Table Of Contents
Device Manager System Requirements
Upgrading the Switch Module Software
Finding the Software Version and Feature Set
Upgrading a Switch Module by Using the Device Manager or Network Assistant
Upgrading a Switch Module by Using the CLI
Recovering from a Software Failure
IBM BladeCenter Advanced Management Module Limitations
Update to the Device Manager Online Help
Obtaining Documentation, Obtaining Support, and Security Guidelines
Release Notes for Cisco Catalyst Switch Module 3110G, 3110X, and 3012 for IBM BladeCenter, Cisco IOS Release 12.2(40)EX2
April 2008
Cisco IOS Release 12.2(40)EX2 runs only on Catalyst Switch Module 3110G, 3110X, and 3012.
These release notes include important information about Cisco IOS Release 12.2(40)EX2 and any limitations, restrictions, and caveats that apply to it. Verify that these release notes are correct for your switch module:
•
If you are installing a new switch module, see the Cisco IOS release label on the rear panel of your switch module.
•
•
You can download the switch module software from these sites (registered Cisco.com users with a login password):
http://tools.cisco.com/support/downloads/go/MDFTree.x?butype=switches
http://www-304.ibm.com/systems/support/supportsite.wss/selectproduct?brandind=5000020&taskind=2
This software release is part of a special release of Cisco IOS software that is not released on the same maintenance cycle that is used for other platforms. As maintenance releases and future software releases become available, they will be posted to Cisco.com in the Cisco IOS software area, and on the IBM support page.
For the complete list of Catalyst Switch Module 3110G, 3110X, and 3012 for IBM BladeCenter documentation, see the "Related Documentation" section.
Contents
This information is in the release notes:
•
•
•
•
•
•
System Requirements
The system requirements are described in these sections:
•
Hardware Supported
Table 1 lists the hardware supported on this release.
Table 2 lists the IBM BladeCenter supported blade enclosures. The switch module is for use only in Listed IBM BladeCenter products.
Table 2 IBM BladeCenter Supported Switch Modules
BladeCenter E (BC-E)
Yes
Yes
Yes
BladeCenter T (BC-T)
Yes
Yes
Yes
BladeCenter H (BC-H)
Yes
Yes
Yes
BladeCenter HT (BC-HT)
Yes
Yes
Yes
BladeCenter S (BC-S)
No
No
Yes
BladeCenter Multi-switch Interconnect Module (MSIM)
Yes1
Yes1
Yes
1 The advanced Management Module (aMM) firmware must use Version 1.42i or higher.
Device Manager System Requirements
These sections describe the hardware and software requirements for using the device manager:
•
•
Hardware Requirements
Table 3 lists the minimum hardware requirements for running the device manager.
Table 3 Minimum Hardware Requirements
Intel Pentium II1
64 MB2
256
1024 x 768
Small
1 We recommend Intel Pentium 4.
2 We recommend 256-MB DRAM.
Software Requirements
Table 4 lists the supported operating systems and browsers for using the device manager. The device manager verifies the browser version when starting a session to ensure that the browser is supported.
Note
Table 4 Supported Operating Systems and Browsers
Windows 2000
None
5.5 or 6.0
7.1
Windows XP
None
5.5 or 6.0
7.1
1 Service Pack 1 or higher is required for Internet Explorer 5.5.
CNA Compatibility
Cisco IOS Release 12.2(40)EX2 and later is only compatible with Cisco Network Assistant 5.0 and later. You can download Network Assistant from this URL:
http://www.cisco.com/go/networkassistant
For more information about Cisco Network Assistant, see the Release Notes for Cisco Network Assistant on Cisco.com.
Upgrading the Switch Module Software
These are the procedures for downloading software. Before downloading software, read this section for important information:
•
•
•
•
•
Finding the Software Version and Feature Set
The Cisco IOS image is stored as a bin file in a directory that is named with the Cisco IOS release. A subdirectory contains the files needed for web management. The image is stored on the system board flash device (flash:).
You can use the show version privileged EXEC command to see the software version that is running on your switch module. The second line of the display shows the version.
Note
You can also use the dir filesystem: privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.
