Guest

Cisco Catalyst 3750 Metro Series Switches

Release Notes for the Catalyst 3750 Metro Switch, Cisco IOS Release 12.1(14)AX1

  • Viewing Options

  • PDF (423.5 KB)
  • Feedback
Release Notes for the Catalyst 3750 Metro Switch, Cisco IOS Release 12.1(14)AX1

Table Of Contents

Release Notes for the
Catalyst 3750 Metro Switch,
Cisco IOS Release 12.1(14)AX1

Contents

Hardware Supported

Downloading Software

Finding the Software Version and Feature Set

Deciding Which Files to Use

Upgrading a Switch by Using the CLI

Recovering from a Software Failure

Installation Notes

New Features

New Hardware Features

New Software Features

Limitations and Restrictions

Cisco IOS Limitations and Restrictions

Open Caveats

Resolved Caveats

Documentation Updates

Software Configuration Guide

Understanding Layer 2 Protocol Tunneling

Configuring Layer 2 Protocol Tunneling

Configuring Layer 2 Tunneling for EtherChannels

Configuring the Service-Provider Edge Switch

Configuring the Customer Switch

Command Reference

l2protocol-tunnel

Hardware Installation Guide

Related Documentation

Obtaining Documentation

Cisco.com

Ordering Documentation

Documentation Feedback

Obtaining Technical Assistance

Cisco TAC Website

Opening a TAC Case

TAC Case Priority Definitions

Obtaining Additional Publications and Information


Release Notes for the
Catalyst 3750 Metro Switch,
Cisco IOS Release 12.1(14)AX1


April 2004

The Cisco IOS Release 12.1(14)AX1 runs on all Catalyst 3750 Metro switches.

These release notes include important information about this Cisco IOS release and any limitations, restrictions, and caveats that apply to it. Verify that these release notes are correct for your switch:

If you are installing a new switch, refer to the Cisco IOS release label on the rear panel of your switch.

If your switch is on, use the show version privileged EXEC command. See the "Finding the Software Version and Feature Set" section.

If you are upgrading to a new release, refer to the software upgrade filename for the software version.

For the complete list of switch documentation, see the "Related Documentation" section.

You can download the switch software from these sites:

http://www.cisco.com/kobayashi/sw-center/sw-lan.shtml

(for registered Cisco.com users with a login password)

http://www.cisco.com/public/sw-center/sw-lan.shtml

(for nonregistered Cisco.com users)

This software release is part of a special release of Cisco IOS software that is not released on the same 8-week maintenance cycle that is used for other platforms. As maintenance releases and future software releases become available, they will be posted to Cisco.com (previously Cisco Connection Online [CCO]) in the Cisco IOS software area.

Contents

This information is in the release notes:

"Hardware Supported" section

"Downloading Software" section

"Installation Notes" section

"New Features" section

"Limitations and Restrictions" section

"Open Caveats" section

"Documentation Updates" section

"Related Documentation" section

"Obtaining Documentation" section

"Obtaining Technical Assistance" section

"Obtaining Additional Publications and Information" section

Hardware Supported

Table 1 lists the hardware supported by this software release.

Table 1 Supported Hardware 

Switch
Description

Catalyst 3750 Metro 24-AC switch

24 10/100 Ethernet ports, 2 1000X standard SFP1 module slots, 2 1000X ES2 SFP slots, and field-replaceable AC power supply

Catalyst 3750 Metro 24-DC switch

24 10/100 Ethernet ports, 2 1000X standard SFP module slots, 2 1000X ES SFP slots, and field-replaceable DC power supply

SFP modules

1000BASE-T, 1000BASE-SX, 1000BASE-LX, 1000BASE-ZX, and CWDM3

1 Small form-factor pluggable

2 Enhanced services

3 Coarse Wave Division Multiplexer


Downloading Software

These are the procedures for downloading software:

"Finding the Software Version and Feature Set" section

"Deciding Which Files to Use" section

"Upgrading a Switch by Using the CLI" section

"Recovering from a Software Failure" section


Note Before downloading software, read this section for important information.


Finding the Software Version and Feature Set

The Cisco IOS image is stored as a bin file in a directory that is named with the Cisco IOS release. The image is stored on the system board flash device (flash:).

You can use the show version privileged EXEC command to see the software version that is running on your switch.

You can also use the dir filesystem: privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.

Deciding Which Files to Use

The upgrade procedures in these release notes describe how to perform the upgrade by using a combined tar file. This file contains the Cisco IOS image file. To upgrade the switch through the command-line interface (CLI), use the tar file and the archive download-sw privileged EXEC command.

Table 2 lists the software filename for this software release.

Table 2 Cisco IOS Software Image Files for Catalyst 3750 Metro Switches 

Filename

Description

c3750me-i5-tar.121-14.AX1.tar

Cisco IOS image tar file.
This image has Layer 2+ and Layer 3 features.

c3750me-i5k2-tar.121-14.AX1.tar

Cisco IOS crypto image tar file.
This image has the Kerberos, SSH, Layer 2+, and Layer 3 features.


Upgrading a Switch by Using the CLI

This procedure is for copying the tar file to the switch. You copy the file to the switch from a TFTP server and extract the files. You can download an image file and replace or keep the current image.

Download the software from Cisco.com to your management station by following these steps:


Step 1 Use Table 2 to identify the file that you want to download.

Step 2 Download the software image file from Cisco.com.

If you have a SmartNet support contract, go to this URL and log in to download the appropriate files:

http://www.cisco.com/kobayashi/sw-center/sw-lan.shtml

If you do not have a SmartNet contract, go to this URL and follow the instructions to register on Cisco.com and download the appropriate files:

http://www.cisco.com/public/sw-center/sw-lan.shtml

To download the files, click the link for your switch platform, and then follow the links on the page to select the correct tar image file.

Step 3 Copy the image to the appropriate TFTP directory on the workstation, and make sure that the TFTP server is properly configured.

For more information, refer to Appendix B in the software configuration guide for this release.

Step 4 Log in to the switch through the console port or a Telnet session.

Step 5 Check your VLAN 1 configuration by using the show interfaces vlan 1 privileged EXEC command, and verify that VLAN 1 is part of the same network as the TFTP server. (Check the Internet address is line near the top of the display.)

Step 6 Download the image file from the TFTP server to the switch. If you are installing the same version of software that is currently on the switch, overwrite the current image by using this privileged EXEC command:

archive download-sw /overwrite /reload tftp:[[//location]/directory]/image-name.tar

The /overwrite option overwrites the software image in flash memory with the downloaded one.

The /reload option reloads the system after downloading the image unless the configuration has been changed and not been saved.

For //location, specify the IP address of the TFTP server.

For /directory/image-name.tar, specify the directory (optional) and the image to download. Directory and image names are case sensitive.

