Guest

Cisco Catalyst Express 500 Series Switches

Release Notes for the Catalyst Express 500 Switches, Cisco IOS Release 12.2(25)SEG and Later

  • Viewing Options

  • PDF (162.0 KB)
  • Feedback
Release Notes for the Catalyst Express 500 Switches, Cisco IOS Release 12.2(25)SEG and Later

Table Of Contents

Release Notes for the Catalyst Express 500 Switches, Cisco IOS Release 12.2(25)SEG and Later

Contents

System Requirements

Hardware Supported

Device Manager System Requirements

Upgrading the Switch Software

New and Changed Features

New and Changed Features for Releases 12.2(25)SEG2 to 12.2(25)SEG6

New and Changed Features for Release 12.2(25)SEG

Limitations and Restrictions

Important Notes

Open Caveat

Resolved Caveats

Resolved Caveats for Release 12.2(25)SEG6

Resolved Caveats for Release 12.2(25)SEG5

Resolved Caveat for Release 12.2(25)SEG4

Resolved Caveat for Release 12.2(25)SEG3

Resolved Caveats for Release 12.2(25)SEG2

Resolved Caveats for Release 12.2(25)SEG

Documentation Updates

Related Documentation

Obtaining Documentation, Obtaining Support, and Security Guidelines


Release Notes for the Catalyst Express 500 Switches, Cisco IOS Release 12.2(25)SEG and Later


Revised September 24, 2008

Cisco IOS Releases 12.2(25)SEG and later run on all Catalyst Express 500 switches.

These release notes include important information about this Cisco IOS release and any limitations, restrictions, and caveats that apply to it. Verify that these release notes are correct for your switch. To find the release number of the Cisco IOS image running on your switch:

On a new or unconfigured switch, see the Cisco IOS release label on the rear panel of your switch.

On a configured switch, see the Switch Information area on the device manager Dashboard window.

The key features are described in the User Guide for the Catalyst Express 500 Switches. For the complete list of Catalyst Express 500 switch documentation, see the "Related Documentation" section.

Contents

"System Requirements" section

"Upgrading the Switch Software" section

"New and Changed Features" section

"Limitations and Restrictions" section

"Important Notes" section

"Open Caveat" section

"Resolved Caveats" section

"Documentation Updates" section

"Related Documentation" section

"Obtaining Documentation, Obtaining Support, and Security Guidelines" section

System Requirements

"Hardware Supported" section

"Device Manager System Requirements" section

Hardware Supported

Table 1 lists the supported hardware.

Table 1 Supported Hardware 

Switch
Description
Supported by Minimum Cisco IOS Release

Catalyst Express 500-24TT

24 10/100BASE-T Ethernet ports

2 10/100/1000BASE-T Ethernet ports

Cisco IOS Release 12.2(25)FY

Catalyst Express 500-24LC

20 10/100BASE-T Ethernet ports

4 10/100 PoE1 ports

2 dual-purpose ports2
(two 10/100/1000BASE-T copper ports and two SFP3 module slots)

Cisco IOS Release 12.2(25)FY

Catalyst Express 500-24PC

24 10/100 PoE ports

2 dual-purpose ports
(two 10/100/1000BASE-T copper ports and two SFP module slots)

Cisco IOS Release 12.2(25)FY

Catalyst Express 500G-12TC

8 10/100/1000BASE-T Ethernet ports

4 dual-purpose ports
(four 10/100/1000BASE-T copper ports and four SFP module slots)

Cisco IOS Release 12.2(25)FY

SFP4 modules

100BASE-BX, -FX, -LX

1000BASE-LX, -SX

Cisco IOS Release 12.2(25)FY

Redundant power system

Cisco RPS 675 redundant power system5

Supported on all software releases

1 PoE = Power over Ethernet
2 Each uplink port is considered a single interface with dual front ends (RJ-45 connector and SFP module slot). The dual front ends are not redundant interfaces, and only one port of the pair is active.
3 SFP = small form-factor pluggable
4 Only Cisco SFP modules supported.
5 Only on the Catalyst Express 500-24PC switch.

