Guest

Cisco Catalyst 4000 Series Switches

Release Notes for Catalyst 4000 Family Software Release 8.x

 Feedback

Table Of Contents

Release Notes for Catalyst 4500 Series Software Release 8.xGLX

Contents

System Requirements

Power Supply Requirements

Release 8.x Memory Requirements

ROMMON Requirements

Upgrading the ROMMON

Migrating a Supervisor II from a Catalyst 4006 Switch to a
Catalyst 4500 Series Switch

Product and Software Version Support Matrix

Release 8.xGLX Orderable Software Images

New Features for Supervisor Engine Software Release 8.4GLX

Hardware Features

Software Features

New Features for Supervisor Engine Software Release 8.3GLX

Hardware Features

Software Features

New Features for Supervisor Engine Software Release 8.2GLX

Hardware Features

Software Features

New Features for Supervisor Engine Software Release 8.1

Hardware Features

Software Features

Open and Resolved Caveats in Software Release 8.4(11)GLX

Open Caveats in Software Release 8.4(11)GLX

Resolved Caveats in Software Release 8.4(11)GLX

Open and Resolved Caveats in Software Release 8.4(10)GLX

Open Caveats in Software Release 8.4(10)GLX

Resolved Caveats in Software Release 8.4(10)GLX

Open and Resolved Caveats in Software Release 8.4(9)GLX

Open Caveats in Software Release 8.4(9)GLX

Resolved Caveats in Software Release 8.4(9)GLX

Open and Resolved Caveats in Software Release 8.4(8)GLX

Open Caveats in Software Release 8.4(8)GLX

Resolved Caveats in Software Release 8.4(8)GLX

Open and Resolved Caveats in Software Release 8.4(7)GLX

Open Caveats in Software Release 8.4(7)GLX

Resolved Caveats in Software Release 8.4(7)GLX

Open and Resolved Caveats in Software Release 8.4(6)GLX

Open Caveats in Software Release 8.4(6)GLX

Resolved Caveats in Software Release 8.4(6)GLX

Open and Resolved Caveats in Software Release 8.4(5)GLX

Open Caveats in Software Release 8.4(5)GLX

Resolved Caveats in Software Release 8.4(5)GLX

Open and Resolved Caveats in Software Release 8.4(4)GLX

Open Caveats in Software Release 8.4(4)GLX

Resolved Caveats in Software Release 8.4(4)GLX

Open and Resolved Caveats in Software Release 8.4(3)GLX

Open Caveats in Software Release 8.4(3)GLX

Resolved Caveats in Software Release 8.4(3)GLX

Open and Resolved Caveats in Software Release 8.4(2)GLX

Open Caveats in Software Release 8.4(2)GLX

Resolved Caveats in Software Release 8.4(2)GLX

Open and Resolved Caveats in Software Release 8.4(1)GLX

Open Caveats in Software Release 8.4(1)GLX

Resolved Caveats in Software Release 8.4(1)GLX

Open and Resolved Caveats in Software Release 8.3(2)GLX

Open Caveats in Software Release 8.3(2)GLX

Resolved Caveats in Software Release 8.3(2)GLX

Open and Resolved Caveats in Software Release 8.3(1)GLX

Open Caveats in Software Release 8.3(1)GLX

Resolved Caveats in Software Release 8.3(1) GLX

Open and Resolved Caveats in Software Release 8.1(3)

Open Caveats in Software Release 8.1(3)

Resolved Caveats in Software Release 8.1(3)

Open and Resolved Caveats in Software Release 8.2.(1)GLX

Open Caveats in Software Release 8.2.(1)GLX

Resolved Caveats in Software Release 8.2.(1)GLX

Open and Resolved Caveats in Software Release 8.1(2)

Open Caveats in Software Release 8.1(2)

Resolved Caveats in Software Release 8.1(2)

Open and Resolved Caveats in Software Release 8.1(1)

Open Caveats in Software Release 8.1(1)

Resolved Caveats in Software Release 8.1(1)

Usage Guidelines, Restrictions, and Troubleshooting

System and Supervisor Engine

Modules and Switch Ports

Spanning Tree

VTP, VLANs, and VLAN Trunks

EtherChannel

SPAN

Multicast

MIBs

Authentication, Authorization, and Accounting

Power Management and PoE

Nonembedded CiscoView

Related Documentation

Obtaining Documentation

Cisco.com

Product Documentation DVD

Ordering Documentation

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Obtaining Technical Assistance

Cisco Technical Support & Documentation Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information


Release Notes for Catalyst 4500 Series Software Release 8.xGLX


Current Release:
8.4(11 )GLX—May 3, 2006
Previous Releases:
8.4(10)GLX, 8.4(9)GLX, 8.4(8)GLX, 8.4(7)GLX, 8.4(6)GLX, 8.4(5)GLX, 8.4(4)GLX, 8.4(3)GLX, 8.4(2)GLX, 8.4(1)GLX, 8.3(2)GLX, 8.3(1)GLX, 8.1(3), 8.2(1)GLX, 8.1(2), 8.1(1)

These release notes describe the features, modifications, and caveats for Catalyst 4500 series supervisor engine software release 8.xGLX and all 8.x and 8.xGLX maintenance releases. The most current 8.x release is supervisor engine software release 8.4(10)GLX. These release notes apply to the Catalyst 4000 series and the Catalyst 4500 series switches as well as to Catalyst 2948G, 2948G-GE-TX, 4912G, and 2980G-A switches running Catalyst 4500 series supervisor engine software. We strongly recommend that you read these release notes before using your switch or upgrading your switch software.


Note For the most recent information on open caveats, see the most current version of these release notes at the following URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/relnotes/ol_4502.htm



Caution To avoid losing all or part of the configuration stored in nonvolatile RAM (NVRAM), always back up the switch configuration file before upgrading or downgrading the switch software. A software downgrade will always cause the configuration to be lost. Use the copy config tftp command to back up your configuration to a Trivial File Transfer Protocol (TFTP) server. Use the copy config flash command to back up the configuration to a Flash device.

Contents

This document consists of these sections:

System Requirements

Product and Software Version Support Matrix

Release 8.xGLX Orderable Software Images

New Features for Supervisor Engine Software Release 8.4GLX

New Features for Supervisor Engine Software Release 8.3GLX

New Features for Supervisor Engine Software Release 8.2GLX

New Features for Supervisor Engine Software Release 8.1

Open and Resolved Caveats in Software Release 8.4(11)GLX

Open and Resolved Caveats in Software Release 8.4(10)GLX

Open and Resolved Caveats in Software Release 8.4(9)GLX

Open and Resolved Caveats in Software Release 8.4(8)GLX

Open and Resolved Caveats in Software Release 8.4(7)GLX

Open and Resolved Caveats in Software Release 8.4(6)GLX

Open and Resolved Caveats in Software Release 8.4(5)GLX

Open and Resolved Caveats in Software Release 8.4(4)GLX

Open and Resolved Caveats in Software Release 8.4(3)GLX

Open and Resolved Caveats in Software Release 8.4(2)GLX

Open and Resolved Caveats in Software Release 8.4(1)GLX

Open and Resolved Caveats in Software Release 8.3(2)GLX

Open and Resolved Caveats in Software Release 8.3(1)GLX

Open and Resolved Caveats in Software Release 8.1(3)

Open and Resolved Caveats in Software Release 8.2.(1)GLX

Open and Resolved Caveats in Software Release 8.1(2)

Open and Resolved Caveats in Software Release 8.1(1)

Usage Guidelines, Restrictions, and Troubleshooting

Related Documentation

Obtaining Documentation

Obtaining Technical Assistance

System Requirements

This section describes the system requirements for the Catalyst 4500 series switches and contains the following sections:

Power Supply Requirements

Release 8.x Memory Requirements

ROMMON Requirements

Upgrading the ROMMON

Migrating a Supervisor II from a Catalyst 4006 Switch to a Catalyst 4500 Series Switch

Power Supply Requirements

The Catalyst 4003 switch support 1+1 redundant power supplies.

The Catalyst 4006 switch support 2+1 redundant power supplies.

The Catalyst 4500 series switches support 1+1 redundant power supplies.

Release 8.x Memory Requirements

The Catalyst 4500 series supervisor engine software release 8.x or 8.xGLX requires a minimum of 64-MB DRAM installed on your supervisor engine. All Supervisor Engine IIs are shipped with 64-MB DRAM.

If your Supervisor Engine I has less than 64-MB DRAM, you can add more memory by ordering the 32-MB DRAM upgrade (Cisco product number MEM-C4K-32-RAM=) for the Catalyst 4500 series Supervisor Engine I.

ROMMON Requirements

If the Boot ROM (ROMMON) loaded onto your switch is version 4.5(1) or earlier, you need to upgrade the ROMMON to at least version 5.4(1) in order to run software release 8.1 or later.

Upgrading the ROMMON

Follow these guidelines to upgrade the ROMMON on your switch:


Caution To avoid actions that might make your system unbootable, read this entire section before starting the upgrade.

You can do this procedure entirely over a Telnet connection, but if something fails, you will need to have access to the console serial port. If done improperly, the system can become unbootable. You will then have to return it to Cisco for repair.

This section describes an upgrade to ROMMON version 6.1(5). The same procedure applies to other ROMMON versions, but you will have to substitute appropriate version numbers in the upgrade image names.


Step 1 Download the promupgrade program from Cisco.com and place it on a TFTP server in a directory that is accessible from the switch to be upgraded.

The promupgrade programs are available at the same location on Cisco.com where you download Catalyst 4500 series system images.

To upgrade to ROMMON version 6.1(5), download the cat4000-promupgrade.6-1-5.bin file.

Step 2 In privileged mode on your switch, use the show version command to verify the ROMMON version loaded on the switch.

The ROMMON version number is listed as the System Bootstrap Version. For example, in the following output, the system is running ROMMON version 6.1(2):

Console> (enable) show version
WS-C4003 Software, Version NmpSW:5.5(8)
Copyright (c) 1995-2001 by Cisco Systems, Inc.
NMP S/W compiled on May 24 2001, 21:12:09
GSP S/W compiled on May 24 2001, 18:39:50

System Bootstrap Version:6.1(2)

Hardware Version:1.0  Model:WS-C4003  Serial #:xxxxxxxxx
Console > (enable)

Step 3 Use the dir bootflash: command to ensure that there is sufficient space in Flash memory to store the promupgrade image. If there is insufficient space, delete one or more images and then enter the squeeze bootflash: command to reclaim the space.

Step 4 Download the promupgrade image into Flash memory using the copy tftp command.

This example shows how to download the promupgrade image cat4000-promupgrade.6-1-5.bin from the remote host Lab_Server to bootflash:

Console> (enable) copy tftp flash
IP address or name of remote host []? Lab_Server
Name of file to copy from []? /cat4000-promupgrade.6-1-5.bin
Flash device []? bootflash
Name of file to copy to []? cat4000-promupgrade.6-1-5.bin

9205592 bytes available on device bootflash, proceed (y/n) [n]? y
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
File has been copied successfully.
Console > (enable)

Step 5 Ensure that the last line in the output of the show boot command is boot:image specified by the boot system commands.

If the last line in the output of the show boot command is not boot:image specified by the boot system commands, go to Step 6.

If the last line in the output of the show boot command is boot:image specified by the boot system commands, go to Step 7.

This example shows the autoboot configuration:

Console> (enable) show boot
BOOT variable = bootflash:cat4000.5-5-8.bin,1;
CONFIG_FILE variable = bootflash:switch.cfg

Configuration register is 0x102
ignore-config:disabled
auto-config:non-recurring
console baud:9600
boot:image specified by the boot system commands
Console > (enable)

Step 6 If the last line in the output of the show boot command is not boot:image specified by the boot system commands, use the set boot config-register command to set the boot configuration.

This example shows how to set the boot configuration:

Console > (enable) set boot config-register boot system
Configuration register is 0x102
ignore-config:disabled
auto-config:non-recurring
console baud:9600
boot:image specified by the boot system commands
Console > (enable)

Step 7 Use the set boot system flash command to prepend the promupgrade image to the boot string.


Note Make sure that you use the prepend keyword with the set boot system flash command. The switch always boots the first image in the boot string, and you want the promupgrade image to boot first.


This example shows how to prepend the promupgrade image to the boot string:

Console> (enable) set boot system flash bootflash:cat4000-promupgrade.6-1-5.bin prepend
BOOT variable = bootflash:cat4000-promupgrade.6-1-5.bin,1;bootflash:cat4000.5-5-8.bin,1;

Step 8 Reset the switch to boot the promupgrade program.


Caution No intervention is necessary to complete the upgrade. Do not interrupt the boot process by performing a reset, power cycle, OIR of the supervisor engine, etc. for at least five minutes! If the process is not allowed to complete, you may damage the switch and have to return it to Cisco for repair.

Upgrading the ROMMON may require up to five minutes because the switch boots the promupgrade image. This special program erases the current ROMMON from Flash memory and installs the new one. After installing the new ROMMON, the system resets again and boots the next image in the BOOT string. If the BOOT string was configured as described in Step 7, the next image is the software image that the switch was originally configured to boot.


Note A Telnet session is disconnected when you reset the switch; you will lose connectivity to the switch for some time.


If you are connected to the console serial port, output similar to the following is displayed after you reset the switch:

0:00.530901:ig0:00:10:7b:aa:d3:fe is 172.20.59.203
0:00.531660:netmask:255.255.255.0
0:00.532030:broadcast:172.20.59.255
0:00.532390:gateway:172.20.59.1
WS-X4012 bootrom version 6.1(2), built on 2000.04.03 15:20:09
H/W Revisions:Meteor:2 Comet:8 Board:1
Supervisor MAC addresses:00:10:7b:aa:d0:00 through 00:10:7b:aa:d3:ff (1024 addresses)
Installed memory:64 MB
Testing LEDs.... done!
The system will autoboot in 5 seconds.
Type control-C to prevent autobooting.
rommon 1 >
The system will now begin autobooting.
Autobooting image:
"bootflash:cat4000-promupgrade.6-1-5.bin"

CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC#############################
Replacing ROM version 6.1(2) with version 6.1(5)

Upgrading your PROM... DO NOT RESET the system
unless instructed or it may NOT be bootable!!!
Beginning erase of 524288 bytes at offset 0x0... Done!
Beginning write of system prom (467456 bytes at offset 0x0)...
This could take as little as 10 seconds or up to 2 minutes.
Please DO NOT RESET!

*******************************************

Success!
System will reset in 2 seconds...
[ ... ]

The switch reboots back into the online software:

0:00.530856:ig0:00:10:7b:aa:d3:fe is 172.20.59.203
0:00.531616:netmask:255.255.255.0
0:00.531967:broadcast:172.20.59.255
0:00.532342:gateway:172.20.59.1
WS-X4012 bootrom version 6.1(5), built on 2000.04.08 15:20:09
H/W Revisions:Meteor:2 Comet:8 Board:1
Supervisor MAC addresses:00:10:7b:aa:d0:00 through 00:10:7b:aa:d3:ff (1024 addresses)
Installed memory:64 MB
Testing LEDs.... done!
The system will autoboot in 5 seconds.
Type control-C to prevent autobooting.
rommon 1 >
The system will now begin autobooting.
Autobooting image:"bootflash:cat4000.5-5-8.bin"

CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCC#####################################

Step 9 In privileged mode on your switch, use the show version command to verify that the new ROMMON version is running on the switch.

The ROMMON version number is listed as the System Bootstrap Version. For example, the following system is running ROMMON version 6.1(5):

Console> (enable) show version
WS-C4003 Software, Version NmpSW:5.5(8)
Copyright (c) 1995-2001 by Cisco Systems, Inc.
NMP S/W compiled on May 24 2001, 21:12:09
GSP S/W compiled on May 24 2001, 18:39:50

System Bootstrap Version:6.1(5)

Hardware Version:1.0  Model:WS-C4003  Serial #:xxxxxxxxx

.

.
.
Console > (enable)


Caution When entering the clear boot system flash cat.4000-promupgrade.6-1-5.bin command, be sure to type the correct promupgrade image in the command syntax. If you enter only clear boot system flash, all images in the autoboot string are cleared, and the switch will not know which image to boot.

Step 10 Use the clear boot system flash promupgrade_image command to remove the promupgrade program from the autoboot string.

This example shows how to remove the promupgrade image cat.4000-promupgrade.6-1-5.bin from the boot sequence. Notice that the response message shows the system image for software release 5.5(8) in the autoboot string.

