Guest

Cisco ME 2400 Series Ethernet Access Switches

Release Notes for the Cisco ME 2400 Ethernet Access Switches, Cisco IOS Release 12.2(40)SE

  • Viewing Options

  • PDF (297.7 KB)
  • Feedback
Release Notes for the Cisco ME 2400 Ethernet Access Switch, Cisco IOS Release 12.2(40)SE

Table Of Contents

Release Notes for the
Cisco ME 2400 Ethernet Access Switch, Cisco IOS Release 12.2(40)SE

Contents

Hardware Supported

Upgrading the Switch Software

Finding the Software Version and Feature Set

Deciding Which Files to Use

Archiving Software Images

Upgrading a Switch

Recovering from a Software Failure

Installation Notes

New Features

New Hardware Features

New Software Features

Minimum Cisco IOS Release for Major Features

Limitations and Restrictions

Configuration

QoS

SPAN and RSPAN

Trunking

VLAN

Open Caveats

Resolved Caveats

Documentation Updates

Updates to the Software Configuration Guide and Command Reference

Updates to the Software Configuration Guide

Replacing and Rolling Back Configurations

Using Cisco IOS IP SLAs

Updates to the Command Reference

Updates to the System Message Guide

New System Messages

Changed System Message

Update to the Regulatory Compliance and Safety Information

Cautions and Regulatory Compliance Statements for NEBS

Update to the Hardware Installation Guide

Installation Information

Related Documentation

Obtaining Documentation, Obtaining Support, and Security Guidelines


Release Notes for the
Cisco ME 2400 Ethernet Access Switch, Cisco IOS Release 12.2(40)SE


August 28, 2007

Cisco IOS Release 12.2(40)SE runs on the Cisco ME 2400 Series Ethernet Access switches.

These release notes include important information about Cisco IOS Release 12.2(40)SE and any limitations, restrictions, and caveats that apply to the release. Verify that these release notes are correct for your switch:

If you are installing a new switch, see the Cisco IOS release label on the rear panel of your switch.

If your switch is on, use the show version privileged EXEC command. See the "Finding the Software Version and Feature Set" section.

If you are upgrading to a new release, see the software upgrade filename for the software version. See the "Deciding Which Files to Use" section.

For the complete list of Cisco ME 2400 switch documentation, see the "Related Documentation" section.

You can download the switch software from this site (registered Cisco.com users with a login password):

http://tools.cisco.com/support/downloads/go/MDFTree.x?butype=switches

This software release is part of a special release of Cisco IOS software that is not released on the same 8-week maintenance cycle that is used for other platforms. As maintenance releases and future software releases become available, they will be posted to Cisco.com in the Cisco IOS software area.

Contents

This information is in the release notes:

"Hardware Supported" section

"Upgrading the Switch Software" section

"Installation Notes" section

"New Features" section

"Minimum Cisco IOS Release for Major Features" section

"Limitations and Restrictions" section

"Open Caveats" section

"Resolved Caveats" section

"Documentation Updates" section

"Related Documentation" section

"Obtaining Documentation, Obtaining Support, and Security Guidelines" section

Hardware Supported

Table 1 lists the hardware supported on Cisco IOS Release 12.2(40)SE.

Table 1 Supported Hardware 

Device
Description
Supported by Minimum Cisco IOS Release

ME-2400-24TS-A

24 10/100 ports and 2 SFP module slots, AC power

Cisco IOS Release 12.2(25)EX

ME-2400-24TS-D

24 10/100 ports and 2 SFP module slots, DC power

Cisco IOS Release 12.2(25)EX

SFP modules

1000BASE-T, -BX, -SX, -LX/LH, -ZX
100BASE-BX, FX, -LX
Coarse wavelength-division multiplexing (CWDM)

Cisco IOS Release 12.2(25)EX

Cable

Catalyst 3560 SFP interconnect cable

Cisco IOS Release 12.2(25)EX


Upgrading the Switch Software

These are the procedures for downloading software. Before downloading software, read this section for important information:

"Finding the Software Version and Feature Set" section

"Deciding Which Files to Use" section

"Archiving Software Images" section

"Upgrading a Switch" section

"Recovering from a Software Failure" section

Finding the Software Version and Feature Set

The Cisco IOS image is stored as a bin file in a directory that is named with the Cisco IOS release. The image is stored on the system board flash device (flash:).

You can use the show version privileged EXEC command to see the software version that is running on your switch. The second line of the display shows the version.

You can also use the dir filesystem: privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.

Deciding Which Files to Use

The upgrade procedures in these release notes describe how to perform the upgrade by using a combined tar file. This file contains the Cisco IOS image file. To upgrade the switch through the command-line interface (CLI), use the tar file and the archive download-sw privileged EXEC command.

Table 2 lists the filenames for this software release.