Deciding Which Files to Use
The upgrade procedures in these release notes describe how to perform the upgrade by using a combined tar file. This file contains the Cisco IOS image file and the files needed for the embedded device manager. You must use the combined tar file to upgrade the switch module through the device manager. To upgrade the switch module through the command-line interface (CLI), use the tar file and the archive download-sw or archive download privileged EXEC command.
Table 5 lists the filenames for this software release.
Note
The universal software images support multiple feature sets. Use the software activation feature to deploy a software license and to enable a specific feature set. For information about software activation, see the Cisco Software Activation and Compatibility Document on Cisco.com:
http://www.cisco.com/en/US/products/ps8741/tsd_products_support_series_home.html
Archiving Software Images
Before upgrading your switch module software, make sure that you have archived copies of the current Cisco IOS release and the Cisco IOS release from which you are upgrading. You should keep these archived images until you have upgraded all network devices to the new Cisco IOS image and until you have verified that the new Cisco IOS image works properly.
You can copy the bin software image file on the flash memory to the appropriate TFTP directory on a host by using the copy flash: tftp: privileged EXEC command.
Note
You can also configure the switch module as a TFTP server to copy files from one switch module to another without using an external TFTP server by using the tftp-server global configuration command. For more information about the tftp-server command, see the "Basic File Transfer Services Commands" section of the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2, at this URL:
Upgrading a Switch Module by Using the Device Manager or Network Assistant
You can upgrade switch module software by using the device manager or Network Assistant. For detailed instructions, click Help.
Note
Upgrading a Switch Module by Using the CLI
This procedure is for copying the combined tar file to the switch module. You copy the file to the switch module from a TFTP server and extract the files. You can download an image file and replace or keep the current image.
To download software, follow these steps:
Step 1
Step 2
http://www.cisco.com/public/sw-center/sw-lan.shtml
To download the universal software image files for a switch module, click Cisco Catalyst Blade Switch 3000 Series for IBM.
Step 3
For more information, see Appendix B in the software configuration guide for this release.
Step 4
Step 5
Switch# ping tftp-server-addressFor more information about assigning an IP address and default gateway to the switch module, see the software configuration guide for this release.
Step 6
Switch# archive download-sw /overwrite /reload tftp:[[//location]/directory]/image-name.tarThe /overwrite option overwrites the software image in flash memory with the downloaded one.
The /reload option reloads the system after downloading the image unless the configuration has been changed and not saved.
For //location, specify the IP address of the TFTP server.
For /directory/image-name.tar, specify the directory (optional) and the image to download. Directory and image names are case sensitive.
This example shows how to download an image from a TFTP server at 198.30.20.19 and to overwrite the image on the switch module:
Switch# archive download-sw /overwrite tftp://198.30.20.19/cbs31x0-universal-tar.122-40.EX.tarYou can also download the image file from the TFTP server to the switch module and keep the current image by replacing the /overwrite option with the /leave-old-sw option.
Recovering from a Software Failure
For additional recovery procedures, see the "Troubleshooting" chapter in the software configuration guide for this release.
Installation Notes
You can assign IP information to your switch module by using the IBM advanced Management Module software and the switch module device manager Express Setup program, as described in the switch module getting started guide.
Limitations and Restrictions
You should review this section before you begin working with the switch module. These are known limitations that will not be fixed, and there is not always a workaround. Some features might not work as documented, and some features could be affected by recent changes to the switch module hardware or software.
This section contains these limitations:
•
•
•
Cisco IOS Limitations
Unless otherwise noted, these limitations apply to the Catalyst Switch Module 3110G, 3110X, and 3012:
•
•
•
•
Access Control List
This is the access control list (ACL) limitation:
When a MAC access list is used to block packets from a specific source MAC address, that MAC address is entered in the switch module MAC-address table.
The workaround is to block traffic from the specific MAC address by using the mac address-table static mac-addr vlan vlan-id drop global configuration command. (CSCse73823)
Address Resolution Protocol
This is an Address Resolution Protocol limitation:
The switch module might place a port in an error-disabled state due to an Address Resolution Protocol (ARP) rate limit exception even when the ARP traffic on the port is not exceeding the configured limit. This could happen when the burst interval setting is 1 second, the default.