Device Manager System Requirements

The device manager hardware and software requirements are described in the User Guide for the Catalyst Express 500 Switches.

Upgrading the Switch Software

The software upgrade procedure is described in the User Guide for the Catalyst Express 500 Switches.

New and Changed Features

"New and Changed Features for Releases 12.2(25)SEG2 to 12.2(25)SEG6" section

"New and Changed Features for Release 12.2(25)SEG" section

New and Changed Features for Releases 12.2(25)SEG2 to 12.2(25)SEG6

There are no new or changed features in these releases.

New and Changed Features for Release 12.2(25)SEG

This release contains this new feature: The device manager GUI, online help, and the Getting Started Guide for the Catalyst Express 500 Switches are now available in Chinese (simplified), English, French, German, Italian, Japanese, and Spanish.

To display a translated version of the GUI and online help, select your language from the Language field located at the top of the device manager window.

The translated getting started guides are available at this URL:

http://www.cisco.com/en/US/products/ps6545/tsd_products_support_series_home.html

This release contains these modified features:

You can now configure the switch with a 10.0.0.x IP address. In the user guide, ignore the statement that IP addresses in the 10.0.0.0 network cannot be configured on the switch. (CSCsc66015)

Severity 5 (Notification) conditions on the switch no longer turn on the ALERT LED on the switch front panel. Severity 5 conditions continue to be listed in the Alert Log and Diagnostics reports.

Limitations and Restrictions

You should review this section before you begin working with the switch. These are known limitations that will not be fixed, and there is not always a workaround. Some features might not work as documented, and some features could be affected by recent changes to the switch hardware or software.

CSCei30778

When a PC is connected directly to a switch port, the username password dialog appears twice before the device manager page appears.

The workaround is to enter the username and password in both dialog windows.

CSCsb66458

When a PC is connected directly to a switch port, the software upgrade procedure is not successful if you have not previously loaded the software image on the PC.

Make sure that you have downloaded the switch software image from Cisco.com to your PC or network drive before following the software upgrade procedure.

CSCsb71365

If you close your browser session during a software upgrade or you lose internet connectivity, there is no indication of a software upgrade failure. When you restart the switch, there might be unexpected behavior, or some device manager pages might not display.

The workaround is to follow the software recovery procedure described in the user guide. Select option 3 to delete the system configuration and boot with the factory default Cisco IOS image. Follow the software upgrade procedure.

CSCsd48669

The PC must have a network interface card (NIC) driver that supports IEEE 802.1Q packet tagging if either:

The PC is directly connected to a Catalyst Express 500 switch port, which is configured with the Switch port role

The PC is connected to a switch, which is connected through an access port to a Catalyst Express 500 switch port, which is configured with the Switch port role

Important Notes

These are notes for using the device manager:

The switch factory-default software image, which is used for software recovery, does not contain the device manager online help in all supported languages.

The workaround is to install Cisco IOS Release 12.2(25)SEG or later on the switch to display the online help in the supported languages.

When the switch is running a localized version of the device manager, the switch displays settings and status only in English letters. Input entries on the switch can only be in English letters.

For device manager sessions on Internet Explorer, popup messages in Japanese or in simplified Chinese can appear as garbled text. These messages appear properly if your operating system is in Japanese or in Chinese. This issue does not occur on Netscape.

The workaround is to install and to use a multilanguage or a localized operating system.

Open Caveat

CSCei77817

When the switch time is set at least 60 minutes faster than the connected PC time, the device manager responds slowly, and the refresh function takes longer than normal to complete.

The workaround is to use the device manager to correct the switch time so that it is the same as the PC time.

Resolved Caveats

"Resolved Caveats for Release 12.2(25)SEG6" section

"Resolved Caveats for Release 12.2(25)SEG5" section

"Resolved Caveat for Release 12.2(25)SEG4" section

"Resolved Caveat for Release 12.2(25)SEG3" section

"Resolved Caveats for Release 12.2(25)SEG2" section

"Resolved Caveats for Release 12.2(25)SEG" section

Resolved Caveats for Release 12.2(25)SEG6

CSCsm77199

If the HTTP secure server capability is present, the switch shows the following error message:

%DATACORRUPTION-1-DATAINCONSISTENCY: copy error

This error message displays if the HTTP server is configured by using the ip http server global configuration command.

