Release Notes for the Cisco IE 3000 Switch, Cisco IOS Release 15.2(1)EY
Finding the Software Version and Feature Set
Upgrading a Switch by Using Device Manager or Network Assistant
Upgrading a Switch by Using the CLI
Recovering from a Software Failure
Security Group Tag Exchange Protocol for Cisco TrustSec
Web Device Manager Enhancements
Caveats Resolved in This Release
Obtaining Documentation, Obtaining Support, and Security Guidelines
Cisco IOS Release 15.2(1)EY runs on Cisco IE 3000 switches.
These release notes include important information about Cisco IOS Release 15.2(1)EY, and any limitations, restrictions, and caveats that apply to this release. Verify that these release notes are correct for your switch:
You can download the switch software from this site (registered Cisco.com users with a login password):
http://www.cisco.com/cisco/software/navigator.html?a=ahttp://www.cisco.com/cisco/web/download/index.htmli=rpm
4 10/100BASE-T Ethernet ports and 2 dual-purpose ports, each with a 10/100/1000BASE-T copper port and an SFP (small form-factor pluggable) module slot |
Minimum: Cisco IOS Release 12.2(55)SE; |
|
Minimum: Cisco IOS Release 12.2(55)SE; |
||
4 10/100BASE-T Ethernet ports and 2 dual-purpose ports (supports the IP services software feature set) |
Minimum: Cisco IOS Release 12.2(55)SE; |
|
8 10/100BASE-T Ethernet ports and 2 dual-purpose ports (supports the IP services software feature set) |
Minimum: Cisco IOS Release 12.2(55)SE; |
|
Expansion module with 8 100BASE-FX fiber-optic Ethernet ports |
||
Cisco IEM-3000-4SM1 |
Expansion module with 4 100BASE-FX fiber-optic Ethernet ports Note The base switch supports up to two expansion modules with various combinations including the IEM-3000-8FM, IEM-3000-8TM and the PoE/PoE+ modules IEM-3000-4PC and IEM-3000-4PC-4TC. An exception to the combination is that if you install an 8-port IEM-3000-8FM or IEM-3000-8SM right after the base switch, then you can install only one expansion module. |
|
Cisco IEM-3000-8SM 1 |
Expansion module with 8 100BASE-FX fiber-optic Ethernet ports |
|
Expansion module with 4 PoE 10/100BASE-T Ethernet ports Note Each Power over Ethernet (PoE) or Power over Ethernet Plus (PoE+) module requires an external power supply besides the existing power supply used to power up the base unit. A 44–57 V DC power output is required to support PoE ports (15.4 W) and a 50–57 V DC power output is required to support PoE+ ports (30 W) to meet the IEEE 802.3at standard. Cisco power modules PWR-IE65W-PC-AC (for AC input) and PWR-IE65-PC-DC (for DC input) provide the 54 V DC/1.2 A output to the PoE/PoE+ ports. |
||
Expansion module with 4 PoE and 4 non-PoE 10/100BASE-T copper Ethernet ports |
Express Setup verifies the browser version when starting a session, and it does not require a plug-in.
You cannot create and manage switch clusters through Device Manager. To create and manage switch clusters, use the command-line interface (CLI) or the Network Assistant application.
When creating a switch cluster or adding a switch to a cluster, follow these guidelines:
For additional information about clustering, see Getting Started with Cisco Network Assistant and Release Notes for Cisco Network Assistant (not orderable but available on Cisco.com), the software configuration guide, and the command reference.
Cisco IOS Release 15.2(1)EY is compatible with Cisco Network Assistant (CNA) 5.4 and later.
Note CNA 5.4 and earlier do not support the cisco-ie-macros that were introduced in Cisco IOS Release 12.2(55)SE. Using the new Smartport role names will cause CNA errors.
We recommend installing the latest version of CNA from this URL:
http://software.cisco.com/download/release.html?mdfid=280771500&softwareid=280775097&release=5.8.6&flowid=5128
For more information about Cisco Network Assistant, see the Release Notes for Cisco Network Assistant on Cisco.com.
The Cisco IOS image is stored as a bin file in a directory that is named with the Cisco IOS release. A subdirectory contains the files needed for web management. The image is stored on the compact flash memory card.
You can use the show version privileged EXEC command to see the software version that is running on your switch. The second line of the display shows the version.
You can also use the dir filesystem : privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.
