Guest

Cisco Catalyst 4000 Series Switches

Release Notes for Catalyst 4000 Family Software Release 6.x

 Feedback

Table Of Contents

Release Notes for Catalyst 4000 Family Software Release 6.x

Contents

System Requirements

Power Supply Requirements

Release 6.x Memory Requirements

ROMMON Requirements

Upgrading the ROMMON

Product and Software Version Support Matrix

Release 6.x Orderable Software Images

New Features for Supervisor Engine Software Release 6.4

Hardware Features

Software Features

New Features for Supervisor Engine Software Release 6.3

Hardware Features

Software Features

New Features for Supervisor Engine Software Release 6.2

Hardware Features

Software Features

New Features for Supervisor Engine Software Release 6.1

Hardware Features

Software Features

Open and Resolved Caveats in Software Release 6.4(21)

Open Caveats in Software Release 6.4(21)

Resolved Caveats in Software Release 6.4(21)

Open and Resolved Caveats in Software Release 6.4(20)

Open Caveats in Software Release 6.4(20)

Resolved Caveats in Software Release 6.4(20)

Open and Resolved Caveats in Software Release 6.4(19)

Open Caveats in Software Release 6.4(19)

Resolved Caveats in Software Release 6.4(19)

Open and Resolved Caveats in Software Release 6.4(18)

Open Caveats in Software Release 6.4(18)

Resolved Caveats in Software Release 6.4(18)

Open and Resolved Caveats in Software Release 6.4(17)

Open Caveats in Software Release 6.4(17)

Resolved Caveats in Software Release 6.4(17)

Open and Resolved Caveats in Software Release 6.4(16)

Open Caveats in Software Release 6.4(16)

Resolved Caveats in Software Release 6.4(16)

Open and Resolved Caveats in Software Release 6.4(15)

Open Caveats in Software Release 6.4(15)

Resolved Caveats in Software Release 6.4(15)

Open and Resolved Caveats in Software Release 6.4(14)

Open Caveats in Software Release 6.4(14)

Resolved Caveats in Software Release 6.4(14)

Open and Resolved Caveats in Software Release 6.4(13)

Open Caveats in Software Release 6.4(13)

Resolved Caveats in Software Release 6.4(13)

Open and Resolved Caveats in Software Release 6.4(12)

Open Caveats in Software Release 6.4(12)

Resolved Caveats in Software Release 6.4(12)

Open and Resolved Caveats in Software Release 6.4(11)

Open Caveats in Software Release 6.4(11)

Resolved Caveats in Software Release 6.4(11)

Open and Resolved Caveats in Software Release 6.4(10)

Open Caveats in Software Release 6.4(10)

Resolved Caveats in Software Release 6.4(10)

Open and Resolved Caveats in Software Release 6.4(9)

Open Caveats in Software Release 6.4(9)

Resolved Caveats in Software Release 6.4(9)

Open and Resolved Caveats in Software Release 6.4(8)

Open Caveats in Software Release 6.4(8)

Resolved Caveats in Software Release 6.4(8)

Open and Resolved Caveats in Software Release 6.4(7)

Open Caveats in Software Release 6.4(7)

Resolved Caveats in Software Release 6.4(7)

Open and Resolved Caveats in Software Release 6.4(6)

Open Caveats in Software Release 6.4(6)

Resolved Caveats in Software Release 6.4(6)

Open and Resolved Caveats in Software Release 6.4(5)

Open Caveats in Software Release 6.4(5)

Resolved Caveats in Software Release 6.4(5)

Open and Resolved Caveats in Software Release 6.4(4)

Open Caveats in Software Release 6.4(4)

Resolved Caveats in Software Release 6.4(4)

Open and Resolved Caveats in Software Release 6.4(3)

Open Caveats in Software Release 6.4(3)

Resolved Caveats in Software Release 6.4(3)

Open and Resolved Caveats in Software Release 6.4(2)

Open Caveats in Software Release 6.4(2)

Resolved Caveats in Software Release 6.4(2)

Open and Resolved Caveats in Software Release 6.4(1)

Open Caveats in Software Release 6.4(1)

Resolved Caveats in Software Release 6.4(1)

Open and Resolved Caveats in Software Release 6.3(10)

Open Caveats in Software Release 6.3(10)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(10)

Open and Resolved Caveats in Software Release 6.3(9)

Open Caveats in Software Release 6.3(9)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(9)

Open and Resolved Caveats in Software Release 6.3(8)

Open Caveats in Software Release 6.3(8)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(8)

Open and Resolved Caveats in Software Release 6.3(7)

Open Caveats in Software Release 6.3(7)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(7)

Open and Resolved Caveats in Software Release 6.3(6)

Open Caveats in Software Release 6.3(6)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(6)

Open and Resolved Caveats in Software Release 6.3(5)

Open Caveats in Software Release 6.3(5)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(5)

Open and Resolved Caveats in Software Release 6.3(4a)

Open Caveats in Software Release 6.3(4a)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(4a)

Open and Resolved Caveats in Software Release 6.3(4)

Open Caveats in Software Release 6.3(4)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(4)

Open and Resolved Caveats in Software Release 6.3(3a)

Open Caveats in Software Release 6.3(3a)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(3a)

Open and Resolved Caveats in Software Release 6.3(3)

Open Caveats in Software Release 6.3(3)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(3)

Open and Resolved Caveats in Software Release 6.3(2a)

Open Caveats in Software Release 6.3(2a)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(2a)

Open and Resolved Caveats in Software Release 6.3(2)

Open Caveats in Software Release 6.3(2)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(2)

Open and Resolved Caveats in Software Release 6.3(1a)

Open Caveats in Software Release 6.3(1a)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(1a)

Open and Resolved Caveats in Software Release 6.3(1)

Open Caveats in Software Release 6.3(1)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(1)

Open and Resolved Caveats in Software Release 6.2(3a)

Open Caveats in Software Release 6.2(3a)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.2(3a)

Open and Resolved Caveats in Software Release 6.2(3)

Open Caveats in Software Release 6.2(3)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.2(3)

Open and Resolved Caveats in Software Release 6.2(2a)

Open Caveats in Software Release 6.2(2a)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.2(2a)

Open and Resolved Caveats in Software Release 6.2(2)

Open Caveats in Software Release 6.2(2)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.2(2)

Resolved Caveats for Nonembedded CiscoView

Open and Resolved Caveats in Software Release 6.2(1a)

Open Caveats in Software Release 6.2(1a)

Resolved Caveats in Software Release 6.2(1a)

Open and Resolved Caveats in Software Release 6.2(1)

Open Caveats in Software Release 6.2(1)

Resolved Caveats in Software Release 6.2(1)

Open and Resolved Caveats in Software Release 6.1(4b)

Open Caveats in Software Release 6.1(4b)

Resolved Caveats in Software Release 6.1(4b)

Open and Resolved Caveats in Software Release 6.1(3a)

Open Caveats in Software Release 6.1(3a)

Resolved Caveats in Software Release 6.1(3a)

Open and Resolved Caveats in Software Release 6.1(3)

Open Caveats in Software Release 6.1(3)

Resolved Caveats in Software Release 6.1(3)

Open and Resolved Caveats in Software Release 6.1(2a)

Open Caveats in Software Release 6.1(2a)

Resolved Caveats in Software Release 6.1(2a)

Open and Resolved Caveats in Software Release 6.1(2)

Open Caveats in Software Release 6.1(2)

Resolved Caveats in Software Release 6.1(2)

Open and Resolved Caveats in Software Release 6.1(1e)

Open Caveats in Software Release 6.1(1e)

Resolved Caveats in Software Release 6.1(1e)

Open and Resolved Caveats in Software Release 6.1(1c)

Open Caveats in Software Release 6.1(1c)

Resolved Caveats in Software Release 6.1(1c)

Open and Resolved Caveats in Software Release 6.1(1)

Open Caveats in Software Release 6.1(1)

Resolved Caveats in Software Release 6.1(1)

Usage Guidelines, Restrictions, and Troubleshooting

System and Supervisor Engine

Modules and Switch Ports

Spanning Tree

VTP, VLANs, and VLAN Trunks

EtherChannel

SPAN

Multicast

Protocol Filtering

MIBs

Authentication, Authorization, and Accounting

Nonembedded CiscoView

Software Documentation Updates for Release 6.1

Related Documentation

Obtaining Documentation

Cisco.com

Ordering Documentation

Documentation Feedback

Obtaining Technical Assistance

Cisco Technical Support Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information


Release Notes for Catalyst 4000 Family Software Release 6.x


Current Release:
6.4(21)—February 20, 2005
Previous Releases:
6.4(20), 6.4(19), 6.4(18), 6.4(17), 6.4(16), 6.4(15), 6.4(14), 6.4(13), 6.4(12), 6.4(11), 6.4(10), 6.4(9), 6.4(8), 6.4(7), 6.4(6), 6.4(5), 6.4(4), 6.4(3), 6.4(2), 6.4(1) 6.3(10), 6.3(9), 6.3(8), 6.3(7), 6.3(6), 6.3(5), 6.3(4a), 6.3(4), 6.3(3a), 6.3(3), 6.3(2a), 6.3(2), 6.3(1a), 6.3(1), 6.2(3a), 6.2(3), 6.2(2a), 6.2(2), 6.1(4b), 6.1(3a), 6.1(3), 6.2(1a), 6.2(1), 6.1(2a), 6.1(2), 6.1(1e), 6.1(1c), 6.1(1)

These release notes describe the features, modifications, and caveats for Catalyst 4000 series supervisor engine software release 6.x and all 6.x maintenance releases. The most current 6.x release is supervisor engine software release 6.4(21). These release notes apply to Catalyst 4000 series switches as well as to Catalyst 2948G and 2980 switches running Catalyst 4000 series supervisor engine software.


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html



Caution We strongly recommend that you read these release notes before using your switch or upgrading your switch software.


Note Although the software image in a new Catalyst 4000 family switch operates correctly, later software images containing the latest upgrades and modifications are released regularly to provide you with the most optimized software available. We strongly recommend that you check for the latest released software images at the World Wide Web location listed in the "Cisco.com" section.



Note Release notes for earlier Catalyst 4000 family software releases were accurate at the time of release. However, for information on the latest caveats and updates to previously released Catalyst 4000 family software releases, refer to the release notes for the latest maintenance release in your software release train. You can access all Catalyst 4000 series release notes at the World Wide Web location listed in the "Cisco.com" section.



Caution Always back up the switch configuration file before upgrading or downgrading the switch software to avoid losing all or part of the configuration stored in nonvolatile RAM (NVRAM). A software downgrade will always cause the configuration to be lost. Use the copy config tftp command to back up your configuration to a Trivial File Transfer Protocol (TFTP) server. Use the copy config flash command to back up the configuration to a Flash device.

Contents

This document consists of these sections:

System Requirements

Product and Software Version Support Matrix

Release 6.x Orderable Software Images

New Features for Supervisor Engine Software Release 6.4

New Features for Supervisor Engine Software Release 6.3

New Features for Supervisor Engine Software Release 6.2

New Features for Supervisor Engine Software Release 6.1

Open and Resolved Caveats in Software Release 6.4(21)

Open and Resolved Caveats in Software Release 6.4(20)

Open and Resolved Caveats in Software Release 6.4(19)

Open and Resolved Caveats in Software Release 6.4(18)

Open and Resolved Caveats in Software Release 6.4(17)

Open and Resolved Caveats in Software Release 6.4(16)

Open and Resolved Caveats in Software Release 6.4(15)

Open and Resolved Caveats in Software Release 6.4(14)

Open and Resolved Caveats in Software Release 6.4(13)

Open and Resolved Caveats in Software Release 6.4(12)

Open and Resolved Caveats in Software Release 6.4(11)

Open and Resolved Caveats in Software Release 6.4(10)

Open and Resolved Caveats in Software Release 6.4(9)

Open and Resolved Caveats in Software Release 6.4(8)

Open and Resolved Caveats in Software Release 6.4(7)

Open and Resolved Caveats in Software Release 6.4(6)

Open and Resolved Caveats in Software Release 6.4(5)

Open and Resolved Caveats in Software Release 6.4(4)

Open and Resolved Caveats in Software Release 6.4(3)

Open and Resolved Caveats in Software Release 6.4(2)

Open and Resolved Caveats in Software Release 6.4(1)

Open and Resolved Caveats in Software Release 6.3(10)

Open and Resolved Caveats in Software Release 6.3(9)

Open and Resolved Caveats in Software Release 6.3(8)

Open and Resolved Caveats in Software Release 6.3(7)

Open and Resolved Caveats in Software Release 6.3(6)

Open and Resolved Caveats in Software Release 6.3(5)

Open and Resolved Caveats in Software Release 6.3(4a)

Open and Resolved Caveats in Software Release 6.3(4)

Open and Resolved Caveats in Software Release 6.3(3a)

Open and Resolved Caveats in Software Release 6.3(3)

Open and Resolved Caveats in Software Release 6.3(2a)

Open and Resolved Caveats in Software Release 6.3(2)

Open and Resolved Caveats in Software Release 6.3(1a)

Open and Resolved Caveats in Software Release 6.3(1)

Open and Resolved Caveats in Software Release 6.2(3a)

Open and Resolved Caveats in Software Release 6.2(3)

Open and Resolved Caveats in Software Release 6.2(2a)

Open and Resolved Caveats in Software Release 6.2(2)

Open and Resolved Caveats in Software Release 6.2(1a)

Open and Resolved Caveats in Software Release 6.2(1)

Open and Resolved Caveats in Software Release 6.1(4b)

Open and Resolved Caveats in Software Release 6.1(3a)

Open and Resolved Caveats in Software Release 6.1(3)

Open and Resolved Caveats in Software Release 6.1(2a)

Open and Resolved Caveats in Software Release 6.1(2)

Open and Resolved Caveats in Software Release 6.1(1e)

Open and Resolved Caveats in Software Release 6.1(1c)

Open and Resolved Caveats in Software Release 6.1(1)

Usage Guidelines, Restrictions, and Troubleshooting

Software Documentation Updates for Release 6.1

Related Documentation

Obtaining Documentation

System Requirements

This section describes the system requirements for the Catalyst 4000 family switches and contains the following sections:

Power Supply Requirements

Release 6.x Memory Requirements

ROMMON Requirements

Upgrading the ROMMON

Power Supply Requirements

The Catalyst 4006 switch requires dual power supplies.

Release 6.x Memory Requirements

The Catalyst 4000 series supervisor engine software release 6.x requires a minimum of 64-MB DRAM installed on your supervisor engine.

If your supervisor engine has less than 64-MB DRAM, you can add more memory by ordering the 32-MB DRAM upgrade (Cisco product number MEM-C4K-32-RAM=) for the Catalyst 4000 family Supervisor Engine I.

ROMMON Requirements

If the Boot ROM (ROMMON) loaded onto your switch is version 4.5(1) or earlier, you need to upgrade to a ROMMON version of 5.4(1) or greater in order to run software release 6.3(2) or a later release.

Upgrading the ROMMON

Follow these guidelines to upgrade the ROMMON on your switch:


Caution To avoid actions that might make your system unbootable, read this entire section before starting the upgrade.

You can do this procedure entirely over a Telnet connection. If something fails, you will need to have access to the console serial port. If done improperly, the system can become unbootable. You will then have to return it to Cisco for repair.

This section describes an upgrade to ROMMON version 6.1(4). The same procedure applies to other ROMMON versions, but you will have to substitute appropriate version numbers in the upgrade image names.


Step 1 Download the promupgrade program from Cisco.com and place it on a TFTP server in a directory that is accessible from the switch to be upgraded.

The promupgrade programs are available at the same location on Cisco.com where you download Catalyst 4000 system images.

To upgrade to ROMMON version 6.1(4), download the cat4000-promupgrade.6-1-4.bin file.

Step 2 In privileged mode on your switch, use the show version command to verify the ROMMON version loaded on the switch.

The ROMMON version number is listed as the System Bootstrap Version. For example, the system is running ROMMON version 6.1(2):

Console> (enable) show version
WS-C4003 Software, Version NmpSW:5.5(8)
Copyright (c) 1995-2001 by Cisco Systems, Inc.
NMP S/W compiled on May 24 2001, 21:12:09
GSP S/W compiled on May 24 2001, 18:39:50

System Bootstrap Version:6.1(2)

Hardware Version:1.0  Model:WS-C4003  Serial #:xxxxxxxxx

.

Console> (enable)

Step 3 Use the dir bootflash: command to ensure that there is sufficient space in Flash memory to store the promupgrade image. If there is insufficient space, delete one or more images and then enter the squeeze bootflash: command to reclaim the space.

Step 4 Download the promupgrade image into Flash memory using the copy tftp command.

This example shows how to download the promupgrade image cat4000-promupgrade.6-1-4.bin from the remote host Lab_Server to bootflash:

Console> (enable) copy tftp flash
IP address or name of remote host []? Lab_Server
Name of file to copy from []? /cat4000-promupgrade.6-1-4.bin
Flash device []? bootflash
Name of file to copy to []? cat4000-promupgrade.6-1-4.bin

9205592 bytes available on device bootflash, proceed (y/n) [n]? y
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
File has been copied successfully.
Console > (enable)

Step 5 Ensure that the last line in the output of the show boot command is boot:image specified by the boot system commands.

If the last line in the output of the show boot command is not boot:image specified by the boot system commands, go to Step 6.

If the last line in the output of the show boot command is boot:image specified by the boot system commands, go to Step 7.

This example shows the autoboot configuration:

Console> (enable) show boot
BOOT variable = bootflash:cat4000.5-5-8.bin,1;
CONFIG_FILE variable = bootflash:switch.cfg

Configuration register is 0x102
ignore-config:disabled
auto-config:non-recurring
console baud:9600
boot:image specified by the boot system commands
Console > (enable)

Step 6 If the last line in the output of the show boot command is not boot:image specified by the boot system commands, use the set boot config-register command to set the boot configuration.

This example shows how to set the boot configuration:

Console > (enable) set boot config-register boot system
Configuration register is 0x102
ignore-config:disabled
auto-config:non-recurring
console baud:9600
boot:image specified by the boot system commands
Console > (enable)

Step 7 Use the set boot system flash command to prepend the promupgrade image to the boot string:


Note Make sure that you use the prepend keyword with the set boot system flash command. The switch always boots the first image in the boot string, and you want the promupgrade image to boot first.


This example shows how to prepend the promupgrade image to the boot string:

Console> (enable) set boot system flash bootflash:cat4000-promupgrade.6-1-4.bin prepend
BOOT variable = bootflash:cat4000-promupgrade.6-1-4.bin,1;bootflash:cat4000.5-5-8.bin,1;

Step 8 Reset the switch to boot the promupgrade program.


Caution No intervention is necessary to complete the upgrade. Do not interrupt the boot process by performing a reset, power cycle, or OIR of the supervisor engine for at least 5 minutes! If the process is not allowed to complete, you may damage the switch and have to return it to Cisco for repair.

Upgrading the ROMMON may require up to 5 minutes because the switch boots the promupgrade image. This special program erases the current ROMMON from Flash memory and installs the new one. After installing the new ROMMON, the system resets again and boots the next image in the BOOT string. If the BOOT string was configured as described in Step 7, the next image is the software image that the switch was originally configured to boot.


Note A Telnet session is disconnected when you reset the switch; you will lose connectivity to the switch for some time.


If you connect to the console serial port, similar output displays when you reset the switch:

0:00.530901:ig0:00:10:7b:aa:d3:fe is 172.20.59.203
0:00.531660:netmask:255.255.255.0
0:00.532030:broadcast:172.20.59.255
0:00.532390:gateway:172.20.59.1
WS-X4012 bootrom version 6.1(2), built on 2000.04.03 15:20:09
H/W Revisions:Meteor:2 Comet:8 Board:1
Supervisor MAC addresses:00:10:7b:aa:d0:00 through 00:10:7b:aa:d3:ff (1024 addresses)
Installed memory:64 MB
Testing LEDs.... done!
The system will autoboot in 5 seconds.
Type control-C to prevent autobooting.
rommon 1 >
The system will now begin autobooting.
Autobooting image:
"bootflash:cat4000-promupgrade.6-1-4.bin"

CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC#############################
Replacing ROM version 6.1(2) with version 6.1(4)

Upgrading your PROM... DO NOT RESET the system
unless instructed or it may NOT be bootable!!!
Beginning erase of 524288 bytes at offset 0x0... Done!
Beginning write of system prom (467456 bytes at offset 0x0)...
This could take as little as 10 seconds or up to 2 minutes.
Please DO NOT RESET!

*******************************************

Success!
System will reset in 2 seconds...
[ ... ]

The switch reboots back into the online software:

0:00.530856:ig0:00:10:7b:aa:d3:fe is 172.20.59.203
0:00.531616:netmask:255.255.255.0
0:00.531967:broadcast:172.20.59.255
0:00.532342:gateway:172.20.59.1
WS-X4012 bootrom version 6.1(4), built on 2000.04.03 15:20:09
H/W Revisions:Meteor:2 Comet:8 Board:1
Supervisor MAC addresses:00:10:7b:aa:d0:00 through 00:10:7b:aa:d3:ff (1024 addresses)
Installed memory:64 MB
Testing LEDs.... done!
The system will autoboot in 5 seconds.
Type control-C to prevent autobooting.
rommon 1 >
The system will now begin autobooting.
Autobooting image:"bootflash:cat4000.5-5-8.bin"

CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCC#####################################

Step 9 In privileged mode, use the show version command to verify that the new ROMMON version is running on the switch.

The ROMMON version number is listed as the System Bootstrap Version. For example, this system is running ROMMON version 6.1(4):

Console> (enable) show version
WS-C4003 Software, Version NmpSW:5.5(8)
Copyright (c) 1995-2001 by Cisco Systems, Inc.
NMP S/W compiled on May 24 2001, 21:12:09
GSP S/W compiled on May 24 2001, 18:39:50

System Bootstrap Version:6.1(4)

Hardware Version:1.0  Model:WS-C4003  Serial #:xxxxxxxxx
..
.Console > (enable)


Caution When entering the clear boot system flash cat.4000-promupgrade.6-1-4.bin command, be sure to type the correct promupgrade image in the command syntax. If you enter only clear boot system flash, all images in the autoboot string are cleared, and the switch will not know which image to boot.

Step 10 Use the clear boot system flash promupgrade_image command to remove the promupgrade program from the autoboot string.

This example shows how to remove the promupgrade image cat.4000-promupgrade.6-1-4.bin from the boot sequence. Notice that the response message shows the system image for software release 5.5(8) in the autoboot string.

Console> (enable) clear boot system flash bootflash:cat4000-promupgrade.6-1-4.bin
BOOT variable = bootflash:cat4000.5-5-8.bin,1;

Step 11 Use the del command to delete the promupgrade program from Flash memory and squeeze the Flash memory to reclaim unused space.

This example shows how to delete the promupgrade image cat.4000-promupgrade.6-1-4.bin from Flash memory and reclaim unused space:

Console> (enable) del bootflash:cat4000-promupgrade.6-1-4.bin
Console> (enable) squeeze bootflash:

All deleted files will be removed, proceed (y/n) [n]? y

Squeeze operation may take some time, proceed (y/n) [n]? y
Console> (enable)

Step 12 After removing the promupgrade image from the BOOT string, use the show boot command to verify that the BOOT string is set correctly.

Product and Software Version Support Matrix

This section contains the configuration matrixes to help you order Catalyst 4000 family products. Table 1 lists the minimum supervisor engine software version and the current recommended supervisor engine software version for Catalyst 4000 family modules and chassis.

Table 1 Product and Supervisor Engine Software Version Matrix 

Product Number
(appended with "=" indicates spares)
Product Description
Minimum Supervisor Engine Software Version
Recommended Supervisor Engine Software Version
Supervisor Engine

WS-X4012

Catalyst 4000 series Supervisor Engine I module

4.5(8)

6.4(20)

WS-X4013

Catalyst 4006 Supervisor Engine I module

5.4(2)

6.4(20)

Ethernet, Fast Ethernet, and Gigabit Ethernet

WS-X4148-RJ

48-port 10/100 Fast Ethernet RJ-45

4.5(8)

6.4(20)

WS-X4232-GB-RJ

32-port 10/100 Fast Ethernet RJ-45, plus 2-port 1000BASE-X (GBIC) Gigabit Ethernet

4.5(8)

6.4(20)

WS-X4232-L3

32-port 10/100 Fast Ethernet RJ-45 plus two full-duplex 1000BASE-X (GBIC) Gigabit Ethernet Layer 3 module

5.5(1)

6.4(20)

WS-X4148-RJ45V

48-port inline power 10/100BASE-TX switching module

6.1(1)

6.4(20)

WS-X4232-RJ-XX

32-port 10/100 Fast Ethernet RJ-45 switching module

5.1(1)

6.4(20)

WS-X4306-GB

6-port 1000BASE-X (GBIC) Gigabit Ethernet switching module

4.5(8)

6.4(20)

WS-X4418-GB

18-port 1000BASE-X (GBIC) Gigabit Ethernet switching module

4.5(8)

6.4(20)

WS-X4412-2GB-T

12-port 1000BASE-T Gigabit Ethernet switching module

5.4(2)

6.4(20)

WS-X4124-FX-MT

24-port 100BASE-FX Fast Ethernet switching module

5.4(2)

6.4(20)

WS-X4148-RJ21

48-port 10/100-Mbps Fast Ethernet switching module

5.4(2)

6.4(20)

WS-X4148-FX-MT

48-port 100BASE-FX Fast Ethernet switching module

6.2(1)

6.4(20)

WS-X4424-GB-RJ45

24-port 10/100/1000BASE-T Gigabit Ethernet switching module

6.3(1)

6.4(20)

WS-X4448-GB-LX

48-port Gigabit Ethernet switching module

6.3(1)

6.4(20)

Uplink Modules

WS-U4504-FX-MT

4-port 100BASE-FX MT-RJ module

5.1(1)

6.4(20)

Gigabit Interface Converters (GBICs)

WS-G5484=

1000BASE-SX GBIC

4.5(8)

6.4(20)

WS-G5486=

1000BASE-LX/LH GBIC

WS-G5487=

1000BASE-ZX GBIC

4.5(8)

6.4(20)

Modular Chassis

WS-C4003-S1

Catalyst 4003 chassis (3-slot)

4.5(8)

6.4(20)

WS-C4006-S2

Catalyst 4006 chassis (6-slot)

5.4(2)

6.4(20)

Fixed-Configuration Chassis

WS-C2948G

Catalyst 2948G with two 1000BASE-X (GBIC) Gigabit Ethernet uplinks and 48 10/100 Fast Ethernet ports

4.5(8)

6.4(20)

WS-C4912G

Catalyst 4912G with 12 1000BASE-X (GBIC) Gigabit Ethernet ports

4.5(8)

6.4(20)

WS-C2980G

Catalyst 2980 with 80 10/100 Fast Ethernet ports and 2 1000BASE-X ports

5.4(2)

6.4(20)

WS-C2980G-A

Catalyst 2980 with 80 10/100 Fast Ethernet ports and two 1000BASE-X ports

6.1(1)

6.4(20)


Release 6.x Orderable Software Images

Table 2 lists the software versions and applicable ordering information for Catalyst 4000 family supervisor engine software release 6.x.

