Table Of Contents
Release Notes for Catalyst 6000 Family Software Release 5.x
Contents
Release 5.x Memory Requirements
Supervisor Engine Configurations
Product and Software Version Matrix
Orderable Software Images
Software Image Version Compatibility
Features for Supervisor Engine Software Release 5.5
Hardware Features
Software Features
Features for Supervisor Engine Software Release 5.4
Hardware Features
Software Features
Features for Supervisor Engine Software Release 5.3
Features for Supervisor Engine Software Release 5.2
Features for Supervisor Engine Software Release 5.1
Usage Guidelines and Restrictions
Open and Resolved Caveats in Software Release 5.5(21)
Open Caveats in Software Release 5.5(21)
Resolved Caveats in Software Release 5.5(21)
Open and Resolved Caveats in Software Release 5.5(20)
Open Caveats in Software Release 5.5(20)
Resolved Caveats in Software Release 5.5(20)
Open and Resolved Caveats in Software Release 5.5(19)
Open Caveats in Software Release 5.5(19)
Resolved Caveats in Software Release 5.5(19)
Open and Resolved Caveats in Software Release 5.5(18)
Open Caveats in Software Release 5.5(18)
Resolved Caveats in Software Release 5.5(18)
Open and Resolved Caveats in Software Release 5.5(17)
Open Caveats in Software Release 5.5(17)
Resolved Caveats in Software Release 5.5(17)
Open and Resolved Caveats in Software Release 5.5(16)
Open Caveats in Software Release 5.5(16)
Resolved Caveats in Software Release 5.5(16)
Open and Resolved Caveats in Software Release 5.5(15)
Open Caveats in Software Release 5.5(15)
Resolved Caveats in Software Release 5.5(15)
Open and Resolved Caveats in Software Release 5.5(14)
Open Caveats in Software Release 5.5(14)
Resolved Caveats in Software Release 5.5(14)
Open and Resolved Caveats in Software Release 5.5(13a)
Open Caveats in Software Release 5.5(13a)
Resolved Caveats in Software Release 5.5(13a)
Open and Resolved Caveats in Software Release 5.5(13)
Open Caveats in Software Release 5.5(13)
Resolved Caveats in Software Release 5.5(13)
Open and Resolved Caveats in Software Release 5.5(12a)
Open Caveats in Software Release 5.5(12a)
Resolved Caveats in Software Release 5.5(12a)
Open and Resolved Caveats in Software Release 5.5(12)
Open Caveats in Software Release 5.5(12)
Resolved Caveats in Software Release 5.5(12)
Open and Resolved Caveats in Software Release 5.5(11a)
Open Caveats in Software Release 5.5(11a)
Resolved Caveats in Software Release 5.5(11a)
Open and Resolved Caveats in Software Release 5.5(11)
Open Caveats in Software Release 5.5(11)
Resolved Caveats in Software Release 5.5(11)
Open and Resolved Caveats in Software Release 5.5(10a)
Open Caveats in Software Release 5.5(10a)
Resolved Caveats in Software Release 5.5(10a)
Open and Resolved Caveats in Software Release 5.5(10)
Open Caveats in Software Release 5.5(10)
Resolved Caveats in Software Release 5.5(10)
Open and Resolved Caveats in Software Release 5.5(9)
Open Caveats in Software Release 5.5(9)
Resolved Caveats in Software Release 5.5(9)
Open and Resolved Caveats in Software Release 5.5(8a)
Open Caveats in Software Release 5.5(8a)
Resolved Caveats in Software Release 5.5(8a)
Open and Resolved Caveats in Software Release 5.5(8)
Open Caveats in Software Release 5.5(8)
Resolved Caveats in Software Release 5.5(8)
Open and Resolved Caveats in Software Release 5.5(7a)
Open Caveats in Software Release 5.5(7a)
Resolved Caveats in Software Release 5.5(7a)
Open and Resolved Caveats in Software Release 5.5(7)
Open Caveats in Software Release 5.5(7)
Resolved Caveats in Software Release 5.5(7)
Open and Resolved Caveats in Software Release 5.5(6a)
Open Caveats in Software Release 5.5(6a)
Resolved Caveats in Software Release 5.5(6a)
Open and Resolved Caveats in Software Release 5.5(6)
Open Caveats in Software Release 5.5(6)
Resolved Caveats in Software Release 5.5(6)
Open and Resolved Caveats in Software Release 5.5(5)
Open Caveats in Software Release 5.5(5)
Resolved Caveats in Software Release 5.5(5)
Open and Resolved Caveats in Software Release 5.5(4b)
Open Caveats in Software Release 5.5(4b)
Resolved Caveats in Software Release 5.5(4b)
Open and Resolved Caveats in Software Release 5.5(4a)
Open Caveats in Software Release 5.5(4a)
Resolved Caveats in Software Release 5.5(4a)
Open and Resolved Caveats in Software Release 5.5(4)
Open Caveats in Software Release 5.5(4)
Resolved Caveats in Software Release 5.5(4)
Open and Resolved Caveats in Software Release 5.5(3)
Open Caveats in Software Release 5.5(3)
Resolved Caveats in Software Release 5.5(3)
Open and Resolved Caveats in Software Release 5.5(2)
Open Caveats in Software Release 5.5(2)
Resolved Caveats in Software Release 5.5(2)
Open and Resolved Caveats in Software Release 5.5(1)
Open Caveats in Software Release 5.5(1)
Resolved Caveats in Software Release 5.5(1)
Open and Resolved Caveats in Software Release 5.4(4a)
Open Caveats in Software Release 5.4(4a)
Resolved Caveats in Software Release 5.4(4a)
Open and Resolved Caveats in Software Release 5.4(4)
Open Caveats in Software Release 5.4(4)
Resolved Caveats in Software Release 5.4(4)
Open and Resolved Caveats in Software Release 5.4(3)
Open Caveats in Software Release 5.4(3)
Resolved Caveats in Software Release 5.4(3)
Open and Resolved Caveats in Software Release 5.4(2a)
Open Caveats in Software Release 5.4(2a)
Resolved Caveats in Software Release 5.4(2a)
Open and Resolved Caveats in Software Release 5.4(2)
Open Caveats in Software Release 5.4(2)
Resolved Caveats in Software Release 5.4(2)
Open and Resolved Caveats in Software Release 5.4(1)
Open Caveats in Software Release 5.4(1)
Resolved Caveats in Software Release 5.4(1)
Open and Resolved Caveats in Software Release 5.3(6a)CSX
Open Caveats in Software Release 5.3(6a)CSX
Resolved Caveats in Software Release 5.3(6a)CSX
Open and Resolved Caveats in Software Release 5.3(6)CSX
Open Caveats in Software Release 5.3(6)CSX
Resolved Caveats in Software Release 5.3(6)CSX
Open and Resolved Caveats in Software Release 5.3(5a)CSX
Open Caveats in Software Release 5.3(5a)CSX
Resolved Caveats in Software Release 5.3(5a)CSX
Open and Resolved Caveats in Software Release 5.3(5)CSX
Open Caveats in Software Release 5.3(5)CSX
Resolved Caveats in Software Release 5.3(5)CSX
Open and Resolved Caveats in Software Release 5.3(4)CSX
Open Caveats in Software Release 5.3(4)CSX
Resolved Caveats in Software Release 5.3(4)CSX
Open and Resolved Caveats in Software Release 5.3(3)CSX
Open Caveats in Software Release 5.3(3)CSX
Resolved Caveats in Software Release 5.3(3)CSX
Open and Resolved Caveats in Software Release 5.3(2)CSX
Open Caveats in Software Release 5.3(2)CSX
Resolved Caveats in Software Release 5.3(2)CSX
Open and Resolved Caveats in Software Release 5.3(1a)CSX
Open Caveats in Software Release 5.3(1a)CSX
Resolved Caveats in Software Release 5.3(1a)CSX
Open and Resolved Caveats in Software Release 5.2(3a)CSX
Open Caveats in Software Release 5.2(3a)CSX
Resolved Caveats in Software Release 5.2(3a)CSX
Open and Resolved Caveats in Software Release 5.2(3)CSX
Open Caveats in Software Release 5.2(3)CSX
Resolved Caveats in Software Release 5.2(3)CSX
Open and Resolved Caveats in Software Release 5.2(2)CSX
Open Caveats in Software Release 5.2(2)CSX
Resolved Caveats in Software Release 5.2(2)CSX
Open and Resolved Caveats in Software Release 5.2(1)CSX
Open Caveats in Software Release 5.2(1)CSX
Resolved Caveats in Software Release 5.2(1)CSX
Open and Resolved Caveats in Software Release 5.1(1a)CSX
Open Caveats in Software Release 5.1(1a)CSX
Resolved Caveats in Software Release 5.1(1a)CSX
Open Caveats in Software Release 5.1(1)CSX
Troubleshooting
System Troubleshooting
Module Troubleshooting
VLAN Troubleshooting
Spanning Tree Troubleshooting
Documentation Updates for Software Release 5.4
Documentation Updates for Software Release 5.3
Documentation Updates for Software Release 5.2
Documentation Updates for Software Release 5.1
Additional Documentation
Obtaining Documentation
Cisco.com
Documentation DVD
Ordering Documentation
Documentation Feedback
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support Website
Submitting a Service Request
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Release Notes for Catalyst 6000 Family Software Release 5.x
Current Release:
5.5(21)—May 24, 2005 (final 5.x train release)
Previous Releases:
5.5(20), 5.5(19), 5.5(18), 5.5(17), 5.5(16), 5.5(15), 5.5(14), 5.5(13a), 5.5(13), 5.5(12a), 5.5(12), 5.5(11a), 5.5(11), 5.5(10a), 5.5(10), 5.5(9), 5.5(8a), 5.5(8), 5.5(7a) - GD release, 5.5(7), 5.5(6a), 5.5(6), 5.5(5), 5.5(4b), 5.5(4a), 5.5(4), 5.5(3), 5.5(2), 5.5(1), 5.4(4a), 5.4(4), 5.4(3), 5.4(2a), 5.4(2), 5.4(1) - deferred, 5.3(6a)CSX, 5.3(6)CSX, 5.3(5a)CSX, 5.3(5)CSX, 5.3(4)CSX, 5.3(3)CSX, 5.3(2)CSX, 5.3(1a)CSX, 5.2(3a)CSX, 5.2(3)CSX, 5.2(2)CSX, 5.2(1)CSX, 5.1(1a)CSX, 5.1(1)CSX
Note 
Minimum BootROM (ROMMON) requirements:
For Supervisor Engine 1, the minimum boot ROM required for software release 5.4(1) and later 5.x(x) releases is 5.2(1).
The minimum boot ROM required for software releases 6.x(x) and later releases is 5.3(1).
Note Release notes for prior Catalyst 6000 family software releases were accurate at the time of release. However, for information on the latest caveats and updates to previously released Catalyst 6000 family software releases, refer to the release notes for the latest maintenance release in your software release train. You can access all Catalyst 6000 family release notes at the World Wide Web locations listed in the "Obtaining Documentation" section.
Contents
This publication consists of these sections:
•Release 5.x Memory Requirements
•Supervisor Engine Configurations
•Product and Software Version Matrix
•Orderable Software Images
•Software Image Version Compatibility
•Features for Supervisor Engine Software Release 5.5
•Features for Supervisor Engine Software Release 5.4
•Features for Supervisor Engine Software Release 5.3
•Features for Supervisor Engine Software Release 5.2
•Features for Supervisor Engine Software Release 5.1
•Usage Guidelines and Restrictions
•Open and Resolved Caveats in Software Release 5.5(21)
•Open and Resolved Caveats in Software Release 5.5(20)
•Open and Resolved Caveats in Software Release 5.5(20)
•Open and Resolved Caveats in Software Release 5.5(18)
•Open and Resolved Caveats in Software Release 5.5(17)
•Open and Resolved Caveats in Software Release 5.5(16)
•Open and Resolved Caveats in Software Release 5.5(15)
•Open and Resolved Caveats in Software Release 5.5(14)
•Open and Resolved Caveats in Software Release 5.5(13a)
•Open and Resolved Caveats in Software Release 5.5(13)
•Open and Resolved Caveats in Software Release 5.5(12a)
•Open and Resolved Caveats in Software Release 5.5(12)
•Open and Resolved Caveats in Software Release 5.5(11a)
•Open and Resolved Caveats in Software Release 5.5(11)
•Open and Resolved Caveats in Software Release 5.5(10a)
•Open and Resolved Caveats in Software Release 5.5(10)
•Open and Resolved Caveats in Software Release 5.5(9)
•Open and Resolved Caveats in Software Release 5.5(8a)
•Open and Resolved Caveats in Software Release 5.5(8)
•Open and Resolved Caveats in Software Release 5.5(7a)
•Open and Resolved Caveats in Software Release 5.5(7)
•Open and Resolved Caveats in Software Release 5.5(6a)
•Open and Resolved Caveats in Software Release 5.5(6)
•Open and Resolved Caveats in Software Release 5.5(5)
•Open and Resolved Caveats in Software Release 5.5(4b)
•Open and Resolved Caveats in Software Release 5.5(4a)
•Open and Resolved Caveats in Software Release 5.5(4)
•Open and Resolved Caveats in Software Release 5.5(3)
•Open and Resolved Caveats in Software Release 5.5(2)
•Open and Resolved Caveats in Software Release 5.5(1)
•Open and Resolved Caveats in Software Release 5.4(4a)
•Open and Resolved Caveats in Software Release 5.4(4)
•Open and Resolved Caveats in Software Release 5.4(3)
•Open and Resolved Caveats in Software Release 5.4(2a)
•Open and Resolved Caveats in Software Release 5.4(2)
•Open and Resolved Caveats in Software Release 5.4(1)
•Open and Resolved Caveats in Software Release 5.3(6a)CSX
•Open and Resolved Caveats in Software Release 5.3(6)CSX
•Open and Resolved Caveats in Software Release 5.3(5a)CSX
•Open and Resolved Caveats in Software Release 5.3(5)CSX
•Open and Resolved Caveats in Software Release 5.3(4)CSX
•Open and Resolved Caveats in Software Release 5.3(3)CSX
•Open and Resolved Caveats in Software Release 5.3(2)CSX
•Open and Resolved Caveats in Software Release 5.3(1a)CSX
•Open and Resolved Caveats in Software Release 5.2(3a)CSX
•Open and Resolved Caveats in Software Release 5.2(3)CSX
•Open and Resolved Caveats in Software Release 5.2(2)CSX
•Open and Resolved Caveats in Software Release 5.2(1)CSX
•Open and Resolved Caveats in Software Release 5.1(1a)CSX
•Open Caveats in Software Release 5.1(1)CSX
•Troubleshooting
•Documentation Updates for Software Release 5.4
•Documentation Updates for Software Release 5.3
•Documentation Updates for Software Release 5.2
•Documentation Updates for Software Release 5.1
•Additional Documentation
•Obtaining Documentation
•Obtaining Technical Assistance
•Obtaining Additional Publications and Information
Release 5.x Memory Requirements
The Catalyst 6000 family Supervisor Engine 1 is shipped with 64-MB DRAM, which fully supports software release 5.x.
Supervisor Engine Configurations
In systems with redundant supervisor engines, both supervisor engines must have the same daughter card configurations, for example:
•If the supervisor engine in slot 1 has a PFC and no MSFC, the supervisor engine in slot 2 must have a PFC and no MSFC. If the supervisor engine in slot 1 has a PFC and an MSFC, the supervisor engine in slot 2 must have a PFC and an MSFC.
•If the supervisor engine in slot 1 has a PFC and an MSFC2, the supervisor engine in slot 2 must have a PFC and an MSFC2. You cannot have an MSFC and an MSFC2 in the same chassis.
These configuration requirements apply to all Catalyst 6000 family switches; we do not support mismatched supervisor engine daughter card configurations.
Product and Software Version Matrix
This section contains configuration matrixes to help you order Catalyst 6000 family products. Table 1 lists the minimum supervisor engine version and the current recommended/default supervisor engine software version for Catalyst 6000 family modules and chassis.
Note There might be additional minimum software version requirements for intelligent modules (those that run an additional, separate software image). Refer to the software release notes for the module type for more information.
Table 1 Minimum, Recommended, and Default Supervisor Engine Software Versions
Product Number
append with
"=" for spares
|
Product Description
|
Minimum Supervisor Software Version
|
Recommended/Default
Supervisor Software
Version
|
Supervisor Engine 1
|
WS-X6K-SUP1A-MSFC
|
Supervisor Engine 1A, dual-port 1000BASE-X uplinks with enhanced QoS features, PFC, and MSFC
|
5.3(1a)CSX
|
6.3(7)
|
WS-X6K-SUP1A-PFC
|
Supervisor Engine 1A, dual-port 1000BASE-X uplinks with enhanced QoS features, and PFC
|
5.3(1a)CSX
|
6.3(7)
|
WS-X6K-SUP1A-2GE
|
Supervisor Engine 1A, dual-port 1000BASE-X uplinks with enhanced QoS features
|
5.3(1a)CSX
|
6.3(7)
|
WS-X6K-SUP1-2GE
|
Supervisor Engine 1, dual-port 1000BASE-X uplinks
|
5.1(1)CSX
|
6.3(7)
|
WS-X6K-S1A-MSFC2
|
Supervisor Engine 1A, dual-port 1000BASE-X uplinks, with enhanced QoS features, PFC, and MSFC2
|
5.4(3)
|
6.3(7)
|
Ethernet, Fast Ethernet, and Gigabit Ethernet
|
WS-X6416-GBIC
|
16-port Gigabit Ethernet switching module
|
5.4(2)
|
6.3(7)
|
WS-X6416-GE-MT
|
16-port Gigabit Ethernet MT-RJ with enhanced QoS features
|
5.3(5a)CSX
|
6.3(7)
|
WS-X6408A-GBIC
|
8-port Gigabit Ethernet GBIC with enhanced QoS features
|
5.3(1a)CSX
|
6.3(7)
|
WS-X6408-GBIC
|
8-port Gigabit Ethernet GBIC
|
5.1(1)CSX
|
6.3(7)
|
WS-X6224-100FX-MT
|
24-port 100FX multimode MT-RJ
|
5.1(1)CSX
|
6.3(7)
|
WS-X6324-100FX-MM
WS-X6324-100FX-SM
|
24-port 100FX multimode and single-mode fiber modules with 128 KB per-port packet buffers
|
5.4(2)
|
6.3(7)
|
WS-X6248-RJ-45
|
48-port 10/100TX RJ-45
|
5.1(1)CSX
|
6.3(7)
|
WS-X6248-TEL
|
48-port 10/100TX RJ-21
|
5.2(1)CSX
|
6.3(7)
|
WS-X6248A-TEL
|
48-port 10/100TX RJ-21 with 128 KB per-port packet buffers
|
5.3(2)CSX
|
6.3(7)
|
WS-X6348-RJ-45
WS-X6348-RJ-45V
|
48-port 10/100TX RJ-45 with 128 KB per-port packet buffers (WS-X6348-RJ-45 accepts a field-upgradable voice daughter card to provide inline power to IP telephones. Already installed on WS-X6348-RJ-45V)
|
5.4(2)—no voice daughter card
5.5(1)—voice daughter card installed
|
6.3(7)
|
WS-F6K-VPWR
|
Inline-power field-upgrade module mounts on the 48-port 10/100TX RJ-45 module
|
5.5(1)
|
6.3(7)
|
WS-X6024-10FL-MT
|
24-port 10BASE-FL MT-RJ with enhanced QoS features
|
5.3(3)CSX
|
6.3(7)
|
WS-X6316-GE-TX
|
16-port 1000BASE-TX Gigabit Ethernet with RJ-45 interfaces for standard Category 5 UTP cabling
|
5.4(2)
|
6.3(7)
|
|
|
WS-X6101-OC12-SMF
|
Single-port single-mode OC-12 ATM
|
5.3(2)CSX
|
6.3(7)
|
WS-X6101-OC12-MMF
|
Single-port multimode OC-12 ATM
|
5.3(2)CSX
|
6.3(7)
|
Multilayer Switch Module (MSM)2
|
WS-X6302-MSM
|
Multilayer Switch Module
|
5.2(1)CSX
|
6.3(7)
|
|
|
WS-X6182-2PA
|
FlexWAN Module
|
5.4(2)
|
6.3(7)
|
Voice Modules
|
|
|
|
WS-X6224-FXS
|
24-port FXS analog interface module
|
5.5(1)
|
6.3(7)
|
WS-X6608-E1 WS-X6608-T1
|
8-port T1/E1 PSTN interface modules
|
5.5(1)
|
6.3(7)
|
Network Analysis Module4
|
|
|
|
WS-X6380-NAM
|
Network Analysis Module
|
5.5(1)
|
6.3(7)
|
Power Supplies
|
|
|
|
WS-CAC-1000W
|
1000W AC power supply
|
5.1(1)CSX
|
6.3(7)
|
WS-CAC-1300W
|
1300W AC power supply
|
5.1(1)CSX
|
6.3(7)
|
WS-CDC-1300W
|
1300W DC power supply
|
5.1(1)CSX
|
6.3(7)
|
WS-CAC-2500W
|
2500W AC power supply
|
5.4(2)
|
6.3(7)
|
WS-CDC-2500W
|
2500W DC power supply
|
5.4(2)
|
6.3(7)
|
Modular Chassis
|
WS-C6009
|
Catalyst 6009 chassis (9-slot)
|
5.1(1)CSX
|
6.3(7)
|
WS-C6509
|
Catalyst 6509 chassis (9-slot)
|
5.1(1)CSX
|
6.3(7)
|
WS-C6509-NEB
|
Catalyst 6509-NEB chassis (9 vertically-oriented slots)
|
5.4(2)
|
6.3(7)
|
WS-C6006
|
Catalyst 6006 chassis (6-slot)
|
5.2(1)CSX
|
6.3(7)
|
WS-C6506
|
Catalyst 6506 chassis (6-slot)
|
5.2(1)CSX
|
6.3(7)
|
Orderable Software Images
Table 2 lists the software versions and applicable ordering information for the Catalyst 6000 family supervisor engine software.
Caution Always back up the switch configuration file before upgrading or downgrading the switch software to avoid losing all or part of the configuration stored in nonvolatile RAM (NVRAM).
When downgrading switch software, you will lose your configuration. Use the
write network command or the
copy config tftp command to back up your configuration to a Trivial File Transfer Protocol (TFTP) server. Use the
copy config flash command to back up the configuration to a Flash device.
