Table of Contents
The Catalyst 3750-X switch supports stacking through Cisco StackWise Plus technology and also supports StackPower. The Catalyst 3560-X switches and the Cisco enhanced EtherSwitch service modules do not support switch stacking.
For more information, see the Deciding Which Files to Use and the “Caveats Resolved in Cisco IOS Release 15.2(2)E” section.
These release notes include important information about Cisco IOS release 15.2(2)E, and later and any limitations, restrictions, and caveats that apply to it. Verify that these release notes are correct for your switch:
- If you are installing a new switch, see the Cisco IOS release label on the rear panel of your switch.
- If your switch is on, use the show version privileged EXEC command. See the “Finding the Software Version and Feature Set” section.
- If you are upgrading to a new release, see the software upgrade filename for the software version. See the “Deciding Which Files to Use” section.
You can download the switch software from this site (registered Cisco.com users with a login password):
- “Supported Hardware” section
- “Device Manager System Requirements” section
- “Cluster Compatibility” section
- “CNA Compatibility” section
24 10/100/1000 PoE+1 ports, StackWise Plus, 1 network module slot, 715 W power supply; LAN Base feature set
Note For a complete list of supported SFP modules, see the hardware installation guide or the data sheets at:
Only version 02 (or later) of the CX15 cables are supported:
SFP module patch cable6
233 MHz minimum7
- Windows 2000, XP, Vista, and Windows Server 2003.
- When you create a switch cluster, we recommend configuring the highest-end switch in your cluster as the command switch.
- If you are managing the cluster through Network Assistant, the switch with the latest software should be the command switch.
- The standby command switch must be the same type as the command switch. For example, if the command switch is a Catalyst 3750-X switch, all standby command switches must be Catalyst 3750-X switches.
For additional information about clustering, see Getting Started with Cisco Network Assistant , Release Notes for Cisco Network Assistant, the Cisco enhanced EtherSwitch service module documentation, the software configuration guide, and the command reference.
Cisco IOS 15.2(2)E will be supported in a future release of the Cisco Network Assistant. Cisco IOS 12.2(35)SE2 and later is compatible only with Cisco Network Assistant 5.0 and later. You can download Cisco Network Assistant from this URL:
- “Finding the Software Version and Feature Set” section
- “Deciding Which Files to Use” section
- “Archiving Software Images” section
- “Upgrading a Switch by Using the Device Manager or Network Assistant” section
- “Upgrading a Switch by Using the CLI” section
- “Recovering from a Software Failure” section
The Cisco IOS image is stored as a bin file in a directory that is named with the Cisco IOS release. A subdirectory contains the files needed for web management. The image is stored on the system board flash device (flash:).
Note Although the show version output always shows the software image running on the switch, the model name shown at the end of this display is the factory configuration and does not change if you upgrade the software license.
If you have a service support contract and order a software license or if you order a switch, you receive the universal software image and a specific software license. If you do not have a service support contract, such as a SMARTnet contract, download the IP base image from Cisco.com. For Catalyst 3750-X and 3560-X switches, this image has the IP base and LAN base feature sets.
The switches running the universal software images can use permanent and temporary software licenses. See the “Cisco IOS Software Activation Conceptual Overview” chapter in the Cisco IOS Software Activation Configuration Guide :
Catalyst 3750-X and 3560-X switches running payload-encryption images can encrypt management and data traffic. Switches running nonpayload-encryption images can encrypt only management traffic, such as a Secure Shell (SSH) management session.
- Management traffic is encrypted when SSH, Secure Socket Layer (SSL), Simple Network Management Protocol (SNMP), and other cryptographic-capable applications or protocols are enabled.
- Data traffic is encrypted when MACsec is enabled.
For more information about Catalyst 3750-X and 3560-X software licenses and available images, see the Cisco IOS Software Installation Document on Cisco.com:
The upgrade procedures in these release notes describe how to perform the upgrade by using a combined tar file. This file contains the Cisco IOS image file and the files needed for the embedded device manager. You must use the combined tar file to upgrade the switch through the device manager. To upgrade the switch through the command-line interface (CLI), use the tar file and the archive download-sw privileged EXEC command.