Table 2 Cisco IOS Software Image Files 

Filename

Description

me240x-metrobase-tar.122-37.40.tar

Cisco ME 2400 metro base image.
This image has basic Metro Ethernet features.

me240x-metrobasek9-tar.122-40.SE.tar

Cisco ME 2400 metro base cryptographic image.
This image has the Kerberos, Secure Shell (SSH), and basic Metro Ethernet features.


Archiving Software Images

Before upgrading your switch software, make sure that you have archived copies of the current Cisco IOS release and the Cisco IOS release to which you are upgrading. You should keep these archived images until you have upgraded all devices in the network to the new Cisco IOS image and until you have verified that the new Cisco IOS image works properly in your network.

Cisco routinely removes old Cisco IOS versions from Cisco.com. See Product Bulletin 2863 for more information:

http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps5187/prod_bulletin0900aecd80281c0e.html

You can copy the bin software image file on the flash memory to the appropriate TFTP directory on a host by using the copy flash: tftp: privileged EXEC command.

You can also configure the switch as a TFTP server to copy files from one switch to another without using an external TFTP server by using the tftp-server global configuration command. For more information about the tftp-server command, see the "Basic File Transfer Services Commands" section of the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 at this URL:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_reference_chapter09186a00800ca744.html#wp1018426

Upgrading a Switch

This procedure is for copying the combined tar file to the switch. You copy the file to the switch from a TFTP server and extract the files. You can download an image file and replace or keep the current image.


Note For downloading software, we recommend that you connect to the TFTP server through a network node interface (NNI). If you want to connect to the server through a user network interface (UNI), see the "Troubleshooting" chapter of the software configuration guide for methods for enabling ping capability on UNIs. See the "New Software Features" section for a definition of NNIs and UNIs.


To download software, follow these steps:


Step 1 Use Table 2 to identify the file that you want to download.

Step 2 Download the software image file. If you have a SmartNet support contract, log in to cisco.com and go to this URL, and log in to download the appropriate files:

http://www.cisco.com/kobayashi/sw-center/index.shtml

Click on "Download Software Area" and search for ME 2400to download the appropriate files:

To download the image for a Cisco ME 2400 switch, click Cisco ME 2400 software.

To obtain authorization and to download the cryptographic software files, click Cisco ME 2400 3DES Cryptographic Software.

Step 3 Copy the image to the appropriate TFTP directory on the workstation, and make sure that the TFTP server is properly configured.

For more information, refer to Appendix B in the software configuration guide for this release.

Step 4 Log into the switch through the console port or a Telnet session.

Step 5 (Optional) Ensure that you have IP connectivity to the TFTP server by entering this privileged EXEC command:

Switch# ping tftp-server-address


Note By default, ping is supported on network node interfaces (NNIs), but you cannot ping from a user network interface (UNI) because the control-plane security feature drops ICMP response packets received on UNIs. See the "Troubleshooting" chapter of the software configuration guide for methods for pinging from the switch to a host connected to a UNI.


For more information about assigning an IP address and default gateway to the switch, refer to the software configuration guide for this release.

Step 6 Download the image file from the TFTP server to the switch. If you are installing the same version of software that is currently on the switch, overwrite the current image by entering this privileged EXEC command:

Switch# archive download-sw /overwrite /reload 
tftp:[[//location]/directory]/image-name.tar

The /overwrite option overwrites the software image in flash memory with the downloaded one.

The /reload option reloads the system after downloading the image unless the configuration has been changed and not saved.

For //location, specify the IP address of the TFTP server.

For /directory/image-name.tar, specify the directory (optional) and the image to download. Directory and image names are case sensitive.

This example shows how to download an image from a TFTP server at 198.30.20.19 and to overwrite the image on the switch:

Switch# archive download-sw /overwrite 
tftp://198.30.20.19/me240x-metrobase-tar.122.40.SE.tar

You can also download the image file from the TFTP server to the switch and keep the current image by replacing the /overwrite option with the /leave-old-sw option.


Recovering from a Software Failure

For recovery procedures, see the "Troubleshooting" chapter in the software configuration guide for this release.

Installation Notes

You can assign IP information to your switch by using these methods:

The CLI-based setup program, as described in the switch hardware installation guide.

The DHCP-based autoconfiguration, as described in the switch software configuration guide.

Manually assigning an IP address, as described in the switch software configuration guide.

New Features

These sections describe the new supported hardware and the new software features provided in this release:

"New Hardware Features" section

"New Software Features" section

New Hardware Features

For a list of all supported hardware, see the "Hardware Supported" section.

New Software Features

These are the new software features for Cisco IOS Release 12.2(40)SE:

Configuration replacement and rollback to replace the running configuration on a switch with any saved Cisco IOS configuration file

See the "Replacing and Rolling Back Configurations" section.

IP Service Level Agreements (IP SLAs) responder support that allows the switch to be a target device for IP SLAs active traffic monitoring.

See the "Using Cisco IOS IP SLAs" section.

Support for a maximum of 512 multicast entries (MVR group addresses) on a switch

Support for the CISCO-MAC-NOTIFICATION-MIB

Minimum Cisco IOS Release for Major Features

Table 3 lists the minimum software release (after the first release) required to support the major features of the Cisco ME 2400 switch. Features not listed are supported in all releases.

