Release Notes for the Cisco IE 2000 Switches, Cisco IOS Release 15.2(1)EY
Finding the Software Version and Feature Set
Upgrading a Switch by Using the CLI
Recovering from a Software Failure
Security Group Tag Exchange Protocol for Cisco TrustSec
Web Device Manager Enhancements
Caveats Resolved in This Release
Updates to the Hardware Installation Guide
Obtaining Documentation, Obtaining Support, and Security Guidelines
Cisco IOS Release 15.2(1)EY runs on Cisco IE 2000 switches.
These release notes include important information about Cisco IOS Release15.2(1)EY, and any limitations, restrictions, and caveats that apply to it.
Verify that these release notes are correct for your switch:
You can download the switch software from this site (registered Cisco.com users with a login password):
4 10/100BASE-T downlink ports |
||
4 10/100BASE-T downlink ports |
||
4 10/100BASE-T downlink ports |
||
4 10/100BASE-T Ethernet ports |
||
4 10/100BASE-T downlink ports |
||
4 10/100BASE-T downlink ports |
||
8 10/100BASE-T downlink ports |
||
8 10/100BASE-T downlink ports |
||
8 10/100BASE-T downlink ports |
||
8 10/100BASE-T downlink ports Supports IEEE-1588 standard for synchronizing clocks. Can enable NAT by license upgrade. |
||
8 10/100BASE-T downlink ports |
||
8 10/100BASE-T downlink ports, Supports IEEE-1588 standard for synchronizing |
||
16 10/100BASE-T downlink ports |
||
16 10/100BASE-T downlink ports |
||
16 10/100BASE-T downlink ports, Supports IEEE-1588 standard for synchronizing clocks.. Can enable NAT by license upgrade. |
||
16 10/100BASE-T downlink ports |
||
16 10/100BASE-T downlink ports, 2 Gigabit Ethernet dual-purpose uplink ports, and 2 100Mb/s SFP module downlink slots. Supports IEEE-1588 standard for synchronizing clocks and Network Address Translation (NAT). |
||
Cisco IE-2000-16TC-G-X1 |
16 10/100BASE-T downlink ports, Supports IEEE-1588 standard for synchronizing clocks.. Can enable NAT by license upgrade. |
|
16 10/100BASE-T downlink ports with |
||
16 10/100BASE-T downlink ports with 4 PoE/PoE+ Supports PoE/PoE+ and IEEE-1588 standard for synchronizing clocks on top of the LAN Base image. Supports Network Address Translation (NAT) on top of the Enhanced LAN Base license. NAT license should be ordered separately. |
||
16 10/100BASE-T downlink ports with 4 PoE/PoE+ Supports PoE/PoE+, IEEE-1588 standard for synchronizing clocks, and Network Address Translation (NAT) on top of Enhanced LAN Base image. |
||
8 ports 10/100BASE T M12 connectors Layer 2 switch, all FE ports. |
||
16-port 10/100BASE-T M12 connectors Layer 2 switch, all FE ports. |
||
16 port 10/100BASE-T M12 connectors Layer 2 switch, all FE ports. |
||
8-port 10/100BASE-T, 8-port POE/4-port POE+, 2-port 10/100/1000 uplink, Precision Time Protocol (PTP) support. |
||
8-port 10/100BASE-T, 8-port POE/POE+, 2-port 10/100/1000 uplink, Precision Time Protocol (PTP) support. |
||
The SFP modules are switch Ethernet SFP modules that provide connections to other devices. Depending on the switch model, these field-replaceable transceiver modules provide uplink or downlink interfaces. The modules have LC connectors for fiber-optic connections.
You can use any combination of the supported SFP modules.
Rugged and industrial SFP modules2 |
GLC-SX-MM-RGD3 GLC-LX-SM-RGD 2 GLC-ZX-SM-RGD 2 |
GLC-BX-U 2 GLC-BX-D 2 CWDM-SFP 2 DWDM-SFP 2 |
|
SFP-GE-S 2 SFP-GE-L 2 SFP-GE-Z 2 |
For the most up-to-date list of supported SFP models for Cisco Industrial Ethernet switches, see http://www.cisco.com/en/US/docs/interfaces_modules/transceiver_modules/compatibility/matrix/OL_6981.html#wp138176
You can upgrade Cisco IOS software features through the Cisco Software Activation tool. It authorizes and enables the feature set on Cisco IE 2000 switch series. Based on the type of license, it allows you to enable certain features through the licensing upgrade or both licensing and software upgrade. On Cisco IE 2000 switches, to upgrade from LAN Lite to LAN Base you do not require new software releases. However, to upgrade from LAN Base to Enhanced LAN Base for NAT, you require both software and license upgrades. See Software Activation Licensing Upgrade for detailed steps:
http://www.cisco.com/en/US/docs/switches/lan/cisco_ie2000/software/release/15_0_2_eb/upgrade/guide/ie2000_ug.html
The Cisco IOS image is stored as a bin file in a directory that is named with the Cisco IOS release. A subdirectory contains the files needed for web management. The image is stored on the compact flash memory card.