Console> (enable) clear boot system flash bootflash:cat4000-promupgrade.6-1-5.bin
BOOT variable = bootflash:cat4000.5-5-8.bin,1;

Step 11 Use the del command to delete the promupgrade program from the Flash memory and squeeze the Flash memory to reclaim unused space.

This example shows how to delete the promupgrade image cat.4000-promupgrade.6-1-5.bin from the Flash memory and reclaim unused space.

Console> (enable) del bootflash:cat4000-promupgrade.6-1-5.bin
Console> (enable) squeeze bootflash:

All deleted files will be removed, proceed (y/n) [n]? y

Squeeze operation may take some time, proceed (y/n) [n]? y
Console > (enable)

Step 12 After removing the promupgrade image from the BOOT string, use the show boot command to verify that the BOOT string is set correctly.


Migrating a Supervisor II from a Catalyst 4006 Switch to a
Catalyst 4500 Series Switch

If you are migrating your Supervisor Engine II from a Catalyst 4006 switch to a Catalyst 4503 or 4506 switch, you can avoid any issues by saving your configuration and reloading the configuration file once the supervisor engine has been inserted into the Catalyst 4500 series chassis.

The Catalyst 4500 series switches requires release 7.4(1) or later releases. If your Supervisor Engine II is running release 7.3(2) or earlier releases, upgrade the software to release 7.4(1) or a later release before migrating you supervisor engine to a Catalyst 4500 series chassis.


Caution If you attempt to boot a Supervisor Engine II running release 7.3(2) or an earlier in a Catalyst 4500 series chassis, the switch will continuously reboot.

If the switch continuously reboots, you will need to do one of the following:

Reinsert the supervisor engine into the Catalyst 4006 switch and load software release 7.4(1) or a later release, and then migrate the supervisor engine to the Catalyst 4500 series chassis.

Access ROMMON mode while the supervisor engine is in the Catalyst 4500 series switch and load the 7.4(1) image from ROMMON. For more information, refer to the following Cisco TAC document: http://www.cisco.com/warp/public/473/26.html

One big difference between the Catalyst 4006 switch and the Catalyst 4500 series switches is the number of MAC addresses. The Catalyst 4006 switch has 1024 MAC addresses that can be used as bridge identifiers; the Catalyst 4500 series switches have 64 MAC addresses. MAC address reduction is always enabled on the Catalyst 4500 series switches; however, it may or may not be enabled on the Catalyst 4006 switch. This might affect the selection of the root bridge after you migrate your supervisor engine. Here are two scenarios to consider:

The Catalyst 4006 switch is not a root switch

In this case, the spanning tree topology will not change. If you add to the network a Catalyst 4500 series switch with MAC reduction enabled and its default spanning tree bridge ID priority set to 32,768, the bridge ID priority of the new switch becomes the bridge ID priority that is added to a system  ID extension. The system  ID extension is the VLAN number and can range from 1 to 4094. If the switch is in VLAN 1, the new bridge ID priority will be 32,769. Because 32,769 is greater than 32,768, this switch cannot become the root switch and poses no problems.

The Catalyst 4006 is a root switch

In this case, the spanning tree topology may change. If the other switches in the network are not running MAC-reduction, then the topology will change after you replace the chassis with a Catalyst 4500 series switch. The bridge ID priority of the new Catalyst 4500 series switch increments in the same manner as in the previous scenario (bridge ID priority + VLAN number). Therefore, if the switch is in VLAN 1, the new bridge ID will be 32,769. Since 32,769 is greater than 32,768, this switch cannot become the root switch. The network designates a new root switch; the spanning tree topology also changes to reflect the new root switch.

If the bridge priority of the Catalyst 4006 has been lowered administratively and you use the same configuration in the new Catalyst 4500 series switch, then the switch remains the root switch and the spanning tree topology does not change.

Before migrating your supervisor engine from a Catalyst 4006 switch to a Catalyst 4503 or 4506 switch, make sure that the supervisor engine is running software release 7.4(1) or later. If your switch is running software release 7.3(2) or an earlier release, upgrade to software release 7.4(1) or a later release. For more information on upgrading your software, refer to Chapter 23, "Working with System Software Images," in the Software Configuration Guide. To safely migrate your supervisor engine from a Catalyst 4006 switch to a Catalyst 4503 or 4506 switch, perform this task:

 
Task
Command

Step 1 

Change the nondefault configuration mode to text and specify the configuration file to use at boot up.

set config mode text bootflash:switch.cfg

Step 2 

Save the current nondefault configuration to NVRAM.

write memory

Step 3 

Save the configuration on the Catalyst 4006 switch.

copy config flash

Step 4 

Remove the supervisor engine from the Catalyst 4006 switch and insert it into the Catalyst 4500 series switch.

 

Step 5 

Clear the current configuration.

clear config all

Step 6 

Load the saved configuration.

configure bootflash:switch.cfg

Step 7 

If you have only one power supply in your Catalyst 4506 switch, set the power budget to 1.

set power budget 1

Product and Software Version Support Matrix

This section contains configuration matrixes to help you order Catalyst 4500 series products. Table 1 lists the minimum supervisor engine software version and the current recommended supervisor engine software version for Catalyst 4500 series modules and chassis.

Table 1 Product and Supervisor Engine Software Version Matrix 

Product Number
(append with "=" indicates spares)
Product Description
Minimum Supervisor Engine Software Version
Recommended Supervisor Engine Software Version
Supervisor Engine

WS-X4012

Catalyst 4500 series Supervisor Engine I module

4.5(8)

8.4(10)GLX

WS-X4013

Catalyst 4500 series Supervisor Engine II, 2 GBIC ports, Console port (RJ-45), Management Port (RJ-45)

5.4(2) for Catalyst 4000 series chassis

7.4(1) for Catalyst 4500 series chassis

8.4(10)GLX

Ethernet, Fast Ethernet, and Gigabit Ethernet

WS-X4148-FE-LX-MT

48-port MT-RJ 100BASE-LX switching module

8.1(1)

8.4(10)GLX

WS-X4302-GB

2-port 1000BASE-X (GBIC) Gigabit Ethernet

8.1(1)

8.4(10)GLX

WS-X4148-RJ

48-port 10/100 Fast Ethernet RJ-45

4.5(8)

8.4(10)GLX

WS-X4232-GB-RJ

32-port 10/100 Fast Ethernet RJ-45, plus 2-port 1000BASE-X (GBIC) Gigabit Ethernet

WS-X4232-L3

32-port 10/100 Fast Ethernet RJ-45 plus 2 full-duplex 1000BASE-X (GBIC) Gigabit Ethernet Layer 3 module

5.5(1)

8.4(10)GLX

WS-X4148-RJ45V

48-port Power over Ethernet (PoE) [inline power] 10/100BASE-TX switching module

6.1(1)

8.4(10)GLX

WS-X4232-RJ-XX

32-port 10/100 Fast Ethernet RJ-45

5.1(1)

8.4(10)GLX

WS-X4306-GB

6-port 1000BASE-X (GBIC) Gigabit Ethernet

4.5(8)

8.4(10)GLX

WS-X4418-GB

18-port 1000BASE-X (GBIC) Gigabit Ethernet switching module

4.5(8)

8.4(10)GLX

WS-X4412-2GB-T

12-port 1000BASE-T Gigabit Ethernet switching module

5.4(2)

8.4(10)GLX

WS-X4124-FX-MT

24-port 100BASE-FX Fast Ethernet switching module

5.4(2)

8.4(10)GLX

WS-X4148-RJ21

48-port 10/100-Mbps Fast Ethernet switching module

5.4(2)

8.4(10)GLX

WS-X4148-FX-MT

48-port 100BASE-FX Fast Ethernet switching module

6.2(1)

8.4(10)GLX

WS-X4424-GB-RJ45

24-port 10/100/1000BASE-T Gigabit Ethernet switching module

6.3(1)

8.4(10)GLX

WS-X4448-GB-LX

48-port 1000BASE-LX (SFP included) Gigabit Ethernet switching module

6.3(1)

8.4(10)GLX

WS-X4448-GB-RJ45

48-port 10/100/1000 BASE-T Gigabit Ethernet switching module

7.1(1a)

8.4(10)GLX

WS-X4248-RJ45V

48-port PoE 10/100BASE-TX switching module

8.3(1)GLX

8.4(10)GLX

WS-X4248-RJ21V

48-port PoE 10/100 BASE-TX switching module

8.3(1)GLX

8.4(10)GLX

WS-X4548-GB-RJ45V

48-port PoE 10/100/1000BASE-T switching module

8.3(1)GLX

8.4(10)GLX

WS-X4548-GB-RJ45

48-port Gigabit Ethernet 10/100/1000BASE-T switching module

8.1(2)

8.4(10)GLX

Uplink Modules

WS-U4504-FX-MT

4-port 100BASE-FX MT-RJ

5.1(1)

8.4(10)GLX

Gigabit Interface Converters (GBICs) Supported on the Catalyst 4000 Series and 4500 Series Switches

WS-G5484=

1000BASE-SX GBIC

4.5(8)

8.4(10)GLX

WS-G5486=

1000BASE-LX/LH GBIC

WS-G5487=

1000BASE-ZX GBIC

4.5(8)

8.4(10)GLX

WS-G5483=

1000BASE-T GBIC

7.2(1)

8.4(10)GLX

CWDM-GBIC-1470=

1000BASE-CWDM GBIC 1470nm Gray

7.2(1)

8.4(10)GLX

CWDM-GBIC-1490=

1000BASE-CWDM GBIC 1490nm Violet

7.2(1)

8.4(10)GLX

CWDM-GBIC-1510=

1000BASE-CWDM GBIC 1510nm Blue

7.2(1)

8.4(10)GLX

CWDM-GBIC-1530=

1000BASE-CWDM GBIC 1530nm Green

7.2(1)

8.4(10)GLX

CWDM-GBIC-1550=

1000BASE-CWDM GBIC 1550nm Yellow

7.2(1)

8.3(2)

CWDM-GBIC-1570=

1000BASE-CWDM GBIC 1570nm Orange

7.2(1)

8.3(2)

CWDM-GBIC-1590=

1000BASE-CWDM GBIC 1590nm Red

7.2(1)

8.3(2)

CWDM-GBIC-1610=

1000BASE-CWDM GBIC 1610nm Brown

7.2(1)

8.3(2)

Small Form-factor Pluggable (SFP) GBICs Supported on the Catalyst 2948G-GE-TX Switch

GLC-SX-MM=

1000BASE-SX short wavelength SFP

8.2(1)GLX

8.3(2)

GLC-LH-SM=

1000BASE-LH long wavelength/long haul SFP

GLC-ZX-SM=

1000BASE-ZX extended distance SFP

8.2(1)GLX

8.3(2)

GLC-T=

1000BASE-T SFP

8.2(1)GLX

8.3(2)

CWDM-SFP-1470=

CWDM SFP 1470 nm, Gigabit Ethernet and 1G/2G FC

8.2(1)GLX

8.3(2)

CWDM-SFP-1490=

CWDM SFP 1490 nm, Gigabit Ethernet and 1G/2G FC

8.2(1)GLX

8.3(2)

CWDM-SFP-1510=

CWDM SFP 1510 nm, Gigabit Ethernet and 1G/2G FC

8.2(1)GLX

8.3(2)

CWDM-SFP-1530=

CWDM SFP 1530 nm, Gigabit Ethernet and 1G/2G FC

8.2(1)GLX

8.3(2)

CWDM-SFP-1550=

CWDM SFP 1550 nm, Gigabit Ethernet and 1G/2G FC

8.2(1)GLX

8.3(2)

CWDM-SFP-1570=

CWDM SFP 1570 nm, Gigabit Ethernet and 1G/2G FC

8.2(1)GLX

8.3(2)

CWDM-SFP-1590=

CWDM SFP 1590 nm, Gigabit Ethernet and 1G/2G FC

8.2(1)GLX

8.3(2)

CWDM-SFP-1610=

CWDM SFP 1610 nm, Gigabit Ethernet and 1G/2G FC

8.2(1)GLX

8.3(2)

Modular Chassis

WS-C4003-S1

Catalyst 4003 chassis (3-slot)

4.5(8))

8.3(2)

WS-C4006-S2

Catalyst 4006 chassis (6-slot)

5.4(2)

8.3(2)

WS-C4503

Catalyst 4503 chassis (3-slot), fan, no power supply

7.4(1)

8.3(2)

WS-C4506

Catalyst 4506 chassis (6-slot), fan, no power supply

7.4(1)

8.3(2)

Fixed-Configuration Chassis

WS-C2948G

Catalyst 2948G with 2 1000BASE-X (GBIC) Gigabit Ethernet uplinks and 48 10/100 Fast Ethernet ports

4.5(8)

8.3(2)

WS-C2948G-GE-TX

Catalyst 2948G with 48 10/100/1000 Gigabit Ethernet ports and 4 SFP ports

8.2(1)GLX

8.3(2)

WS-C4912G

Catalyst 4912G with 12 1000BASE-X (GBIC) Gigabit Ethernet ports

4.5(8)

8.3(2)

WS-C2980G

Catalyst 2980G with 80 10/100 Fast Ethernet ports and 2 1000BASE-X ports

5.4(2)

8.3(2)

WS-C2980G-A

Catalyst 2980G-A with 80 10/100 Fast Ethernet ports and two 1000BASE-X ports

6.1(1)

8.3(2)

Power Supplies

WS-X4008=

400 W AC power supply for Catalyst 4000 series chassis

4.5(8)

8.3(2)

WS-X4008-DC=

400 W DC power supply for Catalyst 4000 series chassis

4.5(8)

8.3(2)

PWR-C45-1000AC=

1000 W AC power supply for Catalyst 4500 series chassis (data only)

7.4(1)

8.3(2)

PWR-C45-1000AC/2=

1000 W AC power supply for Catalyst 4500 series chassis, redundant (data only)

7.4(1)

8.3(2)

PWR-C45-1300ACV=

1300 W AC power supply with integrated PoE for Catalyst 4500 series chassis

7.5(1)

8.3(2)

PWR-C45-1300ACV/2=

1300 W AC power supply with integrated PoE for Catalyst 4500 series chassis

7.5(1)

8.3(2)

PWR-C45-1400DCV=

1400 W DC power supply with integrated PEM for Catalyst 4500 series chassis

7.5(1)

8.3(2)

PWR-C45-1400DCV/2=

1400 W DC power supply with integrated PEM for Catalyst 4500 series chassis, Redundant

7.5(1)

8.3(2)

PWR-C45-2800ACV=

2800 W AC power supply with integrated PoE for Catalyst 4500 series chassis

7.4(1)

8.3(2)

PWR-C45-2800ACV/2=

2800 W AC power supply with integrated PoE for Catalyst 4500 series chassis, redundant

7.4(1)

8.3(2)

PWR600-AC-RPS-CAB

600 W redundant AC power system for the Catalyst 2948G and 4912G switches

4.5(8)

8.3(2)

PWR300-AC-RPS-N1

300 W redundant AC power system for the Catalyst 2980G-A switch

6.1(1)

8.3(2)

PWR675-AC-RPS-N1

675 W redundant AC power supply for the Catalyst 2980G-A and 2948G-GE-TX switches

6.1(1)

8.3(2)


Release 8.xGLX Orderable Software Images

Table 2 lists the software versions and applicable ordering information for Catalyst 4500 series supervisor engine software release 8.xGLX.