The workaround is to set the burst interval to more than 1 second. We recommend setting the burst interval to 3 seconds even if you are not experiencing this problem.(CSCse06827))
Cisco X2 Transceiver Modules
These are the Cisco X2 transceiver module limitations:
•
•
•
Configuration
These are the configuration limitations:
•
PLATFORM_RPC-3-MSG_THROTTLED: RPC Msg Dropped by throttle mechanism: type 0, class 51, max_msg 128, total throttled 984323
-Traceback= 6625EC 5DB4C0 5DAA98 55CA80 A2F2E0 A268D8
No workaround is necessary. Under normal conditions, the switch module generates this notification when snooping the next ARP packet. (CSCse47548)
•
The workaround is to not configure VLANs with protected ports as part of a fallback bridge group. (CSCsg40322)
When a switch module port configuration is set at 10 Mb/s and half duplex, sometimes the port does not send in one direction until the port traffic is stopped and then restarted. You can detect the condition by using the show controller ethernet-controller or the show interfaces privileged EXEC commands.
The workaround is to stop the traffic in the direction in which it is not being forwarded, and then restart it after 2 seconds. You can also use the shutdown interface configuration command followed by the no shutdown command on the interface. (CSCsh04301)
•
The workaround is to enter the switchport access vlan dynamic interface configuration command separately on each port.(CSCsi26392)
IEEE 802.1x Authentication
These are the IEEE 802.1x authentication limitations:
•
Use one of these workarounds (CSCsd90495):
–
–
•
–
–
Use one of these workarounds (CSCse04534):
–
–
Multicasting
These are the multicasting limitations:
•
–
–
–
The workaround is to not generate multicast packets with a TTL value of 0 or 1 or to disable multicast routing in the VLAN. (CSCeh21660)
•
–
–
–
There is no workaround. (CSCei08359)
•
The workaround is to not send RPF-failed multicast traffic, or make sure that the source IP address of the RPF-failed packet is reachable. (CSCsd28944)
•
There is no workaround. (CSCsd45753)
•
QoS
These are the quality of service (QoS) limitations:
•
There is no workaround. (CSCeh18677)
•
There is no workaround. (CSCsc63334)
•
The workaround is to use a different name for the interface-level policy map. (CSCsd84001)
•
There is no workaround. (CSCsd72001)
•
There is no workaround. (CSCsg79627)
Routing
This is the routing limitation:
When the PBR is enabled and QoS is enabled with DSCP settings, the CPU usage might be high if traffic is sent to unknown destinations.
The workaround is to not send traffic to unknown destinations. (CSCse97660)
SPAN and RSPAN
These are the SPAN and Remote SPAN (RSPAN) limitations.
•
There is no workaround. This is a hardware limitation. (CSCei10129)
•
High CPU usage can also occur with other conditions, such as when debug messages are logged at a high rate to the console.
Use one of these workarounds:
–
–
–
Device Manager Limitations
This is the device manager limitation:
When you are prompted to accept the security certificate and you click No, you only see a blank screen, and the device manager does not start.
The workaround is to click Yes when you are prompted to accept the certificate. (CSCef45718)
IBM BladeCenter Advanced Management Module Limitations
This is the advanced Management Module (aMM) limitation:
When a switch module is installed in a BC-HT chassis with the ISL Interposer, the switch module incorrectly reports that it is installed in a BC-T chassis and that it provides 8 server ports and no ISL ports. When it is installed with the non-ISL Interposers, the switch module incorrectly reports that it is installed in a BC-H chassis and that it provides 14 server ports.
See the IBM Retain database for more information.
Important Notes
These sections describe the important notes related to this software release for the Catalyst Switch Module 3110G, 3110X, and 3012:
•
Cisco IOS Notes
This note applies to Cisco IOS software:
If the switch module requests information from the Cisco Secure Access Control Server (ACS) and the message exchange times out because the server does not respond, a message similar to this appears:
00:02:57: %RADIUS-4-RADIUS_DEAD: RADIUS server 172.20.246.206:1645,1646 is not responding.If this message appears, make sure that there is network connectivity between the switch module and the ACS. You should also make sure that the switch module has been properly configured as an AAA client on the ACS.