The upgrade procedures in these release notes describe how to perform the upgrade by using a combined tar file. This file contains the Cisco IOS image file and the files needed for the embedded Device Manager. You must use the combined tar file to upgrade the switch through Device Manager. To upgrade the switch through the command-line interface (CLI), use the tar file and the archive download-sw privileged EXEC command.
Table 1 lists the filenames for this software release.
If you download the IP services image and plan to use Layer 3 functionality, you must use the Switch Database Management (SDM) routing template. To see which template is currently active template, enter the show sdm prefer privileged EXEC command. If necessary, change the SDM template to the routing template by entering the sdm prefer routing global configuration command. You will be prompted to reload the switch to activate the new template.
Note The switch must be running Cisco IOS Release 12.2(52)SE or later to configure the routing template.
As a best practice for any upgrade, you should first archive copies of the current Cisco IOS release and the new Cisco IOS release before you upgrade to new software. You should keep these archived images until you have upgraded all devices in the network to the new Cisco IOS image and until you have verified that the new Cisco IOS image works properly in your network.
Cisco routinely removes old Cisco IOS versions from Cisco.com. See Product Bulletin 2863 for more information:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps6969/ps1835/prod_bulletin0900aecd80281c0e.html
You can copy the bin software image file on the flash memory to the appropriate TFTP directory on a host by using the copy flash: tftp: privileged EXEC command.
Note Although you can copy any file on the flash memory to the TFTP server, it is time consuming to copy all of the HTML files in the tar file. We recommend that you download the tar file from Cisco.com and archive it on an internal host in your network.
You can also configure the switch as a TFTP server to copy files from one switch to another without using an external TFTP server by using the tftp-server global configuration command. For more information about the tftp-server command, see the “Basic File Transfer Services Commands” section of the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 :
http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_t1.html
You can upgrade switch software by using Device Manager or Network Assistant. For detailed instructions, click Help.
Note When using Device Manager to upgrade your switch, do not use or close your browser session after the upgrade process begins. Wait until after the upgrade process completes.
This procedure is for copying the combined tar file to the switch. You copy the file to the switch from a TFTP server and extract the files. You can download an image file and replace or keep the current image.
Note Make sure that the compact flash card is inserted into the switch before downloading the software.
To download software, follow these steps:
Step 1 Use Table 1 to identify the file that you want to download.
Step 2 Download the software image file:
a. If you are a registered customer, go to this URL and log in.
http://software.cisco.com/download/navigator.html?mdfid=282082952&catid=268438038
b. Navigate to Switches > Industrial Ethernet Switches.
c. Navigate to your switch model.
d. Click IOS Software, then select the latest IOS release.
e. Download the image you identified in Step 1.
Step 3 Copy the image to the appropriate TFTP directory on the workstation, and make sure that the TFTP server is properly configured.
For more information, see the Cisco IE 3000 Switch Software Configuration Guide.
Step 4 Log into the switch through the console port or a Telnet session.
Step 5 (Optional) Ensure that you have IP connectivity to the TFTP server by entering this privileged EXEC command:
For more information about assigning an IP address and default gateway to the switch, see the software configuration guide for this release.
Step 6 Download the image file from the TFTP server to the switch. If you are installing the same version of software that is currently on the switch, overwrite the current image by entering this privileged EXEC command:
The /overwrite option overwrites the software image in flash memory with the downloaded one.
The /reload option reloads the system after downloading the image unless the configuration has been changed and not saved.
For // location, specify the IP address of the TFTP server.
For / directory / image-name .tar, specify the directory (optional) and the image to download. Directory and image names are case sensitive.
This example shows how to download an image from a TFTP server at 198.30.20.19 and to overwrite the image on the switch:
You can also download the image file from the TFTP server to the switch and keep the current image by replacing the /overwrite option with the /leave-old-sw option.
You can assign IP information to your switch by using these methods:
Digital Optical Monitoring (DOM) is supported when using a DOM-capable SFP transceiver module. For information about the switch models that have SFP or dual-purpose ports, see Supported Hardware. For information about DOM-capable SFP modules, see SPF Modules Supported.
Note DOM is not supported on downlink SFP ports.
DOM allows monitoring real-time parameters of the switch, such as optical input and output power, temperature, laser bias current, and transceiver supply voltage. These parameters are monitored against the threshold values. The real-time DOM parameters can be monitored using command line interface or SNMP interface.
DOM is possible only with DOM-capable transceiver modules. When using an SFP module in a dual purpose port, DOM is supported if the interface media type is configured to SFP or if global transceiver monitoring is enabled.