Table 2 Software Release 8.xGLX Orderable Software Image Matrix 

Software Version
Filename
Orderable Product Number
Flash Memory on System
Orderable Product Number
Spare Upgrade (Floppy Media)
Supervisor Engine I and II

8.4(11)GLX Secure Shell

cat4000-k9.8-4-11-GLX.bin

SC4K-SUPK9-8.4.11X

SC4K-SUPK9-8.4X=

8.4(11)GLX

cat4000-k8.8-4-11-GLX.bin

SC4K-SUPK8-8.4.11X

SC4K-SUPK8-8.4X=

8.4(10)GLX Secure Shell

cat4000-k9.8-4-10-GLX.bin

SC4K-SUPK9-8.4.10X

SC4K-SUPK9-8.4X=

8.4(10)GLX

cat4000-k8.8-4-10-GLX.bin

SC4K-SUPK8-8.4.10X

SC4K-SUPK8-8.4X=

8.4(9)GLX Secure Shell

cat4000-k9.8-4-9-GLX.bin

SC4K-SUPK9-8.4.9X

SC4K-SUPK9-8.4X=

8.4(9)GLX

cat4000-k8.8-4-9-GLX.bin

SC4K-SUPK8-8.4.9X

SC4K-SUPK8-8.4X=

8.4(8)GLX Secure Shell

cat4000-k9.8-4-8-GLX.bin

SC4K-SUPK9-8.4.8X

SC4K-SUPK9-8.4X=

8.4(8)GLX

cat4000-k8.8-4-8-GLX.bin

SC4K-SUPK8-8.4.8X

SC4K-SUPK8-8.4X=

8.4(7)GLX Secure Shell

cat4000-k9.8-4-7-GLX.bin

SC4K-SUPK9-8.4.7X

SC4K-SUPK9-8.4X=

8.4(7)GLX

cat4000-k8.8-4-7-GLX.bin

SC4K-SUPK8-8.4.7X

SC4K-SUPK8-8.4X=

8.4(6)GLX Secure Shell

cat4000-k9.8-4-6-GLX.bin

SC4K-SUPK9-8.4.6X

SC4K-SUPK9-8.4X=

8.4(6)GLX

cat4000-k8.8-4-6-GLX.bin

SC4K-SUPK8-8.4.6X

SC4K-SUPK8-8.4X=

8.4(5)GLX Secure Shell

cat4000-k9.8-4-5-GLX.bin

SC4K-SUPK9-8.4.5X

SC4K-SUPK9-8.4X=

8.4(5)GLX

cat4000-k8.8-4-5-GLX.bin

SC4K-SUPK8-8.4.5X

SC4K-SUPK8-8.4X=

8.4(4)GLX Secure Shell

cat4000-k9.8-4-4-GLX.bin

SC4K-SUPK9-8.4.4X

SC4K-SUPK9-8.4X=

8.4(4)GLX

cat4000-k8.8-4-4-GLX.bin

SC4K-SUPK8-8.4.4X

SC4K-SUPK8-8.4X=

8.4(3)GLX Secure Shell

cat4000-k9.8-4-3-GLX.bin

SC4K-SUPK9-8.4.3X

SC4K-SUPK9-8.4X=

8.4(3)GLX

cat4000-k8.8-4-3-GLX.bin

SC4K-SUPK8-8.4.3X

SC4K-SUPK8-8.4X=

8.4(2)GLX Secure Shell

cat4000-k9.8-4-2-GLX.bin

SC4K-SUPK9-8.4.2X

SC4K-SUPK9-8.4X=

8.4(2)GLX

cat4000-k8.8-4-2-GLX.bin

SC4K-SUPK8-8.4.2X

SC4K-SUPK8-8.4X=

8.4(1)GLX Secure Shell

cat4000-k9.8-4-1-GLX.bin

SC4K-SUPK9-8.4.1X

SC4K-SUPK9-8.4X=

8.4(1)CiscoView GLX

cat4000-cv.8-4-1-GLX.bin

SC4K-SCVK-8.4.1X

SC4K-SCVK8-8.4X=

8.4(1)GLX

cat4000-k8.8-4-1-GLX.bin

SC4K-SUPK8-8.4.1X

SC4K-SUPK8-8.4X=

8.3(2)GLX Secure Shell

cat4000-k9.8-3-2-GLX.bin

SC4K-SUPK9-8.3.2X

SC4K-SUPK9-8.3.2X=

8.3(2)CiscoView GLX

cat4000-cv.8-3-2-GLX.bin

SC4K-SCVK-8.3.2X

SC4K-SCVK-8.3.2X=

8.3(2)GLX

cat4000-k8.8-3-2-GLX.bin

SC4K-SUPK8-8.3.2X

SC4K-SUPK8-8.3.2X=

8.3(1)GLX Secure Shell

cat4000-k9.8-3-1-GLX.bin

SC4K-SUPK9-8.3.1X

SC4K-SUPK9-8.3.1X=

8.3(1)CiscoView GLX

cat4000-cv.8-3-1-GLX.bin

SC4K-SCVK-8.3.1X

SC4K-SCVK-8.3.1X=

8.3(1)GLX

cat4000-k8.8-3-1-GLX.bin

SC4K-SUPK8-8.3.1X

SC4K-SUPK8-8.3.1X=

8.2(1)GLX Secure Shell

cat4000-k9.8-2-1-GLX.bin

SC4K-SUPK9-8.2.1X

SC4K-SUPK9-8.2.1X=

8.2(1)CiscoView GLX

cat4000-cv.8-2-1-GLX.bin

SC4K-SCVK-8.2.1X

SC4K-SCVK-8.2.1X=

8.2(1)GLX

cat4000-k8.8-2-1-GLX.bin

SC4K-SUPK8-8.2.1X

SC4K-SUPK8-8.2.1X=

8.1(3)CiscoView

cat4000-cv.8-1-3.bin

SC4K-SUPCV-8.1.3

SC4K-SUPCV-8.1.3=

8.1(3)

cat4000-k8.8-1-3.bin

SC4K-SUPK8-8.1.3

SC4K-SUPK8-8.1.3=

8.1(2)CiscoView

cat4000-cv.8-1-2.bin

SC4K-SUPCV-8.1.2

SC4K-SUPCV-8.1.2=

8.1(2)

cat4000-k8.8-1-2.bin

SC4K-SUPK8-8.1.2

SC4K-SUPK8-8.1.2=

8.1(1) Secure Shell

cat4000-k9.8-1-1.bin

SC4k-SUPK9-8.1.1

SC4K-SUPK9-8.1.1=

8.1(1)Cisco View1

cat4000-cv.8-1-1.bin

SC4K-SUPCV-8.1.1

SC4K-SUPCV-8.1.1=

8.1(1)

cat4000-k8.8-1-1.bin

SC4K-SUPK8-8.1.1

SC4K-SUPK8-8.1.1=

1 The CiscoView application software in the CiscoView 8.1(1) image for the Catalyst 4500 series switch supports hardware and software features introduced in software releases 8.1(1).


New Features for Supervisor Engine Software Release 8.4GLX

This section describes the new hardware and software features available in software release 8.4GLX.

Hardware Features

There are no new hardware features to release 8.4GLX:

Software Features

The following software features are new to release 8.4GLX:

IEEE802.3af PoE enhancement

Enhances PoE support for Cisco 802.3af-compliant PoE switching modules.

802.1X Guest VLAN

Introduces 802.1X Guest VLAN support.

Support for the following new and enhanced MIBs:

POWER-ETHERNET-MIB

CISCO-POWER-ETHERNET-EXT-MIB

New Features for Supervisor Engine Software Release 8.3GLX

This section describes the new hardware and software features available in software release 8.3GLX.

Hardware Features

The following hardware feature is new to release 8.3GLX:

48-port PoE 10/100BASE-TX switching module (WS-X4248-RJ45V)

48-port PoE 10/100 BASE-TX switching module (WS-X4248-RJ21V)

48-port PoE 10/100/1000BASE-T switching module (WS-X4548-GB-RJ45V)

Software Features

The following software features are new to release 8.3GLX:

IEEE802.3af PoE support

Introduces PoE support for Cisco 802.3af-compliant PoE switching modules

New Features for Supervisor Engine Software Release 8.2GLX

This section describes the new hardware and software features available in software release 8.2GLX.

Hardware Features

The following hardware feature is new to release 8.2GLX:

Catalyst 2948G-GE-TX fixed configuration switch (WS-C2948G-GE-TX)

Software Features

No new software features have been added to software release 8.2GLX.

New Features for Supervisor Engine Software Release 8.1

This section describes the new hardware and software features available in software release 8.1.

Hardware Features

The following hardware features that are new to release 8.1:

48-port Gigabit Ethernet 10/100/1000BASE-T switching module (WS-X4548-GB-RJ45)

48-port MT-RJ 100BASE-LX switching module (WS-X4148-FE-LX-MT)

2-port 1000BASE-X GBIC (WS-X4302-GB)

Software Features

The following software features are new to release 8.1:

Pipe command

Introduces a UNIX style output piping functionality to the Catalyst software. This feature enables you to pipe the output of a command, such as show port, to another command for post-processing.

Increased number of command aliases

Use the set alias command to define up to 100 command aliases (shorthand versions of commands) for frequently used or long and complex commands.

New debug Command

The set diagnostics runtime command was added to manually enable or disable the troubleshooting feature on the switch.

Clear counters per port

The all keyword was added to the clear counters command to clear all counters that are stored in memory.

VTP version 3

VTP version 3 differs from earlier VTP versions in that it does not directly handle VLANs. VTP version 3 is a protocol that is only responsible for distributing a list of opaque databases over an administrative domain. When enabled, VTP version 3 provides the following enhancements to previous VTP versions:

Support for extended VLANs.

Support for the creation and advertising of private VLANs.

Improved server authentication.

Protection from the "wrong" database accidentally being inserted into a VTP domain.

Interaction with VTP version 1 and VTP version 2.

Ability to be configured on a per-port basis.

IEEE Enhanced Voice PoE support

The set port inline command was enhanced to allow customers to statically preallocate PoE on individual ports and to configure the maximum allowed power consumption on individual ports.

Support for the following new and enhanced MIBs:

ENTITY-MIB

CISCO-VTP-MIB

CISCO-PAE-MIB

Open and Resolved Caveats in Software Release 8.4(11)GLX

The following sections describe the open and resolved caveats in supervisor engine software release 8.4(11)GLX:

Open Caveats in Software Release 8.4(11)GLX

Resolved Caveats in Software Release 8.4(11)GLX

Open Caveats in Software Release 8.4(11)GLX

There are no open caveats in software release 8.4(11)GLX.

Resolved Caveats in Software Release 8.4(11)GLX

These caveats are resolved in software release 8.4(11)GLX:

Your Catalyst 4500 switch running the CatOS 8.4(9)GLX crypto image might unexpectedly reload. This problem is resolved in software release 8.4(10)GLX. (CSCsd16447)

When authentication fails, IEEE 802.1x Accounting Stop displays an invalid Acct-Session-Id.

Workaround: Reboot your switch and successfully authenticate. This problem is resolved in software release 8.4(10)GLX. (CSCsd53925)

In rare cases, a Catalyst 4500 Supervisor Engine II might crash as a result of a memory allocation failure. This problem is resolved in software release 8.4(10)GLX. (CSCsc77878)

In Rapid PVST+ mode, BPDUs might be sent with an incorrect age (1/256 of a second, instead of 1 second). This problem is resolved in software release 8.4(10)GLX. (CSCsc77642)

Open and Resolved Caveats in Software Release 8.4(10)GLX

The following sections describe the open and resolved caveats in supervisor engine software release 8.4(10)GLX:

Open Caveats in Software Release 8.4(10)GLX

Resolved Caveats in Software Release 8.4(10)GLX

Open Caveats in Software Release 8.4(10)GLX

These caveats are open in software release 8.4(10)GLX.

The primary and secondary associations are not saved in the configuration.

Workaround: You need to map a switch port to the association using the set pvlan primary_vlan {isolated_vlan | community_vlan} mod/port command. (CSCsc02772)

Resolved Caveats in Software Release 8.4(10)GLX

These caveats are resolved in software release 8.4(10)GLX:

A Catalyst 4500 series switch may reload when subjected to a series of malformed TCP packets. This condition does not always occur. This problem is resolved in software release 8.4(10)GLX. (CSCei60083)

Periodically, a traceroute does not time out even though the route to the server is several hops away and there is a very large hop value. This problem is resolved in software release 8.4(10)GLX. (CSCsc30072)

When a WS-C2948G-GE-TX is configured in text mode, any changes to the Etherchannel configuration are not saved and the configuration reverts to the default after a reload. This problem is resolved in software release 8.4(10)GLX. (CSCsd13834)

Open and Resolved Caveats in Software Release 8.4(9)GLX

The following sections describe the open and resolved caveats in supervisor engine software release 8.4(9)GLX:

Open Caveats in Software Release 8.4(9)GLX

Resolved Caveats in Software Release 8.4(9)GLX

Open Caveats in Software Release 8.4(9)GLX

There are no open caveats in software release 8.4(9)GLX.

Resolved Caveats in Software Release 8.4(9)GLX

These caveats are resolved in software release 8.4(9)GLX:

A Catalyst 4003 or 4006 switch with a Supervisor Engine I or II running release 8.4(8)GLX or later may reload spontaneously after bootup. This problem is resolved in software release 8.4(9)GLX. (CSCsb85941)

Open and Resolved Caveats in Software Release 8.4(8)GLX

The following sections describe the open and resolved caveats in supervisor engine software release 8.4(8)GLX:

Open Caveats in Software Release 8.4(8)GLX

Open Caveats in Software Release 8.4(8)GLX

Open Caveats in Software Release 8.4(8)GLX

There are no open caveats in software release 8.4(8)GLX.

Resolved Caveats in Software Release 8.4(8)GLX

These caveats are resolved in software release 8.4(8)GLX:

The time stamp displayed using the show cam notification history command reflects the SNMP sysUptime. The uptime is displayed as the number of 10 ms increments that have occurred since the system came up. This representation is difficult for the user to decipher within a CLI. This problem is resolved in software release 8.4(8)GLX. (CSCef96946)

The 802.1X authentication state might be disturbed if the "multi-host" option is enabled and a second host sends an EAPOL frame.

Workaround: Use the "multi-auth" mode or make sure that only one device on the port sends an EAPOL frame. This problem is resolved in software release 8.4(8)GLX. (CSCeh24189)

With 802.1X, an EAPOL logoff does not clear the EAPOL-capable flag of a port when it receives the EAPOL logoff packet from an IP phone or supplicant. This problem is resolved in software release 8.4(8)GLX. (CSCeh65263)

When an indirect failure is introduced in the spanning tree topology causing the message age timer to expire on the edge switches, UplinkFast does not get triggered if loop guard is configured. This problem is resolved in software release 8.4(8)GLX. (CSCeh19259)

Netstat TCP displays negative values. This problem is resolved in software release 8.4(8)GLX. (CSCei21068)

Open and Resolved Caveats in Software Release 8.4(7)GLX

The following sections describe the open and resolved caveats in supervisor engine software release 8.4(7)GLX:

Open Caveats in Software Release 8.4(7)GLX

Resolved Caveats in Software Release 8.4(7)GLX

Open Caveats in Software Release 8.4(7)GLX

There are no open caveats in software release 8.4(7)GLX.

Resolved Caveats in Software Release 8.4(7)GLX

These caveats are resolved in software release 8.4(7)GLX:

A Catalyst 4000 switch with a Supervisor Engine II (WS-X4013) may experience high cpu on the "Packet Forwarding" process after you upgrade your software from software release 6.4(15), 7.6(11), or 8.4(5)GLX.

Workaround: There is no workaround. This problem is resolved in software release 8.4(7)GLX. (CSCeh26223)

Under rare conditions, a WS-X4248-RJ45V card in a Catalyst 4000 with a Supervisor Engine II running 8.3(2) may stop providing inline power and print following message:

%SYS-4-P2_WARN: 1/Internal Error: PimEthAutoNegotiator - Can't power on port x/y

Workaround: Reset the line card with the reset command to restore inline power functionality. This problem is resolved in software release 8.4(7)GLX. (CSCeg40381)

Some switches containing WS-X4232-GB-RJ or WS-X4148-RJ cards can have ports that experience throughput down problems.

Workaround: Reconfigure speed setting on the problem port using the set port speed command. This problem is resolved in software release 8.4(7)GLX. (CSCeh46535)

In Some circumstance, VTP pruning on a Catalyst 4500 switch running the Catalyst operating system will incorrectly prune some VLANs. The issue only occurs when the spanning-tree mode is set to `MST'.

Workaround: Disable VTP pruning using the set vtp pruning command or to move to spanning-tree PVST. This problem is resolved in software release 8.4(7)GLX. (CSCeh66681)

Open and Resolved Caveats in Software Release 8.4(6)GLX

The following sections describe the open and resolved caveats in supervisor engine software release 8.4(6)GLX:

Open Caveats in Software Release 8.4(6)GLX

Resolved Caveats in Software Release 8.4(6)GLX

Open Caveats in Software Release 8.4(6)GLX

There are no open caveats in software release 8.4(6)GLX.

Resolved Caveats in Software Release 8.4(6)GLX

These caveats are resolved in software release 8.4(6)GLX:

You may see an non-existant VLAN on Catalyst 2980G switch ports that are configured with port security using extended VLAN ranges and protocol filtering. You can verify the configuration using the show cam static command.