Table 2 Release 6.x Orderable Software Image Matrix  

Software Release
Filename
Orderable Product Number
Flash on System
Orderable Product Number
Spare Upgrade (Floppy Media)
Supervisor Engine I and II

6.1(1)

cat4000.6-1-1.bin

SC4K-SUP-6.1.1

SC4K-SUP-6.1.1=

6.1(1) Cisco View1

cat4000-cv.6-1-1.bin

SC4K-SUPCV-6.1.1

SC4K-SUPCV-6.1.1=

6.1(1) Secure Shell

cat4000-k9.6-1-1.bin

SC4K-SUPK9-6.1.1

SC4K-SUPK9-6.1.1=

6.1(1e)

cat4000.6-1-1e.bin

SC4K-SUP-6.1.1e

SC4K-SUP-6.1.1e=

6.1(2)

cat4000.6-1-2.bin

SC4K-SUP-6.1.2

SC4K-SUP-6.1.2=

6.1(2) Cisco View1

cat4000-cv.6-1-2.bin

SC4K-SUPCV-6.1.2

SC4K-SUPCV-6.1.2=

6.1(2) Secure Shell

cat4000-k9.6-1-2.bin

SC4K-SUPK9-6.1.2

SC4K-SUPK9-6.1.2=

6.1(2a)

cat4000.6-1-2a.bin

SC4K-SUP-6.1.2a

SC4K-SUP-6.1.2a=

6.1(3)

cat4000.6-1-3.bin

SC4K-SUP-6.1.3

SC4K-SUP-6.1.3=

6.1(3) Cisco View1

cat4000-cv.6-1-3.bin

SC4K-SUPCV-6.1.3

SC4K-SUPCV-6.1.3=

6.1(3) Secure Shell

cat4000-k9.6-1-3.bin

SC4K-SUPK9-6.1.3

SC4K-SUPK9-6.1.3=

6.1(3a)

cat4000.6-1-3a.bin

SC4K-SUP-6.1.3a

SC4K-SUP-6.1.3a=

6.1(4b)

cat4000.6-1-4b.bin

SC4K-SUP-6.1-4b

SC4K-SUP-6.1-4b=

6.2(1)1

cat4000.6-2-1.bin

SC4K-SUP-6.2-1

SC4K-SUP-6.2-1=

6.2(1) Cisco View1

cat4000-cv.6-2-1.bin

SC4K-SUPCV-6.2-1

SC4K-SUPCV-6.2-1=

6.2(1) Secure Shell

cat4000-k9.6-2-1.bin

SC4K-SUPK9-6.2-1

SC4K-SUPK9-6.2-1=

6.2(1a)

cat4000.6-2-1a.bin

SC4K-SUP-6.2-1a

SC4K-SUP-6.2-1a=

6.2(2)

cat4000.6-2-2.bin

SC4K-SUP-6.2-2

SC4K-SUP-6.2-2=

6.2(2) Cisco View1

cat4000-cv.6-2-2.bin

SC4K-SUPCV-6.2-2

SC4K-SUPCV-6.2-2=

6.2(2) Secure Shell

cat4000-k9.6-2-2.bin

SC4K-SUPK9-6.2-2

SC4K-SUPK9-6.2-2=

6.2(2a)

cat4000.6-2-2a.bin

SC4K-SUP-6.2-2a

SC4K-SUP-6.2-2a=

6.2(3)

cat4000.6-2-3.bin

SC4K-SUP-6.2-3

SC4K-SUP-6.2-3=

6.2(3) Cisco View1

cat4000-cv.6-2-3.bin

SC4K-SUPCV-6.2-3

SC4K-SUPCV-6.2-3=

6.2(3) Secure Shell

cat4000-k9.6-2-3.bin

SC4K-SUPK9-6.2-3

SC4K-SUPK9-6.2-3=

6.3(1)

cat4000.6-3-1.bin

SC4K-SUP-6.3-1

SC4K-SUP-6.3-1=

6.3(1) Secure Shell

cat4000-k9.6-3-1.bin

SC4K-SUPK9-6.3-1

SC4K-SUPK9-6.3-1=

6.3(1a)

cat4000.6-3-1a.bin

SC4K-SUP-6.3-1a

SC4K-SUP-6.3-1a=

6.3(2)

cat4000.6-3-2.bin

SC4K-SUP-6.3-2

SC4K-SUP-6.3-2=

6.3(2) Secure Shell

cat4000-k9.6-3-2.bin

SC4K-SUPK9-6.3-2

SC4K-SUPK9-6.3-2=

6.3(2) Cisco View1

cat4000-cv.6-3-2.bin

SC4K-SUPCV-6.3-2

SC4K-SUPCV-6.3-2=

6.3(2a)

cat4000.6-3-2a.bin

SC4K-SUP-6.3-2a

SC4K-SUP-6.3-2a=

6.3(3)

cat4000.6-3-3.bin

SC4K-SUP-6.3-3

SC4K-SUP-6.3-3=

6.3(3) Secure Shell

cat4000-k9.6-3-3.bin

SC4K-SUPK9-6.3-3

SC4K-SUPK9-6.3-3=

6.3(3) Cisco View1

cat4000-cv.6-3-3.bin

SC4K-SUPCV-6.3-3

SC4K-SUPCV-6.3-3=

6.3(3a)

cat4000.6-3-3a.bin

SC4K-SUP-6.3-3a

SC4K-SUP-6.3-3a=

6.3(4)

cat4000.6-3-4.bin

SC4K-SUP-6.3-4

SC4K-SUP-6.3-4=

6.3(4a)

cat4000.6-3-4a.bin

SC4K-SUP-6.3a-4

SC4K-SUP-6.3-4a=

6.3(5)

cat4000.6-3-5.bin

SC4K-SUP-6.3-5

SC4K-SUP-6.3-5=

6.3(5) Secure Shell

cat4000-k9.6-3-5.bin

SC4K-SUPK9-6.3-5

SC4K-SUPK9-6.3-5=

6.3(6)

cat4000.6-3-6.bin

SC4K-SUP-6.3-6

SC4K-SUP-6.3-6=

6.3(6) Secure Shell

cat4000-k9.6-3-6.bin

SC4K-SUPK9-6.3-6

SC4K-SUPK9-6.3-6=

6.3(7)

cat4000.6-3-7.bin

SC4K-SUP-6.3-7

SC4K-SUP-6.3-7=

6.3(7) Secure Shell

cat4000-k9.6-3-7.bin

SC4K-SUPK9-6.3-7

SC4K-SUPK9-6.3-7=

6.3(8)

cat4000.6-3-8.bin

SC4K-SUP-6.3-8

SC4K-SUP-6.3-8=

6.3(8) Secure Shell

cat4000-k9.6-3-8.bin

SC4K-SUPK9-6.3-8

SC4K-SUPK9-6.3-8=

6.3(9)

cat4000.6-3-9.bin

SC4K-SUP-6.3-9

SC4K-SUP-6.3-9=

6.3(9) Secure Shell

cat4000-k9.6-3-9.bin

SC4K-SUPK9-6.3-9

SC4K-SUPK9-6.3-9=

6.3(10)

cat4000.6-3-10.bin

SC4K-SUP-6.3-10

SC4K-SUP-6.3-10=

6.3(10) Secure Shell

cat4000-k9.6-3-10.bin

SC4K-SUPK9-6.3-10

SC4K-SUPK9-6.3-10=

6.4(1)

cat4000.6-4-1.bin

SC4K-SUP-6.4-1

SC4K-SUP-6.4-1=

6.4(1) Secure Shell

cat4000-k9.6-4-1.bin

SC4K-SUPK9-6.4-1

SC4K-SUPK9-6.4-1=

6.4(2)

cat4000.6-4-2.bin

SC4K-SUP-6.4-2

SC4K-SUP-6.4-2=

6.4(2) Secure Shell

cat4000-k9.6-4-2.bin

SC4K-SUPK9-6.4-2

SC4K-SUPK9-6.4-2=

6.4(3)

cat4000.6-4-3.bin

SC4K-SUP-6.4-3

SC4K-SUP-6.4-3=

6.4(3) Secure Shell

cat4000-k9.6-4-3.bin

SC4K-SUPK9-6.4-3

SC4K-SUPK9-6.4-3=

6.4(4)

cat4000.6-4-4.bin

SC4K-SUP-6.4-4

SC4K-SUP-6.4-4=

6.4(4) Secure Shell

cat4000-k9.6-4-4.bin

SC4K-SUPK9-6.4-4

SC4K-SUPK9-6.4-4=

6.4(5)

cat4000.6-4-5.bin

SC4K-SUP-6.4-5

SC4K-SUP-6.4-5=

6.4(5) Secure Shell

cat4000-k9.6-4-5.bin

SC4K-SUPK9-6.4-5

SC4K-SUPK9-6.4-5=

6.4(6)

cat4000.6-4-6.bin

SC4K-SUP-6.4-6

SC4K-SUP-6.4-6=

6.4(6) Secure Shell

cat4000-k9.6-4-6.bin

SC4K-SUPK9-6.4-6

SC4K-SUPK9-6.4-6=

6.4(7)

cat4000.6-4-7.bin

SC4K-SUP-6.4-7

SC4K-SUP-6.4-7=

6.4(7) Secure Shell

cat4000-k9.6-4-7.bin

SC4K-SUPK9-6.4-7

SC4K-SUPK9-6.4-7=

6.4(8)

cat4000.6-4-8.bin

SC4K-SUP-6.4-8

SC4K-SUP-6.4-8=

6.4(8) Secure Shell

cat4000-k9.6-4-8.bin

SC4K-SUPK9-6.4-8

SC4K-SUPK9-6.4-8=

6.4(8a)

cat4000.6-4-8a.bin

SC4K-SUP-6.4-8a

SC4K-SUP-6.4-8a=

6.4(9)

cat4000.6-4-9.bin

SC4K-SUP-6.4-9

SC4K-SUP-6.4-9=

6.4(9) Secure Shell

cat4000-k9.6-4-9.bin

SC4K-SUPK9-6.4-9

SC4K-SUPK9-6.4-9=

6.4(10)

cat4000.6-4-10.bin

SC4K-SUP-6.4-10

SC4K-SUP-6.4-10=

6.4(10) Secure Shell

cat4000-k9.6-4-10.bin

SC4K-SUPK9-6.4-10

SC4K-SUPK9-6.4-10=

6.4(11)

cat4000.6-4-11.bin

SC4K-SUP-6.4-11

SC4K-SUP-6.4-11=

6.4(11) Secure Shell

cat4000-k9.6-4-11.bin

SC4K-SUPK9-6.4-11

SC4K-SUPK9-6.4-11=

6.4(12)

cat4000.6-4-12.bin

SC4K-SUP-6.4-12

SC4K-SUP-6.4-12=

6.4(12) Secure Shell

cat4000-k9.6-4-12.bin

SC4K-SUPK9-6.4-12

SC4K-SUPK9-6.4-12=

6.4(13)

cat4000.6-4-13.bin

SC4K-SUP-6.4-13

SC4K-SUP-6.4-13=

6.4(13) Secure Shell

cat4000-k9.6-4-13.bin

SC4K-SUPK9-6.4-13

SC4K-SUPK9-6.4-13=

6.4(14)

cat4000.6-4-14.bin

SC4K-SUP-6.4-14

SC4K-SUP-6.4-14=

6.4(14) Secure Shell

cat4000-k9.6-4-14.bin

SC4K-SUPK9-6.4-14

SC4K-SUPK9-6.4-14=

6.4(15)

cat4000.6-4-15.bin

SC4K-SUP-6.4-15

SC4K-SUP-6.4-15=

6.4(15) Secure Shell

cat4000-k9.6-4-15.bin

SC4K-SUPK9-6.4-15

SC4K-SUPK9-6.4-15=

6.4(16)

cat4000.6-4-16.bin

SC4K-SUP-6.4-16

SC4K-SUP-6.4-16=

6.4(16) Secure Shell

cat4000-k9.6-4-16.bin

SC4K-SUPK9-6.4-16

SC4K-SUPK9-6.4-16=

6.4(17)

cat4000.6-4-17.bin

SC4K-SUP-6.4-17

SC4K-SUP-6.4-17=

6.4(17) Secure Shell

cat4000-k9.6-4-17.bin

SC4K-SUPK9-6.4-17

SC4K-SUPK9-6.4-17=

6.4(18)

cat4000.6-4-18.bin

SC4K-SUP-6.4-18

SC4K-SUP-6.4-18=

6.4(18) Secure Shell

cat4000-k9.6-4-18.bin

SC4K-SUPK9-6.4-18

SC4K-SUPK9-6.4-18=

6.4(19)

cat4000.6-4-19.bin

SC4K-SUP-6.4-19

SC4K-SUP-6.4-19=

6.4(19) Secure Shell

cat4000-k9.6-4-19.bin

SC4K-SUPK9-6.4-19

SC4K-SUPK9-6.4-19=

6.4(20)

cat4000.6-4-20.bin

SC4K-SUP-6.4-20

SC4K-SUP-6.4-20=

6.4(20) Secure Shell

cat4000-k9.6-4-20.bin

SC4K-SUPK9-6.4-20

SC4K-SUPK9-6.4-20=

6.4(21)

cat4000.6-4-21.bin

SC4K-SUP-6.4-21

SC4K-SUP-6.4-21=

6.4(21) Secure Shell

cat4000-k9.6-4-21.bin

SC4K-SUPK9-6.4-21

SC4K-SUPK9-6.4-21=

1 The 6.x CiscoView releases require JPI (Java Plug-in) 1.3.0 in the browser. This version is incompatible with the 5.5(3) CiscoView and earlier releases, which require JPI 1.2.2. Software releases 5.5(4) CiscoView and later work with JPI 1.3.0. Java Plug-in versions released after 1.3.0 (1.3.0_01 and above) do not work with software releases 5.5(4) CiscoView and 6.x CiscoView.


New Features for Supervisor Engine Software Release 6.4

This section describes the new hardware and software features available in software release 6.4.

Hardware Features

There are no hardware features that are new to software release 6.4.

Software Features

There are no software features that are new to software release 6.4.

New Features for Supervisor Engine Software Release 6.3

This section describes the new hardware and software features available in software release 6.3.

Hardware Features

The following hardware features are new to software release 6.3:

48-port Gigabit Ethernet switching module (WS-X4448-GB-LX)

Software Features

The following software features are new to software release 6.3:

EtherChannel Enhancement

An EtherChannel is preserved even if it contains only one port. In software releases prior to 6.3(1), if you have a 2-port channel and one link is removed, the remaining link is removed and added back to spanning tree, which causes a loss of connection on the channel until the link is forwarding again.

Power Management Enhancement

The power management feature provides 1+1 power redundancy for the Catalyst 4000 series switches but is designed to optimized a Catalyst 4006 chassis consisting of a WS-X4013 supervisor engine and four WS-X4148-RJ or WS-X4148-RJ21 modules.

CDPv2 Enhancements

Addition of TLVs such as sysName, sysObjectID, management address, and physical location

Support of a new device ID format called the mac-address format in addition to the "old-style" format (as in the device hardware serial number)

Display changes corresponding to some parameters such as device ID for the show cdp command

Private VLAN on sc0

The management interface, sc0, can be assigned to a private VLAN as well as regular VLANs.

Remote SPAN

Source and destination SPAN ports can be on different compatible switches.

Display SNMPv3 counters using the CLI

You can now use the CLI to display SNMP counters for various MIBs.

SNMPv3 enhancements

The SNMPv3 implementation in software releases prior to 6.3(1) support RFC 2271 through RFC 2275. RFC 2271 through RFC 2275 were replaced with RFC 2571-RFC 2576. The SNMPv3 enhancement in 6.3(1) implements RFC 2571 through RFC 2576.

Text Config Mode

When you use text file configuration mode, the system stores its configuration as a text file in nonvolatile storage, either in NVRAM or Flash memory. This text file consists of commands entered by you to configure various features.

Support for the following MIBs:

CISCO-AAA-CLIENT-MIB

CISCO-ENTITY-FRU-CONTROL-MIB

CISCO-RMON-CONFIG-MIB Enhancement

CISCO-STP-EXTENSION-MIB

CISCO-SYSTEM-MIB Enhancement

New Features for Supervisor Engine Software Release 6.2

This section describes the new hardware and software features available in software release 6.2.

Hardware Features

The following hardware features are new to software release 6.2:

48-port 100BASE-FX Fast Ethernet switching module (WS-X4148-FX-MT)

24-port 10/100/1000BASE-T Gigabit Ethernet switching module (WS-X4424-GB-RJ45)

Software Features

The following software features are new to software release 6.2:

Dynamic VLAN support for VVID

Prior to software release 6.2(1), dynamic ports could only belong to one VLAN. You could not enable the dynamic port VLAN feature on ports that carried a native VLAN and an auxiliary VLAN. With software release 6.2(1) and later releases, the dynamic ports can belong to two VLANs. The switch port configured for connecting an IP phone can have separate VLANs that are configured for carrying the following traffic:

Voice traffic to and from the IP phone (auxiliary VLAN)

Data traffic to and from the PC that is connected to the switch through the access port of the IP phone (native VLAN)

BPDU packet filtering

BPDU packet filtering turns off BPDU transmission on PortFast-enabled ports and nontrunking ports.

BPDU skew detection and syslog

BPDU skew detection allows you to troubleshoot slow network convergence that is caused by skewing.

IEEE 802.1x

IEEE 802.1x is a client-server-based access control and authentication protocol that restricts unauthorized devices from connecting to a LAN through publicly accessible ports.

Local command accounting

Local command accounting records the last 100 commands that the user entered into the system.

Loop guard

Loop guard checks if a root port or an alternate root port receives BPDUs. If a port is not receiving BPDUs, loop guard puts the port into an inconsistent state, isolating the failure and allowing spanning tree to converge to a stable topology, until the port starts receiving BPDUs again.

Private VLANs

Private VLANs are sets of ports that have the features of normal VLANs and also provide some Layer 2 isolation from other ports on the Catalyst 4000 series switch.

Layer 2 Traceroute

The Layer 2 Traceroute utility allows you to identify the physical path that a packet takes when going from a source to a destination. Layer 2 Traceroute determines the path by looking at the forwarding engine tables of the switches in the path.

Multiple Instance Spanning Tree Protocol (MISTP)

MISTP allows you to group multiple VLANs under a single instance of spanning tree. MISTP combines the Layer 2 load-balancing benefits of PVST+ with the lower CPU load of IEEE 802.1Q.

MAC address filtering

You can filter traffic that is based on a host's MAC address so that packets that are tagged with that specific source MAC address are discarded. When you specify a MAC address filter, incoming traffic from that host MAC address will be dropped and packets addressed to that host will not be forwarded.

HC-RMON media independent table

Provides information for full- and half-duplex links as well as high-capacity links.

Support for the following MIBs:

CISCO-PRIVATE-VLAN-MIB

CISCO-CATOS-ACL-QOS-MIB

CISCO-QOS-POLICY-MIB

CISCO-STACK-MIB enhancement

CISCO-STP-EXTENSIONS-MIB enhancement

CISCO-VTP-MIB enhancement

New Features for Supervisor Engine Software Release 6.1

This section describes the new hardware and software features available in software release 6.1.

Hardware Features

The following hardware features are new to software release 6.1:

Power entry module (WS-X4095-PEM)

External power shelf (WS-P4603)

External power supply (WS-X4608)

48-port inline power 10/100BASE-TX switching module (WS-X4148-RJ45V)

Software Features

The following software features are new to software release 6.1:

Ability to limit console and Telnet login attempts

You can specify how many console and Telnet login attempts to allow and the duration of the lockout after the switch has denied a login attempt.

Secure Shell encryption

The Secure Shell encryption feature provides security for Telnet sessions to the switch. Secure Shell encryption supports the DES and 3DES encryption methods and can be used in conjunction with RADIUS and TACACS+ authentication.

Spanning tree root guard

The root guard feature forces a port to become a designated port, so that no switch on the other end of the link can become a root switch.

write tech-support command

The write tech-support command allows you to generate a report with status information about your switch that you can upload to a TFTP server and send to Cisco TAC.

IOS-like ping

The -s argument in the Cisco IOS-like ping command allows you to configure the number of packets to ping, the packet size, and the wait time before timing out a response. The wait time can be set as low as 0, which would produce a continuous ping.

Reduced MAC address usage

The MAC address reduction feature is used to enable extended-range VLAN identification. When MAC address reduction is enabled on Catalyst 4000 series switches, it disables the pool of MAC addresses that are used for the VLAN spanning tree, leaving a single MAC address that identifies the switch.

Configuration file text search

At the --more-- prompt during a show command, enter a forward slash character ("/") followed by a text string to search for text.

Globally disable EtherChannel

To disable all EtherChannels on the switch, you can enter the set port channel all mode off command. To disable all trunks on the switch, enter the set trunk all off command.

Enhanced support for scripting

The switch assumes a positive ("yes") answer to all the confirmation prompts when configured from a configuration file.

SNMP group access context

When defining the access rights of an SNMP group, you can specify a context string and the method to match the context string.

System warnings—error counters

When the count differs from the previous poll, selected debug port counters are polled at a fixed interval and warnings are generated.

Open and Resolved Caveats in Software Release 6.4(21)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(21):

Open Caveats in Software Release 6.4(21)

Resolved Caveats in Software Release 6.4(21)

Open Caveats in Software Release 6.4(21)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


There are no open caveats in software release 6.4(21).

Resolved Caveats in Software Release 6.4(21)

This section describes the resolved caveats in software release 6.4(21):

A Catalyst 4000 switch with a Supervisor Engine II (WS-X4013) running software release 6.4(14) or higher reports connectivity problems, incrementing Interconnect VPD misses in the output of the show health 1 command, and some devices not communicating with an end device.

Workaround: Install a lesser version of the software. This problem is resolved in software release 6.4(21). (CSCsc25783)

Servers connnected to a Catalyst 4500 switch may randomly disconnect and do not recover until the port is flapped.

Workaround: Flap the port to solve the issue. Also, you can enter the clear cam dynamic command and set the span session for the port using the set span create command. This problem is resolved in software release 6.4(21). (CSCsc76297)

Open and Resolved Caveats in Software Release 6.4(20)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(20):

Open Caveats in Software Release 6.4(21)

Resolved Caveats in Software Release 6.4(21)

Open Caveats in Software Release 6.4(20)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


There are no open caveats in software release 6.4(20).

Resolved Caveats in Software Release 6.4(20)

This section describes the resolved caveats in software release 6.4(20):

After entering the set ip unreachable disable command, "destination unreachable" replies continue to be output from the switch. This problem is resolved in software release 6.4(20). (CSCsb56969)

Open and Resolved Caveats in Software Release 6.4(19)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(19):

Open Caveats in Software Release 6.4(19)

Resolved Caveats in Software Release 6.4(19)

Open Caveats in Software Release 6.4(19)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


There are no open caveats in software release 6.4(19).

Resolved Caveats in Software Release 6.4(19)

There are no resolved caveats in software release 6.4(19).

Open and Resolved Caveats in Software Release 6.4(18)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(18):

Open Caveats in Software Release 6.4(18)

Resolved Caveats in Software Release 6.4(18)

Open Caveats in Software Release 6.4(18)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


There are no open caveats in software release 6.4(18).

Resolved Caveats in Software Release 6.4(18)

This section describes the resolved caveats in software release 6.4(18):

Netstat TCP displays negative values. This problem is resolved in software release 6.4(18). (CSCei21068)

A Catalyst 4912G switch running software release 7.6(8) may leak memory (memory is used and never freed again) over an unknown period of time. As a result, the switch will eventually display the following message in the log after entering the show logging buffer 1023 command after which the switch will no longer respond to the console/telnet or switch any traffic:

2005 Feb 03 11:59:15 est -05:00 %SYS-3-SYS_MEMLOW:MCluster usage exceeded 90%

Debugging has determined that if you enter the show cam dynamic command and enter "N" when prompted (in order to not display additional entries) the result is that one mbuf (memory buffer) is lost each time.

