module slots) |
||
48 10/100BASE-T Ethernet ports and 2 dual-purpose ports (two 10/100/1000BASE-T copper ports and two SFP module slots) |
||
8 10/100 Ethernet ports and 1 dual-purpose port (one 10/100/1000BASE-T copper port and one SFP module slot) |
||
7 10/100/1000 Ethernet ports and 1 dual-purpose port (one 10/100/1000BASE-T copper port and one SFP module slot) |
||
24 10/100 ports, 8 of which are PoE, and 2 10/100/1000 ports |
||
24 10/100 Power over Ethernet (PoE) ports and 2 dual-purpose ports (2 10/100/1000BASE-T copper ports and 2 small form-factor pluggable [SFP] module slots) |
||
24 10/100BASE-T Ethernet ports and 2 10/100/1000BASE-T Ethernet ports |
||
48 10/100BASE-T Ethernet ports 2 10/100/1000BASE-T Ethernet ports |
||
24 10/100/1000BASE-T Ethernet ports, including 4 dual-purpose ports (four 10/100/1000BASE-T copper ports and four SFP module slots) |
||
48 10/100/1000BASE-T Ethernet ports, including 4 dual-purpose ports (four 10/100/1000BASE-T copper ports and four SFP module slots) |
||
NME-16ES-1G4 |
16 10/100 ports, 1 10/100/1000 Ethernet port, no StackWise connector ports, single-wide |
|
16 10/100 PoE ports, 1 10/100/1000 Ethernet port, no StackWise connector ports, single-wide |
||
23 10/100 ports, 1 10/100/1000 PoE port, no StackWise connector ports, extended single-wide |
||
23 10/100 PoE ports, 1 10/100/1000 PoE port, no StackWise connector ports, extended single-wide |
||
24 10/100 PoE ports, 1 SFP module port, 2 StackWise connector ports, extended double-wide |
||
48 10/100 PoE ports, 2 SFP module ports, no StackWise connector ports, extended double-wide |
||
1000BASE-CWDM5, -LX, SX, -T, -ZX 100BASE-FX MMF6 Support for eight additional DWDM SFP optical modules. For a complete list of supported SFPs and part numbers, see the data sheet at: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5023/product_data_sheet0900aecd80371991.html |
||
XENPAK modules7 |
||
Cisco RPS 675 Redundant Power System Cisco RPS 300 Redundant Power System (supported only on the Catalyst 2960 switch) |
Supported on all software releases |
These sections describes the hardware and software requirements for using the device manager:
Table 2 lists the minimum hardware requirements for running the device manager.
These are the supported operating systems and browsers for the device manager:
The device manager verifies the browser version when starting a session, and it does not require a plug-in.
You cannot create and manage switch clusters through the device manager. To create and manage switch clusters, use the command-line interface (CLI) or the Network Assistant application.
When creating a switch cluster or adding a switch to a cluster, follow these guidelines:
For additional information about clustering, see Getting Started with Cisco Network Assistant and Release Notes for Cisco Network Assistant (not orderable but available on Cisco.com), the software configuration guide, the command reference, and the Cisco EtherSwitch service module feature guide.
Cisco IOS 12.2(50)SE is only compatible with Cisco Network Assistant (CNA) 5.0 and later. You can download Cisco Network Assistant from this URL:
http://www.cisco.com/pcgi-bin/tablebuild.pl/NetworkAssistant
For more information about Cisco Network Assistant, see the Release Notes for Cisco Network Assistant on Cisco.com.
These are the procedures for downloading software. Before downloading software, read this section for important information:
The Cisco IOS image is stored as a bin file in a directory that is named with the Cisco IOS release. A subdirectory contains the files needed for web management. The image is stored on the system board flash device (flash:).
You can use the show version privileged EXEC command to see the software version that is running on your switch. The second line of the display shows the version.
Note For Catalyst 3750 and 3560 switches and the Cisco EtherSwitch service modules, although the show version output always shows the software image running on the switch, the model name shown at the end of this display is the factory configuration (IP base image [formerly known as the SMI] or IP services image [formerly known as the EMI]) and does not change if you upgrade the software image.
You can also use the dir filesystem : privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.
The upgrade procedures in these release notes describe how to perform the upgrade by using a combined tar file. This file contains the Cisco IOS image file and the files needed for the embedded device manager. You must use the combined tar file to upgrade the switch through the device manager. To upgrade the switch through the command-line interface (CLI), use the tar file and the archive download-sw privileged EXEC command.
For the Catalyst 3750 and 3560 switches, Cisco IOS Release 12.2(25)SEA and earlier referred to the image that provides Layer 2+ features and basic Layer 3 routing as the standard multilayer image (SMI). The image that provides full Layer 3 routing and advanced services was referred to as the enhanced multilayer image (EMI).
Cisco IOS Release 12.2(25)SEB and later refers to the SMI as the IP base image and the EMI as the IP services image.
Table 3 lists the different file-naming conventions before and after Cisco IOS Release 12.2(25)SEB.
Table 4 lists the filenames for this software release.
Catalyst 3750 IP base image and device manager files. This image has Layer 2+ and basic Layer 3 routing features. This image also runs on the Cisco EtherSwitch service modules. |
|
Catalyst 3750 IP base image (noncryptographic image) with device manager Express Setup files only. This image is intended for switches that have a 16M flash size. |
|
Catalyst 3750 IP base cryptographic image and device manager files. This image has the Kerberos, SSH12, Layer 2+, and basic Layer 3 routing features. This image also runs on the Cisco EtherSwitch service modules. |
|
Catalyst 3750 IP base image (cryptographic image) with device manager Express Setup files only. This image is intended for switches that have a 16M flash size. |
|
Catalyst 3750 IP services image and device manager files. This image has both Layer 2+ and full Layer 3 routing features. This image also runs on the Cisco EtherSwitch service modules. |
|
Catalyst 3750 IP services image (noncryptographic image) with device manager Express Setup files only. This image is intended for switches that have a 16M flash size. |
|
Catalyst 3750 IP services cryptographic image and device manager files. This image has the Kerberos, SSH, Layer 2+, and full Layer 3 features. This image also runs on the Cisco EtherSwitch service modules. |
|
Catalyst 3750 IP services image (cryptographic image) with device manager Express Setup files only. This image is intended for switches that have a 16M flash size. |
|
Catalyst 3560 IP base image file and device manager files. This image has Layer 2+ and basic Layer 3 routing features. |
|
Catalyst 3560 IP base image (noncryptographic image) with device manager Express Setup files only. This image is intended for switches that have a 16M flash size. |
|
Catalyst 3560 IP base cryptographic image and device manager files. This image has the Kerberos, SSH, and Layer 2+, and basic Layer 3 routing features. |
|
Catalyst 3560 IP base image (cryptographic image) with device manager Express Setup files only. This image is intended for switches that have a 16M flash size. |
|
Catalyst 3560 IP services image and device manager files. This image has both Layer 2+ and full Layer 3 routing features. |
|
Catalyst 3560 IP services image (noncryptographic image) with device manager Express Setup files only. This image is intended for switches that have a 16M flash size. |
|
Catalyst 3560 IP services cryptographic image and device manager files. This image has the Kerberos, SSH, Layer 2+, and full Layer 3 features. |
|
Catalyst 3560 IP services image (cryptographic image) with device manager Express Setup files only. This image is intended for switches that have a 16M flash size. |
|
Catalyst 2960 image file and device manager files. This image has Layer 2+ features. |
|
Catalyst 2960 cryptographic image file and device manager files. This image has the Kerberos and SSH features. |
|
Catalyst 2960 LAN lite cryptographic image file and device manager files. |
Catalyst 3750 or 3560 switches with a 16-MB flash memory can experience problems due to flash memory constraints, especially if they are using larger size images, such as c3750-ipservicesk9-tar, c3560-ipservicesk9-tar, c3750-ipbasek9-tar, or c3750-ipbasek9-tar images. These are the affected switches:
Catalyst 3560: WS-C3560-24PS and WS-C3560-48PS
Catalyst3750: WS-C3750-24PS, WS-C3750-24TS, WS-C3750-48PS, WS-C3750-48TS, WS-3750G-24T, WS-C3750G-12S, WS-C3750G-24TS, WS-C3750G-16TD
The workaround for these switches is to use the corresponding lm images, such as the c3750-ipserviceslmk9-tar or c3560-ipserviceslmk9-tar images, which require less memory. In future releases, images are expected to grow more in size, requiring more need for the lm images.
The Catalyst 3750 Integrated Wireless LAN Controller Switch is an integrated Catalyst 3750 switch and Cisco 4400 series wireless LAN controller that supports up to 25 or 50 lightweight access points. The switch and the internal controller run separate software versions, which must be upgraded separately.