This example shows how to download an image from a TFTP server at 198.30.20.19 and to overwrite the image on the switch:

Switch# archive download-sw /overwrite tftp://198.30.20.19/c3750me-i5-tar.121-14.AX1.tar

You can also download the image file from the TFTP server to the switch and keep the current image by replacing the /overwrite option with the /leave-old-sw option.


Recovering from a Software Failure

Switch software can be corrupted during an upgrade, by downloading the wrong file to the switch, and by deleting the image file. In all of these cases, the switch does not pass the power-on self-test (POST), and there is no connectivity. You can use the Xmodem protocol to recover from these failures.

For detailed recovery procedures, refer to the "Troubleshooting" chapter in the software configuration guide for this release.

Installation Notes

You can assign IP information to your switch by using these methods:

The Express Setup program (Refer to the Catalyst 3750 Metro Switch Hardware Installation Guide.)

The CLI-based setup program (Refer to the Catalyst 3750 Metro Switch Hardware Installation Guide.)

The DHCP-based autoconfiguration (Refer to the Catalyst 3750 Metro Switch Software Configuration Guide.)

Manually assigning an IP address (Refer to the Catalyst 3750 Metro Switch Software Configuration Guide.)

New Features

These are the new supported hardware and the new software features provided this release:

"New Hardware Features" section

"New Software Features" section

New Hardware Features

For a list of all supported hardware, including new SFP module support, see the "Hardware Supported" section.

New Software Features

The switch now supports point-to-point Layer 2 protocol tunneling. For information about this feature, see the "Documentation Updates" section.

Limitations and Restrictions

You should review this section before you begin working with the switch. These are known limitations that will not be fixed, and there is not always a workaround. Some features might not work as documented, and some features could be affected by recent changes to the switch hardware or software.

Cisco IOS Limitations and Restrictions

These limitations apply to Cisco IOS configuration:

The switch does not support tunnel interfaces for unicast routed traffic. Only Distance Vector Multicast Routing Protocol (DVMRP) tunnel interfaces are supported for multicast routing.

Nonreverse-path forwarded (RPF) IP multicast traffic to a group that is bridged in a VLAN is leaked onto a trunk port in the VLAN even if the port is not a member of the VLAN group, but it is a member in some other VLAN group. Unnecessary traffic is sent on the trunk port and needlessly reduces the bandwidth of the port. There is no workaround because non-RPF traffic is continuous in certain topologies. As long as the trunk port is a member on a trunk port in at least one VLAN, this problem for the non-RPF traffic occurs. (CSCdu25219)

If a bridge group contains a VLAN that has a static MAC address configured, all non-IP traffic in the bridge group with this MAC address destination is sent to all ports in the bridge group. The workaround is to remove the VLAN from the bridge group or to remove the static MAC address from the VLAN. (CSCdw81955)

If the number of multicast routes and Internet Group Management Protocol (IGMP) groups are more than the maximum number in the Switch Database Management (SDM) template shown with the show sdm prefer global configuration command, the traffic received on unknown groups is flooded in the received VLAN even though the show ip igmp snooping multicast-table privileged EXEC command output shows otherwise. The workaround is to reduce the number of multicast routes and IGMP snooping groups to less than the maximum supported value. (CSCdy09008)

An egress SPAN copy of routed unicast traffic might show an incorrect destination MAC address on both local and remote SPAN sessions. This limitation does not apply to bridged packets. The workaround for local SPAN is to use the replicate option. There is no workaround for a remote SPAN session. This is a hardware limitation. (CSCdy72835)

Egress SPAN routed packets (both unicast and multicast) show the incorrect source MAC address. For remote SPAN packets, the source MAC address should be the MAC address of the egress VLAN, but instead the packet shows the MAC address of the remote SPAN (RSPAN) VLAN. For local SPAN packets with native encapsulation on the destination port, the packet shows the MAC address of VLAN 1. This problem does not appear with local SPAN when the encapsulation replicate option is used. This limitation does not apply to bridged packets. The workaround is to use the encapsulate replicate keywords in the monitor session global configuration command. Otherwise, there is no workaround. This is a hardware limitation. (CSCdy81521)

IGMP filtering is applied to packets that are forwarded through hardware. It is not applied to packets that are forwarded through software. Hence, with multicast routing enabled, the first few packets are sent from a port even when IGMP filtering is set to deny those groups on that port. There is no workaround. (CSCdy82818)

A static IP address might be removed when the previously acquired DHCP IP address lease expires.

This problem occurs under these conditions:

When the switch is booted without a configuration (no config.text file in flash memory).

When the switch is connected to a DHCP server that is configured to give an address to it (the dynamic IP address is assigned to VLAN 1).

When an IP address is configured on VLAN 1 before the dynamic address lease assigned to VLAN 1 expires.

The workaround is to reconfigure the static IP address. (CSCea71176)

The switch treats frames received with mixed encapsulation (802.1Q and Inter-Switch Link [ISL]) as frames with FCS errors, increments the error counters, and causes the port LED to blink amber. This happens when an ISL-unaware device receives an ISL-encapsulated packet and forwards the frame to an 802.1Q trunk interface. There is no workaround. (CSCdz33708)

IP-option traffic is sometimes leaked unnecessarily on a trunk port. Suppose the trunk port in question is a member of an IP multicast group in VLAN X, but it is not a member in VLAN Y. In VLAN Y, there is another port that has membership in the group, and VLAN Y is the output interface for the multicast route entry corresponding to the group. IP-options traffic received on an input interface VLAN (other than VLAN Y) is unnecessarily sent on the trunk port in VLAN Y because the trunk port is forwarding in VLAN Y (even though the port has no group membership in VLAN Y). There is no workaround. (CSCdz42909)

Known unicast (secured addresses) are flooded within a bridge group under this condition: If secure addresses are learned or configured on a port and the VLAN on this port is part of a bridge group, non-IP traffic destined to the secure addresses is flooded within the bridge group. The workaround is to disable fallback bridging. To remove an interface from a bridge group and to remove the bridge group, use the no bridge-group bridge-group interface configuration command. Another workaround is to disable port security on all ports in all VLANs participating in fallback bridging by using the no switchport port-security interface configuration command. (CSCdz80499)

When you use the ip access-group interface configuration command with a router access control list (ACL) to deny access to a group in a VLAN, multicast data to the group that is received in the VLAN is always flooded in the VLAN regardless of IGMP group membership in the VLAN. This provides access to directly connected clients, if any, in the VLAN. The workaround is to not apply a router ACL configured to deny access to a VLAN interface. Apply the security through other means; for example, apply VLAN maps to the VLAN instead of using a router ACL for the group. (CSCdz86110)

SNAP-encapsulated IP packets are dropped without an error message being reported at the interface. The switch does not support SNAP-encapsulated IP packets. There is no workaround. (CSCdz89142)

The switch does not create an adjacency table entry when the Address Resolution Protocol (ARP) timeout value is 15 seconds and the ARP request times out.