Table 2 Orderable Software Images
Software Version
|
Filename
|
Orderable Product Number
Flash on System
|
Orderable Product Number
Spare Upgrade (Floppy Media)
|
Supervisor Engine 1
|
5.5(21) Flash image
|
cat6000-sup.5-5-21.bin
|
SC6K-SUP-5.5.21
|
SC6K-SUP-5.5.21=
|
5.5(21) Flash image w/CiscoView
|
cat6000-supcv.5-5-21.bin
|
SC6K-SUPCV-5.5.21
|
SC6K-SUPCV-5.5.21=
|
5.5(20) Flash image
|
cat6000-sup.5-5-20.bin
|
SC6K-SUP-5.5.20
|
SC6K-SUP-5.5.20=
|
5.5(20) Flash image w/CiscoView
|
cat6000-supcv.5-5-20.bin
|
SC6K-SUPCV-5.5.20
|
SC6K-SUPCV-5.5.20=
|
5.5(19) Flash image
|
cat6000-sup.5-5-19.bin
|
SC6K-SUP-5.5.19
|
SC6K-SUP-5.5.19=
|
5.5(19) Flash image w/CiscoView
|
cat6000-supcv.5-5-19.bin
|
SC6K-SUPCV-5.5.19
|
SC6K-SUPCV-5.5.19=
|
5.5(18) Flash image
|
cat6000-sup.5-5-18.bin
|
SC6K-SUP-5.5.18
|
SC6K-SUP-5.5.18=
|
5.5(18) Flash image w/CiscoView
|
cat6000-supcv.5-5-18.bin
|
SC6K-SUPCV-5.5.18
|
SC6K-SUPCV-5.5.18=
|
5.5(17) Flash image
|
cat6000-sup.5-5-17.bin
|
SC6K-SUP-5.5.17
|
SC6K-SUP-5.5.17=
|
5.5(17) Flash image w/CiscoView
|
cat6000-supcv.5-5-17.bin
|
SC6K-SUPCV-5.5.17
|
SC6K-SUPCV-5.5.17=
|
5.5(16) Flash image
|
cat6000-sup.5-5-16.bin
|
SC6K-SUP-5.5.16
|
SC6K-SUP-5.5.16=
|
5.5(16) Flash image w/CiscoView
|
cat6000-supcv.5-5-16.bin
|
SC6K-SUPCV-5.5.16
|
SC6K-SUPCV-5.5.16=
|
5.5(15) Flash image
|
cat6000-sup.5-5-15.bin
|
SC6K-SUP-5.5.15
|
SC6K-SUP-5.5.15=
|
5.5(15) Flash image w/CiscoView
|
cat6000-supcv.5-5-15.bin
|
SC6K-SUPCV-5.5.15
|
SC6K-SUPCV-5.5.15=
|
5.5(14) Flash image
|
cat6000-sup.5-5-14.bin
|
SC6K-SUP-5.5.14
|
SC6K-SUP-5.5.14=
|
5.5(14) Flash image w/CiscoView
|
cat6000-supcv.5-5-14.bin
|
SC6K-SUPCV-5.5.14
|
SC6K-SUPCV-5.5.14=
|
5.5(13a) Flash image
|
cat6000-sup.5-5-13a.bin
|
SC6K-SUP-5.5.13a
|
SC6K-SUP-5.5.13a=
|
5.5(13a) Flash image w/CiscoView
|
cat6000-supcv.5-5-13a.bin
|
SC6K-SUPCV-5.5.13a
|
SC6K-SUPCV-5.5.13a=
|
5.5(13) Flash image
|
cat6000-sup.5-5-13.bin
|
SC6K-SUP-5.5.13
|
SC6K-SUP-5.5.13=
|
5.5(13) Flash image w/CiscoView
|
cat6000-supcv.5-5-13.bin
|
SC6K-SUPCV-5.5.13
|
SC6K-SUPCV-5.5.13=
|
5.5(12a) Flash image
|
cat6000-sup.5-5-12a.bin
|
SC6K-SUP-5.5.12a
|
SC6K-SUP-5.5.12a=
|
5.5(12a) Flash image w/CiscoView
|
cat6000-supcv.5-5-12a.bin
|
SC6K-SUPCV-5.5.12a
|
SC6K-SUPCV-5.5.12a=
|
5.5(12) Flash image
|
cat6000-sup.5-5-12.bin
|
SC6K-SUP-5.5.12
|
SC6K-SUP-5.5.12=
|
5.5(12) Flash image w/CiscoView
|
cat6000-supcv.5-5-12.bin
|
SC6K-SUPCV-5.5.12
|
SC6K-SUPCV-5.5.12=
|
5.5(11a) Flash image
|
cat6000-sup.5-5-11a.bin
|
SC6K-SUP-5.5.11a
|
SC6K-SUP-5.5.11a=
|
5.5(11a) Flash image w/CiscoView
|
cat6000-supcv.5-5-11a.bin
|
SC6K-SUPCV-5.5.11a
|
SC6K-SUPCV-5.5.11a=
|
5.5(11) Flash image
|
cat6000-sup.5-5-11.bin
|
SC6K-SUP-5.5.11
|
SC6K-SUP-5.5.11=
|
5.5(11) Flash image w/CiscoView
|
cat6000-supcv.5-5-11.bin
|
SC6K-SUPCV-5.5.11
|
SC6K-SUPCV-5.5.11=
|
5.5(10a) Flash image
|
cat6000-sup.5-5-10a.bin
|
SC6K-SUP-5.5.10a
|
SC6K-SUP-5.5.10a=
|
5.5(10a) Flash image w/CiscoView
|
cat6000-supcv.5-5-10a.bin
|
SC6K-SUPCV-5.5.10a
|
SC6K-SUPCV-5.5.10a=
|
5.5(10) Flash image
|
cat6000-sup.5-5-10.bin
|
SC6K-SUP-5.5.10
|
SC6K-SUP-5.5.10=
|
5.5(10) Flash image w/CiscoView
|
cat6000-supcv.5-5-10.bin
|
SC6K-SUPCV-5.5.10
|
SC6K-SUPCV-5.5.10=
|
5.5(9) Flash image
|
cat6000-sup.5-5-9.bin
|
SC6K-SUP-5.5.9
|
SC6K-SUP-5.5.9=
|
5.5(9) Flash image w/CiscoView
|
cat6000-supcv.5-5-9.bin
|
SC6K-SUPCV-5.5.9
|
SC6K-SUPCV-5.5.9=
|
5.5(8a) Flash image w/CiscoView
|
cat6000-supcv.5-5-8a.bin
|
SC6K-SUPCV-5.5.8a
|
SC6K-SUPCV-5.5.8a=
|
5.5(8) Flash image
|
cat6000-sup.5-5-8.bin
|
SC6K-SUP-5.5.8
|
SC6K-SUP-5.5.8=
|
5.5(8) Flash image w/CiscoView1
|
cat6000-supcv.5-5-8.bin
|
SC6K-SUPCV-5.5.8
|
SC6K-SUPCV-5.5.8=
|
5.5(7a) Flash image
|
cat6000-sup.5-5-7a.bin
|
SC6K-SUP-5.5.7a
|
SC6K-SUP-5.5.7a=
|
5.5(7) Flash image
|
cat6000-sup.5-5-7.bin
|
SC6K-SUP-5.5.7
|
SC6K-SUP-5.5.7=
|
5.5(7) Flash image w/CiscoView1
|
cat6000-supcv.5-5-7.bin
|
SC6K-SUPCV-5.5.7
|
SC6K-SUPCV-5.5.7=
|
5.5(6a) Flash image
|
cat6000-sup.5-5-6a.bin
|
SC6K-SUP-5.5.6
|
SC6K-SUP-5.5.6=
|
5.5(6a) Flash image w/CiscoView1
|
cat6000-supcv.5-5-6a.bin
|
SC6K-SUPCV-5.5.6
|
SC6K-SUPCV-5.5.6=
|
5.5(6) Flash image
|
cat6000-sup.5-5-6.bin
|
SC6K-SUP-5.5.6
|
SC6K-SUP-5.5.6=
|
5.5(6) Flash image w/CiscoView1
|
cat6000-supcv.5-5-6.bin
|
SC6K-SUPCV-5.5.6
|
SC6K-SUPCV-5.5.6=
|
5.5(5) Flash image
|
cat6000-sup.5-5-5.bin
|
SC6K-SUP-5.5.5
|
SC6K-SUP-5.5.5=
|
5.5(5) Flash image w/CiscoView1
|
cat6000-supcv.5-5-5.bin
|
SC6K-SUPCV-5.5.5
|
SC6K-SUPCV-5.5.5=
|
5.5(4b) Flash image
|
cat6000-sup.5-5-4b.bin
|
SC6K-SUP-5.5.4
|
SC6K-SUP-5.5.4=
|
5.5(4b) Flash image w/CiscoView1
|
cat6000-supcv.5-5-4b.bin
|
SC6K-SUPCV-5.5.4
|
SC6K-SUPCV-5.5.4=
|
5.5(4a) Flash image
|
cat6000-sup.5-5-4a.bin
|
SC6K-SUP-5.5.4
|
SC6K-SUP-5.5.4=
|
5.5(4a) Flash image w/CiscoView1
|
cat6000-supcv.5-5-4a.bin
|
SC6K-SUPCV-5.5.4
|
SC6K-SUPCV-5.5.4=
|
5.5(4) Flash image
|
cat6000-sup.5-5-4.bin
|
SC6K-SUP-5.5.4
|
SC6K-SUP-5.5.4=
|
5.5(4) Flash image w/CiscoView2 , 1
|
cat6000-supcv.5-5-4.bin
|
SC6K-SUPCV-5.5.4
|
SC6K-SUPCV-5.5.4=
|
5.5(3) Flash image
|
cat6000-sup.5-5-3.bin
|
SC6K-SUP-5.5.3
|
SC6K-SUP-5.5.3=
|
5.5(3) Flash image w/CiscoView3 , 1
|
cat6000-supcv.5-5-3.bin
|
SC6K-SUPCV-5.5.3
|
SC6K-SUPCV-5.5.3=
|
5.5(2) Flash image
|
cat6000-sup.5-5-2.bin
|
SC6K-SUP-5.5.2
|
SC6K-SUP-5.5.2=
|
5.5(2) Flash image w/CiscoView3, 1
|
cat6000-supcv.5-5-2.bin
|
SC6K-SUPCV-5.5.2
|
SC6K-SUPCV-5.5.2=
|
5.5(1) Flash image
|
cat6000-sup.5-5-1.bin
|
SC6K-SUP-5.5.1
|
SC6K-SUP-5.5.1=
|
5.5(1) Flash image w/CiscoView3, 1
|
cat6000-supcv.5-5-1.bin
|
SC6K-SUPCV-5.5.1
|
SC6K-SUPCV-5.5.1=
|
5.4(4a) Flash image
|
cat6000-sup.5-4-4a.bin
|
SC6K-SUP-5.4.4a
|
SC6K-SUP-5.4.4a=
|
5.4(4) Flash image
|
cat6000-sup.5-4-4.bin
|
SC6K-SUP-5.4.4
|
SC6K-SUP-5.4.4=
|
5.4(4) Flash image w/CiscoView3, 1
|
cat6000-supcv.5-4-4.bin
|
SC6K-SUPCV-5.4.4
|
SC6K-SUPCV-5.4.4=
|
5.4(3) Flash image
|
cat6000-sup.5-4-3.bin
|
SC6K-SUP-5.4.3
|
SC6K-SUP-5.4.3=
|
5.4(3) Flash image w/CiscoView3, 1
|
cat6000-supcv.5-4-3.bin
|
SC6K-SUPCV-5.4.3
|
SC6K-SUPCV-5.4.3=
|
5.4(2a) Flash image
|
cat6000-sup.5-4-2a.bin
|
SC6K-SUP-5.4.2a
|
SC6K-SUP-5.4.2a=
|
5.4(2) Flash image
|
cat6000-sup.5-4-2.bin
|
SC6K-SUP-5.4.2
|
SC6K-SUP-5.4.2=
|
5.4(2) Flash image w/CiscoView3, 1
|
cat6000-supcv.5-4-2.bin
|
SC6K-SUPCV-5.4.2
|
SC6K-SUPCV-5.4.2=
|
5.3(6a)CSX
|
cat6000-sup.5-3-6a-CSX.bin
|
SFC6K-SUP-5.3.6a-CSX
|
SWC6K-SUP-5.3.6a-CSX=
|
5.3(6)CSX
|
cat6000-sup.5-3-6-CSX.bin
|
SFC6K-SUP-5.3.6-CSX
|
SWC6K-SUP-5.3.6-CSX=
|
5.3(5a)CSX
|
cat6000-sup.5-3-5a-CSX.bin
|
SFC6K-SUP-5.3.5a-CSX
|
SWC6K-SUP-5.3.5a-CSX=
|
5.3(4)CSX
|
cat6000-sup.5-3-4-CSX.bin
|
SFC6K-SUP-5.3.4-CSX
|
SWC6K-SUP-5.3.4-CSX=
|
5.3(3)CSX
|
cat6000-sup.5-3-3-CSX.bin
|
SFC6K-SUP-5.3.3-CSX
|
SWC6K-SUP-5.3.3-CSX=
|
5.3(2)CSX
|
cat6000-sup.5-3-2-CSX.bin
|
SFC6K-SUP-5.3.2-CSX
|
SWC6K-SUP-5.3.2-CSX=
|
5.2(3a)CSX
|
cat6000-sup.5-2-3a-CSX.bin
|
SFC6K-SUP-5.2.3a-CSX
|
SWC6K-SUP-5.2.3a-CSX=
|
5.2(3)CSX
|
cat6000-sup.5-2-3-CSX.bin
|
SFC6K-SUP-5.2.3-CSX
|
SWC6K-SUP-5.2.3-CSX=
|
5.2(2)CSX
|
cat6000-sup.5-2-2-CSX.bin
|
SFC6K-SUP-5.2.2-CSX
|
SWC6K-SUP-5.2.2-CSX=
|
5.2(1)CSX
|
cat6000-sup.5-2-1-CSX.bin
|
SFC6K-SUP-5.2.1-CSX
|
SWC6K-SUP-5.2.1-CSX=
|
5.1(1a)CSX
|
cat6000-sup.5-1-1a-CSX.bin
|
SFC6K-SUP-5.1.1a-CSX
|
SWC6K-SUP-5.1.1a-CSX=
|
5.1(1)CSX
|
cat6000-sup.5-1-1-CSX.bin
|
SFC6K-SUP-5.1.1-CSX
|
SWC6K-SUP-5.1.1-CSX=
|
Software Image Version Compatibility
With high-availability versioning enabled, you can have two different but compatible images on the active and standby supervisor engines. The active supervisor engine exchanges image version information with the standby supervisor engine and determines whether the images are compatible for enabling high availability. If the active and standby supervisor engines are not running compatible image versions, you cannot enable high availability.
Image versioning is supported in supervisor engine software releases 5.4(1) and later. With versioning enabled, high availability is fully supported with the active and standby supervisor engines running different images as long as the images are compatible. The only fully compatible images are as follows:
•Supervisor Engine 1
–5.5(3) and 5.5(4)
–6.1(3) and 6.1(4)
–6.2(2) and 6.2(3)
–6.3(2) and 6.3(3)
•Supervisor Engine 2
–6.1(3) and 6.1(4)
–6.2(2) and 6.2(3)
–6.3(2) and 6.3(3)
Images that are compatible with all modules except Gigabit Ethernet switching modules are as follows:
•Supervisor Engine 1
–5.4(3) and 5.4(4)
–5.5(3) and 5.5(5)
–5.5(4) and 5.5(5)
Images that are compatible with Gigabit Ethernet switching modules but not compatible with 10/100BASE-T modules are as follows:
•Supervisor Engine 1
–5.5(6a) and 5.5(7)
Caution Attempting to run incompatible image versions could result in configuration loss.
Features for Supervisor Engine Software Release 5.5
This section describes the new hardware and software features available in software release 5.5.
Hardware Features
This section describes the new hardware component available in software release 5.5.
•24-port FXS analog interface module (WS-X6224-FXS)—Provides a standard RJ-21
Category 5 telco connector to connect directly to standard analog telephones or fax machines. The module interfaces supply ring voltage and dial tone. The module emulates the central office (CO) or private branch exchange (PBX) in that it provides a service to an analog telephone or fax machine. The telephone or fax machine connected through the FXS module behaves as if it is connected to a normal CO or PBX line. The module, which requires an IP address, is registered with Cisco CallManager in its domain and is managed by Cisco CallManager.
•8-port T1/E1 PSTN interface modules (WS-X6608-E1, WS-X6608-T1)—High-density, eight port, T1/E1 VoIP module that can support both digital T1/E1 connectivity to the PSTN or transcoding and conferencing. The modules, which require an IP address, are registered with Cisco CallManager in its domain and are managed by Cisco CallManager.
The module software is downloaded from a TFTP server. Depending upon which software you download, the ports can serve as T1/E1 interfaces or the ports will support transcoding and conferencing.
•Network Analysis Module (WS-X6380-NAM)—Monitors and analyzes network traffic for the Catalyst 6000 family switches using RMON, RMON2, and other MIBs. The RMON support that the NAM provides for Ethernet VLANs is an extension of the RMON support provided by the
Catalyst 6000 family supervisor engine. The switched port analyzer (SPAN) selects network traffic and directs it to the NAM. TrafficDirector, or any other IETF-compliant RMON application, can analyze link characteristics, packet layers for capacity planning or departmental accounting, differentiated service deployment and policies, and filter/capture packets for debugging.
•Catalyst family inline-power patch panel (WS-PWR-PANEL)—Works with any
Cisco 10/100-Mbps switching product capable of supporting IP telephones. The inline-power patch panel eliminates the need for external power sources; it is a standalone chassis that can be colocated with the Catalyst switch to provide -48 VDC power directly to the telephone through existing Catalyst family 10/100BASE-TX switching modules. When used with an uninterruptible power supply (UPS), the inline-power patch panel can provide power to the telephone even in a power failure. The inline-power patch panel has 48 RJ-45 input ports and
48 RJ-45 output ports. There are two RJ-45 connectors per port for a total of 48 ports.
•Inline-power field-upgrade module (WS-F6K-VPWR)—Mounts on the 48-port 10/100TX RJ-45 module (WS-X6348-RJ-45) and provides -48 VDC inline power on all ports.
•2500W AC-input power supply (WS-CAC-2500W)
Software Features
This section describes the new software features available in software release 5.5.
Numerous software features are introduced in this release to support configuring a voice-over-IP (VoIP) network using the Catalyst 6000 family voice-related hardware described in the previous section.
For detailed information on the Catalyst 6000 family VoIP software, refer to the "Configuring a Voice-over-IP Network" chapter of the Catalyst 6000 Family Software Configuration Guide publication.
Features for Supervisor Engine Software Release 5.4
This section describes the new hardware and software features available in software release 5.4.
Hardware Features
This section describes the new hardware component available in software release 5.4.
•WS-F6K-MSFC2—MSFC2 router daughter card.
•16-port Gigabit Ethernet module (WS-X6416-GBIC)—Provides 16 switched, full-duplex Gigabit Ethernet ports that you can configure with any combination of 1000BASE-SX, LX/LH, and ZX GBICs. Ports have SC-type connectors for MMF and SMF.
•FlexWAN module (WS-X6182-2PA)—Delivers flexible support for a wide range of
Cisco 7200/7500 WAN port adapters. Two port adapters per FlexWAN module are supported, scaling from T1/E1 to OC-3 interfaces and including protocol support for Frame Relay, ATM, Packet over SONET, PPP, and HDLC. The FlexWAN module resides in a single slot of any Catalyst 6000 family switch and has no slot dependencies or limitations. The FlexWAN module works with the Policy Feature Card (PFC) on the supervisor engine of the Catalyst 6000 family switch to deliver wire-speed security access control, distributed quality of service (QoS), and granular traffic management functionality.
Note To use the FlexWAN module, you must have a supervisor engine with an MSFC and PFC. You configure the FlexWAN module through the MSFC. For information regarding the FlexWan module, refer to the Catalyst 6000 Family FlexWAN Module Installation and Configuration Note.
•48-port 10/100TX RJ-45 Ethernet module (WS-X6348-RJ-45)—Provides enhanced QoS features, 128-KB per-port packet buffers, and accepts a field-upgradable voice daughter card in a future release to provide inline power to IP telephones.
•48-port 10/100 Telco RJ-21 Ethernet module (WS-X6248A-TEL)—Provides enhanced QoS features.
•8-port Gigabit Ethernet module (WS-X6408A-GBIC)—Provides enhanced QoS features.
•24-port 100FX multimode and single-mode fiber modules (WS-X6324-100FX-MM, WS-X6324-100FX-SM)—Provide 128-KB per-port packet buffers.
•16-port 1000BASE-TX RJ-45 Gigabit Ethernet module (WS-X6316-GE-TX)—Provides Gigabit connectivity using standard Category 5 UTP cabling.
Software Features
This section describes the new software features available in software release 5.4.
•UDLD enhancements—With supervisor engine software releases 5.4(3) and later, you can specify the message interval between UDLD messages. Previously, the message interval was fixed at
60 seconds. With a configurable message interval, UDLD reacts much faster to link failures.
Additionally, releases 5.4(3) and later have UDLD aggressive mode. UDLD aggressive mode is disabled by default and its use is recommended only for point-to-point links between Cisco switches running software release 5.4(3) or later. With aggressive mode enabled, when a port on a bidirectional link stops receiving UDLD packets, UDLD tries to reestablish the connection with the neighbor. After eight failed retries, the port is put into errdisable state.
In order to prevent spanning tree loops, normal UDLD with the default interval of 15 seconds is fast enough to shut down a unidirectional link before a blocking port transitions to forwarding state (when default spanning tree parameters are used).
Enabling UDLD aggressive mode provides additional benefits in the following cases:
–One side of a link has a port stuck (both Tx and Rx)
–One side of a link remains up while the other side of the link has gone down
In these cases, UDLD aggressive mode errdisables one of the ports on the link and stops the dropping of traffic. Even with aggressive mode disabled, there would have been no risk for a broadcast storm due to a spanning tree loop in this situation, as one port is unable to pass traffic in both directions.
For detailed information on configuring the message interval and UDLD aggressive mode, refer to the online version of the Catalyst 6000 Family Software Configuration Guide, Release 5.4.
•The Catalyst Web Interface (CWI) is a browser-based tool that you can use to configure the
Catalyst 6000, 5000, and 4000 family switches. It consists of a graphical user interface (GUI) that runs on the client (a Catalyst version of CiscoView 5.0) and a Hypertext Transfer Protocol (HTTP) server that runs on the switch. A GUI alternative to the CLI and SNMP interfaces, the CWI provides a real-time graphical representation of the switch and detailed information such as port status, module status, type of chassis, and modules. The CWI uses HTTP to download CiscoView from the server to the client.
Note For information on installing and using the CWI, refer to the Catalyst 6000, 5000, and 4000 Family Switches Web Interface Installation and Configuration Note publication.
•High Availability—Provides improved switchover time from the active supervisor engine to the standby supervisor engine by synchronizing the standby supervisor engine with the active supervisor engine. In a switchover, the standby can take over and continue exactly where the failed supervisor engine left off. The high availability feature also provides a versioning option. High availability versioning allows you to have two different but compatible images on the active and standby supervisor engines. The active supervisor engine exchanges image version information with the standby supervisor engine and determines whether the images are compatible for enabling high availability.
•RADIUS authorization and accounting—Provides client-server authentication and accounting for users attempting to connect to the switch.
•TACACS+ authorization and accounting—Provides client-server authentication and accounting for access to network devices.
•Generic summertime—Allows you to configure non-US summertime.
•NTP enhancements—Trusted Key and Authorization supports the trusted key option where NTP time updates are only accepted from hosts with the correct key.
•Errdisable timeout—Allows you to automatically enable or reset a port minutes after a port is disabled by the software due to excessive errors.
•Case-sensitive password—Allows you to set case-sensitive passwords.
•IP permit list enhancements—Increases the number of IP entries allowed and provides you with the capability to configure separate permit lists for Telnet and SNMP traffic.
•Banner improvement—Increases the banner string to 3,070 characters long and includes a tab character.
•Scheduled reset—Allows you to reset the switch at a specified date and time.
•Permanent ARP entries—Allows you to save a static ARP entry in the NVRAM (or Flash) configuration file so a reset or power cycle does not clear the entry.
•Private VLANs—Are sets of ports that have the features of normal VLANs and also provide some Layer 2 isolation from other ports on the Catalyst 6000 family switch.
•Port security enhancements and single device per port:
–Increases the number of learned and configurable MAC addresses for port security to 1 MAC address per port and 1024 shared MAC addresses.
–Supports an option to automatically enable/reset the port N minutes after a port security violation lockdown.
–Provides an option to allow port security to automatically enable or reset the port on a link down instead of after a timeout. (NOT supported)
–Supports aging on the learned address to allow a new MAC address to use switch port after a configurable aging time in minutes.
•Kerberos Telnet—Provides support for encrypted Telnet sessions on the switch using Kerberos.
•DHCP client and rcp—Allows the switch to obtain its IP configuration from a DHCP server automatically and provides an alternative method for copying system software image files and configuration files over the network using remote copy (rcp).
•Command completion—Allows you to use the tab key to automatically complete unambiguous commands.
•Show config nondefault and default filename for device config file—Allows you to specify nondefault values only in the show config command.
•Config from Flash on startup—Allows the switch to use a configuration file on Flash instead of NVRAM.
•show tech-support command—Allows you to capture all of the information and statistics required by Cisco TAC for the entire device.
•set port host command—Essentially a CLI macro that executes these commands: set spantree portfast enable, set trunk off, and set port channel off. This new command will provide a quick and convenient way to configure host/access ports to a mode that allows the port to forward traffic in less than 1 second from link up.
•VLAN 1 disable on trunks—Allows you to disable VLAN 1 on any individual VLAN trunk link.
•PortFast guard—Provides a means to shut the port down when any received BPDUs are detected.
•RGMP support—Allows the switch to forward IP multicast traffic to only those multicast routers that are interested in receiving the traffic, thus offloading the multicast router from unnecessary packet processing and improving the network bandwidth.
Note You can configure the switch to forward IP multicast traffic to an external router only for RGMP; the MSFC will support RGMP in Release 12.1(1)E.
•IGMP fast leave—Provides a mechanism where you can leave multicast sessions without any latency.
•Disable port startup option—Allows you to specify the default operation for all ports to be shutdown, and once set, in the event of a complete configuration erase or a corrupted configuration, no traffic will be transmitted through the switch.
•Diagnostics options on bootup—Provides options to bypass all diagnostics completely, run a minimal set, or run the complete set.
•Capture capability with VACLs—Allows you to capture selective traffic and redirect it to one or multiple ports to which an intrusion detection appliance(s) can be connected.
•SNMPv3—Provides security and remote configuration capabilities of SNMPv3.
•Improved SNMP response time—Minimizes the response time for the SNMP subsystem in the Catalyst 6000 family switch.
•External LDA with the internal router—Supports the internal router as the default router.
•QoS ACL and VACL configuration from Flash memory—Configures and stores ACLs in Flash memory instead of NVRAM.
•System log messages for backplane traffic, low memory conditions, memory corruption, NVRAM conditions, inband communication errors, and TCP/UDP errors.
Features for Supervisor Engine Software Release 5.3
This section describes the new features available in software release 5.3.
•UniDirectional Link Detection (UDLD) detects unidirectional connections on both copper and fiber-optic links.
•RADIUS authentication provides client-server authentication for users attempting to connect to the switch.
•Jumbo frame support for intraVLAN traffic on Gigabit Ethernet links increases the MTU size to 9216 bytes (note that jumbo frames cannot be routed or fragmented for transmission through slower ports).
•Virtual Management Policy Server (VMPS) client support allows network administrators to define the VLAN membership policies for their network in a central database so that the switch automatically configures user ports to the correct VLAN.
•With the single-port OC-12 ATM module (SMF or MMF), the following is supported:
–Reassembly of up to 255 buffers simultaneously (each buffer represents a packet)
–Support for up to 4096 virtual circuits
–Support for AAL 5
–ATM LANE 1.0, including LEC, LES, BUS, and LECS
–MPOA support
•On switches with a Policy Feature Card (PFC), the following is supported:
Note IPX VACLs, QoS ACLs, COPS-DS, and RSVP for Qualitative Service were introduced in software release 5.3(1a)CSX but were not fully tested; you were instructed not to use them. These features can be used in software releases 5.3(3)CSX or later as they have been fully tested.
–VLAN access control lists (VACLs) using IP, IPX, and MAC ACLs.
VACL enhancements in software release 5.3(3)CSX are as follows:
A VACL redirect ACE allows a unicast flow to be specified.
–Common Open Policy Service (COPS) for Differentiated Services (DS) allows QoS to be configured from a central policy decision point server.