To use the controller in the Catalyst 3750G Wireless LAN Controller Switch, the switch must be running one of these Cisco IOS software releases:
Note These Cisco IOS Releases and any versions of them are not supported: Cisco IOS Release 12.2(25)SEC, 12.2(25)SED, 12.2(25)SEE, 12.2(25)SEF, and 12.2(25)SEG. All Catalyst 3750 images (IP Base, IP Services, and Advanced IP Services) are supported for use with the controller.
If the switch image version is not compatible, the wireless LAN controller switch could stop functioning.
For information about the controller software, see the release notes on this page for Cisco Software Release 4.0.x.0 or later:
http://www.cisco.com/en/US/products/ps6366/prod_release_notes_list.html
For controller software upgrade procedure, see the Cisco Wireless LAN Controller Configuration Guide on this page:
.http://www.cisco.com/en/US/products/ps6366/products_installation_and_configuration_guides_list.html
Before upgrading your switch software, make sure that you have archived copies of the current Cisco IOS release and the Cisco IOS release to which you are upgrading. You should keep these archived images until you have upgraded all devices in the network to the new Cisco IOS image and until you have verified that the new Cisco IOS image works properly in your network.
Cisco routinely removes old Cisco IOS versions from Cisco.com. See Product Bulletin 2863 for more information:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/prod_bulletin0900aecd80281c0e.html
You can copy the bin software image file on the flash memory to the appropriate TFTP directory on a host by using the copy flash: tftp: privileged EXEC command.
Note Although you can copy any file on the flash memory to the TFTP server, it is time consuming to copy all of the HTML files in the tar file. We recommend that you download the tar file from Cisco.com and archive it on an internal host in your network.
You can also configure the switch as a TFTP server to copy files from one switch to another without using an external TFTP server by using the tftp-server global configuration command. For more information about the tftp-server command, see the “Basic File Transfer Services Commands” section of the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 at this URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_reference_chapter09186a00800ca744.html
You can upgrade switch software by using the device manager or Network Assistant. For detailed instructions, click Help.
Note When using the device manager to upgrade your switch, do not use or close your browser session after the upgrade process begins. Wait until after the upgrade process completes.
This procedure is for copying the combined tar file to the switch. You copy the file to the switch from a TFTP server and extract the files. You can download an image file and replace or keep the current image.
To download software, follow these steps:
Step 1 Use Table 4 to identify the file that you want to download.
Step 2 Download the software image file. If you have a SmartNet support contract, go to this URL, and log in to download the appropriate files:
http://www.cisco.com/kobayashi/sw-center/sw-lan.shtml
To download the image for a Catalyst 2960 switch, click Catalyst 2960 software. To obtain authorization and to download the cryptographic software files, click Catalyst 2960 3DES Cryptographic Software.
To download the IP services image or IP base image files for a Catalyst 3560 switch, click Catalyst 3560 software. To obtain authorization and to download the cryptographic software files, click Catalyst 3560 3DES Cryptographic Software.
To download the IP services image or IP base image files for a Catalyst 3750 switch, click Catalyst 3750 software. To obtain authorization and to download the cryptographic software files, click Catalyst 3750 3DES Cryptographic Software.
Step 3 Copy the image to the appropriate TFTP directory on the workstation, and make sure that the TFTP server is properly configured.
For more information, see Appendix B in the software configuration guide for this release.
Step 4 Log into the switch through the console port or a Telnet session.
Step 5 (Optional) Ensure that you have IP connectivity to the TFTP server by entering this privileged EXEC command:
For more information about assigning an IP address and default gateway to the switch, see the software configuration guide for this release.
Step 6 Download the image file from the TFTP server to the switch. If you are installing the same version of software that is currently on the switch, overwrite the current image by entering this privileged EXEC command:
The /overwrite option overwrites the software image in flash memory with the downloaded one.
The /reload option reloads the system after downloading the image unless the configuration has been changed and not saved.
For // location, specify the IP address of the TFTP server.
For / directory / image-name .tar, specify the directory (optional) and the image to download. Directory and image names are case sensitive.
This example shows how to download an image from a TFTP server at 198.30.20.19 and to overwrite the image on the switch:
You can also download the image file from the TFTP server to the switch and keep the current image by replacing the /overwrite option with the /leave-old-sw option.
You can assign IP information to your switch by using these methods:
Note If you are upgrading a Catalyst 3750 or a 2950 switch running Cisco IOS Release 12.1(11)AX, which uses the IEEE 802.1x feature, you must re-enable IEEE 802.1x after upgrading the software. For more information, see the “Cisco IOS Notes” section.
Note When upgrading or downgrading from Cisco IOS Release 12.2(18)SE, you might need to reconfigure the switch with the same password that you were using when running Cisco IOS Release 12.2(18)SE. This problem only occurs when changing from Cisco IOS Release 12.2(18)SE to any other release. (CSCed88768)
This section describes the new and updated software features provided in this release:
– When the director is the TFTP server, you can store the default image and configuration file in the director flash, and the director automatically creates the image_list file.
– For zero-touch downloads to switches running releases earlier than 12.2(52)SE, the director automatically creates the tailored configuration file.
Table 5 lists the minimum software release required to support the major features of the Catalyst 3750 3560,and 2960 switches and the Cisco EtherSwitch service modules.
Smart Install to allow a single point of management (director) in a network. You can use Smart Install to provide zero touch image and configuration upgrade of newly deployed switches and image and configuration downloads for any client switches. |
||
AutoSmartPort enhancements, which add support for macro persistency, LLDP-based triggers, MAC address and OUI-based triggers, remote macros as well as for automatic configuration based on these two new device types: Cisco Digital Media Player (Cisco DMP) and Cisco IP Video Surveillance Camera (Cisco IPVSC). |
||
RADIUS Change of Authorization (CoA) to change the attributes of a certain session after it is authenticated. When there is a change in policy for a user or user group in AAA, administrators can send the RADIUS CoA packets from the AAA server, such as Cisco Secure ACS to reinitialize authentication, and apply to the new policies. |
||
IEEE 802.1x User Distribution to allow deployments with multiple VLANs (for a group of users) to improve scalability of the network by load balancing users across different VLANs. Authorized users are assigned to the least populated VLAN in the group, assigned by RADIUS server. |
||
Support for critical VLAN with multiple-host authentication so that when a port is configured for multi-auth, and an AAA server becomes unreachable, the port is placed in a critical VLAN in order to still permit access to critical resources. |
||
Customizable web authentication enhancement to allow the creation of user-defined login, success, failure and expire web pages for local web authentication. |
||
Support for Network Edge Access Topology (NEAT) to change the port host mode and to apply a standard port configuration on the authenticator switch port. |
||
VLAN-ID based MAC authentication to use the combined VLAN and MAC address information for user authentication to prevent network access from unauthorized VLANs. |
||
MAC move to allow hosts (including the hosts connected behind an IP phone) to move across ports within the same switch without any restrictions to enable mobility. With MAC move, the switch treats the reappearance of the same MAC address on another port in the same way as a completely new MAC address. |
||
Support for 3DES and AES with version 3 of the Simple Network Management Protocol (SNMPv3). This release adds support for the 168-bit Triple Data Encryption Standard (3DES) and the 128-bit, 192-bit, and 256-bit Advanced Encryption Standard (AES) encryption algorithms to SNMPv3. |
||
Support for including a hostname in the option 12 field of DHCPDISCOVER packets. This provides identical configuration files to be sent by using the DHCP protocol. |
||
DHCP Snooping enhancement to support the selection of a fixed string-based format for the circuit-id sub-option of the Option 82 DHCP field. |
||
Increased support for LLPD-MED by allowing the switch to grant power to the power device (PD), based on the power policy TLV request. |
||
Support for the LLPD-MED MIB and the CISCO-ADMISSION-POLICY-MIB. |
||
Cisco Medianet to enable intelligent services in the network infrastructure for a wide variety of video applications. One of the services of Medianet is auto provisioning for Cisco Digital Media Players and Cisco IP Video Surveillance cameras through Auto Smartports. |
||
Support for EEM 3.2, which introduces event detectors for Neighbor Discovery, Identity, and MAC-Address-Table. |
||
Cisco EnergyWise to manage the power usage of EnergyWise entities, such as power over Ethernet (PoE) devices and end points running EnergyWise agents. Note When you use the EnergyWise end-point software development kit (SDK) or the management application programming interface (API), we recommend that the switch runs Cisco IOS Release 12.2(53)SE2 or later. |