Table 3 Features Introduced After the First Release and the Minimum Cisco IOS Release Required 

Feature
Minimum Cisco IOS Release Required

Configuration rollback and replacement

12.2(40)SE

IP SLAs responder support

12.2(40)SE

LLDP and LLDP-MED

12.2(37)SE

Port security on a PVLAN host

12.2(37)SE

Support for Multicast VLAN Registration (MVR) over trunk ports

12.2(35)SE1

DHCP server

12.2(25)SEG

DHCP Option-82 configurable remote ID and circuit ID

12.2(25)SEG

Multiple spanning-tree (MST) based on the IEEE 802.1s standard

12.2(25)SEG

Secure Copy Protocol

12.2(25)SEG


Limitations and Restrictions

You should review this section before you begin working with the switch. These are known limitations that will not be fixed, and there is not always a workaround. Some features might not work as documented, and some features could be affected by recent changes to the switch hardware or software.

These limitations apply to the Cisco ME switches:

"Configuration" section

"QoS" section

"SPAN and RSPAN" section

"Trunking" section

"VLAN" section

Configuration

These are the configuration limitations:

When the logging event-spanning-tree interface configuration command is configured and logging to the console is enabled, a topology change might generate a large number of logging messages, causing high CPU utilization. CPU utilization can increase with the number of spanning-tree instances and the number of interfaces configured with the logging event-spanning-tree interface configuration command. This condition adversely affects how the switch operates and could cause problems such as STP convergence delay.

High CPU utilization can also occur with other conditions, such as when debug messages are logged at a high rate to the console.

Use one of these workarounds:

Disable logging to the console.

Rate-limit logging messages to the console.

Remove the logging event spanning-tree interface configuration command from the interfaces. (CSCsg91027)

The far-end fault optional facility is not supported on the GLC-GE-100FX SFP module.

The workaround is to configure aggressive UDLD. (CSCsh70244).

A static IP address might be removed when the previously acquired DHCP IP address lease expires.

This problem occurs under these conditions:

When the switch is booted without a configuration (no config.text file in flash memory).

When the switch is connected to a DHCP server that is configured to give an address to it (the dynamic IP address is assigned to VLAN 1).

When an IP address is configured on VLAN 1 before the dynamic address lease assigned to VLAN 1 expires.

The workaround is to reconfigure the static IP address. (CSCea71176 and CSCdz11708)

The DHCP snooping binding database is not written to flash memory or a remote file in any of these situations:

When the Network Time Protocol (NTP) is configured, but the NTP clock is not synchronized. You can check the clock status by entering the show NTP status privileged EXEC command and verifying that the network connection to the NTP server and the peer work correctly.

The DHCP snooping database file is manually removed from the file system. After enabling the DHCP snooping database by configuring a database URL, a database file is created. If the file is manually removed from the file system, the DHCP snooping database does not create another database file. You need to disable the DHCP snooping database and enable it again to create the database file.

The URL for the configured DHCP snooping database was replaced because the original URL was not accessible. The new URL might not take effect after the timeout of the old URL.

No workaround is necessary; these are the designed behaviors. (CSCed50819)

When port security is enabled on an interface in restricted mode and the switchport block unicast interface command has been entered on that interface, MAC addresses are incorrectly forwarded when they should be blocked

The workaround is to enter the no switchport block unicast interface configuration command on that specific interface. (CSCee93822)

A traceback error occurs if a crypto key is generated after an SSL client session.

There is no workaround. This is a cosmetic error and does not affect the functionality of the switch. (CSCef59331)

If an IGMP report packet has two multicast group records, the switch removes or adds interfaces depending on the order of the records in the packet:

If the ALLOW_NEW_SOURCE record is before the BLOCK_OLD_SOURCE record, the switch removes the port from the group.

If the BLOCK_OLD_SOURCE record is before the ALLOW_NEW_SOURCE record, the switch adds the port to the group.

There is no workaround. (CSCec20128)

When IGMP snooping is disabled and you enter the switchport block multicast interface configuration command, IP multicast traffic is not blocked.

The switchport block multicast interface configuration command is only applicable to non-IP multicast traffic.

There is no workaround. (CSCee16865)

QoS

This is a quality of service (QoS) limitation:

CSCsb98219

When you use the bandwidth policy-map class command to configure more than one class in a policy map for Class-based Weighted Fair Queuing (CBWFQ), and the committed information rate (CIR) bandwidth for any of the classes is less than 2 percent of the interface rate, the CBWFQ classes in the policy may not receive the configured CIR bandwidths.

There is no workaround, but it is unlikely that a CBWFQ class would be configured with such a low CIR bandwidth.

CSCsk00594

Although visible in the command-line help, the conform-action color policy-map class police configuration command is not supported. Entering the command has no affect.

There is no workaround.

SPAN and RSPAN

These are the SPAN limitations.