The workaround is to set an ARP timeout value higher than 120 seconds. (CSCea21674)

A route map that contains an ACL with a DSCP clause cannot be applied to a Layer 3 interface. The switch rejects this configuration and issues an error message that shows that the route map is unsupported. There is no workaround. (CSCea52915)

During periods of very high traffic and when two RSPAN source sessions are configured, the VLAN ID of packets in one RSPAN session might overwrite the VLAN ID of the other RSPAN session. If this occurs, packets intended for one RSPAN VLAN are incorrectly sent to the other RSPAN VLAN. This problem does not affect RSPAN destination sessions. The workaround is to configure only one RSPAN source session. (CSCea72326)

Some switch queues are disabled if the buffer size or threshold level is set too low with the mls qos queue-set output global configuration command. The ratio of buffer size to threshold level should be greater than ten to avoid disabling the queue. The workaround is to choose compatible buffer sizes and threshold levels. (CSCea76893)

When an IP phone is connected to the switch, the port VLAN ID (PVID) and the voice VLAN ID (VVID) both learn its MAC address. However, after dynamic MAC addresses are deleted, only VVID relearns the IP phone MAC address. MAC addresses are deleted manually or automatically for a topology change or when port security or an 802.1x feature is enabled or disabled. There is no workaround. (CSCea80105)

After changing the access VLAN on a port that has 802.1x enabled, the IP phone address is removed. Because learning is restricted on 802.1x capable ports, it takes approximately 30 seconds before the address is relearned. There is no workaround. (CSCea85312)

The egress-SPAN data rate might degrade when fallback bridging or multicast routing is enabled. The amount of degradation depends on the processor loading. Typically, the switch can egress-SPAN at up to 40,000 packets per second (64-byte packets). As long as the total traffic being monitored is below this limit, there is no degradation. However, if the traffic being monitored exceeds the limit, only a portion of the source stream is spanned. When this occurs, this console message appears: Decreased egress SPAN rate.

In all cases, normal traffic is not affected; the degradation limits only how much of the original source stream can be egress-spanned. If fallback bridging and multicast routing are disabled, egress-SPAN is not degraded. There is no workaround. If possible, disable fallback bridging and multicast routing. If possible, use ingress-SPAN to observe the same traffic. (CSCeb01216)

Some IGMP report and query packets with IP options might not be ingress-spanned. Packets that are susceptible to this problem are IGMP packets containing 4 bytes of IP options (IP header length of 24). An example of such packets would be IGMP reports and queries having the router alert IP option. Ingress-spanning of such packets is not accurate and can vary with traffic rate. Typically, very few or none of these packets are spanned. There is no workaround. (CSCeb23352)

If the number of VLANs times the number of trunk ports exceeds the recommended limit of 13000, the switch can halt. The workaround is to reduce the number of VLANs or trunks. (CSCeb31087)

Port-based Ethernet over Multiprotocol Label Switching (EoMPLS) sessions do not function if the incoming port is configured as an Inter-Switch Link (ISL) trunk. The workaround is to configure the incoming ports as an 802.1Q trunk or as an access port. (CSCeb44014)

When traffic with different class of service (CoS) values is sent into a 802.1Q tunnel, only the CoS 0 statistics increment in the show mls qos interface user EXEC command display. There is no workaround. (CSCeb75230)

The display for the show mpls ldp neighbor ipaddr-of-neighbor detail user EXEC command always shows the targeted hello holdtime value as infinite. The workaround is to use the show mpls ldp parameter user EXEC command to see the configured value. (CSCeb76775)

The bandwidth interface configuration command is not supported at the interface level, but it appears in the CLI. There is no workaround. (CSCeb80223)

The random-detect interface configuration command is not supported at the interface level, but it appears in the CLI. There is no workaround. (CSCeb80300)

The display for the show policy-map interface user EXEC command shows zeros for the counters associated with class-map match criteria. There is no workaround. (CSCec08205)

When MPLS is enabled, traceroute is not supported. There is no workaround. (CSCec13655)

The priority policy-map class configuration command cannot be configured for the default traffic class in a policy map. The workaround is to configure explicit matches for traffic that requires priority treatment. (CSCec38901)

VLAN mappings can be configured on a per-interface basis. A different set of mappings can be configured on each ES interface. The per-interface VLAN mappings remain in effect even when the ES ports are bundled in an EtherChannel. For example, if you map Gigabit Ethernet 1/1/1 to VLAN 20 through VLAN 50 and Gigabit Ethernet 1/1/2 to VLAN 20 through VLAN 70, traffic on VLAN 20 leaving the switch through the ES port bundle should be load balanced across the individual ES interfaces. However, some of that traffic is incorrectly translated to VLAN 50, and some is incorrectly translated to VLAN 70. The workaround is to configure identical VLAN mappings on both ES ports if they are going to be bundled into an EtherChannel. (CSCec49520)

Modifying a QoS class within a very large service policy that is attached to an ES port can cause high CPU utilization and an unresponsive CLI for an excessive period of time. The workaround is to detach the service policy from the port while making the modifications and then to re-attach the service policy. (CSCec75945)

Open Caveats

These are the open Cisco IOS configuration caveats:

CSCdz30046

When multicast VLAN registration (MVR) groups are added or deleted, the receiver port that joined the groups after the addition still receives traffic even after the group is deleted. The correct behavior is that MVR data traffic to the group should stop flowing to the receiver port immediately after the no mvr group ip-address global configuration command is entered.

The workaround is to disable MVR by using the no mvr global configuration command and then to re-enable it by using the mvr command. Add and delete the groups that have problems by using the mvr group ip-address and the no mvr group ip-address global configuration commands.

CSCea90131

Under these conditions, the switch might report a false security violation after an 802.1x supplicant is authenticated and assigned a new VLAN by the RADIUS server:

802.1x, port security, and voice VLAN are configured on a port.

The maximum number of secure addresses has been learned on the port before it is authenticated.

The VLAN assigned by the RADIUS server is different than the access VLAN configured on the port.

This problem does not prevent traffic from being forwarded to the 802.1x client, but the show port-security privileged EXEC command output might show that the port is SecureDown when it is actually SecureUp and forwarding traffic correctly.

The workaround is to restart the interfaces that appear to be out of sync by using the shutdown and then the no shutdown interface configuration commands.

CSCeb10032

The switch might not be able to pass Vine (Advanced Research Projects Agency) ARPA frames over bridge groups.

The workaround is to use Subnetwork Access Protocol (SNAP) frames.

CSCeb14406

DVMRP does not correctly forward packets.

There is no workaround.

CSCeb29898

After starting up a switch that has more than 300 VLANs and the maximum number of static Etherchannel groups (12), all interfaces that are part of an Etherchannel might stay down. This occurs because the remote switch detects an Etherchannel misconfiguration and disables its ports. This problem can occur in either per-VLAN-spanning-tree plus (PVST+) or rapid-PVST+ mode.