Work Around: Do not execute the show cam dynamic command as frequently. To recover the leaked memory you will have to reboot the switch. This problem is resolved in software release 6.4(18). (CSCei14510 )

Open and Resolved Caveats in Software Release 6.4(17)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(17):

Open Caveats in Software Release 6.4(17)

Resolved Caveats in Software Release 6.4(17)

Open Caveats in Software Release 6.4(17)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


There are no open caveats in software release 6.4(17).

Resolved Caveats in Software Release 6.4(17)

This section describes the resolved caveats in software release 6.4(17):

IEEE BPDU packets may be sent from a dot1q trunk port even if the native VLAN is cleared from that trunk.

Workaround: Add the native VLAN using the set trunk {mod/port} {vlanid} command. Once the native VLAN is added you should clear it using the clear trunk {mod/port} {vlanid} command. This problem is resolved in software release 6.4(17). (CSCeh28209)

Open and Resolved Caveats in Software Release 6.4(16)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(16):

Open Caveats in Software Release 6.4(16)

Resolved Caveats in Software Release 6.4(16)

Open Caveats in Software Release 6.4(16)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.4(16).

A Catalyst 4000 switch running software release 6.4(15) with CGMP enabled may experience a bus error and crash within one to five days.

Workaround: There is no workaround. (CSCeh55142)

Resolved Caveats in Software Release 6.4(16)

This section describes the resolved caveats in software release 6.4(16):

If you upgrade your switch from any software release 6.x or earlier releases to software release 8.x and later releases with the boot mode set to "text" and spanning tree set to "PVST+," the spanning-tree mode changes to "Rapid PVST+."

Workaround: Change the boot mode to "binary" before performing the upgrade. This problem is resolved in software release 6.4(16). (CSCin75737)

The telnet lockout feature will display the lockout expiration time for telnet attempts that have failed authentication. This occurs when you configure the telnet lockout feature using the set authentication login lockout 30 command.

Workaround: There is no workaround. This problem is resolved in software release6.4(16). (CSCeh18221)

A Catalyst 4000 switch with a Supervisor Engine II (WS-X4013) may experience high cpu on the "Packet Forwarding" process after you upgrade your software from software release 6.4(15), 7.6(11), or 8.4(5)GLX.

Workaround: There is no workaround. This problem is resolved in software release6.4(16). (CSCeh26223)

Open and Resolved Caveats in Software Release 6.4(15)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(15):

Open Caveats in Software Release 6.4(15)

Resolved Caveats in Software Release 6.4(15)

Open Caveats in Software Release 6.4(15)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.4(15).

If you upgrade your switch from any software release 6.x or earlier releases to software release 8.x and later releases with the boot mode set to "text" and spanning tree set to "PVST+," the spanning-tree mode changes to "Rapid PVST+."

Workaround: Change the boot mode to "binary" before performing the upgrade. (CSCin75737)

Resolved Caveats in Software Release 6.4(15)

This section describes the resolved caveats in software release 6.4(15):

A Catalyst 4000 switch with a Supervisor Engine 2, configured with switch acceleration, reloads unexpectedly when the whichgigaport 1/1 or whichgigaport 1/2 hidden command is executed. This problem is resolved in software release 6.4(15). (CSCeg49479)

In a two-port EtherChannel, when the second port is added to the EtherChannel, the first port leaves and then rejoins the EtherChannel (this leaving and rejoining occurs twice).

Workaround: The problem does not occur if the EtherChannel mode is set to "on." This problem is resolved in software release6.4(15). (CSCee76807)

Open and Resolved Caveats in Software Release 6.4(14)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(14):

Open Caveats in Software Release 6.4(14)

Resolved Caveats in Software Release 6.4(14)

Open Caveats in Software Release 6.4(14)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


There are no open caveats in software release 6.4(14).

Resolved Caveats in Software Release 6.4(14)

This section describes the resolved caveats in software release 6.4(14):

In rare conditions Dot1x authenitication may cause a switch to reset. This problem is resolved in software release 6.4(14). (CSCeg36465)

A switch can crash with the following error:

Exception 2: Tlb exception (load or fetch)" at epc =>gcc2_compiled.(+ 0) after decoded 
the crashdump.

This problem is resolved in software release 6.4(14). (CSCef65161)

The switch does not respond properly when the logout timer is set to 3 (set logout 3) if you are accessing the switch through a Telnet session and the screen is either holding the display at the "More" prompt, the "Enter Password" prompt, or the "Username" prompt. The logout timer is ignored during these conditions, allowing the connection to remain open beyond the configured logout timer setting. This problem is resolved in software release 6.4(14). (CSCef15158)

Permanent CAM entries are removed after resetting the switch. Permanent CAM entries should be retained in the NVRAM until entering the clear cam or clear config command.

Workaround: Use binary configuration mode. This problem is resolved in software release 6.4(14). (CSCee80738)

Open and Resolved Caveats in Software Release 6.4(13)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(13):

Open Caveats in Software Release 6.4(13)

Resolved Caveats in Software Release 6.4(13)

Open Caveats in Software Release 6.4(13)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


There are no open caveats in software release 6.4(13).

Resolved Caveats in Software Release 6.4(13)

This section describes the resolved caveats in software release 6.4(13):

When using the scheduled reset feature, associated process (scheduleReset), might report several dynamic memory allocations in the show memuse command output, while the show proc mem command would not report any memory allocated or freed. This problem is resolved in software release 6.4(13). (CSCef50204)

Ports may end up with a MAC address assigned to the wrong VLAN if you use dynamic VLANs and you move PCs into different VLANs behind your IP phones without the linkdown.

Workaround: Disable and then re-enable the port. This problem is resolved in software release 6.4(13). (CSCef50493)

If you enable more than 170 ports to use 802.1X port authentication on a Catalyst 4006 switch running software release 6.x you will receive the following errors:

%SYS-3-P2_ERROR: 1/No port DA access table memory to add entry for addr 
01:80:c2:00:00:03

followed by a packet dump similar to:

%SYS-3-P2_ERROR: 1/64 bytes: 01 80 c2 00 00 03 00 02 a5 bd b1 2c 88 8e 01 01 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 

The second message is a packet dump.

Dest mac - 01 80 c2 00 00 03 
Source Mac - 00 02 a5 bd b1 2c 

This problem is resolved in software release 6.4(13). (CSCef41535)

There is a vulnerability in the Transmission Control Protocol (TCP) specification (RFC793). All Cisco products that contain TCP stack are susceptible to this vulnerability. This advisory is available at these URLs:

http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml

This URL describes this vulnerability as it applies to Cisco products that run Cisco IOS software.

http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml

This URL describes this vulnerability for products that do not run Cisco IOS software.

This problem is resolved in software release 6.4(13). (CSCed32349)

Doing a minimal entry (entering only the first part of a commands syntax), such as set errdisable, set option, and show cdp port mod/port, on the following commands results in either a missing key word or no error message. This problem is resolved in software release 6.4(13). (CSCed92864)

If the system banner size is over approximately 3072 characters, the switch might crash when you enter the show banner command through a Telnet session. This problem is resolved in software release 6.4(13). (CSCef44617)

Your switch might crash if two SSH clients try to connect to the switch at the same time.This problem is resolved in software release 6.4(13). (CSCef60473)

If a port is moved from one VLAN to another VLAN, the permanent CAM entry on another port might get deleted.

Workaround: Move the port to a different VLAN, and then reconfigure the permanent CAM entry. This problem is resolved in software release 6.4(13). (CSCef66696)

Open and Resolved Caveats in Software Release 6.4(12)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(12):

Open Caveats in Software Release 6.4(12)

Resolved Caveats in Software Release 6.4(12)

Open Caveats in Software Release 6.4(12)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


There are no open caveats in software release 6.4(12).

Resolved Caveats in Software Release 6.4(12)

This section describes the resolved caveats in software release 6.4(12):

After executing many show commands over and over for 6~9 hours, via a telnet session, the system tries to access an off-limits address, and reloads. This problem is resolved in software release 6.4(12). (CSCee45047)

A switch running software release 8.3(1)GLX may fail because of an SRAM failure with the following epc values in the crashdump:

epc 0x00000000100fdee4
epc 0x00000000100fd590

Workaround: Disable the SRAM online diagnostics using the set test switch-memory disable command. This problem is resolved in software release 6.4(12). (CSCee88146)

When using dynamic VLANs, if the MAC address is in a different VLAN that operates behind the IP phones, the IP phone might end up with a MAC address assigned to the wrong VLAN.

Workaround: Disable and reenable the port. This problem is resolved in software release 6.4(12). (CSCee59071)

A Catalyst 4500 series switch may reboot abnormally with the following exception code:

Cause : Exception 2: Tlb exception (load or fetch)

This problem is resolved in software release 6.4(12). (CSCef08126)

With a Supervisor Engine 2, when ports are added to an EtherChannel one port at a time, the calculated value of a path cost may be incorrect. In some cases, the path cost value displayed with the show spantree mistp-instance command is correct, but the path cost value displayed with the show spantree statistics command may be incorrect. Miscalculated path cost values result in ports going into the blocked state and create spanning tree topology discrepancies. This problem with the MISTP path cost feature appears in all software releases up to and including release 6.4(10). This problem is resolved in software release 6.4(12). (CSCee82347)

The value of dot1dStpPortDesignatedPort is not correct when queried from SNMP. This problem is resolved in software release 6.4(12). (CSCee94422)

The dot3StatsFrameTooLongs counter should not increment when the port is configured as a trunk port.

Workaround: There is no workaround. This problem is resolved in software release 6.4(12). (CSCee94947)

A UNIX script might get stuck at the Telnet prompt.

Workaround: Press Enter at the point where the script gets stuck to start the script again. This problem is resolved in software release 6.4(12). (CSCeb69513)

With UplinkFast enabled, invalid dummy multicast packets might be sent out from the switch, resulting in communication failure.

Workaround: Clear the ARP cache. This problem is resolved in software release 6.4(12). (CSCee22626)

The switch might drop all EtherChannels configured to desirable mode for approximately 10 minutes, and depending on the topology, connectivity may be affected for the entire period of the outage.

Workaround: Configure EtherChannels to "ON" mode using the set port channel mod/port mode on command. This problem is resolved in software release 6.4(12). (CSCef02710)

Open and Resolved Caveats in Software Release 6.4(11)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(11):

Open Caveats in Software Release 6.4(11)

Resolved Caveats in Software Release 6.4(11)

Open Caveats in Software Release 6.4(11)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


There are no open caveats in software release 6.4(11).

Resolved Caveats in Software Release 6.4(11)

This section describes the resolved caveats in software release 6.4(11):

Spanning tree does not block ports when you use a Balun cable with your switch. If you loop a port with a Balun cable or loopback adapter, spanning tree blocks the port initially. However, if a topology change occurs, the port is set to a forwarding state. This problem is resolved in software release 6.4(11). (CSCed84323)

If you repeatedly power cycle the switch, the power status displays "fan failed" even if it has not failed. This problem is resolved in software release 6.4(11). (CSCee10783)

The Catalyst 4500 series Supervisor Engine II (WS-X4013=) may stop responding when you are using Catalyst software release 8.3(1)GLX. This problem is resolved in software release 6.4(11). (CSCee33665)

In a redundant system, after a reset or switchover, you might not be able to view the error log on the standby supervisor engine. Entering the show log command results in an error message. This problem is seen only when Network Time Protocol (NTP) is configured.

Workaround: Reset the switch or perform a supervisor engine failover. This problem is resolved in software release 6.4(11). (CSCee54278)

Doing a minimal entry (entering only the first part of a command's syntax) on the set errdisable, set option, and show cdp port mod/port commands, results in either a missing key word or no error message. This problem is resolved in software release 6.4(11). (CSCed92864)

Inserting a single-port OC-12 ATM module in a switch where all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. To put the ATM module into service, enter the reset slot_number command. This problem is resolved in software release 6.4(11). (CSCds12349)

With a Supervisor Engine 1 or 1A, the switch might reload with the following log message:

ProcessStatusPing:Module 1 local SCP error detected... resetting module 

Workaround: Remove the faulty module. This problem is resolved in software release 6.4(11). (CSCea38268)

An SNMP query for cvbStpForwardingMap might return an invalid port state. This problem is not resolved by a power cycle, module reset, disabling and enabling the port, or swapping modules. This problem is resolved in software release 6.4(11). (CSCee58481)

The MSFC might not be able to ping the sc0 interface on VLAN 1. This is a reoccurrence of the problem seen in CSCeb02380. This problem is resolved in software release 6.4(11). (CSCee66310)

Open and Resolved Caveats in Software Release 6.4(10)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(10):

Open Caveats in Software Release 6.4(10)

Resolved Caveats in Software Release 6.4(10)

Open Caveats in Software Release 6.4(10)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


There are no open caveats in software release 6.4(10).

Resolved Caveats in Software Release 6.4(10)

This section describes the resolved caveats in software release 6.4(10):

When you use Secure Shell (SSH) to connect to a Catalyst switch, the switch may reset.

Workaround: There is no workaround. This problem is resolved in software release 6.4(10). (CSCed84727)

On a switch that is running a crypto (k9) image, the SNMP_THREAD process will have a memory loss if the sshPublicKeySize value is non-zero. This problem is resolved in software release 6.4(10). (CSCed95950)

If you configure a switch to enable Telnet logging, and then enter the clear vlan command on over 500 VLANs, many console logs are sent to you causing your Telnet session to disconnect. This problem is resolved in software release 6.4(10). (CSCec19091)

Open and Resolved Caveats in Software Release 6.4(9)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(9):

Open Caveats in Software Release 6.4(9)

Resolved Caveats in Software Release 6.4(9)

Open Caveats in Software Release 6.4(9)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


There are no open caveats in software release 6.4(9).

Resolved Caveats in Software Release 6.4(9)

This section describes the resolved caveats in software release 6.4(9):

A Catalyst 5500 switch with a WS-X5410 module, a Catalyst 4003 switch with a Supervisor Engine I, or a Catalyst 4006 or 4503 switch with Supervisor Engine II does not send dummy multicast packets when UplinkFast operates after you enter the no shutdown command from the original root port. This condition results in lost communication because the switch does not clear the older MAC table on the root port.This problem is resolved in software release 6.4(9). (CSCec79652)

After performing a software upgrade, the switch might experience an exception and reset. If this problem occurs, the show log command displays the following error message:

Error Msg:mfree 2:m=0x8c994080 PID = 0 Kernel an 

This problem is resolved in software release 6.4(9). (CSCed48590)

Open and Resolved Caveats in Software Release 6.4(8)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(8):

Open Caveats in Software Release 6.4(8)

Resolved Caveats in Software Release 6.4(8)

Open Caveats in Software Release 6.4(8)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


There are no open caveats in software release 6.4(8).

Resolved Caveats in Software Release 6.4(8)

This section describes the resolved caveats in software release 6.4(8):

In rare cases, when you enable CGMP, the Catalyst 4500 series Supervisor Engine I or Supervisor Engine II may reload intermittently. There is no workaround. This problem is resolved in software release 6.4(8). (CSCec72380)

Starting in software release 6.4(8), you may see this warning message on your console:

2003 Dec 01 17:55:01 PST -07:00 %SYS-4-P2_WARN:1/Traffic from permanent host 
00:04:c1:82:5f:ff but seen on incorrect port 1/2

In most cases, this message is caused by ARP requests from the switch being flooded back to itself by a neighbor. Since the source MAC address is the system MAC address, a console message is logged and the packet is dropped.This problem is resolved in software release 6.4(8). (CSCed13361)

The MAC address does not clear from the static CAM when you enter the clear cam static command; the MAC address may be learned by both the static and dynamic CAMs.

Workaround: Enter the clear cam command to delete the user-configured static MAC addresses from the static CAM. If the switch reaches a condition that the same MAC address is learned on dynamic and static CAM, enter the clear port security and clear cam dynamic commands to clear the MAC address from the dynamic CAM and reach a "consistent" state. This problem is resolved in software release 6.4(8). (CSCin61896)

When you use the clear cam mac_addr command to clear an auto-learned MAC address on a port-security enabled port from the static CAM, the port can be placed in an inconsistent state and may not allow the user to configure the same MAC address on another port. If the port continues to receive the MAC address, the MAC address appears in the dynamic CAM instead of the static CAM.

Workaround: Do not use the clear cam mac_addr command on a secure port. If a port is in an inconsistent state, use the clear port security mod/port command to clear the MAC address from the CAM. This problem is resolved in software release 6.4(8). (CSCin60971)

When you use the clear cam permanent command to clear a permanent CAM filter entry, the filter entry is not removed from the hardware tables and traffic is dropped. This problem is resolved in software release 6.4(8). (CSCed11672)

Open and Resolved Caveats in Software Release 6.4(7)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(7):

Open Caveats in Software Release 6.4(7)

Resolved Caveats in Software Release 6.4(7)

Open Caveats in Software Release 6.4(7)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.4(7):

When you use the clear cam mac_addr command to clear an auto-learned MAC address on a port-security enabled port from the static CAM, the port can be placed in an inconsistent state and may not allow the user to configure the same MAC address on another port. If the port continues to receive the MAC address, the MAC address appears in the dynamic CAM instead of the static CAM.

Workaround: Do not use the clear cam mac_addr command on a secure port. If a port is in an inconsistent state, use the clear port security mod/port command to clear the MAC address from the CAM. (CSCin60971)

Resolved Caveats in Software Release 6.4(7)

This section describes the resolved caveats in software release 6.4(7):

The packet memory on a Catalyst 4000 supervisor engine might get corrupted. When the packet memory gets corrupted, the data packets are sent out with an invalid CRC and the data packets are discarded by the link partner. This problem has been resolved in software release 6.4(7). (CSCec78085)

Sending a unicast MAC address that is configured for a nonsecured port on a particular VLAN in the static/permanent CAM on a secured port in the same VLAN will shut down the secured port. There is no known workaround. This problem is resolved in software release 6.4(7). (CSCin57336)

Upgrading a Catalyst 4500 series switch to release 12.1(13)EW can cause a problem with the WS-X4148-RJ45V Power over Ethernet (PoE) module.

Workaround: Turn off autonegotiation using the set port speed command. This problem is resolved in software release 6.4(7). (CSCec67534)

If you initiate a session on a supervisor engine to a WS-X4232-L3 module, the session may not work after running for an unknown period of time. This occurs because of a wrong adjacency in the Catalyst operating system side of the ARP table for the WS-X4232-L3 inband MAC address.

Workaround: Telnet to a Gigabit Ethernet 3 or Gigabit Ethernet 4 (or a subinterface IP address) and reset the WS-X4232-L3 module to temporarily recover the problem. After you have recovered the session, you need to move the sc0 interface into a different VLAN to avoid this problem in the future. This problem is resolved in software release 6.4(7). (CSCdx30617)

After upgrading a Catalyst 4500 series switch from software release 6.3(3) to software release 7.6(1), you cannot configure logging-level COPS. This problem is resolved in software release 6.4(7). (CSCec37831)

On a Catalyst 2948G switch, you may lose the SPAN configuration after changing from binary to text config mode.

Workaround: Reenter SPAN configurations. This problem is resolved in software release 6.4(7). (CSCec17704)

If you have port-security and restrict mode enabled on your Catalyst 4500 series switch, the same MAC address that is received by more than one secure port (MAC movement) does not shut down the ports. Instead, MAC movement clears the secured MAC from the static CAM.

Workaround: Configure the port to shut down the port when it detects MAC movement in shutdown violation mode. This problem is resolved in software release 6.4(7). (CSCin55891)

If you configure a port with a static MAC address and then enable port security, the traffic that is sent with SA set to the configured MAC address may shut down the port. The switch might issue an error message indicating that there is no space in the forwarding engine table.

Workaround: Configure the MAC address while enabling port security using the set port security command. This problem is resolved in software release 6.4(7). (CSCin56144)

When you have VMPS configured, a rare memory leak may occur. To slow down the rate of leaking, you can change the VMPS reconfirm timer to the maximum.

Workaround: Change all dynamic membership ports to static ports, and then change them to dynamic membership ports. This problem is resolved in software release 6.4(7). (CSCec29748)

A Catalyst 4000 series switch may forward 1Q-BPDUs (PVST+ BPDUs) when spanning tree is disabled. This problem may cause downstream ports to incorrectly block the port and cause traffic loss.

Workaround: Enable spanning tree by using the set spantree enable command. This problem is resolved in software release 6.4(7). (CSCeb43406)

In a Catalyst 6500 series switch or Cisco 7600 series router with a supervisor engine and the MSFC, the MAC address table is not updated even when it receives dummy multicast frames sent out by UplinkFast on a Catalyst 4000 series or a Catalyst 4500 series switch. Communication is lost in approximately 15 seconds. This problem occurs when the original root port comes up after a switchover. There is no workaround. This problem is resolved in software release 6.4(7). (CSCeb58149)

If a port with port security enabled receives a filtered CAM entry on a VLAN, the port may shut down.

Workaround: There is no workaround. This problem is resolved in software release 6.4(7). (CSCin51183)

Open and Resolved Caveats in Software Release 6.4(6)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(6):

Open Caveats in Software Release 6.4(6)

Resolved Caveats in Software Release 6.4(6)

Open Caveats in Software Release 6.4(6)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.4(6).

If you have port-security and restrict mode enabled on your Catalyst 4500 series switch, the same MAC address that is received by more than one secure port (MAC movement) does not shut down the ports. Instead, MAC movement clears the secured MAC from the static CAM.

3 Configure the port to shut down the port when it detects MAC movement in shutdown violation mode. (CSCin55891)

If you configure a port with a static MAC address and then enable port security, the traffic that is sent with SA set to a configured MAC address may shut down the port. The switch might issue an error message indicating that there is no space in forwarding engine table.

Workaround: Configure MAC address while enabling port security using the set port security command. (CSCin56144)

A Catalyst 4000 switch may forward 1Q-BPDUs (PVST+ BPDUs) when spanning tree is disabled. This problem may cause downstream ports to incorrectly block the port and cause traffic loss.

Workaround: Enable spanning tree by using the set spantree enable command. (CSCeb43406)

In a Catalyst 6500 series switch or Cisco 7600 series router with a supervisor engine and the MSFC, the MAC address table is not updated even when it receives dummy multicast frames sent out by the feature of UplinkFast on a Catalyst 4000 series or a Catalyst 4500 series switch. Communication is lost in approximately 15 seconds. This problem occurs when the original root port comes up after switchover. There is no workaround. (CSCeb58149)

When you have VMPS configured, a rare memory leak may occur. To slow down the rate of leaking, you can change the VMPS reconfirm timer to the maximum.

Workaround: Change all dynamic membership ports to static ports, and then change them to dynamic membership ports. (CSCec29748)

If a port with port security enabled receives a filtered CAM entry on a VLAN, the port may shut down.

Workaround: There is no workaround. (CSCin51183)

Resolved Caveats in Software Release 6.4(6)

This section describes the resolved caveats in software release 6.4(6):

If you have port-security and restrict mode enabled on your Catalyst 4500 series switch, the same MAC address that is received by more than one secure port (MAC movement) does not shut down the ports. Instead, MAC movement clears the secured MAC from the static CAM.

Workaround: Configure the port to shut down the port when it detects MAC movement in shutdown violation mode. This problem is resolved in software release 6.4(6). (CSCin55891)

There is a memory leak in the DVLAN_RECONF process when you run a heavy CPU load. This problem is resolved in software release 6.4(6). (CSCeb85102)

If the switch receives packets with the system address set to the sc0 MAC address, the port may shut down and the sc0 interface may become inaccessible.

Workaround: Reset the switch. This problem is resolved in software release 6.4(6). (CSCeb84608)

Open and Resolved Caveats in Software Release 6.4(5)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(5):

Open Caveats in Software Release 6.4(5)

Resolved Caveats in Software Release 6.4(5)

Open Caveats in Software Release 6.4(5)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


There are no open caveats in Catalyst 4000 series software release 6.4(5).

Resolved Caveats in Software Release 6.4(5)

This section describes the resolved caveats in software release 6.4(5):

If you pull out an RIT patch cable connecting a workstation to the Type1A Balun fast enough, then the port immediately changes from the forwarding state to loopback, and the switch fails to see a link down. The outbound packets are looped back while the port transitions to the blocking state. Network problems may occur if you enable port security on the port as the switch secures the looped MAC addresses and restricts traffic from the original unsecured port. This situation occurs on images in software release 7.4 and later releases and might also affect software release6.4(x). This problem is resolved in software release 6.4(5). (CSCeb12104)

A Catalyst 4000 series supervisor engine running software release 6.4(3) or earlier does not link to a port on a WS-X4424-GB-RJ45 module if the port is hard-coded for speed and duplex.

Workaround: Disable and enable the port to activate the link. This problem is resolved in software release 6.4(5).(CSCeb43586)

The lower level ground start (gs) code contains two tables: port security and CAM. When the ageout timer expired, the autolearned MAC was cleaned from the security table but not from the CAM table. This situation results in a security violation.

Workaround: Delete the MAC address from the gs CAM table and the security table during ageout. This problem is resolved in software release 6.4(5). (CSCeb27176)

When you configure VMPS and an auxiliary VLAN on a Catalyst 4003 switch, VMPS does not populate the auxiliary VLAN for the port. The voice VLAN works as expected.

Workaround: Remove the auxiliary VLAN, initiate a packet from the VMPS client, and then reconfigure the auxiliary VLAN. This problem is resolved in software release 6.4(5). (CSCeb38513)

A Catalyst 4000 series switch fails to return the complete Fully Qualified Domain Name (FQDN) and returns only a host name when polled for the following:

sysName

.1.3.6.1.2.1.1.5

This situation does not comply with the definition of the sysName that is stated in RFC1907. This problem can break NMS applications that expect the switch to respond back with the correct sysName.