When system jumbo MTU size is configured on a switch and the egress ports can support jumbo frames, the egress SPAN jumbo frames are not forwarded to the SPAN destination ports.

There is no workaround. (CSCsj21718)

Cisco Discovery Protocol (CDP) and Port Aggregation Protocol (PAgP) packets received by network node interfaces (NNIs) from a SPAN source are not sent to the destination interfaces of a local SPAN session. The workaround is to use the monitor session session_number destination {interface interface-id encapsulation replicate} global configuration command for local SPAN. (CSCed24036)

Trunking

These are the trunking limitations:

IP traffic with IP options set is sometimes leaked on a trunk port. For example, a trunk port is a member of an IP multicast group in VLAN X but is not a member in VLAN Y. If VLAN Y is the output interface for the multicast route entry assigned to the multicast group and an interface in VLAN Y belongs to the same multicast group, the IP-option traffic received on an input VLAN interface other than one in VLAN Y is sent on the trunk port in VLAN Y because the trunk port is forwarding in VLAN Y, even though the port has no group membership in VLAN Y. There is no workaround. (CSCdz42909).

For trunk ports or access ports configured with IEEE 802.1Q tagging, inconsistent statistics might appear in the show interfaces counters privileged EXEC command output. Valid IEEE 802.1Q frames of 64 to 66 bytes are correctly forwarded even though the port LED blinks amber, and the frames are not counted on the interface statistics. There is no workaround. (CSCec35100).

VLAN

These are the VLAN limitations:

If the number of VLANs times the number of trunk ports exceeds the recommended limit of 5,000, the switch can fail.

The workaround is to not configure more than the recommended number of VLANs and trunks. (CSCeb31087)

A CPUHOG message sometimes appears when you configure a private VLAN. Enable port security on one or more of the ports affected by the private VLAN configuration.

There is no workaround. (CSCed71422)

Open Caveats

This section describes the open caveats in this software release.

CSCse11323

When 256 policy maps are configured globally on the system, the creation of the 257th policy map is rejected. The platform supports a maximum of 256 policy maps. If you then delete some existing policy maps and again configure the rejected policy map, when you try to attach that policy map to an interface, it might be rejected without any descriptive error message explaining the reason for the rejection or with an unexpected and incorrect error message.

The workaround is to delete the problematic policy map and to reconfigure it with a different name. The new policy map should be accepted as expected.

CSCsi01526

Traceback messages appear if you enter the no switchport interface configuration command to change a Layer 2 interface that belongs to a port channel to a routed port.

There is no workaround.

CSCsi06228

Although a match cos class-map configuration is only supported on IEE802.1Q trunk ports and should be blocked on IEEE 802.1Q tunnel ports, the switch accepts attaching a policy-map with a match cos class-map statement to a tunnel port.

The workaround is to not attach a policy map with a match cos statement to a tunnel port as this is not a supported configuration.

The workaround is to configure the RIP network and the IP address after you configure the interface.

CSCsi06578

When you clear counters on an interface and then disable storm control on that interface, an incorrect value (an unusually large number) for McastSuppDiscards appears when you enter the show interface counters privileged EXEC command. This can occur when the interface had storm control enabled and experienced traffic with a data rate higher than the storm-control threshold so that storm control is dropping packets.

There is no workaround.

CSCsi63999

Changing the spanning tree mode from rapid STP to MSTP can cause tracebacks when the virtual port error-disable feature is enabled when the STP mode is changed.

There is no workaround.

Resolved Caveats

These caveats have been resolved in this release:

CSCsg36159

The qualified queue-limit policy-map class configuration command is now processed correctly for QOS-group values between 17 and 99, and the hardware is programmed to set up the queue limit threshold for the QOS-groups.

CSCsh80943

Service policy quality of service (QoS) configurations no longer clear when an SFP module is inserted or removed.

CSCsi08513

MAC flap-notification no longer occurs when a switch is running VLAN bridge spanning-tree protocol (STP) and fallback bridging is configured on the VLANs running STP.

CSCsi10584

Multiple Spanning-Tree Protocol (MSTP) convergence time has been improved for Cisco IOS Release 12.2.

CSCsi75246

When IEEE 802.1x and port security is enabled, port security now relearns the supplicant address.

Documentation Updates

This section contains these documentation updates:

"Updates to the Software Configuration Guide and Command Reference" section

"Updates to the Software Configuration Guide" section

"Updates to the Command Reference" section

"Updates to the System Message Guide" section

"Update to the Regulatory Compliance and Safety Information" section

"Update to the Hardware Installation Guide" section

Updates to the Software Configuration Guide and Command Reference

These updates apply to both the software configuration guide and command reference:


Caution Logging messages to the console at a high rate can cause high CPU utilization and adversely affect how the switch operates.

This information about the dot1x timeout tx-period seconds interface configuration command is incorrect:

The range for seconds is from 5 to 65535.

The correct range is from 1 to 65535 seconds.