Before upgrading your switch software, make sure that you have archived copies of the current Cisco IOS release and the Cisco IOS release from which you are upgrading. You should keep these archived images until you have upgraded all devices in the network to the new Cisco IOS image and until you have verified that the new Cisco IOS image works properly in your network.
Cisco routinely removes old Cisco IOS versions from Cisco.com. See Product Bulletin 2863 for more information:
Note Although you can copy any file on the flash memory to the TFTP server, it is time-consuming to copy all of the HTML files in the tar file. We recommend that you download the tar file from Cisco.com and archive it on an internal host in your network.
You can also configure the switch as a TFTP server to copy files from one switch to another without using an external TFTP server by using the tftp-server global configuration command. For more information about the tftp-server command, see the “Basic File Transfer Services Commands” section of the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 :
This procedure is for copying the combined tar file to the switch. You copy the file to the switch from a TFTP server and extract the files. You can download an image file and replace or keep the current image.
Step 1 Use Table 3 to identify the file that you want to download.
a. If you are a registered customer, go to this URL and log in:
e. Download the image you identified in Step 1.
Step 6 Download the image file from the TFTP server to the switch. If you are installing the same version of software that is currently on the switch, overwrite the current image by entering this privileged EXEC command:
- The Express Setup program , as described in the switch getting started guide.
- The CLI-based setup program, as described in the switch hardware installation guide.
- The DHCP-based autoconfiguration, as described in the switch software configuration guide.
- Manually assigning an IP address, as described in the switch software configuration guide.
(Catalyst 3750-X and 3560-X | LAN Lite, LAN Base, IP Lite, IP Base, IP Services, IP Enterprise Services) Switch based agent support for zero touch automated device installation solution called NG-PNP.
(Catalyst 3750-X and 3560-X | LAN Base, IP Lite, IP Base, IP Services, IP Enterprise Services) Ensures that the Network Device Admission Control (NDAC)-authenticated 802.1X links between Cisco TrustSec devices are in open state even when the Authentication, Authorization, and Accounting (AAA) server is not reachable.
(Catalyst 3750-X and 3560-X | LAN Base, IP Lite, IP Base, IP Services, and IP Enterprise Services) Enhances the functionality of Cisco TrustSec with SXP version 4 by adding support for Security Group Tag (SGT) Exchange Protocol (SXP) bindings that can be propagated in both directions between a speaker and a listener over a single connection.
(Catalyst 3750-X and 3560-X | LAN Base, IP Lite, IP Base, IP Services, IP Enterprise Services) Controls and manages the Cisco TrustSec access control on a network device based on an attribute-based access control list. When a security group access control list (SGACL) is enabled globally, the SGACL is enabled on all interfaces in the network by default; use the Enablement of Security Group ACL at Interface Level feature to disable the SGACL on a Layer 3 interface.
(Catalyst 3750-X and 3560-X | IP Base, IP Services, IP Enterprise Services) Protects data traffic from a failed router or circuit while allowing packet load sharing between a group of redundant routers.
(Catalyst 3750-X and 3560-X | IP Base, IP Services, IP Enterprise Services) Allows you to track the behavior of an object and receive notifications of changes. This feature explains how object tracking, in particular the tracking of IPv6 objects, is integrated into VRRP version 3 (VRRPv3) and describes how to track an IPv6 object using a VRRPv3 group.
(Catalyst 3750-X and 3560-X | IP Lite, IP Base, IP Services, IP Enterprise Services) Allows users to configure multiple non-link local addresses as virtual addresses. The Hot Standby Router Protocol (HSRP) ensures host-to-router resilience and failover, in case the path between a host and the first-hop router fails, or the first-hop router itself fails.