Device Manager Notes
These notes apply to the device manager:
•
•
•
•
From Microsoft Internet Explorer:
1.
2.
3.
4.
5.
•
Beginning in privileged EXEC mode, follow these steps to configure the HTTP server interface:
•
If you change the HTTP port, you must include the new port number when you enter the IP address in the browser Location or Address field (for example, http://10.1.126.45:184 where 184 is the new HTTP port number). You should write down the port number through which you are connected. Use care when changing the switch module IP information.
If you are not using the default method of authentication (the enable password), you need to configure the HTTP server interface with the method of authentication used on the switch module.
Beginning in privileged EXEC mode, follow these steps to configure the HTTP server interface:
If you use Internet Explorer Version 5.5 and select a URL with a nonstandard port at the end of the address (for example, www.cisco.com:84), you must enter http:// as the URL prefix. Otherwise, you cannot launch the device manager.
Open Caveats
This section describes the open caveats with possible unexpected activity in this software release. Unless otherwise noted, these Cisco IOS configuration caveats apply to the Catalyst Switch Module 3110G, 3110X, and 3012:
•
If IEEE 802.1Q tunneling and Layer 2 protocol tunneling are first configured on physical ports, and the ports are then added to an unconfigured port channel, the port channel might stop forwarding traffic if one or more physical ports in the EtherChannel are shut down.
These are the workarounds:
–
–
•
When a switch module interface is configured with trust boundary and Cisco Discovery Protocol (CDP) or the CDP table is repeatedly disabled, enabled, or cleared, the switch module might reload.
These are the workarounds:
–
–
•
The switch module might display tracebacks similar to this example when an EtherChannel interface port-channel type changes from Layer 2 to Layer 3 or the reverse:
15:50:11: %COMMON_FIB-4-FIBNULLHWIDB: Missing hwidb for fibhwidb Port-channel1 (ifindex 1632) -Traceback= A585C B881B8 B891CC 2F4F70 5550E8 564EAC 851338 84AF0C 4CEB50 859DF4 A7BF28 A98260 882658 879A58
There is no workaround.
•
When a secondary VLAN is disassociated from the primary VLAN, duplicate MAC addresses on the primary VLAN remain in the MAC address table.
The workaround is to disassociate the secondary VLAN from the primary VLAN by entering these commands in this order:
clear port-security {all | interface interface-id) privileged EXEC command
primary-vlan association remove vlan-id VLAN configuration mode command.
•
Traceback messages appear if you enter the no switchport interface configuration command to change a Layer 2 interface that belongs to a port channel to a routed port.
There is no workaround.
•
When you enter an all 0s route with an all 1s mask in the routing table and you enter the next hop as an interface, a traceback message appears.
The workaround is to use an IP address as the next hop instead of an interface.
•
When changing a switch module port access VLAN from static to dynamic or the reverse, a message similar to this might appear:
01:43:55: PSECURE: Assert failure: is_etherchnl(hwidb_or_null swidb)): ../switch/psecure/psecure_ifc.c: 412: psecure_get_vlanid (l2a1-5) 01:43:55Traceback= 804484 809604 802258 806904 70FC 8D70 5C97BC 6901DC 6903CC 9EF8D8 9E6CC4 (l2a1-5)
There is no workaround necessary. This message does not affect switch module functionality.
•
When unicast routing is disabled and then re-enabled, virtual routing and forwarding (VRF) routing is disabled on the switch module interfaces.
The workaround is to enter the shut and no shut interface configuration commands on the affected interfaces.
•
When a per-port per-VLAN policy map (a hierarchical VLAN-based policy map) is attached to a VLAN interface, and you remove the child-policy policer from the policy map and then add it back, the policy map fails to re-attach to the same SVI.
The workaround is to delete the child policy, which removes it from the parent policy. Then recreate the child policy (with the same or a different name) and reference it in the parent policy. The parent policy then successfully attaches to the SVI.
•
Creating a mixed switch stack with a Catalyst Switch Module 3110, a Catalyst Switch Module 3120, or a Catalyst Switch Module 3130 produces unpredictable behavior and could cause a system failure. Because the switch module software does not detect this type of configuration, it allows a stack of this type.
There is no workaround. This is not a supported configuration.