–Resource ReSerVation Protocol (RSVP) for Qualitative Service allows hosts to request QoS.
–Remote SPAN (RSPAN) supports source and destination SPAN ports on other compatible switches.
–Quality of service (QoS) supports classification, marking, and policing using IP, IPX, and MAC ACLs.
–Accelerated server load balancing (ASLB) support enables Catalyst 6000 family switches to cache Cisco LocalDirector load balancing flows, accelerating the performance of the LocalDirector, which is a network appliance with a secure, real-time, embedded operating system that intelligently load balances IP traffic across multiple servers (refer to the
Catalyst 6000 Family Accelerated Server Load Balancing Installation and Configuration Note).
ASLB enhancements in software release 5.3(3)CSX are as follows:
A TCP port can be a wildcard (0).
Up to 1024 virtual-IP addresses and TCP port pairs are supported.
Note Accelerated server load balancing was previously called LocalDirector Accelerator in these release notes.
•On switches with a Multilayer Switch Feature Card (MSFC), the following is supported:
–IP Multilayer Switching (MLS) provides high-performance, hardware-based Layer 3 switching of IP unicast traffic, offloading processor-intensive IP packet routing from network routers.
–IP Multicast Multilayer Switching (IP MMLS) provides high-performance, hardware-based Layer 3 switching of IP multicast traffic, offloading processor-intensive IP multicast packet routing from network routers.
–IPX MLS provides high-performance, hardware-based Layer 3 switching of IPX unicast traffic, offloading processor-intensive IPX packet routing from network routers. Provides standard and extended IOS access control lists (ACLs) at wire rate.
–NetFlow Data Export (NDE) allows a summary of intersubnet Layer 3 traffic statistics for all expired flows to be periodically exported to a network management data collector.
Note Refer to the Release Notes for Catalyst 6000 Family Multilayer Switch Feature Card.
Features for Supervisor Engine Software Release 5.2
This section describes the new features available in software release 5.2.
•GARP VLAN Registration Protocol (GVRP; see IEEE 802.1p) provides 802.1Q-compliant VLAN pruning and dynamic VLAN creation on 802.1Q trunk ports.
•GARP Multicast Registration Protocol (GMRP; see IEEE 802.1p) maintains Layer 2 multicast groups that determine which switch ports need to participate in multicasts.
•EtherChannel frame distribution is configurable with Layer 2 Switching Feature Card II (WS-F6020A) and can use either Media Access Control (MAC) addresses or IP addresses and either source or destination or both source and destination addresses.
Enter a show module command for the supervisor engine to determine if EtherChannel frame distribution is configurable on your switch. If the display shows the "Sub-Type" to be "L2 Switching Engine I WS-F6020," then EtherChannel frame distribution is not configurable on your switch; it uses source and destination MAC addresses. EtherChannel frame distribution is configurable with any other switching engine and the default is to use source and destination IP addresses.
•Spanning Tree Protocol can be enabled and disabled on a per-VLAN basis.
Features for Supervisor Engine Software Release 5.1
This section describes the new features available in software release 5.1.
•IP supernetting, compatible with classless interdomain routing (CIDR) allows entry of a netmask instead of a subnet mask.
•802.1Q-to-ISL VLAN mapping allows mapping of up to eight 802.1Q VLANs numbered above 1005 to ISL VLANs.
•Quality of service (QoS) prioritizes network traffic with class of service (CoS) values received in ISL or 802.1Q frame headers or with CoS values set in the switch.
•All Ethernet ports on all modules, including those on a standby supervisor engine, support EtherChannel (maximum of eight ports) with no requirement that ports be contiguous or on the same module.
•All Ethernet ports on all modules support Inter-Switch Link (ISL) and 802.1Q VLAN trunking.
•For transmitted traffic, provides up to four SPAN sessions; for received or both transmitted and received traffic, provides up to two SPAN sessions.
Usage Guidelines and Restrictions
This section provides usage guidelines and restrictions for the Catalyst 6000 family switches.
•With QoS, the rate and burst parameters for microflow/aggregate policing are specified in terms of Kbps (kilo-bits-per-second) and Kb (kilo bits). However, the following should be noted:
–Rate specification—1 Kbps is equivalent to 1000 bits-per-second (as opposed to 1024 bits-per-second)
–Burst specification—1 Kb is equivalent to 1024 bits
•The WS-C6K-9SLOT-FAN2 fan tray is supported in all chassis (except for the 3-slot chassis) and all software releases. The minimum power supply requirement is 2500W. It is important that you determine the power requirements for your hardware configuration to ensure that your switch has adequate power for all modules. To determine power requirements, refer to the CCO power calculator at this URL:http://www.cisco.com/go/powercalculator.
•Using SPAN to monitor both ingress and egress traffic on an RPF port on a Catalyst 6500 series switch causes duplicate packets to be registered.
Workaround: Enable SPAN to monitor traffic in one direction only. (CSCdx50074)
•MAC addresses—Theoretical and recommended limits for PFC: 128K theoretical maximum, 32K recommended.
•For login authentication, starting from software releases 5.5(15), 6.3(7), and 7.3(1), if you press the Enter key and then type in your password (<Enter> <password>) the ACS TACACS+ server will treat it as an indication that you are attempting to change your password. This behavior is related to CSCdx08395. Before the CSCdx08395 fix, the user privilege level was hard coded to 15 in the TACACS+ authentication request packet. With the CSCdx08395 fix, the user privilege level is set based on the privilege level that the user is authenticated as. For example, if the user is doing a login authentication, the privilege level would be 1. If the user is doing an enable authentication, the privilege level would be 15.
The Cisco ACS TACACS+ server acts differently for <Enter> <password>. For login authentication, if the user priv-lvl is hard coded to 15, <Enter> <password> is treated as a regular password attempt. If the user priv-lvl is set to 1 (CSCdx08395) during login authentication, then <Enter> <password> is treated as an indication of a changing password. The latter case is a behavior consistent with TACACS+ enable authentication and IOS software handling of <Enter> <password>. (CSCdy35129)
•Software release 6.1(1a)CV and later requires JPI (Java Plug-in) 1.3.0 in the browser. JPI versions released after 1.3.0 (1.3.0_01 and above) do not work with software releases 5.5(4)CV or 6.1(1a)CV. This version of JPI is incompatible with the 5.5(3)CV and earlier releases which require JPI 1.2.2. (CSCdt96453)
•The supported client platform/browser/plug-in versions to launch embedded CiscoView are as follows:
–Solaris 2.6/2.7, Netscape Communicator 4.7, plug-in 1.3.0 (JRE 1.3.0)
–Windows NT 4.0 and Windows 2000, Internet Explorer 5.5 and Netscape Communicator 4.7, plug-in 1.3.0-C (JRE 1.3.0)
•The digital security certificate that is used to sign the Java classes in supervisor engine software release 5.5(8a) will be valid until May 19, 2002. After the expiration date, if embedded CiscoView cannot be launched or an access control error occurs, upgrade to the latest supervisor engine image available at that time or upgrade the plug-in/browser on the client machine.
•IPX Layer-3 switched traffic with a SAP encapsulation type (Novell Ethernet 802.2) to non-SAP encapsulation type (Novell Ethertype's: Ethernet 802.3, Ethernet II, and Ethernet SNAP) and vice versa, follows the software forwarding path (via MSFC/MSFC2) on the PFC and PFC2 forwarding engines. This might cause high CPU utilization on the MSFC/MSFC2. The workaround is to avoid SAP to non-SAP and vice versa encapsulation changes when doing IPX Layer 3 switching.
•The minimum boot ROM required for software release 5.4(1) and later releases is 5.2(1).
•When you hot insert a module into a Catalyst 6000 or 6500 series chassis, be sure to use the ejector levers on the front of the module to seat the backplane pins properly. Inserting a module without using the ejector levers might cause the supervisor engine to display incorrect messages about the module. If you see minor hardware failures or Pinnacle sync errors on bootup, reconfirm that the supervisor engine and all the switching modules are fully seated, the ejector levers are fully depressed, and the thumbscrews are fully tightened.
•If the forward delay, max age, and hello time Spanning Tree Protocol (STP) parameters are reduced in value, ensure that the number of instances of STP are also reduced proportionally to avoid STP loops in the network.
•Note that VACLs access-control all traffic passing through a VLAN. This includes broadcast traffic and packets going to and from the router. Therefore, you must use care when defining a VACL.
For example, to allow traffic from a local IPX client (daf11511) to a remote server (daf00402), the following VACL is configured (remote server is learned through a routing protocol):
set security acl ipx jg_ipx_permit
---------------------------------------------------
1. permit any DAF00402 DAF11511
2. permit any DAF11511 DAF00402
3. permit any DAF01023 DAF01023
6. permit any DAF11511 DAF11511
The VACL description is as follows:
–1, 2. Allow IPX between client and server.
–3. The router does need to see the RIP/SAP packets.
–4. If packets are dropped during a connection, the client tries to find another route to the server by sending out RIP requests to IPX network 0.ffff.ffff.ffff. Not doing this results in a lost connection after packet drop.
–5. A client starting up, sends its first packets to 0.ffff.ffff.ffff and uses 0.ffff.ffff.ffff as its one IPX address.
–6. When a server connection socket times out, the client reconnects by sending a request to its local network to find its server.
As the example shows, 1 and 2 are not enough, you also have to define 3 through 6. (CSCdm55828)
•If you create a security ACL with the redirect option and then replace the module that has the redirect port with another kind of module, the security ACL does not have the redirect port list anymore. The workaround is to modify the security ACL manually with the new redirect port information. (CSCdp74757)
•You cannot reset individual ports on WS-X6608-T1 or -E1 modules. To reset a port, reset the module. (CSCds19417)
•In some situations, if there is an error in installing any COPS policy, a successful commit is sent to the PDP even though the policy was not correctly installed. In such situations, any modifications to the port's role combination will not install the correct policy on the port with the error condition. This might result in a switch reset. (CSCdp66572)
•If a COPS ACL containing a policer is downloaded to the switch and the switch cannot support the exact rate/burst supplied by the policer, there is no message to inform you that the rate/burst was rounded off to the nearest value that the hardware could support. (CSCdr28715)
•Catalyst 6000 family switches do not support non-zero WRED minimum values. If a COPS QPM server sends down a COPS policy with a non-zero WRED minimum value, no error report is returned to the COPS server, and as a result, there is no indication to the user that the WRED minimum specified in the COPS policy was not used. (CSCdr28819)
•On a Catalyst 6000 family switch, when the switch QoS policy source is COPS, no COPS roles are defined for a port, and the port policy source is COPS, the values that you set for the QoS configuration (such as queue mappings and sizes) are inappropriate. For example, all CoS values get mapped to the strict priority queue on a 1P2Q2T or 1P1Q4T port type. This situation can lead to bandwidth starvation for other ports in the switch, especially, if these ports with a strict priority queue are generating high rates of traffic. The workaround to avoid this problem is to either configure a COPS role on all ports in the switch or configure all ports without a COPS role to use local policy. (CSCdp44965)
•If there are a large number of QoS ACLs defined on the system during switch boot up, some packets might get switched before the QoS ACLs are installed in hardware. This would result in some packets getting an incorrect ToS or no policing applied. After the QoS ACLs are installed in hardware, the correct ToS and policers are applied. It is considered inappropriate to block traffic from flowing until all the QoS policy is installed. (CSCdp68608)
•After setting the QoS policy source to local, you might need to wait approximately 20 seconds before the QoS policy source can be set back to COPS. (CSCdp34367)
•When you reset the supervisor engine from a Telnet connection, the connection will not get dropped and will appear as though Telnet is frozen. To back out from the Telnet session, you need to manually disconnect the Telnet connection using the escape commands of the Telnet program. (CSCdp32220)
•The high availability feature does not support use of the Reset button. Pressing the Reset button to initiate a switchover results in a high availability switchover failure. The workaround is to make the active supervisor engine the standby supervisor engine first, and then remove it from the chassis. (CSCdp76806)
•If you have routed flows with MLS disabled (no shortcuts created), candidate entries are aged out rapidly to ensure that the forwarding table is used as much as possible by shortcut flows. However, a side effect of this rapid aging of candidate entries is that the microflow policer does not work accurately. This is due to the fact that policing history is lost when the entries age out. When the same flow creates a new entry, it gets the entire traffic contract again even though it might have exceeded the contract before the entry aged out. (CSCdp59086)
•If you perform a manual switchover or reset a switch while high availability events are waiting in the queue of the standby supervisor engine, when the events will be completely processed is not known, and all configurations might not synchronize to the standby supervisor engine properly. (High availability events are the result of changing the configuration through the CLI.) We suggest that after changing the configuration, you allow additional time before resetting the switch to allow the supervisor engine to process all synchronized events. (CSCdp59261)
•COPS policy fails to install on ports with a large number of QoS policers. The workaround is to unmap the local ACLs before installing the COPS policy. (CSCdp63138)
•The following debounce timer command options have been added to increase the jitter tolerance on 10/100 UTP ports to make them interoperable with out-of-spec NICs:
set option debounce enable—Sets debounce to 3.1 seconds on 10/100 modules.
set option debounce disable—Sets debounce to 300 ms. The default is 300 ms debounce. (CSCdp56343)
•Software release 5.x does not support full or destination-source flows for IPX traffic. When the MLS flowmask is set to destination-source or full flow, the show mls entry ipx destination command used to specify a specific destination displays all IPX Layer 3 entries rather than just those for a specific destination IPX address. (CSCdm46984)
•The following bug was mistakenly listed as open in software release 5.3(3)CSX. This bug never affected release 5.3(3)CSX or previous releases.
Bug description: SNMP: A system reset might occur when generating TopN reports with portTopNMode set to portTopNForeground(1). The workaround is to set portTopNMode to portTopNBackground(2) for all entries in portTopNControlTable. (CSCdp27013)
•Note that the following caveat, listed as open in previous releases, will not be fixed:
Changing the console port baud rate from 19,200 to 38,400 incorrectly sets the console port to 9600 baud. After a reset, the console port baud rate is 38,400. Changing the rate to 38,400 from any other setting works correctly. (CSCdk86876)
•You cannot use the tftpGrp MIB object to download Catalyst 6000 ATM software. (CSCdp16574)
•Use the QoS strict-priority queues for your highest-priority traffic only. The strict-priority queues are designed to accommodate only a limited volume of traffic. In switches with Supervisor Engine WS-X6K-SUP1A-2GE, if you overload the strict-priority-queues, the supervisor engine cannot service the standard queues. (CSCdm90683)
•The following bug was mistakenly identified as having been fixed in software release 5.3(1a)CSX. This bug was actually fixed prior to the 5.1(1)CSX software release and therefore was never an issue with Catalyst 6000 family switches.
Bug description: In some cases, a switch with redundant supervisor engines might reset as a result of the change from Daylight Saving Time to Standard Time. This problem only occurs if the Daylight Saving Time adjustment is enabled (using the set summertime enable command) and the switch has not been reset or power-cycled since the change to Standard Time. This problem is resolved in software release 5.3(1a)CSX. (CSCdk57762)
•You have to make sure that the redirect port defined in a VACL is on the same VLAN as the "incoming" VLAN for the packet that is to be redirected. Otherwise, the redirected packet will be dropped.
For example, a redirect VACL is defined on VLAN 5 and the redirect destination port is also on VLAN 5. If an MLS entry is destined to VLAN 5, packets that are coming from VLAN 2 hit this MLS entry and also hit the VACL redirect ACE (both VLAN 2 and VLAN 5 ACLs will be checked) and are redirected in the incoming VLAN, VLAN 2. The redirect destination port will drop them on VLAN 5 rather than on VLAN 2.
•With QoS disabled, an EtherChannel can contain ports with both strict-priority queues and ports without strict-priority queues. With QoS enabled, an EtherChannel cannot contain both port types. If you enable QoS, ports drop out of any EtherChannels that contain both port types.
•When a multicast goes to both bridged and routed addresses, the multicast packets going to the routed addresses are Layer 3 switched, and the multicast matches an ACL so that QoS should rewrite the ToS byte in the multicast packet, QoS rewrites the ToS byte for the multicast packets that are Layer 3 switched, but does not rewrite the ToS byte for the multicast packets that are bridged.
•24-port 100FX switching modules (WS-X6224-100FX-MT) with a hardware version of 1.1 or lower only support IEEE 802.1Q VLAN trunking; they do not support ISL trunking. Do not configure ISL trunks on 24-port 100FX Switching Modules (WS-X6224-100FX-MT) with a hardware version of 1.1 or lower. The restriction against ISL VLAN trunking is the only known problem with hardware version 1.1 or lower of these modules. If you do not require ISL VLAN trunking, these modules are fully functional. The ISL VLAN trunking problem has been corrected in hardware version 1.2 or later of these modules. If you wish to return a WS-X6224-100FX-MT module with a hardware version of 1.1 or lower, contact Cisco Systems.
You can identify WS-X6224-100FX-MT hardware versions using one of the following two methods:
–Command-line interface (CLI) method—Use the show version command to identify the hardware version of the WS-X6224-100FX-MT module as follows:
< ... output truncated ... >
Mod Port Model Serial # Versions
--- ---- ------------------- ----------- --------------------------------------
< ... output truncated ... >
5 24 WS-X6224-100FX-MT SAD02470006 Hw : 1.1
< ... output truncated ... >
The example shows a WS-X6224-100FX-MT module with a hardware version of 1.1; this version does not support ISL VLAN trunking.
–Physical inspection method—Look for the part number that is printed on a label on the outer edge of the component side of the module. Versions 73-3245-04 or lower do not support ISL trunking.
•The set port qos trust command and the trust-ipprec and trust-dscp port keywords are not allowed on 10-, 10/100-, and 100-Mbps ports. Instead, configure ACLs with the trust-cos, trust-dscp, and trust-ipprec ACE keywords. Note that the trust-cos port keyword can be used on 10-, 10/100-, and 100-Mbps ports to enable receive queue drop thresholds.
•The WS-X6248-TEL module RJ-21 connectors do not support Category 3 RJ-21 telco connectors and cabling. Using Category 3 connectors and cabling causes carrier sense errors. The connectors are keyed for Category 5 telco connectors and cables. You must use Category 5 RJ-21 telco connectors and cables.
•To avoid the case where all traffic is out of profile, the burst size specified in a QoS policing rule must be at least as large as the maximum packet size permissible in the traffic to which the rule is applied.
•We recommend that you do not use more than 1500 multicast groups with GMRP. This restriction does not apply to IGMP.
•Software release 5.4(1) and 5.4(2) images are not high availability (HA) compatible with HA versioning enabled. If one supervisor engine has software release 5.4(1) and the other has 5.4(2), you get a switchover, but it will not be a fast switchover. The switch loses its NVRAM configuration when you try to switch from the supervisor engine running software release 5.4(2) to the supervisor engine running 5.4(1). Therefore, we do not recommend running this configuration. (CSCdr21689)
•Software release 5.4(2) and 5.4(3) images are not high availability (HA) compatible with HA versioning enabled. If one supervisor engine has software release 5.4(2) and the other has 5.4(3), you get a switchover, but it will not be a fast switchover. The switch loses its NVRAM configuration when you try to switch from the supervisor engine running software release 5.4(3) to the supervisor engine running 5.4(2). Therefore, we do not recommend running this configuration. However, software releases 5.4.(4) and 5.4.(3) are HA compatible with HA versioning for these modules:
–WS-X6248-RJ-45
–WS-X6248-TEL
–WS-X6348-RJ-45
–WS-X6224-100FX-MT
–WS-X6024-10FL-MT
The following modules are HA incompatible with HA versioning and will reset when you upgrade to 5.4(4):
–WS-X6408-GBIC
–WS-X6416-GE-MT
The show module command might show different versions for different modules in the chassis when upgraded with versioning enabled. (CSCdr55665)
•In rare circumstances, multicast traffic might be blocked due to a mismatch between hardware and software entries. (CSCdp81324)
•With heavy COPS protocol traffic between either the COPS-DS client or the COPS-RSVP client and the PDP, it is possible for a connection keepalive timeout event to occur and for the COPS connection manager to miss a Client Close from the PDP. When this happens, the switch might have an exception later. (CSCdp64213)
•If you configure aging for UDP, it could slow down the removal of TCP entries belonging to a terminated connection. As a result, you might see entries no longer used in the NetFlow table aged with the regular aging time of all the NetFlow entries, instead of the very fast LDA aging. The workaround is to enable the fast UDP aging only when really needed (for example, when load balancing UDP). (CSCdp79475)
•Rarely, if you enter the show module command, the status of the MSFC on the standby supervisor engine might be displayed as other. This does not impact MSFC behavior and you should ignore this display. (CSCdp87997)
•CiscoView images take approximately 12 minutes to download from a TFTP server to a Flash PC card. (CSCdr14437)
•When using a VLAN interface other than VLAN 1, a VLAN added on a Catalyst 3500XL running 120.5.1-XP does not appear in the Catalyst 6000 family switch database. As soon as management interfaces are put back in VLAN 1, a VLAN configured on the 3500XL is sent properly to the Catalyst 6000 family switch through VTP. Check the status of CSCdr80902 in your IOS release. (CSCdr66376)
•With PFC and a standard network topology as shown below where you have multicast senders in the core and multicast receivers on the access layer:
| |
|
Layer 3 distribution No. 1
|
|
|
| |
/
|
|
\
|
|
Layer 2 access
|
|
|
|
Core
|
| |
\
|
|
/
|
|
| |
|
Layer 3 distribution No. 2
|
|
|
If both distribution switches have two supervisor engines and MSFCs and are configured to provide multicast functionality for the same access VLANs, then you will see high CPU utilization on the non-DR routers due to non-RPF traffic. (CSCdr74908)
•Online diagnostic failures are experienced on modules during boot up, online insertion, or module reset if the QoS default-action MAC ACL is reconfigured to include an aggregate policer with an action of drop. The system default does not include an aggregate policer in the default-action MAC ACL. The likelihood of the diagnostics failures increases as the amount of traffic being policed (dropped) by that aggregate policer increases. In general, as the rate value specified in the policer decreases, the amount of traffic matching all ACLs specifying that aggregate policer increases. (CSCdp15471)
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•Opening configuration dialogs after resizing the CiscoView browser window on a Solaris/Netscape Communicator client with Java plug-in 1.3.0 causes a Java IlleagalComponentStateException error. The workaround is to open the same dialog again. (CSCdu32555)
•If CiscoView cannot be launched on a Solaris/Netscape Communicator client or if an access control error occurs, clear the browser cache or ensure that the plug-in and JRE versions match. To change the JRE version to match the plug-in version, open the Java plug-in Control Panel under <JAVA_PLUGIN_INSTALL_DIRECTORY>/j2pi/ControlPanel (the standard Java plug-in installation directory is /opt/NSCPcom/). Go to the Advanced tab and select Java Run Time Environment as "Use Java Plug-in Default." (CSCdu32540)
Open and Resolved Caveats in Software Release 5.5(21)
This section describes open and resolved caveats in supervisor engine software release 5.5(21).
Open Caveats in Software Release 5.5(21)
This section describes open caveats in supervisor engine software release 5.5(21).
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite; there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.5(21)
This section describes resolved caveats in supervisor engine software release 5.5(21).
•With software release 5.5(21) and later releases, the switch now ignores broadcast NTP packets from unknown NTP servers. (CSCef95980)
Open and Resolved Caveats in Software Release 5.5(20)
This section describes open and resolved caveats in supervisor engine software release 5.5(20).
Open Caveats in Software Release 5.5(20)
This section describes open caveats in supervisor engine software release 5.5(20).
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite; there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.5(20)
This section describes resolved caveats in supervisor engine software release 5.5(20).
•Catalyst operating system software is susceptible to a TCP-ACK Denial of Service (DoS) attack on the Telnet, HTTP and SSH service. When exploited, the vulnerability causes the Catalyst operating system software running device to stop functioning and reload.
This vulnerability is documented as Cisco bug ID CSCec42751, CSCed45576, and CSCed48590. There are mitigation techniques available to mitigate the effects of this vulnerability in the workaround section of this advisory. Cisco is providing fixed software, and recommends that customers upgrade to it.
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20040526-catos.shtml.
•A TTL of 32 is too low for some implementations. A TTL of 32 may decrement before the packets get out of a MPLS network. This situation can cause problems with any IP-based application. This problem is resolved in software release 5.5(20). (CSCea48092)
•In a switch with an ATM module, SNMP queries might time out. This problem is resolved in software release 5.5(20) and ATM software releases 12.0(26)W5(28a) and 12.1(20)E. (CSCea04300)
•The switch might incorrectly report an STP root change with the following message:
2003 Jun 09 11:42:28 EST -04:00 %SPANTREE-5-ROOTCHANGE:Root changed for Vlan Y:New
root port n/m. New Root mac address is XX-XX-XX-XX-XX-XX.
This is an informational message only and should not affect the operation of your switch. The workaround is to change the logging level on the SPANTREE facility down to level 4. This problem is resolved in software release 5.5(20). (CSCeb78548)
•With a WS-X6348 module, a port might be errdisabled by a late collision and display the following error message:
2002 Oct 03 11:09:22 JST +09:00 %PAGP-5-PORTFROMSTP:Port 3/1 left bridge port 3/1
2002 Oct 03 11:09:24 JST +09:00 %PAGP-5-PORTTOSTP:Port 3/1 joined bridge port 3/1
2002 Oct 03 11:10:45 JST +09:00 %SYS-3-PORT_COLL:Port 3/1 late collision (100)detected
2002 Oct 03 11:10:45 JST +09:00 %SYS-3-PORT_COLLDIS:Port 3/1 disabled due to collision
2002 Oct 03 11:10:45 JST +09:00 %PAGP-5-PORTFROMSTP:Port 3/1 left bridge port 3/1
This problem is resolved in software release 5.5(20). (CSCdz41466)
•Entering the show rgmp group command might crash the switch. This problem is resolved in software release 5.5(20). (CSCea84886)
•In rare circumstances, MLS entries might not get aged out. This could hinder hardware switching for new flows. This problem is resolved in software release 5.5(20). (CSCea19439)
•The system does not synchronize local time through Network Time Protocol (NTP) when summertime is configured or changed. This problem is resolved in software release 5.5(20). (CSCdx42695)
•The set spantree root vlan_number command does not work if the switch is already the root for that VLAN. This problem is resolved in software release 5.5(20). (CSCec13215)
Open and Resolved Caveats in Software Release 5.5(19)
This section describes open and resolved caveats in supervisor engine software release 5.5(19).