(Catalyst 3750-X and 3560-X | LAN Lite, LAN Base, IP Lite, IP Base, IP Services, IP Enterprise Services) Allows you to create a banner page and set an inactivity timeout for HTTP or HTTP Secure (HTTPS) connections. The banner page allows you to logon to the server when the session is invalid or expired.
(Catalyst 3750-X and 3560-X | LAN Lite, LAN Base, IP Lite, IP Base, IP Services, IP Enterprise Services) Allows you to select the type, length, value (TLV) fields that are sent on a particular interface to filter information sent through Cisco Discovery Protocol packets.
(Catalyst 3750-X and 3560-X | LAN Base, IP Lite, IP Base, IP Services, IP Enterprise Services) Helps to resolve the destination domain name to an IP address, which is provided to the client as a part of the domain name system (DNS) response.
(Catalyst 3750-X and 3560-X | LAN Base, IP Lite, IP Base, IP Services, IP Enterprise Services) Provides a mechanism to authenticate Open Shortest Path First version 3 (OSPFv3) protocol packets as an alternative to existing OSPFv3 IPsec authentication.
(Catalyst 3750-X and 3560-X | LAN Base, IP Lite, IP Base, IP Services, IP Enterprise Services) Extends the capabilities of object tracking using Cisco Discovery Protocol (CDP) to allow the policy-based routing (PBR) process to verify object availability by using additional methods.
(Catalyst 3750-X and 3560-X | LAN Base, IP Lite, IP Base, IP Services, IP Enterprise Services) Enables networks to redirect guest users to the URL they had originally requested. This feature is enabled by default and requires no configuration.
(Catalyst 3750-X and 3560-X | LAN Base, IP Lite, IP Base, IP Services, IP Enterprise Services) Determines the level of network access provided to an endpoint based on the type of the endpoint device. This feature also permits hardbinding between the end device and the interface. Autoconfig falls under the umbrella of Smart Operations solution.
(Catalyst 3750-X and 3560-X | LAN Base, IP Lite, IP Base, IP Services, IP Enterprise Services) Provides a mechanism to configure multiple commands at the same time and associate it with a target such as an interface. An interface template is a container of configurations or policies that can be applied to specific ports.
(Catalyst 3750-X | LAN Base, IP Lite, IP Base, IP Services, IP Enterprise Services) Provides the capability to diagnose Media Stream on top of various instrumentations in Cisco routers/switches and endpoints. Also addresses the MediaNet Video monitoring requirement to discover the signaling path and provides end-to-end diagnostics along the media stream routes.
For a list of all supported SFP and SFP+ modules, see http://www.cisco.com/c/en/us/td/docs/interfaces_modules/transceiver_modules/compatibility/matrix/OL_6974.html
For a list of all supported SFP and SFP+ modules, see http://www.cisco.com/c/en/us/td/docs/interfaces_modules/transceiver_modules/compatibility/matrix/OL_6974.html
Table 4 lists the minimum software release after the first release of required to support the major features on the switches. The first release of the Catalyst 3750-X and 3560-X switches was Cisco IOS Release 12.2(53)SE2).
You should review this section before you begin working with the switch. These are known limitations that will not be fixed, and there is not always a workaround. Some features might not work as documented, and some features could be affected by recent changes to the switch hardware or software.
- “Access Control List” section
- “Address Resolution Protocol” section
- “Cisco Transceiver Modules and SFP Modules” section
- “Configuration” section
- “EtherChannel” section
- “IEEE 802.1x Authentication” section
- “Multicasting” section
- “PoE or PoE+” section
- “QoS” section
- “RADIUS” section
- “Routing” section
- “SPAN and RSPAN” section
- “Spanning Tree Protocol” section
- “Stacking (Catalyst 3750-X Switch Stack only)” section
- “Stack Power (Catalyst 3750-X only)” section
- “VLANs” section
- “TrustSec” section
- “IP SLA Video Operation” section
- When a MAC access list is used to block packets from a specific source MAC address, that MAC address is entered in the switch MAC-address table.