In the Cisco ME 2400 Ethernet Access Switch Command Reference and the Cisco ME 2400 Ethernet Access Switch Software Configuration Guide, the ethernet keyword is supported in the snmp-server enable traps global configuration command. Use this optional keyword to generate SNMP Ethernet traps.

Updates to the Software Configuration Guide

These sections contain new information for the software configuration guide:

"Replacing and Rolling Back Configurations" section

"Using Cisco IOS IP SLAs" section

Replacing and Rolling Back Configurations


Note This is an update to the Catalyst 2400 Software Configuration Guide "Appendix B, Working with the Cisco IOS File System, Configuration Files, and Software Images."


The configuration replacement and rollback feature replaces the running configuration with any saved Cisco IOS configuration file. You can use the rollback function to roll back to a previous configuration.

These sections contain this information:

Understanding Configuration Replacement and Rollback

Configuration Guidelines

Configuring the Configuration Archive

Performing a Configuration Replacement or Rollback Operation

Understanding Configuration Replacement and Rollback

To use the configuration replacement and rollback feature, you should understand these concepts:

Archiving a Configuration

Replacing a Configuration

Rolling Back a Configuration

Archiving a Configuration

The configuration archive provides a mechanism to store, organize, and manage an archive of configuration files. The configure replace privileged EXEC command increases the configuration rollback capability. As an alternative, you can save copies of the running configuration by using the copy running-config destination-url privileged EXEC command, storing the replacement file either locally or remotely. However, this method lacks any automated file management. The configuration replacement and rollback feature can automatically save copies of the running configuration to the configuration archive.

You use the archive config privileged EXEC command to save configurations in the configuration archive by using a standard location and filename prefix that is automatically appended with an incremental version number (and optional timestamp) as each consecutive file is saved. You can specify how many versions of the running configuration are kept in the archive. After the maximum number of files are saved, the oldest file is automatically deleted when the next, most recent file is saved. The show archive privileged EXEC command displays information for all the configuration files saved in the configuration archive.

The Cisco IOS configuration archive, in which the configuration files are stored and available for use with the configure replace command, is in any of these file systems: FTP, HTTP, RCP, TFTP.

Replacing a Configuration

The configure replace privileged EXEC command replaces the running configuration with any saved configuration file. When you enter the configure replace command, the running configuration is compared with the specified replacement configuration, and a set of configuration differences is generated. The resulting differences are used to replace the configuration. The configuration replacement operation is usually completed in no more than three passes. To prevent looping behavior no more than five passes are performed.

You can use the copy source-url running-config privileged EXEC command to copy a stored configuration file to the running configuration. When using this command as an alternative to the configure replace target-url privileged EXEC command, note these major differences:

The copy source-url running-config command is a merge operation and preserves all the commands from both the source file and the running configuration. This command does not remove commands from the running configuration that are not present in the source file. In contrast, the configure replace target-url command removes commands from the running configuration that are not present in the replacement file and adds commands to the running configuration that are not present.

You can use a partial configuration file as the source file for the copy source-url running-config command. You must use a complete configuration file as the replacement file for the configure replace target-url command.

Rolling Back a Configuration

You can also use the configure replace command to roll back changes that were made since the previous configuration was saved. Instead of basing the rollback operation on a specific set of changes that were applied, the configuration rollback capability reverts to a specific configuration based on a saved configuration file.

If you want the configuration rollback capability, you must first save the running configuration before making any configuration changes. Then, after entering configuration changes, you can use that saved configuration file to roll back the changes by using the configure replace target-url command.

You can specify any saved configuration file as the rollback configuration. You are not limited to a fixed number of rollbacks, as is the case in some rollback models.

Configuration Guidelines

Follow these guidelines when configuring and performing configuration replacement and rollback:

Make sure that the switch has free memory larger than the combined size of the two configuration files (the running configuration and the saved replacement configuration). Otherwise, the configuration replacement operation fails.

Make sure that the switch also has sufficient free memory to execute the configuration replacement or rollback configuration commands.

Certain configuration commands, such as those pertaining to physical components of a networking device (for example, physical interfaces), cannot be added or removed from the running configuration.

A configuration replacement operation cannot remove the interface interface-id command line from the running configuration if that interface is physically present on the device.

The interface interface-id command line cannot be added to the running configuration if no such interface is physically present on the device.

When using the configure replace command, you must specify a saved configuration as the replacement configuration file for the running configuration. The replacement file must be a complete configuration generated by a Cisco IOS device (for example, a configuration generated by the copy running-config destination-url command).


Note If you generate the replacement configuration file externally, it must comply with the format of files generated by Cisco IOS devices.


Configuring the Configuration Archive

Using the configure replace command with the configuration archive and with the archive config command is optional but offers significant benefit for configuration rollback scenarios. Before using the archive config command, you must first configure the configuration archive. Starting in privileged EXEC mode, follow these steps to configure the configuration archive:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

archive

Enter archive configuration mode.

Step 3 

path url

Specify the location and filename prefix for the files in the configuration archive.