Workaround: Specify the complete FQDN on the switch so that the sysName returns the complete FQDN. An example follows:

On the switch, enter the following commands:

nms-4006> (enable) set system name nms-4006a.sys.etc
System name set.
nms-4006a> (enable) exit                             
Connection closed by foreign host.

On the NMS, enter the following commands:

nms-server2> snmpwalk -c public nms-4006a sysName           
SNMPv2-MIB::sysName.0 = STRING: nms-4006a.sys.etc

This problem is resolved in software release 6.4(5). (CSCeb37492)

Open and Resolved Caveats in Software Release 6.4(4)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(4):

Open Caveats in Software Release 6.4(4)

Resolved Caveats in Software Release 6.4(4)

Open Caveats in Software Release 6.4(4)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.4(4):

When you configure port security with autolearned MAC addresses on secured ports, a bridge leave/join event may delete learned the MAC addresses on the secured port. This security violation is only discovered when the ports are not disconnected and reconnected. (CSCeb06816)

If an RIT patch cable connecting a workstation to the Type1A Balun is pulled out fast enough, then the port immediately changes from the forwarding state to loopback, and switch fails to see a link down. Outbound packets are looped back while the port transitions to blocking state. Network problems may occur if port security is enabled on the port as the switch secures the looped MAC addresses and restricts traffic from the original unsecured port. This effect of the port security is seen only on images after 7-4-x train or higher and might also affect the 6.4(x) train. (CSCeb12104)

Resolved Caveats in Software Release 6.4(4)

This section describes the resolved caveats in software release 6.4(4):

Dynamic VLANs are not always updated on the switch when the incoming SA changes.

Workaround: There is no workaround. This problem is resolved in software release 6.4(4). (CSCea50001)

When port security is enabled and the MAC address is learned, a port is disabled if the port sees all zeros as a MAC address and there is no Last-Src-Addr.

Workaround: Reenable the port. This problem is resolved in software release 6.4(4). (CSCea89001)

Entering the ping -s ip_address command (where ip_address is an unreachable address) does not display a ping: Dest Unreachable response from <default_gateway> message. This issue is seen only in software release 5.5(3) and later releases, and in software releases 6.x and7.x. This problem is resolved in software release 6.4(4). (CSCdx03359)

After you reboot a Catalyst 4000 series switch with an upgraded image and enable VMPS, ports that are configured for dynamic VLAN assignment may not have connectivity.

Workaround: Physically disconnect and reconnect the cable to the port. This problem is resolved in software release 6.4(4). (CSCea08895)

CAM flooding occurs because the CAM entry and PATH are removed from the CAM aging interval even when the PATH is idle for only 49 seconds.

Workaround: Reinstall the CAM entry and PATH. This problem is resolved in software release 6.4(4). (CSCdz42689)

If a switch has a lot of CPU traffic, some of the management packets to communicate with hardware may be delayed and cause the software to time out. The Even Simpler Management Protocol (ESMP) timeout period has been increased. This problem is resolved in software release 6.4(4). (CSCea73908)

A frame that is destined to a MAC address that has aged out of the CAM table may not be unicast flooded correctly.

Workaround 1: Set the MAC address as a static CAM entry.

Workaround 2: Remove the EtherChannel.

Workaround 3: Move the workstation to a different VLAN.

This problem is resolved in software release 6.4(4). (CSCdz66547)

The CISCO-STACK-MIB trap sends an invalid systemGrp. There is no workaround. This problem is resolved in software release 6.4(4). (CSCeb04226)

There is a memory leak that increases the memory held by the console in 16 byte increments. This memory leak presents itself in one of two ways:

When you configure a community or isolated VLAN to a primary VLAN using the SNMP CLI.

Free memory reduces constantly and the memory held by the SptTimer and DTP_Rx process.

You can use the show proc mem command to view the memory held by processes and verify if you have a memory leak.

Workaround: There is no workaround. (CSCea91118)

When you reduce the maximum count of secured MAC addresses for the port security, the switch firsts deletes configured secured MAC addresses (if any) and then deletes the auto-learned secured MAC addresses.

Workaround: Manually reconfigure MAC addresses. This problem is resolved in software release 6.4(4). (CSCin41058)

Open and Resolved Caveats in Software Release 6.4(3)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(3):

Open Caveats in Software Release 6.4(3)

Resolved Caveats in Software Release 6.4(3)

Open Caveats in Software Release 6.4(3)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.4(3):

After you reboot a Catalyst 4000 series switch with an upgraded image and enable VMPS, ports that are configured for dynamic VLAN assignment may not have connectivity.

Workaround: Physically disconnect and reconnect the cable to the port. (CSCea08895)

CAM flooding occurs because the CAM entry and PATH are removed from the CAM aging interval even when the PATH is idle for only 49 seconds.

Workaround: Reinstall the CAM entry and PATH. (CSCdz42689)

A frame destined to a MAC address that has aged out of the CAM table may not be unicast flooded correctly.

Workaround 1: Set the MAC address as a static CAM entry.

Workaround 2: Remove EtherChannel.

Workaround 3: Move the workstation to a different VLAN. (CSCdz66547)

Resolved Caveats in Software Release 6.4(3)

This section describes the resolved caveats in software release 6.4(3):

Moving a host from a secured port to an unsecured port causes a security violation. This problem is resolved in software release 6.4(3). (CSCea07450)

Supervisor Engine II may show the status of a Catalyst 4000 gateway running 12.2(16.4)T2 as faulty. This problem is resolved in software release 6.4(3). (CSCin37385)

The multicast entry for a trunk port in a nondefault VLAN disappears when you configure permanent CAM entries on the trunk port for any VLAN other than the default VLAN and reboot the system.

Workaround: Clear the permanent CAM and reconfigure the CAM entries. This problem is resolved in software release 6.4(3). (CSCea31013)

Some ports on a 10/100BASET-RJ45 module may fail diagnostics if the link partner for a port starts sending traffic as soon as the link is up. This problem can happen during diagnostics when all the ports are put in loopback mode and are enabled for some tests. If the switch enables a port before it goes into loopback mode, external traffic can block the CPU queue and cause the port to fail to get into loopback mode within the diagnostics timeout period. Diagnostics will fail on these ports. This problem is resolved in software release 6.4(3). (CSCea48977)

After the software writes a value into the softReset register to reset the switch, the CPU still runs for several cycles before the reset reaches CPU. The result is that the switch appears to lose console connectivity, ping capability, and all connectivity after reset.

Workaround: Power cycle the switch. This problem is resolved in software release 6.4(3). (CSCdz22239)

A port with port security enabled is not included in the static CAM table when an MC receiver is on the port. When the host sends an IGMP join report to the MC router, the MC router sends a CGMP join to the switch but the switch does not add the host to the static CAM table.

If there are no other hosts, the switch will flood the MC traffic and all hosts will receive the traffic. However, if just one host with port security disabled joins the group, only that host will show up in the static CAM table and all other hosts will stop receiving the MC traffic.

Workaround: Disable either port security or CGMP on the switch. This problem is resolved in software release 6.4(3). (CSCdz89564)

If a port shuts down due to security violation, the following behavior may occur:

If an age timer is not set, learned MAC addresses become configured addresses.

If an age timer is set, learned MAC addresses are cleared.

This problem is resolved in software release 7.5(1). (CSCin25101)

Open and Resolved Caveats in Software Release 6.4(2)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(2):

Open Caveats in Software Release 6.4(2)

Resolved Caveats in Software Release 6.4(2)

Open Caveats in Software Release 6.4(2)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.4(2):

CAM flooding occurs because the CAM entry and PATH are removed from the CAM aging interval even when the PATH is idle for only 49 seconds.

Workaround: Reinstall the CAM entry and PATH. (CSCdz42689)

A frame destined to a MAC address that has aged out of the CAM table may not be unicast flooded correctly.

Workaround 1: Set the MAC address as a static CAM entry.

Workaround 2: Remove EtherChannel.

Workaround 3: Move the workstation to a different VLAN. (CSCdz66547)

Resolved Caveats in Software Release 6.4(2)

This section describes the resolved caveats in software release 6.4(2):

The switch may crash in the CmpOID function, when a connected ATM module runs out of memory. (CSCdz50307)

If you are using RADIUS authentication to log into your switch from the integrated CiscoView utility, CiscoView may send the RADIUS the user ID $enabl5$ instead of the user ID you entered. This problem is resolved in software release 6.4(2). (CSCdz18313)

In software release 6.3, if you have a supervisor engine in slot 1 or slot 2, the show counters command will not work for ports 17 through 22 (for example, show counters 1/17). This problem is resolved in software release 6.4(2). (CSCdz48414)

Open and Resolved Caveats in Software Release 6.4(1)

The following sections describe the open and resolved caveats in supervisor engine software release 6.4(1):

Open Caveats in Software Release 6.4(1)

Resolved Caveats in Software Release 6.4(1)

Open Caveats in Software Release 6.4(1)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.4(1):

When you upgrade to software release 6.3(8), the dot1x feature is enabled by default and will start processing RADIUS packets immediately. The switch will silently discard the RADIUS packets, but will consume CPU time; the following messages may be seen on the console:

Console> (enable) dot1x_rad: received invalid len packet 0
Console> (enable) dot1x_rad: received invalid len packet 0
Console> (enable) dot1x_rad: received invalid len packet 0

This problem could cause high CPU usage with the process called Backend_Rx.

Workaround: Disable dot1x on the system using the set dot1x system-auth-control disable command. (CSCdy83013)

A Catalyst 4000 series switch with Secure Shell (SSH) support may crash when an SSH client attempts to connect to the switch. (CSCdy81584)

CAM flooding occurs because the CAM entry and PATH are removed from the CAM aging interval even when the PATH is idle for only 49 seconds.

Workaround: Reinstall the CAM entry and PATH. (CSCdz42689)

Resolved Caveats in Software Release 6.4(1)

This section describes the resolved caveats in software release 6.4(1):

A Catalyst 4000 series switch with a Supervisor Engine I (WSX-4012) running software release 6.3(8) occasionally returns an invalid value for cpmCPUTotal5sec and cpmCPUTotal1min. This problem is resolved in software release 6.4(1). (CSCdz42365)

Power supply 3 failures are not reported when you use the show log command on a Catalyst 4006 switch.

Workaround: Install a syslog server that displays power supply unit failures. This problem is resolved in software release 6.4(1). (CSCdz45426)

When the supervisor engine fails POST, the software functions partially and only a few select tasks run. When this failure occurs, the system does not update the power supply information and entering the show system and show test commands do not display the power supply status information. This problem is resolved in software release 6.4(1). (CSCdz71607)

When PortFast and BPDU guard are enabled on a port, you should not connect the port to a switch. However, if the port is connected to a switch that does not run spanning tree, and there are BPDUs going through a loop on that switch, BPDU storms will occur, leaving the CPU too busy to perform a shutdown until the loop is removed.

Workaround: Never introduce a loop to a switch that is not running spanning tree. Do not connect a port to a switch if Portfast and BPDU guard are enabled. This problem is resolved in software release 6.4(1). (CSCdz03594)

Open and Resolved Caveats in Software Release 6.3(10)

The following sections describe the open and resolved caveats in supervisor engine software release 6.3(10) and nonembedded CiscoView:

Open Caveats in Software Release 6.3(10)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(10)

Open Caveats in Software Release 6.3(10)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.3(10):

A Catalyst 4000 series switch with a Supervisor Engine II (WS-X4013) running software release 6.3(8) might unexpectedly reload with no information in the logfile. This problem is currently under investigation and appears to be related to memory allocation.There is no workaround. (CSCdz16804)

Open Caveats in Nonembedded CiscoView

This section describes the open caveats in nonembedded CiscoView:

If CiscoView fails to launch on a Solaris/Netscape Communicator client, or if an access control error occurs, clear the browser cache or ensure that the plug-in and Java Runtime Environment (JRE) versions match. To change the JRE version to match the plug-in version, open the Java plug-in control panel under <JAVA_PLUGIN_INSTALL_DIRECTORY>/j2pi/ControlPanel (the standard Java plug-in installation directory is /opt/NSCPcom/). Click the Advanced tab and select Use Java Plug-in Default as the JRE. (CSCdu32540)

If you create a primary VLAN, bind a secondary VLAN to the primary VLAN, unbind the secondary VLAN from the primary VLAN, and then delete the primary VLAN, the following error message is displayed:

Primary is bounded ...

Workaround: Close and reopen the VLAN and Bridge dialog box, and then delete the primary VLAN. (CSCdt65530)

If you create a primary VLAN and a secondary VLAN, select the Modify VLAN option for the secondary VLAN to bind it to the primary VLAN, and then delete the primary VLAN. After you delete the primary VLAN, the following error message is displayed:

Set failed due to snmpRspGenErr for vtpVlanEditRowStatus.1.199

Workaround: Close and reopen the VLAN and Bridge dialog box. (CSCdt65530)

Resolved Caveats in Software Release 6.3(10)

This section describes the resolved caveats in software release 6.3(10):

If a switch is in VTP client mode and the trunk port connecting to the VTP server is no longer a trunk port, ping failure or traffic disruption might occur. This problem applies to software release 6.3(9) and prior releases. This problem is resolved in software release 6.3(10). (CSCdy13083)

Under rare circumstances, a Catalyst 4000 series switch will crash after receiving a corrupted VTP packet with an invalid vlan_id. The switch will recover automatically. This problem is resolved in software release 6.3(10). (CSCdy60111)

Open and Resolved Caveats in Software Release 6.3(9)

The following sections describe the open and resolved caveats in supervisor engine software release 6.3(9) and nonembedded CiscoView:

Open Caveats in Software Release 6.3(9)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(9)

Open Caveats in Software Release 6.3(9)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.3(9):

A Catalyst 4000 series switch with a Supervisor Engine II (WS-X4013) running software release 6.3(8) might unexpectedly reload with no information in the logfile. This issue is currently under investigation and appears to be related to memory allocation.There is no workaround. (CSCdz16804)

Open Caveats in Nonembedded CiscoView

This section describes the open caveats in nonembedded CiscoView:

If CiscoView fails to launch on a Solaris/Netscape Communicator client, or if an access control error occurs, clear the browser cache or ensure that the plug-in and Java Runtime Environment (JRE) versions match. To change the JRE version to match the plug-in version, open the Java plug-in control panel under <JAVA_PLUGIN_INSTALL_DIRECTORY>/j2pi/ControlPanel (the standard Java plug-in installation directory is /opt/NSCPcom/). Click the Advanced tab and select Use Java Plug-in Default as the JRE. (CSCdu32540)

If you create a primary VLAN, bind a secondary VLAN to the primary VLAN, unbind the secondary VLAN from the primary VLAN, and then delete the primary VLAN, the following error message is displayed:

Primary is bounded ...

Workaround: Close and reopen the VLAN and Bridge dialog box, and then delete the primary VLAN. (CSCdt65530)

If you create a primary VLAN and a secondary VLAN, select the Modify VLAN option for the secondary VLAN to bind it to the primary VLAN, and then delete the primary VLAN. After you delete the primary VLAN, the following error message is displayed:

Set failed due to snmpRspGenErr for vtpVlanEditRowStatus.1.199

Workaround: Close and reopen the VLAN and Bridge dialog box. (CSCdt65530)

Resolved Caveats in Software Release 6.3(9)

This section describes the resolved caveats in software release 6.3(9):

If a static MAC address is installed using the port security feature, a flood-path can be installed instead of a unicast path. The port security feature automatically installs a static MAC address if there is a secure address configured on the port. This problem is resolved in software release 6.3(9). (CSCdy14154)

A Catalyst 4000 series switch might crash within 10 to 20 minutes of booting when you upgrade the switch to releases 6.3(6), 6.3(7) and 6.3(8). No known workaround at this point. This problem can be resolved by downgrading to 6.3(5) or upgrading to 6.3(9). This problem is resolved in software release 6.3(9). (CSCdy37636)

A destination SPAN port configured to capture trunk ports cannot capture dot1Q tagged packets after a reboot. This problem is resolved in software release 6.3(9). (CSCdy22282)

The port security shutdown timer might not work as expected and not reenable the shutdown ports on all line cards on a Catalyst 4006 switch fully populated with WS-X4148 cards. This problem is resolved in software release 6.3(9). (CSCdy01966)

Open and Resolved Caveats in Software Release 6.3(8)

The following sections describe the open and resolved caveats in supervisor engine software release 6.3(8) and nonembedded CiscoView:

Open Caveats in Software Release 6.3(8)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(8)

Open Caveats in Software Release 6.3(8)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.3(8):

A Catalyst 4000 series switch with a Supervisor Engine II (WS-X4013) running software release 6.3(8) might unexpectedly reload with no information in the logfile. This problem is currently under investigation and appears to be related to memory allocation.There is no workaround. (CSCdz16804)

If a static MAC address is installed using the port security feature, a flood-path can be installed instead of a unicast path. Port security automatically installs a static MAC address if there is a secure address configured on the port. (CSCdy14154)

A destination SPAN port configured to capture trunk ports can not capture dot1Q tagged packets after a reboot. (CSCdy22282)

A Catalyst 4000 series switch may crash within 10 to 20 minutes of boot up when you upgrade the switch to releases 6.3(6), 6.3(7) and 6.3(8). There is no known workaround. This problem can be resolved by downgrading to 6.3(5) or upgrading to 6.3(9). (CSCdy37636)

The port security shutdown timer might not work as expected and not reenable the shutdown ports on all line cards on a Catalyst 4006 switch fully populated with WS-X4148 cards. (CSCdy01966)

Open Caveats in Nonembedded CiscoView

This section describes the open caveats in nonembedded CiscoView:

If CiscoView fails to launch on a Solaris/Netscape Communicator client, or if an access control error occurs, clear the browser cache or ensure that the plug-in and Java Runtime Environment (JRE) versions match. To change the JRE version to match the plug-in version, open the Java plug-in control panel under <JAVA_PLUGIN_INSTALL_DIRECTORY>/j2pi/ControlPanel (the standard Java plug-in installation directory is /opt/NSCPcom/). Click the Advanced tab and select Use Java Plug-in Default as the JRE. (CSCdu32540)

If you create a primary VLAN and a secondary VLAN, select the Modify VLAN option for the secondary VLAN to bind it to the primary VLAN, and then delete the primary VLAN. After you delete the primary VLAN, the following error message is displayed:

Set failed due to snmpRspGenErr for vtpVlanEditRowStatus.1.199

Workaround: Close and reopen the VLAN and Bridge dialog box. (CSCdt65530)

If you create a primary VLAN, bind a secondary VLAN to the primary VLAN, unbind the secondary VLAN from the primary VLAN, and then delete the primary VLAN, the following error message is displayed:

Primary is bounded ...

Workaround: Close and reopen the VLAN and Bridge dialog box, and then delete the primary VLAN. (CSCdt65530)

Resolved Caveats in Software Release 6.3(8)

This section describes the resolved caveats in software release 6.3(8):

If you have RADIUS authentication configured and you Telnet to the switch, the switch will reboot if the username is not valid even though the RADIUS server is available. This problem was observed using a Merit RADIUS Server made by Interlink Networks. This problem does not occur with a Cisco Secure RADIUS Server.

Workaround: Use a Cisco Secure RADIUS Server. This problem is resolved in software release 6.3(8) (CSCdx01532 and CSCdx93700)

When STP tries to send an SCP message to set CBL for a channel port, it queries the PAgP to get the corresponding physical ports. In rare cases, the NMP gets a port that is removed from STP (also nontrunking) and sends an SCP message for that port, resulting in native VLAN inconsistencies.

Workaround: There is no workaround. This problem is resolved in software release 6.3(8). (CSCdw12370)

When a reachable host and an unreachable host are configured as syslog servers on a Catalyst 2948G switch without a default gateway, only the first syslog message is sent to the syslog server. After you clear the unreachable host, any unsent messages are sent to the reachable host all at once.

Workaround: Clear the unreachable host from the configuration. This problem is resolved in software release 6.3(8) (CSCdx52404)

Open and Resolved Caveats in Software Release 6.3(7)

The following sections describe the open and resolved caveats in supervisor engine software release 6.3(7) and nonembedded CiscoView:

Open Caveats in Software Release 6.3(7)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(7)

Open Caveats in Software Release 6.3(7)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.3(7):

If you have RADIUS authentication configured and you Telnet to the switch, the switch will reboot if the username is not valid even though the RADIUS server is available. This problem was observed using a Merit RADIUS Server, made by Interlink Networks. This problem does not occur with a Cisco Secure RADIUS Server.

Workaround: Use a Cisco Secure RADIUS Server. (CSCdx01532)

When a reachable host and an unreachable host are configured as syslog servers on a Catalyst 2948G switch without a default-gateway, only the first syslog messages is sent to the syslog server. After clearing the unreachable host, any unsent messages are sent to the reachable host all at once.

Workaround: Clear the unreachable host from the configuration. (CSCdx52404)

Ports on a Catalyst 2980G-A switch might stop receiving packets when the switch is connected to ports with high electrostatic discharge applied to them. This can happen in environments where cables build a charge up to a high voltage. This condition is very rare and is temporary; it will not damage the hardware. The Rx good packet count will not increase, but some error counters might increase when packets are sent to the port. You cannot fix the problem by changing the port speed and duplex settings, or by unplugging and replugging the cables.

Workaround: Reset the switch. (CSCdw37422)

Open Caveats in Nonembedded CiscoView

This section describes the open caveats in nonembedded CiscoView:

If CiscoView fails to launch on a Solaris/Netscape Communicator client, or if an access control error occurs, clear the browser cache or ensure that the plug-in and Java Runtime Environment (JRE) versions match. To change the JRE version to match the plug-in version, open the Java plug-in control panel under <JAVA_PLUGIN_INSTALL_DIRECTORY>/j2pi/ControlPanel (the standard Java plug-in installation directory is /opt/NSCPcom/). Click the Advanced tab and select Use Java Plug-in Default as the JRE. (CSCdu32540)

If you create a primary VLAN, bind a secondary VLAN to the primary VLAN, unbind the secondary VLAN from the primary VLAN, and then delete the primary VLAN, the following error message is displayed:

Primary is bounded ...

Workaround: Close and reopen the VLAN and Bridge dialog box, and then delete the primary VLAN. (CSCdt65530)

If you create a primary VLAN and a secondary VLAN, select the Modify VLAN option for the secondary VLAN to bind it to the primary VLAN, and then delete the primary VLAN. After you delete the primary VLAN, the following error message is displayed:

Set failed due to snmpRspGenErr for vtpVlanEditRowStatus.1.199

Workaround: Close and reopen the VLAN and Bridge dialog box. (CSCdt65530)

Resolved Caveats in Software Release 6.3(7)

This section describes the resolved caveats in software release 6.3(7):

A Catalyst 4006 switch running a Secure Shell image (k9) may crash if switch acceleration is enabled and you reset the switch.

Workaround: Disable switch acceleration when resetting the switch and enable switch acceleration once the switch has rebooted. This problem is resolved in software release 6.3(7). (CSCdw73412)

With SNMP, the switch returns "RESOURCE_UNAVAILABLE_ERROR" when you modify the vlanTrunkPortTable. This problem exists only in software release 6.3(6). This problem is resolved in software release 6.3(7). (CSCdx23585)

The total number of all received error packets (as represented in the CLI by the show mac command and the command's InLost counter) is not available through SNMP because the dot3StatsInternalMacRxErrs MIB is incorrect. This problem is resolved in software release 6.3(7). (CSCdw86025)

You might receive the following faulty warning message:

%SYS-2-PS_INSUFFICIENT:Insufficient power supplies operating, this system requires 2 
and only has 1.

Workaround: Ignore the warning; the switch needs only one power supply to operate. This problem is resolved in software release 6.3(7). (CSCdx22239)

When you make a Telnet connection to a switch configured with authentication, authorization, and accounting (AAA) through Shiva Access Manager, the switch sets the TACACS privilege level to 15. Authentication fails if users have a privilege level lower than 15.

Workaround: Configure Shiva Access Manager users with privilege level 15. This problem is resolved in software release 6.3(7). (CSCdx08395)

In certain configurations, the switch might drop IGMP reports before passing the reports to the router. If multicast functionality is based on CGMP, it will be affected.

Workaround: Manually add a multicast static entry pointing to the CGMP router on the switch that is dropping IGMP reports. This problem is resolved in software release 6.3(7). (CSCdw60550)

Open and Resolved Caveats in Software Release 6.3(6)

The following sections describe the open and resolved caveats in supervisor engine software release 6.3(6) and nonembedded CiscoView:

Open Caveats in Software Release 6.3(6)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(6)

Open Caveats in Software Release 6.3(6)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.3(6):

When you connect an SMC 8432BT NIC with the DEC 21041-AA chipset on a Compaq Desktop 6xxx series PC to a Catalyst 2980A-G switch at 10/HD, the Catalyst 2980A-G switch might experience Align/FCS/Rcv errors. (CSCdv79989)

An ARP request packet from a server connected to a Catalyst 4000 series switch with a GEC link might, on rare occasion, be dropped. Be aware that, the ARP request packet is not resolved, and the server will not be able to communicate with other servers and/or nodes. (CSCdv15018)

A Catalyst 2980G switch might continue sending PS_OK syslog messages even after the switch has booted. Normally, these messages appear only once after boot up. (CSCdw65276)

The global configuration can be lost when you power cycle the switch. (CSCdw01547)

In extremely rare circumstances, a Catalyst 4006 switch may lose management port, CDP and console connectivity, but all user traffic remains unaffected. There is no workaround. (CSCdx08608)

With SNMP, the switch returns "RESOURCE_UNAVAILABLE_ERROR" when modifying the vlanTrunkPortTable. This problem exists only in software release 6.3(6). (CSCdx23585)

If you have RADIUS authentication configured and you Telnet to the switch, the switch will reboot if the username is not valid even though the RADIUS server is available. This problem was observed using a Merit RADIUS Server, made by Interlink Networks. This problem does not occur with a Cisco Secure RADIUS Server.