- The switch might place a port in an error-disabled state due to an Address Resolution Protocol (ARP) rate limit exception even when the ARP traffic on the port is not exceeding the configured limit. This could happen when the burst interval setting is 1 second, the default.
- Cisco GLC-GE-100FX SFP modules with a serial number between OPC0926xxxx and OPC0945xxxx might show intermittent module not valid , data, status, link-flapping, and FCS errors.
- When switches are installed closely together and the uplink ports of adjacent switches are in use, you might have problems accessing the SFP module bale-clasp latch to remove the SFP module or the SFP cable (Ethernet or fiber).
- When an excessive number (more than 100 packets per second) of Address Resolution Protocol (ARP) packets are sent to a Network Admission Control (NAC) Layer 2 IP-configured member port, a switch might display a message similar to this:
- When there is a VLAN with protected ports configured in fallback bridge group, packets might not be forwarded between the protected ports.
When a switch port configuration is set at 10 Mb/s half duplex, sometimes the port does not send in one direction until the port traffic is stopped and then restarted. You can detect the condition by using the show controller ethernet-controller or the show interfaces privileged EXEC commands.
The workaround is to stop the traffic in the direction in which it is not being forwarded, and then restart it after 2 seconds. You can also use the shutdown interface configuration command followed by the no shutdown command on the interface. (CSCsh04301)
- When line rate traffic is passing through a dynamic port, and you enter the switchport access vlan dynamic interface configuration command for a range of ports, the VLANs might not be assigned correctly. One or more VLANs with a null ID appears in the MAC address table instead.
- (Catalyst 3750-X or 3560-X switches) When the switch flash memory has less than 6 MB free space, there is not enough space in flash memory to hold temporary files created as part of a microcontroller unit (MCU) image upgrade, and the upgrade fails.
- (Catalyst 3750-X or 3560-X switches) When you enter the test cable-diagnostics tdr interface or the show cable-diagnostics tdr interface privileged EXEC command on an interface to determine the length of a connected cable, the cable length might be reported as N/A. This can occur when there is no link, a 10 Mb/s link, or a 100 Mb/s link, even though there are no cable faults. Cable length is reported correctly when a 1 Gb/s link is active on the interface.
- In an EtherChannel running Link Aggregation Control Protocol (LACP), the ports might be put in the suspended or error-disabled state after a stack partitions or a member switch reloads. This occurs when:
The EtherChannel ports are put in the suspended state because each partitioned stack sends LACP packets with different LACP Link Aggregation IDs (the system IDs are different). The ports that receive the packets detect the incompatibility and shut down some of the ports. Use one of these workarounds for ports in this error-disabled state:
The EtherChannel ports are put in the error-disabled state because the switches in the partitioned stacks send STP BPDUs. The switch or stack at the other end of the EtherChannel receiving the multiple BPDUs with different source MAC addresses detects an EtherChannel misconfiguration.
- When a switch stack is configured with a cross-stack EtherChannel, it might transmit duplicate packets across the EtherChannel when a physical port in the EtherChannel has a link-up or link-down event. This can occur for a few milliseconds while the switch stack adjusts the EtherChannel for the new set of active physical ports and can happen when the cross-stack EtherChannel is configured with either mode ON or LACP. This problem might not occur with all link-up or link-down events.
- The switch might display tracebacks similar to this example when an EtherChannel interface port-channel type changes from Layer 2 to Layer 3 or the reverse:
15:50:11: %COMMON_FIB-4-FIBNULLHWIDB: Missing hwidb for fibhwidb Port-channel1 (ifindex 1632) -Traceback= A585C B881B8 B891CC 2F4F70 5550E8 564EAC 851338 84AF0C 4CEB50 859DF4 A7BF28 A98260 882658 879A58
- If a supplicant using a Marvel Yukon network interface card (NIC) is connected an IEEE 802.1x-authorized port in multihost mode, the extra MAC address of 0c00.0000.0000 appears in the MAC address table.