||
Network Edge Access Topology (NEAT) with 802.1X switch supplicant, host authorization with CISP, and auto enablement to authenticate a switch outside a wiring closet as a supplicant to another switch |
||
IEEE 802.1x with open access to allow a host to access the network before being authenticated |
||
IEEE 802.1x authentication with downloadable ACLs and redirect URLs to allow per-user ACL downloads from a Cisco Secure ACS server to an authenticated switch |
||
Flexible-authentication sequencing to configure the order of the authentication methods that a port tries when authenticating a new host |
||
Multiple-user authentication to allow more than one host to authenticate on an 802.1x-enabled port |
||
Cisco EnergyWise manages the energy usage of power over Ethernet (PoE) entities |
||
Wired location service sends location and attachment tracking information for connected devices to a Cisco Mobility Services Engine (MSE) |
||
Support for the Cisco IOS Configuration Engine, previously referred to as the Cisco IOS CNS agent |
||
LLDP-MED network-policy profile time, length, value (TLV) for creating a profile for voice and voice-signalling by specifying the values for VLAN, class of service (CoS), differentiated services code point (DSCP), and tagging mode |
||
RADIUS server load balancing to allow access and authentication requests to be distributed evenly across a server group |
||
Auto Smartports Cisco-default and user-defined macros for dynamic port configuration based on the device type detected on the port |
||
Support for: SCP attribute in the CONFIG_COPY MIB, CISCO-AUTH-FRAMEWORK-MIB, CISCO-MAC-AUTH-BYPASS MIBs, LLDP MIB |
||
Intermediate System-to-Intermediate System (IS-IS) routing supports dynamic routing protocols for Connectionless Network Service (CLNS) networks |
||
These IPv6 features are now supported in the IP services and IP base software images: ACLs; DHCPv6 for the DCHP server, client, and relay device; EIGRPv6; HSRPv6; OSPFv3; RIP; Static routes |
||
Support for 802.1x authentication with restricted VLANs (also known as authentication failed VLANs) in all switch images |
||
IP source guard restricts traffic on nonrouted interfaces by filtering traffic based on the DHCP snooping database and IP source bindings |
||
Dynamic ARP inspection to prevent malicious attacks on the switch by not relaying invalid ARP requests and responses to other ports in the same VLAN |
||
Generic message authentication support with the SSH Protocol and compliance with RFC 4256 |
||
PAgP Interaction with Virtual Switches and Dual-Active Detection |
||
Voice aware IEEE 802.1x and mac authentication bypass (MAB) security violation |
||
Exclude a port in a VLAN from the SVI line-state up or down calculation |
||
DHCP for IPv6 relay, client, server address assignment and prefix delegation (requires the advanced IP services image) |
||
Embedded event manager (EEM) for device and system management |
||
Dynamic voice virtual LAN (VLAN) for multidomain authentication (MDA) |
||
Monitor and police the real-time power consumption on a per-PoE port basis |
||
IEEE 802.1x Authentication with ACLs and the RADIUS Filter-Id Attribute |
||
Simple Network and Management Protocol (SNMP) configuration over IPv6 transport |
||
Support for Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 |
||
Dynamic voice virtual LAN (VLAN) for multidomain authentication (MDA)-enabled ports |
||
VRF-aware support for these IP services: HSRP, uRPF, ARP, SNMP, IP SLA, TFTP, FTP, syslog, traceroute, and ping |
||
Link Layer Discovery Protocol (LLDP) and LLDP Media Endpoint Discovery (LLDP-MED) |
||
Generic online diagnostics to test the hardware functionality of the supervisor engine |
||
Stack MAC persistent timer and archive download enhancements |
||
OSPF and EIGRP Nonstop forwarding capability (IP services image only) |
||
IPv6 router ACLs for inbound Layer 3 management traffic in the IP base and IP services image |
||
Generic online diagnostics to test the hardware functionality of the supervisor engine |
||
Multiple spanning-tree (MST) based on the IEEE 802.1s standard |
||
Support for configuring private-VLAN ports on interfaces that are configured for dynamic ARP inspection (IP base image [formerly known as the SMI] only) |
||
Support for IP source guard on private VLANs (IP base image [formerly known as the SMI] only) |
||
Support for VLAN-based QoS13 and hierarchical policy maps on SVIs14 |
||
Layer 2 point-to-point tunneling and Layer 2 point-to-point tunneling bypass |
||
Support for SSL version 3.0 for secure HTTP communication (cryptographic images only) |
||
Support for configuring private-VLAN ports on interfaces that are configured for dynamic ARP inspection (IP services image [formerly known as the EMI] only) |
||
Support for IP source guard on private VLANs (IP services image [formerly known as the EMI] only) |
||
Cisco intelligent power management to limit the power allowed on a port, or pre-allocate (reserve) power for a port. |
||
IEEE 802.1x accounting and MIBs (IEEE 8021-PAE-MIB and CISCO-PAE-MIB) |
||
Private VLAN (IP services image [formerly known as the EMI] only) |
||
You should review this section before you begin working with the switch. These are known limitations that will not be fixed, and there is not always a workaround. Some features might not work as documented, and some features could be affected by recent changes to the switch hardware or software.
This section contains these limitations:
Unless otherwise noted, these limitations apply to the Catalyst 3750 and 3560, and 2960 switches and the Cisco EtherSwitch service modules:
These are the configuration limitations:
This problem occurs under these conditions:
– When the switch is booted up without a configuration (no config.text file in flash memory).
– When the switch is connected to a DHCP server that is configured to give an address to it (the dynamic IP address is assigned to VLAN 1).
– When an IP address is configured on VLAN 1 before the dynamic address lease assigned to VLAN 1 expires.
The workaround is to reconfigure the static IP address. (CSCea71176 and CSCdz11708)
1. Disable auto-QoS on the interface.
2. Change the routed port to a nonrouted port or the reverse.
3. Re-enable auto-QoS on the interface. (CSCec44169)
– (Catalyst 3750 switch and Cisco EtherSwitch service modules) When the Network Time Protocol (NTP) is configured, but the NTP clock is not synchronized. You can check the clock status by entering the show NTP status privileged EXEC command and verifying that the network connection to the NTP server and the peer work correctly.
– (Catalyst 3750 or 3560 switches and Cisco EtherSwitch service modules) The DHCP snooping database file is manually removed from the file system. After enabling the DHCP snooping database by configuring a database URL, a database file is created. If the file is manually removed from the file system, the DHCP snooping database does not create another database file. You need to disable the DHCP snooping database and enable it again to create the database file.
– (Catalyst 3750 or 3560 switches and Cisco EtherSwitch service modules) The URL for the configured DHCP snooping database was replaced because the original URL was not accessible. The new URL might not take effect after the timeout of the old URL.
No workaround is necessary; these are the designed behaviors. (CSCed50819)
However, when dynamic ARP inspection is not enabled and a jumbo MTU is configured, ARP and RARP packets are correctly bridged in hardware. (CSCed79734)
The workaround is to configure the port for 10 Mb/s and half duplex or to connect a hub or a nonaffected device to the switch. (CSCed39091)
When you enter the show ip arp inspection log privileged EXEC command, the log entries from all switches in the stack are moved to the switch on which you entered the command.
There is no workaround. (CSCed95822)
The workaround is to enter the no switchport block unicast interface configuration command on that specific interface. (CSCee93822)
There is no workaround. This is a cosmetic error and does not affect the functionality of the switch. (CSCef59331)
To change the baud rate, reload the Cisco EtherSwitch service module with the bootloader prompt. You can then change the baud rate and change the speed on the TTY line of the router connected to the Cisco EtherSwitch Service module console.
There is no workaround. (CSCeh50152)
The workaround is to use switch ports other than those specified for redundancy and for applications that immediately detect active links. (CSCeh70503)
High CPU utilization can also occur with other conditions, such as when debug messages are logged at a high rate to the console.
– Disable logging to the console.
– Rate-limit logging messages to the console.
– Remove the logging event spanning-tree interface configuration command from the interfaces. (CSCsg91027)
15:50:11: %COMMON_FIB-4-FIBNULLHWIDB: Missing hwidb for fibhwidb Port-channel1 (ifindex 1632) -Traceback= A585C B881B8 B891CC 2F4F70 5550E8 564EAC 851338 84AF0C 4CEB50 859DF4 A7BF28 A98260 882658 879A58
(CSCsh12472 [Catalyst 3750 and 3560 switches])
The workaround is to configure aggressive UDLD. (CSCsh70244).
The workaround is to always enter a non zero value for the timeout value when you enter the boot host retry timeout timeout-value command. (CSCsk65142)
up
and sometimes as down
, resulting in conflicts. This status depends on when you respond to the reboot query: Would you like to enter the initial configuration dialog?
– After a reboot if you wait until the Line Protocol status of VLAN 1 appears on the console before responding, VLAN 1 line status is always shown as down
. This is the correct state.
– The problem (VLAN 1 reporting up
) occurs if you respond to the query before VLAN 1 line status appears on the console.
The workaround is to wait for approximately 1 minute after rebooting and until the VLAN 1 interface line status appears on the console before you respond to the query. (CSCsl02680) (Catalyst 3750 and 3560 switches)
– Two-link ports on the same switch are connected with a crossover cable.
– The switch is running Cisco IOS 12.2(50)SE3 or later.