Workaround: Use a Cisco Secure RADIUS Server. (CSCdx01532)

Ports on a Catalyst 2980G-A switch might stop receiving packets when the switch is connected to ports with high ESD applied to them. This can happen in environments where cables build a charge up to a high voltage. This condition is very rare and is temporary; it will not damage the hardware. The Rx good packet count will not increase, but some error counters might increase when packets are sent to the port. You cannot fix the problem by changing the port speed and duplex settings, or by unplugging and replugging the cables.

Workaround: Reset the switch. (CSCdw37422)

Open Caveats in Nonembedded CiscoView

This section describes the open caveats in nonembedded CiscoView:

If CiscoView fails to launch on a Solaris/Netscape Communicator client, or if an access control error occurs, clear the browser cache or ensure that the plug-in and Java Runtime Environment (JRE) versions match. To change the JRE version to match the plug-in version, open the Java plug-in control panel under <JAVA_PLUGIN_INSTALL_DIRECTORY>/j2pi/ControlPanel (the standard Java plug-in installation directory is /opt/NSCPcom/). Click the Advanced tab and select Use Java Plug-in Default as the JRE. (CSCdu32540)

If you create a primary VLAN, bind a secondary VLAN to the primary VLAN, unbind the secondary VLAN from the primary VLAN, and then delete the primary VLAN, the following error message is displayed:

Primary is bounded ...

Workaround: Close and reopen the VLAN and Bridge dialog box, and then delete the primary VLAN. (CSCdt65530)

If you create a primary VLAN and a secondary VLAN, select the Modify VLAN option for the secondary VLAN to bind it to the primary VLAN and then delete the primary VLAN. After you delete the primary VLAN, the following error message is displayed:

Set failed due to snmpRspGenErr for vtpVlanEditRowStatus.1.199

Workaround: Close and reopen the VLAN and Bridge dialog box. (CSCdt65530)

Resolved Caveats in Software Release 6.3(6)

This section describes the resolved caveats in software release 6.3(6):

When you try to delete snmpVacmAccessEntry, the system might respond with an "Entry not found" message. This problem is resolved in software release 6.3(6). (CSCdw36075)

If you configure UplinkFast on a port and remove the module before disabling the port, the recovery time will be longer than expected for UplinkFast. This problem is resolved in software release 6.3(6). (CSCdt41259)

When the end station is moved from one port on a hub to a different port on a second hub, and both the hubs are connected to a Catalyst 4006 switch configured as a VMPS client, the end station cannot be assigned to a VLAN. This problem is resolved in software release 6.3(6). (CSCdw23807)

vlanPortIslOperStatus returns an incorrect trunking status. This problem is resolved in software release 6.3(6). (CSCdw24363)

Enabling CGMP can cause problems with Hot Standby Routing Protocol (HSRP). This problem is resolved in software release 6.3(6). (CSCdw31553)

A router in HSRP standby status is changed to active status. When status is restored, the router does not go back to standby status from active status. This problem is resolved in software release 6.3(6). (CSCdw32957)

The switch might crash if VTP is configured in client or server mode and connected to a Catalyst 4000 family switch with a Supervisor Engine III. This problem is resolved in software release 6.3(6). (CSCdw41158)

On a Catalyst 2948G or Catalyst 2980G switch, port negotiation or flowcontrol commands are not saved in the configuration file. You can view this when you use the show config all command. The functionality of the switch is not affected, but if you reload the switch with a tftp configuration file, the port negotiation and port flowcontrol configuration settings will be lost. However, the configuration remains intact in the NVRAM, and an ordinary reboot will not affect the configuration. This problem is not apparent on Catalyst 4000 series switches. This problem is resolved in software release 6.3(6). (CSCdw44268)

You do not need to reload the switch to clear a faulty status for a supervisor engine. If the supervisor engine still shows up as faulty, there is another problem in the system, possibly a bad fan or a temperature alarm. This problem is resolved in software release 6.3(6). (CSCdw62053)

Two or more Catalyst 4003 switches configured for Remote SPAN (RSPAN) may experience a packet storm when one switch has active source and destination RSPAN ports and the other has active source RSPAN ports. This problem is resolved in software release 6.3(6). (CSCdx10678)

An IP phone connected to a dynamic VLAN port might not be able to register with Cisco Call Manager. This problem is resolved in software release 6.3(6). (CSCdw71503)

Creating a VLAN through SNMP might force the VTP mode to client. This problem does not occur if the VLAN is configured through the CLI. This problem is resolved in software release 6.3(6). (CSCdw92651)

If you are running HSRP and enabled CGMP leave, McastRx use might show at 25% CPU usage because CGMP leave and HSRP hello packets share the same destination MAC address. This problem is resolved in software release 6.3(6). (CSCdw47356)

Open and Resolved Caveats in Software Release 6.3(5)

The following sections describe the open and resolved caveats in supervisor engine software release 6.3(5) and nonembedded CiscoView:

Open Caveats in Software Release 6.3(5)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(5)

Open Caveats in Software Release 6.3(5)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.3(5):

When you connect an SMC 8432BT NIC with the DEC 21041-AA chipset on a Compaq Desktop 6xxx series PC to a Catalyst 2980A-G switch at 10/HD, the Catalyst 2980A-G switch might experience Align/FCS/Rcv errors. (CSCdv79989)

An ARP request packet from a server connected to a Catalyst 4000 series switch with a GEC link might, on rare occasion, be dropped. Be aware that, the ARP request packet is not resolved, and the server will not be able to communicate with other servers and/or nodes. (CSCdv15018)

The global configuration can be lost when you power cycle the switch. (CSCdw01547)

If you have RADIUS authentication configured and you Telnet to the switch, the switch will reboot if the username is not valid even though the RADIUS server is available. This problem was observed using a Merit RADIUS Server, made by Interlink Networks. This problem does not occur with a Cisco Secure RADIUS Server.

Workaround: Use a Cisco Secure RADIUS Server. (CSCdx01532)

If you configure UplinkFast on a port and remove the module before disabling the port, the recovery time will be longer than expected for UplinkFast.

Workaround: Disable an UplinkFast port before removing the module. (CSCdt41259)

When the end station is moved from one port on a hub to a different port on a second hub, and both the hubs are connected to a Catalyst 4006 switch configured as a VMPS client, the end station cannot be assigned to a VLAN.

Workaround: 1. Disconnect the hub from the switch. Reconnect the hub to the switch. The MAC address of the host registers on the new port.

2. If you cannot remove and reconnect the hub, connect the denied host to a port with static VLAN. (CSCdw23807)

Open Caveats in Nonembedded CiscoView

This section describes the open caveats in nonembedded CiscoView:

If CiscoView fails to launch on a Solaris/Netscape Communicator client, or if an access control error occurs, clear the browser cache or ensure that the plug-in and Java Runtime Environment (JRE) versions match. To change the JRE version to match the plug-in version, open the Java plug-in control panel under <JAVA_PLUGIN_INSTALL_DIRECTORY>/j2pi/ControlPanel (the standard Java plug-in installation directory is /opt/NSCPcom/). Click the Advanced tab and select Use Java Plug-in Default as the JRE. (CSCdu32540)

If you create a primary VLAN, bind a secondary VLAN to the primary VLAN, unbind the secondary VLAN from the primary VLAN, and then delete the primary VLAN, the following error message is displayed:

Primary is bounded ...

Workaround: Close and reopen the VLAN and Bridge dialog box, and then delete the primary VLAN. (CSCdt65530)

If you create a primary VLAN and a secondary VLAN, select the Modify VLAN option for the secondary VLAN to bind it to the primary VLAN and then delete the primary VLAN. After you delete the primary VLAN, the following error message is displayed:

Set failed due to snmpRspGenErr for vtpVlanEditRowStatus.1.199

Workaround: Close and reopen the VLAN and Bridge dialog box. (CSCdt65530)

Resolved Caveats in Software Release 6.3(5)

This section describes the resolved caveats in software release 6.3(5):

It is possible that UplinkFast can cause high CPU utilization on a Catalyst 4000 series switch running MST or MISTP. If this occurs, the CPU utilization of the ufastMcast process remains high until you reboot the switch. This problem is resolved in software release 6.3(5). (CSCdu61791)

An error can occur with management protocol processing. Use the following URL for further information:

http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdw67458

This problem is resolved in software release 6.3(5). (CSCdw67458)

Open and Resolved Caveats in Software Release 6.3(4a)

The following sections describe the open and resolved caveats in supervisor engine software release 6.3(4a) and nonembedded CiscoView:

Open Caveats in Software Release 6.3(4a)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(4a)

Open Caveats in Software Release 6.3(4a)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.3(4a):

When you connect an SMC 8432BT NIC with the DEC 21041-AA chipset on a Compaq Desktop 6xxx series PC to a Catalyst 2980A-G switch at 10/HD, the Catalyst 2980A-G switch may experience Align/FCS/Rcv errors. (CSCdv79989)

If you configure UplinkFast on a port and remove the module before disabling the port, the recovery time will be longer than expected for UplinkFast.

Workaround: Disable an UplinkFast port before removing the module. (CSCdt41259)

When the end station is moved from one port on a hub to a different port on a second hub, and both the hubs are connected to a Catalyst 4006 switch configured as a VMPS client, the end station cannot be assigned to a VLAN. (CSCdw23807)

The global configuration may be lost when you power cycle the switch. (CSCdw01547)

An ARP request packet from a server connected to a Catalyst 4000 series switch with a GEC link may, on rare occasions, be dropped. However, the ARP request packet is not resolved, and the server will not be able to communicate with other server and/or nodes. (CSCdv15018)

Open Caveats in Nonembedded CiscoView

This section describes the open caveats in nonembedded CiscoView:

If CiscoView fails to launch on a Solaris/Netscape Communicator client, or if an access control error occurs, clear the browser cache or ensure that the plug-in and Java Runtime Environment (JRE) versions match. To change the JRE version to match the plug-in version, open the Java plug-in control panel under <JAVA_PLUGIN_INSTALL_DIRECTORY>/j2pi/ControlPanel (the standard Java plug-in installation directory is /opt/NSCPcom/). Click the Advanced tab and select Use Java Plug-in Default as the JRE. (CSCdu32540)

If you create a primary VLAN, bind a secondary VLAN to the primary VLAN, unbind the secondary VLAN from the primary VLAN, and then delete the primary VLAN, the following error message is displayed:

Primary is bounded ...

Workaround: Close and reopen the VLAN and Bridge dialog box, and then delete the primary VLAN. (CSCdt65530)

The WS-X4604-GWY daughter cards are not supported in software release 6.2(3). (CSCdr65718)

If you create a primary VLAN and a secondary VLAN, select the Modify VLAN option for the secondary VLAN to bind it to the primary VLAN and then delete the primary VLAN. After you delete the primary VLAN, the following error message is displayed:

Set failed due to snmpRspGenErr for vtpVlanEditRowStatus.1.199

Workaround: Close and reopen the VLAN and Bridge dialog box. (CSCdt65530)

Resolved Caveats in Software Release 6.3(4a)

This section describes the resolved caveats in software release 6.3(4a):

An error can occur with management protocol processing. Use the following URL for further information:

http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdw67458

This problem is resolved in software release 6.3(4a). (CSCdw67458)

Open and Resolved Caveats in Software Release 6.3(4)

The following sections describe the open and resolved caveats in supervisor engine software release 6.3(4) and nonembedded CiscoView:

Open Caveats in Software Release 6.3(4)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(4)

Open Caveats in Software Release 6.3(4)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.3(4):

The global configuration may be lost when you power cycle the switch. (CSCdw01547)

When you connect an SMC 8432BT NIC with the DEC 21041-AA chipset on a Compaq Desktop 6xxx series PC to a Catalyst 2980A-G switch at 10/HD, the Catalyst 2980A-G switch may experience Align/FCS/Rcv errors. (CSCdv79989)

If you configure UplinkFast on a port and remove the module before disabling the port, the recovery time will be longer than expected for UplinkFast.

Workaround: Disable an UplinkFast port before removing the module. (CSCdt41259)

When the end station is moved from one port on a hub to a different port on a second hub, and both the hubs are connected to a Catalyst 4006 switch configured as a VMPS client, the end station cannot be assigned to a VLAN. (CSCdw23807)

An ARP request packet from a server connected to a Catalyst 4000 series switch with a GEC link may, on rare occasions, be dropped. However, the ARP request packet is not resolved, and the server will not be able to communicate with other server and/or nodes. (CSCdv15018)

Open Caveats in Nonembedded CiscoView

This section describes the open caveats in nonembedded CiscoView:

The WS-X4604-GWY daughter cards are not supported in software release 6.2(3). (CSCdr65718)

If CiscoView fails to launch on a Solaris/Netscape Communicator client, or if an access control error occurs, clear the browser cache or ensure that the plug-in and Java Runtime Environment (JRE) versions match. To change the JRE version to match the plug-in version, open the Java plug-in control panel under <JAVA_PLUGIN_INSTALL_DIRECTORY>/j2pi/ControlPanel (the standard Java plug-in installation directory is /opt/NSCPcom/). Click the Advanced tab and select Use Java Plug-in Default as the JRE. (CSCdu32540)

If you create a primary VLAN, bind a secondary VLAN to the primary VLAN, unbind the secondary VLAN from the primary VLAN, and then delete the primary VLAN, the following error message is displayed:

Primary is bounded ...

Workaround: Close and reopen the VLAN and Bridge dialog box, and then delete the primary VLAN. (CSCdt65530)

If you create a primary VLAN and a secondary VLAN, select the Modify VLAN option for the secondary VLAN to bind it to the primary VLAN and then delete the primary VLAN. After you delete the primary VLAN, the following error message is displayed:

Set failed due to snmpRspGenErr for vtpVlanEditRowStatus.1.199

Workaround: Close and reopen the VLAN and Bridge dialog box. (CSCdt65530)

Resolved Caveats in Software Release 6.3(4)

This section describes the resolved caveats in software release 6.3(4):

When you configure the sc0 interface as a private VLAN, all switching functions are normal, but you may not be able to access the sc0 interface after several hours. This problem is resolved in software release 6.3(4). (CSCdv25263)

The internal power supply status for Catalyst 2980GA switch may display as ok even if the power supply is unplugged. This problem is resolved in software release 6.3(4). (CSCdv75692)

When you access the switch through an HTTP interface, the switch might reset with a TLB exception. This problem is resolved in software release 6.3(4). (CSCdw02887)

If you have IP permit configured on your switch and you upgrade your switch software from a version of 5.4.2 or earlier to any version later than 5.4.2, you will lose your IP permit entries. However, the main ip permit enable configuration remains, and the switch may not be accessible from Telnet; even so, the switch may still be accessible through other protocols, such as SNMP or ssh. This problem is resolved in software release 6.3(4). (CSCdv81793)

Creating an EtherChannel consisting of ports located on different modules may not work on Catalyst 4000 family switches. This problem is resolved in software release 6.3(4). (CSCdv39598)

Open and Resolved Caveats in Software Release 6.3(3a)

The following sections describe the open and resolved caveats in supervisor engine software release 6.3(3a) and nonembedded CiscoView:

Open Caveats in Software Release 6.3(3a)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(3a)

Open Caveats in Software Release 6.3(3a)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.3(3a):

If you configure UplinkFast on a port and remove the module before disabling the port, the recovery time will be longer than expected for UplinkFast.

Workaround: Disable an UplinkFast port before removing the module. (CSCdt41259)

Open Caveats in Nonembedded CiscoView

This section describes the open caveats in nonembedded CiscoView:

The WS-X4604-GWY daughter cards are not supported in software release 6.2(3). (CSCdr65718)

If CiscoView fails to launch on a Solaris/Netscape Communicator client, or if an access control error occurs, clear the browser cache or ensure that the plug-in and JRE versions match. To change the JRE version to match the plug-in version, open the Java plug-in control panel under <JAVA_PLUGIN_INSTALL_DIRECTORY>/j2pi/ControlPanel (the standard Java plug-in installation directory is /opt/NSCPcom/). Click the Advanced tab and select Use Java Plug-in Default as the JRE. (CSCdu32540)

If you create a primary VLAN, bind a secondary VLAN to the primary VLAN, unbind the secondary VLAN from the primary VLAN, and then delete the primary VLAN, the following error message is displayed:

Primary is bounded ...

Workaround: Close and reopen the VLAN and Bridge dialog box, and then delete the primary VLAN. (CSCdt65530)

If you create a primary VLAN and a secondary VLAN, select the Modify VLAN option for the secondary VLAN to bind it to the primary VLAN and then delete the primary VLAN. After you delete the primary VLAN, the following error message is displayed:

Set failed due to snmpRspGenErr for vtpVlanEditRowStatus.1.199

Workaround: Close and reopen the VLAN and Bridge dialog box. (CSCdt65530)

Resolved Caveats in Software Release 6.3(3a)

This section describes the resolved caveats in software release 6.3(3a):

An error can occur with management protocol processing.Use the following URL for further information:

http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdw67458

This problem is resolved in software release 6.3(3a). (CSCdw67458)

Open and Resolved Caveats in Software Release 6.3(3)

The following sections describe the open and resolved caveats in supervisor engine software release 6.3(3) and nonembedded CiscoView:

Open Caveats in Software Release 6.3(3)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(3)

Open Caveats in Software Release 6.3(3)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.3(3):

If you configure UplinkFast on a port and remove the module before disabling the port, the recovery time will be longer than expected for UplinkFast.

Workaround: Disable an UplinkFast port before removing the module. (CSCdt41259)

Open Caveats in Nonembedded CiscoView

This section describes the open caveats in nonembedded CiscoView:

If CiscoView fails to launch on a Solaris/Netscape Communicator client, or if an access control error occurs, clear the browser cache or ensure that the plug-in and JRE versions match. To change the JRE version to match the plug-in version, open the Java plug-in control panel under <JAVA_PLUGIN_INSTALL_DIRECTORY>/j2pi/ControlPanel (the standard Java plug-in installation directory is /opt/NSCPcom/). Click the Advanced tab and select Use Java Plug-in Default as the JRE. (CSCdu32540)

If you create a primary VLAN, bind a secondary VLAN to the primary VLAN, unbind the secondary VLAN from the primary VLAN, and then delete the primary VLAN, the following error message is displayed:

Primary is bounded ...

Workaround: Close and reopen the VLAN and Bridge dialog box, and then delete the primary VLAN. (CSCdt65530)

The WS-X4604-GWY daughter cards are not supported in software release 6.2(3). (CSCdr65718)

If you create a primary VLAN and a secondary VLAN, select the Modify VLAN option for the secondary VLAN to bind it to the primary VLAN and then delete the primary VLAN. After you delete the primary VLAN, the following error message is displayed:

Set failed due to snmpRspGenErr for vtpVlanEditRowStatus.1.199

Workaround: Close and reopen the VLAN and Bridge dialog box. (CSCdt65530)

Resolved Caveats in Software Release 6.3(3)

This section describes the resolved caveats in software release 6.3(3):

During boot up, a switch with a high level of EtherChannel activity might crash and display an "address on load error" message. This problem is resolved in software release 6.3(3). (CSCdv21311)

A Catalyst switch may be unreachable on the management VLAN and not appear in the show cdp neighbors command output; however, user traffic is normal. The switch will display the "Run out of system memory, screen scrolling disabled" message under these conditions. This problem is resolved in software release 6.3(3). (CSCdu25416)

A switch on which TACACS command accounting is enabled may crash or become unreachable if multiple Telnet sessions have been established (concurrently or nonconcurrently). The memory leak could lead to a system reset or the switch could become unreachable. The workaround is to disable TACACS command accounting. This problem is resolved in software release 6.3(3). (CSCdv38306)

A problem can occur when you Telnet into the switch and are prompted for a password. In software releases prior to 6.x, if you press the Enter key three times without entering a password, the Telnet connection closes and the prompt returns to the device where the Telnet session was initiated. In version 6.x, the prompt will continue to come back, regardless of how many times you press the Enter key. This problem is resolved in software release 6.3(3). (CSCdv21334)

Open and Resolved Caveats in Software Release 6.3(2a)

The following sections describe the open and resolved caveats in supervisor engine software release 6.3(2a) and nonembedded CiscoView:

Open Caveats in Software Release 6.3(2a)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(2a)

Open Caveats in Software Release 6.3(2a)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.3(2a):

If you configure UplinkFast on a port and remove the module before disabling the port, the recovery time will be longer than expected for UplinkFast.

Workaround: Disable an UplinkFast port before removing the module. (CSCdt41259)

Open Caveats in Nonembedded CiscoView

This section describes the open caveats in nonembedded CiscoView:

If CiscoView fails to launch on a Solaris/Netscape Communicator client, or if an access control error occurs, clear the browser cache or ensure that the plug-in and JRE versions match. To change the JRE version to match the plug-in version, open the Java plug-in control panel under <JAVA_PLUGIN_INSTALL_DIRECTORY>/j2pi/ControlPanel (the standard Java plug-in installation directory is /opt/NSCPcom/). Click the Advanced tab and select Use Java Plug-in Default as the JRE. (CSCdu32540)

The WS-X4604-GWY daughter cards are not supported in software release 6.2(3). (CSCdr65718)

If you create a primary VLAN, bind a secondary VLAN to the primary VLAN, unbind the secondary VLAN from the primary VLAN, and then delete the primary VLAN, the following error message is displayed:

Primary is bounded ...

Workaround: Close and reopen the VLAN and Bridge dialog box, and then delete the primary VLAN. (CSCdt65530)

If you create a primary VLAN and a secondary VLAN, select the Modify VLAN option for the secondary VLAN to bind it to the primary VLAN and then delete the primary VLAN. After you delete the primary VLAN, the following error message is displayed:

Set failed due to snmpRspGenErr for vtpVlanEditRowStatus.1.199

Workaround: Close and reopen the VLAN and Bridge dialog box. (CSCdt65530)

Resolved Caveats in Software Release 6.3(2a)

This section describes the resolved caveats in software release 6.3(2a):

An error can occur with management protocol processing. Use the following URL for further information:

http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdw67458

This problem is resolved in software release 6.3(2a). (CSCdw67458)

Open and Resolved Caveats in Software Release 6.3(2)

The following sections describe the open and resolved caveats in supervisor engine software release 6.3(2) and nonembedded CiscoView:

Open Caveats in Software Release 6.3(2)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(2)

Open Caveats in Software Release 6.3(2)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.3(2):

If you configure UplinkFast on a port and remove the module before disabling the port, the recovery time will be longer than expected for UplinkFast.

Workaround: Disable an UplinkFast port before removing the module. (CSCdt41259)

Open Caveats in Nonembedded CiscoView

This section describes the open caveats in nonembedded CiscoView:

The WS-X4604-GWY daughter cards are not supported in software release 6.2(3). (CSCdr65718)

If CiscoView fails to launch on a Solaris/Netscape Communicator client, or if an access control error occurs, clear the browser cache or ensure that the plug-in and JRE versions match. To change the JRE version to match the plug-in version, open the Java plug-in control panel under <JAVA_PLUGIN_INSTALL_DIRECTORY>/j2pi/ControlPanel (the standard Java plug-in installation directory is /opt/NSCPcom/). Click the Advanced tab and select Use Java Plug-in Default as the JRE. (CSCdu32540)

If you create a primary VLAN, bind a secondary VLAN to the primary VLAN, unbind the secondary VLAN from the primary VLAN, and then delete the primary VLAN, the following error message is displayed:

Primary is bounded ...

Workaround: Close and reopen the VLAN and Bridge dialog box, and then delete the primary VLAN. (CSCdt65530)

If you create a primary VLAN and a secondary VLAN, select the Modify VLAN option for the secondary VLAN to bind it to the primary VLAN and then delete the primary VLAN. After you delete the primary VLAN, the following error message is displayed:

Set failed due to snmpRspGenErr for vtpVlanEditRowStatus.1.199

Workaround: Close and reopen the VLAN and Bridge dialog box. (CSCdt65530)

Resolved Caveats in Software Release 6.3(2)

This section describes the resolved caveats in software release 6.3(2):

If the ROMMON loaded onto your switch is version 4.5(1) or earlier, you need to upgrade the ROMMON to version 5.4(1) in order to run software release 6.3(2) or later. See the "ROMMON Requirements" section for more information. (CSCdw10060)

Ports on the WS-X4148-RJ45V module may not display as active even though the partner port is active. The LED for the port remains off, as if the port is not connected. This problem has been resolved in software release 6.3(2). (CSCdv08675)

If you configure more than one default gateway, the default gateway might change from the primary to the secondary and back without an obvious valid reason. This problem is resolved in software release 6.3(2). (CSCdt73765)

The link on a Gigabit Ethernet port with a 1000BASE-SX GBIC might go up and down even when there is no cable attached. You can disable the port when it is not in use to prevent the link from going up and down. This problem has been resolved in software release 6.3(2). (CSCdm63410)

If a port is configured as an isolated or community port in a private VLAN, a port receiving BPDUs never enters to errdisable state. This problem has been resolved in software release 6.3(2). (CSCdu09474)

Under rare conditions, a Catalyst 4000 series switch running software release 6.1.x and higher might experience memory corruption and a system reset if you clear the existing SSH keys while generating a new key using the set crypto key rsa bit force command. This problem is resolved in software release 6.3(2). (CSCdv47234)

A port in PAgP nonsilent mode may behave as if in PAgP silent mode if the port has been connected to a nonsilent partner. Therefore, the port may be posted to spanning tree after reset and could cause channel disturbance. This problem is resolved in software release 6.3(2). (CSCdu85834)

You might not be able to include spaces in the community_string when using the following CLI command: set snmp community access_type community_string. This problem has been resolved in software release 6.3(2). (CSCdv08254)

The switch might generate traps with an invalid agent address. When you initialize the trap protocol data unit (PDU), an invalid agent address, 0.0.0.0, may fill in the data field agent_addr; however, the trap is still sent out. This problem is resolved in software release 6.3(2). (CSCdv21194)

Open and Resolved Caveats in Software Release 6.3(1a)

The following sections describe the open and resolved caveats in supervisor engine software release 6.3(1a) and nonembedded CiscoView:

Open Caveats in Software Release 6.3(1a)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(1a)

Open Caveats in Software Release 6.3(1a)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.3(1a):

If a port is configured as an isolated or community port in a private VLAN, a port receiving BPDUs never enters to errdisable state.