Open Caveats in Software Release 5.5(19)
This section describes open caveats in supervisor engine software release 5.5(19).
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite; there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.5(19)
This section describes resolved caveats in supervisor engine software release 5.5(19).
•The WS-X6608-T1 modules on Catalyst 6500 series switches may lose part of their DNS configuration when the module is reinserted or reset. This problem is resolved in software release 5.5(19). (CSCdz19014)
The workaround is to ensure that the system DNS entries are configured with commands that are similar to the following:
–set ip dns server a.b.c.d primary
–set ip dns server x.y.z.w
–set ip dns enable
–set ip dns domain mydomain.com
The voice ports inherit the system DNS entries and come online if you configure the DNS entries using commands of this type.
•The supervisor engine can return incorrect MIB values for the overflow objects such as the etherStatsHighCapacityOverflowOctets in the HC-RMON-MIB. The counters, which appear to roll backward, cause incorrect numbers to display in the NAM GUI when you choose Monitor > Port Stats. This problem is resolved in software release 5.5(19). (CSCdz70475)
•Some statically configured multicast router ports disappear when the timer for the dynamically learned router ports expires (ages out). Ports that are configured as multicast router ports are not supposed to age out but will do so if snooping discovers the port as a multicast router port prior to it being configured by the user. The disappearance of multicast router ports can result in the loss of VLANs from the router port list, even though they are statically configured. This problem is resolved in software release 5.5(19). (CSCdz89582)
•The IGMP group table is not deleted from the MSFC when the router receives an IGMPv2 leave from the last group member. Additionally, the interface is not removed from the OIL and the MMLS entry is not deleted. This problem is resolved in software release 5.5(19). (CSCea03345)
•A WS-X6148 module and a WS-X6348 module respond differently when you enter the set feature agg-link-partner enable command. The WS-X6348 module programs the COIL register values correctly, but the WS-X6148 module does not program the register values as expected. Runts and alignment errors will increment on some 10/100 ports that are connected to certain NICs. This problem is resolved in software release 5.5(19). (CSCea19099)
•All members of a PAgP port-channel that should be enabled to forward traffic for some multicast groups may not actually be enabled. As a result, traffic for these multicast groups may be intermittently received or not received at all. The workaround is to disable and then enable IGMP snooping. This problem affects both non-redundant and redundant systems (systems with one or two supervisor engines). This problem is resolved in software release 5.5(19). (CSCdz07412)
•When a channel in either trunk or access mode goes down and then comes back up, a loss of data over a short period may occur resulting in problems such as the breaking of PIM asserts. This problem is resolved in software release 5.5(19). (CSCdx21374)
•A Catalyst 6500 series switch with a Supervisor Engine 1 and no MSFC installed drops multicast packets. When channels go down or ports in a channel go down, a short data outage occurs along with shortcut miss counters incrementing. This problem is resolved in software release 5.5(19). (CSCdz83125)
•When a Catalyst 6500 module generates a MOD_DCPWRMISMATCH syslog message, the system should reset the affected module. The MOD_DCPWRMISMATCH message means the card is faulty but the message will not appear until after a system reset, reinsertion of the module, or when a faulty DC converter is detected by status polling. This problem is resolved in software release 5.5(19). (CSCdw75475)
•IGMP snooping in the fall back mode freezes the state of host ports which can lead to the loss of multicast router ports and associated multicast mls shortcuts on the supervisor engine. When the router port age out timer kicks in, L2 entries get cleared which also causes L3 entries to be cleared. This problem is resolved in software release 5.5(19). (CSCdz89562)
Open and Resolved Caveats in Software Release 5.5(18)
This section describes open and resolved caveats in supervisor engine software release 5.5(18).
Open Caveats in Software Release 5.5(18)
This section describes open caveats in supervisor engine software release 5.5(18).
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite; there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.5(18)
This section describes resolved caveats in supervisor engine software release 5.5(18).
•With high availability enabled, removing and then reinserting the standby supervisor engine might cause it to reset with a TLB exception. This problem is resolved in software release 5.5(18). (CSCdx38593)
•Booting an MSFC Cisco IOS image from supervisor engine slot 0 does not work. This problem is resolved in software release 5.5(18). (CSCdy39323)
•Under rare conditions, a WS-X6348 installed in a system with a Supervisor Engine 1A might stop forwarding packets due to a synchronization error between the module and the supervisor engine. This problem is resolved in software release 5.5(18). (CSCdz10526)
Open and Resolved Caveats in Software Release 5.5(17)
This section describes open and resolved caveats in supervisor engine software release 5.5(17).
Open Caveats in Software Release 5.5(17)
This section describes open caveats in supervisor engine software release 5.5(17).
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite; there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.5(17)
This section describes resolved caveats in supervisor engine software release 5.5(17).
•A switch with redundant supervisor engines might display the following error messages and stop functioning correctly:
SYS-3-SUP_ASENDFAIL:gentcp_act unable to send data to standby
SYS-3-SUP_ACONNFAIL:gentcp_act unable to connect with standby
This problem might occur when you enter a command that requires remote execution (such as dir 2/, squeeze 2/slot0). Entering these commands sends a message to the standby supervisor engine. Entering a second remote-execution command before the first one finishes can break the remote execution connection between the supervisor engines. With software releases 5.5(17) and later, entering a second command causes the following error to be displayed:
File system in use (3). Try again later.
The workaround is to not enter a second remote-execution command before the previous command finishes. This problem is resolved in software release 5.5(17). (CSCdv20161)
•Multicast traffic coming from a WAN interface might not be switched. The workaround is to disable multicast MLS. This problem is resolved in software release 5.5(17). (CSCdv65393)
•In extremely rare conditions, a switch with a PFC (not PFC2) running Multicast Multilayer Switching (MMLS) may stop forwarding traffic for a (S,G) flow. This problem occurs because the entry, although installed in the NetFlow, may not be marked in the correct state (used state). This problem is resolved in software release 5.5(17). (CSCdw93241)
•With high availability enabled, the active supervisor engine might intermittently reset, bringing up the standby supervisor engine. The active supervisor engine might reset when there is no identifiable fault condition. This problem is resolved in software release 5.5(17). (CSCdx25470)
•With a WS-X6408A-GBIC module, you might see "ifOutDiscards" incrementing on spanning-tree blocked ports. There is no workaround for the problem, but the problem does not cause any performance degradation. This problem is resolved in software release 5.5(17).
•With a WS-X6K-SUP1A-2GE supervisor engine, the switch might not send an NVRAM failure trap. This problem is resolved in software release 5.5(17). (CSCdy18916)
Open and Resolved Caveats in Software Release 5.5(16)
This section describes open and resolved caveats in supervisor engine software release 5.5(16).
Open Caveats in Software Release 5.5(16)
This section describes open caveats in supervisor engine software release 5.5(16).
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite; there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.5(16)
This section describes resolved caveats in supervisor engine software release 5.5(16).
•When you enter the show port and show counters commands using the CLI, FCS errors are generated, but when the SNMP object dot3StatFCSError is polled, no errors are indicated. This problem is resolved in software release 5.5(16). (CSCdx88030)
•You might experience a memory leak in the ciscoFlashCopyTable object when you do a "set" operation. This problem is resolved in software release 5.5(16). (CSCdx55656)
•You might see broadcast suppression enabled in hardware even though you never configured it in the software. This problem is resolved in software release 5.5(16). (CSCdx58081)
•You might see MMLS partial shortcuts although a Layer 3 entry exists for the source in question. This problem can occur with a Supervisor Engine 1 running MMLS. The shortcut may remain partial although the router tries to install an MFD, due to a wrong entry being matched when searching NetFlow. This problem is resolved in software release 5.5(16). (CSCdx69414)
•When using RADIUS authentication, you might not be able to reach enable mode. If you put Attribute 18 (reply message) before the service-type=6 attribute, the system fails to put you in enable mode. The following server configuration can cause the problem:
–Username = swi
–Reply message = PASSCODe Accepted
–Service-Type = Administrative
If you put the Service-Type before the Reply message, then the configuration works. The root cause is that while the supervisor engine software is processing the Reply message attribute, it corrupts the attribute following it. This problem is resolved in software release 5.5(16). (CSCdx70904)
•If you set the screen length to 0 using the set length command and then enter the show snmp oid command, a system reset occurs. This problem is resolved in software release 5.5(16). (CSCdx94474)
•Creating an RSPAN VLAN through SNMP might change the VTP mode to "client." This problem is not seen when using the CLI to create an RSPAN VLAN. This problem is resolved in software release 5.5(16). (CSCdy01216)
•When the backup supervisor engine takes over in a system configured for Supervisor Engine 2 redundancy, the trunking information tables are not built correctly on the Gigabit Ethernet port. This problem is also evidenced by the absence of the "TrunkFramesTx" counter in the output of the show trunk detail command. The problem occurs when a switchover takes place from the active to the redundant supervisor engine and ports 1/1 and 2/1 on the supervisor engines have been configured for channeling. A port on the formerly active supervisor engine is not participating in the channel even though it is in trunking mode. The only way to recover from this problem and rebuild the trunking table is by entering the shutdown command followed by the no shutdown command on the affected port. This problem is resolved in software release 5.5(16). (CSCdy12940)
•With a Supervisor Engine 1A running software release 5.5(15), the switch might reset because of memory corruption after a VACL is committed and mapped to a VLAN. This problem is resolved in software release 5.5(16). (CSCdy18938)
Open and Resolved Caveats in Software Release 5.5(15)
This section describes open and resolved caveats in supervisor engine software release 5.5(15).
Open Caveats in Software Release 5.5(15)
This section describes open caveats in supervisor engine software release 5.5(15).
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite; there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.5(15)
This section describes resolved caveats in supervisor engine software release 5.5(15).
•When making a Telnet connection to a switch configured with authentication, authorization, and accounting (AAA) through Shiva Access Manager, the switch sets the TACACS privilege
level to 15. Authentication fails if users have a privilege level lower than 15. The workaround is to configure Shiva Access Manager users with privilege level 15. This problem is resolved in software release 5.5(15). (CSCdx08395)
•If you terminate a ping or a DNS lookup by pressing Ctrl-C, the process is terminated but the memory allocated to the process is not properly freed. This problem is resolved in software
release 5.5(15). (CSCdx40797, CSCdx47822)
•Under certain conditions, a WS-X6408-GBIC module might experience links going up and down on all eight ports. The ports might end up in the errdisable state if the links are connected to a
Catalyst 2948G switch or a Catalyst 4000 switch running software release 5.2(7) with UDLD enabled on the links. The workaround is to upgrade the software on the Catalyst 2948G switch or
Catalyst 4000 switch. This problem is resolved in software release 5.5(15). (CSCdv85387)
•After a supervisor engine switchover, the MSFC on the new standby supervisor engine may not come online. The workaround is to reload the MSFC. This situation happens only if Cisco IOS Release 12.1(11b)E is loaded on the MSFC and is independent of the Catalyst software version used. This problem is resolved in software release 5.5(15). (CSCdw79129)
•If you configure IP PIM dense mode on label-shared interfaces, different behavior is seen between the ODM algorithm and the BDD algorithm. If IP PIM dense mode is configured on one of the label-shared interfaces, the labels should not be shared. This behavior does not occur when ODM is the merge algorithm. This problem is resolved in software release 5.5(15). (CSCdx08772)
•The console or the Telnet session locks up and outputs incorrect information after you enter the show proc cpu mod command (where mod is any module except the supervisor engine) on a
Catalyst 6000 family switch. This problem is resolved in software release 5.5(15). (CSCdx12377)
•A Catalyst 6000 family switch running IGMP snooping may experience a Layer 2 loop (of PIM reachability) in certain topologies. The workaround is to disable IGMP snooping using the set igmp disable command. This problem is resolved in software release 5.5(15). (CSCdx17913)
•The SrCreateV3SnmpMessage operation may fail if syslog messages are sent to a Network Management System server at the same time. This problem is resolved in software release 5.5(15). (CSCdx37286)
•If two Catalyst 6500 series switches are connected by an EtherChannel over two different modules and one module fails, some of the traffic originally on a link in the failed module, may not successfully fail over to a link in the other module. This problem is resolved in software
release 5.5(15). (CSCdx37869)
•If you terminate a ping or a DNS lookup by pressing Ctrl-C, the process is terminated but the memory allocated to the process is not properly freed. This problem is resolved in software
release 5.5(15). (CSCdx40797, CSCdx40481)
•The MTU of a jumbo frame-enabled port does not change to 9216. Instead, the MTU remains at the default value of 1500. This problem is resolved in software release 5.5(15). (CSCdx41639)
•When IP addresses have been configured on the sc0 and sl0 interfaces, and the sl0 destination address is pinged from either a Telnet or dial-in session on the supervisor engine, the supervisor engine may reset. The workaround is to not assign addresses to the sl0 interface. If addresses have been configured on sl0, they can be cleared using the set int sl0 0.0.0.0 0.0.0.0 command. This problem is resolved in software release 5.5(15). (CSCdx42743)
•A reload might occur when you enter the ping command. This problem is resolved in software release 5.5(15). (CSCdx48959)
•Setting a MIB object with the wrong value might result in a 48-byte loss of memory. This problem is resolved in software release 5.5(15). (CSCdw54653)
•The Catalyst 6000 family switch might experience a slow memory leak during the multicast receive (McastRx) process. This problem might happen if RSPAN is configured and IGMP snooping entries are created in the RSPAN VLAN. The workaround is to disable RSPAN. This is a corner case related to a more generic problem. The memory leak can occur whenever source-only IGMP snooping entries are created in a VLAN without any router port. This problem can be detected by entering the show multicast group command and looking for an entry without an output port. This problem is resolved in software release 5.5(15). (CSCdv11016)
Open and Resolved Caveats in Software Release 5.5(14)
This section describes open and resolved caveats in supervisor engine software release 5.5(14).
Open Caveats in Software Release 5.5(14)
This section describes open caveats in supervisor engine software release 5.5(14).
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite; there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
•Opening configuration dialogs after resizing the CiscoView browser window on a Solaris/Netscape Communicator client with Java plug-in 1.3.0 causes a Java IlleagalComponentStateException error. The workaround is to open the same dialog again. (CSCdu32555)
Resolved Caveats in Software Release 5.5(14)
This section describes resolved caveats in supervisor engine software release 5.5(14).
•A Catalyst 6000 family switch might reload if VTP is configured in client or server mode and the switch is connected to a Catalyst 4000 family switch with a Supervisor Engine III. The workaround is to configure VTP in transparent mode. This problem is resolved in software release 5.5(14). (CSCdw41158)
•Under rare circumstances when IGMP snooping is enabled, MMLS forwarding information for multicast streams might be incorrect. This problem leads to the multicast receiver not getting multicast traffic for a particular group and source but other multicast streams are received.
Workaround: Enter the clear ip mroute group source command on the MSFC for the affected groups and sources. This problem is resolved in software release 5.5(14). (CSCdx01603)
•On a switch with high availability enabled, a switchover might cause UDLD in a neighbor switch to put its connecting link port (that was connected to the active supervisor engine undergoing the switchover) into errdisable state. This occurs when the banner (set banner motd text) is really long on the switch experiencing the switchover. This problem is resolved in software release 5.5(14). (CSCdw71357)
•In a system running software release 5.5(11), runts may increment on Gigabit Ethernet ports that are in a not-connected state if those ports are configured with the set port negotiation mod/port disable command. This problem is resolved in software release 5.5(14). (CSCdw52996)
•When an EtherChannel is configured with ports across different modules, if one of the modules containing the channeling ports is reset, this may cause ports to leave the bridge port and to reconverge while the reset module comes back online. This problem is resolved in software
release 5.5(14). (CSCdu17107)
•Using the SNMP to download a configuration file to a Catalyst 6509 switch with TACACS enabled fails without producing an error message. If TACACS is not enabled, the operation is successful. This problem is resolved in software release 5.5(14). (CSCdw85913)
•When there is an ATM module installed, and you copy a file using SNMP FLASH-MIB commands, the switch might reset with a TLB exception. This problem is resolved in software release 5.5(14). (CSCdu62043)
•If you have switches running Cisco IOS software on the supervisor engine and the MSFC and switches running Catalyst software on the supervisor engine with Cisco IOS software on the MSFC, and these switches are in the same VTP domain, some older releases of Cisco IOS software will send out VTP updates containing the Token Ring-translated VLAN configuration (default configuration), which is not properly handled by Catalyst software prior to release 6.3(3). With Catalyst software release 6.3(3), a temporary mechanism was introduced to protect the local VLAN database by changing the VTP mode to transparent. With Catalyst software release 5.5(14) this problem is resolved and the Catalyst software works properly with the Cisco IOS software. (CSCdv77448)
•Under some circumstances, the configuration for EtherChannels might fail when the configuration is taken from a TFTP server or Flash memory, if the ports belonging to that channel are up when the configuration is copied. This problem is resolved in software release 5.5(14). (CSCdw30990)
•When a module transitions from the "OK" state to the "Other" state, there is no log message specifically indicating that such a change has occurred. This problem is resolved in software
release 5.5(14). (CSCdw35101)
•The system might crash while sending out syslog messages to Telnet and SSH sessions. The workaround is to enter the set logging telnet disable command. This problem is resolved in software release 5.5(14). (CSCdw54106)
•You might see a loss of unicast forwarding across a 4-port Gigabit EtherChannel between two Catalyst 6000 family switches if RSPAN is configured on a VLAN and you have IGMP joins coming on a port that is part of the EtherChannel. If RSPAN is not configured, there is no problem. The problem appears shortly after enabling multiple "Symantec Ghost" sessions using IP multicast. Broadcast, multicast, and unknown unicast traffic is not affected. The workaround is to disable and then reenable channel ports on one side of the link. This problem is resolved in software
release 5.5(14). (CSCdw70357)
•The syslog message SYS-5-MOD_DCPWRMISMATCH should be changed to SYS-1-MOD_DCPWRMISMATCH because the message indicates a severe problem (faulty module needs to be replaced). This problem is resolved in software release 5.5(14). (CSCdw75441)
•After a high availability switchover, NetFlow version 7 might not export flows. This problem is resolved in software release 5.5(14). (CSCdw80772)
•PortFast might not work on access ports. After you enter the set spantree portfast mod_num/port_num enable trunk command on an access port, the show port spantree command indicates that PortFast is enabled but the port is still listening and learning STP states. This problem is resolved in software release 5.5(14). (CSCdw85694)
•If spanning tree is disabled for any VLAN and the inband interface fails to transmit the PDU, there could be a crash. This problem is resolved in software release 5.5(14). (CSCdw86020)
•Creating a VLAN through SNMP might force the VTP mode to client. This problem does not exist if the VLAN is configured through the CLI. This problem is resolved in software release 5.5(14). (CSCdw92651)
•A switch running IGMP snooping may stop adding multicast router ports to the outgoing interface list of all multicast groups. The workaround is to disable and then reenable IGMP snooping on the switch. This problem is resolved in software release 5.5(14). (CSCdw59483)
•The switch does not respond correctly to community strings containing a forward slash (/). The workaround is to remove the forward slash from the community string. This problem is resolved in software release 5.5(14). (CSCdx03088)
•There might be a 3 millisecond traffic loss for multicast traffic every 5 minutes if the following conditions are present:
–The multicast traffic is a source-only group (there is no directly connected receiver in the VLAN)
–The router port is reachable through an EtherChannel
This problem is resolved in software release 5.5(14). (CSCdw77235)
•In situations where static/permanent multicast CAM entries are used, during a designated router failover, the multicast odd Layer 2 ltl indices programming might be effected. The problem is still there when the original designated router reboots and comes online. This ltl indices programming problem could lead to multicast packet drops in the nondesignated router. The workaround is to force the multicast Layer 2 static CAM entries to be created first, before IGMP snooping creates source only entries (after seeing the traffic). The workaround is accomplished as follows:
–Stop the multicast traffic.
–Clear all the CAM permanent entries.
–Create the CAM entries again, including the internal router ports.
–Start the multicast traffic.
This problem is resolved in software release 5.5(14). (CSCdw57540)
•When a link goes up and down repeatedly, the autostate mechanism might fail and the VLAN interface state on the MSFC and the VLAN state on the supervisor engine go out of synchronization. The workaround is to enable spanning tree for the VLAN and enable PortFast on the port. This problem is resolved in software release 5.5(14). (CSCdw75382)
Open and Resolved Caveats in Software Release 5.5(13a)
This section describes open and resolved caveats in supervisor engine software release 5.5(13a).
Open Caveats in Software Release 5.5(13a)
This section describes open caveats in supervisor engine software release 5.5(13a).
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite; there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
•Opening configuration dialogs after resizing the CiscoView browser window on a Solaris/Netscape Communicator client with Java plug-in 1.3.0 causes a Java IlleagalComponentStateException error. The workaround is to open the same dialog again. (CSCdu32555)
Resolved Caveats in Software Release 5.5(13a)
This section describes resolved caveats in supervisor engine software release 5.5(13a).
•An error can occur with management protocol processing. Use the following URL for further information:
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdw67458
This problem is resolved in software release 5.5(13a). (CSCdw67458)
Open and Resolved Caveats in Software Release 5.5(13)
This section describes open and resolved caveats in supervisor engine software release 5.5(13).
Open Caveats in Software Release 5.5(13)
This section describes open caveats in supervisor engine software release 5.5(13).
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite; there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
•Opening configuration dialogs after resizing the CiscoView browser window on a Solaris/Netscape Communicator client with Java plug-in 1.3.0 causes a Java IlleagalComponentStateException error. The workaround is to open the same dialog again. (CSCdu32555)
Resolved Caveats in Software Release 5.5(13)
This section describes resolved caveats in supervisor engine software release 5.5(13).
•When accessing the switch through an HTTP interface, the switch might reset with a TLB exception. This problem is resolved in software release 5.5(13). (CSCdw02887)
•In rare circumstances, a designated port might be stuck in the spanning tree "listening" state and still be transmitting BPDUs. This does not introduce problems with spanning tree convergence or cause loops. This problem is resolved in software release 5.5(13). (CSCdv89566)
•If you have two switches with redundant supervisor engines, and they are connected through an EtherChannel configured on port 1/1 and 2/1 on both chassis, if you remove the active supervisor engine in one chassis and then power cycle the second chassis, you might lose connectivity over the channel. This problem only occurs if the channel mode on both chassis is set to on. The workaround is to set the channel mode to desirable. This problem is resolved in software release 5.5(13). (CSCdv01221)
•When sending a large amount of CDP neighbor announcements, it is possible to consume all available router memory. This problem could cause the switch to reset or exhibit other abnormal behavior. The workaround is to disable CDP. This problem is resolved in software release 5.5(13). (CSCdv57576)
•In a redundant system running supervisor engine software release 5.5(9), ToS bytes might not be marked for multicast packets; unicast packets are marked correctly. The workaround is to set the default action for IP to trust-dscp as follows: set qos acl default-action ip trust-dscp. This problem is resolved in software release 5.5(13). (CSCdv67672)
•When the switch is running out of Layer 4 operators, it attempts to expand an ACE into an equivalent set of multiple ACEs. In certain cases, the expansion logic is not optimal enough and may fail. This situation could result in a syslog message that reports a failure to fit the ACL into the TCAM. This problem is resolved in software release 5.5(13). (CSCdv79139)
•When WS-X6248 or WS-X6348 modules are running at a fixed 10 Mbps, the link might not come up after the partner port is disabled and then enabled. The workaround is to disconnect and then reconnect the cable. This problem is resolved in software release 5.5(13). (CSCdv87677)
•Changing the CISCO-STP-EXTENSIONS-MIB object "stpxUplinkFastEnabled" to enable does not change the required bridge parameters as the equivalent CLI command does. This problem is resolved in software release 5.5(13). (CSCdw07008)
•If you start a Telnet session to the switch and get the login prompt but do not log in, you still might be able to view the logging on the switch if the session logging is enabled (the default is enabled). The workaround is to disable Telnet logging or use an IP permit list to restrict access. This problem is resolved in software release 5.5(13). (CSCdw39634)
•Connectivity from community ports to some promiscuous ports may break when you are mapping several isolated VLAN ports at once (such as set pvlan 769 120 7/25-36). The workaround is to enter port ranges as follows:
set pvlan 769 120 7/26-35
This problem is resolved in software release 5.5(13). (CSCdw22333)
•The vlanPortIslOperStatus MIB returns an incorrect trunking status. This problem is resolved in software release 5.5(13). (CSCdw24363)
•Some Cisco Catalyst switches, running certain Catalyst OS software releases, have a vulnerability where a buffer overflow in the Telnet option handling can cause the Telnet daemon to crash and result in a switch reload. This vulnerability can be exploited to initiate a denial of service (DoS) attack.
This vulnerability is documented as Cisco bug ID CSCdw19195. There are workarounds available to mitigate the vulnerability. An advisory is posted at this URL:
http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml
The following workarounds can be implemented.
–If SSH is available in the code base, use SSH instead of Telnet and disable Telnet.