- When MAC authentication bypass is configured to use Extensible Authentication Protocol (EAP) for authorization and critical authentication is configured to assign a critical port to an access VLAN:
- When IEEE 802.1x authentication with VLAN assignment is enabled, a CPUHOG message might appear if the switch is authenticating supplicants in a switch stack.
- Multicast packets with a time-to-live (TTL) value of 0 or 1 are flooded in the incoming VLAN when all of these conditions are met:
- Multicast packets denied by the multicast boundary access list are flooded in the incoming VLAN when all of these conditions are met:
- Reverse path forwarding (RPF) failed multicast traffic might cause a flood of Protocol Independent Multicast (PIM) messages in the VLAN when a packet source IP address is not reachable.
- If the clear ip mroute privileged EXEC command is used when multicast packets are present, it might cause temporary flooding of incoming multicast traffic in the VLAN.
- When you configure the ip igmp max-groups number and ip igmp max-groups action replace interface configuration commands and the number of reports exceed the configured max-groups value, the number of groups might temporarily exceed the configured max-groups value. No workaround is necessary because the problem corrects itself when the rate or number of IGMP reports are reduced. (CSCse27757)
- When you configure the IGMP snooping throttle limit by using the ip igmp max-groups number interface configuration on a port-channel interface, the groups learned on the port-channel might exceed the configured throttle limit number, when all of these conditions are true:
- When a loopback cable is connected to a switch PoE port, the show interface status privileged EXEC command shows not connected , and the link remains down. When the same loopback cable is connected to a non-PoE port, the link becomes active and then transitions to the error-disabled state when the keepalive feature is enabled.
- The pethPsePortShortCounter MIB object appears as short even though the powered device is powered on after it is connected to the PoE port.
- (Catalyst 3750-X or 3560-X switches) When a powered device (such as an IP phone) connected to a PoE+ port restarts and sends a CDP or LLDP packet with a power TLV, the switch locks to the power-negotiation protocol of that first packet. The switch does not respond to power requests from the other protocol. For example, if the switch is locked to CDP, it does not provide power to devices that send LLDP requests. If CDP is disabled after the switch has locked on it, the switch does not respond to LLDP power requests and can no longer power on any accessories.
- When QoS is enabled and the egress port receives pause frames at the line rate, the port cannot send packets.
- In a hierarchical policy map, if the VLAN-level policy map is attached to a VLAN interface and the name of the interface-level policy map is the same as that for another VLAN-level policy map, the switch rejects the configuration, and the VLAN-level policy map is removed from the interface.
- If the ingress queue has low buffer settings and the switch sends multiple data streams of system jumbo MTU frames at the same time at the line rate, the frames are dropped at the ingress.
- When you use the srr-queue bandwidth limit interface configuration command to limit port bandwidth, packets that are less than 256 bytes can cause inaccurate port bandwidth readings. The accuracy is improved when the packet size is greater than 512 bytes.
- If QoS is enabled on a switch and the switch has a high volume of incoming packets with a maximum transmission unit (MTU) size greater than 1512 bytes, the switch might reload.
– Use the mls qos queue-set output qset-id buffers allocation1 ... allocation4 global configuration command to allocate the buffer size. The buffer space for each queue must be at least 10 percent. (CSCsx69718) (Catalyst 3750-X switches)
- If you configure a large number of input interface VLANs in a class map, a traceback message similar to this might appear:
- The switch stack might reload if the switch runs with this configuration for several hours, depleting the switch memory and causing the switch to fail:
- When the PBR is enabled and QoS is enabled with DSCP settings, the CPU utilization might be high if traffic is sent to unknown destinations.
- When upgrading switches in a stack, the director cannot send the correct image and configuration to the stack if all switches in the stack do not start at the same time. A switch in the stack could then receive an incorrect image or configuration.
- When you upgrade a Smart Install director to Cisco IOS Release 12.2(55)SE but do not upgrade the director configuration, the director cannot upgrade client switches.