The workaround is to restart the EtherChannel ports or to configure automatic recovery:

Use the shutdown and no shutdown interface configuration commands on the remote switch to restart all err-disabled interfaces.

Use the errdisable recovery cause channel-misconfig global configuration command to enable automatic link recovery on the remote switch, and use the errdisable recovery interval global configuration command to configure a short recovery interval.

CSCeb35422

On a voice VLAN port with both 802.1x and port security enabled, dynamic secure addresses might not get deleted when the port is changed from multihost mode to single-host mode. This means that addresses learned in the multihost mode are still allowed after changing to single-host mode. This problem occurs under these conditions:

The port is in authorized state.

The port learns the MAC addresses of multiple hosts.

VLAN assignment is not enabled for the authorized host.

The workaround is to disable and then re-enable port security on the port.

CSCeb42949

The switch does not work with the User Registration Tool (URT). The PC attempting to connect to the network can login successfully, but is not allowed to pass traffic after the port is moved to the user VLAN. The MAC address for that device shows BLOCKED.

There is no workaround.

CSCeb54159

If an interface on the switch is mapped to queue-set 2, and you disable and then re-enable multilayer QoS globally by using the mls qos global configuration command, the interface is no longer mapped to the correct egress queue-set.

The workaround is to reconfigure the interface queue-set by using the no queue-set interface configuration command followed by the queue-set 2 interface configuration command.

CSCeb56226

If an 802.1x port is configured for forced-unauthorized port control mode and voice VLAN, after you remove the voice VLAN and disable 802.1x on the port, the port no longer passes traffic.

The workaround is to restart the port by using the shutdown and then the no shutdown interface configuration commands.

CSCec01607

The CISCO-CLASS-BASED-QOS-MIB cbQosPoliceCfgTable shows two policers when only one has been created. This happens only when creating a single-rate policer.

There is no workaround.

CSCec13135

The cbQosREDCfg, cbQosREDClassCfg and cbQosREDClassStats tables in CISCO-CLASS-BASED-QOS-MIB are unsupported.

The workaround is to use the random-detect policy-map class configuration command to configure Weighted Random Early Detection (WRED) and the show policy-map user EXEC command to monitor WRED.

CSCec19825

The etherHistoryUtilization object reports incorrect network utilization values for interfaces.

There is no workaround.

CSCec52524

When a switch boots without a configuration file, you are prompted for a Yes or No response to the Continue with configuration dialog? [yes/no] question. Even after you enter a response, pressing the Mode button for up to 2 seconds puts the switch in Express Setup mode and erases any configuration information that has been entered.

The workaround is to not enter Express Setup mode after configuration information has been entered.

CSCec57743

The no setup express global configuration command does not appear in the CLI menu when you enter the no ? command.

The workaround is to enter the no setup express global configuration command.

CSCec66730

A port configured with the dot1x port-control auto interface configuration command can be also configured in a channel group, even though these options are mutually exclusive.

There is no workaround.

CSCec70857

If you change the ingress priority queue settings for queue 2 by using the mls qos srr-queue input priority-queue 2 bandwidth weight global configuration command, the show running-config user EXEC command display contains an extra input keyword, for example, mls qos srr-queue input priority-queue input 2 bandwidth weight. This causes subsequent problems if the command is saved and if the switch reloaded.

The workaround is to edit the generated configuration file (config.text) and remove the extra input keyword before reloading the switch.

CSCec71041

When automatic QoS (auto-QoS) is configured on an interface and that interface is changed from routed mode to switched mode or switched mode to routed mode, the trust policies displayed by the show running-config user EXEC command and the show mls qos interface user EXEC command are incorrect for the new interface type.

The workaround is to disable auto-QoS on the interface by using the no auto qos voip [cisco-phone | trust] interface configuration command, to change the interface to routed or switched mode, and then to reconfigure auto-QoS by using the auto qos voip {cisco-phone | trust} interface configuration command.

CSCec72190

Changing the STP mode from PVST to MST (by using the spanning-tree mode mst global configuration command) or from MST to PVST (by using the spanning-tree mode pvst global configuration command) causes the LEDs for Layer 3 interfaces to turn amber, even though the ports are up.

The workaround is to use the shutdown and then the no shutdown interface configuration commands on each Layer 3 interface to force the LEDs back into sync.

CSCec72935

The port bandwidth limit displayed by show mls qos interface user EXEC command is 100 minus the configured value. For example, if the configured value is 70, the display shows 30.

There is no workaround.

CSCec73580

When the switchport voice vlan {vlan-id | dot1p | none | untagged} interface configuration command and the spanning-tree bpduguard {disable | enable} interface configuration command are configured together on an interface connected to another Catalyst 3750 Metro switch, the interface does not go into an error-disabled state (BPDU guard does not work).

There is no workaround.

CSCec84254

The switch does not link up with some media converters running at 100 Mbps. This problem occurs on 10/100BASE-T interfaces.

There is no workaround.

CSCed16780

Layer 2 protocol tunneling does not function reliably on EtherChannel interfaces.

There is no workaround.

CSCed23767

You cannot disable MAC address aging on a secure port. When port security is enabled on an interface, the recommended procedure to disable secure MAC address aging on the port is to set the aging time to zero. However, when you enter the switchport port-security aging time 0 interface configuration command, the switch does not accept 0 as a valid entry even though the CLI help string indicates that it is a valid setting.

There is no workaround.

CSCed26316

When an ES port is configured as an ISL trunk port, sending jumbo frames through the ES port causes the connected link to receive fragments and cyclic redundancy check (CRC) errors on a high percentage of the traffic. After a prolonged traffic run, the ES ports might stop forwarding traffic.

The workaround is to use 802.1Q encapsulation on ES ports when the switch supports jumbo frames.

CSCed27873

When an ES port is configured as an ISL trunk port, the interface counters count ISL packets that are within the system MTU size (1500 bytes) as giant packets that were discarded because they exceeded the system MTU.

The workaround is to configure the ES port as an 802.1Q trunk port.

CSCed29932

When you change the MPLS router ID by entering the mpls ldp router-id [loopback value] force global configuration command, the local router ID is changed, but the label distribution protocol (LDP) does not bind with the LDP neighbor until the loopback interface is shut down and brought back up.

The workaround is to enter a shutdown and then a no shutdown interface configuration command on the loopback interface after you change the MPLS router ID.

CSCed30184

An EtherChannel configured for 802.1Q tunneling and either the Port Aggregation Protocol (PAgP) or the Link Aggregation Control Protocol (LACP) does not come up.

The workaround is to use channel-group channel-group-number mode on interface configuration command.