Step 4 

maximum number

(Optional) Set the maximum number of archive files of the running configuration to be saved in the configuration archive.

number—Maximum files of the running configuration file in the configuration archive. Valid values are from 1 to 14. The default is 10.

Note Before using this command, you must first enter the path archive configuration command to specify the location and filename prefix for the files in the configuration archive.

Step 5 

time-period minutes

(Optional) Set the time increment for automatically saving an archive file of the running configuration in the configuration archive.

minutes—Specify how often, in minutes, to automatically save an archive file of the running configuration in the configuration archive.

Step 6 

end

Return to privileged EXEC mode.

Step 7 

show running-config

Verify the configuration.

Step 8 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Performing a Configuration Replacement or Rollback Operation

Starting in privileged EXEC mode, follow these steps to replace the running configuration file with a saved configuration file:

 
Command
Purpose

Step 1 

archive config

(Optional) Save the running configuration file to the configuration archive.

Note Enter the path archive configuration command before using this command.

Step 2 

configure terminal

Enter global configuration mode.

Step 3 

 

Make necessary changes to the running configuration.

Step 4 

exit

Return to privileged EXEC mode.

Step 5 

configure replace target-url [list] [force] [time seconds] [nolock]

Replace the running configuration file with a saved configuration file.

target-url—URL (accessible by the file system) of the saved configuration file that is to replace the running configuration, such as the configuration file created in Step 2 by using the archive config privileged EXEC command.

listDisplay a list of the command entries applied by the software parser during each pass of the configuration replacement operation. The total number of passes also appears.

force Replace the running configuration file with the specified saved configuration file without prompting you for confirmation.

time secondsSpecify the time (in seconds) within which you must enter the configure confirm command to confirm replacement of the running configuration file. If you do not enter the configure confirm command within the specified time limit, the configuration replacement operation is automatically stopped. (In other words, the running configuration file is restored to the configuration that existed before you entered the configure replace command).

Note You must first enable the configuration archive before you can use the time seconds command line option.

nolockDisable the locking of the running configuration file that prevents other users from changing the running configuration during a configuration replacement operation.

Step 6 

configure confirm

(Optional) Confirm replacement of the running configuration with a saved configuration file.

Note Use this command only if the time seconds keyword and argument of the configure replace command are specified.

Step 7 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Using Cisco IOS IP SLAs


Note This is an update to the Catalyst 2400 Software Configuration Guide.


Beginning with this release switches, such as the Cisco ME 3400 Ethernet Access switch, support Cisco IOS IP Service Level Agreements (SLAs). Cisco IP SLAs is a part of Cisco IOS software that allows Cisco customers to analyze IP service levels for IP applications and services by using active traffic monitoring—the generation of traffic in a continuous, reliable, and predictable manner—for measuring network performance. With Cisco IOS IP SLAs, service provider customers can measure and provide service level agreements, and enterprise customers can verify service levels, verify outsourced service level agreements, and understand network performance.

The IP SLAs Responder

The IP SLAs responder is a component embedded in the destination Cisco device that allows the system to anticipate and respond to IP SLAs request packets. The responder provides accurate measurements without the need for dedicated probes. The responder uses the Cisco IOS IP SLAs Control Protocol to provide a mechanism through which it can be notified on which port it should listen and respond. Only a Cisco IOS device can be a source for a destination IP SLAs Responder.


Note The IP SLAs responder can be a Cisco IOS Layer 2, responder-configurable switch, such as a Catalyst 2960 or Cisco ME 2400 switch. The responder does not need to support full IP SLAs functionality.


Figure 1 shows where the Cisco IOS IP SLAs responder fits in the IP network. The responder listens on a specific port for control protocol messages sent by an IP SLAs operation. Upon receipt of the control message, it enables the specified UDP or TCP port for the specified duration. During this time, the responder accepts the requests and responds to them. It disables the port after it responds to the IP SLAs packet, or when the specified time expires. MD5 authentication for control messages is available for added security.

Figure 1 Cisco IOS IP SLAs Operation

You do not need to enable the responder on the destination device for all IP SLAs operations. For example, a responder is not required for services that are already provided by the destination router (such as Telnet or HTTP). You cannot configure the IP SLAs responder on non-Cisco devices and Cisco IOS IP SLAs can send operational packets only to services native to those devices.

Configuring the IP SLAs Responder

The IP SLAs responder is available only on Cisco IOS software-based devices, including some Layer 2 switches that do not support full IP SLAs functionality, such as the Catalyst 2960 or the Cisco ME 2400 switch. Beginning in privileged EXEC mode, follow these steps to configure the IP SLAs responder on the target device (the operational target):

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip sla responder {tcp-connect | udp-echo} ipaddress ip-address port port-number

Configure the switch as an IP SLAs responder.

The keywords have these meanings:

tcp-connect—Enable the responder for TCP connect operations.

udp-echo—Enable the responder for User Datagram Protocol (UDP) echo or jitter operations.

ipaddress ip-address—Enter the destination IP address.

port port-number—Enter the destination port number.