This problem is resolved in software release 8.4(6)GLX. (CSCsa59237)

Open and Resolved Caveats in Software Release 8.4(5)GLX

The following sections describe the open and resolved caveats in supervisor engine software release 8.4(5)GLX:

Open Caveats in Software Release 8.4(5)GLX

Resolved Caveats in Software Release 8.4(5)GLX

Open Caveats in Software Release 8.4(5)GLX

There are no open caveats in software release 8.4(5)GLX.

Resolved Caveats in Software Release 8.4(5)GLX

These caveats are resolved in software release 8.4(5)GLX:

When a Cisco or IEEE phone is connected to WS-X4548-GBRJ45V ports, the phone is discovered and the required amount of power is applied; however, the link may not come up when operating in 10/100/1000 autonegotiating mode.

Workaround:Configure the port speed to either 10 or 100 based on the connected phone. This problem is resolved in software release 8.4(5)GLX. (CSCin84510)

In rare conditions Dot1x authenitication may cause a switch to reset. This problem is resolved in software release 8.4(5)GLX. (CSCeg36465)

When a Catalyst 4503 chassis with WS-X4013 Supervisor modules system receives VRID 57 or 121 VRRP(Virtual Router Redundancy Protocol) advertisements from two or more ports, the Rcv/Xmit Multicast advertisements are multiplied inside the supervisor modules.

Workaround: There is no workaround. This problem is resolved in software release 8.4(5)GLX. (CSCef64285)

The switch comes on-line with one of the following lines in the configuration for ports whose port costs were not changed. You can deteremine which ports were not changed by entering the show config command.

set spantree portinstancecost 2/1 cost 19999 mst 
OR 
set spantree portinstancecost 2/48 cost -1 mst 

Workaround: Upgrading to a new release will not remove the lines automatically. Complete the following to remove the lines:

Back up your current config

Boot with a new image which has the fix

Clear config all

Copy only the correct configurations back to your config

This problem is resolved in software release 8.4(5)GLX. (CSCeg18304)

A Catalyst 4500 series switch with a WS-X4148-RJ45V module may display the following error messages:

%SYS-4-P2_WARN: 1/Astro(4/3) - timeout occurred 
%SYS-4-P2_WARN: 1/Astro(4/3) - timeout is persisting 

Workaround: Ensure that diagnostics are set to complete, and soft reset the module. Move the device to another module or spare ports. This problem is resolved in software release 8.4(5)GLX. (CSCee79970)

A Catalyst 4000 switch with a Supervisor Engine 2, configured with switch acceleration, reloads unexpectedly when the whichgigaport 1/1 or whichgigaport 1/2 hidden command is executed. This problem is resolved in software release 8.4(5)GLX. (CSCeg49479)

Open and Resolved Caveats in Software Release 8.4(4)GLX

The following sections describe the open and resolved caveats in supervisor engine software release 8.4(4)GLX:

Open Caveats in Software Release 8.4(4)GLX

Resolved Caveats in Software Release 8.4(4)GLX

Open Caveats in Software Release 8.4(4)GLX

These caveats are open in software release 8.4(4)GLX:

A Catalyst 4500 series switch with a WS-X4148-RJ45V module may display the following error messages:

%SYS-4-P2_WARN: 1/Astro(4/3) - timeout occurred 
%SYS-4-P2_WARN: 1/Astro(4/3) - timeout is persisting 

Workaround: Ensure that diagnostics are set to complete, and soft reset the module. Move the device to another module or spare ports. (CSCee79970)

When a Catalyst 4503 chassis with WS-X4013 Supervisor modules system receives VRID 57 or 121 VRRP(Virtual Router Redundancy Protocol) advertisements from two or more ports, the Rcv/Xmit Multicast advertisements are multiplied inside the supervisor modules.

Workaround: There is no workaround. (CSCef64285)

When a Cisco or IEEE phone is connected to WS-X4548-GBRJ45V ports, the phone is discovered and the required amount of power is applied; however, the link may not come up when operating in 10/100/1000 autonegotiating mode.

Workaround:Configure the port speed to either 10 or 100 based on the connected phone. (CSCin84510)

Resolved Caveats in Software Release 8.4(4)GLX

These caveats are resolved in software release 8.4(4)GLX:

If you upgrade your switch from software release 7.x or earlier to release 8.x or later with the boot mode set to "text" and spanning tree set to "PVST+," the spanning-tree mode changes to "Rapid PVST+."

Workaround: Change the boot mode to "binary" before performing the upgrade. This problem is resolved in software release 8.4(4)GLX. (CSCin75737)

The portSecuritySecureSrcAdd field, defined in the CISCO-STACK-MIB, incorrectly displays 00 00 00 00 00 00 when you enable port security, and the MAC address is learned from the port, instead of being configured manually. The portSecuritySecureSrcAdd field displays the correct information for the configured MAC addresses.

Workaround: Configure the secured MAC address manually using the set port security {mod/port} enable {mac_addr} command. This problem is resolved in software release 8.4(4)GLX. (CSCee56936)

A Catalyst 2980G switch running software release 7.6(10)GLX might not prune VLANs as expected in a trunk when bouncing the trunk.

Workaround: Disable VTP Prunning. This problem is resolved in software release 8.4(4)GLX. (CSCef20698)

Ports may end up with a MAC address assigned to the wrong VLAN if you use dynamic VLANs and you move PCs into different VLANs behind your IP phones without the linkdown.

Workaround: Disable and then re-enable the port. This problem is resolved in software release 8.4(4)GLX. (CSCef50493)

When standard MST is used with Layer 2 protocol tunneling, there might be convergence issues at the remote customer end. This problem is resolved in software release 8.4(4)GLX. (CSCef73654)

A Catalyst 4500 series switch running in Hybrid mode may cause a 802.1X client to timeout while attempting to authenticate the client to a Radius server. This happens when a switch is configured with a primary and backup Radius server and a Radius server failover occurs. This problem is resolved in software release 8.4(4)GLX. (CSCef52229)

Open and Resolved Caveats in Software Release 8.4(3)GLX

The following sections describe the open and resolved caveats in supervisor engine software release 8.4(3)GLX:

Open Caveats in Software Release 8.4(3)GLX

Resolved Caveats in Software Release 8.4(3)GLX

Open Caveats in Software Release 8.4(3)GLX

These caveats are open in software release 8.4(3)GLX:

A Catalyst 4500 series switch with a WS-X4148-RJ45V module may display the following error messages:

%SYS-4-P2_WARN: 1/Astro(4/3) - timeout occurred 
%SYS-4-P2_WARN: 1/Astro(4/3) - timeout is persisting 

Workaround: Ensure that diagnostics are set to complete, and soft reset the module. Move the device to another module or spare ports. (CSCee79970)

If you upgrade your switch from software release 7.x or earlier to release 8.x or later with the boot mode set to "text" and spanning tree set to "PVST+," the spanning-tree mode changes to "Rapid PVST+."

Workaround: Change the boot mode to "binary" before performing the upgrade. (CSCin75737)

The portSecuritySecureSrcAdd field, defined in the CISCO-STACK-MIB, incorrectly displays 00 00 00 00 00 00 when you enable port security, and the MAC address is learned from the port, instead of being configured manually. The portSecuritySecureSrcAdd field displays the correct information for the configured MAC addresses.

Workaround: Configure the secured MAC address manually using the set port security {mod/port} enable {mac_addr} command. This problem is resolved in software release 8.4(3)GLX. (CSCee56936)

Resolved Caveats in Software Release 8.4(3)GLX

These caveats are resolved in software release 8.4(3)GLX:

When you use the scheduled reset feature, the associated process (scheduleReset) might report several dynamic memory allocations in the show memuse command output, while the show proc mem command would not report any memory allocated or freed. This problem is resolved in software release 8.4(3)GLX. (CSCef50204)

If a MAC address is configured as a filtered address immediately after the MAC address is learned but before the address is aged out, traffic will not get filtered or dropped.

Workaround: Enter the clear cam dynamic command. This problem is resolved in software release 8.4(3)GLX. (CSCin78010)

If a port is moved from one VLAN to another, the permanent CAM entry on the second port might get deleted.

Workaround: Move the port to a different VLAN, and then reconfigure the permanent CAM entry. This problem is resolved in software release 8.4(3)GLX. (CSCef66696)

A short bridging loop occurs. The bridging loop is transient and noticeable only if you check the peak backplane usage on your Catalyst 4500 series switch. Changing the root bridge for the network can initiate the bridging loop. This problem is resolved in software release 8.4(3)GLX. (CSCee94778)

There is a vulnerability in the Transmission Control Protocol (TCP) specification (RFC793). All Cisco products that contain TCP stack are susceptible to this vulnerability. This advisory is available at these URLs:

http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml

This URL describes this vulnerability as it applies to Cisco products that run Cisco IOS software.

http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml

This URL describes this vulnerability for products that do not run Cisco IOS software.

This problem is resolved in software release 8.4(3)GLX. (CSCed32349)

If the system banner size is over approximately 3072 characters, the switch might crash when you enter the show banner command through a Telnet session. This problem is resolved in software release 8.4(3)GLX. (CSCef44617)

If you configure more than one EtherChannel and trunk in a short period of time, with MISTP enabled and the EtherChannel mode set to "ON," all of the newly configured channels might not join the trunk. With this configuration, the problem can also occur after the switch is reset. This problem is resolved in software release 8.4(3)GLX. (CSCee95922)

When running a K9 software image, the switch might crash when the SSH client tries to connect to the switch. This problem is resolved in software release 8.4(3)GLX. (CSCdz04272)

Trunking inconsistencies appeared when the following actions were taken on a switch: 1) An EtherChannel was configured using two modules. 2) One of the modules was removed from the switch. 3) An existing VLAN on the switch was added to trunks that were members of the EtherChannel. 4) The removed module was reinserted resulting in trunking inconsistencies. This problem is resolved in software release 8.4(3)GLX. (CSCed44129)

A switch can crash with the following error:

Exception 2: Tlb exception (load or fetch)" at epc =>gcc2_compiled.(+ 0) after decoded 
the crashdump. 

This problem is resolved in software release 8.4(3)GLX. (CSCef65161)

A switch running software release 8.4(2)GLX and rapid spanning tree (the switch is not the root bridge), might log the following events in the syslog if it received a corrupt BPDU:

2001 Apr 07 23:40:16 %SPANTREE-2-LOOPGUARDUNBLOCK: Port 4/2 restored in MST instance 1
2001 Apr 07 23:40:28 %SPANTREE-2-LOOPGUARDBLOCK: No BPDUs were received on port 4/2 in 
MST instance 1. Moved to loop-inconsistent state
2001 Apr 07 23:40:28 %SPANTREE-2-LOOPGUARDUNBLOCK: Port 4/2 restored in MST instance 1
2001 Apr 07 23:40:42 %SPANTREE-2-LOOPGUARDBLOCK: No BPDUs were received on port 4/2 in 
MST instance 1. Moved to loop-inconsistent state
2001 Apr 07 23:40:42 %SPANTREE-2-LOOPGUARDUNBLOCK: Port 4/2 restored in MST instance 1
2001 Apr 07 23:40:59 %SPANTREE-2-LOOPGUARDBLOCK: No BPDUs were received on port 4/2 in 
MST instance 1. Moved to loop-inconsistent state
2001 Apr 07 23:40:59 %SPANTREE-2-LOOPGUARDUNBLOCK: Port 4/2 restored in MST instance 1
2001 Apr 07 23:41:13 %SPANTREE-2-LOOPGUARDBLOCK: No BPDUs were received on port 4/2 in 
MST instance 1. Moved to loop-inconsistent state
2001 Apr 07 23:41:13 %SPANTREE-2-LOOPGUARDUNBLOCK: Port 4/2 restored in MST instance 1

You will see these symptoms when there is more than one MST instance configured. This problem is resolved in software release 8.4(3)GLX. (CSCee77039)

Open and Resolved Caveats in Software Release 8.4(2)GLX

The following sections describe the open and resolved caveats in supervisor engine software release 8.4(2)GLX:

Open Caveats in Software Release 8.4(2)GLX

Resolved Caveats in Software Release 8.4(2)GLX

Open Caveats in Software Release 8.4(2)GLX

These caveats are open in software release 8.4(2)GLX:

A Catalyst 4500 series switch with a WS-X4148-RJ45V module may display the following error messages:

%SYS-4-P2_WARN: 1/Astro(4/3) - timeout occurred 
%SYS-4-P2_WARN: 1/Astro(4/3) - timeout is persisting 

Workaround: Ensure that diagnostics are set to complete, and soft reset the module. Move the device to another module or spare ports. (CSCee79970)

The portSecuritySecureSrcAdd field, defined in the CISCO-STACK-MIB, incorrectly displays 00 00 00 00 00 00 when you enable port security, and the MAC address is learned from the port, instead of being configured manually. The portSecuritySecureSrcAdd field displays the correct information for the configured MAC addresses.

Workaround: Configure the secured MAC address manually using the set port security {mod/port} enable {mac_addr} command. (CSCee56936)

If you upgrade your switch from any software release 7.x or earlier releases to software release 8.x and later releases with the boot mode set to "text" and spanning tree set to "PVST+," the spanning-tree mode changes to "Rapid PVST+."

Workaround: Change the boot mode to "binary" before performing the upgrade. (CSCin75737)

Port security can become disabled on a port if the violation mode is set to "restrict" and you issue the reset module command multiple times from a telnet session to the me1 interface while continuous traffic flows to the port.

Workaround: Reenable port security on the port after the module is back online. (CSCin75852)

Resolved Caveats in Software Release 8.4(2)GLX

This caveat is resolved in software release 8.4(2)GLX:

Port security can become disabled on a port if the violation mode is set to "restrict" and you issue the reset module command multiple times from a telnet session to the me1 interface while continuous traffic flows to the port.

Workaround: Reenable port security on the port after the module is back online. This problem is resolved in software release 8.4(2)GLX. (CSCin75852)

When using dynamic VLANs, if the MAC address is in a different VLAN that moves around beind the IP phones, the IP phone may end up with a MAC address assigned to the wrong VLAN.

Workaround: Disable and reenable the port. This problem is resolved in software release 8.4(2)GLX. (CSCee59071)

A switch running software version 8.3(1)GLX may fail because of an SRAM failure with the following epc values in the crashdump:

epc 0x00000000100fdee4
epc 0x00000000100fd590

Workaround: Disable the SRAM online diagnostics using the set test switch-memory disable command. This problem is resolved in software release 8.4(2)GLX. (CSCee88146)

The temperature trap is not supported on the Catalyst 4912G switch. This problem is resolved in software release 8.4(2)GLX. (CSCef08110)

Your Catalyst 4500 series switch may reboot abnormally with the following exception code:

Cause : Exception 2: Tlb exception (load or fetch)

This problem is resolved in software release 8.4(2)GLX. (CSCef08126)

When using the set boot autoconfig bootflash:config.txt command after resetting the switch, the IGMP filter might not be applied on some ports. This situation occurs only when using the auto-config setup.

Workaround: Copy the configuration file to NVRAM using the copy flash config command. This problem is resolved in software release 8.4(2)GLX. (CSCee69962)

When your switch has a Supervisor Engine II G and many (approximately 20) trunk ports, all the available CPU resources are consumed by the EthChnlConfig process when you enable all of the ports at the same time or reboot the switch. In addition, VTP pruning cannot send out periodic messages on time, which causes the neighbor port to prune all VLANs on this trunk. When the CPU resources return to normal, VTP pruning recovers on its own. This problem is resolved in software release 8.4(2)GLX. (CSCdu44453)

Disabling or enabling port negotiation does not work correctly if you specify more than a single port or single range of ports. For example, if you enter set port negotiation 3/1,3/5-6 disable, ports 1 through 6 are disabled. This problem is resolved in software release 8.4(2)GLX. (CSCee52831)

A UNIX script might get stuck at the Telnet prompt.