CSCee29107

When two Catalyst 3750 Metro switches that have at least one interface tunneled to each other using port-based EoMPLS are connected over multiple equal-cost paths, the internal implementation of port-based EoMPLS causes a Layer 2 loop to form, and network traffic is disrupted. An example of this configuration would be if Gigabit Ethernet interface 1/1/1 on each Catalyst 3750 Metro switch is connected to one router, and Gigabit Ethernet 1/1/2 on each switch is connected to a different router.

There is no workaround. This configuration is not supported.

CSCee24347

When Intermediate System-to-Intermediate System (IS-IS) is configured on a switch virtual interface (SVI), it does not establish an adjacency with its neighbor.

The workaround is to force IS-IS to establish an adjacency with its neighbor by doing these steps:

1. Manually set the Connectionless Network Service (CLNS) maximum transmission unit (MTU) to 1497 as shown in this example:

Switch(config)# interface Vlan2
Switch(config-if)# ip address 10.0.0.4 255.255.255.0
Switch(config-if)# ip router isis isp
Switch(config-if)# clns mtu 1497
Switch(config-if)# clns router isis isp
Switch(config-if)# isis circuit-type level-1

2. Configure IS-IS on a physical (non-SVI) routed interface by using the ip address, ip router isis, and clns router isis interface configuration commands. This initializes IS-IS and allows the IS-IS instance on the SVI to establish its adjacency. You can then remove the IS-IS configuration from the physical interface by using the no ip router isis interface configuration command. However, after a reboot, if there are no physical interfaces configured for IS-IS in the startup configuration, you must again temporarily configure IS-IS on a physical interface.

Resolved Caveats

These caveats are resolved in Cisco IOS Release 12.1(14)AX1:

CSCeb78921

When MPLS traffic has been running long enough for the MPLS byte counters to roll over, entering the show mpls forwarding-table user EXEC command no longer results in a display with large negative bytes.

CSCec46189

A switch running Routing Information Protocol (RIP) version 1 no longer discards RIP packets destined for directed broadcast addresses.

CSCec55073

If you paste a configuration that has a large ACL into the running configuration of the switch, the console no longer halts, and the switch no longer reboots.

CSCec57826

A switch configured to send DHCP unicast requests to a specified DHCP server no longer reloads when it tries to boot up.

CSCec62437

Address Resolution Protocol (ARP) responses destined to the switch CPU that are received on a Layer 2 interface that has a MAC access list applied to it are no longer dropped, and ARP learning works correctly.

CSCec69183

The switch no longer reloads when you add an aggregate policer to a new policy map. In previous releases, this happened if the aggregate policer had previously been used in a policy map that was attached to an interface, even if that policy map had been detached and removed from the interface.

CSCec76671

The switch no longer times out the source and multicast group address (S, G) entries when passing low traffic (such as 3 packets per minute) from the source.

CSCec84210

The switch now communicates correctly with media converters running at 10 Mbps.

CSCec86127

The spanning-tree algorithm now blocks a Layer 2 loop if you change the native VLAN or a trunk port to a VLAN that you have not yet created.

CSCec86621

When you enter the ip default-network global configuration command, all packets that match the default route are no longer sent to the CPU.

CSCec87974

When using SNMP to poll a switch, the ifHCInOctets and ifHCOutOctets are no longer 0 for Gigabit EtherChannel interfaces.

CSCed03214

The switch no longer pauses indefinitely when 1-byte frames are received.

CSCed06621

The dynamic MAC address of the Hot Standby Router Protocol (HSRP) group is now relearned on the standby switch even if several interfaces have the same HSRP standby group.

CSCed10210

The switch no longer allows Telnet sessions to the device from unauthorized hosts when you apply an access class to inbound vty lines.

CSCed11323

If there are multiple aggregate policers configured on a switch and one of the policers is used in a policy map that has been applied to an interface, the switch no longer fails if you remove the aggregate policer without first detaching it from the policy map. In previous releases, this occurred when you first applied the command or after you saved the configuration and then reloaded the switch.

CSCed36621

When the MPLS label range is set to the default, the switch no longer rejects MPLS traffic with a label greater than 8192.

CSCed47290

MPLS now functions correctly on switch virtual interfaces (SVIs).

CSCed71197

Converting a Layer 2 port to a Layer 3 port by using the no switchport interface command no longer causes a remote ACL that is applied to the switch SVI to be removed from the ternary content addressable memory (TCAM).

CSCed75115

You can now set the CLNS MTU to more than 1497 on a routed interface.

CSCee14600

Layer 2 protocol tunneling packets received through an ES interface are now forwarded correctly.

CSCee23626

When the switch is running an Any Transport over MPLS (AToM) process and an LDP session starts or stops, the switch no longer experiences a slow memory leak or has to be reloaded.

Documentation Updates

The switch now supports point-to-point Layer 2 protocol tunneling, which was not documented in the software documentation. These are the documentation updates for this release.

Software Configuration Guide

These are the documentation updates for the Catalyst 3750 Metro Switch Software Configuration Guide. This information is part of Chapter 13, "Configuring IEEE802.1Q and Layer 2 Protocol Tunneling." For the complete chapter (minus these updates), go to this URL:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750m/12114ax/3750mscg/swtunnel.htm

The new information applies to the indicated section.

Understanding Layer 2 Protocol Tunneling

In a service-provider network, you can use Layer 2 protocol tunneling to enhance the creation of EtherChannels by emulating a point-to-point network topology. When you enable Port Aggregation Protocol (PAgP) or Link Aggregation Control Protocol (LACP) protocol tunneling on the service-provider switch, remote customer switches receive the protocol data units (PDUs) and can negotiate the automatic creation of EtherChannels.

For example, in Figure 1, Customer A has two switches in the same VLAN that are connected through the service-provider network. When the network tunnels PDUs, switches on the far ends of the network can negotiate the automatic creation of EtherChannels without needing dedicated lines. See the "Configuring Layer 2 Tunneling for EtherChannels" section for instructions on configuring Layer 2 protocol tunneling for EtherChannels.

Figure 1 Layer 2 Protocol Tunneling for EtherChannels

Configuring Layer 2 Protocol Tunneling

For emulated point-to-point network topologies, the switch supports PAgP, LACP, and UniDirectional Link Detection (UDLD) protocols.


Caution PAgP, LACP, and UDLD protocol tunneling is only intended to emulate a point-to-point topology. An erroneous configuration that sends tunneled packets to many ports could lead to a network failure.

Configuration Guidelines

These are configuration guidelines for PAgP, LACP, and UDLD protocol tunneling:

The switch supports PAgP, LACP, and UDLD tunneling for emulated point-to-point network topologies. Protocol tunneling is disabled by default but can be enabled for the individual protocols on 802.1Q tunnel ports, access ports, or trunk ports.

If you enable PAgP or LACP tunneling, we recommend that you also enable UDLD on the interface for faster link-failure detection.

Loopback detection is not supported on Layer 2 protocol tunneling of PAgP, LACP, or UDLD packets.