For instructions how to do this, refer to this URL:
http://www.cisco.com/warp/public/707/ssh_cat_switches.html.
–Apply Access Control Lists (ACLs) on routers/switches/firewalls in front of the vulnerable switches such that traffic destined for Telnet port 23 on the vulnerable switches is only allowed from the network management subnets.
This problem is resolved in software release 5.5(13). (CSCdw19195)
Open and Resolved Caveats in Software Release 5.5(12a)
This section describes open and resolved caveats in supervisor engine software release 5.5(12a).
Open Caveats in Software Release 5.5(12a)
This section describes open caveats in supervisor engine software release 5.5(12a).
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite; there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
•Opening configuration dialogs after resizing the CiscoView browser window on a Solaris/Netscape Communicator client with Java plug-in 1.3.0 causes a Java IlleagalComponentStateException error. The workaround is to open the same dialog again. (CSCdu32555)
Resolved Caveats in Software Release 5.5(12a)
This section describes resolved caveats in supervisor engine software release 5.5(12a).
•An error can occur with management protocol processing. Use the following URL for further information:
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdw67458
This problem is resolved in software release 5.5(12a). (CSCdw67458)
Open and Resolved Caveats in Software Release 5.5(12)
This section describes open and resolved caveats in supervisor engine software release 5.5(12).
Open Caveats in Software Release 5.5(12)
This section describes open caveats in supervisor engine software release 5.5(12).
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite; there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
•Opening configuration dialogs after resizing the CiscoView browser window on a Solaris/Netscape Communicator client with Java plug-in 1.3.0 causes a Java IlleagalComponentStateException error. The workaround is to open the same dialog again. (CSCdu32555)
Resolved Caveats in Software Release 5.5(12)
This section describes resolved caveats in supervisor engine software release 5.5(12).
•The switch might be unreachable on the management VLAN and not appear in the show cdp neighbors command output, however, user traffic is normal. Under these conditions, the switch displays a "Run out of system memory, screen scrolling disabled" message. The workaround is to disable TACACS accounting using the set accounting commands disable command and then reset the switch. This problem is resolved in software release 5.5(12). (CSCdu25416)
•When a Catalyst 6000 family switch running supervisor engine software is connected to a switch running Cisco IOS software on the supervisor engine and both switches have VTP enabled, the Cisco IOS VTP might have a higher VTP configuration revision. In this event, the Cisco IOS switch tries to update the VTP on the switch running supervisor engine software. The switch running Cisco IOS has VLAN 1 translated to VLAN 1003 by default (Token Ring type VLAN), and the switch running supervisor engine software does not support this configuration resulting in an undefined VLAN configuration. If you try to configure the affected VLAN (VLAN 1 in this case), the system might reset with a watchdog timeout. This problem was corrected as follows: When the switch running supervisor engine software experiences the problem, it changes to VTP transparent mode and the following message is displayed:
VTP-4-UNSUPPORTEDCFGRCVD:Rcvd VTP advert with unsupported vlan config on trunk 3/24 -
VTP mode changed to transparent
This problem is resolved in software release 5.5(12). (CSCdu32627)
•An alarm event might not be generated even though the "alarmValue" has continuously peaked above the "risingThreshold" value. The workaround is to create a trap destination table. This problem is resolved in software release 5.5(12). (CSCdv06651)
•When the supervisor engine receives an SNMP-Get/GetNext for the objects in the "interfaces" group that correspond to port 15/1 or 16/1 on the MSFC2, the supervisor engine replies with a SNMP-GetReply with a value of 0. However, the MSFC2 correctly reports incoming and outgoing packets when the show mac 15/1 or 16/1 command is used. This problem is resolved in software release 5.5(12). (CSCdv25250)
•The show acl harestart command is a hidden command but is currently available in enable mode. The harestart option is an engineering command used during a development phase and has destructive side effects. It should never be used in the field. This option will be removed. This problem is resolved in software release 5.5(12). (CSCdv37654)
•The switch might experience a memory leak if TACACS accounting is enabled and multiple Telnet sessions are established (concurrently or nonconcurrently). The memory leak could lead to a system reset or the switch could become unreachable. The workaround is to disable TACACS accounting and then reset the switch to free up the memory buffers. This problem is resolved in software
release 5.5(12). (CSCdv38306)
•When a mapped ACL is modified and committed on the active supervisor engine, high-availability synchronization may cause a memory leak on the standby supervisor engine. This problem applies to both Supervisor Engine 1 and Supervisor Engine 2 with high availability enabled and might occur in software releases 5.4(x), 5.5(x), and 6.x. This problem is resolved in software release 5.5(12). (CSCdv38983)
•When there is a native VLAN mismatch on a dot1Q trunking port, and one of the native VLANs is VLAN 1, changing the channel mode of the port from auto to desirable might cause the port to repeatedly leave and then join the bridge port. The workaround is to fix the native VLAN mismatch. This problem is resolved in software release 5.5(12). (CSCdv39631)
•In rare circumstances, a port might be connected but not added to the spanning tree database and therefore not be able to pass traffic. The workaround is to move the connection to another port. This problem is resolved in software release 5.5(12). (CSCdv42998)
•The switch might reset with a TLB exception after entering the set tacacs server host command. This problem is resolved in software release 5.5(12). (CSCdv37751)
•A port scanning tool report might list TCP port 7161 (TCP port 7161 is used for internal purposes on the switch). In this particular case, the Cisco Secure Scanner reported the switch listening on TCP port 7161. There is no security issue because switches validate all connection requests and all external connection requests are dropped; no external connection can be established. This problem is resolved in software release 5.5(12). (CSCdv76430)
•When protocol filtering is enabled, LTLs are set for all protocol buckets after a link is toggled on a port. The workaround is to disable protocol filtering. This problem is resolved in software
release 5.5(12). (CSCdu44489)
•When you query for SNMP object "portOperStatus" from the CISCO-STACK MIB, the ports on the 8-port T1 PSTN interface module (WS-X6608-T1) might report the wrong value such as
value 2 (OK) even if the port is down or not connected. This problem is resolved in software
release 5.5(12).(CSCdv53207)
Open and Resolved Caveats in Software Release 5.5(11a)
This section describes open and resolved caveats in supervisor engine software release 5.5(11a).
Open Caveats in Software Release 5.5(11a)
This section describes open caveats in supervisor engine software release 5.5(11a).
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite; there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
•Opening configuration dialogs after resizing the CiscoView browser window on a Solaris/Netscape Communicator client with Java plug-in 1.3.0 causes a Java IlleagalComponentStateException error. The workaround is to open the same dialog again. (CSCdu32555)
Resolved Caveats in Software Release 5.5(11a)
This section describes resolved caveats in supervisor engine software release 5.5(11a).
•An error can occur with management protocol processing. Use the following URL for further information:
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdw67458
This problem is resolved in software release 5.5(11a). (CSCdw67458)
Open and Resolved Caveats in Software Release 5.5(11)
This section describes open and resolved caveats in supervisor engine software release 5.5(11).
Open Caveats in Software Release 5.5(11)
This section describes open caveats in supervisor engine software release 5.5(11).
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite; there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
•Opening configuration dialogs after resizing the CiscoView browser window on a Solaris/Netscape Communicator client with Java plug-in 1.3.0 causes a Java IlleagalComponentStateException error. The workaround is to open the same dialog again. (CSCdu32555)
Resolved Caveats in Software Release 5.5(11)
This section describes resolved caveats in supervisor engine software release 5.5(11).
•A port in PAgP nonsilent mode may behave as if in PAgP silent mode if the port has been connected to a nonsilent partner. Therefore, the port may be posted to spanning tree after reset and could cause channel disturbance. This problem is resolved in software release 5.5(11). (CSCdu85834)
•The standby supervisor engine might reset with a breakpoint exception under the following conditions:
–High availability is enabled
–The following sequence of commands is repeated several times:
set qos bridged-microflow-policing enable 1-1000
set qos bridged-microflow-policing enable 1025-4098
set qos bridged-microflow-policing disable 1-1000
set qos bridged-microflow-policing disable 1025-4098
This problem is resolved in software release 5.5(11). (CSCdu55420)
•The set mls agingtime long agingtime command was hidden. It is now available in enable mode. Additionally, the "long aging time" can be displayed using the show mls command. This problem is resolved in software release 5.5(11). (CSCdu57528)
•A bus error exception might occur when spanning tree receives a BPDU of abnormal size on a VLAN and spanning tree is disabled on that VLAN. This problem is resolved in software
release 5.5(11). (CSCdu69958)
•With high availability enabled, the Catalyst 6000 family switch might reset with a TLB exception when the standby supervisor engine is coming up after a high-availability switchover. The reset might also occur when EtherChannels are toggled. This problem is resolved in software
release 5.5(11). (CSCdv00340)
•When running software release 5.5(x), a device connected to the WS-X6248-RJ-45 10/100BASE-T module may indicate link up before the module actually comes online. This problem is not seen in 6.x(x) software releases and no other modules are affected. This problem is resolved in software release 5.5(11). (CSCdu75860)
•The switch might generate traps with an invalid agent address. When initializing the trap PDU, an invalid agent address, 0.0.0.0, may fill in the data field agent_addr but the trap is still sent out. This problem is resolved in software release 5.5(11). (CSCdv21194)
•When the native VLAN of a trunking port is changed to a VLAN that is not part of the allowed VLANs list, the port will show up in two VLANs after it becomes a nontrunk port. The workaround is to keep the native VLAN in the allowed VLANs list. This problem is resolved in software
release 5.5(11). (CSCdu42440)
•After enabling protocol filtering on a switch with Supervisor Engine 1 and MSFC2, Layer 3 IP traffic might not be MLS switched. The Layer 3 traffic is not sent to the MSFC2 to be routed and traffic stops. The workaround is to disable protocol filtering. Note that MLS shortcuts will not form until the active MSFC2 is reset. This problem is resolved in software release 5.5(11). (CSCdu85304)
•On a Supervisor Engine 1 with MSFC, the inband FX1000 port might receive packets but does not transmit them. When the port is in this state, you might see the following symptoms:
–The switch generates the following message every minute on every connected port if CDP is enabled:
2001 Aug 21 15:25:46 EDT -04:00 %CDP-3-SENDFAIL:Transmit failure on port 3/2
–The switch is not able to ping its default gateway
–No devices are able to ping the sc0 interface
–Traffic through the switch is being forwarded
The workaround is to reboot the switch. This problem is resolved in software release 5.5(11). (CSCdv15176)
Open and Resolved Caveats in Software Release 5.5(10a)
This section describes open and resolved caveats in supervisor engine software release 5.5(10a).
Open Caveats in Software Release 5.5(10a)
This section describes open caveats in supervisor engine software release 5.5(10a).
•A port in PAgP non-silent mode may behave as if in PAgP silent mode if the port has been connected to a non-silent partner. Therefore, the port may be posted to spanning tree after reset and could cause channel disturbance. (CSCdu85834)
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite; there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
•Opening configuration dialogs after resizing the CiscoView browser window on a Solaris/Netscape Communicator client with Java plug-in 1.3.0, causes a Java IlleagalComponentStateException error. The workaround is to open the same dialog again. (CSCdu32555)
Resolved Caveats in Software Release 5.5(10a)
This section describes resolved caveats in supervisor engine software release 5.5(10a).
•An error can occur with management protocol processing. Use the following URL for further information:
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdw67458
This problem is resolved in software release 5.5(10a). (CSCdw67458)
Open and Resolved Caveats in Software Release 5.5(10)
This section describes open and resolved caveats in supervisor engine software release 5.5(10).
Open Caveats in Software Release 5.5(10)
This section describes open caveats in supervisor engine software release 5.5(10).
•A port in PAgP non-silent mode may behave as if in PAgP silent mode if the port has been connected to a non-silent partner. Therefore, the port may be posted to spanning tree after reset and could cause channel disturbance. (CSCdu85834)
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite; there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
•Opening configuration dialogs after resizing the CiscoView browser window on a Solaris/Netscape Communicator client with Java plug-in 1.3.0, causes a Java IlleagalComponentStateException error. The workaround is to open the same dialog again. (CSCdu32555)
Resolved Caveats in Software Release 5.5(10)
This section describes resolved caveats in supervisor engine software release 5.5(10).
•When autonegotiation is disabled on a Gigabit port and the port is left enabled (but has no link), the port might clock noise into the port in the form of runt packets. After link up, the port may lose received packets at 33 percent, 50 percent, or 100 percent. The workaround is to disable and then reenable the port. To avoid the problem entirely, enable autonegotiation on both ends of the link. This problem is resolved in software release 5.5(10). (CSCdt26686)
•In extremely rare conditions, the switch might reset with a breakpoint exception when creating a lot of high availability events, such as adding and deleting VLANs using a script. The workaround is to reset the switch. This problem is resolved in software release 5.5(10). (CSCdt73213)
•The current autostate implementation notifies a VLAN interface to transition to up/up state when a port becomes active in that VLAN. With releases 5.5(10) and 6.3(1) and later, the VLAN interface will transition to up/up when at least one port in the VLAN is forwarding. This problem is resolved in software release 5.5(10). (CSCdu05914)
•The switch might reset with a TLB exception when using the copy file-id config command if one of the lines in the file is extremely long and contains a control character (such as ^C). This problem is resolved in software release 5.5(10). (CSCdu37637)
•When protocol filtering is enabled, packets not destined to the router may get routed. The workaround is to disable protocol filtering. This problem is resolved in software release 5.5(10). (CSCdu44627)
•On an ATM module, the output of the show port command displays a connected status for both
PHY A and PHY B even though PHY B is down and no cable is attached. The problem is cosmetic, there is no workaround. This problem is resolved in software release 5.5(10). (CSCdu51435)
•In extremely rare conditions, the WS-X6248-RJ-45 10/100BASE-T module might stop forwarding traffic. The module LEDs still show green, CDP traffic is working, and both ends have link. The module receives traffic but does not transmit. This problem is resolved in software release 5.5(10). (CSCdt75278)
•Under certain conditions, flow statistics for multicast shortcuts might not be sent to the MSFC from the supervisor engine. If this occurs, the MSFC will continually delete and install multicast shortcuts for active flows. This condition can be verified by entering the show mls ip multicast command on the MSFC and observing the "Packets switched:" counter. This counter is updated every 10 seconds for active flows. If a flow is seen to be incrementing on the supervisor engine (enter the show mls multicast group group source source command on the supervisor engine), but is not incrementing on the MSFC, then this condition is verified. The workaround is to disable and then reenable IGMP snooping. This problem is resolved in software release 5.5(10). (CSCdu78467)
•Occasionally, IPX clients might not be able to connect to a server at bootup. This problem is resolved in software release 5.5(10). (CSCds27467)
•A host is sending a DVMRP packet (essentially an IGMP unicast packet type in the IP header) to the MSFC through an application called "mrinfo." The unicast IGMP packet destined to the MSFC, might be forwarded by the switch to all ports participating in the same VLAN even though the packet is a unicast packet destined to the MSFC. The workaround is to disable IGMP snooping on the switch. This problem is resolved in software release 5.5(10). (CSCdu81012)
•Individual or multiple ports on the WS-X6348-RJ-45 module might get stuck in transmit state. If this happens you might see the following syslog message for the problematic port:
Coil Pinnacle header checksum error
The workaround is to disable and then reenable the port. This problem is resolved in software
release 5.5(10). (CSCdu03935)
•After a VLAN is suspended, VTP might not be notified of the change in VLAN status and entering the show trunk command will display the VLAN in "Forwarding" state even though it was suspended. This problem occurs only when the VLAN is suspended. This problem is resolved in software release 5.5(10). (CSCdu33666)
•On Catalyst 6000 family switches with redundant supervisor engines (MSFC and PFC) and Multicast Multilayer Switching (MMLS) enabled, disabling hardware versioning might cause the MSFC on the standby supervisor engine to not respond to SCP ping messages. When this happens, a router down event is posted to MMLS but the wrong MSFC module number is posted. MMLS might then delete the hardware entries for the MSFC that is still online. The workaround is to reset the MSFC. This problem is resolved in software release 5.5(10). (CSCdu49107)
•The DSPs on the 8-port E1 PSTN interface module (WS-X6608-E1) might not come online. Resetting the module does not solve the problem. The problem happens when protocol filtering is enabled, followed by the module being reset. This problem is resolved in software release 5.5(10). (CSCdt09111)
•You might not be able to copy large image files (such as c6msfc-jsv-mz-121.5a.E) from the supervisor engine Flash PC card (sup-slot0:) to the MSFC bootflash (bootflash:). Boot images which are generally smaller in size, can still be copied from sup-slot0: to the MSFC bootflash. The workaround for a large image file is to download the file from boot mode through TFTP. After the boot image is booted, a VLAN interface can be created and a default gateway (ip default-gateway a.b.c.d) can be used if the TFTP server is in a different subnet, and then the image can be downloaded from boot mode. This problem is resolved in software release 5.5(10). (CSCdt17684)
Open and Resolved Caveats in Software Release 5.5(9)
This section describes open and resolved caveats in supervisor engine software release 5.5(9).
Open Caveats in Software Release 5.5(9)
This section describes open caveats in supervisor engine software release 5.5(9).
•Opening configuration dialogs after resizing the CiscoView browser window on a Solaris/Netscape Communicator client with Java plug-in 1.3.0, causes a Java IlleagalComponentStateException error. The workaround is to open the same dialog again. (CSCdu32555)
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite; there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.5(9)
This section describes resolved caveats in supervisor engine software release 5.5(9).
•If you disable spanning tree on a Catalyst 6000 family switch that has a redundant EtherChannel configuration, spanning tree on a neighboring switch will not converge and spanning tree loops might occur. This problem is resolved in software release 5.5(9). (CSCdt18726)
•When an RMON event and alarm are added to a Catalyst 6000 family switch running software release 6.1(2), only the alarm will survive a reload. The workaround is to reinstall the event after a reload. This problem is resolved in software release 5.5(9). (CSCdu26550)
•In extremely rare conditions, the Catalyst 6000 family switch might hang and not pass any traffic when a 24-MB Flash PC card (PCMCIA) is hot swapped very rapidly or when the Flash card is removed when data is being written/read to/from the Flash card. This problem is resolved in software release 5.5(9). (CSCdu23412)
•If you initiate a Console or Telnet session to a Catalyst 6000 family switch and then cancel the connection attempt using the Ctrl-C command before the connection is established, a 16-byte memory leak occurs. This problem is resolved in software release 5.(5)9. (CSCdu29283)
•The supervisor engine might run out of memory buffers if CLI commands are issued repeatedly for a large VLAN or interface list. For example, if you have a script file running on a UNIX machine that is repeatedly executing commands such as: set qos bridged-microflow-policing enable 1-1025 or set vlan 7/1-48,8/1-48,9/1-48, the supervisor engine might reset with the following error message:
PANIC: get_cluster: No clusters available
Breakpoint Exception occurred.
Software version = 6.1(1a)
Process ID #52, Name = Console
sp+00: 00000000 80AB2C1C 802E7FEC 87F83720
sp+10: BE000A00 00000000 87F84150 802E8030
The workaround is to either disable high availability or limit scripts from issuing a large range of set commands, or put a delay in the scripts execution. This problem is resolved in software
release 5.5(9). (CSCds47033)
•In extremely rare conditions all ports on the WS-X6248-RJ45 module might become unreachable with traffic forwarding stopping on all ports. The port LEDs would be amber and the show port command would show the ports as connected. The workaround is to reset the module using the reset command. This problem is resolved in software release 5.5(9). (CSCds75479)
•When polling a Supervisor Engine 1A through SNMP, there must be at least a 1 millisecond delay between successive SNMP "Gets." Without a minor delay, the Catalyst 6000 family switch will output the following display message:
2001 Mar 30 14:03:53 %IP-3-UDP_SOCKOVFL:UDP socket 1034 overflow
This problem does not affect switch performance. This problem is resolved in software
release 5.5(9). (CSCdt86655)
•A token ring VLAN on the active supervisor engine might be translated into another VLAN on the standby supervisor engine after performing a high-availability switchover. This problem is resolved in software release 5.5(9). (CSCdu08852)
•When you connect an ISL trunk port to an access port and enable QoS on the switch with the ISL trunk, the ISL header will have the USER bits set in the destination address. Currently, the QoS ASIC drops the packets with user bits set to 0 and 1 only, and packets with other bits set will be forwarded on the access VLAN of the nontrunk port. These packets do not go through the blocked ports. The workaround is to fix the misconfiguration (that is, set both ends to trunking). This problem is resolved in software release 5.5(9). (CSCdu10858)
•Under very rare circumstances, the WS-X6248 10/100BASE-T modules could get into a fatal state that is beyond recovery by the built-in software recovery mechanisms. If this occurs, the only way to recover from this error condition is to completely reset the module or power the module off and then on.
The set lcperroraction command has been modified and enhanced to react automatically upon detection of this fatal error condition. The LCPERRORACTION can be set to one of the following three levels:
–LCPERRORACTION ignore: This is the default level. Errors are logged. No action is taken.
–LCPERRORACTION operator: Errors are logged. In addition, the system prints a message requesting that you manually power the module off and then on.
–LCPERRORACTION system: Errors are logged. The system automatically powers the module off and then on.
This problem is resolved in software release 5.5(9). (CSCdu15333)
•In the set vlan vlans mod/port command, if the mod/port list is longer than 100 characters, an obviously incorrect VLAN number might be displayed, such as "VLAN 741682996 is not active." The workaround is to break up the mod/port list into smaller mod/port lists. You should configure the new, smaller lists by repeatedly using the set vlan vlans mod/port command rather than just using it once to create a large list. This problem is resolved in software release 5.5(9). (CSCdu17703)
•You might not be able to enable logging for dynamic VLANs using the set logging level dvlan command:
Console> (enable) set logging level dvlan 7
This problem is resolved in software release 5.5(9). (CSCdu19163)
•Packets larger than 1548 bytes (including ISL header, or 1518 bytes without ISL header) might not get through ISL trunks. This problem is resolved in software release 5.5(9). (CSCdu24235)
•An entry (*, G) installed as a complete shortcut will change to a partial shortcut entry when the OIF changes to NULL. When the OIF is reinstalled, the (*, G) entry does not return to a complete shortcut but remains a partial shortcut. If traffic for this group is being sent at a high rate, you may observe high CPU utilization on the MSFC. This problem is resolved in software release 5.5(9). (CSCdu30097)
•When you start a Telnet session from the Catalyst 6000 family switch and issue Ctrl-C immediately after entering the telnet ip_address command, you stop the Telnet session but the terminal session (console or Telnet) locks. If you issue Ctrl-C again, a new prompt appears but you still cannot enter commands. The workaround is to reset the switch. This problem is resolved in software
release 5.5(9). (CSCdu33233)
•The Catalyst 6000 family switch sends the wrong trap OID (.1.3.6.1.2.1.47.2.1.0.1) for the entConfigChange MIB. This problem is resolved in software release 5.5(9). (CSCdu34057)
•The OIF of an active (s, g) flow may change to NULL temporarily and then return to the correct OIF state. When this happens, multicast traffic on that flow is temporarily dropped while the OIF is NULL. This problem is resolved in software release 5.5(9). (CSCdu35684)
•The "hidden" commands, set igmp mode and show igmp mode, have been moved to enable mode. For descriptions of these commands, see the Catalyst 6000 Family Command Reference, software release 5.5. This problem is resolved in software release 5.5(9). (CSCdu39547)
•If you enter the clear config mod_num command on a GBIC port and then remove the GBIC, when you reinsert the GBIC, UDLD is disabled on the port. The workaround is to manually enable UDLD on the port. This problem is resolved in software release 5.5(9). (CSCdt79097)
•There is a problem with parallel TACACS+/RADIUS/KERBEROS access. Authentication protocols (TACACS+, RADIUS, Kerberos) use a global character array to store the user input (such as passwords). As the buffer is global, it is shared by all console and Telnet sessions and may contain input from multiple Telnet sessions which might cause incorrect password input for authentication.
The following example is used for clarification.
–User A—username test, password cisco
–User B—username test2, password cisco
User A Telnets to the switch, types "test," presses Enter, types the password, but does not press Enter. On the other host, User B also Telnets to the switch, types "test2," presses Enter, types the wrong password and presses Enter which causes a login failure. User A goes back to the first switch and because the password is already there, User A presses Enter, but the password is treated as an incorrect password.
This problem is resolved in software release 5.5(9). (CSCdu35551)
•When the native VLAN of a trunking port is changed to a VLAN that is not part of the allowed VLANs list, the port will show up in two VLANs after it becomes a nontrunk port. The workaround is to keep the native VLAN in the allowed VLANs list. This problem is resolved in software
release 5.5(9). (CSCdu42440)
Open and Resolved Caveats in Software Release 5.5(8a)
This section describes open and resolved caveats in supervisor engine software release 5.5(8a).
Open Caveats in Software Release 5.5(8a)
This section describes open caveats in supervisor engine software release 5.5(8a).
•Opening configuration dialogs after resizing the CiscoView browser window on a Solaris/Netscape Communicator client with Java plug-in 1.3.0, causes a Java IlleagalComponentStateException error. The workaround is to open the same dialog again. (CSCdu32555)
Resolved Caveats in Software Release 5.5(8a)
This section describes resolved caveats in supervisor engine software release 5.5(8a).
•The embedded CiscoView cannot be launched after May 11, 2001. The problem is resolved in software release 5.5.(8a) (CSCdu25881)
Open and Resolved Caveats in Software Release 5.5(8)
This section describes open and resolved caveats in supervisor engine software release 5.5(8).
Open Caveats in Software Release 5.5(8)
This section describes open caveats in supervisor engine software release 5.5(8).