•
In Cisco IOS Release 12.2(35)SE and Cisco IOS Release 12.2(37)SE, if you enter a space before a comma in the define interface-range or the interface range global configuration command, the space before the comma is not saved in the switch module configuration.
There is no workaround.
•
(Only Catalyst Switch Module 3110G and 3012) These privileged EXEC commands incorrectly display the internal, nonconfigurable Gigabit Ethernet interfaces x/0/19 and x/0/20.
show mls qos interfaceshow mls qos interface buffersshow mls qos interface policersshow mls qos interface queueingshow mls qos interface statisticsshow mac access-groupshow controllers ethernet-controllershow interfaces GiX/0/19 [all options]show idb allThere is no workaround.
•
The server-facing Gigabit Ethernet interfaces x/0/1 to x/0/14 show counts for sent packets and bytes even though the interfaces are not connected to a server. This is because the aMM Serial Over Lan (SOL) broadcast traffic (VLAN 4095-tagged packets) counts as sent on the interface. These packet counts appear in show commands that display interface statistics.
There is no workaround.
•
When you remove a switch module from a switch stack, the switch module Fa0 management interface remains administratively down and cannot be enabled by using the CLI.
The workaround is to reload the switch module.
•
If there is large-volume bidirectional traffic on the switch module Fa0 management interface, some packets might be dropped because of CPU limitations. This is not a likely occurrence because the Fa0 interface typically does not send or receive large-volume traffic.
There is no workaround.
•
(Only Catalyst Switch Module 3110X) When you move a blade server installed in slot 14 to another blade enclosure slot and install a new server in slot 14, unicast traffic from the original server to the new server might not be forwarded.
No workaround is needed. The problem corrects itself when the dynamic MAC address learning period times out. The default timeout is 5 minutes and is configurable in the CLI.
•
When an interface configured with port security reloads or you clear an error-disabled condition, the interface might return this traceback message:
%BIT-4-OUTOFRANGE: bit 0 is not in the expected range of 1 to 4095There is no workaround.
•
(Only Catalyst Switch Module 3110X) If you configure port security on Gigabit Ethernet interface x/0/14, the switch module software incorrectly allows the configuration. Port security is not supported on Gigabit Ethernet interface x/0/14.
There is no workaround.
•
When you use the clear counters privileged EXEC command to clear interface counters on a port-channel interface, the show interfaces etherchannel privileged EXEC command output incorrectly displays received broadcast packets.
Received 18446744073705000573 broadcasts (29 multicasts)The workaround is to use the show interfaces counters privileged EXEC command.
•
Switch module interfaces configured as members of a private VLAN incorrectly send 802.1Q-tagged packets with the private VLAN ID in the tag. Hosts that receive these 802.1Q-tagged packets do not expect a tagged packet. Hosts are also not aware that the VLAN ID in the tag is a private VLAN ID used internally by the switch module. Interfaces that are members of a private VLAN do not normally send 802.1Q-tagged packets. (Normal egress packets are untagged.)
There is no workaround. We recommend not configuring switch module interfaces as members of a private VLAN.
Resolved Caveats
These are the caveats that have been resolved in this release.
•
A Cisco IOS device may crash while processing an SSL packet. This can happen during the termination of an SSL-based session. The offending packet is not malformed and is normally received as part of the packet exchange.
Cisco has released free software updates that address this vulnerability.
Aside from disabling affected services, there are no available workarounds to mitigate an exploit of this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml.
Documentation Updates
This section provides updates to the product documentation:
Update to the Device Manager Online Help
This is the update to switch module device manager online help:
For Catalyst Switch Module 3110G and 3012, the physical LED behavior is different from the LED behavior on the device manager.
Related Documentation
For more information about the switch module, see these documents on Cisco.com:
http://www.cisco.com/en/US/products/ps8741/tsd_products_support_series_home.html
•
•
•
•
•
•
•
For more information about the IBM BladeCenter enclosure, see the IBM documentation at:
http://www-03.ibm.com/systems/bladecenter/
These compatibility matrix documents are available from this Cisco.com site:
http://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html
•
For other information about related products, see these documents:
•
•
•
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0807R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2008 Cisco Systems, Inc. All rights reserved.