Configuring Layer 2 Tunneling for EtherChannels


Note This is a new section, not previously in Chapter 13.


To configure Layer 2 point-to-point tunneling to facilitate the automatic creation of EtherChannels, you need to configure both the service-provider edge switch and the customer switch.

Configuring the Service-Provider Edge Switch

Beginning in privileged EXEC mode, follow these steps to configure a service-provider edge switch for Layer 2 protocol tunneling for EtherChannels:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface interface-id

Enter interface configuration mode, and enter the interface to be configured as a tunnel port. This should be the edge port in the service-provider network that connects to the customer switch. Valid interfaces are physical interfaces.

Step 3 

switchport mode dot1q-tunnel

Configure the interface as an 802.1Q tunnel port.

Step 4 

l2protocol-tunnel point-to-point [pagp | lacp | udld]

Enable point-to-point protocol tunneling for the desired protocol. If no keyword is entered, tunneling is enabled for all three protocols.


Caution To avoid a network failure, make sure that the network is a point-to-point topology before you enable tunneling for PAgP, LACP, or UDLD packets.

Step 5 

l2protocol-tunnel shutdown-threshold [point-to-point [pagp | lacp | udld]] value

(Optional) Configure the threshold for packets-per-second accepted for encapsulation. The interface is disabled if the configured threshold is exceeded. If no protocol option is specified, the threshold applies to each of the tunneled Layer 2 protocol types. The range is 1 to 4096. The default is to have no threshold configured.

Note If you also set a drop threshold on this interface, the shutdown-threshold value must be greater than or equal to the drop-threshold value.

Step 6 

l2protocol-tunnel drop-threshold [point-to-point [pagp | lacp | udld]] value

(Optional) Configure the threshold for packets-per-second accepted for encapsulation. The interface drops packets if the configured threshold is exceeded. If no protocol option is specified, the threshold applies to each of the tunneled Layer 2 protocol types. The range is 1 to 4096. The default is to have no threshold configured.

Note If you also set a shutdown threshold on this interface, the drop-threshold value must be less than or equal to the shutdown-threshold value.

Step 7 

no cdp enable

Disable CDP on the interface.

Step 8 

spanning-tree bpdufilter enable

Enable BPDU filtering on the interface.

Step 9 

exit

Return to global configuration mode.

Step 10 

errdisable recovery cause l2ptguard

(Optional) Configure the recovery mechanism from a Layer 2 maximum-rate error so that the interface is re-enabled and can try again. Errdisable recovery is disabled by default; when enabled, the default time interval is 300 seconds.

Step 11 

l2protocol-tunnel cos value

(Optional) Configure the CoS value for all tunneled Layer 2 PDUs. The range is 0 to 7; the default is the default CoS value for the interface. If none is configured, the default is 5.

Step 12 

end

Return to privileged EXEC mode.

Step 13 

show l2protocol

Display the Layer 2 tunnel ports on the switch, including the protocols configured, the thresholds, and the counters.

Step 14 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Use the no l2protocol-tunnel [point-to-point [pagp | lacp | udld]] interface configuration command to disable point-to-point protocol tunneling for one of the Layer 2 protocols or for all three. Use the no l2protocol-tunnel shutdown-threshold [point-to-point [pagp | lacp | udld]] and the no l2protocol-tunnel drop-threshold [[point-to-point [pagp | lacp | udld]] commands to return the shutdown and drop thresholds to the default settings.

Configuring the Customer Switch

After configuring the service-provider edge switch, begin in privileged EXEC mode, and follow these steps to configure a customer switch for Layer 2 protocol tunneling for EtherChannels:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface interface-id

Enter the interface configuration mode. This should be the customer switch port.

Step 3 

switchport trunk encapsulation dot1q

Set the trunking encapsulation format to 802.1Q.

Step 4 

switchport mode trunk

Enable trunking on the interface.

Step 5 

udld enable

Enable UDLD in normal mode on the interface.

Step 6 

channel-group channel-group-number mode desirable

Assign the interface to a channel group, and specify desirable for the PAgP mode. For more information about configuring EtherChannels, see the software configuration guide for this release.

Step 7 

exit

Return to global configuration mode.

Step 8 

interface port-channel port-channel number

Enter port-channel interface mode.

Step 9 

shutdown

Shut down the interface.

Step 10 

no shutdown

Enable the interface.

Step 11 

end

Return to privileged EXEC mode.

Step 12 

show l2protocol

Display the Layer2 tunnel ports on the switch, including the protocols configured, the thresholds, and the counters.

Step 13 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Use the no switchport mode trunk, the no udld enable, and the no channel group channel-group-number mode desirable interface configuration commands to return the interface to the default settings.

For EtherChannels, you need to configure both the service-provider edge switches and the customer switches for Layer 2 protocol tunneling.

This example shows how to configure the service provider edge Switch A and edge Switch B in the example in Figure 1. VLANs 17, 18, 19, and 20 are the access VLANs, Fast Ethernet ports 1 and 2 are point-to-point tunnel ports with PAgP and UDLD enabled, the drop threshold is 1000, and Fast Ethernet port 3 is a trunk port.

Service-provider edge Switch A configuration:

Switch(config)# interface fastethernet1/0/1
Switch(config-if)# switchport access vlan 17
Switch(config-if)# switchport mode dot1q-tunnel
Switch(config-if)# l2protocol-tunnel point-to-point pagp
Switch(config-if)# l2protocol-tunnel point-to-point udld
Switch(config-if)# l2protocol-tunnel drop-threshold point-to-point pagp 1000
Switch(config-if)# exit
Switch(config)# interface fastethernet1/0/2
Switch(config-if)# switchport access vlan 18
Switch(config-if)# switchport mode dot1q-tunnel
Switch(config-if)# l2protocol-tunnel point-to-point pagp
Switch(config-if)# l2protocol-tunnel point-to-point udld
Switch(config-if)# l2protocol-tunnel drop-threshold point-to-point pagp 1000
Switch(config-if)# exit
Switch(config)# interface fastethernet1/0/3
Switch(config-if)# switchport trunk encapsulation isl
Switch(config-if)# switchport mode trunk

Service-provider edge Switch B configuration:

Switch(config)# interface fastethernet1/0/1
Switch(config-if)# switchport access vlan 19
Switch(config-if)# switchport mode dot1q-tunnel
Switch(config-if)# l2protocol-tunnel point-to-point pagp
Switch(config-if)# l2protocol-tunnel point-to-point udld
Switch(config-if)# l2protocol-tunnel drop-threshold point-to-point pagp 1000
Switch(config-if)# exit
Switch(config)# interface fastethernet1/0/2
Switch(config-if)# switchport access vlan 20
Switch(config-if)# switchport mode dot1q-tunnel
Switch(config-if)# l2protocol-tunnel point-to-point pagp
Switch(config-if)# l2protocol-tunnel point-to-point udld
Switch(config-if)# l2protocol-tunnel drop-threshold point-to-point pagp 1000
Switch(config-if)# exit
Switch(config)# interface fastethernet1/0/3
Switch(config-if)# switchport trunk encapsulation isl
Switch(config-if)# switchport mode trunk

This example shows how to configure the customer switch at Site 1. Fast Ethernet ports 1, 2, 3, and 4 are set for 802.1Q trunking, UDLD is enabled, EtherChannel group 1 is enabled, and the port channel is shut down and then enabled to activate the EtherChannel configuration.