•If you disable spanning tree on a Catalyst 6000 family switch that has a redundant EtherChannel configuration, spanning tree on a neighboring switch will not converge and spanning tree loops might occur. (CSCdt18726)
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.5(8)
This section describes resolved caveats in supervisor engine software release 5.5(8).
•The dot1dTpPortInDiscards MIB object might return 0 for a bridge port. This problem is resolved in software release 5.5(8). (CSCdt71890)
•The sequence numbers utilized by a Telnet host on the supervisor engine need to be more random for each subsequent session. This problem is resolved in software release 5.5(8). (CSCdr64948)
•Octets associated with ifInDiscard packets might not be counted. This problem is resolved in software release 5.5(8). (CSCdt62359)
•When three or more switches are connected in a chain-like configuration and two neighboring switches have different native VLANs on a trunk port, the trunk port goes into "pvid-inconsistent state" on one of the switches and then sends a newRoot trap every 2 seconds to the third switch (on other side). This problem is resolved in software release 5.5(8). (CSCdt64289)
•When the ifOperStatus value for the port changes (the port is enabled and disabled, or the link is brought up and down), the ifLastChange value for the port does not change. This problem is resolved in software release 5.5(8). (CSCdt69418)
•When IGMP snooping is enabled and the QoS default action is set to non-zero on one of the two switches in the topology below, both MSFCs might experience high CPU utilization (99 percent). The problem does not occur if the QoS default action is set equally on both switches or if IGMP snooping is disabled.
Multicast client ---
|
Switch 1
(MSFC1)
VLAN 19
5/47
|
|
Switch 2
(MSFC2)
2/1 ---------
|
Multicast source
7500 router
VLAN 15
|
| |
2/23 ---------
|
-- VLAN 19 --
|
-- 2/23
|
|
| |
2/24 ---------
|
-- Trunk -------
|
-- 2/24
|
|
This problem is resolved in software release 5.5(8). (CSCdt73910)
•Routers connected through ATM/WAN links might not be recognized as PIM neighbors by the switch. This problem is resolved in software release 5.5(8). (CSCdt66502)
•The switch might reset with a TLB exception when CmpOctetStringWithLen() receives a null pointer. This problem is resolved in software release 5.5(8). (CSCdt75849)
•The cseL3ActiveFlows MIB object may report high (spurious) values when NDE is enabled and disabled. This problem is resolved in software release 5.5(8). (CSCdt77457)
•After repeatedly removing and then reapplying large IOS ACLs, the MSFC2 is unable to program the PFC again with the ACL information. The MSFC returns the following messages from the feature manager:
%ACL-3-TCAMFULL:Acl engine TCAM table is full
%ACL-3-RACLMAPCOMMITFAIL:Failed to map Router ACL to VLAN 2
%FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded
%FM-4-RACL_REDUCED: Interface Vlan2 routed traffic will be software switched in egress
direction(s)
After resetting the MSFC, the entire ACL table gets compiled and downloaded successfully but after removing and then reapplying, it fails to get compiled. This problem is resolved in software release 5.5(8). (CSCdu08689)
•When an IOS ACL is merged with a VACL for the same interface, and if the resulting ACL exceeds the size of the TCAM, the ACL compiler returns an error. This error is not handled properly and causes the supervisor engine to reload. This problem is resolved in software
release 5.5(8). (CSCdu10105)
•When a channel misconfiguration is detected on a non-root switch in the spanning-tree network, clearing the misconfiguration on the non-root switch might result in the hello timer failing to restart on the root switch. This problem is resolved in software release 5.5(8). (CSCdu08407)
Open and Resolved Caveats in Software Release 5.5(7a)
This section describes open and resolved caveats in supervisor engine software release 5.5(7a).
Open Caveats in Software Release 5.5(7a)
This section describes open caveats in supervisor engine software release 5.5(7a).
•If you disable spanning tree on a Catalyst 6000 family switch that has a redundant EtherChannel configuration, spanning tree on a neighboring switch will not converge and spanning tree loops might occur. (CSCdt18726)
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•When enabling port security on a port, connectivity for that port gets broken. Although there is continuous traffic coming into the port, nothing gets through and no address is being secured. No static entry is present. As soon as port security is disabled on the port, a MAC address is dynamically learned and connectivity is reestablished. (CSCdr53893)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.5(7a)
This section describes resolved caveats in supervisor engine software release 5.5(7a).
An error can occur with management protocol processing. Use the following URL for further information:
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdw67458
•This problem is resolved in software release 5.5(7a). (CSCdw67458)
Open and Resolved Caveats in Software Release 5.5(7)
This section describes open and resolved caveats in supervisor engine software release 5.5(7).
Open Caveats in Software Release 5.5(7)
This section describes open caveats in supervisor engine software release 5.5(7).
•If you disable spanning tree on a Catalyst 6000 family switch that has a redundant EtherChannel configuration, spanning tree on a neighboring switch will not converge and spanning tree loops might occur. (CSCdt18726)
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•When enabling port security on a port, connectivity for that port gets broken. Although there is continuous traffic coming into the port, nothing gets through and no address is being secured. No static entry is present. As soon as port security is disabled on the port, a MAC address is dynamically learned and connectivity is reestablished. (CSCdr53893)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.5(7)
This section describes resolved caveats in supervisor engine software release 5.5(7).
•A switch configured as an NTP client reports incorrect summertime value. The reported end time is advanced by one year in the show ntp and show summertime command displays. This problem is resolved in software release 5.5(7). (CSCdt43350)
•The 64-bit counters, for IfOutOctets, jump to twice the actual value when the 32-bit counters roll over to zero, having approached their maximum value of 4,294,967,295. This causes erroneous readings when counter data is displayed. This problem is resolved in software release 5.5(7). (CSCdt12257)
•The WS-X6248-RJ-45 10/100 switching module might occasionally send signals with long rise and fall times although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
•The switch might reset if you attempt to delete a nonexistent VLAN through the SNMP vtpVlanEditTable. This problem is resolved in software release 5.5(7). (CSCdt38160)
•On a switch with an MSFC, when you configure a bridge-group on a VLAN interface, MLS multicast flows switched to that VLAN (as an outgoing interface) lose connectivity. The workaround is to use the clear ip mroute * command. This problem is resolved in software release 5.5(7). (CSCds43794)
•The show ip permit command might cause the switch to reset. The workaround is to disable DNS on the switch. This problem is resolved in software release 5.5(7). (CSCdt55237)
•The fallback of an UplinkFast port configured as part of an EtherChannel causes a 5- to 10-second connectivity drop. This problem is resolved in software release 5.5(7). (CSCdt60420)
•There is no link between initial system diagnostics and runtime software on an initial system boot up. This means that when a local bus failure occurs in a POST, the entire system runs through its diagnostic routines, failing most items, and then the system is brought online in a nonfunctional state. A mechanism was added so that on a local bus failure, diagnostics communicate the failure to software and the supervisor engine is reset. The reset should clear any transient error condition. This problem is resolved in software release 5.5(7). (CSCdt45687)
•When a port interface sync error occurs and the port interface cannot be resynchronized, the faulty module is not powered down. This situation could potentially tie up the bus and halt traffic across all modules. With this fix, if a port interface on a switching module cannot be synchronized, the module is powered down. If a port interface on the supervisor engine cannot be synchronized, the supervisor engine is reset. This problem is resolved in software release 5.5(7). (CSCdt45676)
•When a port interface sync error occurs, an error message is displayed to record this event. However, if the port interface is returned to a sync condition, there is no message indicating that the out-of-sync condition has been corrected. A message has been added to let you know that the port interface is in sync. This problem is resolved in software release 5.5(7). (CSCdt45676)
•The switch might reset with a TLB exception if the forward slash (/) character is inadvertently used. For example, if you enter show mls statistics entry ip destination / using the forward slash character instead of a question mark (?), the switch might crash. This problem is resolved in software release 5.5(7). (CSCdt73779)
•The switch might reset with a TLB exception when restoring the configuration from a configuration file during system boot up or right after system boot up. This problem is resolved in software release 5.5(7). (CSCdt76499)
Open and Resolved Caveats in Software Release 5.5(6a)
This section describes open and resolved caveats in supervisor engine software release 5.5(6a).
Open Caveats in Software Release 5.5(6a)
This section describes open caveats in supervisor engine software release 5.5(6a).
•If you disable spanning tree on a Catalyst 6000 family switch that has a redundant EtherChannel configuration, spanning tree on a neighboring switch will not converge and spanning tree loops might occur. (CSCdt18726)
•The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•When enabling port security on a port, connectivity for that port gets broken. Although there is continuous traffic coming into the port, nothing gets through and no address is being secured. No static entry is present. As soon as port security is disabled on the port, a MAC address is dynamically learned and connectivity is reestablished. (CSCdr53893)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.5(6a)
This section describes resolved caveats in supervisor engine software release 5.5(6a):
•IGMP snooping and multicast MLS might not work reliably because the router ports are not selected correctly in hardware. This problem is resolved in software release 5.5(6a). (CSCdt31924)
•Multicast packet loss might occur on non-source groups when a large number (15-20) of source-only groups exist. Source-only groups are groups in which there are no receivers. The workaround is to make sure you have only a few source-only groups at any given time. This problem is a duplicate of CSCdt31924 and is resolved in software release 5.5(6a). (CSCdt34253)
Open and Resolved Caveats in Software Release 5.5(6)
This section describes open and resolved caveats in supervisor engine software release 5.5(6).
Open Caveats in Software Release 5.5(6)
This section describes open caveats in supervisor engine software release 5.5(6).
•Multicast packet loss might occur on non-source groups when a large number (15-20) of source-only groups exist. Source-only groups are groups in which there are no receivers.
The workaround is to make sure you have only a few source-only groups at any given time. (CSCdt34253)
•If you disable spanning tree on a Catalyst 6000 family switch that has a redundant EtherChannel configuration, spanning tree on a neighboring switch will not converge and spanning tree loops might occur. (CSCdt18726)
•The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•When enabling port security on a port, connectivity for that port gets broken. Although there is continuous traffic coming into the port, nothing gets through and no address is being secured. No static entry is present. As soon as port security is disabled on the port, a MAC address is dynamically learned and connectivity is reestablished. (CSCdr53893)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.5(6)
This section describes resolved caveats in supervisor engine software release 5.5(6).
•If the first host response to a general IGMP query is sent close to the general query expiry time for three consecutive times, the Catalyst 6000 family switch might fail to pass the next report to the router. Because hosts choose a random time to delay sending a report each time they receive a query, this problem is unlikely to occur. As more receivers are added to a segment the probability is reduced further. This problem is resolved in software release 5.5(6). (CSCds36757)
•The link LED on the WS-X6316 module stays on after the cable is disconnected. This problem is resolved in software release 5.5(6). (CSCds89169)
•When connecting the WS-X6316 module to a 10/100/1000BaseT NIC card, it takes a long time for a 1000-Mbps link to come up. This problem is resolved in software release 5.5(6). (CSCds89179)
•When the RGMP feature is not enabled on the switch and you enter the show rgmp group command, the supervisor engine might reset. This problem is resolved in software release 5.5(6). (CSCds44030)
•When two or more multicast clients attempt to join the same multicast address group at the same time (within 10 seconds of each other), all clients, except the first, fail to join the group. If a client on a CGMP-enabled switch attempts to join a multicast group within 10 seconds of the first client, the join request never arrives at the multicast router, no CGMP message comes back from the multicast router, and the client fails to join the multicast group. This problem is resolved in software release 5.5(6). (CSCds84004)
•The default content and length of the NTP authentication fields in the NTP client request packet changed between software releases 4.x and 5.x, causing problems with time servers. This problem is resolved in software release 5.5(6). (CSCds90575)
•The Catalyst 6009 does not accept TACACS+ authorization replies from the CiscoSecure server. This problem is resolved in software release 5.5(6). (CSCds92279)
•On a Catalyst 6500 family switch running software release 5.5(1), the set spant root dia command generates a "Switch is already the root switch for active VLAN x" error message if the switch is already the root switch and the timers are not tuned. If the switch is not yet the root switch, the command works, and the timers are tuned to the diameter size. This problem is resolved in software release 5.5(6). (CSCdt08211)
•In a Supervisor Engine 1 system, when you apply a reflexive ACL to a VLAN interface on the MSFC or MSFC2 and the reflexive ACL timeout value is set too low, or there are many reflexive ACEs causing frequent additions and deletions of entries, intermittent traffic loss might occur on the interface. This problem is resolved in software release 5.5(6). (CSCdt26889)
•If large IOS ACLs are configured on the MSFC, after a redundant MSFC switchover or a supervisor engine high-availability switchover, interfaces that were configured with the same IOS ACL and share the same label before might not be able to do so any more. As a result the IOS ACLs are duplicated and might not fit into the TCAM. The workaround is to disable and reenable the interface. This problem is resolved in software release 5.5(6). (CSCds66134)
•Occasionally, after a high-availability switchover, when you enter any of the show qos commands, you might receive incorrect output about the QoS/COPS ACL mappings. Your output might show that your switch has no QoS/COPS ACL mappings when the ACLs are actually in the hardware. This applies with either COPS or locally configured ACLs (IP, IPX, MAC) and policers. This condition continues until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy, or until the local QoS configuration is reinstalled in the CLI output structures. This problem is resolved in software release 5.5(6). (CSCdp45099)
•Multicast connectivity is broken over FlexWAN module interfaces when you enable Multicast MLS. The only workaround is to disable Multicast MLS. This problem is resolved in software release 5.5(6). (CSCds63599)
Open and Resolved Caveats in Software Release 5.5(5)
This section describes open and resolved caveats in supervisor engine software release 5.5(5).
Open Caveats in Software Release 5.5(5)
This section describes open caveats in supervisor engine software release 5.5(5).
•If large IOS ACLs are configured on the MSFC, after a redundant MSFC switchover or a supervisor engine high-availability switchover, interfaces that were configured with the same IOS ACL and share the same label before might not be able to do so any more. As a result the IOS ACLs are duplicated and might not fit into TCAM. The workaround is to disable and re-enable the interface. (CSCds66134)
•Multicast connectivity is broken over FlexWAN module interfaces when Multicast MLS is enabled. The only workaround is to disable Multicast MLS. (CSCds63599)
•The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•When enabling port security on a port, connectivity for that port gets broken. Although there is continuous traffic coming into the port, nothing gets through and no address is being secured. No static entry is present. As soon as port security is disabled on the port, a MAC address is dynamically learned and connectivity is reestablished. (CSCdr53893)
•Occasionally, after a high-availability switchover, when you enter any of the show qos commands, you might receive incorrect output about the QoS/COPS ACL mappings. Your output might show that your switch has no QoS/COPS ACL mappings when the ACLs are actually in the hardware. This applies with either COPS or locally configured ACLs (IP, IPX, MAC) and policers. This condition continues until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy, or until the local QoS configuration is reinstalled in the CLI output structures. (CSCdp45099)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.5(5)
This section describes resolved caveats in supervisor engine software release 5.5(5).
•If an EtherChannel is formed with ports on multiple modules, removing a module containing ports that are members of the EtherChannel deletes the EtherChannel from the VTP database. The show spantree command shows the remaining EtherChannel ports in forwarding state but the show trunk command displays no VLANs in forwarding state. This problem is resolved in software release 5.5(5). (CSCds82742)
•After a software upgrade from 5.3(4) to 5.4(3), a set security acl ip name permit/deny ip configuration changes to set security acl ip name permit/deny 0. This problem is resolved in software release 5.5(5). (CSCds64428)
•Executing the following tasks in sequence leaves incorrect entries in the forwarding table.
1. Enabling IGMP snooping
2. Enabling protocol filtering
3. Disabling IGMP snooping
4. Disabling protocol filtering
The workaround is to manually clear these entries. This problem is resolved in software release 5.5(5). (CSCds69447)
•HSRP does not work on a redundant supervisor engine. This problem is resolved in software
release 5.5(5). (CSCds62804)
•SNMP ifTable loops in a get next operation when the following occurs:
–HA is enabled.
–The ifIndexing in the ifTable is not sequential (meaning there is a gap in the Index).
–You enter a clear config all command.
–You reenable HA.
–You enter a supervisor engine command.
This problem is resolved in software release 5.5(5). (CSCds58124)
•When using TACACS command authorization on a Catalyst 6000 family switch, sometimes when you enter a command it is denied. This situation occurs even if the command is explicitly permitted on the AAA server. The workaround is to enter the command several times for it to take effect.
This problem is resolved in software release 5.5(5). (CSCds63731)
•You cannot modify mapped ACLs. This problem is resolved in software release 5.5(5). (CSCds64291)
•Some MLS flows are not aged out. This problem is resolved in software release 5.5(5). (CSCds73531)
•In a Catalyst 6000 family switch running software release 6.1(1) and with a redundant MSFC2 configuration, if you attempt to roll back the MSFC2 images temporarily by setting them to boot to ROMMON and from ROMMON load the MSFC2 image from sup-slot0:, the TFTP process might hang for an extended time period and prevent all module and switch resets as well as all CLI commands that require the download area. The workaround is to allow the first MSFC2 to come online completely and the CPU utilization on the supervisor engine to decrease before you attempt to download the image to the second MSFC2. An alternative workaround is to wait for approximately 6 minutes after the failure for the download area to become available for a retry.
This problem is resolved in software release 5.5(5). (CSCds38036)
•In software releases 6.1(1), 5.5(4), and earlier, if you install more than 1024 dynamic ACEs and enable high availability, due to a a memory corruption the standby supervisor engine might reload if it becomes the active supervisor engine after the switchover. This problem is resolved in software release 5.5(5). (CSCds54441)
•The last used time stamp is less than the creation time stamp. This problem is resolved in software release 5.5(5). (CSCds56305)
Open and Resolved Caveats in Software Release 5.5(4b)
This section describes open and resolved caveats in supervisor engine software release 5.5(4b).
Open Caveats in Software Release 5.5(4b)
This section describes open caveats in supervisor engine software release 5.5(4b).
•Multicast connectivity is broken over FlexWAN module interfaces when Multicast MLS is enabled. The only workaround is to disable Multicast MLS. (CSCds63599)
•SNMP ifTable loops in a get next operation when the following occurs:
–HA is enabled.
–The ifIndexing in the ifTable is not sequential (meaning there is a gap in the Index).
–You enter a clear config all command.
–You reenable HA.
–You enter a switch supervisor command.
(CSCds58124)
•The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•When enabling port security on a port, connectivity for that port gets broken. Although there is continuous traffic coming into the port, nothing gets through and no address is being secured. No static entry is present. As soon as port security is disabled on the port, a MAC address is dynamically learned and connectivity is reestablished. (CSCdr53893)
•Occasionally, after a high availability switchover, when you enter any of the show qos commands, you might receive incorrect output about the QoS/COPS ACL mappings. Your output might show that your switch has no QoS/COPS ACL mappings when the ACLs are actually in the hardware. This applies with either COPS or locally configured ACLs (IP, IPX, MAC) and policers. This condition continues until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy, or until the local QoS configuration is reinstalled in the CLI output structures. (CSCdp45099)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.5(4b)
This section describes resolved caveats in supervisor engine software release 5.5(4b).
•A series of unauthenticated Telnet attempts can cause the Catalyst switch to fail to pass traffic or accept management connections until the system is rebooted or a power cycle is performed.
For more information, refer to the security advisory at this URL:
http://www.cisco.com/warp/public/707/catalyst-memleak-pub.shtml
This problem is resolved in software release 5.5(4b). (CSCds66191).
Open and Resolved Caveats in Software Release 5.5(4a)
This section describes open and resolved caveats in supervisor engine software release 5.5(4a).
Open Caveats in Software Release 5.5(4a)
This section describes open caveats in supervisor engine software release 5.5(4a).
•Multicast connectivity is broken over FlexWAN module interfaces when Multicast MLS is enabled. The only workaround is to disable Multicast MLS. (CSCds63599)
•SNMP ifTable loops in a get next operation when the following occurs:
–HA is enabled.
–The ifIndexing in the ifTable is not sequential (meaning there is a gap in the Index).
–You enter a clear config all command.
–You reenable HA.
–You enter a switch supervisor command.
(CSCds58124)
•The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•When enabling port security on a port, connectivity for that port gets broken. Although there is continuous traffic coming into the port, nothing gets through and no address is being secured. No static entry is present. As soon as port security is disabled on the port, a MAC address is dynamically learned and connectivity is reestablished. (CSCdr53893)
•Occasionally, after a high availability switchover, when you enter any of the show qos commands, you might receive incorrect output about the QoS/COPS ACL mappings. Your output might show that your switch has no QoS/COPS ACL mappings when the ACLs are actually in the hardware. This applies with either COPS or locally configured ACLs (IP, IPX, MAC) and policers. This condition continues until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy, or until the local QoS configuration is reinstalled in the CLI output structures. (CSCdp45099)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.5(4a)
This section describes resolved caveats in supervisor engine software release 5.5(4a).
•Under some conditions, after a second high-availability switchover both supervisor engines might end up in standby mode. To recover from this condition, the switch must be power-cycled. The only workaround is to disable high-availability. This problem is resolved in software
releases 5.5(4a) and 6.1(1a). (CSCds29342)
Open and Resolved Caveats in Software Release 5.5(4)
This section describes open and resolved caveats in supervisor engine software release 5.5(4).
Open Caveats in Software Release 5.5(4)
This section describes open caveats in supervisor engine software release 5.5(4).
•SNMP ifTable loops in a get next operation when the following occurs:
–HA is enabled.
–The ifIndexing in the ifTable is not sequential (meaning there is a gap in the Index).
–You enter a clear config all command.
–You reenable HA.
–You enter a switch supervisor command.
(CSCds58124)
•The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•When enabling port security on a port, connectivity for that port gets broken. Although there is continuous traffic coming into the port, nothing gets through and no address is being secured. No static entry is present. As soon as port security is disabled on the port, a MAC address is dynamically learned and connectivity is reestablished. (CSCdr53893)
•Occasionally, after a high availability switchover, when you enter any of the show qos commands, you might receive incorrect output about the QoS/COPS ACL mappings. Your output might show that your switch has no QoS/COPS ACL mappings when the ACLs are actually in the hardware. This applies with either COPS or locally configured ACLs (IP, IPX, MAC) and policers. This condition continues until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy, or until the local QoS configuration is reinstalled in the CLI output structures. (CSCdp45099)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.5(4)
This section describes resolved caveats in supervisor engine software release 5.5(4).
•NetFlow Data Export (NDE) CPU utilization is high under moderate to heavy loads because NDE entries are not aged out correctly. The high CPU utilization occurs when NDE is enabled and the problem remains even after loads are reduced. This problem is resolved in software release 5.5(4). (CSCds51525)
•NDE exports incorrect time stamps due to an error in calculating the time stamps of Layer 3 shortcuts. This problem is resolved in software release 5.5(4). (CSCds50070)
•In a redundant configuration with HA disabled, if there are any EtherChannels configured and a switchover occurs, spanning tree detects a loop and disables the EtherChannel. The non-root switch shows the state of the EtherChannel ports as errdisable. Ports not in EtherChannels might incorrectly be in the forwarding state, causing a spanning tree loop. This problem is resolved in software release 5.5(4). (CSCds47920)
•To avoid high CPU utilization from a show logging buffer command, do not display more than
20 messages when the screen length is set to 0 or greater than 24 with the set length command. This problem is resolved in software release 5.5(4). (CSCds05287)
•In nonredundant systems, when you enter the clear config all command and reset the system, the ifIndex does not reset. In redundant systems with high availability enabled, when you enter the clear config all command and then use the switch supervisor command, the standby supervisor engine becomes active but you see multiple ifEntrys for the same VlanIndex. The workaround for redundant systems is to disable high availability and use the switch supervisor command after entering the clear config all command; this causes the ifIndex to reset. This problem is resolved in software release 5.5(4). (CSCds34328)
•In a redundant system, when both MSFCs download MFDs, traffic might still go to one of the MSFCs if a Layer 2 multicast protocol (for example, igmp snooping) learns the MSFC as the multicast router after MMLS does. This problem is resolved in software release 5.5(4). (CSCds29497)
•Following switchover, a port configured with the EtherChannel keyword on or off might fail to join a bridge port (spanning tree state "not connected"). This problem is resolved in software release 5.5(4). (CSCds34529)
•If you use SNMP to create an SNMPv3 entry and then use the CLI to modify the entry, the switch might reload. This problem is resolved in software release 5.5(4). (CSCds29514)
•If you map a QoS ACL to a VLAN and then clear the ACL and commit the change, the switch might report a watchdog timeout and reset. To avoid this problem, make certain the ACL is not mapped before performing the commit. This problem is resolved in software release 5.5(4). (CSCds33516)
•Occasionally after HA switchover, when the active supervisor engine is very busy for an extended period, the active and standby supervisor engines do not synchronize. This problem is resolved in software release 5.5(4). (CSCds30158)
•Occasionally after HA switchover, the active supervisor engine resets. This problem is resolved in software release 5.5(4). (CSCds08989)
•While a module is coming on line, occasionally a race condition might cause a port's admin group to be initialized incorrectly. This problem is resolved in software release 5.5(4). (CSCds30044)
•WS-X6608-T1 ports might not register with Cisco CallManager after Cisco CallManager has been unreachable for an extended period. The inability of one port to register prevents other ports from registering. This problem is resolved in software release 5.5(4). (CSCdr81045)
•Non-alphanumeric characters are not valid in VTP domain names, but can be configured in certain cases. This problem is resolved in software release 5.5(4). (CSCds34927)
•The switch might run out of memory if multiple Telnet sessions are open simultaneously while other features are active. This problem is resolved in software release 5.5(4). (CSCds20681)
•Output interfaces that share the same ACL configuration are unable to share ACL labels, which might unexpectedly deplete resources and prevent more ACL configuration. This problem is resolved in software release 5.5(4). (CSCds38165)
•After HA switchover, the active supervisor engine might incorrectly react to an out-of-date "router down" notification by deleting all IOS ACLs and configuring all interfaces as L3 deny. This problem is resolved in software release 5.5(4). (CSCds31058)
•With DNS enabled, an SNMP set operation for cseNetflowLSExportHost might cause the switch to reload. This problem is resolved in software release 5.5(4). (CSCds23316)
•Occasionally, ports are not added to spanning tree instances after HA switchover. This problem is resolved in software release 5.5(4). (CSCds29529)
•A Catalyst 6000 family switch with dual ATM LANE modules can cause a spanning tree loop when the root bridge is connected via an ELAN and two LANE modules both have uplinks to that ELAN. The failure occurs when the root bridge is lost and there is no other source of BPDUs on the ELAN. The loop will not always occur when the root bridge fails. Spanning tree will eventually correct the loop. This problem is resolved in software release 5.5(4). (CSCdr83772)
•When configuring security or QoS ACLs, you might receive a message that TCAM LOU usage capability has been exceeded when it has not. If this occurs, further ACL configuration with the operators in question is not possible. This problem is resolved in software release 5.5(4). (CSCds39830)
•Very rarely, an EtherChannel might get put in the error-disabled state if it was formed from ports that just became trunks that did not have their native VLAN in the allowed range. This problem is resolved in software release 5.5(4). (CSCds35238)
•Allocating too many buckets in RMON might cause memory allocation errors. When system memory usage reaches 90%, some show commands might not work and new Telnet sessions might not be allowed. An example follows:
Console> (enable) show version
Failed to allocate session block.