You can use the show version privileged EXEC command to see the software version that is running on your switch. The second line of the display shows the version.
You also can use the dir filesystem : privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.
The upgrade procedures in these release notes describe how to perform the upgrade by using a combined tar file. This file contains the Cisco IOS image file and the files needed for the embedded Express Setup. You must use the combined tar file to upgrade the switch through Express Setup. To upgrade the switch through the CLI, use the tar file and the archive download-sw privileged EXEC command.
Before upgrading your switch software, make sure that you have archived copies of the current Cisco IOS release and the Cisco IOS release to which you are upgrading. You should keep these archived images until you have upgraded all devices in the network to the new Cisco IOS image and until you have verified that the new Cisco IOS image works properly in your network.
Cisco routinely removes old Cisco IOS versions from Cisco.com. See Product Bulletin 2863 for more information:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps6969/ps1835/prod_bulletin0900aecd80281c0e.html
You can copy the bin software image file on the flash memory to the appropriate TFTP directory on a host by using the copy flash: tftp: privileged EXEC command.
Note Although you can copy any file on the flash memory to the TFTP server, it is time consuming to copy all of the HTML files in the tar file. We recommend that you download the tar file from Cisco.com and archive it on an internal host in your network.
You can also configure the switch as a TFTP server to copy files from one switch to another without using an external TFTP server by using the tftp-server global configuration command. For more information about the tftp-server command, see the Cisco IOS Configuration Fundamentals Command Reference :
http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_t1.html
This procedure is for copying the combined tar file to the switch. You copy the file to the switch from a TFTP server and extract the files. You can download an image file and replace or keep the current image.
Note Make sure that the compact flash card is inserted into the switch before downloading the software.
To download software, follow these steps:
Step 1 Use Table 1 to identify the file that you want to download.
Step 2 Download the software image file. If you have a SmartNet support contract, go to this URL, and log in to download the appropriate files:
http://www.cisco.com/cisco/web/download/index.html
To download the image for a Cisco IE 2000 switch, click Switches > Industrial Ethernet Switches > Cisco IE 2000 Series Switches, and then click on the Cisco IOS software for your specific switch model.
Step 3 Copy the image to the appropriate TFTP directory on the workstation, and make sure that the TFTP server is properly configured.
For more information, see Appendix B of the software configuration guide for this release.
Step 4 Log in to the switch through the console port or a Telnet session.
Step 5 (Optional) Check that you have IP connectivity to the TFTP server by entering this privileged EXEC command:
For more information about assigning an IP address and default gateway to the switch, see the software configuration guide for this release.
Step 6 Download the image file from the TFTP server to the switch. If you are installing the same version of software that is currently on the switch, overwrite the current image by entering this privileged EXEC command:
The /overwrite option overwrites the software image in flash memory with the downloaded one.
The /reload option reloads the system after downloading the image unless the configuration has been changed and not saved.
For // location, specify the IP address of the TFTP server.
For / directory / image-name .tar, specify the directory (optional) and the image to download. Directory and image names are case sensitive.
This example shows how to download an image from a TFTP server at 198.30.20.19 and to overwrite the image on the switch:
You can also download the image file from the TFTP server to the switch and keep the current image by replacing the /overwrite option with the /leave-old-sw option.
You can assign IP information to your switch by using these methods:
Digital Optical Monitoring (DOM) is supported when using a DOM-capable SFP transceiver module. For information about the switch models that have SFP or dual-purpose ports, see Switch Models Supported. For information about DOM-capable SFP modules, see SFP Modules Supported.
Note DOM is not supported on downlink SFP ports.
DOM allows monitoring real-time parameters of the switch, such as optical input and output power, temperature, laser bias current, and transceiver supply voltage. These parameters are monitored against the threshold values. The real-time DOM parameters can be monitored using command line interface or SNMP interface.
DOM is possible only with DOM-capable transceiver modules. When using an SFP module in a dual purpose port, DOM is supported if the interface media type is configured to SFP or if global transceiver monitoring is enabled.
Several enhancements were made to improve the implementation of Precision time Protocol (PTP).
Cisco Industrial Ethernet switches now can participate in the Cisco TrustSec security architecture by using the SGT Exchange Protocol (SXP). Cisco TrustSec establishes domains of trusted network devices. After a device is authenticated, communication is secured by using encryption and other mechanisms. As packets enter the network, they are classified by security group tags (SGTs) for the purpose of applying security policies. SXP is used to propagate the SGTs across network devices, such as the IE switches, that do not have hardware support for Cisco TrustSec.
To use this feature, enable SXP and configure the connections on each device that needs to participate in SXP exchanges.