Switch(config)# interface fastethernet1/0/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# udld enable
Switch(config-if)# channel-group 1 mode desirable
Switch(config-if)# exit
Switch(config)# interface fastethernet1/0/2
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# udld enable
Switch(config-if)# channel-group 1 mode desirable
Switch(config-if)# exit
Switch(config)# interface fastethernet1/0/3
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# udld enable
Switch(config-if)# channel-group 1 mode desirable
Switch(config-if)# exit
Switch(config)# interface fastethernet1/0/4
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# udld enable
Switch(config-if)# channel-group 1 mode desirable
Switch(config-if)# exit
Switch(config)# interface port-channel 1
Switch(config-if)# shutdown
Switch(config-if)# no shutdown
Switch(config-if)# exit

Command Reference

In the Catalyst 3750 Metro Switch Command Reference, the l2protocol-tunnel interface configuration command has been modified to include support for point-to-point tunneling.

l2protocol-tunnel

Use the l2protocol-tunnel interface configuration command to enable tunneling of Layer 2 protocols on an access or 802.1Q tunnel port. You can enable tunneling for Cisco Discovery Protocol (CDP), Spanning Tree Protocol (STP), or VLAN Trunking Protocol (VTP) packets, or configure the maximum number of incoming Layer 2 protocol packets to be received before the port is disabled or the interface drops packets. You can also enable point-to-point tunneling for Port Aggregation Protocol (PAgP), Link Aggregation Control Protocol (LACP), or UniDirectional Link Detection (UDLD) packets. If no keyword is entered, tunneling is enabled for all three Layer 2 protocols. Use the no form of this command to disable tunneling on the interface, to return to having no shutdown threshold, or to return to having no drop threshold.

l2protocol-tunnel [cdp | stp | vtp] [point-to-point [pagp | lacp | udld]] | [shutdown-threshold [cdp | stp | vtp] [point-to-point [pagp | lacp | udld]] value] | [drop-threshold [cdp | stp | vtp] [point-to-point [pagp | lacp | udld]] value]

no l2protocol-tunnel [cdp | stp | vtp] [point-to-point [pagp | lacp | udld]] | [shutdown-threshold [cdp | stp | vtp] [point-to-point [pagp | lacp | udld]] value] | [drop-threshold [cdp | stp | vtp] [point-to-point [pagp | lacp | udld]] value]

Syntax Description

cdp

(Optional) Enable tunneling of CDP, specify a shutdown threshold for CDP, or specify a drop threshold for CDP.

stp

(Optional) Enable tunneling of STP, specify a shutdown threshold for STP, or specify a drop threshold for STP.

vtp

(Optional) Enable tunneling of VTP, specify a shutdown threshold for VTP, or specify a drop threshold for VTP.

point-to-point

(Optional) Enable point-to point tunneling of PAgP, LACP, and UDLD packets.

pagp

(Optional) Enable point-to-point tunneling of PAgP, specify a shutdown threshold for PAgP, or specify a drop threshold for PAgP.

lacp

(Optional) Enable point-to-point tunneling of LACP, specify a shutdown threshold for LACP, or specify a drop threshold for LACP.

udld

(Optional) Enable point-to-point tunneling of UDLD, specify a shutdown threshold for UDLD, or specify a drop threshold for UDLD.

shutdown-threshold

(Optional) Set a shutdown threshold for the maximum rate of Layer 2 protocol packets per second to be received before an interface is shut down.

drop-threshold

(Optional) Set a drop threshold for the maximum rate of Layer 2 protocol packets per second to be received before an interface drops packets.

value

Specify a threshold in packets per second to be received for encapsulation before the interface shuts down, or specify the threshold before the interface drops packets. The range is 1 to 4096. The default is no threshold.


Defaults

The default is that no Layer 2 protocol packets are tunneled.

If you enter the command with no keyword, the default is to tunnel CDP, STP, and VTP packets.

The default is to have no shutdown threshold for the number of Layer 2 protocol packets.

The default is to have no drop threshold for the number of Layer 2 protocol packets.

Command Modes

Interface configuration

Command History

Release
Modification

12.1(14)AX

This command was introduced.

12.1(14)AX1

The [point-to-point [pagp | lacp | udld]] keywords were added.


Usage Guidelines

You must enter this command, with or without protocol types, to tunnel Layer 2 protocol packets.

Layer 2 protocol tunneling across a service-provider network ensures that Layer 2 protocol information is propagated across the network to all customer locations. When protocol tunneling is enabled, protocol packets are encapsulated with a well-known Cisco multicast address for transmission across the network. When the packets reach their destination, this address is replaced by the Layer 2 protocol MAC address.

When Layer 2 protocol tunneling is enabled on ingress ports on a switch, egress trunk ports forward the tunneled packets with a special encapsulation. If you also enable Layer 2 protocol tunneling on the egress trunk port, this behavior is bypassed, and the switch forwards control protocol data units (PDUs) without any processing or modification. The Layer 2 protocol-tunnel bypass feature can provide interoperability with third-party vendors. Bypass mode transparently forwards control PDUs to vendor switches that have different ways of controlling protocol tunneling.

You can enable Layer 2 protocol tunneling individually for CDP, STP, VTP, or for all three protocols.

You can enable Layer 2 protocol tunneling on ports that are configured as access ports, 802.1Q tunnel ports, or trunk ports. You cannot enable Layer 2 protocol tunneling on ports configured with switchport mode dynamic auto or dynamic desirable.

EtherChannel port groups are compatible with tunnel ports if the 802.1Q configuration is consistent within an EtherChannel port group.

In a service-provider network, you can use Layer 2 protocol tunneling to enhance the creation of EtherChannels by emulating a point-to-point network topology. When protocol tunneling is enabled on the service-provider switch for PAgP or LACP, remote customer switches receive the PDUs and can negotiate automatic creation of EtherChannels.

To enable tunneling of PAgP, LACP, and UDLD packets, you must have a point-to-point network topology. To decrease the link-down detection time, you should also enable UDLD on the interface when you enable tunneling of PAgP or LACP packets.

You can enable point-to-point protocol tunneling individually for PAgP, LACP, UDLD, or for all three protocols.


Caution PAgP, LACP, and UDLD protocol tunneling is only intended to emulate a point-to-point topology. An erroneous configuration that sends tunneled packets to many ports could lead to a serious network failure.