Workaround: Do not use the BPDU-guard feature with private VLAN ports. (CSCdu09474)

If you configure UplinkFast on a port and remove the module before disabling the port, then the recovery time will be longer than expected for UplinkFast.

Workaround: Disable an UplinkFast port before removing the module. (CSCdt41259)

Open Caveats in Nonembedded CiscoView

This section describes the open caveats in nonembedded CiscoView:

The WS-X4604-GWY daughter cards are not supported in software release 6.2(3). (CSCdr65718)

If CiscoView fails to launch on a Solaris/Netscape Communicator client, or if an access control error occurs, clear the browser cache or ensure that the plug-in and JRE versions match. To change the JRE version to match the plug-in version, open the Java plug-in control panel under <JAVA_PLUGIN_INSTALL_DIRECTORY>/j2pi/ControlPanel (the standard Java plug-in installation directory is /opt/NSCPcom/). Click the Advanced tab and select Use Java Plug-in Default as the JRE. (CSCdu32540)

If you create a primary VLAN, bind a secondary VLAN to the primary VLAN, unbind the secondary VLAN from the primary VLAN, and then delete the primary VLAN, the following error message is displayed:

Primary is bounded ...

Workaround: Close and reopen the VLAN and Bridge dialog box, and then delete the primary VLAN. (CSCdt65530)

If you create a primary VLAN and a secondary VLAN, select the Modify VLAN option for the secondary VLAN to bind it to the primary VLAN and then delete the primary VLAN. After you delete the primary VLAN, the following error message is displayed:

Set failed due to snmpRspGenErr for vtpVlanEditRowStatus.1.199

Workaround: Close and reopen the VLAN and Bridge dialog box. (CSCdt65530)

Resolved Caveats in Software Release 6.3(1a)

This section describes the resolved caveats in software release 6.3(1a):

An error can occur with management protocol processing. Use the following URL for further information:

http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdw67458

This problem is resolved in software release 6.3(1a). (CSCdw67458)

Open and Resolved Caveats in Software Release 6.3(1)

The following sections describe the open and resolved caveats in supervisor engine software release 6.3(1) and nonembedded CiscoView:

Open Caveats in Software Release 6.3(1)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.3(1)

Open Caveats in Software Release 6.3(1)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.3(1):

If a port is configured as an isolated or community port in a private VLAN, a port receiving BPDUs never enters to errdisable state.

Workaround: Do not use the BPDU-guard feature with private VLAN ports. (CSCdu09474)

If you configure UplinkFast on a port and remove the module before disabling the port, then the recovery time will be longer than expected for UplinkFast.

Workaround: Disable an UplinkFast port before removing the module. (CSCdt41259)

Open Caveats in Nonembedded CiscoView

This section describes the open caveats in nonembedded CiscoView:

The WS-X4604-GWY daughter cards are not supported in software release 6.2(3). (CSCdr65718)

If CiscoView fails to launch on a Solaris/Netscape Communicator client, or if an access control error occurs, clear the browser cache or ensure that the plug-in and JRE versions match. To change the JRE version to match the plug-in version, open the Java plug-in control panel under <JAVA_PLUGIN_INSTALL_DIRECTORY>/j2pi/ControlPanel (the standard Java plug-in installation directory is /opt/NSCPcom/). Click the Advanced tab and select Use Java Plug-in Default as the JRE. (CSCdu32540)

If you create a primary VLAN, bind a secondary VLAN to the primary VLAN, unbind the secondary VLAN from the primary VLAN, and then delete the primary VLAN, the following error message is displayed:

Primary is bounded ...

Workaround: Close and reopen the VLAN and Bridge dialog box, and then delete the primary VLAN. (CSCdt65530)

If you create a primary VLAN and a secondary VLAN, select the Modify VLAN option for the secondary VLAN to bind it to the primary VLAN and then delete the primary VLAN. After you delete the primary VLAN, the following error message is displayed:

Set failed due to snmpRspGenErr for vtpVlanEditRowStatus.1.199

Workaround: Close and reopen the VLAN and Bridge dialog box. (CSCdt65530)

Resolved Caveats in Software Release 6.3(1)

This section describes the resolved caveats in software release 6.3(1):

802.1x configuration allows incorrect command syntax.This problem is resolved in software release 6.3(1). (CSCdu27021)

When an RMON event and alarm are added to a Catalyst 4000 series switch, only the alarm will survive a reload. This problem is resolved in software release 6.2(3). (CSCdu26550)

A deleted VLAN may still appear as forwarding in the show trunk output when a switch has a large number of on-going Spanning Tree Protocol state changes. This problem is resolved in software release 6.3(1). (CSCdt84707)

Repeated SNMP accesses to the following OID will return empty for up to 15 seconds:

.iso.org.dod.internet.mgmt.mib2.dot1dBridge.dot1dTp.dot1dTpFdbTable.dot1dTpF

dbEntry (.1.3.6.1.2.1.17.4.3.1)

This problem is resolved in software release 6.3(1). (CSCdt36981)

You might not be able to enable logging for dynamic VLANs using the set logging level dvlan command:

Console> (enable) set logging level dvlan 7
 Invalid Facility
Console> (enable)

This problem is resolved in software release 6.3(1). (CSCdu19163)

When the spanning tree mode is set to MISTP or MISTP-PVST+, stpxSpanningTreePathCostMode can only be set to "long." However, in releases 6.1(x) and 6.2(1), when stpxSpanningTreePathCostMode is set to "short," there is no error; and when stpxSpanningTreePathCostMode is set to "long," there is a "commitFailed" error. This problem is resolved in software release 6.3(1). (CSCdu27119)

The console command show test 1 does not correctly display all of the POST results. Operation of the switch is not affected. There are no false positives when the supervisor engine is shown as faulty but POST passed. If the supervisor engine is shown as faulty, then you know that POST failed. This problem is resolved in software release 6.3(1). (CSCdu33978)

Previous software versions incorrectly allowed a port with dynamic VLAN membership to be configured as a private VLAN port. The switch software detects and prevents this misconfiguration in software release 6.3(1). This problem is resolved in software release 6.3(1).(CSCdu34013)

After you upgrade from a 6.1 to a 6.2 software release, ports on a WS-X4232-L3 blade may include extraneous VLANs in addition to the configured VLANs. Traffic on configured VLANs is not impacted. This problem is resolved in software release6.3(1). (CSCdu32058)

Open and Resolved Caveats in Software Release 6.2(3a)

The following sections describe the open and resolved caveats in supervisor engine software release 6.2(3a) and nonembedded CiscoView:

Open Caveats in Software Release 6.2(3a)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.2(3a)

Open Caveats in Software Release 6.2(3a)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.2(3a):

A deleted VLAN may still appear as forwarding in the show trunk output when a switch has a large number of on-going Spanning Tree Protocol state changes. This problem is resolved in software release 6.3(1). (CSCdt84707)

If a port is configured as an isolated or community port in a private VLAN, a port receiving BPDUs never enters to errdisable state.

Workaround: Do not use the BPDU-guard feature with private VLAN ports. (CSCdu09474)

If you configure UplinkFast on a port and remove the module before disabling the port, then the recovery time will be longer than expected for UplinkFast.

Workaround: Disable an UplinkFast port before removing the module. (CSCdt41259)

Open Caveats in Nonembedded CiscoView

This section describes the open caveats in nonembedded CiscoView:

If CiscoView fails to launch on a Solaris/Netscape Communicator client, or if an access control error occurs, clear the browser cache or ensure that the plug-in and JRE versions match. To change the JRE version to match the plug-in version, open the Java plug-in control panel under <JAVA_PLUGIN_INSTALL_DIRECTORY>/j2pi/ControlPanel (the standard Java plug-in installation directory is /opt/NSCPcom/). Click the Advanced tab and select Use Java Plug-in Default as the JRE. (CSCdu32540)

The WS-X4604-GWY daughter cards are not supported in software release 6.2(3). (CSCdr65718)

If you create a primary VLAN and a secondary VLAN, select the Modify VLAN option for the secondary VLAN to bind it to the primary VLAN and then delete the primary VLAN. After you delete the primary VLAN, the following error message is displayed:

Set failed due to snmpRspGenErr for vtpVlanEditRowStatus.1.199

Workaround: Close and reopen the VLAN and Bridge dialog box. (CSCdt65530)

If you create a primary VLAN, bind a secondary VLAN to the primary VLAN, unbind the secondary VLAN from the primary VLAN, and then delete the primary VLAN, the following error message is displayed:

Primary is bounded ...

Workaround: Close and reopen the VLAN and Bridge dialog box, and then delete the primary VLAN. (CSCdt65530)

Resolved Caveats in Software Release 6.2(3a)

This section describes the resolved caveats in software release 6.2(3a):

An error can occur with management protocol processing. Use the following URL for further information:

http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdw67458

This problem is resolved in software release 6.2(3a). (CSCdw67458)

Open and Resolved Caveats in Software Release 6.2(3)

The following sections describe the open and resolved caveats in supervisor engine software release 6.2(3) and nonembedded CiscoView:

Open Caveats in Software Release 6.2(3)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.2(3)

Open Caveats in Software Release 6.2(3)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.2(3):

A deleted VLAN may still appear as forwarding in the show trunk output when a switch has a large number of on-going Spanning Tree Protocol state changes. (CSCdt84707)

If a port is configured as an isolated or community port in a private VLAN, a port receiving BPDUs never enters to errdisable state.

Workaround: Do not use the BPDU-guard feature with private VLAN ports. (CSCdu09474)

If you configure UplinkFast on a port and remove the module before disabling the port, then the recovery time will be longer than expected for UplinkFast.

Workaround: Disable an UplinkFast port before removing the module. (CSCdt41259)

Open Caveats in Nonembedded CiscoView

This section describes the open caveats in nonembedded CiscoView:

If CiscoView fails to launch on a Solaris/Netscape Communicator client, or if an access control error occurs, clear the browser cache or ensure that the plug-in and JRE versions match. To change the JRE version to match the plug-in version, open the Java plug-in control panel under <JAVA_PLUGIN_INSTALL_DIRECTORY>/j2pi/ControlPanel (the standard Java plug-in installation directory is /opt/NSCPcom/). Click the Advanced tab and select Use Java Plug-in Default as the JRE. (CSCdu32540)

The WS-X4604-GWY daughter cards are not supported in software release 6.2(3). (CSCdr65718)

If you create a primary VLAN, bind a secondary VLAN to the primary VLAN, unbind the secondary VLAN from the primary VLAN, and then delete the primary VLAN, the following error message is displayed:

Primary is bounded ...

Workaround: Close and reopen the VLAN and Bridge dialog box, and then delete the primary VLAN. (CSCdt65530)

If you create a primary VLAN and a secondary VLAN, select the Modify VLAN option for the secondary VLAN to bind it to the primary VLAN and then delete the primary VLAN. After you delete the primary VLAN, the following error message is displayed:

Set failed due to snmpRspGenErr for vtpVlanEditRowStatus.1.199

Workaround: Close and reopen the VLAN and Bridge dialog box. (CSCdt65530)

Resolved Caveats in Software Release 6.2(3)

This section describes the resolved caveats in software release 6.2(3):

Under extremely rare conditions, a switch port may lose VLAN configuration. An affected trunk port transmits user traffic untagged. Connectivity to the rest of the network may be impacted if the affected port is an uplink. Spanning Tree Protocol, CDP, and other control traffic continues to operate normally. This problem is resolved in software release 6.2(3). (CSCdu48749)

Open and Resolved Caveats in Software Release 6.2(2a)

The following sections describe the open and resolved caveats in supervisor engine software release 6.2(2a) and nonembedded CiscoView:

Open Caveats in Software Release 6.2(2a)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.2(2a)

Open Caveats in Software Release 6.2(2a)

This section describes the open caveats in software release 6.2(2a):


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


If a port is configured as an isolated or community port in a private VLAN, a port receiving BPDUs never enters to errdisable state.

Workaround: Do not use the BPDU-guard feature with private VLAN ports. (CSCdu09474)

If you configure UplinkFast on a port and remove the module before disabling the port, then the recovery time will be longer than expected for UplinkFast.

Workaround: Disable an UplinkFast port before removing the module. (CSCdt41259)

Multicast and broadcast traffic on the WS-X4013 module can lose packets when hosts join or leave a multicast/broadcast group. (CSCdp38859)

The 1000BASE-T ports on the WS-X4412-2GB-T module may take up to two minutes to come online.

Workaround: Connect the port to another device and then reconnect to the desired device. As an alternative, you can reset the module. (CSCdp90760)

Open Caveats in Nonembedded CiscoView

This section describes the open caveats in nonembedded CiscoView:

The WS-X4604-GWY daughter cards are not supported in software release 6.2(3). (CSCdr65718)

If you create a primary VLAN, bind a secondary VLAN to the primary VLAN, unbind the secondary VLAN from the primary VLAN, and then delete the primary VLAN, the following error message is displayed:

Primary is bounded ...

Workaround: Close and reopen the VLAN and Bridge dialog box, and then delete the primary VLAN. (CSCdt65530)

If CiscoView fails to launch on a Solaris/Netscape Communicator client, or if an access control error occurs, clear the browser cache or ensure that the plug-in and JRE versions match. To change the JRE version to match the plug-in version, open the Java plug-in control panel under <JAVA_PLUGIN_INSTALL_DIRECTORY>/j2pi/ControlPanel (the standard Java plug-in installation directory is /opt/NSCPcom/). Click the Advanced tab and select Use Java Plug-in Default as the JRE. (CSCdu32540)

If you create a primary VLAN and a secondary VLAN, select the Modify VLAN option for the secondary VLAN to bind it to the primary VLAN and then delete the primary VLAN. After you delete the primary VLAN, the following error message is displayed:

Set failed due to snmpRspGenErr for vtpVlanEditRowStatus.1.199

Workaround: Close and reopen the VLAN and Bridge dialog box. (CSCdt65530)

Resolved Caveats in Software Release 6.2(2a)

This section describes the resolved caveats in software release 6.2(2a):

An error can occur with management protocol processing. Use the following URL for further information:

http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdw67458

This problem is resolved in software release 6.2(2a). (CSCdw67458)

Open and Resolved Caveats in Software Release 6.2(2)

The following sections describe the open and resolved caveats in supervisor engine software release 6.2(2) and nonembedded CiscoView:

Open Caveats in Software Release 6.2(2)

Open Caveats in Nonembedded CiscoView

Resolved Caveats in Software Release 6.2(2)

Resolved Caveats for Nonembedded CiscoView

Open Caveats in Software Release 6.2(2)

This section describes the open caveats in software release 6.2(2):


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


If a port is configured as an isolated or community port in a private VLAN, a port receiving BPDUs never enters to errdisable state.

Workaround: Do not use the BPDU-guard feature with private VLAN ports. (CSCdu09474)

If you configure UplinkFast on a port and remove the module before disabling the port, then the recovery time will be longer than expected for UplinkFast.

Workaround: Disable an UplinkFast port before removing the module. (CSCdt41259)

Multicast and broadcast traffic on the WS-X4013 module can lose packets when hosts join or leave a multicast/broadcast group. (CSCdp38859)

The 1000BASE-T ports on the WS-X4412-2GB-T module may take up to two minutes to come online.

Workaround: Connect the port to another device and then reconnect to the desired device. As an alternative, you can reset the module. (CSCdp90760)

Open Caveats in Nonembedded CiscoView

This section describes the open caveats in nonembedded CiscoView:

The WS-X4604-GWY daughter cards are not supported in software release 6.2(3). (CSCdr65718)

If you create a primary VLAN, bind a secondary VLAN to the primary VLAN, unbind the secondary VLAN from the primary VLAN, and then delete the primary VLAN, the following error message is displayed:

Primary is bounded ...

Workaround: Close and reopen the VLAN and Bridge dialog box, and then delete the primary VLAN. (CSCdt65530)

If CiscoView fails to launch on a Solaris/Netscape Communicator client, or if an access control error occurs, clear the browser cache or ensure that the plug-in and JRE versions match. To change the JRE version to match the plug-in version, open the Java plug-in control panel under <JAVA_PLUGIN_INSTALL_DIRECTORY>/j2pi/ControlPanel (the standard Java plug-in installation directory is /opt/NSCPcom/). Click the Advanced tab and select Use Java Plug-in Default as the JRE. (CSCdu32540)

If you create a primary VLAN and a secondary VLAN, select the Modify VLAN option for the secondary VLAN to bind it to the primary VLAN and then delete the primary VLAN. After you delete the primary VLAN, the following error message is displayed:

Set failed due to snmpRspGenErr for vtpVlanEditRowStatus.1.199

Workaround: Close and reopen the VLAN and Bridge dialog box. (CSCdt65530)

Resolved Caveats in Software Release 6.2(2)

This section describes the resolved caveats in software release 6.2(2):

When you clear a misconfiguration on the nonroot switch of a trunk channel, the hello timer does not restart on the root switch of the trunk channel. This problem is resolved in software release 6.2(2). (CSCdu08407)

When an ISL trunk port is connected to an access port and QoS is enabled on the switch that has the ISL trunk, the ISL header sets the USER bits in the DA. Currently, the supervisor engine drops only the packets with user bits set to 0 and 1 and forwards the packets with other bits set to the access VLAN of the non-trunk port. The forwarded packets do not go through blocked ports. This problem is resolved in software release 6.2(2). (CSCdu10858)

The community string indexing is broken in software release 6.2(1) for indices 0 and 4096. When you poll these indices with ro_community@0 or ro_community@4096 from your workstation SNMP application, the switch times out and does not respond. This also causes the user tracking to discover end stations only in VLAN 1 on the affected switches. This problem is resolved in software release 6.2(2). (CSCdu18790)

Resolved Caveats for Nonembedded CiscoView

This section describes the resolved caveats in nonembedded CiscoView:

All 6.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software have not worked since May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 6.2(2)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml

This problem is resolved in software release 6.2(2)CiscoView. (CSCdu25881)

Opening configuration dialogs after resizing the CiscoView browser window on a Solaris/Netscape Communicator client with Java plug-in 1.3.0, causes a Java IllegalComponentStateException error. The workaround is to close and reopen the dialog box. This problem is resolved in software release 6.2(2)CiscoView. (CSCdu32555)

Open and Resolved Caveats in Software Release 6.2(1a)

The following sections describe the open and resolved caveats in supervisor engine software release 6.2(1a):

Open Caveats in Software Release 6.2(1a)

Resolved Caveats in Software Release 6.2(1a)

Open Caveats in Software Release 6.2(1a)

This section describes the open caveats in software release 6.2(1a):


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


If a port is configured as an isolated or community port in a private VLAN, a port receiving BPDUs never enters to errdisable state.

Workaround: Do not use the BPDU-guard feature with private VLAN ports. (CSCdu09474)

If you configure UplinkFast on a port and remove the module before disabling the port, then the recovery time will be longer than expected for UplinkFast.

Workaround: Disable an UplinkFast port before removing the module. (CSCdt41259)

Multicast and broadcast traffic on the WS-X4013 module might experience lost packets when hosts join or leave a multicast/broadcast group. (CSCdp38859)

The 1000BASE-T ports on the WS-X4412-2GB-T module may take up to 2 minutes to come online.

Workaround: Connect the port to another device and then reconnect to the desired device. As an alternative, you can reset the module. (CSCdp90760)

Resolved Caveats in Software Release 6.2(1a)

This section describes resolved caveats in software release 6.2(1a):

An error can occur with management protocol processing. Use the following URL for further information:

http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdw67458

This problem is resolved in software release 6.2(1a). (CSCdw67458)

Open and Resolved Caveats in Software Release 6.2(1)

The following sections describe the open and resolved caveats in supervisor engine software release 6.2(1):

Open Caveats in Software Release 6.2(1)

Resolved Caveats in Software Release 6.2(1)

Open Caveats in Software Release 6.2(1)

This section describes the open caveats in software release 6.2(1):


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


If a port is configured as an isolated or community port in a private VLAN, a port receiving BPDUs never enters to errdisable state.

Workaround: Do not use the BPDU-guard feature with private VLAN ports. (CSCdu09474)

If you configure UplinkFast on a port and remove the module before disabling the port, then the recovery time will be longer than expected for UplinkFast.

Workaround: Disable an UplinkFast port before removing the module. (CSCdt41259)

Multicast and broadcast traffic on the WS-X4013 module might experience lost packets when hosts join or leave a multicast/broadcast group. (CSCdp38859)

The 1000BASE-T ports on the WS-X4412-2GB-T module may take up to two minutes to come online.

Workaround: Connect the port to another device and then reconnect to the desired device. As an alternative, you can reset the module. (CSCdp90760)

Resolved Caveats in Software Release 6.2(1)

This section describes resolved caveats in software release 6.2(1):

If the native VLAN for a port is cleared from the port's trunk allowed range, this port does not appear to be in the native VLAN in the configuration file. This problem is resolved in software release 6.2(1). (CSCdr31412)

On a Catalyst 4006 switch with a Supervisor Engine II, switch ports in the same VLAN may lose connectivity with one another. This loss of connectivity results in a VLAN appearing to be partitioned into several isolated segments. A host may be able to ping one set of devices in its VLAN, but it cannot ping another set of devices in the same VLAN.

This loss of connectivity is independent of the slot a module is installed in. The same set of ports on a module are affected regardless of the slot that the module is installed in. This problem is resolved in software releases 6.2(1) and 6.1(3). (CSCdt80707)

The Xmit-Err counter may increment on unconnected ports. This problem is resolved in software release 6.2(1). (CSCds89148)

Occasionally removing and reinserting a module can cause a memory leak which can impair functionality or crash the switch. This problem is resolved in software release 6.2(1). (CSCds55847)

The switch might reset if you attempt to delete a nonexistent VLAN through the SNMP vtpVlanEditTable. This problem is resolved in software release 6.2(1). (CSCdt38160)

The show ip permit command might cause the switch to reset. This problem is resolved in software release 6.2(1). (CSCdt55237)

If you force a new root in an IEEE spantree by using the set spantree priority command, the port may appear as a type inconsistent (type-pvid-inconsistent). This problem is resolved in software release 6.2(1). (CSCds68230)

Some 10/100 ports flap link with no cables connected to them. This has been observed only when the port is forced to 10 Mbps and half duplex. This problem is resolved in software release 6.2(1). (CSCdt39972)

When the system runs out of memory, the following messages are printed when you execute a show command:

Failed to allocate session block. 

Error: can't find scp/slp buffer slot for show command:29.

These messages are printed because the show command cannot allocate the required memory for the show command process. Add more memory to the system or disable some features to free up existing memory. This problem is resolved in software release 6.2(1). (CSCdr74107)

If you run a script that contains any show command followed by several Ctrl-C characters, the switch may crash. This problem is resolved in software release 6.2(1). (CSCdt30178)

Disabling spanning tree on a native VLAN on a nonroot switch may result in the switch attempting to become a root on VLAN 1. This is not a problem when disabling spanning tree in other VLANs. This problem is resolved in software release 6.2(1). (CSCds23433)

On IEEE 802.1Q trunk ports with several hundred active VLANs, spanning tree convergence time might be delayed up to several minutes when the last trunk goes down or the first trunk comes up, depending on the number of active VLANs. The 802.1Q trunk port will eventually enter the correct spanning tree state for each active VLAN. This problem is resolved in software release 6.2(1). (CSCds06965)

When configured as an NTP client, the Catalyst 4000 series switch incorrectly reports summertime. The reported summertime end time is advanced by one year. The show ntp command displays the following information:

Console> (enable) show ntp
 Current time: Tue Feb 13 2001, 20:50:21 NZDT
 Timezone: 'NZST', offset from UTC is 12 hours
 Summertime: 'NZDT', enabled
   Start : Sun Oct 1 2000, 02:00:00
   End   : Sun Mar 17 2002, 03:00:00      <========= Here is the problem
   Offset: 60 minutes
 Last NTP update: Tue Feb 13 2001, 20:49:27

This problem is resolved in software release 6.2(1). (CSCdt43350)

When you upgrade the supervisor engine software on a WS-X4013 supervisor engine module, the supervisor engine may hang and require a manual reset. When this happens, often this last message is displayed:

Upgrade NVRAM successful.

This problem can occur when upgrading to any 5.4(x) release, any 5.5(x) release prior to 5.5(7), or any 6.1(x) release prior to 6.1(3). This fix also covers all cases described in CSCdr96136. This problem is resolved in software release 6.2(1). (CSCdt69490)

Open and Resolved Caveats in Software Release 6.1(4b)

The following sections describe the open and resolved caveats in supervisor engine software release 6.1(4b) and nonembedded CiscoView:

Open Caveats in Software Release 6.1(4b)

Resolved Caveats in Software Release 6.1(4b)

Open Caveats in Software Release 6.1(4b)


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


This section describes the open caveats in software release 6.1(4b):

If UplinkFast is configured on a port and the module is removed before disabling the port, then the recovery time will be longer than expected for UplinkFast.