The workaround is to connect the two ports with a straight-through cable. (CSCsr41271) (Catalyst 3750V2 and Catalyst 3560V2 PoE switches and Cisco Etherswitch service modules only)
The workaround is to use the session stack-member-number privileged EXEC command. (CSCsz38090)
The workaround is to disable authorization and accounting or to enter the configuration change for one interface at a time. (CSCsg80238, CSCti76748)
These are the Ethernet limitations:
– Ports 3, 4, 7, 8, 11, 12, 15, 16, 19, 20, 23, and 24 of the Catalyst 3750G-24T and 3750G-24TS switches
– Gigabit Ethernet ports on the Cisco EtherSwitch service modules
– Contact the NIC vendor, and get the latest driver for the card.
– Configure the interface for 1000 Mb/s instead of for 10/100 Mb/s.
– Connect the NIC to an interface that is not listed here. (CSCea77032)
For more information, enter CSCea77032 in the Bug Toolkit at this URL:
http://www.cisco.com/cgi-bin/Support/Bugtool/home.pl
If the Cisco EtherSwitch service module is in access mode, the workaround is to enter the spanning-tree portfast interface configuration command on the internal Gigabit Ethernet interface. If the service module is in trunk mode, there is no workaround.
If this happens, uneven traffic distribution will happen on EtherChannel ports.
Changing the load balance distribution method or changing the number of ports in the EtherChannel can resolve this problem. Use any of these workarounds to improve EtherChannel load balancing:
– for random source-ip and dest-ip traffic, configure load balance method as src-dst-ip
– for incrementing source-ip traffic, configure load balance method as src-ip
– for incrementing dest-ip traffic, configure load balance method as dst-ip
– Configure the number of ports in the EtherChannel so that the number is equal to a power of 2 (i.e. 2, 4, or 8)
For example, with load balance configured as dst-ip with 150 distinct incrementing destination IP addresses, and the number of ports in the EtherChannel set to either 2, 4, or 8, load distribution is optimal.(CSCeh81991)
A duplex mismatch occurs when two Fast Ethernet interfaces that are directly connected on two EtherSwitch service modules are configured as both 100 Mb/s and full duplex and as automatic speed and duplex settings. This is expected behavior for the PHY on the Cisco EtherSwitch service modules.
These are the fallback bridging limitations:
This is the Hot Standby Routing Protocol (HSRP) limitation:
When the active switch fails in a switch cluster that uses HSRP redundancy, the new active switch might not contain a full cluster member list. The workaround is to ensure that the ports on the standby cluster members are not in the spanning-tree blocking state. To verify that these ports are not in the blocking state, see the “Configuring STP” chapter in the software configuration guide. (CSCec76893)
These are the IP telephony limitations:
The workaround for networks with pre-standard powered devices is to leave the maximum wattage set at the default value (15.4 W). You can also configure the maximum wattage for the port for no less than the value the powered device reports as the power consumption through CDP messages. For networks with IEEE Class 0, 3, or 4 devices, do not configure the maximum wattage for the port at less than the default 15.4 W (15,400 milliwatts). (CSCee80668)
The workaround is to enter the power inline never interface configuration command on all the Fast Ethernet ports that are not powered by but are connected to IP phones if the problem persists. (CSCef84975, Cisco EtherSwitch service modules only)
The workaround is to enable PoE and to configure the switch to recover from the PoE error-disabled state. (CSCsf32300)
This is the MAC addressing limitation:
(Catalyst 3750 or 3560 switches and Cisco EtherSwitch service modules) When a MAC address is configured for filtering on the internal VLAN of a routed port, incoming packets from the MAC address to the routed port are not dropped. (CSCeb67937)
These are the multicasting limitations:
Multicast is not supported on tunnel interfaces
error message. IP PIM is not supported on tunnel interfaces. There is no workaround. (CSCeb75366)– If the ALLOW_NEW_SOURCE record is before the BLOCK_OLD_SOURCE record, the switch removes the port from the group.
– If the BLOCK_OLD_SOURCE record is before the ALLOW_NEW_SOURCE record, the switch adds the port to the group.
There is no workaround. (CSCec20128)
The switchport block multicast interface configuration command is only applicable to non-IP multicast traffic.
There is no workaround. (CSCee16865)
– You disable IP multicast routing or re-enable it globally on an interface.
– A switch mroute table temporarily runs out of resources and recovers later.
The workaround is to enter the clear ip mroute privileged EXEC command on the interface. (CSCef42436)
After you configure a switch to join a multicast group by entering the ip igmp join-group group-address interface configuration command, the switch does not receive join packets from the client, and the switch port connected to the client is removed from the IGMP snooping forwarding table.
– Cancel membership in the multicast group by using the no ip igmp join-group group-address interface configuration command on an SVI.
– Disable IGMP snooping on the VLAN interface by using the no ip igmp snooping vlan vlan-id global configuration command. (CSCeh90425)
The workaround is to enable IP routing or to disable multicast routing on the switch. You can also use the ip igmp snooping querier global configuration command if IP multicast routing is enabled for queries on a multicast router port. (CSCsc02995)
– The switch belongs to a Layer 2 ring.
– More than 800 Mbps of multicast traffic is sent in both directions on the interface.
When multicast traffic is sent in one direction and unicast traffic is sent in another, unicast traffic is dropped at the multicast traffic source port.
The workaround is to apply a policy map so that the least significant traffic is discarded. (CSCsq83882)
These are the powers limitation for the Cisco EtherSwitch service modules:
There is no workaround. You should use the power inline never interface configuration command on Cisco EtherSwitch service module ports that are not connected to PoE devices. (CSCee71979)
This is not a problem because the display correctly shows the total used power and the remaining power available on the system. (CSCeg74337)
The workaround is to enter the shutdown and the no shutdown interface configuration commands on the Fast Ethernet interface of a new IP phone that is attached to the service module port after the internal link is brought up. (CSCeh45465)
These are the quality of service (QoS) limitations:
These are the routing limitations:
This error message means there is a temporary memory shortage that normally recovers by itself. You can verify that the switch stack has recovered by entering the show cef line user EXEC command and verifying that the line card states are up
and sync
. No workaround is required because the problem is self-correcting. (CSCea71611)
– Port security is enabled with the violation mode set to protected.
– The maximum number of secure addresses is less than the number of switches connected to the port.
– There is a physical loop in the network through a switch whose MAC address has not been secured, and its BPDUs cause a secure violation.
The workaround is to change any one of the listed conditions. (CSCed53633)
These are the SPAN and Remote SPAN (RSPAN) limitations.
This is a hardware limitation and only applies to these switches (CSCdy72835):
– Cisco EtherSwitch service modules
This is a hardware limitation and only applies to these switches (CSCdy81521):
– Cisco EtherSwitch service modules
This is a hardware limitation and only applies to these switches (CSCea72326):
– Cisco EtherSwitch service modules
Decreased egress SPAN rate
. In all cases, normal traffic is not affected; the degradation limits only how much of the original source stream can be egress spanned. If fallback bridging and multicast routing are disabled, egress SPAN is not degraded. There is no workaround. If possible, disable fallback bridging and multicast routing. If possible, use ingress SPAN to observe the same traffic. (CSCeb01216)These are the Catalyst 3750 and Cisco EtherSwitch service module switch stack limitations:
There is no workaround. (CSCed54150)
IP-3-STCKYARPOVR
appears on the consoles of other default IP gateways. Because sticky ARP is not disabled, the MAC address update caused by the stack master re-election cannot complete.The workaround is to complete the MAC address update by entering the clear arp privileged EXEC command. (CSCed62409)
Private VLAN is enabled or disabled on a switch stack, depending on whether or not the stack master is running the IP services image (formerly known as the EMI) or the IP base image (formerly known as the SMI):
– If the stack master is running the IP services image (formerly known as the EMI), all stack members have private VLAN enabled.
– If the stack master is running the IP base image (formerly known as the SMI), all stack members have private VLAN disabled.
This occurs after a stack master re-election when the previous stack master was running the IP services image (formerly known as the EMI) and the new stack master is running the IP base image (formerly known as the SMI). The stack members are configured with private VLAN, but any new switch that joins the stack will have private VLAN disabled.
These are the workarounds. Only one of these is necessary:
– Reload the stack after an IP services image (formerly known as the EMI) to IP base image (formerly known as the SMI) master switch change (or the reverse).
– Before an IP services image (formerly known as the EMI)-to-IP base image (formerly known as the SMI) master switch change, delete the private-VLAN configuration from the existing stack master. (CSCee06802)
This is the expected behavior of the offline configuration (provisioning) feature. There is no workaround. (CSCee12431)
The workaround is to copy the bootable image to the parent directory or first directory. (CSCei69329)
The workaround is to assign a lower path cost to the forwarding port. (CSCsd95246)
This can but does not always occur during link flaps and does not last for more than a few milliseconds. This problem can happen for cross-stack EtherChannels with the mode set to ON or LACP.