Note The IP address and port number must match those configured on the source device for the IP SLAs operation.

Step 3 

end

Return to privileged EXEC mode.

Step 4 

show ip sla responder

Verify the IP SLAs responder configuration on the device.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To disable the IP SLAs responder, enter the no ip sla responder global configuration command. This example shows how to configure the device as a responder for the UDP jitter IP SLAs operation in the next procedure:

Switch(config)# ip sla responder udp-echo 172.29.139.134 5000 

Monitoring the IP SLAs Responder

To monitor the IP SLAs responder, enter the show ip sla responder or and show ip sla authentication privileged EXEC commands.

Updates to the Command Reference

These are updates to the command reference:

Although visible in the command-line help, the conform-action color policy-map class police configuration command is not supported. Entering the command has no affect.

The usage guidelines for the set and unset bootloader commands in the command reference are incorrect.

These are the correct usage guidelines for the set command:

Environment variables are case sensitive and must be entered as documented.

Environment variables that have values are stored in flash memory outside of the flash file system.

Under normal circumstances, it is not necessary to alter the setting of the environment variables.

The MANUAL_BOOT environment variable can also be set by using the boot manual global configuration command.

The BOOT environment variable can also be set by using the boot system filesystem:/file-url global configuration command.

The ENABLE_BREAK environment variable can also be set by using the boot enable-break global configuration command.

The HELPER environment variable can also be set by using the boot helper filesystem:/file-url global configuration command.

The CONFIG_FILE environment variable can also be set by using the boot config-file flash:/file-url global configuration command.

The HELPER_CONFIG_FILE environment variable can also be set by using the boot helper-config-file filesystem:/file-url global configuration command.

The bootloader prompt string (PS1) can be up to 120 printable characters except the equal sign (=).

These are the correct guidelines for the unset command:

Under normal circumstances, it is not necessary to alter the setting of the environment variables.

The MANUAL_BOOT environment variable can also be reset by using the no boot manual global configuration command.

The BOOT environment variable can also be reset by using the no boot system global configuration command.

The ENABLE_BREAK environment variable can also be reset by using the no boot enable-break global configuration command.

The HELPER environment variable can also be reset by using the no boot helper global configuration command.

The CONFIG_FILE environment variable can also be reset by using the no boot config-file global configuration command.

The HELPER_CONFIG_FILE environment variable can also be reset by using the no boot helper-config-file global configuration command.

Updates to the System Message Guide

These sections include messages that have been added to or changed in the system message guide.

New System Messages

These new messages have been added to the system message guide:

Error Message    DOT1X_SWITCH-5-ERR_ADDING_ADDRESS: Unable to add address [enet] on 
[chars]

Explanation    The client MAC address could not be added to the MAC address table because the hardware memory is full or the address is a secure address on another port. [enet] is the supplicant MAC address, and [chars] is the interface. This message might appear if the IEEE 802.1x feature is enabled.

Recommended Action    If the hardware memory is full, remove some of the dynamic MAC addresses. If the client address is on another port, manually remove it from that port.

Error Message    SPANTREE-6-PORTADD_ALL_VLANS: [chars] added to all Vlans 

Explanation    The interface has been added to all VLANs. [chars] is the added interface.

Recommended Action    No action is required.

Error Message    SPANTREE-6-PORTDEL_ALL_VLANS: [chars] deleted from all Vlans 

Explanation    The interface has been deleted from all VLANs. [chars] is the deleted interface.

Recommended Action    No action is required.

Error Message    SW_VLAN-6-VTP_DOMAIN_NAME_CHG: VTP domain name changed to [chars]. 

Explanation    The VLAN Trunking Protocol (VTP) domain name was changed through the configuration to the name specified in the message. [chars] is the changed domain name.

Recommended Action    No action is required.

Error Message    PLATFORM_ENV-1-DUAL_PWR: Faulty internal power supply [chars] detected

Explanation    A faulty internal power supply was detected in one of the two power supplies on the switch. [chars] is the power supply name.

Recommended Action    Copy the message exactly as it appears on the console or in the system log. Research and attempt to resolve the error by using the Output Interpreter. Use the Bug Toolkit to look for similar reported problems. If you still require assistance, open a case with the TAC, or contact your Cisco technical support representative, and provide the representative with the gathered information. For more information about these online tools and about contacting Cisco, see the "Error Message Tracebacks Reports" section of the system message guide.

Changed System Message

This system message has changed (both explanation and action).

Error Message    EC-5-CANNOT_BUNDLE1: Port-channel [chars] is down, port [chars] will 
remain stand-alone. 

Explanation    The aggregation port is down. The port remains standalone until the aggregation port is up. The first [chars] is the EtherChannel. The second [chars] is the port number.

Recommended Action    Ensure that the other ports in the bundle have the same configuration.