The workaround is to disable the HTTP server by using the no ip http server global configuration command.


Note The switch functionality is not affected by this error message.


CSCsr46446

If DHCP snooping is disabled, it remains disabled even after the switch is rebooted.

CSCsu07052

The 100BASE-FX SFP module (GLC-FE-100FX) now functions correctly on the switch.

Resolved Caveats for Release 12.2(25)SEG5

CSCsl77748

When a Gigabit Ethernet port on the switch is error-disabled because of an unsupported GBIC and an RJ-45 cable is plugged into the same port, the port now correctly remains down until the condition is corrected.

CSCsl72823

The switch now has a system IP MTU of 1500 by default and can fragment packets larger than that so that it works with the default of other switches in network.

CSCsg39295

When SNMP is used to modify a configuration using SCP or FTP, password information no longer might be exposed in a syslog message.

Resolved Caveat for Release 12.2(25)SEG4

CSCsk07883

This release was updated for Cisco manufacturing test purposes. The update does not affect the functionality of the switch.

Resolved Caveat for Release 12.2(25)SEG3

CSCsd95616

Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml.

CSCsj44081

Improvements have been made to User Datagram Protocol (UDP) processing.

Resolved Caveats for Release 12.2(25)SEG2

CSCsb11849

Packets with incorrectly configured IP options are no longer ignored when the Control Plane Policing (CoPP) policy is configured to drop packets that have IP options.

CSCsb12598

Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

Cisco IOS is affected by the following vulnerabilities:

Processing ClientHello messages, documented as Cisco bug ID CSCsb12598

Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304

Processing Finished messages, documented as Cisco bug ID CSCsd92405

Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.


Note Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.


A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.

CSCsb40304

Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

Cisco IOS is affected by the following vulnerabilities:

Processing ClientHello messages, documented as Cisco bug ID CSCsb12598

Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304

Processing Finished messages, documented as Cisco bug ID CSCsd92405

Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.


Note Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.


A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.

CSCsd92405

Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

Cisco IOS is affected by the following vulnerabilities:

Processing ClientHello messages, documented as Cisco bug ID CSCsb12598

Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304

Processing Finished messages, documented as Cisco bug ID CSCsd92405

Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.


Note Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.


A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.

CSCse04560

The switch, when acting as a TFTP server, now displays a File Not Found error message if a TFTP client attempts to access a file to which it is unauthorized by an ACL.

CSCse78963

The switch now accurately generates timestamps (such as in system error messages) when the clock summer-time zone recurring configuration command is set.

CSCse85200

CDP packets no longer cause the switch to allocate and to keep extra memory.

CSCsf04754

Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.

The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities.

Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to these vulnerabilities.

This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml

CSCsf15179

The automatic medium-dependent interface crossover (auto-MDIX) feature now works on port 2 (gi2) on the Catalyst Express 500-24TT switch.

CSCsg17027

High CPU utilization on the switch no longer occurs when IP phones are connected and when they renew their IP addresses through DHCP.

Resolved Caveats for Release 12.2(25)SEG

CSCei77157

When a copper RJ-45 connector is connected to a dual-purpose port, you change the port speed to a nondefault setting, and then insert an SFP module into the fiber port, the port might be error disabled. You can now reenable the port from the device manager or from Network Assistant. However, the port is reset to its default settings.

CSCei77607

A duplex mismatch no longer occurs when a 100BASE-FX-FE module inserted in the switch is connected to a link partner 100BASE-FX-GE module.

CSCek26492

Symptoms: A router may crash if it receives a packet with a specific crafted IP option as detailed in Cisco Security Advisory: Crafted IP Option Vulnerability:

http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml

Conditions: This DDTS resolves a symptom of CSCec71950. Cisco IOS with this specific DDTS are not at risk of crash if CSCec71950 has been resolved in the software.