There is no workaround. No manual intervention is needed. The problem corrects itself within a short interval after the link flap as all the switches in the stack synchronize with the new load-balance configuration. (CSCse75508)
The workaround is to reboot the new member switch. Use the remote command all show run privileged EXEC command to compare the running configurations of the stack members. (CSCsf31301)
– A supplicant is authenticated on at least one port.
– A new member joins a switch stack.
You can use one of these workarounds:
– Enter the shutdown and the no shutdown interface configuration commands to reset the port.
– Remove and reconfigure the VLAN. (CSCsi26444)
The workaround is to check the flash. If it contains many files, remove the unnecessary ones. Check the lost and found directory in flash and if there are many files, delete them. To check the number of files use the fsck flash: command. (CSCsi69447)
1. You configure a Layer 2 protocol tunnel port on the master switch.
2. You configure a Layer 2 protocol tunnel port on the member switch.
3. You add the port channel to the Layer 2 protocol tunnel port on the master switch.
4. You add the port channel to the Layer 2 protocol tunnel port on the member switch.
After this sequence of steps, the member port might stay suspended.
The workaround is to configure the port on the member switch as a Layer 2 protocol tunnel and at the same time also as a port channel. For example:
The workaround is to enter a shutdown interface configuration command followed by a no shutdown command on the port in the blocked state. (CSCsl64124)
These are the trunking limitations:
These are the VLAN limitations:
The workaround is to reduce the number of VLANs or trunks. (CSCeb31087)
There is no workaround. (CSCed71422)
The workaround is to define another policy-map name for the second-level policy-map with the same configuration to be used for another policy-map. (CSCef47377)
The workaround is to configure the burst interval to more than 1 second. (CSCse06827, Catalyst 3750 switches only)
The workaround is to enter the switchport access vlan dynamic interface configuration command separately on each port. (CSCsi26392)
These are the device manager limitations:
The workaround is to click Yes when you are prompted to accept the certificate. (CSCef45718)
These sections describe the important notes related to this software release for the Catalyst 3750 and3560, and 2960 switches and for the Cisco EtherSwitch service modules:
These notes apply to switch stacks:
These notes apply to Cisco IOS software:
– the no logging on and then the no logging console global configuration commands
– the logging on and then the no logging console global configuration commands
In Cisco IOS Release 12.2(18)SE and later, you can only use the logging on and then the no logging console global configuration commands to disable logging to the console. (CSCec71490)
If this message appears, check that there is network connectivity between the switch and the ACS. You should also check that the switch has been properly configured as an AAA client on the ACS
If this happens, enter the no auto qos voip cisco-phone interface command on all interface with this configuration to delete it. Then enter the auto qos voip cisco-phone command on each of these interfaces to reapply the configuration.
These notes apply to the device manager:
From Microsoft Internet Explorer:
1. Choose Tools > Internet Options.
2. Click Settings in the “Temporary Internet files” area.
3. From the Settings window, choose Automatically.
5. Click OK to exit the Internet Options window.
If you are not using the default method of authentication (the enable password), you need to configure the HTTP server interface with the method of authentication used on the switch
Beginning in privileged EXEC mode, follow these steps to configure the HTTP server interface:
The device manager uses the HTTP protocol (the default is port 80) and the default method of authentication (the enable password) to communicate with the switch through any of its Ethernet ports and to allow switch management from a standard web browser.
If you change the HTTP port, you must include the new port number when you enter the IP address in the browser Location or Address field (for example, http://10.1.126.45:184 where 184 is the new HTTP port number). You should write down the port number through which you are connected. Use care when changing the switch IP information.
Unless otherwise noted, these severity 3 Cisco IOS configuration caveats apply to the Catalyst 3750 and 3560, and 2960 switches and to Cisco EtherSwitch service modules:
When connected to the router through an auxiliary port in a session to a Cisco EtherSwitch service module, the service module session fails when you enter the shutdown and the no shutdown interface configuration commands on the service module router interface.
– Connect to the router through the console port, and open a session to the service module.
When the router is rebooted after it is powered on (approximately once in 10 to 15 reboots), the Router Blade Communication Protocol (RBCP) between the router and the EtherSwitch service module might not be reestablished, and this message appears:
The workaround is to reload the EtherSwitch service module software without rebooting the router. You can reload the switching software by using the reload user EXEC command at the EtherSwitch service module prompt or by using the service-module g slot_numer /0 reset privileged EXEC command at the router prompt.
When a port is configured for single host mode, and the re-authentication timer value is less than 100, if the access control server (ACS) is configured with a per-user access control list (ACL), multiple changes to the stack master might cause the display of empty access-lists for the port.
The workaround is to enter a shutdown and then a no shutdown interface configuration command on the interface.
When a switch stack is running 802.1x single host mode authentication and has filter-ID or per-user policy maps applied to an interface, these policies are removed if a master switchover occurs. Even though the output from the show ip access-list privileged EXEC command includes these ACLs, the policies are not applied.
The workaround it to enter a shutdown and then a no shutdown interface configuration command on the interface.
When you configure an ACL and enter the access-group interface configuration command to apply it to an interface for web authentication, the output from the show epm session ip-address or show ip access_list interface interface-id privileged EXEC command does not show any web authentication filter ID.
If you insert a XENPAK module in the switch module slot, the slot LED turns green before you connect the cable.
SNMP requests on the stpxRSTPPortRoleTable object only return information for the stack master.
On switches running Cisco IOS release 12.2(50)SE3 running MAC authentication bypass with multidomain authentication (MDA, IP phones connected to a port might not be able to regain network connectivity in the VOICE domain if the session times out and all RADIUS servers are unreachable.
EnergyWise is enabled and you use the energywise level level recurrence importance importance at minute hour day_of_month month day_of_week interface configuration command to configure a recurring event on a switch. After the time changes from daylight savings time to standard time, the switch might
– Restart when it tries to power a PoE device
– Power on or off the PoE device at an incorrect time
This occurs when the time change for the next year occurs after the time change for the current year.
Before the time change occurs, use one of these workarounds:
– Remove the recurring events from the EnergyWise configuration, do not use recurring events for a week, and reconfigure them a week after the time change occurs.
– Use the energywise level level recurrence importance importance time-range time-range-nam e interface configuration command to reschedule the events.
– Use the power inline auto interface configuration command to power on the PoE port.
A switch that has at least one trunk port configured might fail when you configure more than 950 VLANS by using the vlan vlan-id global configuration command.
When you add 4000 VLAN instances to a Cisco Catalyst 2960 switch that functions as a VLAN Trunking Protocol version 3 (VTPv3) server, memory fragmentation can occur and cause the switch to fail.
Workaround: Do not configure more than 255 VLANs on a Cisco Catalyst 2960 switch that functions as a VTPv3 server.
When you configure more than one EnergyWise domain in a Layer 2 broadcast domain, IP connectivity to the switch might be lost, high CPU usage might occur on the switch, and a broadcast storm might occur in the subnet.
The workaround is to configure only a single EnergyWise domain in the Layer 2 broadcast domain.
Orchestrator shows a previously discovered stack as ‘not checking in’ and discovers a new previously unseen stack. This condition occurs when you remove the master of a switch stack, causing the remaining stack members to elect a new stack master, and, in turn, causing the EnergyWise IDs to change.
A switch fails when you enter the energywise level 10 interface configuration command on a Power-over-Ethernet (PoE) port.
When a device is connected to a Fast Ethernet port on a Cisco EtherSwitch service module that is running Cisco IOS Release 12.2(53)SE or later, the port flaps and then changes to error-disabled.
The workaround is to enter the power inline never interface configuration command.
On a switch running Cisco IOS Release 12.2(35)SE or later, connectivity issues might occur with these messages:
The CISCO-RTTMON-MIB is not correctly implemented in this release.
On a switch running Cisco IOS release 12.2(46)SE, the output of the show interfaces privileged EXEC command shows 0 packets for port channel input and output rates.
The workaround is to reload the switch by entering the reload privileged EXEC command.
A switch can fail when an SNMP process attempts to configure dot1x authentication when it is already configured.
On switches running Cisco IOS Release 12.2(50)SE3 running MAC authentication bypass with multidomain authentication (MDA), IP phones connected to a port might not be able to regain network connectivity in the VOICE domain if the session times out and all RADIUS servers are unreachable.
The output of the show inventory user EXEC command sometimes does not display all of the connected SFP modules. The EntitityMIB does not report these SFP modules.
This occurs intermittently on the 3560-48TS, C3560-48PS, and C3560G-48PS switches. There is no workaround.
A switch does not receive SNMP trap and inform messages from the correct interface after you have entered the snmp-server trap-source loopback0 and snmp-server source-interface informs loopback0 global configuration commands.
If you configure EnergyWise on a member switch and then restart it by entering the reload slot stack-member-number privileged EXEC command, the EnergyWise configuration is removed from the switch.
The workaround is to save the switch configuration by using the copy running-configuration startup-configuration privileged EXEC command and then restart the switch stack.