Workaround: Press Enter at the point where the script gets stuck to start the script again. This problem is resolved in software release 8.4(2)GLX. (CSCeb69513)

Doing a minimal entry (entering only the first part of a commands syntax), such as set errdisable, set option, and show cdp port mod/port, on the following commands results in either a missing key word or no error message. This problem is resolved in software release 8.4(2)GLX. CSCed92864)

If you have an EtherChannel configured across modules, the EtherChannel configuration might change after disabling PortFast, BPDU filter, and BPDU guard and then resetting the switch. This problem is resolved in software release 8.4(2)GLX. (CSCee67595)

With a Supervisor Engine 2, when ports are added to an EtherChannel one port at a time, the calculated value of a path cost may be incorrect. In some cases, the path cost value displayed with the show spantree mistp-instance command is correct, but the path cost value displayed with the show spantree statistics command may be incorrect. Miscalculated path cost values result in ports going into the blocked state and create spanning tree topology discrepancies. This problem with the MISTP path cost feature appears in all software releases up to and including release 6.4(10). This problem is resolved in software release 8.4(2)GLX. (CSCee82347)

On a switch running a cryptographic (k9) image, if the value of sshPublicKeySize is non-zero, the SNMP_THREAD process might have a memory leak when sshPublicKeySize is polled. This problem is resolved in software release 8.4(2)GLX. (CSCed95950)

An SNMP query for cvbStpForwardingMap might return an invalid port state. This problem is not resolved by power cycling, resetting the module, disabling and enabling the port, or swapping modules. This problem is resolved in software release 8.4(2)GLX. (CSCee58481)

If the default community strings are cleared, community strings configured by entering the set snmp community-ext command do not work after resetting the switch. This problem is resolved in software release 8.4(2)GLX. (CSCee66094)

With UplinkFast enabled, invalid dummy multicast packets might be sent out from the switch, resulting in communication failure.

Workaround: Clear the ARP cache. This problem is resolved in software release 8.4(2)GLX. (CSCee22626)

The value of dot1dStpPortDesignatedPort is not correct when queried from SNMP. This problem is resolved in software release 8.4(2)GLX. (CSCee94422)

The dot3StatsFrameTooLongs counter should not increment when the port is configured as a trunk port.

Workaround: There is no workaround. This problem is resolved in software release 8.4(2)GLX. (CSCee94947)

Auxiliary VLANs and VTP pruning might not work together in all instances. This problem is resolved in software release 8.4(2)GLX. (CSCed05516)

If VTP pruning is disabled, an EtherChannel trunk might show previously pruned VLANs as forwarding but port LTLs do not change to reflect that. As a result, unicast and broadcast traffic for those VLANs on the EtherChannel trunk may not be forwarded.

Workaround: Disable and then reenable the EtherChannel trunk. This problem is resolved in software release 8.4(2)GLX. (CSCed95274)

A TACACS+ server might not record accounting information if you input two consecutive commands by copy and paste. This problem is resolved in software release 8.4(2)GLX. (CSCec63892)

The switch might fail with RADIUS authentication enabled. The problem might occur after you do the following:

Configure RADIUS authentication with the all option.

Set the enable password for console.

Enable the local login authentication.

Log in to the switch and enter a valid RADIUS username and password at the prompt.

After you perform the preceding steps, the switch might respond that the account is disabled for both valid and invalid passwords after you try to enter the enable mode. After repeated attempts, the switch might go into an idle state and then reset. This problem is resolved in software release 8.4(2)GLX. (CSCed76069)

The RADIUS NAS-Port attribute for an EAP request is padded at the end with a null character, making the attribute 7 bytes long instead of the normal length of 6 bytes as defined in RFC 2865. This problem is resolved in software release 8.4(2)GLX. (CSCed47220)

There is a vulnerability in the Transmission Control Protocol (TCP) specification (RFC793). All Cisco products that contain TCP stack are susceptible to this vulnerability. This advisory is available at these URLs:

http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml

This URL describes this vulnerability as it applies to Cisco products that run Cisco IOS software.

http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml

This URL describes this vulnerability for products that do not run Cisco IOS software.

This problem is resolved in software release 8.4(2)GLX. (CSCed32349)

Open and Resolved Caveats in Software Release 8.4(1)GLX

The following sections describe the open and resolved caveats in supervisor engine software release 8.4(1)GLX:

Open Caveats in Software Release 8.4(1)GLX

Resolved Caveats in Software Release 8.4(1)GLX

Open Caveats in Software Release 8.4(1)GLX

These caveats are open in software release 8.4(1)GLX:

The portSecuritySecureSrcAdd field, defined in the CISCO-STACK-MIB, incorrectly displays 00 00 00 00 00 00 when you enable port security and the MAC address is learned from the port, instead of being configured manually. The portSecuritySecureSrcAdd field displays the correct information for the configured MAC addresses.

Workaround: Configure the secured MAC address manually using the set port security {mod/port} enable {mac_addr} command. (CSCee56936)

If you upgrade your switch from any software release 7.x or earlier releases to software release 8.x and later releases with the boot mode set to "text" and spanning tree set to "PVST+," the spanning-tree mode changes to "Rapid PVST+."

Workaround: Change the boot mode to "binary" before performing the upgrade. (CSCin75737)

Port security can become disabled on a port if the violation mode is set to "restrict" and you issue the reset module command multiple times from a telnet session to the me1 interface while continuous traffic flows to the port.

Workaround: Reenable port security on the port after the module is back online. (CSCin75852)

Resolved Caveats in Software Release 8.4(1)GLX

This caveat is resolved in software release 8.4(1)GLX:

The Catalyst 4500 series Supervisor Engine II (WS-X4013=) may stop responding when you are using Catalyst software release 8.3(1)GLX. This problem is resolved in software release 8.4(1)GLX. (CSCee33665)

The PoE IEEE 802.3af-compliant modules use about 20W of PoE to power up the field programmable gate arrays (FPGAs) and other hardware components. In software release 8.3(1)GLX, this amount is not accounted for in the PoE allocation calculations. This problem is resolved in software release 8.4(1)GLX. (CSCed54355)

If you repeatedly power cycle the switch, the power status displays "fan failed" even if it has not failed. This problem is resolved in software release 8.4(1)GLX. (CSCee10783)

When you use Secure Shell (SSH) to connect to a Catalyst switch, the switch may reset.This problem is resolved in software release 8.4(1)GLX. (CSCed84727)

On a port security-enabled port, the auto-learned addresses are displayed in the show config output. If you enter the write memory command, these addresses should be written to the NVRAM, but the auto-learned addresses are not written to the NVRAM.

Workaround: If you want to retain the auto-learned addresses, enable the set port security auto-configure option. This problem is resolved in software release 8.4(1)GLX. (CSCed46765)

In software releases 7.6(4), 7.6(5), and 8.2(1) after you successfully enable RMON from either SNMP or the CLI, the show snmp command shows RMON as disabled. This problem is resolved in software release 8.4(1)GLX. (CSCed77175)

A Catalyst 4500 series switch running cat4000-k8.8-1-1 with an installed 1400 DC power supply turned to the ON position displays the status of Power Supply 2 as "fan failed."

Workaround: Upgrade to the Catalyst system software image cat4000-k8.7-6-6 or turn off the power to the 1400 DC power supply. This problem is resolved in software release 8.4(1)GLX. (CSCee13273)

The Catalyst 4500 series switch may stop responding when a SSH client tries to log in. This problem is resolved in software release 8.4(1)GLX. (CSCec43754)

After multiple quick changes to the inline power configuration of a port, the powered device (PD) connected to the port may fail and the port will remain in not-connected state.

Workaround: Disable and re-enable the failing port. This problem is resolved in software release 8.4(1)GLX. (CSCin68029)

Open and Resolved Caveats in Software Release 8.3(2)GLX

The following sections describe the open and resolved caveats in supervisor engine software release 8.3(2)GLX:

Open Caveats in Software Release 8.3(2)GLX

Resolved Caveats in Software Release 8.3(2)GLX

Open Caveats in Software Release 8.3(2)GLX

These caveats are open in software release 8.3(2)GLX:

PoE IEEE 802.3af-compliant modules use about 20W of PoE to power up field programmable gate arrays (FPGAs) and other hardware components. In software release 8.3(1)GLX, this amount is not accounted for in PoE allocation calculations. There is no workaround. (CSCed54355)

Resolved Caveats in Software Release 8.3(2)GLX

This caveat is resolved in software release 8.3(2)GLX:

When using short cables that are less than 15 feet (less than 5 meters), some ports on a Catalyst 2948-GE-TX and Catalyst 4548-GB-RJ45 can experience CRC errors after a few weeks of operation. This is caused by an incorrect PHY initialization sequence. The error rate is well below IEEE specifications and does not cause an observable difference in performance (due to the occasional CRC errors).

Workaround: Replace the cable with one that is greater than 9 feet long (greater than 3 meters). This problem is resolved in software release 8.3(2)GLX. (CSCed63193)

If you lower the maximum number of MAC addresses allowed on a port using the set port security mod/port maximum num_of_mac command, you cannot clear all the secured addresses from your configuration using the clear port security all command.

Workaround: Raise the number of MAC addresses allowed to a higher value using the set port security mod/port maximum num_of_mac command, and then issue the clear port security all command. This problem is resolved in software release 8.3(2)GLX. (CSCin66276)

After you enter several changes to the inline power configuration for a port in rapid succession, the powered device connected to the port may fail to come up and the port remains in the not-connected state.

Workaround: Disable and enable the port. This problem is resolved in software release 8.3(2)GLX. (CSCin68029)

When a user log into a Catalyst 4500 series switch with TACACS authentication configured, you will be prompted for a username even if the TACACS server is unavailable. This may confuse users who are not aware that the TACACS server is unavailable when they may try to enter in a valid username/password combination.

Workaround: To successfully log in, enter any value as a username, and use the switch enable password as the password for authentication. This problem is resolved in software release 8.3(2)GLX. (CSCdz16477)

When PoE-enabled ports on a WX-4548-GB-RJ45V are configured to forced full-duplex mode, a link does not come up.

Workaround: Configure the port for autonegotiation. This problem is resolved in software release 8.3(2)GLX. (CSCed83050)

Open and Resolved Caveats in Software Release 8.3(1)GLX

The following sections describe the open and resolved caveats in supervisor engine software release 8.3(1)GLX:

Open Caveats in Software Release 8.3(1)GLX

Resolved Caveats in Software Release 8.3(1) GLX

Open Caveats in Software Release 8.3(1)GLX

These caveats are open in software release 8.3(1)GLX:

PoE IEEE 802.3af-compliant modules use about 20W of PoE to power up field programmable gate arrays (FPGAs) and other hardware components. In software release 8.3(1)GLX, this amount is not accounted for in PoE allocation calculations. There is no workaround. (CSCed54355)

When a user log into a Catalyst 4500 series switch with TACACS authentication configured, you will be prompted for a username even if the TACACS server is unavailable. This may confuse users who are not aware that the TACACS server is unavailable when they may try to enter in a valid username/password combination.

Workaround: To successfully log in, enter any value as a username, and use the switch enable password as the password for authentication. (CSCdz16477)

After you enter several changes to the inline power configuration for a port in rapid succession, the powered device connected to the port may fail to come up and the port remains in the not-connected state.

Workaround: Disable and enable the port. (CSCin68029)

Resolved Caveats in Software Release 8.3(1) GLX

This caveat is resolved in software release 8.3(1)GLX:

If the switch sends out a unicast MAC address to a secured port that is already configured as a nonsecured port on a particular VLAN in the static CAM table, the secure port in the same VLAN, may shut down.

Workaround: There is no workaround. This problem is resolved in software release 8.3(1)GLX. (CSCin57366)

The following combination of PAgP and DTP results in incorrect forwarding of traffic for Ethernet ports on initial link up: PAgP = Auto, DTP = Off. Specifically, the ports with this PAgP/DTP configuration are forwarding traffic prior to the port joining the bridge group. There should be a 10-second delay before traffic gets forwarded. This problem is resolved in software release 8.3(1)GLX. (CSCec41056)

The packet memory on a Catalyst 4000 series supervisor engine may go bad, resulting in data packets that are sent out with an invalid CRC and that are discarded by the link partner. Diagnostics have been added to identify the problem. Once the problem is identified, the switch automatically resets and comes back up in a "best-effort" mode. In the "best-effort" mode, the affected packet buffers are removed from circulation, and log messages are generated every 30 minutes to warn about the failures. You should replace a supervisor engine if it has packet memory errors. This problem is resolved in software release 8.3(1)GLX. (CSCec78085)

Upgrading a Catalyst 4500 series switch to software release 12.1(13)EW can cause a problem with the WS-X4148-RJ45V Power over Ethernet (PoE) module.

Workaround: Turn off autonegotiation using the set port speed command. This problem is resolved in software release 8.3(1)GLX. (CSCec67534)

After upgrading a Catalyst 4500 series switch from software release 6.3(3) to software release 7.6(1), you cannot configure logging-level COPS. This problem is resolved in software release 8.3(1)GLX. (CSCec37831)

When you use the clear cam permanent command to clear a permanent CAM filter entry, the filter entry is not removed from the hardware tables and traffic is dropped. This problem is resolved in software release 8.3(1)GLX. (CSCed11672)

A permanent CAM entry added to a Catalyst 4000 switch with software release 8.2(1)GLX will display with the incorrect interface output for the show cam permanent command. This problem is resolved in software release 8.3(1)GLX. (CSCed18484)

Starting in software release 6.4(7), you may see this warning message on your console:

2003 Dec 01 17:55:01 PST -07:00 %SYS-4-P2_WARN:1/Traffic from permanent host 
00:04:c1:82:5f:ff but seen on incorrect port 1/2 

In most cases, this message is caused by ARP requests from the switch being flooded back to itself by a neighbor. Because the source MAC address is the system MAC address, a console message is logged and the packet is dropped. This problem is resolved in software release 8.3(1)GLX. (CSCed13361)

If a port with port security enabled, receives traffic from a host that is filtered on the VLAN, the port may shut down.

Workaround: There is no workaround. This problem is resolved in software release 8.3(1)GLX. (CSCin51183)

If you enter the write memory command in text mode, a 544-byte memory leak occurs. This problem is resolved in software release 8.3(1)GLX. (CSCec75721)

When you use the clear cam mac_addr command to clear an autolearned MAC address on a port-security enabled port from the static CAM, the port can be placed in an inconsistent state and may not allow the user to configure the same MAC address on another port. If the port continues to receive the MAC address, the MAC address appears in the dynamic CAM instead of the static CAM.

Workaround: Do not use the clear cam mac_addr command on a secure port. If a port is in an inconsistent state, use the clear port security mod/port command to clear the MAC address from the CAM. This problem is resolved in software release 8.3(1)GLX. (CSCin60971)

The MAC address does not clear from the static CAM when you enter the clear cam static command; the MAC address may be learned by both the static and dynamic CAMs.

Workaround: Enter the clear cam command to delete the user-configured static MAC addresses from the static CAM. If the switch reaches a condition that the same MAC address is learned on dynamic and static CAM, enter the clear port security and clear cam dynamic commands to clear the MAC address from the dynamic CAM and reach a "consistent" state. This problem is resolved in software release 8.3(1)GLX. (CSCin61896)

In a Catalyst 6500 series switch or Cisco 7600 series router with a supervisor engine and the MSFC, the MAC address table is not updated even when it receives dummy multicast frames sent out by UplinkFast on a Catalyst 4000 series or a Catalyst 4500 series switch. Communication is lost in approximately 15 seconds. This problem occurs when the original root port comes up after a switchover. This problem is resolved in software release 8.3(1)GLX. (CSCeb58149)

When configuring VMPS, you may run out of memory in some rare instances.

Workaround: Change all dynamic memberships to static and then back to dynamic. This problem is resolved in software release 8.3(1)GLX. (CSCec29748)

In rare cases, when you enable CGMP, the Catalyst 4500 series Supervisor Engine I or Supervisor Engine II may reload intermittently. There is no workaround. This problem is resolved in software release 8.3(1)GLX. (CSCec72380)

The MST command set spantree mst config name does not have a carriage return (\n) if the revision number is set to zero in the show config command output. This action causes the next command that you enter to merge with this command. This problem is resolved in software release 8.3(1)GLX. (CSCed05362)

If you initiate a session on a supervisor engine to a WS-X4232-L3 module, the session may not work after running for an unknown period of time. This situation occurs because of a wrong adjacency in the Catalyst operating system side of the ARP table for the WS-X4232-L3's inband MAC address.

Workaround: Use Telnet to access a Gigabit Ethernet 3 or Gigabit Ethernet 4 (or a subinterface IP address), and reset the WS-X4232-L3 module to temporarily recover the problem. After you have recovered the session, you need to move the sc0 interface into a different VLAN to avoid this problem in the future. This problem is resolved in software release 8.3(1)GLX. (CSCdx30617)

A switch may require a long time to clear and reestablish secure MAC addresses when an age-enabled port has a few hundred secure MAC addresses with large amounts of continuous traffic going through the port.