When you upgrade the director to Cisco IOS Release 12.2(55)SE, the workaround is to also modify the configuration to include all built-in, custom, and default groups. You should also configure the tar image name instead of the image-list file name in the stored images. (CSCte07949)
- Backing up a Smart Install configuration could fail if the backup repository is a Windows server and the backup file already exists in the server.
- If the director in the Smart Install network is located between an access point and the DHCP server, the access point tries to use the Smart Install feature to upgrade even though access points are not supported devices. The upgrade fails because the director does not have an image and configuration file for the access point.
- When a Smart Install director is upgrading a client switch that is not Smart Install-capable (that is, not running Cisco IOS Release 12.2(52)SE or later), the director must enter the password configured on the client switch. If the client switch does not have a configured password, there are unexpected results depending on the software release running on the client:
– When you select the NONE option in the director CLI, the upgrade should be allowed and is successful on client switches running Cisco IOS Release 12.2(25)SE through 12.2(46)SE, but fails on clients running Cisco IOS Release 12.2(50)SE through 12.2(50)SEx.
– When you enter any password in the director CLI, the upgrade should not be allowed, but it is successful on client switches running Cisco IOS Release 12.2(25)SE through 12.2(46)SE, but fails on clients running Cisco IOS Release 12.2(50)SE through 12.2(50)SEx.
- When the RSPAN feature is configured on a switch, CDP packets received from the RSPAN source ports are tagged with the RSPAN VLAN ID and forwarded to trunk ports carrying the RSPAN VLAN. When this happens, a switch that is more than one hop away incorrectly lists the switch that is connected to the RSPAN source port as a CDP neighbor.
- When egress SPAN is running on a 10-Gigabit Ethernet port, only about 12 percent of the egress traffic is monitored.
- (Catalyst 3650-X and 3750-X switches) When you enter the show monitor privileged EXEC command the monitor source port output is incorrect. This situation occurs only if the monitor source port(s) is a pluggable Gigabit module and you set any source port combination, except when just using a single Gigabit port on the pluggable module as the source port.
When a switch or switch stack running Multiple Spanning Tree (MST) is connected to a switch running Rapid Spanning Tree Protocol (RSTP), the MST switch acts as the root bridge and runs per-VLAN spanning tree (PVST) simulation mode on boundary ports connected to the RST switch. If the allowed VLAN on all trunk ports connecting these switches is changed to a VLAN other than VLAN 1 and the root port of the RSTP switch is shut down and then enabled, the boundary ports connected to the root port move immediately to the forward state without going through the PVST+ slow transition.
- When a switch stack is running 802.1x single host mode authentication and has filter-ID or per-user policy maps applied to an interface, these policies are removed if a master switchover occurs. Even though the output from the show ip access-list privileged EXEC command includes these ACLs, the policies are not applied.
- When using the logging console global configuration command, low-level messages appear on both the stack master and the stack member consoles.
- If a new member switch joins a switch stack within 30 seconds of a command to copy the switch configuration to the running configuration of the stack master, the new member might not get the latest running configuration and might not operate properly.
- When the flash memory of a stack member is almost full, it might take longer to start up than other member switches. This might cause that switch to miss the stack-master election window. As a result, the switch might fail to become the stack master even though it has the highest priority.
- A stack member switch might fail to bundle Layer 2 protocol tunnel ports into a port channel when you have followed these steps:
- After a stack bootup, the spanning tree state of a port that has IEEE 802.1x enabled might be blocked, even when the port is in the authenticated state. This can occur on a voice port where the Port Fast feature is enabled.
- When the switch stack is in the HSRP active state and a master changeover occurs, you cannot ping the stack by using an HSRP virtual IP address.
- When a power stack has been configured in redundant mode, which is not the default, and then split by either removing cables or disabling StackPower ports, the newly created power stack has the same mode as the former power stack, but this is not shown in the configuration file.
The workaround when you are forming power stack topologies if the power stack mode is not the default (power sharing), you should also configure the power stack mode on the new power stacks by entering the mode redundant power-stack configuration command. (CSCte33875)
- If the number of VLANs times the number of trunk ports exceeds the recommended limit of 13,000, the switch can fail.