Workaround: Cisco IOS versions with the fix for CSCec71950 are not at risk for this issue and no workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory: Crafted IP Option Vulnerability for workaround information:

http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml

CSCek37177

The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service condition.

This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the Cisco IOS device will not trigger this vulnerability.

Cisco has made free software available to address this vulnerability for affected customers.

This issue is documented as Cisco bug ID CSCek37177.

There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml

CSCsb53732

The redundant power system (RPS) status LED on the switch now matches the description given in the device manager online help legend.

CSCsb63132

When you access the device manager through a secured session and change the switch software image from a cryptographic to a noncryptographic image, the device manager now detects if the switch is fully reloaded.

CSCsb66596

An error message no longer appears when the Desktop Smartports role is applied to a port and you are using Cisco Network Assistant with a security level other than High.

CSCsb80043

The module port no longer shows collisions when you replace a 100BASE-FX-GE SFP module with a 1000BASE-LX or a 1000BASE-SX SFP module.

Documentation Updates

These are the documentation updates for this release:

The online help and user guide are missing this information about port settings: A port with automatic medium-dependent interface crossover (auto-MDIX) disabled can be reenabled only if the port speed and duplex mode are both set to Auto.

Disregard these Power over Ethernet (PoE) LED descriptions in the user guide:

Figure 4-2 "LED Legend" and Table 4-3 "Port LED Colors in Legend"—The PoE Deny state does not apply to the switch.

Figure 4-2 "LED Legend"—The PoE Administratively Disabled state does not apply to the switch.

The corresponding PoE LED descriptions in the device manager Legend have been corrected.

You can now configure the switch with a 10.0.0.x IP address. In the user guide, ignore the statement that IP addresses in the 10.0.0.0 network cannot be configured on the switch.

The online help and user guide should state that Severity 5 (Notification) conditions on the switch no longer turn on the ALERT LED on the switch front panel. Severity 5 conditions continue to be listed in the Alert Log and Diagnostics reports.

Related Documentation

These documents provide complete information about the Catalyst Express 500 switches and are available at Cisco.com:

http://www.cisco.com/en/US/products/ps6545/tsd_products_support_series_home.html

You can order printed copies of documents with a DOC-xxxxxx= number from the Cisco.com sites and from the telephone numbers listed in the "Obtaining Documentation, Obtaining Support, and Security Guidelines" section.

These documents provide complete information about the Catalyst Express 500 switches:

User Guide for the Catalyst Express 500 Switches (not orderable but available on Cisco.com)

Getting Started Guide for the Catalyst Express 500 Switches (order number DOC-7817084=)


Note The above getting started guide, orderable in print, provides information in all supported languages. Listed below are online-only getting started guides in the individual languages.


Getting Started Guide for the Catalyst Express 500 Switches—English (not orderable but available on Cisco.com)

Getting Started Guide for the Catalyst Express 500 Switches—Chinese (simplified) (not orderable but available on Cisco.com)

Getting Started Guide for the Catalyst Express 500 Switches—French (not orderable but available on Cisco.com)

Getting Started Guide for the Catalyst Express 500 Switches—German (not orderable but available on Cisco.com)

Getting Started Guide for the Catalyst Express 500 Switches—Italian (not orderable but available on Cisco.com)

Getting Started Guide for the Catalyst Express 500 Switches—Japanese (not orderable but available on Cisco.com)

Getting Started Guide for the Catalyst Express 500 Switches—Spanish (not orderable but available on Cisco.com)

Regulatory Compliance and Safety Information for the Catalyst Express 500 Switches (order number DOC-7817085=)

Device manager online help (available on the switch)

For other information about related products, see these documents:

Getting Started with Cisco Network Assistant (not orderable but available on Cisco.com)

Release Notes for Cisco Network Assistant (not orderable but available on Cisco.com)

Cisco Small Form-Factor Pluggable Modules Installation Notes (not orderable but available on Cisco.com)

Cisco RPS 675 Redundant Power System Hardware Installation Guide (order number DOC-7815201=)

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html