Error: can't find scp/slp buffer slot for show command: 10.
This problem is resolved in software release 5.5(4). (CSCds30395)
•The switch does not allow you to create a second etherStatsEntry with the same ifIndex for an interface. When you try to create the second etherStatsEntry with the same interface in etherStatsDataSource as one of the existing entries, the switch returns a "bad value" error. The problem exists in 5.x and 6.1(1) releases. The workaround is to use the existing etherStatsEntry for the interface or create a new one after deleting the existing entry that has the same ifIndex. This problem is resolved in software release 5.5(4). (CSCds22815)
•Setting ntpAuthenticationSecretKey from SNMP does not have any effect. This problem is resolved in software release 5.5(4). (CSCdk75107)
•If you configure level 2 system logging and if a native VLAN mismatch occurs on 802.1Q trunks, the system log messages contain incorrect module and port values and sometimes a reload might occur. This problem is resolved in software release 5.5(4). (CSCds23497)
Open and Resolved Caveats in Software Release 5.5(3)
This section describes open and resolved caveats in supervisor engine software release 5.5(3).
Open Caveats in Software Release 5.5(3)
This section describes open caveats in supervisor engine software release 5.5(3).
•The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•When enabling port security on a port, connectivity for that port gets broken. Although there is continuous traffic coming into the port, nothing gets through and no address is being secured. No static entry is present. As soon as port security is disabled on the port, a MAC address is dynamically learned and connectivity is reestablished. (CSCdr53893)
•Occasionally, after a high availability switchover, when you enter any of the show qos commands, you might receive incorrect output about the QoS/COPS ACL mappings. Your output might show that your switch has no QoS/COPS ACL mappings when the ACLs are actually in the hardware. This applies with either COPS or locally configured ACLs (IP, IPX, MAC) and policers. This condition continues until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy, or until the local QoS configuration is reinstalled in the CLI output structures. (CSCdp45099)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For the packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.5(3)
This section describes resolved caveats in supervisor engine software release 5.5(3).
•The switch might display "Out of memory" messages resulting in VMPS becoming inactive. This could be due to duplicate MAC addresses in the VMPS database. The workaround is to reboot the switch. This problem is resolved in software release 5.5(3). (CSCdr95115)
•The switch might run out of memory if a lot of RMON related entries are created. This problem could exist in releases 5.4(x), 5.5(1), and 5.5(2). This problem is resolved in software release 5.5(3). (CSCdr99175)
•In some instances when IGMP snooping is used, a device might not be added to a multicast group on its first attempt to join. A related problem occurs when a switch has only multicast sources for a given group of MAC address directly attached. Because of problems with entries periodically timing out, packet loss might occur when this entry is removed and reinstalled. This problem is resolved in software release 5.5(3). (CSCdr54030)
•In systems with redundant supervisor engines and high availability enabled, the NAM might fail to come online after a high-availability switchover. This problem is resolved in software release 5.5(3). (CSCdr24405)
•When Cisco IP 7960 phones are connected to the WS-X6348-RJ-45 module with the inline power daughter card, some phones might not power up and the following message is displayed:
%SYS-3-PORT_DEVICENOLINK:Device on port 3/1 powered but no link up
This problem is resolved in software release 5.5(3). (CSCdr61759)
•A watchdog timeout might occur in systems with redundant supervisor engines and a four port Gigabit EtherChannel between the supervisor engine uplink ports. The timeout might happen when the switch does a high availability switchover from slot 1 to slot 2, as slot 2 is becoming the active supervisor engine. This problem is resolved in software release 5.5(3). (CSCdr72289)
•When the switch boots up, if there is a large ACL configuration and QoS is enabled, classification on channel ports might not work correctly. The workaround is to disable QoS and then enable it. This problem is resolved in software release 5.5(3). (CSCdr80892)
•When there are a large number of VLANs and trunks, the clear config command could result in some ports being stuck as trunks without being in spanning tree. The workaround is to disable and enable the port after using the clear config command. This problem is resolved in software
release 5.5(3). (CSCdr81688)
•In TOPN reports, the Gigabit Ethernet port utilization is not correct. The actual value should be one half of the number showing up in the report. For example, if the report says it's 50% then the actual value should be 25% instead. This problem is resolved in software release 5.5(3). (CSCdr84143)
•TACACS+ command authorization fails if the switch is configured through the TFTP configuration file (copy tftp config command). The workaround is to use the configure host file command. This problem is resolved in software release 5.5(3). (CSCdr85581)
•The hcRMONCapabilities MIB object is not implemented in the switch. This results in some applications failing to recognize the HCRMON capability of the devices. This issue also affects TrafficDirector. This problem is resolved in software release 5.5(3). (CSCdr89597)
•The switch might reset with a TLB exception when the qos policy-source is changed from cops to local. This problem is resolved in software release 5.5(3). (CSCdr90417)
•If the file system is in use or a download is in progress when a scheduled reset occurs, the system might fail to reset and the switching modules might be powered down. This problem is resolved in software release 5.5(3). (CSCdr93503)
•Private VLAN mappings might be missing from show commands after a high availability switchover. This problem is resolved in software release 5.5(3). (CSCdr94109)
•A reset with minimum downtime (reset mindown command) might be stopped in the middle and never finish if the reset minimum downtime process is triggered by a scheduled reset mindown (reset mindown at hh:mm, or reset mindown in hh:mm) and you are doing any show commands between the time the scheduled reset mindown is happening and the active supervisor engine is being reset.
A reset with minimum downtime might also be stopped in the middle if the scheduled reset mindown command is issued from a telnet session, and the telnet session is stopped when the scheduled reset mindown is occurring. The workaround is avoid doing any show commands during the time that the scheduled reset mindown is about to happen until the active supervisor engine is reset. Also, avoid stopping the telnet session while the scheduled reset mindown is happening. This problem is resolved in software release 5.5(3). (CSCdr97771)
•After you configure the scheduled reset time through SNMP MIB object csyScheduledResetTime, changes you make to the value of the csyScheduledResetAction object are accepted, but the new reset type does not take effect unless you set the csyScheduledResetTime again. The possible workarounds for this problem are as follows:
–Always set the csyScheduledResetAction object before setting the csyScheduledResetTime object when you configure the scheduled reset feature through SNMP.
–If you need to change the csyScheduledResetAction object, you have to reset the csyScheduledResetTime object afterwards.
This problem occurs when you configure the scheduled reset time through the SNMP MIB object, but does not occur when scheduling the reset time through the CLI. This problem is resolved in software release 5.5(3). (CSCdp86609)
•ASLB and ASLB+ problem: The LDA MLS cache might not be cleared even after the TCP session finishes. Also the LDA MLS cache might be cleared normally but appear to be recreated by a packet other than the SYN packet. In both cases the LDA MLS entry will remain in the cache until it is aged out.
If you encounter these cache problems, you can use the hidden command set ld-d age [time in ms] to enable the aging of TCP cache entries faster than with the regular command. This hidden command is available in 5.5(3) and later releases. (CSCdr98794)
•The switch might reset with a TLB exception after using the show qos acl info config all command. This problem is resolved in software release 5.5(3). (CSCdr99011)
•BPDUs received on an ATM module interface might be dropped. This problem is resolved in software release 5.5(3). (CSCds04667)
•The switch might reset with a breakpoint exception when using the set banner motd command. This problem is resolved in software release 5.5(3). (CSCds07379)
•The IPX MLS aging time might not work correctly; shortcuts could remain active longer than the specified aging time. This problem is resolved in software release 5.5(3). (CSCds09546)
•LinkUp trap might be sent when changing a VLAN from an "active" to a "suspend" state. This problem is resolved in software release 5.5(3). (CSCds12806)
•When a port belongs to a private VLAN and RSVP is enabled, RSVP flows are not learned on the private VLAN port. This problem is resolved in software release 5.5(3). (CSCdr82784)
•When you configure the switch for auto-config and then reset the switch, ports might start forwarding before the auto-config starts execution. This is true for both a startup-config and an acl-config only file. This problem is resolved in software release 5.5(3). (CSCdr78762)
•The switch might reset with a TLB exception after issuing the set igmp disable command. This problem is resolved in software release 5.5(3). (CSCds14846)
•Under certain conditions different VLAN interfaces defined on the MSFC might incorrectly share the same default action for the output lookup. This does not happen on VLANs where IOS ACLs (router ACLs) are configured. This problem is resolved in software release 5.5(3). (CSCdr89081)
•With a large number of active dynamic host entries (100+) and a large number of port flaps, there is a possibility of corrupting the MAC address table, which might lead to an exception. The workaround is to disable VMPS or upgrade to 5.5(3) or later software. This problem is resolved in software release 5.5(3). (CSCdp67239)
•When there are a large number of dynamic host entries (100+), the dynamic VLAN reconfirmation procedure might report a timeout condition. This has no effect on the functionality of the system as the entry is reconfirmed immediately after this image is posted. To prevent these messages, you can lower the dvlan syslog level to 1 or upgrade to 5.5(3) or later. This problem is resolved in software release 5.5(3). (CSCdr54431)
•When an RSPAN source module is powered down during a high availability switchover, after the switchover the RSPAN destination port might still be seeing some broadcast/multicast traffic even without the source ports. This problem is resolved in software release 5.5(3). (CSCdr81151)
•When the IPX maximum hop count is changed on the MSFC it is not being accurately changed on the supervisor engine (show mls command). Steps have been taken to check the validity of the IPX maximum hop count on the MSFC before passing it down to the supervisor engine. In case of an invalid value, a default value of NOVELL_MAX_HOPS_ALLOWED (255) is sent down to the supervisor engine. This problem is resolved in software release 5.5(3). (CSCds08610)
•In systems with redundant supervisor engines, when a high availability switchover occurs, as the standby supervisor engine transitions to active it might experience a watchdog timeout and a series of Bus Timeout NMIs. The standby then remains inactive. The workaround is to power cycle the switch. This problem is resolved in software release 5.5(3). (CSCdr72885)
Open and Resolved Caveats in Software Release 5.5(2)
This section describes open and resolved caveats in supervisor engine software release 5.5(2).
Open Caveats in Software Release 5.5(2)
This section describes open caveats in supervisor engine software release 5.5(2).
•The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•When enabling port security on a port, connectivity for that port gets broken. Although there is continuous traffic coming into the port, nothing gets through and no address is being secured. No static entry is present. As soon as port security is disabled on the port, a MAC address is dynamically learned and connectivity is reestablished. (CSCdr53893)
•Occasionally, after a high availability switchover, when you enter any of the show qos commands, you might receive incorrect output about the QoS/COPS ACL mappings. Your output might show that your switch has no QoS/COPS ACL mappings when the ACLs are actually in the hardware. This applies with either COPS or locally configured ACLs (IP, IPX, MAC) and policers. This condition continues until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy, or until the local QoS configuration is reinstalled in the CLI output structures. (CSCdp45099)
•After you configure the scheduled reset time through the SNMP MIB object csyScheduledResetTime, changes you make to the value of the csyScheduledResetAction object are accepted, but the new reset type does not take effect unless you set the csyScheduledResetTime again. The possible workarounds for this problem are as follows:
–Always set the csyScheduledResetAction object before setting the csyScheduledResetTime object when you configure the scheduled reset feature through SNMP.
–If you need to change the csyScheduledResetAction object, you have to reset the csyScheduledResetTime object afterwards.
This problem occurs when you configure the scheduled reset time through SNMP MIB object, but does not occur when scheduling the reset time through the CLI. (CSCdp86609)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For the packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.5(2)
This section describes resolved caveats in supervisor engine software release 5.5(2).
•Under extreme traffic conditions and with certain hardware configurations, the supervisor engine might reset.
CSCdr50405 is a duplicate of CSCdr50405, which is resolved in software release 5.5(2). (CSCdr50405)
•Occasionally, after a fast switchover (non-high availability) the 48-port 10/100TX RJ-45 module (WS-X6348-RJ-45) might report a minor hardware problem. If this occurs, all connected ports show faulty. The workaround is to reset the module and if the ports do not come up, reset the switch.This problem is resolved in software release 5.5(2). (CSCdr53825)
•When the host from a dynamic VLAN port pings the switch sc0 interface in a different VLAN (so the ping has to go through the MSFC), the port that the host is attached to might get disabled by an EARL failure. The workaround is to use static VLANs for the host port or access sc0 from the same VLAN. This problem is resolved in software release 5.5(2). (CSCdr67201)
•The QoS CoS DSCP map cannot be currently downloaded via COPS. The locally defined cos-dscp map is used instead when the QoS policy-source of the switch is set to COPS. This problem is resolved in software release 5.5(2). (CSCdr38648)
•The show cops pib command might cause the switch to reset if COPS is used. This problem is resolved in software release 5.5(2). (CSCdr52849)
•You might experience an out-of-memory condition on the active or standby supervisor engine when performing a large number of commit/clear operations in quick succession on QoS ACLs and VACLs with a large number of ACEs. This problem is resolved in software release 5.5(2). (CSCdr64288, CSCdr59094, CSCdr60993)
•If QoS is enabled and disabled repeatedly, then depending on the complexity of the QoS configuration, the switch might experience a reset. This problem is resolved in software
release 5.5(2). (CSCdr60464)
•QoS ACLs might not be mapped correctly to ATM modules. An attempt to map a QoS IP ACL to an ATM module appears to succeed. However, the ACL might not be mapped correctly causing traffic coming in from the ATM module to not get the correct QoS classification/policing decision. This problem is resolved in software release 5.5(2). (CSCdr57771)
•RSVP flows are not getting the correct DSCP values when the set port qos policy-source is set to local. This problem is resolved in software release 5.5(2). (CSCdr66180)
•Occasionally, after a topology change, a port might be stuck in a blocking state with a point-to-point trunk blocking on both sides of a VLAN. The port might get stuck in the blocking state although it is not seeing any BPDUs. This problem is resolved in software release 5.5(2). (CSCdr56738) (CSCdr69299 - duplicate of CSCdr56738)
•Network Analysis Module Only: When you disable the SNMP-extended RMON NetFlow feature, NDE collection is not stopped automatically. This might cause high CPU utilization reaching to
100 percent. The workaround is to disable the MLS NDE feature manually when disabling the SNMP-extended RMON NetFlow feature. This problem is resolved in software release 5.5(2). (CSCdr56663)
•Network Analysis Module Only: When you disable the SNMP-extended RMON NetFlow feature, NDE collection is not stopped automatically. This might cause high CPU utilization reaching to
100 percent. The workaround is to disable the MLS NDE feature manually when disabling the SNMP-extended RMON NetFlow feature. This problem is resolved in software release 5.5(2). (CSCdr56698)
•For normal UDLD, the recommended message interval is 15 seconds. Caveat CSCdr50206 requires that you follow these configuration recommendations:
–We recommend that you do not use UDLD with the ON - AUTO trunk combination. UDLD can be used with any other valid trunk combination.
–When enabling aggressive UDLD, the recommended message interval is 30 seconds; beware that it might shut down the port on a link where there is an extended period of trunk state mismatch on two sides of the link, especially when the supervisor engine is significantly loaded. This problem is resolved in software release 5.5(2). (CSCdr50206)
•After enabling DHCP on the 24-port FXS analog interface module (WS-X6224-FXS), the configuration shows DHCP disabled and the module does not register with Cisco CallManager but it does get the DHCP information. This problem is resolved in software release 5.5(2). (CSCdr67032)
•In rare corner cases, during a fast switchover of the supervisor engines, some of the unconnected ports on an Ethernet module might light up green as if connected and the software reports that the ports are connected and in spanning tree forwarding state. The workaround to clear the port's undefined state, is to reset the module. This problem is resolved in software release 5.5(2). (CSCdp83157).
•If you accidentally create a router interface (for example, an interface created on the MSFC) for a secondary VLAN, and then delete it, Layer 3 traffic on the secondary VLAN might be dropped. If you accidentally create a router interface for a secondary VLAN, do not delete the interface until the corresponding VLAN on the switch is also cleared. Otherwise, the only workaround (other than resetting the whole switch) is to clear the VLAN on the switch (the corresponding interface on the MSFC should be already missing) and then enter the set vlan and set pvlan commands to set up the VLAN. This, unfortunately, might require that the ports assigned to that VLAN be moved temporarily to another VLAN. This problem is resolved in software release 5.5(2). (CSCdp75819)
•If the NVRAM is full and the software is upgraded to versions 5.4(x) or 5.5(1), the QoS and security ACL VLAN and port mapping configuration might be lost after the upgrade. This only happens if the ACL configuration is automatically moved to Flash memory during the upgrade, and that is only done when it is necessary to make more room in NVRAM to allow the upgrade process to work. A work around is to save the configuration before the upgrade and reapply the ACL mapping commands after the upgrade. This problem is resolved in software release 5.5(2). (CSCdr78755)
•On Catalyst 6000 family switches with redundant supervisor engines (MSFC and PFC) and high availability enabled and HSRP active, system CAM entries for HSRP might end up on the wrong MSFC after a high availability switchover.
For example, if you reset the first supervisor engine, all system CAM entries for VLAN 440 are copied to the secondary MSFC (this is the correct behavior). The first supervisor engine finishes resetting and the MSFC comes online. HSRP is still active on the secondary supervisor engine. The system CAM entry for the VLAN 440 interface moves back to the first MSFC (this is the correct behavior). The system CAM entry for the HSRP interface for VLAN 440 also moves back to the first MSFC (this IS NOT the correct behavior). Consequently, all hosts using the HSRP interface as the default gateway cannot pass traffic beyond their subnets. The workaround is to configure HSRP with preemption and higher priority for one MSFC because when both MSFCs are up, the higher priority MSFC will always be active. In the case where the active MSFC goes down, the standby MSFC will become HSRP active, but when the MSFC comes back up, that MSFC will preempt the currently active MSFC to become HSRP active again. This problem is resolved in software release 5.5(2). (CSCdr01262)
•The NetFlow Data Export (NDE) task might cause high CPU utilization under heavy (fast) aging conditions. This problem is resolved in software release 5.5(2). (CSCdr10379)
•On Catalyst 6000 family switches with redundant supervisor engines (MSFC and PFC), the show module command shows firmware (fw) as 0.0 for the MSFC after system bootup. This problem is resolved in software release 5.5(2). (CSCdr62924)
•IEEE llc registration entries are set when the first VLAN enabled is an inactive one. If spanning tree is disabled for all VLANs afterwards, the IEEE llc entry does not get cleared. The fix was to not set the IEEE llc entries when spanning tree is enabled for an inactive VLAN. This problem is resolved in software release 5.5(2). (CSCdr63409)
•During a "clear config all," the VTP database could be invalid (NULL domain and with no default VLANs) for a short period of time before high availability gets disabled. If some VTP events get into the high availability sync queue during this transition period, the VTP database on the standby supervisor engine could be corrupted. The fix ensures that the standby supervisor engine always has a valid VTP database during a "clear config all." This problem is resolved in software release 5.5(2). (CSCdr53367)
•Ports remain blocking after a high availability switchover. This is a corner case that would only occur with spanning tree disabled AND the user disabling/enabling a channel port during a high availability switchover. For example, spanning tree is disabled on the switch and a port in a channel is disabled. At this point you perform a high availability switchover and enable the channel port on the "new" active supervisor engine. Since spanning tree is disabled, the initialization on the new active supervisor engine did not go through the usual path and it did not take care of a field used to set the state in a channel port; therefore, the reenabled port stays in the blocking state. This problem is resolved in software release 5.5(2). (CSCdr19830)
•Port VLAN information is not displayed correctly after a system reset. This bug is restricted to 10/100 ports. If you add a port to a VLAN and then reset the system, the show vlan and show configuration commands might display different port VLAN information than the show port command. This problem is resolved in software release 5.5(2). (CSCdr77106)
•If RSVP path messages are received on an EtherChannel port, the switch might incorrectly send the NULL role combination to the COPS server, which results in applying the default policy to the flow. This problem is resolved in software release 5.5(2). (CSCdr72785)
•With RSVP disabled, creating a new Ethernet VLAN results in RSVP adding the SBM MAC addresses to the CAM; this prevents RSVP messages from being flooded downstream. This problem is resolved in software release 5.5(2). (CSCdr82555)
•On Catalyst 6000 family switches with redundant supervisor engines, if the uplink ports are already switching traffic and if the active supervisor engine synchronizes the runtime image and resets the standby supervisor engine, the port interface ASICs on the standby supervisor engine automatically reset. If a packet was switched on any of these ports, the sequence number seen by the rest of the system might not match with that of the packet that was lost due to the standby supervisor engine being reset. This could cause the switching modules and supervisor engines to report a "bus asic sequence mismatch." This problem is resolved in software release 5.5(2). (CSCdr72834)
•On Catalyst 6000 switches with redundant supervisor engines (MSFC and PFC), if IGMP snooping is disabled and subsequently enabled, the MSFCs will no longer be protected by the supervisor engine hardware from multicast traffic that arrives on their non-RPF interfaces, resulting in higher CPU utilization on the MSFCs. A reset of the switch is required to correct this condition. This problem is resolved in software release 5.5(2). (CSCdr82075)
•If you do a high availability switchover immediately (less than 3 seconds) after changing the trunk type (from isl to dot1q or vice versa), it is possible for that trunk to not be added to spanning tree. The workaround is to disable and reenable the port. This problem is resolved in software release 5.5(2). (CSCdr76108)
•The LTL flood index might not be cleared on the SPAN destination ports even after removing the SPAN source port modules. Because of that, traffic would be seen on the SPAN destination port even after removing the SPAN source port modules. This problem is resolved in software
release 5.5(2). (CSCdr79294)
•8-port T1/E1 ISDN PRI and 24-port FXS Analog Station Interface modules: In CiscoView images, the Catalyst 6000 family voice module's port status information is not accurately reflected. The port status is always "other" or "ok." This has been corrected. For example, on the 24-port FXS module, when the phone is offhook (call in progress), the port status is "ok." When the phone is onhook, it is "other." And when it is disabled, the port status is "minorfault." This problem is resolved in software release 5.5(2). (CSCdr35662)
•The show port qos and show qos info ... commands do not work on ATM LANE modules (WS-X6101-OC12-MMF and WS-X6101-OC12-SMF). (CSCdr33320)
•8-port T1/E1 ISDN PRI and 24-port FXS Analog Station Interface modules: While calls are active on these modules, you can disable individual port communication processors (860s) with the set port disable command; this disconnects all calls going through a particular 860. The supervisor engine prompts you if any calls are currently active on the 860 when the set port disable command is issued. You will have the choice of terminating all calls on the 860 right away by disabling the 860 or you can opt to wait for the 860 call status to become idle before disabling the 860. (The 860 communications processor main functions are to act as an interface for the voice-data streams to the Ethernet, provide signaling for the T1/E1 line, and process call management commands.) This problem is resolved in software release 5.5(2). (CSCdr60305)
•This problem is due to module physical tolerances and is not present on all modules. You might see this problem when doing an online insertion or removal of a standby supervisor engine or a WS-X6348-RJ45 10/100 module while there is traffic present on the system. The problem manifests itself with a system reset with the following error message:
6509-#1-Dev-Lab:> (enable) 2000 Mar 30 17:28:47 %SYS-5-MOD_REMOVE:Module 16 has been
removed
2000 Mar 30 17:28:47 %SYS-5-MOD_REMOVE:Module 2 has been removed
cafe2_latte_seq_err_hdlr (Kernel and Idle), Exp:0, Rcv:0
PANIC:Earl is in panic
The workaround is to issue a reset x, where x is the module number of the module to be removed, and then remove the module in slot x. This problem is resolved in software release 5.5(2). (CSCdp84973)
•The CLI does not allow flow control to be turned on when QoS is enabled. This problem is resolved in software release 5.5(2). (CSCdr38820)
Open and Resolved Caveats in Software Release 5.5(1)
This section describes open and resolved caveats in supervisor engine software release 5.5(1).
Open Caveats in Software Release 5.5(1)
This section describes open caveats in supervisor engine software release 5.5(1).