When the no mac address-table static mac-addr vlan vlan-id interface interface-id global configuration command is used to remove a dynamically learned MAC address, the switch fails under these conditions:
– The physical interface is in a no shut state.
– The MAC address is first dynamically learned and then changed to static.
Modifying a prefix list that is configured as an inbound or outbound distribute-list causes the EIGRP peer to resynchronize.
Traffic received on a member interface of a cross-stack EtherChannel is dropped from a switch stack. This intermittently occurred in previous releases after a stack reloaded.
An IP phone loses network connectivity under these conditions:
– The IP phone is authenticated by MAB (in Open1x mode) on a supplicant switch.
– The supplicant switch is connected to an authenticator switch through the NEAT protocol.
A call is placed using the IP phone. After approximately 5 minutes, network connectivity to the phone is lost.
The workaround is to statically configure the MAC address of the IP phone on the authenticator switch.
After you have entered the snmp-server host informs global configuration command to enable SNMP informs on a switch, the switch might fail if you enter the show snmp pending user EXEC command.
There is no workaround. Do not enter the show command when SNMP informs are enabled.
After you have entered the speed nonegotiate interface configuration command and restarted a switch that is running Cisco IOS Release 12.2(52)SE, UniDirectional Link Detection (UDLD) can enter an unknown state on a dual-purpose port with a Serial Gigabit Media Independent Interface (SGMII) connection.
These switches could be affected:
Workaround: Enter the no speed interface configuration command, enter the shutdown interface configuration command, and then enter the no shutdown interface configuration command.
When you enter the no ip ftp passive global configuration command to allow all types of FTP connections on a switch running Cisco IOS Release 12.2(52)SE or 12.2(53)SE, FTP sessions could disable Telnet or console connections. Then you can no longer use the vty.
Workaround: When you cannot use the vty, restart the switch. To prevent FTP sessions from disabling Telnet or console connections, enter the ip ftp passive global configuration command.
A switch that runs Cisco IOS Release 12.2(53)SE can fail when you enable dot1x authentication.
On a switch that is configured for IP routing and that is running Cisco IOS Release 12.2(50)SE or later, Cisco Express Forwarding (CEF) can use a large amount of memory. The IP RIB Update process uses about 2000 bytes for each prefix that CEF uses.
There is no workaround. You can reduce the memory use by reducing the number of routes the switch processes.
After upgrading from Cisco IOS 12.2(52)SE to Cisco IOS 12.2(53)SE, EIGRP hello packets are flooded on access ports of other subnets. This also occurs when pings are sent to the broadcast address of other subnets.
The Network Time Protocol (NTP) might not synchronize when the switch is configured as an NTP client. These are the two possible workarounds:
– Enter the no ntp global configuration command twice.
– Reconfigure NTP on the port. For more information, see the “Configuring NTP” section of the “Administering the Switch” chapter in the software configuration guide.
On switches running Cisco IOS release 12.2(35)SE or later, connectivity issues might occur with these messages:
On a switch running Cisco IOS release 12.2(46)SE, the output of the show interfaces privileged EXEC command shows 0 packets for port channel input and output rates.
The workaround is to reload the switch by entering the reload privileged EXEC command.
A Catalyst 3750V2 or Catalyst 3560V2 switch does not supply inline power to PoE devices when the switch is cold-booted from RPS DC power, that is after you disconnect all power to the switch and then reconnect RPS power.
This problem is seen only on Catalyst 3560V2 or 3750V2 switches, not on non-V2 switches.
The workaround is to configure a soft reload of the switch by entering the reload privileged EXEC command. This causes the inline power to work, even when the RPS is the only source of power.
On switches running Cisco IOS Release 12.2(50)SE3 running MAC authentication bypass with multidomain authentication (MDA), IP phones connected to a port might not be able to regain network connectivity in the VOICE domain if the session times out and all RADIUS servers are unreachable.
The output of the show inventory user EXEC command sometimes does not display all of the connected SFP modules. The EntitityMIB does not report these SFP modules.
This occurs intermittently on the 3560-48TS, C3560-48PS, and C3560G-48PS switches. There is no workaround.
If IEEE 802.1Q native VLAN tagging is enabled on a switch, PDUs sent from an EtherChannel in LACP mode are tagged.
When a BPDU guard is globally enabled on a switch and the access VLAN is a VLAN other than VLAN 1, BPDU guard does not run on a multiple VLAN access port.
The workaround is to enable BPDU guard on the port.
When the no mac address-table static mac-addr vlan vlan-id interface interface-id global configuration command is used to remove a dynamically learned MAC address, the switch fails under these conditions:
– The physical interface is in a no shut state.
– The MAC address is first dynamically learned and then changed to static.
When 24 phones connected to PoE ports start at the same time, LLDP for power management fails.
The workaround is to start the phones one at a time. This might not work after a power outage or other power failure event.
An IP phone loses network connectivity under these conditions:
– The IP phone is authenticated by MAB (in Open1x mode) on a supplicant switch.
– The supplicant switch is connected to an authenticator switch through the NEAT protocol.
A call is placed using the IP phone. After approximately 5 minutes, network connectivity to the phone is lost.
The workaround is to statically configure the MAC address of the IP phone on the authenticator switch.
After you have entered the snmp-server host informs global configuration command to enable SNMP informs on a switch, the switch might fail if you enter the show snmp pending user EXEC command.
There is no workaround. Do not enter the show command when SNMP informs are enabled.
Beginning with Cisco IOS Release 12.2(35)SE5, these commands are supported and should be removed from this appendix:
Beginning with Cisco IOS Release 12.2(40)SE, this IP multicast routing command is supported and should be removed from this appendix:
To configure VRF-Aware RADIUS, you must first enable AAA on a RADIUS server. This release supports the ip vrf forwarding vrf-name server-group configuration and the ip radius source-interface global configuration commands, as described in the Per VRF AAA Feature Guide at this URL:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftvrfaaa.html
RPS support through the Cisco Redundant Power System 2300, also referred to as the RPS 2300, for enhancing power reliability, configuring and managing the redundant power system. For more information about the RPS 2300, see the Cisco Redundant Power System 2300 Hardware Installation Guide that shipped with the device and that is also on Cisco.com.
– The RPS name is a 16-character-maximum string.
– On a Catalyst 3560V2 or a standalone Catalyst 3750V2 switch, the RPS name applies to the connected RPS 2300.
– In a switch stack, the RPS name applies to the RPS ports connected to the specified switch.
– If you do not want the RPS 2300 to provide power to a switch, but do not want to disconnect the cable between the switch and the RPS 2300, use the power rps switch-number port rps-port-id mode standby user EXEC command.
– You can configure the priority of an RPS 2300 port from 1 to 6. A value of 1 assigns highest priority to a port and its connected device. A value of 6 assigns lowest priority to a port and its connected device.
– If multiple switches connected to the RPS 2300 need power, the RPS 2300 powers those with the highest priority. It applies any other available power to the lower-priority switches.
To return to the default name setting (no configured name), use the power rps switch-number port rps-port-id name user EXEC command with no space between the quotation marks.
To return to the default port mode, use the power rps switch-number port rps-port-id active command.
To return to the default port priority, use the power rps switch-number port rps-port-id priority command.
For more information about using the power rps user EXEC command, see the command reference for this release.
In the “Show Commands for Interfaces” table, the show env rps privileged EXEC command shows any connected redundant power system (RPS).
– Catalyst 3750-E or 3560-E switch—Only the Cisco Redundant Power System 2300, also referred to as the RPS 2300.
– Catalyst 3750V2 or 3560V2 switch—Only the RPS 2300.
– Catalyst 3750, 3560 switches—RPS 2300 or Cisco RPS 675 Redundant Power System, also referred to as the RPS 675.
This section was added to the “Configuring IEEE 802.1x Port-Based Authentication” chapter of all the software configuration guides:
Authentication manager uses a single session ID (referred to as a common session ID) for a client no matter which authentication method is used. This ID is used for all reporting purposes, such as the show commands and MIBs. The session ID appears with all per-session syslog messages.
This example shows how the session ID appears in the output of the show authentication command. The session ID in this example is 160000050000000B288508E5:
This is an example of how the session ID appears in the syslog output. The session ID in this example is also160000050000000B288508E5:
The session ID is used by the NAD, the AAA server, and other report-analyzing applications to identify the client. The ID appears automatically. No configuration is required.
This guideline was added to the “802.1x Authentication” section of the “Configuring IEEE 802.1x Port-Based Authentication” chapter.
Note Only Catalyst 3750, 3560, and 2960 switches support CDP bypass. The Catalyst 3750-E and 3560-E switches do not support CDP bypass.
This guideline was added to the “MSTP Configuration Guidelines” section of the “Configuring MSTP” chapter:
The “Configuring TelePresence E911 IP Phone Support” chapter was added to the Catalyst 3750 and 3560 software configuration guides.