- When the domain is authorized in the guest VLAN on a member switch port without link loss and an Extensible Authentication Protocol over LAN (EAPOL) is sent to an IEEE 802.1x supplicant to authenticate, the authentication fails. This problem happens intermittently with certain stacking configurations and only occurs on the member switches.
- The error message %DOT1X_SWITCH-5-ERR_VLAN_NOT_FOUND might appear for a switch stack under these conditions:
- When you enter the boot host retry timeout global configuration command to specify the amount of time that the client should keep trying to download the configuration and you do not enter a timeout value, the default value is zero, which should mean that the client keeps trying indefinitely. However, the client does not keep trying to download the configuration.
- When many VLANs are configured on the switch, high CPU utilization occurs when many links are flapping at the same time.
- You cannot statically map an IP-subnet to an SGT. You can only map IP addresses to an SGT. When you configure IP address-to-SGT mappings, the IP address prefix must be 32.
- If a port is configured in Multi-Auth mode, all hosts connecting on that port must be assigned the same SGT. When a host tries to authenticate, its assigned SGT must be the same as the SGT assigned to a previously authernticated host. If a host tries to authenticate and its SGT is different from the SGT of a previously authenticated host, the VLAN port (VP) to which these hosts belong is error-disabled.
- Cisco TrustSec enforcement is supported only on up to eight VLANs on a VLAN-trunk link. If there are more than eight VLANs configured on a VLAN-trunk link and Cisco TrustSec enforcement is enabled on those VLANs, the switch ports on those VLAN-trunk links will be error-disabled.
- The switch cannot assign an SGT based on SXP listening; it can only forward the SXP bindings through the SXP protocol.
- Port-to-SGT mapping should be configured only on Cisco TrustSec links (that is, switch-to-switch links).
- SGT/SGACL is supported on Cisco Catalyst 3750-X and 3650-X series switches with all network uplink modules: C3KX-NM-1G, C3KX-NM-10G, C3KX-NM-10GT and C3KX-SM-10G. The C3KX-SM-10G is only required for MACsec on the uplinks.
- TrustSec Layer-3 Identity Port Mapping (L3IPM) is not supported on Catalyst 3750-X and 3650-X series switches.
- After removing an IP SLA Video Operation VRF configuration, the VRF configuration still shows up in show running-config and show ip sla configuration . The VRF configuration is removed, but the CLI is not updated.
- When you are prompted to accept the security certificate and you click No , you only see a blank screen, and the device manager does not launch.
- NetFlow Data Export (NDE) fails when the IP address specified by the destination keyword belongs to a network that is connected to the Ethernet management port (FastEthernet0) on the switch.
- “Switch Stack Notes” section
- “Control Plane Protection” section
- “Cisco IOS Notes” section
- “Device Manager Notes” section
Catalyst 3750-X and 3560-X switches internally support up to 16 different control plane queues. Each queue is dedicated to handling specific protocol packets and is assigned a priority level. For example, STP, routed, and logged packets are sent to three different control plane queues, which are prioritized in corresponding order, with STP having the highest priority. Each queue is allocated a certain amount of processing time based on its priority. The processing-time ratio between low-level functions and high-level functions is allocated as 1-to-2. Therefore, the control plane logic dynamically adjusts the CPU utilization to handle high-level management functions as well as punted traffic (up to the maximum CPU processing capacity). Basic control plane functions, such as the CLI, are not overwhelmed by functions such logging or forwarding of packets.
- Unlike other platforms, the response to an Energywise query on a Catalyst 3750-X or 3560-X is the actual switch power consumption and not a fixed number.
- If the switch requests information from the Cisco Secure Access Control Server (ACS) and the message exchange times out because the server does not respond, a message similar to this appears:
If this message appears, make sure that there is network connectivity between the switch and the ACS. You should also make sure that the switch has been properly configured as an AAA client on the ACS.