Workaround: There is no workaround. This problem is resolved in software release 8.3(1)GLX. (CSCeb22295)

The Idledetect feature does not work on 10/100 ports of a Catalyst 2980G-A switch. If you attempt to configure Idledetect in the CLI, the switch ignores the configuration. This problem is resolved in software release 8.3(1)GLX. (CSCec79821)

A secured MAC address is not cleared from the port security table and the static CAM after the age timer for that MAC has expired. This problem is resolved in software release 8.3(1)GLX. (CSCin57920)

When you configure MISTP on a Catalyst 4500 series switch, and you exclude an extended VLAN from the root switch, traffic still travels for that VLAN on the nonroot switches, even though the spanning tree mode for that VLAN is set to blocking. There is no workaround. This problem is resolved in software release 8.3(1)GLX. (CSCin62178)

Sometimes, a dynamic VLAN is not assigned on the ports with the configured auxiliary VLAN. Initially, the dynamic VLAN for the port works, but after the port links goes up and down 50 times, the port stops working. The port displays as a connected port but the status will be inactive. This problem is resolved in software release 8.3(1)GLX. (CSCec29415)

A Catalyst 4000 series or Catalyst 4503 switch with Supervisor Engine I or II or a WS-X5410 module in a Catalyst 5500 switch does not send dummy multicast packets when UplinkFast operates after the no shutdown command has been entered from the original root port. This condition results in lost communication because the switch does not clear the older MAC table on the root port. This problem is resolved in software release 8.3(1)GLX. (CSCec79652)

A permanent CAM entry added to a Catalyst 4500 series switch with software release 8.2(1)GLX displays incorrectly in the output for the show cam permanent command. This problem is resolved in software release 8.3(1)GLX. (CSCed19484)

A Catalyst switch with the Catalyst operating system incorrectly reports an STP root change with the following message:

2003 Jun 09 11:42:28 EST -04:00 %SPANTREE-5-ROOTCHANGE:Root changed for Vlan Y: New 
root port n/m. New Root mac address is XX-XX-XX-XX-XX-XX. 

This is an information message only and should not affect the operation of your switch.

Workaround: Change the logging level on the SPANTREE facility down to level 4. This problem is resolved in software release 8.3(1)GLX. (CSCeb78548)

After you lower the maximum number of allowed MAC addresses for a port, entering the clear port security all command does not clear all secured MAC addresses from the configuration.

Workaround: Set the maximum addresses allowed to a higher value and then enter the clear port security all command. This problem is resolved in software release 8.3(1)GLX. (CSCin66276)

A VLAN assignment issue exists. During the solution testing for the upcoming Microsoft release of KB article 826942, Microsoft has developed a code to allow VLAN assignment and DHCP interoperability. The MS code is written with the following logic (assuming proper VLAN assignment): Send three ICMP echos to the current default gateway.

If the echos are not answered, the broadcast renews the DHCP address. During the change of port VLAN (VLAN assignment), WinXP sends out the DHCP request immediately without giving any time for the new VLAN to stabilize. The switch sends out the DHCP request to the old VLAN and the PC does not receive the correct IP address. This problem is resolved in software release 8.3(1)GLX. (CSCed25703)

When you set several ports as trunk ports in a short period of time, several VLANs may not be allowed across the trunk ports. This problem is resolved in software release 8.3(1)GLX. (CSCed12056)

If a port enters the root inconsistent state after it receives a superior BPDU from a PVST switch that is not directly connected to the switch, and if MST and root guard are configured on the switch, the switch stops transmitting BPDUs. This situation can cause a STP loop in the network. This problem is resolved in software release 8.3(1)GLX. (CSCec67810)

When you use secure shell to log in to a Catalyst switch using external authentication, and do not enter a username, the session hangs regardless of the password that you enter. If you enter an incorrect username, the switch prompts you for password three times before disconnecting. There is no workaround. This problem is resolved in software release 8.3(1)GLX. (CSCea89170)

A Catalyst switch may crash while downloading a VMPS database because the vmps-port-group field is not specified in VMPS configuration file. This problem is resolved in software release 8.3(1)GLX. (CSCed43310)

Even though you are unable to configure a private VLAN on a dynamic port from the CLI, a dynamic port can be configured into a private VLAN when the port receives the information from a VMPS server. Private VLANs cannot be assigned to dynamic ports. This problem is resolved in software release 8.3(1)GLX. (CSCin62512)

If you connect a Catalyst 4500 series switch that has Rapid-PVST configured to a Catalyst 4500 series switch that has PVST+ configured and spanning tree disabled for some of the VLANs, the Rapid-PVST BPDUs that flood the PVST+ switch will have an incorrect length. This condition could truncate the SSTP TLV when the Rapid-PVST switch sees the BPDUs.

Workaround: Enable spanning tree for all VLANs on the PVST+ switch. This problem is resolved in software release 8.3(1)GLX. (CSCec86174)

Open and Resolved Caveats in Software Release 8.1(3)

The following sections describe the open and resolved caveats in supervisor engine software release 8.1(3):

Open Caveats in Software Release 8.1(3)

Resolved Caveats in Software Release 8.1(3)

Open Caveats in Software Release 8.1(3)

These caveats are open in software release 8.1(3):

If the switch sends out a unicast MAC address to a secured port that is already configured as a nonsecured port on a particular VLAN in the static CAM table, the secure port in the same VLAN, may shut down.

Workaround: There is no workaround. (CSCin57366)

Software release 8.1(1) supports a maximum of 80,000 MISTP instances; whereas, software release 7.6(1) supports a maximum of 170,000 MISTP instances.

Workaround: There is no workaround. (CSCeb37697)

Software release 7.5(1) and later releases support a maximum of 600 Rapid-PVST+ VLAN instances.

Workaround: There is no workaround. (CSCeb41308)

When you disable spanning tree on the Catalyst 4500 series switch, the switch passes 1Q-BPDU packets when there are both trunk and access ports that contain the VLAN where spanning tree is disabled.

Workaround: There is no workaround. (CSCeb43406)

A switch may require a long time to clear and reestablish secure MAC addresses when an age enabled port has a few hundred secure MAC addresses with large amounts of continuous traffic going through the port.

Workaround: There is no workaround. (CSCeb22295)

If a port, with port security enabled, receives traffic from a host that is filtered on the VLAN, the port may shut down.

Workaround: There is no workaround. (CSCin51183)

Resolved Caveats in Software Release 8.1(3)

This caveat is resolved in software release 8.1(3):

New vulnerabilities in the OpenSSH implementation for SSH servers have been announced.

An affected network device, running an SSH server based on the OpenSSH implementation, may be vulnerable to a Denial of Service (DoS) attack when an exploit script is repeatedly executed against the same device. There are workarounds available to mitigate the effects of these vulnerabilities.

This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20030917-openssh.shtml.

This problem is resolved in software release 8.1(3). (CSCec33092)

Open and Resolved Caveats in Software Release 8.2.(1)GLX

The following sections describe the open and resolved caveats in supervisor engine software
release 8.2(1)GLX:

Open Caveats in Software Release 8.2.(1)GLX

Resolved Caveats in Software Release 8.2.(1)GLX

Open Caveats in Software Release 8.2.(1)GLX

These caveats are open in software release 8.2(1)GLX:

When you use the clear cam mac_addr command to clear an auto-learned MAC address on a port-security enabled port from the static CAM, the port can be placed in an inconsistent state and may not allow the user to configure the same MAC address on another port. If the port continues to receive the MAC address, the MAC address appears in the dynamic CAM instead of the static CAM.

Workaround: Do not use the clear cam mac_addr command on a secure port. If a port is in an inconsistent state use the clear port security mod/port command to clear the MAC address from the CAM. (CSCin60971)

The switch may learn a MAC address for an SIP IP phone in the native VLAN and not the auxiliary VLAN the first time that the SIP IP phone is connected to the switch. This behavior is also observed after you reset the switch.

Workaround: If the IP phone receives PoE, remove the phone from the network, to power cycle the phone. If the IP phone does not receive PoE, power cycle the SIP IP phone. (CSCin45446)

If the switch sends out a unicast MAC address to a secured port that is already configured as a nonsecured port on a particular VLAN in the static CAM table, the secure port in the same VLAN, may shut down.

Workaround: There is no workaround. (CSCin57366)

A Catalyst 4500 series switch may experience a memory leak in the DTP process when one or more access ports have frequent link flaps.

Workaround: There is no workaround. (CSCea03789)

If a port, with port security enabled, receives traffic from a host that is filtered on the VLAN, the port may shut down.

Workaround: There is no workaround. (CSCin51183)

Software release 8.1(1) supports a maximum of 80,000 MISTP instances; whereas, software release 7.5(1) supports a maximum of 170,000 MISTP instances.

Workaround: There is no workaround. (CSCeb37697)

Software release 7.5(1) and later releases support a maximum of 600 Rapid-PVST+ VLAN instances.

Workaround: There is no workaround. (CSCeb41308)

When you disable spanning tree on the Catalyst 4500 series switch, the switch passes 1Q-BPDU packets when there are both trunk and access ports that contain the VLAN where spanning tree is disabled.

Workaround: There is no workaround. (CSCeb43406)

A switch may require a long time to clear and reestablish secure MAC addresses when an age enabled port has a few hundred secure MAC addresses with large amounts of continuous traffic going through the port.

Workaround: There is no workaround. (CSCeb22295)

In a Catalyst 6500 series switch or Cisco 7600 series router with a supervisor engine and the MSFC, the MAC Address Table is not updated even when it receives dummy multicast frames sent out by UplinkFast on a Catalyst 4000 series or a Catalyst 4500 series switch. Communication is lost in approximately 15 seconds. This problem occurs when the original root port comes up after a switchover. (CSCeb58149)

Resolved Caveats in Software Release 8.2.(1)GLX

These caveats are resolved in software release 8.2(1) GLX:

When the switch sends a linkDown trap for a security violation on the Catalyst 4003 switch with a Supervisor Engine I or Supervisor Engine II running software release 7.5(1) or 7.6(1), the value of portSecurityLastSrcAddr may be incorrect. This problem is resolved in software release 8.2.(1)GLX. (CSCeb49723)

If the switch receives packets with the system address set to the sc0 MAC address, the port may shut down and the sc0 interface may become inaccessible.

Workaround: Reset the switch. This problem is resolved in software release 8.2.(1)GLX. (CSCeb84608)

When you set vmVlan to a value that is larger than 1023, an assert failure appears. This problem is resolved in software release 8.2.(1)GLX. (CSCeb67164)

After you change a Catalyst 2948G switch from binary to text configuration mode, the SPAN configuration may be lost.

Workaround: Reenter SPAN configurations. This problem is resolved in software release 8.2.(1)GLX. (CSCec17704)

The set port dot1x mod/port shutdown-timeout {enable | disable} command does not work. It returns the format of the command structure. This problem is resolved in software release 8.2.(1)GLX. (CSCec40274)

Open and Resolved Caveats in Software Release 8.1(2)

The following sections describe the open and resolved caveats in supervisor engine software
release 8.1(2):

Open Caveats in Software Release 8.1(2)

Resolved Caveats in Software Release 8.1(2)

Open Caveats in Software Release 8.1(2)

These caveats are open in software release 8.1(2):

Software release 8.1(1) supports a maximum of 80,000 MISTP instances, and software release 7.6(1) supports a maximum of 170,000 MISTP instances

Workaround: There is no workaround. (CSCeb37697)

Software release 7.5(1) and later releases support a maximum of 600 Rapid-PVST+ VLAN instances.

Workaround: There is no workaround. (CSCeb41308)

When you configure port security on a Catalyst 4500 series switch with a Supervisor Engine II, the switch runs out of memory and displays this message:

%SYS-3-SYS_RMONMEMLOW:Fail to allocate memory for RMON System memory usage excess 85%. 

Workaround: There is no workaround. (CSCea03789)

When you disable spanning tree on the Catalyst 4500 series switch, the switch passes 1Q-BPDU packets when there are both trunk and access ports that contain the VLAN where spanning tree is disabled.

Workaround: There is no workaround. (CSCeb43406)

If the switch receives packets with the system address set to the Sc0 MAC address, the port may shut down and the Sc0 interface may become inaccessible.

Workaround: Reset the switch. (CSCeb84608)

The set port dot1x mod/port shutdown-timeout {enable | disable} command does not work. It returns the format of the command structure.

Workaround: There is no workaround. (CSCec40274)

Resolved Caveats in Software Release 8.1(2)

These caveats are resolved in software release 8.1(2):

A dynamic port is not assigned a VLAN from the VMPS server when you configure an auxiliary VLAN on the port.

Workaround: Clear the auxiliary VLAN for the port, and then reconfigure the auxiliary VLAN. This problem is resolved in software release 8.1(2). (CSCin54315)

When you configure the port speed from 100 to 1000 on the WS-X4548-GB-RJ45 module, the link may not come up.

Workaround: Configure the port first to auto, and then to 1000. This problem is resolved in software release 8.1(2). (CSCeb58933)

There is a memory leak in the DVLAN_RECONF process when you run a heavy CPU load. This problem is resolved in software release 8.1(2). (CSCeb85102)

Open and Resolved Caveats in Software Release 8.1(1)

The following sections describe the open and resolved caveats in supervisor engine software
release 8.1(1):

Open Caveats in Software Release 8.1(1)

Resolved Caveats in Software Release 8.1(1)

Open Caveats in Software Release 8.1(1)

These caveats are open in software release 8.1(1):

Software release 8.1(1) supports a maximum of 80,000 MISTP instances, and software release 7.6(1) supports a maximum of 170,000 MISTP instances

Workaround: There is no workaround. (CSCeb37697)

When you configure port security on a Catalyst 4500 series switch with a Supervisor Engine II, the switch runs out of memory and displays this message:

%SYS-3-SYS_RMONMEMLOW:Fail to allocate memory for RMON System memory usage excess 85%. 

Workaround: There is no workaround. (CSCea03789)

Software release 7.5(1) and later releases support a maximum of 600 Rapid-PVST+ VLAN instances.

Workaround: There is no workaround. (CSCeb41308)

When you disable spanning tree on the Catalyst 4500 series switch, the switch passes 1Q-BPDU packets when there are both trunk and access ports that contain the VLAN where spanning tree is disabled.

Workaround: There is no workaround. (CSCeb43406)

Resolved Caveats in Software Release 8.1(1)

These caveats are resolved in software release 8.1(1):

If the RIT patch cable connecting a workstation to the Type1A Balun is pulled out fast enough, the port will move directly from the fwd state to the "loopback" (fwd) state. When this situation happens, some data packets are looped back while the port transitions to a blocking state. This may cause network problems if port security is enabled on the port, because the switch secures the looped MAC addresses and restricts the traffic from the original unsecured port. This problem is resolved in software release 8.1(1). (CSCeb12104)

The lower level ground-start code contains two tables: port security and CAM. When the ageout timer expired, the autolearned MAC was cleaned from the security table but not from the CAM table. This situation resulted in a security violation.

Workaround: Delete the MAC address from the ground-start CAM table and the security table during ageout. This problem is resolved in software release 8.1(1). (CSCeb27176)

When you configure port security as restrict violation mode with a maximum address of 1 on an MVAP port with a connected IP phone, if the PC is connected behind the IP phone, the PC's MAC address will not get restricted and the IP phone will move to inactive mode. This problem is resolved in software release 8.1(1). (CSCin39270)

Remote booting diskless workstations may boot slow on random ports of the WS-X-4148-RJ45V.

Workaround: Reconfigure the duplex speed to half, and then change it back to full. This problem is resolved in software release 8.1(1). (CSCdy67241)

Dynamic VLANs are not always updated on the switch when the incoming SA changes.

Workaround: There is no workaround. This problem is resolved in software release 8.1(1). (CSCea50001)

If you enable port security and MAC address learning on a switch, when the port sees a MAC address that contains all zeros, the port is disabled and there is no "Last-Src-Addr."

Workaround: Reenable the port. This problem is resolved in software release 8.1(1). (CSCea89001)

The PVLAN timers for CAM entries on secondary VLANs are forced to expire when the timer for the CAM entry on the primary VLAN expires. This situation causes flooding on the primary VLAN.

Workaround: Set the CAM aging timer on the primary VLAN to 0 using the set cam agingtime privlan 0 command. This problem is resolved in software release 8.1(1). (CSCdz42689)

A Catalyst 4006 switch with port channels enabled on the supervisor engine trunk can have a communication failure between interVLANs.

Workaround: There is no workaround. This problem is resolved in software release 8.1(1). (CSCdz66547)

Moving a host from a secured port to an unsecured port causes a security violation.

Workaround: There is no workaround. This problem is resolved in software release 8.1(1). (CSCea07450)

There is a memory leak that increases the memory held by the console in 16 byte increments. This memory leak presents itself in one of two ways:

When you configure a community or isolated VLAN to a primary VLAN using the SNMP CLI.