Dynamic Trunking Protocol (DTP) is not compatible with Layer 2 protocol tunneling because you must manually configure asymmetric links with tunnel ports and trunk ports.

Edge switches on the outbound side of the service-provider network restore the proper Layer 2 protocol and MAC address information and forward the packets to all tunnel, access, and Layer 2 protocol-enabled trunk ports in the same metro VLAN.

Enter the shutdown-threshold keyword to control the number of protocol packets per second that are received on an interface before it shuts down. When no protocol option is specified with the keyword, the threshold is applied to each of the tunneled Layer 2 protocol types. If you also set a drop threshold on the interface, the shutdown-threshold value must be greater than or equal to the drop-threshold value.

When the shutdown threshold is reached, the interface is error-disabled. If you enabled error recovery by entering the errdisable recovery cause l2ptguard global configuration command, the interface is brought out of the error-disabled state and allowed to retry the operation when all the causes have timed out. If the error recovery mechanism is not enabled for l2ptguard, the interface stays in the error-disabled state until you enter the shutdown and no shutdown interface configuration commands.

Enter the drop-threshold keyword to control the number of protocol packets per second that are received on an interface before it drops packets. When no protocol option is specified with a keyword, the threshold is applied to each of the tunneled Layer 2 protocol types. If you also set a shutdown threshold on the interface, the drop-threshold value must be less than or equal to the shutdown-threshold value.

When the drop threshold is reached, the interface drops Layer 2 protocol packets until the rate at which they are received is below the drop threshold.

The configuration is saved in NVRAM.


Note For more information about Layer 2 protocol tunneling, refer to the software configuration guide for this release.


Examples

This example shows how to enable protocol tunneling for CDP packets and to configure the shutdown threshold as 50 packets per second:

Switch(config-if)# l2protocol-tunnel cdp
Switch(config-if)# l2protocol-tunnel shutdown-threshold cdp 50

This example shows how to enable protocol tunneling for STP packets and to configure the drop threshold as 400 packets per second:

Switch(config-if)# l2protocol-tunnel stp
Switch(config-if)# l2protocol-tunnel drop-threshold stp 400

This example shows how to enable point-to-point protocol tunneling for PAgP and UDLD packets and to configure the PAgP drop threshold as 1000 packets per second:

Switch(config-if)# l2protocol-tunnel point-to-point pagp
Switch(config-if)# l2protocol-tunnel point-to-point udld
Switch(config-if)# l2protocol-tunnel drop-threshold point-to-point pagp 1000

Related Commands

Command
Description

l2protocol-tunnel cos

Configures a class of service (CoS) value for all tunneled Layer 2 protocol packets.

show errdisable recovery

Displays errdisable recovery timer information.

show l2protocol-tunnel

Displays information about ports configured for Layer 2 protocol tunneling, including port, protocol, CoS, and threshold.


Hardware Installation Guide

The Preface for the Catalyst 3750 Metro Switch Hardware Installation Guide does not include the translations for the Warning symbol and explanation (Statement 1071) or a change to the Warning statement about installation for short-circuit (overcurrent) protection (Statement 1005-Circuit Breaker) in Appendix E, "Translated Safety Warnings."

This information is in the Release Notes for the Catalyst 3750 Metro Switch, Cisco IOS Release 12.1(14) AX at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750m/12114ax/ol464601.htm#35851

Related Documentation

These documents provide information about the switch and are available from this Cisco.com site:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750m/index.htm

You can order printed copies of documents with a DOC-xxxxxx= number from the Cisco.com sites and from the telephone numbers listed in the "Obtaining Documentation" section.

Catalyst 3750 Metro Switch Software Configuration Guide (order number DOC-7815870=)

Catalyst 3750 Metro Switch Command Reference (order number DOC-7815871=)

Catalyst 3750 Metro Switch System Message Guide (order number DOC-7815872=)

Catalyst 3750 Metro Switch Hardware Installation Guide (order number DOC-7815869=)

Cisco Small Form-Factor Pluggable Modules Installation Notes (not orderable but available on Cisco.com)

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation on the World Wide Web at this URL:

http://www.cisco.com/univercd/home/home.htm

You can access the Cisco website at this URL:

http://www.cisco.com

International Cisco websites can be accessed from this URL:

http://www.cisco.com/public/countries_languages.shtml

Ordering Documentation

You can find instructions for ordering documentation at this URL:

http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm

You can order Cisco documentation in these ways:

Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:

http://www.cisco.com/en/US/partner/ordering/index.shtml

Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).

Documentation Feedback

You can submit e-mail comments about technical documentation to bug-doc@cisco.com.

You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, the Cisco Technical Assistance Center (TAC) provides 24-hour-a-day, award-winning technical support services, online and over the phone. Cisco.com features the Cisco TAC website as an online starting point for technical assistance. If you do not hold a valid Cisco service contract, please contact your reseller.

Cisco TAC Website

The Cisco TAC website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The Cisco TAC website is available 24 hours a day, 365 days a year. The Cisco TAC website is located at this URL:

http://www.cisco.com/tac

Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a login ID or password, register at this URL:

http://tools.cisco.com/RPF/register/register.do

Opening a TAC Case

Using the online TAC Case Open Tool is the fastest way to open P3 and P4 cases. (P3 and P4 cases are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Case Open Tool automatically recommends resources for an immediate solution. If your issue is not resolved using the recommended resources, your case will be assigned to a Cisco TAC engineer. The online TAC Case Open Tool is located at this URL:

http://www.cisco.com/tac/caseopen

For P1 or P2 cases (P1 and P2 cases are those in which your production network is down or severely degraded) or if you do not have Internet access, contact Cisco TAC by telephone. Cisco TAC engineers are assigned immediately to P1 and P2 cases to help keep your business operations running smoothly.

To open a case by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447

For a complete listing of Cisco TAC contacts, go to this URL:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

TAC Case Priority Definitions

To ensure that all cases are reported in a standard format, Cisco has established case priority definitions.

Priority 1 (P1)—Your network is "down" or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Priority 2 (P2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Priority 3 (P3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Priority 4 (P4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Go to this URL to visit the company store:

http://www.cisco.com/go/marketplace/

The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as ordering and customer support services. Access the Cisco Product Catalog at this URL:

http://cisco.com/univercd/cc/td/doc/pcat/

Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press online at this URL:

http://www.ciscopress.com

Packet magazine is the Cisco quarterly publication that provides the latest networking trends, technology breakthroughs, and Cisco products and solutions to help industry professionals get the most from their networking investment. Included are networking deployment and troubleshooting tips, configuration examples, customer case studies, tutorials and training, certification information, and links to numerous in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/packet

iQ Magazine is the Cisco bimonthly publication that delivers the latest information about Internet business strategies for executives. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

Training—Cisco offers world-class networking training. Current offerings in network training are listed at this URL:

http://www.cisco.com/en/US/learning/index.html