You can use a Cisco IP phone as a user interface in a Cisco TelePresence System. See in Figure 1. In this configuration, the IP phone must always be on and available for emergency calls. If the power to the codec in the Cisco TelePresence System fails, is disrupted or if the codec fails, the IP phone is not available.
Figure 1 Phone-Codec-Switch Connection
Use the TelePresence E911 IP phone support feature to ensure that the IP phone is always on and available for emergency calls. When a CDP-enabled IP phone is connected to the codec through a switch, you can configure the switch to forward CDP packets from the IP phone only to the codec in the Cisco TelePresence System. The switch adds ingress-egress port pairs to the CDP forwarding table. An ingress-egress port pair is a one-to-one mapping between an ingress switch port connected to the IP phone and an egress switch port connected to the codec.
The IP phone and the codec communicate through the IP network. If power to the codec fails, is disrupted or if the codec fails, the IP phone is still connected to the IP network and is available for emergency calls.
The switch forwards all CDP packets received on the ingress port to the egress port. If multiple IP phones are connected to the codec through a single port on the switch, only one phone communicates with it through the IP network. This phone is usually the one that sent the first CDP packet received by the codec.
Figure 2 Phone-Switch-Codec Connection
Beginning in privileged EXEC mode:
These command were added to the Catalyst 3750 and 3560 command references:
To specify the ingress and egress switch ports for CDP traffic, use the cdp forward global configuration command. To return to the default setting, use the no form of this command.
You must use only CDP-enabled phones with TelePresence E911 IP phone support.
You can connect the IP phone and codec in the Cisco TelePresence System through any two ports in a switch stack.
To display the CDP forwarding table, use the show cdp forward user EXEC command.
show cdp forward [ entry | forward | interface interface-id | neighbor | traffic ] [ | { begin | exclude | include } expression ]
The show cdp forward command output shows the number of CDP packets forwarded on each ingress-port- to-egress-port mapping and the statistics for forwarded and dropped packets.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
These messages were added to all of the system message guides:
Error Message DOT1X-4-MEM_UNAVAIL: Memory was not available to perform the 802.1X action. AuditSessionID [chars]Explanation The system memory is not sufficient to perform the IEEE 802.1x authentication. [chars] is the session ID.
Recommended Action Reduce other system activity to reduce memory demands.
Error Message DOT1X-5-FAIL: Authentication failed for client ([chars]) on Interface [chars] AuditSessionID [chars]Explanation The authentication was unsuccessful. The first [chars] is the client ID, the second [chars] is the interface, and the third [chars] is the session ID.
Recommended Action No action is required.
Error Message %DOT1X-5-RESULT_OVERRIDE: Authentication result overridden for client ([chars]) on Interface [chars] AuditSessionID [chars]Recommended Action The authentication result was overridden. The first [chars] is the client ID, the second [chars] is the interface, and the third [chars] is the session ID.
Explanation No action is required.
Error Message DOT1X-5-SUCCESS: Authentication successful for client ([chars]) on Interface [chars] AuditSessionID [chars]Explanation Authentication was successful. The first [chars] is the client ID, the second [chars] is the interface, and the third [chars] is the session ID.
Recommended Action No action is required.
Error Message DOT1X_SWITCH-5-ERR_ADDING_ADDRESS: Unable to add address [enet] on [chars] AuditSessionID [chars]Explanation The client MAC address could not be added to the MAC address table because the hardware memory is full or the address is a secure address on another port. This message might appear if IEEE 802.1x is enabled. [enet] is the client MAC address, the first [chars] is the interface, and the second [chars] is the session ID.
Recommended Action If the hardware memory is full, remove some of the dynamic MAC addresses. If the client address is on another port, remove it from that port.
Note This messages applies to switches running the IP base image.
Explanation An attempt was made to assign a primary VLAN to an IEEE 802.1x port, which is not allowed. [dec] is the VLAN, the first [chars] is the port, and the second [chars] is the session ID.
Recommended Action Use a different VLAN.
Note This messages applies to switches running the IP base image.
Explanation An attempt was made to assign a nonsecondary VLAN to a private VLAN host IEEE 802.1x port. [dec] is the VLAN, the first [chars] is the port, and the second [chars] is the session ID.
Recommended Action Change the mode of the port so that it is no longer a PVLAN host port or use a valid secondary VLAN.
Note This messages applies to switches running the IP base image.
Explanation An attempt was made to assign a private VLAN whose primary VLAN does not exist or is shut down. [dec] is the VLAN, the first [chars] is the port, and the second [chars] is the session ID.
Recommended Action Make sure the primary VLAN exists and is not shut down. Verify that the private VLAN is associated with a primary VLAN.
Note This messages applies to switches running the IP base image.
Explanation An attempt was made to assign a secondary VLAN to a port that is not a private VLAN host port, which is not allowed. [dec] is the VLAN, the first [chars] is the port, and the second [chars] is the session ID.
Recommended Action Change the mode of the port so that it is configured as a private VLAN host port, or use a different VLAN that is not configured as a secondary VLAN.
Error Message DOT1X_SWITCH-5-ERR_SPAN_DST_PORT: Attempt to assign VLAN [dec] to 802.1x port [chars], which is configured as a SPAN destination AuditSessionID [chars]Explanation An attempt was made to assign a VLAN to an IEEE 802.1x port that is configured as a Switched Port Analyzer (SPAN) destination port. [dec] is the VLAN, the first [chars] is the port, and the second [chars] is the session ID.
Recommended Action Change the SPAN configuration so that the port is no longer a SPAN destination port, or change the configuration so that no VLAN is assigned.
Error Message DOT1X_SWITCH-5-ERR_VLAN_EQ_MDA_INACTIVE: Multi-Domain Authentication cannot activate because Data and Voice VLANs are the same on port AuditSessionID [chars]Explanation Multi-Domain Authentication (MDA) host mode cannot start if the configured data VLAN on a port is the same as the voice VLAN. [chars] is the port session ID.
Recommended Action Change either the voice VLAN or the access VLAN on the interface so that they are not the same. MDA then starts.
Error Message DOT1X_SWITCH-5-ERR_VLAN_EQ_VVLAN: Data VLAN [dec] on port [chars] cannot be equivalent to the Voice VLAN AuditSessionID [chars]Explanation An attempt was made to assign a data VLAN to an IEEE 802.1x port that is the same as the voice VLAN. [dec] is the VLAN, the first [chars] is the port, and the second [chars] is the session ID.
Recommended Action Change either the voice VLAN or the IEEE 802.1x-assigned VLAN on the interface so that they are not the same.
Error Message DOT1X_SWITCH-5-ERR_VLAN_INTERNAL: Attempt to assign internal VLAN [dec] to 802.1x port [chars] AuditSessionID [chars]Explanation An attempt was made to assign an invalid VLAN to an IEEE 802.1x port. The VLAN specified is used internally and cannot be assigned to this port. [dec] is the VLAN, the first [chars] is the port, and the second [chars] is the session ID.
Explanation Assign a different VLAN.
Error Message DOT1X_SWITCH-5-ERR_VLAN_INVALID: Attempt to assign invalid VLAN [dec] to 802.1x port [chars] AuditSessionID [chars]Explanation An attempt was made to assign an invalid VLAN to an IEEE 802.1x port. The VLAN specified is out of range. [dec] is the VLAN, the first [chars] is the port, and the second [chars] is the session ID.
Recommended Action Update the configuration to use a valid VLAN.
Error Message DOT1X_SWITCH-5-ERR_VLAN_NOT_FOUND: Attempt to assign non-existent or shutdown VLAN [chars] to 802.1x port [chars] AuditSessionID [chars]Explanation An attempt was made to assign a VLAN to an IEEE 802.1x port, but the VLAN was not found in the VLAN Trunking Protocol (VTP) database. [dec] is the VLAN, the first [chars] is the port, and the second [chars] is the session ID.
Recommended Action Make sure the VLAN exists and is not shutdown or use another VLAN.
These messages were deleted from all of the system message guides:
Error Message DOT1X-4-MEM_UNAVAIL: Memory was not available to perform the 802.1X action.Explanation The system memory is not sufficient to perform the IEEE 802.1x authentication.
Recommended Action Reduce other system activity to reduce memory demands.
Error Message DOT1X-5-SUCCESS: Authentication successful for client ([chars]) on Interface [chars]Explanation Authentication was successful. [chars] is the interface.
Recommended Action No action is required.
Error Message DOT1X_SWITCH-5-ERR_ADDING_ADDRESS: Unable to add address [enet] on [chars]Explanation The client MAC address could not be added to the MAC address table because the hardware memory is full or the address is a secure address on another port. This message might appear if IEEE 802.1x is enabled. [enet] is the client MAC address, and [chars] is the interface.
Recommended Action If the hardware memory is full, remove some of the dynamic MAC addresses. If the client address is on another port, remove it from that port.
Note This messages applies to switches running the IP base image.
Explanation An attempt was made to assign a primary VLAN to an IEEE 802.1x port, which is not allowed. [dec] is the VLAN, and [chars] is the port.