For detailed information about the configuration commands and show commands, see “SGT Exchange Protocol over TCP (SXP)” at http://www.cisco.com/en/US/partner/docs/switches/lan/trustsec/configuration/guide/sxp_config.html#wp1056896
IP Device Tracking (IPDT) is globally enabled in the 15.2(1)EY release on all IE platforms. You can disable IPDT probing at the interface level using the CLI ip device tracking maximum 0 to avoid timeouts when end devices are in IP probing tentative state. This is especially critical if the switches are used in control automation, such as in an EtherNet/IP and Profinet network environment.
You should review this section before you begin working with the switch. These are known limitations that will not be fixed, and there is not always a workaround. Some features might not work as documented, and some features could be affected by recent changes to the switch hardware or software.
If this happens, uneven traffic distribution will happen on EtherChannel ports.
Changing the load balance distribution method or changing the number of ports in the EtherChannel can resolve this problem. Use any of these workarounds to improve EtherChannel load balancing:
– for random source-ip and dest-ip traffic, configure load balance method as src-dst-ip
– for incrementing source-ip traffic, configure load balance method as src-ip
– for incrementing dest-ip traffic, configure load balance method as dst-ip
– Configure the number of ports in the EtherChannel so that the number is equal to a power of 2 (i.e. 2, 4, or 8)
For example, with load balance configured as dst-ip with 150 distinct incrementing destination IP addresses, and the number of ports in the EtherChannel set to either 2, 4, or 8, load distribution is optimal.(CSCeh81991)
The workaround is to use rate limiting on DHCP traffic to prevent a denial of service attack from occurring. (CSCeb59166)
The workaround is to choose compatible buffer sizes and threshold levels. (CSCea76893)
This is a hardware limitation. The workaround is to disable CDP on all interfaces carrying the RSPAN VLAN on the device connected to the switch. (CSCeb32326)
When a switch or switch stack running Multiple Spanning Tree (MST) is connected to a switch running Rapid Spanning Tree Protocol (RSTP), the MST switch acts as the root bridge and runs per-VLAN spanning tree (PVST) simulation mode on boundary ports connected to the RST switch. If the allowed VLAN on all trunk ports connecting these switches is changed to a VLAN other than VLAN 1 and the root port of the RSTP switch is shut down and then enabled, the boundary ports connected to the root port move immediately to the forward state without going through the PVST+ slow transition.
There is no workaround. (CSCdz42909).
The workaround is to reduce the number of VLANs or trunks. (CSCeb31087)
The workaround is to enter the switchport access vlan dynamic interface configuration command separately on each port. (CSCsi26392)
The workaround is to remove unnecessary VLANs to reduce CPU utilization when many links are flapping. (CSCtl04815)
Cisco IE 2000 supports IPv4 static routing in the LAN Base image. To access static routing commands, you need to change the SDM template from the default template to lanbase-routing, followed by a switch reload sequence.
The following note is an update to the Regulatory Compliance and Safety Information (RCSI) guide. This note applies to the 61000-4-3 standard listed in the “EMC Interface Immunity” section of Table 1 of the guide.
Note To meet 10V/m or 20V/m Radiated Immunity levels, shielded cables must be used on the uplink ports, G1/1 and G1/2.
This note applies to these SKUs:
– IE-2000-4T-G-L
– IE-2000-4T-G-B
– IE-2000-8TC-G-L
– IE-2000-8TC-G-B
– IE-2000-8TC-G-E
– IE-2000-16TC-G-L
– IE-2000-16TC-G-E
– IE-2000-16TC-G-X
1. Choose Tools > Internet Options.
2. Click Settings in the Temporary Internet files area.
3. From the Settings window, choose Automatically.
5. Click OK to exit the Internet Options window.
Beginning in privileged EXEC mode, follow these steps to configure the HTTP server interface:
If you change the HTTP port, you must include the new port number when you enter the IP address in the browser Location or Address field (for example, http://10.1.126.45:184 where 184 is the new HTTP port number). Write down the port number through which you are connected. Use care when changing the switch IP information.
If you are not using the default method of authentication (the enable password), you need to configure the HTTP server interface with the method of authentication used on the switch.
Beginning in privileged EXEC mode, follow these steps to configure the HTTP server interface:
Note IE-2000-4S-TS-G do not have copper ports for PC, a GLC-T copper SFP is required to perform express setup.
Note You can click the issue number to view more information in the Cisco Bug Search tool (login required).
Note You can click the issue number to view more information in the Cisco Bug Search tool (login required).
A new Cisco IE 2000 IP67 Hardware Installation Guide has been created for the IP67 Certified IE 2000 switch.
A new Cisco IE 2000U Switch Hardware Installation Guide has been created for the Cisco Industrial Ethernet 2000U Series Switch.
Installation, Configuration, Maintenance, and Operation Guides
http://www.cisco.com/en/US/products/ps11245/tsd_products_support_series_home.html
Online Help (available on the switch)
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.