Workaround: Disable an UplinkFast port before removing the module. (CSCdt41259)

Multicast and broadcast traffic on the WS-X4013 module might experience lost packets when hosts join or leave a multicast/broadcast group. (CSCdp38859)

The 1000BASE-T ports on the WS-X4412-2GB-T module may take up to two minutes to come online.

Workaround: Connect the port to another device and then reconnect to the desired device. As an alternative, you can reset the module. (CSCdp90760)

Resolved Caveats in Software Release 6.1(4b)

This section describes the resolved caveats in software release 6.1(4b):

An error can occur with management protocol processing. Use the following URL for further information:

http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdw67458

This problem is resolved in software release 6.1(4b). (CSCdw67458)

Open and Resolved Caveats in Software Release 6.1(3a)

The following sections describe the open and resolved caveats in supervisor engine software release 6.1(3a):

Open Caveats in Software Release 6.1(3a)

Resolved Caveats in Software Release 6.1(3a)

Open Caveats in Software Release 6.1(3a)

This section describes the open caveats in software release 6.1(3a):


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


Multicast and broadcast traffic on the WS-X4013 module might experience lost packets when hosts join or leave a multicast/broadcast group. (CSCdp38859)

If UplinkFast is configured on a port and the module is removed before the port is disabled, the recovery time will be longer than expected for UplinkFast.

Workaround: Disable an UplinkFast port before removing the module. (CSCdt41259)

The 1000BASE-T ports on the WS-X4412-2GB-T module may take up to two minutes to come online.

Workaround: Connect the port to another device and then reconnect to the desired device. As an alternative, you can reset the module. (CSCdp90760)

Resolved Caveats in Software Release 6.1(3a)

This section describes resolved caveats in software release 6.1(3)a:

An error can occur with management protocol processing. Use the following URL for further information:

http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdw67458

This problem is resolved in software release 6.1(3a). (CSCdw67458)

Open and Resolved Caveats in Software Release 6.1(3)

The following sections describe the open and resolved caveats in supervisor engine software release 6.1(3):

Open Caveats in Software Release 6.1(3)

Resolved Caveats in Software Release 6.1(3)

Open Caveats in Software Release 6.1(3)

This section describes the open caveats in software release 6.1(3):


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


If UplinkFast is configured on a port and the module is removed before disabling the port, then the recovery time will be longer than expected for UplinkFast.

Workaround: Disable an UplinkFast port before removing the module. (CSCdt41259)

Multicast and broadcast traffic on the WS-X4013 module might experience lost packets when hosts join or leave a multicast/broadcast group. (CSCdp38859)

The 1000BASE-T ports on the WS-X4412-2GB-T module may take up to two minutes to come online.

Workaround: Connect the port to another device and then reconnect to the desired device. As an alternative, you can reset the module. (CSCdp90760)

Resolved Caveats in Software Release 6.1(3)

This section describes resolved caveats in software release 6.1(3):

When UplinkFast and CGMP fast leave are enabled on a Catalyst 4000 series switch, and HSRP is enabled on a router in the network, the switch may forward HSRP hello packets out of a blocked port for few minutes. The problem typically clears by itself after 5 minutes. This problem is resolved in software release 6.1(3). (CSCdt13403)

Disabling spanning tree on a native VLAN on a nonroot switch may result in the switch attempting to become a root on VLAN 1. This situation is not a problem when disabling spanning tree in other VLANs. (CSCds23433)

On a Catalyst 4006 switch with a Supervisor Engine II, switch ports in the same VLAN may lose connectivity with one another. This loss of connectivity results in a VLAN appearing to be partitioned into several isolated segments. A host may be able to ping one set of devices in its VLAN, but it cannot ping another set of devices in the same VLAN.

This loss of connectivity is independent of the slot a module is installed in. The same set of ports on a module are affected regardless of the slot that the module is installed in. This problem is resolved in software releases 6.2(1) and 6.1(3). (CSCdt80707)

When you enter the set ip http server enable and set ip http server disable commands several times successively, the Flash memory eventually becomes unusable and the CiscoView interface may not be able to launch. This problem is resolved in software release 6.1(3). (CSCdt13403)

When the RMON historyControlInterval is set to a small number such as 1 or 2 seconds, the system might crash. This problem is resolved in software release 6.1(3). (CSCdt51180)

After a system reset, the following message might display: "RMON Alarm Timer exit:malloc scp queue buffers failed." The message might display even though there is still sufficient memory. This problem is resolved in software release 6.1(3). (CSCdt58390)

If the switch console prompt has already been customized using the set prompt command, the switch might crash after entering the set system name command with a name longer than 64 characters. This problem is resolved in software release 6.1(3). (CSCdt26711)

The switch does not accept TACACS+ authorization replies from the CiscoSecure server. This problem is resolved in software release 6.1(3). (CSCds92279)

Open and Resolved Caveats in Software Release 6.1(2a)

The following sections describe the open and resolved caveats in supervisor engine software release 6.1(2a):

Open Caveats in Software Release 6.1(2a)

Resolved Caveats in Software Release 6.1(2a)

Open Caveats in Software Release 6.1(2a)

This section describes the open caveats in software release 6.1(2a):


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


Disabling spanning tree on a native VLAN on a nonroot switch may result in the switch attempting to become a root on VLAN 1. This situation is not a problem when disabling spanning tree in other VLANs. (CSCds23433)

Multicast and broadcast traffic on the WS-X4013 module might experience lost packets when hosts join or leave a multicast/broadcast group. (CSCdp38859)

If you force a new root in an IEEE spanning tree by using the set spantree priority command, the port may appear as a type inconsistent (type-pvid-inconsistent). This problem is resolved in software release 6.2(1). (CSCds68230)

The 1000BASE-T ports on the WS-X4412-2GB-T modules may take up to two minutes to come online.

Workaround: Connect the port to another device and then reconnect to the desired device. As an alternative, you can reset the module. (CSCdp90760)

On IEEE 802.1Q trunk ports with several hundred active VLANs, spanning tree convergence time when the last trunk goes down or the first trunk comes up might be delayed up to several minutes, depending on the number of active VLANs. The 802.1Q trunk port will eventually enter the correct spanning-tree state for each active VLAN. (CSCds06965)

Resolved Caveats in Software Release 6.1(2a)

This section describes resolved caveats in software release 6.1(2a):

An error can occur with management protocol processing. Use the following URL for further information:

http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdw67458

This problem is resolved in software release 6.1(2a). (CSCdw67458)

Open and Resolved Caveats in Software Release 6.1(2)

The following sections describe the open and resolved caveats in supervisor engine software release 6.1(2):

Open Caveats in Software Release 6.1(2)

Resolved Caveats in Software Release 6.1(2)

Open Caveats in Software Release 6.1(2)

This section describes the open caveats in software release 6.1(2):


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


Disabling spanning tree on a native VLAN on a nonroot switch may result in the switch attempting to become a root on VLAN 1. This situation is not a problem when disabling spanning tree in other VLANs. (CSCds23433)

Multicast and broadcast traffic on the WS-X4013 module might experience lost packets when hosts join or leave a multicast/broadcast group. (CSCdp38859)

If you force a new root in an IEEE spanning tree by using the set spantree priority command, the port may appear as a type inconsistent (type-pvid-inconsistent). This problem is resolved in software release 6.2(1). (CSCds68230)

The 1000BASE-T ports on the WS-X4412-2GB-T modules may take up to two minutes to come online.

Workaround: Connect the port to another device and then reconnect to the desired device. As an alternative, you can reset the module. (CSCdp90760)

On IEEE 802.1Q trunk ports with several hundred active VLANs, spanning tree convergence time when the last trunk goes down or the first trunk comes up might be delayed up to several minutes, depending on the number of active VLANs. The 802.1Q trunk port will eventually enter the correct spanning-tree state for each active VLAN. (CSCds06965)

Resolved Caveats in Software Release 6.1(2)

This section describes resolved caveats in software release 6.1(2):

In the presence of loopback cabling on ports forced to half-duplex mode, it is possible for related ports to experience permanent receive or transmit failure. This problem is resolved in software release 6.1(2). (CSCdp68027)

Occasionally an SNMP mibwalk, on a very busy switch, can crash the switch. This problem only exists in software release 5.5(4) and has been resolved in software release 6.1(2). (CSCds79550)

A switch might reset under a heavy load. To determine whether the reset is due to this rare condition, enter the show crashdump 1 command after the switch reboots. If you observe that the switch crashed in Connection_onAckTimeout (a procedure in the image), you are probably experiencing this problem. This problem is resolved in software release 6.1(2). (CSCds84051)

The WS-X4124-FX-MT and WS-U4504-FX-MY modules will sometimes produce the following error message if the traffic the module receives traffic on one of its ports while booting:

SYS-3-MON_MINORFAIL:Minor problem in module # 

In this case, some or all of the 100-FX ports will be faulty. This problem is resolved in software release 6.1(2). (CSCds25826)

If you configure the SPAN after entering the clear config all command, the SPAN configuration will be erased during the next system reboot. This problem is resolved in software release 6.1(2). (CSCds54788)

Prior to software releases 4.5(10), 5.5(5), and 6.1(2), SNMP processed UDP packets with the destination port 0. This problem is resolved in software release 6.1(2). (CSCds65753).

The Catalyst 4000 series switches declare that a host is flapping if it moves locations twice in 15 seconds. As a response to the host flap, the switch suppresses all traffic destined to the host for up to 15 seconds. If you have a configuration where a host can briefly (one packet) appear on a different port, this will cause problems.

In software releases 6.1(2), 6.2(1), and 5.5(4), the algorithm has been made less aggressive. A host must move at least 4 times in 15 seconds before being declared to be flapping. As a response to the host flap, the switch still suppresses all traffic destined to and from that host for up to 15 seconds. (CSCds05573).

Under certain circumstances, changing the auxiliary VLAN of one of the ports belonging to a channel on the WS-X4148-RJ45V module places the port in errdisable mode. This problem is resolved in software release 6.1(2). (CSCdr88895)

When using the redundant power supply alone, the Catalyst 4912 and Catalyst 2948G switches report the AC power supply as faulty. This problem is resolved in software release 6.1(2). (CSCdm68030)

IPX clients may be unable to connect to a server during bootup.This problem is resolved in software release 6.1(2). (CSCds27476)

If you change management VLAN (VLAN assigned to the sc0 interface) on the supervisor engine, no ports remain connected on the old management VLAN. The old management VLAN corresponds to an interface on the WS-X4232-L3 module. This interface was in the up state before management VLAN changed, then the interface does not go to the shutdown state but stays in the up state. Using the Auto Port State feature, the module should have gone down. Traffic that used to go to the old management VLAN is dropped by the switch after passing through the WS-X4232-L3 module, and the ICMP "host unreachable" message will not be sent. This problem is resolved in software release 6.1(2). (CSCds36572)

A crash log is not appended to the show log command output. Use the show crashdump command to display the crash log. This problem is resolved in software release 6.1(2). (CSCdp38333)

If you configure level 2 system logging and a native VLAN mismatch occurs on 802.1Q trunks, the system log messages contain incorrect module and port values, and sometimes a reload might occur. This problem is resolved in software release 6.1(2). (CSCds23497)

If a reverse Telnet session to the switch times out, press the space bar to reactivate the session, and you will be able to see the configuration of the switch. This situation affects the Catalyst 4000 family modules with a console port connected to a modem, communication server, or PC. This problem is resolved in software release 6.1(2). (CSCds08837)

When you enter the clear config all command and reset the system, the ifIndex does not reset. The problem also occurs after a switchover from the active supervisor engine to the redundant supervisor engine. This problem appears in software releases 5.4(1) and later. This problem is resolved in software release 6.1(2). (CSCds34328)

Allocating too many buckets in RMON might cause memory allocation errors. When system memory usage reaches 90 percent, some show commands might not work, and new Telnet sessions might not be allowed. An example follows:

Console> (enable) show version
 Failed to allocate session block.
 Error: can't find scp/slp buffer slot for show command: 10.
Console> (enable)

This problem is resolved in software release 6.1(2).(CSCds30395)

The switch does not allow you to create a second etherStatsEntry with the same ifIndex for an interface. When you try to create the second etherStatsEntry with the same interface in etherStatsDataSource as one of the existing entries, the switch returns a "bad value" error message. The problem exists in software releases 5.x and 6.1(2). (CSCds22815)

Setting ntpAuthenticationSecretKey from SNMP does not have any effect. This problem is resolved in software release 6.1(2). (CSCdk75107)

After you have reset a WS-X4604-GWY module, but before it has come online, the show sprom command resets the Catalyst 4000 series switch. This problem is resolved in software release 6.1(2). (CSCds33864).

Open and Resolved Caveats in Software Release 6.1(1e)

The following sections describe the open and resolved caveats in supervisor engine software release 6.1(1e):

Open Caveats in Software Release 6.1(1e)

Resolved Caveats in Software Release 6.1(1e)

Open Caveats in Software Release 6.1(1e)

This section describes the open caveats in software release 6.1(1e):


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


Multicast and broadcast traffic on the WS-X4013 module might experience lost packets when hosts join or leave a multicast/broadcast group. (CSCdp38859)

The 1000BASE-T ports on the WS-X4412-2GB-T modules may take up to two minutes to come up.

Workaround: Connect the port to another device and then reconnect to the desired device. As an alternative, you can reset the module. (CSCdp90760)

If you configure level 2 system logging and if a native VLAN mismatch occurs on 802.1Q trunks, the system log messages contain incorrect module and port values and sometimes a reload might occur. (CSCds23497)

On the Catalyst 4000 series switch, SNMP mibwalks of the dynamically learned hosts are very slow. (CSCds30442)

After you have reset a WS-X4604-GWY module, but before it has come online, the show sprom command resets the Catalyst 4000 series switch. (CSCds33864).

When you enter the clear config all command and reset the system, the ifIndexdoes not reset. The problem also occurs after a switchover from the active supervisor engine to the standby supervisor engine. This problem appears in software releases 5.4(1) and later. (CSCds34328)

If a reverse Telnet session to the switch times out, press the space bar to reactivate the session, and you will be able to see the configuration of the switch. This situation affects the Catalyst 4000 family modules with a console port connected to a modem, communication server, or PC. (CSCds08837)

Workaround: Wait until the module is online before issuing the show sprom command.

Under certain circumstances, changing the auxiliary VLAN of one of the ports belonging to a channel places the port in errdisable mode. (CSCdr88895)

Workaround: If you need to change the auxiliary VLAN of a port, verify that the port is not part of a channel. If the port is part of a channel, remove it from the channel. This should not be a limitation because the auxiliary VLAN is used when connecting the Cisco IP phone to the port, which will not be part of a channel.

On IEEE 802.1Q trunk ports with several hundred active VLANs, spanning tree convergence time when the last trunk goes down or the first trunk comes up might be delayed up to several minutes, depending on the number of active VLANs. The 802.1Q trunk port will eventually enter the correct spanning tree state for each active VLAN. (CSCds06965)

The switch does not allow you to create a second etherStatsEntry with the same ifIndex for an interface. When you try to create the second etherStatsEntry with the same interface in etherStatsDataSource as one of the existing entries, the switch returns a "bad value" error. The problem exists in software releases 5.x and 6.1(1).

Workaround: Use the existing etherStatsEntry for the interface or create a new one after deleting the existing entry that has the same ifIndex. (CSCds22815)

Setting ntpAuthenticationSecretKey from SNMP does not have any effect. (CSCdk75107)

Allocating too many buckets in RMON might cause memory allocation errors. When system memory usage reaches 90 percent, some show commands might not work and new Telnet sessions might not be allowed. An example follows:

Console> (enable) show ver
 Failed to allocate session block.
 Error: can't find scp/slp buffer slot for show command: 10.
Console> (enable)

Workaround: If most of the memory was used by RMON buckets, use one of the following workarounds:

Reduce the number of buckets for each entry.

Reduce the number of control entries.

Disable the RMON feature.

(CSCds30395)

Resolved Caveats in Software Release 6.1(1e)

This section describes resolved caveats in software release 6.1(1e):

An error can occur with management protocol processing. Use the following URL for further information:

http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdw67458

This problem is resolved in software release 6.1(1e). (CSCdw67458)

Open and Resolved Caveats in Software Release 6.1(1c)

The following sections describe the open and resolved caveats in supervisor engine software release 6.1(1c):

Open Caveats in Software Release 6.1(1c)

Resolved Caveats in Software Release 6.1(1c)

Open Caveats in Software Release 6.1(1c)

This section describes the open caveats in software release 6.1(1c).


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


Multicast and broadcast traffic on the WS-X4013 module might experience lost packets when hosts join or leave a multicast/broadcast group. (CSCdp38859)

The 1000BASE-T ports on the WS-X4412-2GB-T modules may take up to two minutes to come up.

Workaround: Connect the port to another device and then reconnect to the desired device. As an alternative, you can reset the module. (CSCdp90760)

Setting ntpAuthenticationSecretKey from SNMP does not have any effect. (CSCdk75107)

On the Catalyst 4000 series switch, SNMP mibwalks of the dynamically learned hosts are very slow. (CSCds30442)

If you configure level 2 system logging and if a native VLAN mismatch occurs on 802.1Q trunks, the system log messages contain incorrect module and port values and sometimes a reload might occur. (CSCds23497)

If a reverse Telnet session to the switch times out, press the space bar to reactivate the session, and you will be able to see the configuration of the switch. This situation affects the Catalyst 4000 family modules with a console port connected to a modem, communication server, or PC. (CSCds08837)

After you have reset a WS-X4604-GWY module, but before it has come online, the show sprom command resets the Catalyst 4000 series switch. (CSCds33864).

Workaround: Wait until the module is online before issuing the show sprom command.

Under certain circumstances, changing the auxiliary VLAN of one of the ports belonging to a channel places the port in errdisable mode. (CSCdr88895)

Workaround: If you need to change the auxiliary VLAN of a port, verify that the port is not part of a channel. If the port is part of a channel, remove it from the channel. This should not be a limitation because the auxiliary VLAN is used when connecting the Cisco IP phone to the port, which will not be part of a channel.

On IEEE 802.1Q trunk ports with several hundred active VLANs, spanning tree convergence time when the last trunk goes down or the first trunk comes up might be delayed up to several minutes, depending on the number of active VLANs. The 802.1Q trunk port will eventually enter the correct spanning tree state for each active VLAN. (CSCds06965)

When you enter the clear config all command and reset the system, the ifIndexdoes not reset. The problem also occurs after a switchover from the active supervisor engine to the standby supervisor engine. This problem appears in software releases 5.4(1) and later. (CSCds34328)

The switch does not allow you to create a second etherStatsEntry with the same ifIndex for an interface. When you try to create the second etherStatsEntry with the same interface in etherStatsDataSource as one of the existing entries, the switch returns a "bad value" error. The problem exists in software releases 5.x and 6.1(1).

Workaround: Use the existing etherStatsEntry for the interface or create a new one after deleting the existing entry that has the same ifIndex. (CSCds22815)

Allocating too many buckets in RMON might cause memory allocation errors. When system memory usage reaches 90 percent, some show commands might not work and new Telnet sessions might not be allowed. An example follows:

Console> (enable) show ver
 Failed to allocate session block.
 Error: can't find scp/slp buffer slot for show command: 10.
Console> (enable)

Workaround: If most of the memory was used by RMON buckets, use one of the following workarounds:

Reduce the number of buckets for each entry.

Reduce the number of control entries.

Disable the RMON feature.

(CSCds30395)

Resolved Caveats in Software Release 6.1(1c)

This section describes resolved caveats in software release 6.1(1c):

Non-SSH connection attempts to an enabled SSH service on a Catalyst 4000 series switch might cause a "protocol mismatch" error, resulting in a supervisor engine failure. The supervisor engine failure causes the switch to fail to pass traffic and  reboots the switch. This problem is resolved in software release 6.1(1c). (CSCds85763)

Open and Resolved Caveats in Software Release 6.1(1)

The following sections describe the open and resolved caveats in supervisor engine software release 6.1(1):

Open Caveats in Software Release 6.1(1)

Resolved Caveats in Software Release 6.1(1)

Open Caveats in Software Release 6.1(1)

This section describes the open caveats in software release 6.1(1):


Note For the latest information on the open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/en/US/products/hw/switches/ps663/prod_release_note09186a008029aa83.html


Multicast and broadcast traffic on the WS-X4013 module might experience lost packets when hosts join or leave a multicast/broadcast group. (CSCdp38859)

The 1000BASE-T ports on the WS-X4412-2GB-T modules may take up to two minutes to come online.

Workaround: Connect the port to another device and then reconnect to the desired device. As an alternative, you can reset the module. (CSCdp90760)

If you have RADIUS authentication configured and you Telnet to the switch, the switch will reboot if the username is not valid even though the RADIUS server is available. This problem was observed using a Merit RADIUS Server, made by Interlink Networks. This problem does not occur with a Cisco Secure RADIUS Server.

Workaround: Use a Cisco Secure RADIUS Server. (CSCdx01532)

Under certain circumstances, changing the auxiliary VLAN of one of the ports belonging to a channel places the port in errdisable mode. (CSCdr88895)

Workaround: If you need to change the auxiliary VLAN of a port, verify that the port is not part of a channel. If the port is part of a channel, removed it from the channel. This should not be a limitation because the auxiliary VLAN is used when connecting the Cisco IP phone to the port, which will then not be part of a channel.

If you configure level 2 system logging and if a native VLAN mismatch occurs on 802.1Q trunks, the system log messages contain incorrect module and port values and sometimes a reload might occur. (CSCds23497)

If a reverse Telnet session to the switch times out, press the space bar to reactivate the session, and you will be able to see the configuration of the switch. This situation affects the Catalyst 4000 family modules with a console port connected to a modem, communication server, or PC. (CSCds08837)

On the Catalyst 4000 series switch, SNMP mibwalks of the dynamically learned hosts are very slow. (CSCds30442)

On IEEE 802.1Q trunk ports with a large number of active VLANs (several hundred), spanning tree convergence time when the last trunk goes down or the first trunk comes up might be delayed up to several minutes, depending on the number of active VLANs. The 802.1Q trunk port will eventually enter the correct spanning tree state for each active VLAN. (CSCds06965)

After you have reset a WS-X4604-GWY module, but before it has come online, the show sprom command resets the Catalyst 4000 series switch. (CSCds33864).

Workaround: Wait until the module is online before entering the show sprom command.

Setting the ntpAuthenticationSecretKey from SNMP does not have any effect. (CSCdk75107)

When you enter the clear config all command and reset the system, the ifIndex does not reset. The problem also occurs after a switchover from the active supervisor engine to the redundant supervisor engine. This problem appears in software releases 5.4(1) and later. (CSCds34328)

The switch does not allow you to create a second etherStatsEntry with the same ifIndex for an interface. When you try to create the second etherStatsEntry with the same interface in etherStatsDataSource as one of the existing entries, the switch returns a "bad value" error. The problem exists in software releases 5.x and 6.1(1a).

Workaround: Use the existing etherStatsEntry for the interface or create a new one after deleting the existing entry that has the same ifIndex. (CSCds22815)

Allocating too many buckets in RMON might cause memory allocation errors. When system memory usage reaches 90 percent, some show commands might not work and new Telnet sessions might not be allowed. An example follows:

Console> (enable) show ver
 Failed to allocate session block.
 Error: can't find scp/slp buffer slot for show command: 10.
Console> (enable)

Workaround: If most of the memory was used by RMON buckets, use one of the following workarounds:

Reduce the number of buckets for each entry.

Reduce the number of control entries.

Disable the RMON feature.

(CSCds30395)

Resolved Caveats in Software Release 6.1(1)

This section describes resolved caveats in software release 6.1(1):

The hcRMONCapabilities MIB object is not supported in the supervisor engine RMON software. RMON applications, such as TrafficDirector that depend on the hcRMONCapabilities MIB value, might fail to discover the HC-RMON capability of a device. (CSCdr89597)

For normal UDLD the recommended default interval is 15 seconds. Caveat CSCdr50206 requires that you follow these configurations:

When you enable aggressive UDLD, the recommended default is 30 seconds.

Do not use UDLD, with the ON - AUTO trunk combination; however, UDLD can be used with any other valid trunk combination. (CSCdr50206)

When a 10/100 port receives an invalid packet with a length of less than 64 bytes, both the Runts and FCS-Error counters increment on the port. The correct operation is to increment only the Runts counter when receiving an undersized or invalid packet. In order to determine the actual number of FCS-Errors on valid-length packets received on the port, subtract the value of the port Runts counter from the value of the port FCS-Error counter. (CSCdr37645)

Usage Guidelines, Restrictions, and Troubleshooting

The following sections provide usage guidelines, restrictions, and troubleshooting information for Catalyst 4000 family switch hardware and software:

System and Supervisor Engine

Modules and Switch Ports

Spanning Tree

VTP, VLANs, and VLAN Trunks

EtherChannel

SPAN

Multicast

Protocol Filtering

MIBs

Authentication, Authorization, and Accounting

Nonembedded CiscoView

System and Supervisor Engine

The following usage guidelines, restrictions, and troubleshooting information apply to the supervisor engine and to the switch at the system level.

The Catalyst 4006 switch requires dual power supplies. Refer to the Catalyst 4003 and 4006 Switch Installation Guide for detailed information about power requirements for the Catalyst 4000 family switches.