- If the switch has interfaces with automatic QoS for voice over IP (VoIP) configured and you upgrade the switch software, when you enter the auto qos voip cisco-phone interface configuration command on another interface, you might see this message:
If this happens, enter the no auto qos voip cisco-phone interface command on all interface with this configuration to delete it. Then enter the auto qos voip cisco-phone command on each of these interfaces to reapply the configuration.
- You cannot create and manage switch clusters through the device manager. To create and manage switch clusters, use the CLI or Cisco Network Assistant.
- When the switch is running a localized version of the device manager, the switch displays settings and status only in English letters. Input entries on the switch can only be in English letters.
- For device manager session on Internet Explorer, popup messages in Japanese or in simplified Chinese can appear as garbled text. These messages appear properly if your operating system is in Japanese or Chinese.
- We recommend this browser setting to speed up the time needed to display the device manager from Microsoft Internet Explorer.
- The HTTP server interface must be enabled to display the device manager. By default, the HTTP server is enabled on the switch. Use the show running-config privileged EXEC command to see if the HTTP server is enabled or disabled.
The device manager uses the HTTP protocol (the default is port 80) and the default method of authentication (the enable password) to communicate with the switch through any of its Ethernet ports and to allow switch management from a standard web browser.
If you change the HTTP port, you must include the new port number when you enter the IP address in the browser Location or Address field (for example, http://10.1.126.45:184 where 184 is the new HTTP port number). You should write down the port number through which you are connected. Use care when changing the switch IP information.
- Cisco Bug Search Tool
- Open Caveats
- Caveats Resolved in Cisco IOS Release 15.2(2)E1
- Caveats Resolved in Cisco IOS Release 15.2(2)E
The Bug Search Tool (BST), which is the online successor to Bug Toolkit, is designed to improve the effectiveness in network risk management and device troubleshooting. The BST allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.
1. Access the BST (use your Cisco user ID and password) at https://tools.cisco.com/bugsearch/ .
- Release Notes for the Catalyst 3750-X. Catalyst 3750-E, Catalyst 3560-X, and 3560-E Switches
- Catalyst 3750-X and 3560-X Switch Software Configuration Guide
- Catalyst 3750-X and 3560-X Switch Command Reference
- Catalyst 3750-X, 3750-E, 3560-X, and 3560-E Switch System Message Guide
- Cisco IOS Software Installation Document.
- Catalyst 3750-X and 3560-X Switch Getting Started Guide
- Catalyst 3750-X and 3560-X Switch Hardware Installation Guide
- Regulatory Compliance and Safety Information for the Catalyst 3750-X and 3560-X Switch
- Installation Notes for the Catalyst 3750-X and 3560-X Switch Power Supply Modules
- Installation Notes for the Catalyst 3750-X and 3560-X Switch Fan Module
- Installation Notes for the Catalyst 3750-X and 3560-X Switch Network Modules
- Installation Notes for the Cisco TwinGig Converter Module
- Cisco Redundant Power System 2300 Hardware Installation Guide
- Cisco Redundant Power System 2300 Compatibility Matrix
- Cisco eXpandable Power System 2200 Hardware Installation Guide
- Configuring the Cisco eXpandable Power System (XPS) 2200
- Auto Smartports Configuration Guide
- Cisco EnergyWise Configuration Guide
- Smart Install Configuration Guide
- Information about Cisco SFP, SFP+, and GBIC modules is available from this Cisco.com site:
SFP compatibility matrix documents are available from this Cisco.com site:
- Getting Started with Cisco Network Assistant
- Release Notes for Cisco Network Assistant
- Network Admission Control Software Configuration Guide
- Connecting Cisco Enhanced EtherSwitch Service Modules to the Network :
- Cisco Enhanced EtherSwitch Service Modules Configuration Guide :
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation , which also lists all new and revised Cisco technical documentation:
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
This document is to be used in conjunction with the documents listed in the “Obtaining Documentation and Submitting a Service Request” section.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.