Update to the Regulatory Compliance and Safety Information

The Regulatory Compliance Standards section of the Regulatory Compliance and Safety Information for the Cisco ME 3400 and Cisco ME 2400 Ethernet Access Switches includes this new section:

Cautions and Regulatory Compliance Statements for NEBS

This section includes the cautions and regulatory compliance statements for the Network Equipment-Building System (NEBS) certification from the Telcordia Electromagnetic Compatibility and Electrical Safety - Generic Criteria for Network Telecommunications Equipment (A Module of LSSGR, FR-64; TSGR, FR-440; and NEBSFR, FR-2063) Telcordia Technologies Generic Requirements, GR-1089-CORE, Issue 4, June 2006.

Table 4 NEBS Compliance Statements 

Attach an ESD-preventive wrist strap to your wrist and to a bare metal surface.


Caution To comply with the Telcordia GR-1089 NEBS standard for electromagnetic compatibility and safety, for Ethernet RJ-45 ports, use only shielded Ethernet cables that are grounded on both ends. In a NEBS installation, all Ethernet ports are limited to intrabuilding wiring.

Caution The intrabuilding ports of the equipment or subassembly is only suitable for connection to intrabuilding or unexposed wiring or cabling. The intrabuilding ports of the equipment or subassembly MUST NOT be metallically connected to interfaces that connect to the OSP or its wiring. These interfaces are designed for use only as intrabuilding interfaces (Type 2 or Type 4 ports as described in GR-1089-CORE, Issue 4), and require isolation from the exposed OSP cabling. The addition of primary protectors is not sufficient protection in order to connect these interfaces metallically to OSP wiring.

Products that have an AC power connection are intended for deployments where an external surge protective device (SPD) is used at the AC power service equipment as defined by the National Electric Code (NEC).

This product is designed for a common bonding network (CBN) installation.

This product can be installed in a network telecommunication facility or location where the NEC applies.

An electrical conducting path should exist between the product chassis and the metal surface of the enclosure or rack in which it is mounted or to a grounding conductor. Electrical continuity should be provided by using thread-forming type mounting screws that remove any paint or nonconductive coatings and establish a metal-to-metal contact. Any paint or other nonconductive coatings should be removed on the surfaces between the mounting hardware and the enclosure or rack. The surfaces should be cleaned and an antioxidant applied before installation.

The grounding architecture of this product is DC-isolated (DC-I).

DC-powered products have a nominal operating DC voltage of 48 VDC. Minimal steady state DC operating voltage is 40 VDC. Reference American National Standards Institute (ANSI) T1.315, Table 1.


Update to the Hardware Installation Guide

This is an update to the Cisco ME 2400 Hardware Installation Guide.

Installation Information

Cisco Ethernet Switches are equipped with cooling mechanisms, such as fans and blowers. However, these fans and blowers can draw dust and other particles, causing contaminant buildup inside the chassis, which can result in a system malfunction.

You must install this equipment in an environment as free as possible from dust and foreign conductive material (such as metal flakes from construction activities).

These standard provide guidelines for acceptable working environments and acceptable levels of suspended particulate matter:

Network Equipment Building Systems (NEBS) GR-63-CORE

National Electrical Manufacturers Association (NEMA) Type 1

International Electrotechnical Commission (IEC) IP-20

Related Documentation

These documents provide complete information about the switch and are available from this Cisco.com site:

http://www.cisco.com/en/US/products/ps6581/tsd_products_support_series_home.html

You can order printed copies of documents with a DOC-xxxxxx= number from the Cisco.com sites listed in the "Obtaining Documentation, Obtaining Support, and Security Guidelines" section.

Cisco ME 2400 Ethernet Access Switch Software Configuration Guide (not orderable but available on Cisco.com)

Cisco ME 2400 Ethernet Access Switch Command Reference (not orderable but available on Cisco.com)

Cisco ME 3400 and ME 2400 Ethernet Access Switch System Message Guide (not orderable but available on Cisco.com)

Cisco ME 2400 Ethernet Access Switch Hardware Installation Guide (not orderable but available on Cisco.com)

Cisco ME 3400 and ME 2400 Ethernet Access Switches Getting Started Guide (order number DOC-7817050=)

Regulatory Compliance and Safety Information for the Cisco ME 3400 and ME 2400 Ethernet Access Switches (order number DOC-7817051)

Cisco Small Form-Factor Pluggable Modules Installation Notes (order number DOC-7815160=)

Cisco CWDM GBIC and CWDM SFP Installation Note (not orderable but available on Cisco.com)

These compatibility matrix documents are available from this Cisco.com site:

http://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html

Cisco Gigabit Ethernet Transceiver Modules Compatibility Matrix (not orderable but available on Cisco.com)

Cisco 100-Megabit Ethernet SFP Modules Compatibility Matrix (not orderable but available on Cisco.com)

Cisco Small Form-Factor Pluggable Modules Compatibility Matrix (not orderable but available on Cisco.com)

Compatibility Matrix for 1000BASE-T Small Form-Factor Pluggable Modules (not orderable but available on Cisco.com)

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html