Several enhancements were made to improve the implementation of Precision time Protocol (PTP).
Cisco Industrial Ethernet switches now can participate in the Cisco TrustSec security architecture by using the SGT Exchange Protocol (SXP). Cisco TrustSec establishes domains of trusted network devices. After a device is authenticated, communication is secured by using encryption and other mechanisms. As packets enter the network, they are classified by security group tags (SGTs) for the purpose of applying security policies. SXP is used to propagate the SGTs across network devices, such as the IE switches, that do not have hardware support for Cisco TrustSec.
To use this feature, enable SXP and configure the connections on each device that needs to participate in SXP exchanges.
For detailed information about the configuration commands and show commands, see “SGT Exchange Protocol over TCP (SXP)” at http://www.cisco.com/en/US/partner/docs/switches/lan/trustsec/configuration/guide/sxp_config.html#wp1056896
IP Device Tracking (IPDT) is globally enabled in the 15.2(1)EY release on all IE platforms. You can disable IPDT probing at the interface level using the CLI ip device tracking maximum 0 to avoid timeouts when end devices are in IP probing tentative state. This is especially critical if the switches are used in control automation, such as in an EtherNet/IP and Profinet network environment.
You should review this section before you begin working with the switch. These are known limitations that will not be fixed, and there is not always a workaround. Some features might not work as documented, and some features could be affected by recent changes to the switch hardware or software.
This section contains these limitations:
If this happens, uneven traffic distribution will happen on EtherChannel ports.
Changing the load balance distribution method or changing the number of ports in the EtherChannel can resolve this problem. Use any of these workarounds to improve EtherChannel load balancing:
– for random source-ip and dest-ip traffic, configure load balance method as src-dst-ip
– for incrementing source-ip traffic, configure load balance method as src-ip
– for incrementing dest-ip traffic, configure load balance method as dst-ip
– Configure the number of ports in the EtherChannel so that the number is equal to a power of 2 (i.e. 2, 4, or 8)
For example, with load balance configured as dst-ip with 150 distinct incrementing destination IP addresses, and the number of ports in the EtherChannel set to either 2, 4, or 8, load distribution is optimal.(CSCeh81991)
The workaround is to use rate limiting on DHCP traffic to prevent a denial of service attack from occurring. (CSCeb59166)
The workaround is to choose compatible buffer sizes and threshold levels. (CSCea76893)
This is a hardware limitation. The workaround is to disable CDP on all interfaces carrying the RSPAN VLAN on the device connected to the switch. (CSCeb32326)
When a switch or switch stack running Multiple Spanning Tree (MST) is connected to a switch running Rapid Spanning Tree Protocol (RSTP), the MST switch acts as the root bridge and runs per-VLAN spanning tree (PVST) simulation mode on boundary ports connected to the RST switch. If the allowed VLAN on all trunk ports connecting these switches is changed to a VLAN other than VLAN 1 and the root port of the RSTP switch is shut down and then enabled, the boundary ports connected to the root port move immediately to the forward state without going through the PVST+ slow transition.
There is no workaround. (CSCdz42909).
The workaround is to reduce the number of VLANs or trunks. (CSCeb31087)
The workaround is to enter the switchport access vlan dynamic interface configuration command separately on each port. (CSCsi26392)
The workaround is to remove unnecessary VLANs to reduce CPU utilization when many links are flapping. (CSCtl04815)
From Microsoft Internet Explorer:
1. Choose Tools > Internet Options.
2. Click Settings in the “Temporary Internet files” area.
3. From the Settings window, choose Automatically.
5. Click OK to exit the Internet Options window.
Beginning in privileged EXEC mode, follow these steps to configure the HTTP server interface:
If you change the HTTP port, you must include the new port number when you enter the IP address in the browser Location or Address field (for example, http://10.1.126.45:184 where 184 is the new HTTP port number). You should write down the port number through which you are connected. Use care when changing the switch IP information.
If you are not using the default method of authentication (the enable password), you need to configure the HTTP server interface with the method of authentication used on the switch.
Beginning in privileged EXEC mode, follow these steps to configure the HTTP server interface:
Note You can click the issue number to view more information in the Cisco Bug Search tool (login required).
Note You can click the issue number to view more information in the Cisco Bug Search tool (login required).
Installation, Configuration, Maintenance, and Operation Guides
http://www.cisco.com/en/US/products/ps9703/tsd_products_support_series_home.html
Online Help (available on the switch)
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.