Free memory reduces constantly and the memory held by the SptTimer and DTP_Rx process.

You can use the show proc mem command to view the memory held by processes and verify if you have a memory leak.

Workaround: There is no workaround. (CSCea91118)

Usage Guidelines, Restrictions, and Troubleshooting

This section provide usage guidelines, restrictions, and troubleshooting information for Catalyst 4500 series switch hardware and software.

System and Supervisor Engine

Modules and Switch Ports

Spanning Tree

VTP, VLANs, and VLAN Trunks

EtherChannel

SPAN

Multicast

MIBs

Authentication, Authorization, and Accounting

Power Management and PoE

Nonembedded CiscoView

System and Supervisor Engine

This section contains usage guidelines, restrictions, and troubleshooting information that apply to the supervisor engine and to the switch at the system level:

When connecting NIC: SMC 8432BT with a DEC 21041-AA chipset on a PC Compaq Desktop 6xxxx to a 2980A-G switch at 10/HD, you might experience Align/FCS/Rcv-errors.

The Catalyst 4006 switch requires dual power supplies. Refer to the Catalyst 4003 and 4006 Switch Installation Guide for detailed information about power requirements for the Catalyst 4500 series switches.

The Port Name field in the output of the show port command displays only the first 18 characters of the port name. If you specify a port name that contains more than 18 characters the last characters will not be displayed in the output. (CSCed09784)

In supervisor engine software release 5.2 and later, the show config, write terminal, and copy config commands return only the nondefault configuration (that is, only commands that change the default configuration are displayed). Use the all keyword to display both the default and nondefault configurations (for example, show config all).

If you need to download configuration files to many switches in a network topology with redundant EtherChannel links, download the configuration at each switch manually using the configure network command. Otherwise, in some situations, a broadcast storm can occur.

Under certain conditions, etherHistoryUtilization is not reported correctly if the counter value wraps between the two consecutive samples.

Workaround: Reduce the sample interval.

If your configuration produces thousands of CAM entries, ensure that your screen length is set to a value greater than 0 before entering the show cam dynamic command.

The LrnDiscard counter (displayed by entering the show mac command) indicates the number of times a CAM entry is replaced with a newly learned address when the CAM table is full. The counter value is not maintained for each port; instead, the value is maintained for the entire switch.

Although the show spantree command displays the PortFast feature as enabled on a trunk port, spanning tree PortFast has no effect on trunk ports. Do not use the set portfast command on a trunk port. In addition, designating a port as a trunk port causes the PortFast feature to be ignored for the port.

If you attach a long cable (20 ft. or longer) that is disconnected at the far end to the console port of a Catalyst 4500 series or Catalyst 2948G switch, then the resulting crosstalk on the serial line may prevent the switch from booting until you disconnect the cable from the switch or plug the cable into an active serial port (such as a serial port on a PC or a terminal server) at the remote end. (CSCdw69459 and CSCdr73326)

The CLI command show cam dynamic and the SNMP query getmany community@vlan dot1dTpFdbAddress are sometimes not synchronized.

The Catalyst 2948G switch may unexpectedly reset if a large number of ICMP redirect entries are learned by the switch. ICMP entries are stored in mbuf memory. When too many ICMP entries are learned, they use up crucial resources and cause the switch to reset.

Workaround: Disable ICMP redirect learning by entering the set icmp redirect disable command. Configure static routes for the required destinations using the set ip route command. (CSCed00225)

Modules and Switch Ports

This section contains usage guidelines, restrictions, and troubleshooting information that apply to modules and switch ports:

If a module fails to come online, reset the module by entering the reset mod_num command.

This message indicates a potential port configuration error:

2000 Feb 15 16:15:28 %SYS-4-P2_WARN: 1/Blocked queue on gigaport 5 ( 15 : 1 )

If you receive this message, issue the command show port counters and check each port for excessive error frames, such as collisions, runts, and transmit errors.

When hot inserting a module into a Catalyst 4500 series chassis, be sure to use the ejector levers on the front of the module to seat the backplane pins properly. Incorrectly inserting a module can cause unexpected behavior. For proper module installation instructions, refer to the Catalyst 4003 and 4006 Switch Installation Guide.

When you replace a module (other than the supervisor engine) with a module of a different type, or when you insert a module (other than the supervisor engine) in an empty slot, entering the command clear config mod_num clears the module configuration information in the supervisor engine and obtains the correct spanning tree parameters.

If a port fails the physical-medium-dependent (PMD) loopback test after the Catalyst 4500 series switch is reset (that is, if a port LED is flashing orange after a reset), you must reset the affected module.

If the Catalyst 4500 series switch detects a port-duplex misconfiguration, the misconfigured switch port is disabled and placed in the errdisable state. Reconfigure the port-duplex setting and use the set port enable command to reenable the port.

If you replace a module with a different module of the same configuration type, the new module inherits the software configuration from the original module. The following modules have the same configuration type:

WS-4148-FX-MT and WS-X4148-FE-LX-MT

WS-X4248-RJ45V and WS-X4248-RJ21V

WS-X4548-GB-RJ45 and WS-X4448-GB-RJ45

If you have a port whose speed is set to auto and is connected to another port whose speed is set to a fixed value, configure the port whose speed is set to a fixed value for half duplex. Or, you can configure both ports to a fixed-value port speed and full duplex.

On Catalyst 4500 series modules that contain 10/100-Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1, indicating an error occurred even though, in most cases, a carrier sense error did not occur.

Do not plug an Ethernet cable into a serial port, because you will misconfigure your switch.

When you connect end stations (such as Windows 95, 98, or NT workstations) to Catalyst 4500 series 10/100-Mbps switch ports, we recommend this configuration:

Spanning tree PortFast enabled

Trunking off

Channeling off

In supervisor engine software release 5.2 and later, you can use the set port host command to optimize the port configuration for host connections. This command automatically enables PortFast and sets the trunking and channeling modes to off.

In software releases prior to release 5.2, you can optimize the port configuration for host connections as follows:

Use the set spantree portfast mod_num/port_num enable command to enable PortFast on a port.

Use the set trunk mod_num/port_num off command to disable trunking on a port.

Use the set port channel port_list off command to disable channeling on a port.


Note You must specify a valid port range when entering the set port channel command. You cannot specify a single port.


This example shows how to configure a port for end station connectivity using the set port host command:

Console> (enable) set port host 2/1
Warning: Spantree port fast start should only be enabled on ports connected
to a single host. Connecting hubs, concentrators, switches, bridges, etc. to
a fast start port can cause temporary spanning tree loops. Use with caution.
Spantree port 2/1 fast start enabled.
Port(s) 2/1 trunk mode set to off.
Port(s) 2/1 channel mode set to off.
Console> (enable) 

This example shows how to manually configure a port for end station connectivity:

Console> (enable) set spantree portfast 2/2 enable
Warning: Spantree port fast start should only be enabled on ports connected
to a single host. Connecting hubs, concentrators, switches, bridges, etc. to
a fast start port can cause temporary spanning tree loops. Use with caution.
Spantree port 2/2 fast start enabled.
Console> (enable) set trunk 2/2 off
Port(s) 2/2 trunk mode set to off.
Console> (enable) set port channel 2/1-2 off
Port(s) 2/1-2 channel mode set to off.
Console> (enable)

If you configure a secure port to restrictive mode and connect a station to the port whose MAC address is already configured as a secure MAC address on another port on the switch, the port in restrictive mode shuts down rather than restricts traffic from that station. For example, if you configure MAC 1 as the secure MAC address on port 2/1 and MAC 2 as the secure MAC address on port 2/2, and you then connect the station with MAC 1 to port 2/2 when port 2/2 is configured for restrictive mode, port 2/2 shuts down instead of restricting traffic from MAC 1.

The following restrictions apply when configuring port security:

You cannot configure dynamic, static, or permanent CAM entries on a secure port.

When you enable port security on a port, any static or dynamic CAM entries that are associated with the port are cleared; any currently configured permanent CAM entries are treated as secure.

Do not enable protocol filtering on the switch if you have configured port security on any ports and set the violation mode to restrict. There is no restriction if the violation mode is set to shutdown; you can enable protocol filtering on the switch.

When you connect a Catalyst 4500 series port that is set to autonegotiate an end station or another networking device, make sure that the other device is configured for autonegotiation. If the other device is not set to autonegotiate, the Catalyst 4500 series autonegotiating port will remain in half-duplex mode, which can cause a duplex mismatch, resulting in packet loss, late collisions, and line errors on the link.

Port security can become disabled on a port if the violation mode is set to "restrict" and you issue the reset module command multiple times from a telnet session to the me1 interface while continuous traffic flows to the port.

Workaround: Reenable port security on the port after the module is back online. Multiple module resets should be avoided. (CSCin75852)

Some ports on the Catalyst 4500 series oversubscribed Gigabit Ethernet modules do not reliably autonegotiate Ethernet operational modes with some Sun Gigabit Ethernet NICs. The 18-port server switching 1000BASE-X (GBIC) Gigabit Ethernet module (WS-X4418-GB) is affected.

These Sun Gigabit Ethernet NICs are affected:

X1140A Sun Gigabit Ethernet Sbus Adapter 2.0

X1141A PCI Gigabit Ethernet PCI Adapter 2.0

Workaround: Use the following configuration:

Catalyst 4500 series Ports
Sun Gigabit Ethernet NIC
Configuration
Command
Configuration
Command

Autonegotiation disabled

set port negotiation mod_num/port_num disable

Autonegotiation disabled

ndd -set /dev/ge adv_1000autoneg_cap 0

-

-

Half duplex off

ndd -set /dev/ge adv_1000hdx_cap 0

Send flow control on1

set port flowcontrol mod_num/port_num send on

Send flow control off

ndd -set /dev/ge adv_pauseTX 0

Receive flow control desired1

set port flowcontrol mod_num/port_num receive desired

Receive flow control on

ndd -set /dev/gs adv_pauseRX 1

1 Default setting

1 (CSCdm38405)


Spanning Tree

This section contains usage guidelines, restrictions, and troubleshooting information that apply to spanning tree:

The Spanning Tree Protocol (STP) blocks certain ports to prevent physical loops in a redundant topology. On a blocked port, the Catalyst 4500 series switch receives spanning tree bridge protocol data units (BPDUs) periodically from the neighboring device. To configure the frequency with which BPDUs are received, enter the set spantree hello command (the default frequency is set to two seconds). If a Catalyst 4500 series switch does not receive a BPDU in the time defined by the set spantree maxage command (20 seconds by default), the blocked port transitions to the listening state, the learning state, and to the forwarding state. As it transitions, the switch waits for the time period specified by the set spantree fwddelay command (15 seconds by default) in each of these intermediate states. Therefore, a blocked spanning tree port moves into the forwarding state if it does not receive BPDUs from its neighbor within approximately 50 seconds.

If the STP parameters are reduced in value, be sure that the number of STP instances is also reduced proportionally in order to avoid spanning tree loops in the network.

You should configure a Catalyst family switch as the root for every VLAN, especially VLAN 1. In order to recover from an extended broadcast storm, Catalyst family switches must reset blocked ports. To ensure recovery, all Catalyst family switches in the network should reset blocked ports at the same time, by sending synchronization packets on VLAN 1. A Catalyst family switch will not send synchronization packets unless it is the root bridge.

Disabling spanning tree on the native VLAN of an IEEE 802.1Q trunk might cause spanning tree loops. We recommend that you leave spanning tree enabled on the native VLAN of an 802.1Q trunk. If you plan to disable spanning tree in an 802.1Q environment, disable it on every VLAN in the network to ensure that a loop-free topology exists.On a blocked spanning tree port, check the duplex configuration to ensure that the port duplex is set to the same type as the port of the neighboring device.

On trunk ports, ensure that the trunk configuration is valid on both sides of the link.

On trunk ports, ensure that the duplex is set to full on both sides of the link to prevent collisions in heavy traffic conditions.

On a blocked spanning tree port, make sure that the Rcv-Frms and Rcv-Multi counters are incrementing continuously. If the Rcv-Frms counter stops incrementing, the port is not receiving any frames, including BPDUs. If the Rcv-Frms counter is incrementing but the Rcv-Multi counter is not, then this port is receiving nonmulticast frames but is not receiving any BPDUs.

On your Catalyst 4500 series switch, be sure that the total number of logical ports across all instances of spanning tree for different VLANs does not exceed the number allowed for your supervisor engine.

You can use the show spantree summary command and the following formula to compute the sum of logical ports on the switch:

(number of trunks on the switch ¥ number of active VLANs on those trunks) + number of nontrunking ports on the switch

The sum of all logical ports, as calculated with the formula above, should be less than or equal to the following:

600 instances in PVST+ mode for the Catalyst 4500 series Supervisor Engine I and II

480 instances in MISTP mode for the Catalyst 4500 series Supervisor Engine I and II

9000 instances in MSTP mode for the Catalyst 4500 series Supervisor Engine I and II


Caution If you enable numerous memory-intensive features concurrently (such as VTP pruning, VMPS, EtherChannel, and RMON), or if there is switched data traffic on the management VLAN, the maximum number of supported logical ports is reduced.


Note Count each port in an EtherChannel port bundle independently (do not count the bundle as a single port).


Do not use spanning tree PortFast on a trunk port. Although the show spantree command displays PortFast as enabled on a trunk port, PortFast has no effect on such ports.

To monitor blocked spanning tree ports, use the following commands:

Use the show port command to see if the port has registered many alignment, FCS, or any other type of line errors. If these errors are incrementing continuously, the port might drop input BPDUs.

Use the show mac command if the Inlost counter increments continuously or a port is losing input packets because of a lack of receive buffers. This problem can also cause the port to drop incoming BPDUs.

VTP, VLANs, and VLAN Trunks

This section contains usage guidelines, restrictions, and troubleshooting information that apply to VTP, VLANs, and VLAN trunks:

The VLAN numbers are always ISL VLAN identifiers and not 802.1Q VLAN identifiers.

A VTP transparent switch with no VTP domain name configured might not relay VTP requests received from VTP client and server switches. Therefore, VTP client and server switches might not synchronize if they are separated by a VTP transparent switch with no domain name configured.

Workaround: Configure a VTP domain name on the VTP transparent switch.

Although the Dynamic Trunk Protocol (DTP) is a point-to-point protocol, some internetworking devices might not forward DTP frames. To avoid connectivity problems, follow these guidelines:

For ports connected to non-Catalyst family devices in which trunking is not being used, configure trunk-capable Catalyst 4500 series switch ports to off by entering the set trunk mod_num/port_num off command.

When trunking to a Cisco router, use the set trunk mod_num/port_num nonegotiate command. The nonegotiate keyword transitions a link into trunking mode without sending DTP frames.

With Cisco IOS Release 12.0, the Catalyst 8510 campus switch router (CSR) does not process untagged packets (packets on the native VLAN) received on an IEEE 802.1Q-trunked interface (all such packets are dropped). If you configure Catalyst 8510 CSR subinterfaces to a trunk using 802.1Q encapsulation, traffic cannot be carried successfully on the native VLAN for the trunk configured on a Catalyst 4500 series switch.

Workaround: Create an unused VLAN and assign it as the native VLAN for the 802.1Q trunk on the Catalyst 4500 series switch. Verify the native VLAN assignment for the trunk using the show trunk command.

This problem is tracked as a defect against the Catalyst 8510 CSR software. (CSCdk77676)

IEEE 802.1Q trunks with several hundred active VLANs take a few minutes to become operational. The time increases with the number of VLANs on the trunk. During this time, you might see unexpected behavior, such as the console hanging or other ports not going into forwarding. After the trunks become operational, the unexpected behavior disappears and operation returns to normal. The operation remains normal as long as the trunks remain operational.

EtherChannel

This section contains usage guidelines, restrictions, and troubleshooting information that apply to Fast and Gigabit EtherChannel:

With a large number of channels, trunks, or VLANs, or a change of channel configuration (for example, off to auto), or upon Fast EtherChannel module reboot, ports might take up to five minutes to form a channel and to participate in spanning tree. (During this interval, the port does not appear in show spantree command output.) If it takes more than ten minutes for a channel to form and appear on spanning tree, disable and reenable the ports. In addition, it might take up to two minutes to unbundle a channel after changing the channel mode.