Recommended Action Use a different VLAN.
Note This messages applies to switches running the IP base image.
Explanation An attempt was made to assign a nonsecondary VLAN to a private VLAN host IEEE 802.1x port. [dec] is the VLAN, and [chars] is the port.
Recommended Action Change the mode of the port so that it is no longer a private VLAN host port, or use a valid secondary VLAN.
Note This messages applies to switches running the IP base image.
Explanation An attempt was made to assign a private VLAN whose primary VLAN does not exist or is shut down. [dec] is the VLAN, and [chars] is the port.
Recommended Action Make sure the primary VLAN exists and is not shut down. Verify that the private VLAN is associated with a primary VLAN.
Note This messages applies to switches running the IP base image.
Explanation An attempt was made to assign a secondary VLAN to a port that is not a private VLAN host port, which is not allowed. [dec] is the VLAN, and [chars] is the port.
Recommended Action Change the mode of the port so that it is configured as a private VLAN host port, or use a different VLAN that is not configured as a secondary VLAN.
Error Message DOT1X_SWITCH-5-ERR_SPAN_DST_PORT: Attempt to assign VLAN [dec] to 802.1x port [chars], which is configured as a SPAN destinationExplanation An attempt was made to assign a VLAN to an IEEE 802.1x port that is configured as a Switched Port Analyzer (SPAN) destination port. [dec] is the VLAN, and [chars] is the port.
Recommended Action Change the SPAN configuration so that the port is no longer a SPAN destination port, or change the configuration so that no VLAN is assigned.
Error Message DOT1X_SWITCH-5-ERR_VLAN_EQ_MDA_INACTIVE: Multi-Domain Authentication cannot activate because Data and Voice VLANs are the same on port [chars]Recommended Action Multi-Domain Authentication (MDA) host mode cannot start if the configured data VLAN on a port is the same as the voice VLAN. [chars] is the port.
Recommended Action Change either the voice VLAN or the access VLAN on the interface so that they are not the same. MDA then starts.
Error Message DOT1X_SWITCH-5-ERR_VLAN_EQ_VVLAN: Data VLAN [dec] on port [chars] cannot be equivalent to the Voice VLAN.Explanation An attempt was made to assign a data VLAN to an IEEE 802.1x port that is the same as the voice VLAN. [dec] is the VLAN, and [chars] is the port.
Recommended Action Change either the voice VLAN or the IEEE 802.1x-assigned VLAN on the interface so that they are not the same.
Error Message DOT1X_SWITCH-5-ERR_VLAN_INTERNAL: Attempt to assign internal VLAN [dec] to 802.1x port [chars]Explanation An attempt was made to assign an invalid VLAN to an IEEE 802.1x port. The VLAN specified is used internally and cannot be assigned to this port. [dec] is the VLAN, and [chars] is the port.
Recommended Action Assign a different VLAN.
Error Message DOT1X_SWITCH-5-ERR_VLAN_INVALID: Attempt to assign invalid VLAN [dec] to 802.1x port [chars]Explanation An attempt was made to assign an invalid VLAN to an IEEE 802.1x port. The VLAN specified is out of range. [dec] is the VLAN, and [chars] is the port.
Recommended Action Update the configuration to use a valid VLAN.
Error Message DOT1X_SWITCH-5-ERR_VLAN_NOT_FOUND: Attempt to assign non-existent or shutdown VLAN [dec] to 802.1x port [chars]Explanation An attempt was made to assign a VLAN to an IEEE 802.1x port, but the VLAN was not found in the VLAN Trunking Protocol (VTP) database. [dec] is the VLAN, and [chars] is the port.
Recommended Action Make sure that the VLAN exists and is not shut down, or use another VLAN.
Error Message DOT1X_SWITCH-5-ERR_VLAN_ON_ROUTED_PORT: Dot1x cannot assign a VLAN [dec] to a routed port [chars]Explanation An attempt was made to assign a VLAN to a supplicant on a routed port, which is not allowed. [dec] is the VLAN ID and [chars] is the port.
Recommended Action Either disable the VLAN assignment, or change the port type to a nonrouted port.
Error Message DOT1X_SWITCH-5-ERR_VLAN_PROMISC_PORT: Attempt to assign VLAN [dec] to promiscuous 802.1x port [chars]Explanation An attempt was made to assign a VLAN to a promiscuous IEEE 802.1x port, which is not allowed. [dec] is the VLAN, and [chars] is the port.
Recommended Action Change the port mode so that it is no longer a promiscuous port, or change the configuration so that no VLAN is assigned.
Error Message DOT1X_SWITCH-5-ERR_VLAN_RESERVED: Attempt to assign reserved VLAN [dec] to 802.1x port [chars]Explanation An attempt was made to assign an invalid VLAN to an IEEE 802.1x port. The VLAN specified is a reserved VLAN and cannot be assigned to this port. [dec] is the VLAN, and [chars] is the port.
Recommended Action Assign a different VLAN.
Error Message DOT1X_SWITCH-5-ERR_VLAN_RSPAN: Attempt to assign RSPAN VLAN [dec] to 802.1x port [chars]. 802.1x is incompatible with RSPANExplanation This message means that remote SPAN should not be enabled on a VLAN with IEEE 802.1x-enabled. [dec] is the VLAN, and [chars] is the port.
Recommended Action Either disable remote SPAN configuration on the VLAN, or disable IEEE 802.1x on all the ports in this VLAN.
Error Message SW_VLAN-4-VTP_USER_NOTIFICATION: VTP protocol user notification: [chars].Explanation This message means that the VTP code encountered an unusual diagnostic situation. [chars] is a description of the situation.
Recommended Action Find out more about the error by using the s how tech-support privileged EXEC command. Copy the message exactly as it appears on the console or in the system log. Research and attempt to resolve the error by using the Output Interpreter. Use the Bug Toolkit to look for similar reported problems. If you still require assistance, open a case with the TAC, or contact your Cisco technical support representative, and provide the representative with the gathered information.
Cisco Ethernet Switches are equipped with cooling mechanisms, such as fans and blowers. However, these fans and blowers can draw dust and other particles, causing contaminant buildup inside the chassis, which can result in a system malfunction.
You must install this equipment in an environment as free as possible from dust and foreign conductive material (such as metal flakes from construction activities).
These standards provide guidelines for acceptable working environments and acceptable levels of suspended particulate matter:
– Network Equipment Building Systems (NEBS) GR-63-CORE
– National Electrical Manufacturers Association (NEMA) Type 1
– International Electrotechnical Commission (IEC) IP-20
This applies to all Cisco Ethernet switches except for these compact models:
– Catalyst 3560-8PC switch—8 10/100 PoE ports and 1 dual-purpose port (one 10/100/1000BASE-T copper port and one SFP module slot)
– Catalyst 2960-8TC switch—8 10/100BASE-T Ethernet ports and 1 dual-purpose port (one 10/100/1000BASE-T copper port and one SFP module slot)
– Catalyst 2960G-8TC switch—7 10/100/100BASE-T Ethernet ports and 1 dual-purpose port (one 10/100/1000BASE-T copper port and one SFP module slot)
This update is for the “Overview” chapter. These PoE switches were added:
Note The PoE sections in the hardware guide also apply to these switches, even though they are not listed in the hardware guide.
This update is for the “Technical Specifications” chapter.
100 to 240 VAC (autoranging) |
|
+ 12 V @11.25 A, –48 V @ 7.8 A (Catalyst 2960-24PC-S) |
|
Power consumption15 |
100 W, 341 BTUs per hour (Catalyst 2960-24PC-S) |
0.470 KVA (Catalyst 2960-24PC-S) |
|
15.4 W-per-port maximum, 370-W switch maximum (Catalyst 2960-48PST-S and |
|
12 lb (5.44 kg) (Catalyst 2960-24PC-S) |
|
When you launch Express Setup, you are prompted for the switch password. Enter the default password, cisco. The switch ignores text in the username field. Before you complete and exit Express Setup, you must change the password from the default password, cisco.
This correction is for the “Shipping Box Contents” section of localized versions of the getting started guide (for the 24- and 48-port switches).
The console cable is optional and is not included in the box. It is orderable.
This warning applies to the Catalyst 2960 24- and 48-port switches:
These documents provide complete information about the Catalyst 3750 and3560, and 2960 switches and the Cisco EtherSwitch service modules and are available at Cisco.com:
These documents provide complete information about the Catalyst 3750 switches and the Cisco EtherSwitch service modules:
These documents provide complete information about the Catalyst 3750G Integrated Wireless LAN Controller Switch and the integrated wireless LAN controller and are available at cisco.com:
These documents provide complete information about the Catalyst 3560 switches:
These documents provide complete information about the Catalyst 2960 switches and are available on Cisco.com:
For other information about related products, see these documents:
SFP compatibility matrix documents are available from this Cisco.com site:
http://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list
.html
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentationt:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.