In supervisor engine software release 5.2 and later, the show config, write terminal, and copy config commands return only the nondefault configuration (that is, only commands that change the default configuration are displayed). Use the all keyword to display both the default and nondefault configuration (for example, show config all).

If you need to download configuration files to many switches in a network topology with redundant EtherChannel links, download the configuration at each switch manually using the configure network command. Otherwise, in some situations, a broadcast storm can occur.

The Port Name field in the output of the show port command displays only the first 18 characters of the port name. If you specify a port name that contains more than 18 characters the last characters will not be displayed in the output. (CSCed09784)

Under certain conditions, etherHistoryUtilization is not reported correctly if the counter value wraps between the two consecutive samples.

Workaround: Reduce the sample interval.

If your configuration produces thousands of CAM entries, ensure that your screen length is set to a value greater than 0 before entering the show cam dynamic command.

The LrnDiscard counter (displayed by entering the show mac command) indicates the number of times a CAM entry is replaced with a newly learned address when the CAM table is full. The counter value is not maintained for each port; instead, the value is maintained for the entire switch.

Although the show spantree command displays the PortFast feature as enabled on a trunk port, spanning tree PortFast has no effect on trunk ports. Do not use the set portfast command on a trunk port. In addition, designating a port as a trunk port causes the PortFast feature to be ignored for the port.

The CLI command show cam dynamic and the SNMP query "getmany community@vlan dot1dTpFdbAddress" are sometimes not synchronized.

When you connect an SMC 8432BT NIC with the DEC 21041-AA chipset on a Compaq Desktop 6xxx series PC to a Catalyst 2980G-A switch at 10/HD, the Catalyst 2980G-A switch might experience Align/FCS/Rcv errors. (CSCdv79989)

A Catalyst 2980G switch might continue sending PS_OK syslog messages even after the switch has booted. Normally, these messages appear only once after boot up. (CSCdw65276)

Fixed configuration switches, including the Catalyst 2948G, Catalyst 2980G-A, Catalyst 2980G and Catalyst 4912G, do not have the capability to detect a fan failure in hardware. Regardless of the status of the Fans, all software releases will always display the fan status as OK. (CSCec24150)

Modules and Switch Ports

The following usage guidelines, restrictions, and troubleshooting information apply to modules and switch ports.

Ports on a Catalyst switch might stop receiving packets when the switch is connected to ports with high electrostatic discharge applied to them. This condition can happen in environments where cables build a charge up to a high voltage. This condition is rare and temporary; it will not damage the hardware. The Rx good packet count will not increase, but some error counters might increase when packets are sent to the port. You cannot fix the problem by changing the port speed and duplex settings, or by unplugging and replugging the cables. The only solution is to reset the switch. This problem is resolved in software release 7.2(2) and subsequent 7.x releases, but will not be resolved in the 6.x releases.

If the Catalyst 4000 series switch detects a port-duplex misconfiguration, the misconfigured switch port is disabled and placed in the errdisable state. Reconfigure the port-duplex setting and use the set port enable command to reenable the port.

This message indicates a potential port configuration error:

2000 Feb 15 16:15:28 %SYS-4-P2_WARN: 1/Blocked queue on gigaport 5 ( 15 : 1 )

If you receive this message, use the command show port counters and check each port for excessive error frames such as collisions, runts, and transmit errors.

When hot inserting a module into a Catalyst 4000 family chassis, be sure to use the ejector levers on the front of the module to seat the backplane pins properly. Incorrectly inserting a module can cause unexpected behavior. For proper module installation instructions, refer to the Catalyst 4003 and 4006 Switch Installation Guide.

When you replace a module (other than the supervisor engine) with a module of a different type, or when you insert a module (other than the supervisor engine) in an empty slot, entering the command clear config mod_num clears the module configuration information in the supervisor engine and obtains the correct spanning tree parameters.

If a module fails to come online, reset the module by entering the reset mod_num command.

If a port fails the physical-medium-dependent (PMD) loopback test after the Catalyst 4000 family switch is reset (that is, if a port LED is flashing orange after a reset), you must reset the affected module.

If you have a port whose speed is set to auto and is connected to another port whose speed is set to a fixed value, configure the port whose speed is set to a fixed value for half duplex. Alternately, you can configure both ports to a fixed-value port speed and full duplex.

Whenever you connect a Catalyst 4000 series port that is set to autonegotiate an end station or another networking device, make sure that the other device also is configured for autonegotiation. If the other device is not set to autonegotiate, the Catalyst 4000 autonegotiating port will remain in half-duplex mode, which can cause a duplex mismatch, resulting in packet loss, late collisions, and line errors on the link.

Do not enable protocol filtering on the switch if you have configured port security on any ports and set the violation mode to restrict. There is no restriction if the violation mode is set to shutdown; you can enable protocol filtering on the switch.

When you connect end stations (such as Windows 95, 98, or NT workstations) to Catalyst 4000 family 10/100-Mbps switch ports, we recommend this configuration:

Spanning tree PortFast enabled

Trunking off

Channeling off

In supervisor engine software release 5.2 and later, you can use the set port host command to optimize the port configuration for host connections. This command automatically enables PortFast and sets the trunking and channeling modes to off.

In software releases prior to release 5.2, you can optimize the port configuration for host connections as follows:

Use the set spantree portfast mod_num/port_num enable command to enable PortFast on a port.

Use the set trunk mod_num/port_num off command to disable trunking on a port.

Use the set port channel port_list off command to disable channeling on a port.


Note You must specify a valid port range when entering the set port channel command. You cannot specify a single port.


This example shows how to configure a port for end station connectivity using the set port host command:

Console> (enable) set port host 2/1
Warning: Spantree port fast start should only be enabled on ports connected
to a single host. Connecting hubs, concentrators, switches, bridges, etc. to
a fast start port can cause temporary spanning tree loops. Use with caution.
Spantree port 2/1 fast start enabled.
Port(s) 2/1 trunk mode set to off.
Port(s) 2/1 channel mode set to off.
Console> (enable) 

This example shows how to manually configure a port for end station connectivity:

Console> (enable) set spantree portfast 2/2 enable
Warning: Spantree port fast start should only be enabled on ports connected
to a single host. Connecting hubs, concentrators, switches, bridges, etc. to
a fast start port can cause temporary spanning tree loops. Use with caution.
Spantree port 2/2 fast start enabled.
Console> (enable) set trunk 2/2 off
Port(s) 2/2 trunk mode set to off.
Console> (enable) set port channel 2/1-2 off
Port(s) 2/1-2 channel mode set to off.
Console> (enable)

Some ports on the Catalyst 4000 family oversubscribed Gigabit Ethernet modules do not reliably autonegotiate Ethernet operational modes with some Sun Gigabit Ethernet NICs. The 18-port server switching 1000BASE-X (GBIC) Gigabit Ethernet module (WS-X4418-GB) is affected.

These Sun Gigabit Ethernet NICs are affected:

X1140A Sun Gigabit Ethernet Sbus Adapter 2.0

X1141A PCI Gigabit Ethernet PCI Adapter 2.0

Workaround: Use the following configuration:

Catalyst 4000 series Ports
Sun Gigabit Ethernet NIC
Configuration
Command
Configuration
Command

Autonegotiation disabled

set port negotiation mod_num/port_num disable

Autonegotiation disabled

ndd -set /dev/ge adv_1000autoneg_cap 0

N/A

N/A

Half-duplex off

ndd -set /dev/ge adv_1000hdx_cap 0

Send flow control on1

set port flowcontrol mod_num/port_num send on

Send flow control off

ndd -set /dev/ge adv_pauseTX 0

Receive flow control desired1

set port flowcontrol mod_num/port_num receive desired

Receive flow control on

ndd -set /dev/gs adv_pauseRX 1

1 Default setting


(CSCdm38405)

On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1, indicating an error occurred even though, in most cases, a carrier sense error did not occur.

The following restrictions apply when configuring port security:

You cannot configure dynamic, static, or permanent CAM entries on a secure port.

When you enable port security on a port, any static or dynamic CAM entries associated with the port are cleared; any currently configured permanent CAM entries are treated as secure.

If you attach a long cable (20 ft or longer) that is disconnected at the far end to the console port of a Catalyst 4000 series or Catalyst 2948G switch, then the resulting crosstalk on the serial line may prevent the switch from booting until you disconnect the cable from the switch or plug the cable into an active serial port (such as a serial port on a PC or a terminal server) at the remote end. (CSCdw69459 and CSCdr73326)

If you configure a secure port to restrictive mode and a station is connected to the port whose MAC address is already configured as a secure MAC address on another port on the switch, the port in restrictive mode will shut down rather than restrict traffic from that station. For example, if you configure MAC-1 as the secure MAC address on port 2/1 and MAC-2 as the secure MAC address on port 2/2, and you then connect the station with MAC-1 to port 2/2 when port 2/2 is configured for restrictive mode, port 2/2 will shut down instead of restricting traffic from MAC-1.

Spanning Tree

The following usage guidelines, restrictions, and troubleshooting information apply to spanning tree.

The Spanning Tree Protocol (SPT) blocks certain ports to prevent physical loops in a redundant topology. On a blocked port, the Catalyst 4000 family switch receives spanning tree bridge protocol data units (BPDUs) periodically from the neighboring device. You can configure the frequency with which BPDUs are received, by entering the set spantree hello command (the default frequency is set to two seconds). If a Catalyst 4000 family switch does not receive a BPDU in the time defined by the set spantree maxage command (20 seconds by default), the blocked port transitions to the listening state, the learning state, and to the forwarding state. As it transitions, the switch waits for the time period specified by the set spantree fwddelay command (15 seconds by default) in each of these intermediate states. Therefore, a blocked spanning tree port moves into the forwarding state if it does not receive BPDUs from its neighbor within approximately 50 seconds.

If the STP parameters are reduced in value, be sure that the number of STP instances are also reduced proportionally in order to avoid spanning tree loops in the network.

On trunk ports, ensure that the trunk configuration is valid on both sides of the link.

A Catalyst 4000 series switch should be the root for all VLANs, especially VLAN 1. In order to recover from an extended broadcast storm caused by a faulty device in a network, Catalyst  family switches reset blocked ports. To ensure recovery, all Catalyst 4000 series switches in the network should perform this function at the same time, by sending synchronization packets on VLAN 1. These synchronization packets are sent by a Catalyst 4000 series switch only if it is the root bridge.

Disabling spanning tree on the native VLAN of an IEEE 802.1Q trunk may cause spanning tree loops. We recommend that you leave spanning tree enabled on the native VLAN of an 802.1Q trunk. If you plan to disable spanning tree in an 802.1Q environment, disable it on every VLAN in the network to ensure that a loop-free topology exists.

On a blocked spanning tree port, check the duplex configuration to ensure that the port duplex is set to the same type as the port of the neighboring device.

On your Catalyst 4000 family switch, be sure that the total number of logical ports across all instances of spanning tree for different VLANs does not exceed the number allowed for your supervisor engine.

You can use the show spantree summary command and the following formula to compute the sum of logical ports on the switch:

(number of trunks on the switch ¥ number of active VLANs on those trunks) + number of nontrunking ports on the switch

The sum of all logical ports, as calculated with the formula above, should be less than or equal to the following:

600 instances in PVST+ mode for the Catalyst 4000 series Supervisor Engine I and II

480 instances in PVRST mode for the Catalyst 4000 series Supervisor Engine I and II


Caution If you enable numerous memory-intensive features concurrently (such as VTP pruning, VMPS, EtherChannel, and RMON), or if there is switched data traffic on the management VLAN, the maximum number of supported logical ports is reduced.


Note Count each port in an EtherChannel port bundle independently (do not count the bundle as a single port).


On a blocked spanning tree port, make sure that the Rcv-Frms and Rcv-Multi counters are incrementing continuously. If the Rcv-Frms counter stops incrementing, the port is not receiving any frames, including BPDUs. If the Rcv-Frms counter is incrementing but the Rcv-Multi counter is not, then this port is receiving nonmulticast frames but is not receiving any BPDUs.

To monitor blocked spanning tree ports, use the following commands:

Use the show port command to see if the port has registered many alignment, FCS, or any other type of line errors. If these errors are incrementing continuously, the port might drop input BPDUs.

Use the show mac command if the Inlost counter increments continuously or a port is losing input packets because of a lack of receive buffers. This problem can also cause the port to drop incoming BPDUs.

On trunk ports, ensure that the duplex is set to full on both sides of the link to prevent any collisions under heavy traffic conditions.

Do not use spanning tree PortFast on a trunk port. Although the show spantree command displays PortFast as enabled on a trunk port, PortFast has no effect on such ports.

VTP, VLANs, and VLAN Trunks

The following usage guidelines, restrictions, and troubleshooting information apply to VTP, VLANs, and VLAN trunks.

The VLAN numbers are always ISL VLAN identifiers and not 802.1Q VLAN identifiers.

Although the Dynamic Trunk Protocol (DTP) is a point-to-point protocol, some internetworking devices might forward DTP frames. To avoid connectivity problems, follow these guidelines:

For ports connected to non-Catalyst 4000 series devices in which trunking is not being used, configure trunk-capable Catalyst 4000 family switch ports to off by entering the set trunk mod_num/port_num off command.

When trunking to a Cisco router, use the set trunk mod_num/port_num nonegotiate command. The nonegotiate keyword transitions a link into trunking mode without sending DTP frames.

With Cisco IOS Release 12.0, the Catalyst 8510 campus switch router (CSR) does not process untagged packets (packets on the native VLAN) received on an IEEE 802.1Q-trunked interface (all such packets are dropped). If you configure Catalyst 8510 CSR subinterfaces to a trunk using 802.1Q encapsulation, traffic cannot be carried successfully on the native VLAN for the trunk configured on a Catalyst 4000 family switch.

Workaround: Create an unused VLAN and assign it as the native VLAN for the 802.1Q trunk on the Catalyst 4000 series switch. Verify the native VLAN assignment for the trunk using the show trunk command.

This problem is tracked as a defect against the Catalyst 8510 CSR software. (CSCdk77676)

A VTP transparent switch with no VTP domain name configured might not relay VTP requests received from VTP client and server switches. Therefore, VTP client and server switches might not synchronize if they are separated by a VTP transparent switch with no domain name configured.

Workaround: Configure a VTP domain name on the VTP transparent switch.

IEEE 802.1Q trunks with several hundred active VLANs take a few minutes to become operational. The time increases with the number of VLANs on the trunk. During this time, you may see unexpected behavior, such as the console hanging or other ports not going into forwarding. After the trunks become operational, the unexpected behavior disappears and operation returns to normal. The operation remains normal as long as the trunks remain operational.

EtherChannel

The following usage guidelines, restrictions, and troubleshooting information apply to Fast and Gigabit EtherChannel.

With a large number of channels, trunks, or VLANs, or a change of channel configuration (for example, off to auto), or upon Fast EtherChannel module reboot, ports might take up to five minutes to form a channel and to participate in spanning tree. (During this interval, the port does not appear in show spantree command output.) If it takes more than ten minutes for a channel to form and appear on spanning tree, disable and reenable the ports. In addition, it might take up to two minutes to unbundle a channel after changing the channel mode.

If a "SPANTREE-2: Channel misconfig - x/x-x will be disabled" or similar syslog message is displayed when you are using Fast EtherChannel, the message indicates a mismatch of Fast EtherChannel modes on the connected ports. We recommend that you correct the configuration and reenable the ports by entering the set port enable command. Some valid EtherChannel configurations are shown here:

Port Channel Mode
Valid Neighbor Port Channel Modes

desirable

desirable or auto

auto

desirable or auto1

on

on

off

off

1 If both the local and neighbor ports are in auto mode, an EtherChannel bundle will not form.


SPAN

The following usage guidelines, restrictions, and troubleshooting information apply to the Switched Port Analyzer (SPAN).

When a port is configured as a SPAN port (in both mode) to monitor the transmit and receive traffic (unicast, broadcast, or multicast) for the VLAN, the port does not monitor the VLAN traffic properly. This is the expected behavior when a static CAM filter exists in the host table. Filter action takes precedence over copying the traffic to a sniff port, and hence these packets will not be accounted for in the sniffed traffic statistics. (CSCin51183)

By default, incoming traffic on the SPAN destination port is disabled. You can enable it using the set span command with the inpkts enable keywords. However, while the port receives traffic for its assigned VLAN, it does not participate in spanning tree for that VLAN. To avoid creating spanning tree loops with incoming traffic enabled, assign the SPAN destination port to an unused VLAN.

A SPAN session cannot be configured via SNMP with the monitorGrp MIB. SPAN configuration can be read from the monitorGrp MIB.

Workaround: Use the PortCopyTable MIB to configure SPAN sessions via SNMP.

A SPAN destination port receives flooded unicasts and broadcasts for the VLAN of the source SPAN port.

Multicast

The following usage guidelines, restrictions, and troubleshooting information apply to multicast protocols and traffic on the switch.

Because of a conflict with the Hot Standby Router Protocol (HSRP), Cisco Group Management Protocol (CGMP) leave processing is disabled by default. To enable CGMP leave processing, enter the set cgmp leave enable command.


Note If both HSRP and CGMP leave processing are enabled, you might experience some unicast packet flooding.


When CGMP leave processing is enabled, the Catalyst 4000 family switch learns router ports through PIM-v1, HSRP, and CGMP self-join messages. When CGMP leave processing is disabled, the Catalyst 4000 family switch learns router ports through CGMP self-join messages only.

CGMP does not prune multicast traffic for any IP multicast address that maps into the MAC address range of 01-00-5E-00-00-00 to 01-00-5E-00-00-FF. The reserved IP multicast addresses, in the range 224.0.0.0 to 224.0.0.255, are used to forward local IP multicast traffic in a single Layer 3 hop.

Protocol Filtering

The following usage guidelines, restrictions, and troubleshooting information apply to protocol filtering.

If protocol filtering is enabled and you have set some protocols to be filtered on a port, such as the IPX protocol with the set port protocol 2/3 ipx off command, and then you change the port to a trunk port with the set trunk command, the trunk port will have the same settings that it had before it was an access port. However, when you enter the show port protocol command, the display shows that all protocols are allowed.

Workaround: If protocol filtering is enabled on the switch, and you change a port with protocol filtering configured on it to a trunk port, you should explicitly configure the trunk port to allow all protocols; you can do so by entering one of the following commands for each protocol:

set port protocol mod_num/port_num ipx on

set port protocol mod_num/port_num ip on

set port protocol mod_num/port_num group on

MIBs

For general information on MIBs, RMON groups, and traps, refer to the Cisco public MIB directory (http://www.cisco.com/public/mibs/). For information on the specific MIBs supported by the Catalyst 4000 family switches, refer to the Catalyst 4000 MIB Support List located at ftp://ftp.cisco.com/pub/mibs/supportlists/wsc4000/wsc4000-supportlist.html

Authentication, Authorization, and Accounting

This section contains usage guidelines, restrictions, and troubleshooting information that apply to authentication, authorization, and accounting (AAA):

For login authentication, starting from software releases 5.5(15), 6.3(7), and 7.3(1), if you press the Enter key and then type in your password (<Enter> <password>) the ACS TACACS+ server will treat it as an indication that you are attempting to change your password. This behavior is related to CSCdx08395. Before the CSCdx08395 fix, the user privilege level was hard coded to 15 in the TACACS+ authentication request packet. With the CSCdx08395 fix, the user privilege level is set based on the privilege level that the user is authenticated as. For example, if the user is doing a login authentication, the privilege level would be 1. If the user is doing an enable authentication, the privilege level would be 15.

The Cisco ACS TACACS+ server acts differently for <Enter> <password>. For login authentication, if the user priv-lvl is hard coded to 15, <Enter> <password> is treated as a regular password attempt. If the user priv-lvl is set to 1 (CSCdx08395) during login authentication, then <Enter> <password> is treated as an indication of a changing password. The latter case is a behavior consistent with TACACS+ enable authentication and IOS software handling of <Enter> <password>. (CSCdy35129)

Nonembedded CiscoView

The digital security certificate that is used to sign the Java classes in supervisor engine software release 6.2(2) will be valid until May 19, 2002. After the expiration date if embedded CiscoView cannot be launched or an Access Control Error occurs, upgrade to the latest supervisor engine image available at that time or upgrade the plug-in/browser on the client machine.

The supported client platform/browser/plug-in versions to launch embedded CiscoView are as follows:

Solaris 2.6/2.7, Netscape Communicator 4.7, plug-in 1.3.0 (JRE 1.3.0)

Windows NT 4.0 and Windows 2000, Internet Explorer 5.5 and Netscape Communicator 4.7, plug-in 1.3.0-C (JRE 1.3.0)

The Java Plug-ins 1.3.0_01 and 1.3.0_02 do not work with any CiscoView software release.

The Java Plug-in 1.3.1 is not officially supported with software release 6.2(2) CiscoView, although initial testing indicates that it works fine. If you use Java Plug-in 1.3.1 with Netscape Communicator in Windows NT, an error message indicates that the certificate has expired. The workaround is to use Java Plug-in 1.3.1 with Internet Explorer.

Nonembedded CiscoView does not work after you resize a browser window in Solaris. Make sure that you are using Netscape Communicator 4.7 from Sun Microsystems instead of from Netscape.

The G1 and G2 ports on the WS-X4232-L3 module always show the presence of the Gigabit Ethernet modules. (CSCdr29617)

Software Documentation Updates for Release 6.1

This section describes caveats for the Catalyst 4000 series software release 6.1 documentation. These changes will be included in the next update to the documentation.

Refer to the online versions of the Command Reference—Catalyst 5000 Family, Catalyst 4000 Family, Catalyst 2926G, Catalyst 2948G, Catalyst 2980G Switches for software releases 5.5, and 5.4 and the Command Reference—Catalyst 4000 Series, Catalyst 2926G, Catalyst 2948G, Catalyst 2980G Switches for software release 6.1 for information about these two commands supported in software release 5.4(1) and later:

set traffic monitor threshold
show traffic

The Software Configuration Guide—Catalyst 4000 Family, 2948G, and 2980 Switches for software release 6.1 incorrectly lists the following two restrictions for aggressive UDLD:

When you enable aggressive UDLD, the recommended default is 30 seconds.

We recommend that you not use UDLD or aggressive UDLD with the ON - AUTO trunk combination. UDLD and aggressive UDLD can be used with any other valid trunk combination.

Refer to the online version of the Software Configuration Guide—Catalyst 4000 Family, 2948G, and 2980 Switches for a current version of this publication at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/rel_6_1/conf/index.htm

Refer to the online versions of the System Message Guide—Catalyst 6000, 5000, 4000, 2948G, 2926G and 2926 Series Switches for releases 5.4, 5.5, and 6.1 for information on the following system log error messages:

SYS-5-SYS_HITRFC: [dec] traffic load exceeded threshold on switching bus

SYS-5-HITRFC3: [dec] traffic load exceeded threshold on switching bus [chars]

SYS-3-SYS_MEMLOW: [chars][dec]

SYS-3-SYS_MEMERR: Out of range while freeing address [chars]

SYS-3-INBAND_NORESOURCE: Inband resource error warning [dec]

SYS-3-INBAND_SPRINTR: inband spurious interrupt occurred [dec]

SYS-3-PORT_ERR: port [dec]/[dec] swBusResultEvent [dec]

SYS-3-PORT_WARN: port [dec]/[dec] dmaTxFull [dec] dmaRetry [dec]

IP-3-UDP_SOCKOVFL: UDP socket overflow [dec]

IP-3-TCP_SOCKOVFL: TCP socket overflow [dec]

IP-3-UDP_BADCKSUM: UDP bad checksum [dec]

IP-3-TCP_BADCKSUM: UDP bad checksum [dec]

SPANTREE-5-PORTLISTEN: Port [dec]/[dec] state in VLAN 1 changed to listening

SPANTREE-5-TR_PORTLISTEN: Trcrf 101 in trbrf 102 state changed to listening

Related Documentation

The following documents are available for Catalyst 4000 family switches:

Catalyst 4000 Series Switch Installation Guide

Catalyst 4500 Switch Series Installation Guide

Catalyst 4912G Switch Installation Guide

Catalyst 4500 Series, Catalyst 2948G, Catalyst 2948G-GE-TX, and Catalyst 2980 Switches Software Configuration Guide

Catalyst 4500 Series, Catalyst 2948G, Catalyst 2948G-GE-TX, and Catalyst 2980 Switches Command Reference

System Message Guide—Catalyst 4500 Series, Catalyst 2948G, Catalyst 2948G-GE-TX, and Catalyst 2980 Switches

Layer 3 Switching Software Configuration Guide—Catalyst 6500 Series, Catalyst 4000 Family, 2948G, and 2980G Switches

Troubleshooting Tips—Catalyst 5000 Family, Catalyst 4000 Family, Catalyst 2948G, Catalyst 2948G-GE-TX, and 2980G Switches

Enterprise MIB User Quick Reference (online only)

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/univercd/home/home.htm

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Ordering Documentation

You can find instructions for ordering documentation at this URL:

http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm

You can order Cisco documentation in these ways:

Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:

http://www.cisco.com/en/US/partner/ordering/index.shtml

Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 1 800 553-NETS (6387).

Documentation Feedback

You can send comments about technical documentation to bug-doc@cisco.com.

You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.

Cisco Technical Support Website

The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year, at this URL:

http://www.cisco.com/techsupport

Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do


Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support Website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.


Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447

For a complete list of Cisco TAC contacts, go to this URL:

http://www.cisco.com/techsupport/contacts

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as ordering and customer support services. Access the Cisco Product Catalog at this URL:

http://cisco.com/univercd/cc/td/doc/pcat/

Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

http://www.ciscopress.com

Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/packet

iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

World-class networking training is available from Cisco. You can view current offerings at this URL:

http://www.cisco.com/en/US/learning/index.html