If a syslog message like "SPANTREE-2: Channel misconfig - x/x-x will be disabled" is displayed while running Fast EtherChannel, it indicates that one of the two ports is not configured correctly. We recommend that you reenable the ports by entering the set port enable command, and configure the two ports with one of the following valid EtherChannel configurations:

Port Channel Mode
Valid Neighbor Port Channel Modes

desirable

desirable or auto

auto

desirable

on

on

off

off


SPAN

This section contains usage guidelines, restrictions, and troubleshooting information that apply to the Switched Port Analyzer (SPAN):

When a port is configured as a SPAN port (in both mode) to monitor the transmit and receive traffic (unicast, broadcast, or multicast) for the VLAN, the port does not monitor the VLAN traffic properly. This is the expected behavior when a static CAM filter exists in the host table. Filter action takes precedence over copying the traffic to a sniff port, and hence these packets will not be accounted for in the sniffed traffic statistics. (CSCin51183)

By default, incoming traffic on the SPAN destination port is disabled. You can enable it using the set span command with the inpkts enable keywords. However, while the port receives traffic for its assigned VLAN, it does not participate in spanning tree for that VLAN. To avoid creating spanning tree loops with incoming traffic enabled, assign the SPAN destination port to an unused VLAN.

A SPAN destination port receives flooded unicasts and broadcasts for the VLAN of the source SPAN port.

A SPAN session cannot be configured via SNMP with the monitorGrp MIB. The SPAN configuration can be read from the monitorGrp MIB.

Workaround: Use the PortCopyTable MIB to configure SPAN sessions via SNMP.

Multicast

This section contains usage guidelines, restrictions, and troubleshooting information that apply to multicast protocols and traffic on the switch:

Because of a conflict with the Hot Standby Router Protocol (HSRP), Cisco Group Management Protocol (CGMP) leave processing is disabled by default. To enable CGMP leave processing, enter the set cgmp leave enable command.


Note If both HSRP and CGMP leave processing are enabled, you might experience some unicast packet flooding.


When CGMP leave processing is enabled, the Catalyst 4500 series switch learns router ports through PIM-v1, HSRP, and CGMP self-join messages. When CGMP leave processing is disabled, the Catalyst 4500 series switch learns router ports through CGMP self-join messages only.

CGMP does not prune multicast traffic for any IP multicast address that maps into the MAC address range of 01-00-5E-00-00-00 to 01-00-5E-00-00-FF. The reserved IP multicast addresses, in the range 224.0.0.0 to 224.0.0.255, are used to forward local IP multicast traffic in a single Layer 3 hop.

MIBs

For general information on MIBs, RMON groups, and traps, refer to the Cisco public MIB directory (http://www.cisco.com/public/mibs/). For information on the specific MIBs supported by the Catalyst 4500 series switches, refer to the Catalyst 4000 MIB Support List located at ftp://ftp.cisco.com/pub/mibs/supportlists/wsc4000/wsc4000-supportlist.html.

Authentication, Authorization, and Accounting

This section contains usage guidelines, restrictions, and troubleshooting information that apply to authentication, authorization, and accounting (AAA):

For login authentication, starting with software releases 5.5(15), 6.3(7), and 7.3(1), if you press the Enter key and then type your password, the ACS TACACS+ server will respond as if you are attempting to change your password. This behavior is related to CSCdx08395. Before the CSCdx08395 fix, the user privilege level was hard coded to 15 in the TACACS+ authentication request packet. With the CSCdx08395 fix, the user privilege level is set based on the privilege level at which the user is authenticated. For example, if a user attempts a login authentication, the privilege level is 1. If the user attempts an enable authentication, the privilege level is 15.

The Cisco ACS TACACS+ server behaves differently when you press the Enter key and then type your password. When you press the Enter key and then type your password with the user priv-lvl hard coded to 15, the switch responds as if this is a login authentication as a regular password attempt. When you press the Enter key and then type your password with the user priv-lvl hard coded to 11, the switch responds as if you are changing your password. The latter case is a behavior consistent with TACACS+ enable authentication and Cisco IOS software handling when you press the Enter key and then type your password. (CSCdy35129)

Power Management and PoE

This section contains usage guidelines, restrictions, and troubleshooting information that apply to power management and PoE.

Power over Ethernet modules do not support the Ethernet debounce timer.(CSCin52662)

If a powered device is in the power-deny state, the switch continually attempts discover the powered device to determine if the powered device has been unplugged. During this time, if you remove the powered device and insert a different powered device, the switch software does not notice that you have changed the powered device. The new powered device is not detected and remains in the power-deny state. (CSCec75381)

When a port is a data traffic port, and you change the PoE management mode from either off to auto or off to static, the link enters the notconnect state and the port link flapstraffic is lost temporarily until the port comes back online. (CSCec74052)

A static port in a PoE module that comes online later may not get power when you apply power to the switch. The switch immediately applies power to PoE ports as soon as each module comes online and does not wait for all modules to come online before applying power. As each module comes online, power is applied to the static ports and then the auto ports for that module. If you exceed the total available PoE before all modules come online, the ports in the module that come online later may not receive power. (CSCec74996)

When you plug in a Cisco+IEEE powered device, the switch uses both the Cisco proprietary and IEEE discovery methods to determine the power requirements for the powered device. The initial power allocation can vary depending on which discovery method succeeds first. If the IEEE discovery method discovers the powered device before Cisco proprietary method, the initial power allocated to the powered device will be the defined by the upper limit of the discovered IEEE class. If the Cisco discovery method succeeds first, the initial power allocated to the powered device will be equal to he amount you specified with the set inlinepower defaultallocation command. If CDP protocol in enabled on the port, once CDP messages are received, the switch adjusts the allocated power to the amount to the level specified in the CDP message.(CSCec80603)

In software release 8.3(1)GLX, the display for the show port inline power command has changed how it computes and displays the power consumed and allocated so that the values displayed are more accurate. In software release 8.3(1)GLX and later releases, the power consumed and power allocated are displayed in mWatts. In previous software releases, the power consumed and power allocated were converted from mAmps and converted to Watts. (CSCin66137)

Nonembedded CiscoView

This section contains usage guidelines, restrictions, and troubleshooting information that apply to nonembedded CiscoView:

If the CiscoView chassis scroll bar does not appear, resize the browser window. Another workaround is to right-click on the chassis and select Resize to decrease the size of the chassis view.

On Windows NT machines with Java Plug-9n 1.3.0 installed and Netscape Navigator running, the CiscoView chassis scroll bar does not appear, even after you resize the window. To correct the problem, upgrade to Java Plug-in 1.3.1. (CSCdw58407)

The supported client platforms, browsers, and Java Plug-in versions supported by CiscoView are as follows:

Client Platform
Web Browser
Java Plug-in

Solaris 2.7/2.8

Netscape Navigator 4.76, 4.77, 4.78, 4.79

Java Plug-in 1.3.0 (JRE 1.3.0)
Java Plug-in 1.3.1 (JRE 1.3.1)

Windows 98
Windows NT 4.0
Windows 2000

Internet Explorer 5.5
Netscape Navigator 4.76, 4.77, 4.78, 4.79

Java Plug-in 1.3.0-C (JRE 1.3.0)
Java Plug-in 1.3.1 (JRE 1.3.1)

HPUX 11.0

Netscape Navigator 4.77, 4.78, 4.79

Java Plug-in 1.2.2 (JRE 1.2.2)
Java Plug-in 1.3.1 (JRE 1.3.1)

AIX 4.3.3

Netscape Navigator 4.77, 4.78, 4.79

Java Plug-in 1.3.0 (JRE 1.3.0)
Java Plug-in 1.3.1 (JRE 1.3.1)



Note The Java Plug-in can be downloaded from http://www.cisco.com/pcgi-bin/tablebuild.pl/cview-plugin



Note Java Plug-in versions 1.3.0_01 and 1.3.0_02 do not work with CiscoView.



Note Java Plug-in versions 1.3.1_01 and later are not supported by CiscoView.


NonEmbedded CiscoView does not work after you resize a browser window in Solaris. Make sure that you are using Netscape Communicator 4.7 from Sun Microsystems, not from Netscape.

On Solaris machines that are running Netscape Navigotor 4.77, 4.78, or 4.79, with Java Plug-in 1.3.1 installed, you might see a blank screen after launching CiscoView. (CSCdw13384)

Follow these steps to correct the problem:


Step 1 Uninstall the current Java Plug-in from your machine.

Step 2 Download the Java Plug-in from the following location and install it:

http://www.cisco.com/pcgi-bin/tablebuild.pl/cview-plugin

Step 3 Clear the cache by entering the following CLI command: rm -rf ~/.netscape

Step 4 Enter the following CLI command: export NPX_PLUGIN_PATH = /usr/j2se/jre/plugin/sparc/ns4

Step 5 Launch Netscape Navigator.

Step 6 Select Edit > Preferences, and then click Advanced in the navigation tree.

Step 7 Make sure the "Enable Java" check box is not selected.

Step 8 Specify the IP address of the device you want to access and launch CiscoView. The Java console is displayed, but the chassis view does not appear.

Step 9 Select Edit > Preferences, and then click Advanced in the navigation tree.

Step 10 Select the "Enable Java" check box.

Step 11 Specify the IP address of the device you want to access and launch CiscoView. Both the Java console and chassis view should be displayed.


If you are running Netscape Navigator with a Java Plug-in version that is earlier than version 1.3.0, you might get a blank screen when you launch CiscoView. (CSCdw59601)

To correct the problem, download Java Plug-in 1.3.0 or later from the following location: http://www.cisco.com/pcgi-bin/tablebuild.pl/cview-plugin

If your machine runs on the HP-UX platform, we recommend that you use the HP release of Netscape. The HP release of Netscape can be downloaded from the following location:
http://www.hp.com/workstations/products/unix/software/netscape/index.html
(CSCdw59617)

CiscoView images take approximately 12 minutes to download from a TFTP server to a PCMCIA Flash memory card. (CSCdr14437)

In the EtherChannel dialog box, when EtherChannel Operation Mode is changed from pagpon to either off or manual, click the Refresh button and the PAgP dialog box displays N/A for every field.

Workaround: Close and reopen the EtherChannel dialog box. (CSCdw76309)

In the VLAN & Bridge dialog box (Device > Configure > VLAN & Bridge), deleting the primary VLAN after unbinding the secondary VLAN returns an error message. The workaround is to close and reopen the dialog box and then delete the primary VLAN.

After binding a secondary VLAN to the primary VLAN, delete the primary VLAN and the following error message is displayed: "Set failed due to snmpRspGenErr for vtpVlanEditRowStatus.1.199." The workaround is to close and then reopen the dialog box. You should now see the correct error message: "The Primary is bounded ..." (CSCdt65530)

Disabled WAN modules are placed in the power-down state. (CSCdw50083)

The Carrier Alarm LED on WAN modules is not supported. (CSCdw50111)

The LED labeled RPS is not supported on Catalyst 2948G and 2980G devices. (CSCdw38266)

Daughter cards on the WS-X4604-GWY card are not supported. (CSCdw51541)

802.1X Authentication timer fields are available in the port level PAE dialog box. (CSCdw86044)

If your machine is running Windows 2000, Windows NT, or Windows 98 and the chassis view does not appear, you should disable the Java Plug-in's JAR caching feature, as follows:

For Java Plug-in 1.3.1:

1) Select Start > Settings > Control Panel > Java Plug-in 1.3.1.

2) Click the Cache tab.

3) Click Clear JAR Cache.

For Java Plug-in 1.3.0:

1) Select Start > Settings > Control Panel > Java Plug-in.

2) Click the Basic tab.

3) Make sure the "Cache JARs In Memory" check box is not selected.

4) Click Apply.

There is a problem when you highlight the MultiChannel DS3 Port Adapter in the WS-X6182-PA module, and then select Configure > Interface. The dialog box displays "n/a" or the incorrect values in every field. Also, if you select Monitor > Interface, the charts in the resulting dialog box do not get updated, and an error message is displayed in the status bar. (CSCdr39591)

When a device is set to MST Spanning Tree mode, the path cost and priority fields in the Bridge Details dialog box cannot be set on a channeling port that is using PAGP or LACP. (CSCdx23200 and CSCdx23217)

Deleting the primary VLAN in the VLAN and Bridge dialog box after unbinding the secondary VLAN causes an error message to be displayed.

Workaround: Close and reopen the VLAN and Bridge dialog box; then delete the primary VLAN. (CSCdt65530)

After binding a secondary VLAN to the primary VLAN, delete the primary VLAN. The following error message is displayed:

Set failed due to snmpRspGenErr for vtpVlanEditRowStatus1.199.

Workaround: Close and reopen the VLAN and Bridge dialog box. The correct message will then be displayed. (CSCdt65530)

Ports G1 and G2 on the WS-X4232-L3 card will always show the presence of GBIC modules. (CSCdr29617)

Related Documentation

The following documents are available for Catalyst 4500 series switches:

Catalyst 4000 Series Switch Installation Guide

Catalyst 4500 Series Switch Installation Guide

Catalyst 4500 Series Module Installation Guide

Catalyst 4912G Switch Installation Guide

Catalyst 2948G, 2948G-GT-TX, and 2980G Installation Guide

Software Configuration Guide—Catalyst 4500 Series, Catalyst 2948G, Catalyst 2948G-GE-TX, and Catalyst 2980 Switches

Command Reference—Catalyst 4500 Series, Catalyst 2948G, Catalyst 2948G-GE-TX, and Catalyst 2980 Switches

System Message Guide—Catalyst 6500Series, Catalyst 4500 Series, Catalyst 2948G, Catalyst 2948G-GE-TX, and Catalyst 2980G Switches

Troubleshooting Tips—Catalyst 5000 Family, 4000 Family, 2926G Series, and 2948G Switches

Layer 3 Switching Software Configuration Guide—Catalyst 5000 Family, 4000 Family, 2926G Series, and 2948G Switches

Enterprise MIB User Quick Reference (online only)

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/techsupport

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Product Documentation DVD

The Product Documentation DVD is a comprehensive library of technical product documentation on a portable medium. The DVD enables you to access multiple versions of installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the same HTML documentation that is found on the Cisco website without being connected to the Internet. Certain products also have .PDF versions of the documentation available.

The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com users (Cisco direct customers) can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at this URL:

http://www.cisco.com/go/marketplace/

Ordering Documentation

Registered Cisco.com users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL:

http://www.cisco.com/go/marketplace/

Nonregistered Cisco.com users can order technical documentation from 8:00 a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by calling 011 408 519-5055. You can also order documentation by e-mail at tech-doc-store-mkpl@external.cisco.com or by fax at 1 408 519-5001 in the United States and Canada, or elsewhere at 011 408 519-5001.

Documentation Feedback

You can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com.

You can submit comments about Cisco documentation by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Cisco Product Security Overview

Cisco provides a free online Security Vulnerability Policy portal at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

From this site, you will find information about how to:

Report security vulnerabilities in Cisco products.

Obtain assistance with security incidents that involve Cisco products.

Register to receive security information from Cisco.

A current list of security advisories, security notices, and security responses for Cisco products is available at this URL:

http://www.cisco.com/go/psirt

To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL:

http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT:

For Emergencies only — security-alert@cisco.com

An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.

For Nonemergencies — psirt@cisco.com

In an emergency, you can also reach PSIRT by telephone:

1 877 228-7302

1 408 525-6532


Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x.

Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

The link on this page has the current PGP key ID in use.

If you do not have or use PGP, contact PSIRT at the aforementioned e-mail addresses or phone numbers before sending any sensitive material to find other means of encrypting the data.


Obtaining Technical Assistance

Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.

Cisco Technical Support & Documentation Website

The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, at this URL:

http://www.cisco.com/techsupport

Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do


Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.


Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447

For a complete list of Cisco TAC contacts, go to this URL:

http://www.cisco.com/techsupport/contacts

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—An existing network is down, or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of the network is impaired, while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

The Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product overviews, key features, sample part numbers, and abbreviated technical specifications for many Cisco products that are sold through channel partners. It is updated twice a year and includes the latest Cisco offerings. To order and find out more about the Cisco Product Quick Reference Guide, go to this URL:

http://www.cisco.com/go/guide

Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

http://www.ciscopress.com

Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/packet

iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

or view the digital edition at this URL:

http://ciscoiq.texterity.com/ciscoiq/sample/

Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

Networking products offered by Cisco Systems, as well as customer support services, can be obtained at this URL:

http://www.cisco.com/en/US/products/index.html

Networking Professionals Connection is an interactive website for networking professionals to share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL:

http://www.cisco.com/discuss/networking

World-class networking training is available from Cisco. You can view current offerings at this URL:

http://www.cisco.com/en/US/learning/index.html