•When the host from a dynamic VLAN port pings the switch sc0 interface in a different VLAN (so the ping has to go through the MSFC), the port that the host is attached to might get disabled by an EARL failure. The workaround is to use static VLANs for the host port or access sc0 from the same VLAN. (CSCdr67201)
•The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
•The QoS CoS DSCP map cannot be currently downloaded via COPS. The locally defined cos-dscp map is used instead when the QoS policy-source of the switch is set to COPS. (CSCdr38648)
•The show cops pib command might cause the switch to reset if COPS is used. (CSCdr52849)
•If the QoS policy source is changed from COPS to local and local to COPS quickly in succession, the switch might experience a reset. The workaround is to change the QoS policy source to local (set qos policy-source local), wait a few minutes, and then change the QoS policy source back to COPS (set qos policy-source cops). (CSCdr60530)
Note CSCdr60530 has not been seen in other releases.
•If QoS is enabled and disabled repeatedly, then depending on the complexity of the QoS configuration, the switch might experience a reset. (CSCdr60464)
•The show port qos and show qos info ... commands do not work on ATM LANE modules (WS-X6101-OC12-MMF and WS-X6101-OC12-SMF). (CSCdr33320)
•The ACL manager process might hang when performing a large number of commit/clear operations in quick succession on QoS ACLs and VACLs with a large number of ACEs. (CSCdr60039)
Note CSCdr60039 has not been seen in other releases.
•You might experience an out-of-memory condition on the active or standby supervisor engine when performing a large number of commit/clear operations in quick succession on QoS ACLs and VACLs with a large number of ACEs. (CSCdr64288, CSCdr59094, CSCdr60993)
•A port on the 48-port 10/100TX RJ-45 module (WS-X6348-RJ-45) with a status of errdisabled will not come up after enabling it; its status shows "notconnect." The workaround is to disconnect and then reconnect the cable attached to the port. (CSCdr31752)
Note CSCdr31752 has not been seen in later releases.
•QoS ACLs might not be mapped correctly to ATM modules. An attempt to map a QoS IP ACL to an ATM module appears to succeed. However, the ACL might not be mapped correctly causing traffic coming in from the ATM module to not get the correct QoS classification/policing decision. (CSCdr57771)
•Occasionally, after a topology change, a port might be stuck in a blocking state with a point-to-point trunk blocking on both sides of a VLAN. The port might get stuck in the blocking state although it is not seeing any BPDUs. (CSCdr56738) (CSCdr69299 - duplicate of CSCdr56738)
•Network Analysis Module Only: When you disable the SNMP-extended RMON NetFlow feature, NDE collection is not stopped automatically. This might cause high CPU utilization reaching to
100 percent. The workaround is to disable the MLS NDE feature manually when disabling the SNMP-extended RMON NetFlow feature. (CSCdr56663)
•Network Analysis Module Only: When you disable the SNMP-extended RMON NetFlow feature, NDE collection is not stopped automatically. This might cause high CPU utilization reaching to
100 percent. The workaround is to disable the MLS NDE feature manually when disabling the SNMP-extended RMON NetFlow feature. (CSCdr56698)
•Occasionally, after a high availability switchover, the now active supervisor engine might report a minor hardware problem. (CSCdr54908)
Note CSCdr54908 has not been seen in other releases.
•When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at
10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
•Cisco IP Phone 7960: When you have a hub connected to the switch and IP phones connected to the hub, the phones might lose connectivity with Cisco CallManager if you remove and then reconnect power from one phone after a call has been established. The workaround is to power cycle the phone that had its power interrupted. This action brings up all phones connected to the hub. (CSCdr36895)
Note CSCdr36895 has not been seen in later releases.
•When enabling port security on a port, connectivity for that port gets broken. Although there is continuous traffic coming into the port, nothing gets through and no address is being secured. No static entry is present. As soon as port security is disabled on the port, a MAC address is dynamically learned and connectivity is reestablished. (CSCdr53893)
•Occasionally, after a fast switchover (non-high availability) the 48-port 10/100TX RJ-45 module (WS-X6348-RJ-45) might report a minor hardware problem. If this occurs, all connected ports show faulty. The workaround is to reset the module and if the ports do not come up, reset the switch.This problem is resolved in software release 5.5(2). (CSCdr53825)
•For normal UDLD, the recommended message interval is 15 seconds. Caveat CSCdr50206 requires that you follow these configuration recommendations:
–We recommend that you do not use UDLD with the ON - AUTO trunk combination. UDLD can be used with any other valid trunk combination.
–When enabling aggressive UDLD, the recommended message interval is 30 seconds; beware that it might shut down the port on a link where there is an extended period of trunk state mismatch on two sides of the link, especially when the supervisor engine is significantly loaded. (CSCdr50206)
•In rare corner cases, during a fast switchover of the supervisor engines, some of the unconnected ports on an Ethernet module might light up green as if connected and the software reports that the ports are connected and in spanning tree forwarding state. The workaround to clear the port's undefined state, is to reset the module. (CSCdp83157).
•Occasionally, after a high availability switchover, when you enter any of the show qos commands, you might receive incorrect output about the QoS/COPS ACL mappings. Your output might show that your switch has no QoS/COPS ACL mappings when the ACLs are actually in the hardware. This applies with either COPS or locally configured ACLs (IP, IPX, MAC) and policers. This condition continues until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy, or until the local QoS configuration is reinstalled in the CLI output structures. (CSCdp45099)
•After you configure the scheduled reset time through SNMP MIB object csyScheduledResetTime, changes you make to the value of the csyScheduledResetAction object are accepted, but the new reset type does not take effect unless you set the csyScheduledResetTime again. The possible workarounds for this problem are as follows:
–Always set the csyScheduledResetAction object before setting the csyScheduledResetTime object when you configure the scheduled reset feature through SNMP.
–If you need to change the csyScheduledResetAction object, you have to reset the csyScheduledResetTime object afterwards.
This problem occurs when you configure the scheduled reset time through the SNMP MIB object, but does not occur when scheduling the reset time through the CLI. (CSCdp86609)
•If you accidentally create a router interface (for example, an interface created on the MSFC) for a secondary VLAN, and then delete it, Layer 3 traffic on the secondary VLAN might be dropped. If you accidentally create a router interface for a secondary VLAN, do not delete the interface until the corresponding VLAN on the switch is also cleared. Otherwise, the only workaround (other than resetting the whole switch) is to clear the VLAN on the switch (the corresponding interface on the MSFC should be already missing) and then enter the set vlan and set pvlan commands to set up the VLAN. This, unfortunately, might require that the ports assigned to that VLAN be moved temporarily to another VLAN. (CSCdp75819)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For the packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.5(1)
This section describes resolved caveats in supervisor engine software release 5.5(1).
•MLS traffic might be interrupted for 10 to 20 seconds after a high availability switchover with ACLs. This problem was MSFC related and is resolved in Cisco IOS Release 12.1(1)E2. (CSCdp87323)
Open and Resolved Caveats in Software Release 5.4(4a)
This section describes open and resolved caveats in supervisor engine software release 5.4(4a).
Open Caveats in Software Release 5.4(4a)
This section describes open caveats in supervisor engine software release 5.4(4a).
•You might experience an out-of-memory condition on the active or standby supervisor engine when performing a large number of commit/clear operations in quick succession on QoS ACLs and VACLs with a large number of ACEs. (CSCdr64288, CSCdr59094, CSCdr60993)
•When the host from a dynamic VLAN port pings the switch sc0 interface in a different VLAN (so the ping has to go through the MSFC), the port that the host is attached to might get disabled by an EARL failure. The workaround is to use static VLANs for the host port or access sc0 from the same VLAN. (CSCdr67201)
•The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
•For normal UDLD, the recommended message interval is 15 seconds. Caveat CSCdr50206 requires that you follow these configuration recommendations:
–We recommend that you do not use UDLD with the ON - AUTO trunk combination. UDLD can be used with any other valid trunk combination.
–When enabling aggressive UDLD, the recommended message interval is 30 seconds; beware that it might shut down the port on a link where there is an extended period of trunk state mismatch on two sides of the link, especially when the supervisor engine is significantly loaded. (CSCdr50206)
•In rare corner cases, during a fast switchover of the supervisor engines, some of the unconnected ports on an Ethernet module might light up green as if connected and the software reports that the ports are connected and in spanning tree forwarding state. The workaround to clear the port's undefined state, is to reset the module. (CSCdp83157).
•Occasionally, after a high availability switchover, when you enter any of the show qos commands, you might receive incorrect output about the QoS/COPS ACL mappings. Your output might show that your switch has no QoS/COPS ACL mappings when the ACLs are actually in the hardware. This applies with either COPS or locally configured ACLs (IP, IPX, MAC) and policers. This condition continues until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy, or until the local QoS configuration is reinstalled in the CLI output structures. (CSCdp45099)
•QoS ACLs might not be mapped correctly to ATM modules. An attempt to map a QoS IP ACL to an ATM module appears to succeed. However, the ACL might not be mapped correctly causing traffic coming in from the ATM module to not get the correct QoS classification/policing decision. (CSCdr57771)
•The QoS CoS DSCP map cannot be currently downloaded via COPS. The locally defined cos-dscp map is used instead when the QoS policy-source of the switch is set to COPS. (CSCdr38648)
•The show cops pib command might cause the switch to reset if COPS is used. (CSCdr52849)
•Occasionally, after a topology change, a port might be stuck in a blocking state with a point-to-point trunk blocking on both sides of a VLAN. The port might get stuck in the blocking state although it is not seeing any BPDUs. (CSCdr56738) (CSCdr69299 - duplicate of CSCdr56738)
•After you configure the scheduled reset time through SNMP MIB object csyScheduledResetTime, changes you make to the value of the csyScheduledResetAction object are accepted, but the new reset type does not take effect unless you set the csyScheduledResetTime again. The possible workarounds for this problem are as follows:
–Always set the csyScheduledResetAction object before setting the csyScheduledResetTime object when you configure the scheduled reset feature through SNMP.
–If you need to change the csyScheduledResetAction object, you have to reset the csyScheduledResetTime object afterwards.
This problem occurs when you configure the scheduled reset time through the SNMP MIB object, but does not occur when scheduling the reset time through the CLI. (CSCdp86609)
•If you accidentally create a router interface (for example, an interface created on the MSFC) for a secondary VLAN, and then delete it, Layer 3 traffic on the secondary VLAN might be dropped. If you accidentally create a router interface for a secondary VLAN, do not delete the interface until the corresponding VLAN on the switch is also cleared. Otherwise, the only workaround (other than resetting the whole switch) is to clear the VLAN on the switch (the corresponding interface on the MSFC should be already missing), and then enter the set vlan and set pvlan commands to set up the VLAN. This, unfortunately, might require that the ports assigned to that VLAN be moved temporarily to another VLAN. (CSCdp75819)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For the packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.4(4a)
This section describes resolved caveats in supervisor engine software release 5.4(4a).
•An error can occur with management protocol processing. Use the following URL for further information:
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdw67458
This problem is resolved in software release 5.4(4a). (CSCdw67458)
Open and Resolved Caveats in Software Release 5.4(4)
This section describes open and resolved caveats in supervisor engine software release 5.4(4).
Open Caveats in Software Release 5.4(4)
This section describes open caveats in supervisor engine software release 5.4(4).
•You might experience an out-of-memory condition on the active or standby supervisor engine when performing a large number of commit/clear operations in quick succession on QoS ACLs and VACLs with a large number of ACEs. (CSCdr64288, CSCdr59094, CSCdr60993)
•When the host from a dynamic VLAN port pings the switch sc0 interface in a different VLAN (so the ping has to go through the MSFC), the port that the host is attached to might get disabled by an EARL failure. The workaround is to use static VLANs for the host port or access sc0 from the same VLAN. (CSCdr67201)
•The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
•For normal UDLD, the recommended message interval is 15 seconds. Caveat CSCdr50206 requires that you follow these configuration recommendations:
–We recommend that you do not use UDLD with the ON - AUTO trunk combination. UDLD can be used with any other valid trunk combination.
–When enabling aggressive UDLD, the recommended message interval is 30 seconds; beware that it might shut down the port on a link where there is an extended period of trunk state mismatch on two sides of the link, especially when the supervisor engine is significantly loaded. (CSCdr50206)
•In rare corner cases, during a fast switchover of the supervisor engines, some of the unconnected ports on an Ethernet module might light up green as if connected and the software reports that the ports are connected and in spanning tree forwarding state. The workaround to clear the port's undefined state, is to reset the module. (CSCdp83157).
•Occasionally, after a high availability switchover, when you enter any of the show qos commands, you might receive incorrect output about the QoS/COPS ACL mappings. Your output might show that your switch has no QoS/COPS ACL mappings when the ACLs are actually in the hardware. This applies with either COPS or locally configured ACLs (IP, IPX, MAC) and policers. This condition continues until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy, or until the local QoS configuration is reinstalled in the CLI output structures. (CSCdp45099)
•QoS ACLs might not be mapped correctly to ATM modules. An attempt to map a QoS IP ACL to an ATM module appears to succeed. However, the ACL might not be mapped correctly causing traffic coming in from the ATM module to not get the correct QoS classification/policing decision. (CSCdr57771)
•The QoS CoS DSCP map cannot be currently downloaded via COPS. The locally defined cos-dscp map is used instead when the QoS policy-source of the switch is set to COPS. (CSCdr38648)
•The show cops pib command might cause the switch to reset if COPS is used. (CSCdr52849)
•Occasionally, after a topology change, a port might be stuck in a blocking state with a point-to-point trunk blocking on both sides of a VLAN. The port might get stuck in the blocking state although it is not seeing any BPDUs. (CSCdr56738) (CSCdr69299 - duplicate of CSCdr56738)
•After you configure the scheduled reset time through SNMP MIB object csyScheduledResetTime, changes you make to the value of the csyScheduledResetAction object are accepted, but the new reset type does not take effect unless you set the csyScheduledResetTime again. The possible workarounds for this problem are as follows:
–Always set the csyScheduledResetAction object before setting the csyScheduledResetTime object when you configure the scheduled reset feature through SNMP.
–If you need to change the csyScheduledResetAction object, you have to reset the csyScheduledResetTime object afterwards.
This problem occurs when you configure the scheduled reset time through the SNMP MIB object, but does not occur when scheduling the reset time through the CLI. (CSCdp86609)
•If you accidentally create a router interface (for example, an interface created on the MSFC) for a secondary VLAN, and then delete it, Layer 3 traffic on the secondary VLAN might be dropped. If you accidentally create a router interface for a secondary VLAN, do not delete the interface until the corresponding VLAN on the switch is also cleared. Otherwise, the only workaround (other than resetting the whole switch) is to clear the VLAN on the switch (the corresponding interface on the MSFC should be already missing), and then enter the set vlan and set pvlan commands to set up the VLAN. This, unfortunately, might require that the ports assigned to that VLAN be moved temporarily to another VLAN. (CSCdp75819)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For the packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.4(4)
This section describes resolved caveats in supervisor engine software release 5.4(4).
•For normal UDLD, the recommended message interval is 15 seconds. Caveat CSCdr50206 requires that you follow these configuration recommendations:
–We recommend that you do not use UDLD with the ON - AUTO trunk combination. UDLD can be used with any other valid trunk combination.
–When enabling aggressive UDLD, the recommended message interval is 30 seconds; beware that it might shut down the port on a link where there is an extended period of trunk state mismatch on two sides of the link, especially when the supervisor engine is significantly loaded. This problem is resolved in software release 5.4(4). (CSCdr50206)
•IGMP snooping does not relearn multicast router ports after a switchover. Only disabling and reenabling IGMP makes the router ports appear properly. This problem is resolved in software release 5.4(4). (CSCdp25436)
•When spanning tree is disabled in a VLAN, BPDUs are forwarded out on the same ATM interface on which they are received. This problem is resolved in software release 5.4(4). (CSCdr49743)
•The UDLD status between Catalyst 6000 family switches and Catalyst 6500 series switches in a large network might exhibit inconsistent behavior. Some links might show as "undetermined" on one or both sides, even though both sides are enabled and are passing UDLD packets. This problem is resolved in software release 5.4(4). (CSCdr52866)
•Using cut-and-paste during an inbound or outbound Telnet session might cause some characters to become lost and the Telnet session to hang. This problem is resolved in software release 5.4(4). (CSCdr40184)
Open and Resolved Caveats in Software Release 5.4(3)
This section describes open and resolved caveats in supervisor engine software release 5.4(3).
Open Caveats in Software Release 5.4(3)
This section describes open caveats in supervisor engine software release 5.4(3).
•When an SNMP agent attempts to modify VLAN parameters (state, MTU, etc.), the attempt might fail with vtpVlanApplyStatus = someOtherError in the SNMP response from the switch. This is due to an inconsistency in the default Token Ring VLAN configuration in the VTP database with VTP V2 enabled. The workaround for this problem is to disable and then reenable VTP V2. (CSCdr56164)
Note CSCdr56164 has not been seen in later releases.
•You might experience an out-of-memory condition on the active or standby supervisor engine when performing a large number of commit/clear operations in quick succession on QoS ACLs and VACLs with a large number of ACEs. (CSCdr64288, CSCdr59094, CSCdr60993)
•When the host from a dynamic VLAN port pings the switch sc0 interface in a different VLAN (so the ping has to go through the MSFC), the port that the host is attached to might get disabled by an EARL failure. The workaround is to use static VLANs for the host port or access sc0 from the same VLAN. (CSCdr67201)
•The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
•For normal UDLD, the recommended message interval is 15 seconds. Caveat CSCdr50206 requires that you follow these configuration recommendations:
–We recommend that you do not use UDLD with the ON - AUTO trunk combination. UDLD can be used with any other valid trunk combination.
–When enabling aggressive UDLD, the recommended message interval is 30 seconds; beware that it might shut down the port on a link where there is an extended period of trunk state mismatch on two sides of the link, especially when the supervisor engine is significantly loaded. (CSCdr50206)
•In rare corner cases, during a fast switchover of the supervisor engines, some of the unconnected ports on an Ethernet module might light up green as if connected and the software reports that the ports are connected and in spanning tree forwarding state. The workaround to clear the port's undefined state, is to reset the module. (CSCdp83157).
•Occasionally, after a high availability switchover, when you enter any of the show qos commands, you might receive incorrect output about the QoS/COPS ACL mappings. Your output might show that your switch has no QoS/COPS ACL mappings when the ACLs are actually in the hardware. This applies with either COPS or locally configured ACLs (IP, IPX, MAC) and policers. This condition continues until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy, or until the local QoS configuration is reinstalled in the CLI output structures. (CSCdp45099)
•QoS ACLs might not be mapped correctly to ATM modules. An attempt to map a QoS IP ACL to an ATM module appears to succeed. However, the ACL might not be mapped correctly causing traffic coming in from the ATM module to not get the correct QoS classification/policing decision. (CSCdr57771)
•The QoS CoS DSCP map cannot be currently downloaded via COPS. The locally defined cos-dscp map is used instead when the QoS policy-source of the switch is set to COPS. (CSCdr38648)
•The show cops pib command might cause the switch to reset if COPS is used. (CSCdr52849)
•The set/clear cops domain-name commands might close Telnet sessions to the supervisor engine. When the set cops domain-name command is run over a Telnet session to the supervisor engine, the Telnet session might get terminated with a "connection lost" message. This could also happen with commands such as set qos enable/disable or set/clear port cops roles if the QoS policy source is set to COPS. (CSCdr54368)
Note CSCdr54368 has not been seen in later releases.
•Occasionally, after a topology change, a port might be stuck in a blocking state with a point-to-point trunk blocking on both sides of a VLAN. The port might get stuck in the blocking state although it is not seeing any BPDUs. (CSCdr56738) (CSCdr69299 - duplicate of CSCdr56738)
•After you configure the scheduled reset time through the SNMP MIB object csyScheduledResetTime, changes you make to the value of the csyScheduledResetAction object are accepted, but the new reset type does not take effect unless you set the csyScheduledResetTime again. The possible workarounds for this problem are as follows:
–Always set the csyScheduledResetAction object before setting the csyScheduledResetTime object when you configure the scheduled reset feature through SNMP.
–If you need to change the csyScheduledResetAction object, you have to reset the csyScheduledResetTime object afterwards.
This problem occurs when you configure the scheduled reset time through SNMP MIB object, but does not occur when scheduling the reset time through the CLI. (CSCdp86609)
•If you accidentally create a router interface (for example, an interface created on the MSFC) for a secondary VLAN, and then delete it, Layer 3 traffic on the secondary VLAN might be dropped. If you accidentally create a router interface for a secondary VLAN, do not delete the interface until the corresponding VLAN on the switch is also cleared. Otherwise, the only workaround (other than resetting the whole switch) is to clear the VLAN on the switch (the corresponding interface on the MSFC should be already missing), and then enter the set vlan and set pvlan commands to set up the VLAN. This, unfortunately, might require that the ports assigned to that VLAN be moved temporarily to another VLAN. (CSCdp75819)
•The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For the packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
Resolved Caveats in Software Release 5.4(3)
This section describes resolved caveats in supervisor engine software release 5.4(3).
•When you insert a QoS-capable module below any module that is not QoS capable (except the ATM module), attempts to set one of the ports to port-based QoS fails and you receive a port busy error message. Modules that are not QoS capable are as follows:
–MSM
–FlexWAN
–NAM
This problem is resolved in software release 5.4(3). (CSCdr44006)
•Under certain conditions, the error message "QosSetVlanAcl Error" with a non-existent aclName appears. This problem is resolved in software release 5.4(3). (CSCdr29292)
•After a reset, the MSFC does not see IGMP packets until IGMP is disabled and then reenabled. This problem is resolved in software release 5.4(3). (CSCdr44200)
•Systems might reset with an exception if the SNMP PDU size is more than 1300 bytes. This problem exists in software releases 5.4(1) and 5.4(2). This problem is resolved in software release 5.4(3). (CSCdr33785)
•UplinkFast transitions and Serial Communications Protocol (SCP) messages are sent in incorrect order. During an UplinkFast transition, this could cause both the old and new root ports to be in FORWARDING state, creating the potential for spanning tree loops. This problem is resolved in software release 5.4(3). (CSCdr39668)
•If all the non-admin physical ports of EtherChannel sources become inactive (due to link down or disabled) in a PSPAN session, the ports are not removed from portCopyTable resulting in incorrect display of SPAN configuration through SNMP while CLI displays correct configuration. The only way to fix the problem is to reset the switch. This problem is resolved in software release 5.4(3). (CSCdr33492)
•After downloading the new LCP firmware image, the supervisor engine does not reboot. This problem is resolved in software release 5.4(3). (CSCdr11407)
•The show system command Sys-Status field shows "other" after a switchover to the redundant supervisor engine. This problem is resolved in software release 5.4(3). (CSCdr17119)
•In systems with redundant supervisor engines (PFCs) and high availability and QoS enabled, the TCAM utilization is not a problem with IP, IPX, and MAC QoS ACLs configured and mapped to ports. However, after the high availability switchover occurs, there are multiple TCAM FULL syslog messages. This problem is resolved in software release 5.4(3). (CSCdr14917)
•QoS ACLs are cleared on Gigabit EtherChannel ports after a high availability switchover. This behavior was observed in the following configuration: Redundant supervisor engines (PFCs), high availability and QoS enabled, and COPS as the policy source.
There is a four-port Gigabit EtherChannel formed using the four supervisor engine uplink ports. There are local IPX and MAC ACLs mapped to these ports as well as the COPS IP ACL. A high availability switchover is performed and after ports on module 1 rejoin the four-port Gigabit EtherChannel, the reset 1 command is issued. When the ports on module 1 come back up, they join a two-port channel (1/1-2). A show port qos for module 2 shows no runtime ACLs and the runtime setting as VLAN-based. This problem is resolved in software release 5.4(3). (CSCdr18818)
•The IEEE llc registration entries are removed if the last.1q trunk port goes down and only one spanning tree is disabled. The problem will happen even if all spanning trees are disabled except one. In this case, the llc entries should be removed only if all spanning trees are disabled. This problem is resolved in software release 5.4(3). (CSCdr47799)
•When an EtherChannel is configured between two switches and the Spanning Tree Protocol is disabled, under some circumstances (such as a reboot or the presence of a lot of broadcasts on the sc0 VLAN), the EtherChannel might take a long time to come up. The workaround is to enable the Spanning Tree Protocol. This problem is resolved in software release 5.4(3). (CSCdr16565)
•In systems with redundant supervisor engines/MSFCs, reloading the active MSFC causes the other MSFC to take control of the FlexWAN module ports. However, after the new active MSFC come online, either one or both FlexWAN module ports are stuck in the "Down" state. The workaround is to power cycle the FlexWAN module. This problem is resolved in software
release 5.4(3). (CSCdr16997)
•Invalid IPX Protocol for IPX NetBIOS. The following example shows an error output for the IPX NetBIOS protocol option, although it appears as a valid option in "help" and "?" displays.
Console> (enable) set qos acl ipx ipxedit dscp 24 netbios any any
The NetBIOS option was removed from the "help" and "?" displays. This problem is resolved in software release 5.4(3). (CSCdr29619)
•An example of this problem follows: You enter a large number of ACLs and map them to interface VLAN 4, but receive an error message:
Cannot configure more than 9 logical operators (gt, lt, neq, range) in an IP ACL.
Failed to map VLAN 4 to ACL vlan4
Hardware supports up to nine Layer 4 operators for each interface, two are reserved for fragment handling, so essentially, only seven are supported. When an ACL uses up the maximum number of supported Layer 4 operators, each subsequent ACE that needs more Layer 4 operators is expanded into an equivalent set of ACEs. A problem in the software caused the expansion logic from being called. This problem is resolved in software release 5.4(3). (CSCdr33104)
•In systems with redundant supervisor engines/MSFCs, if a TCAM update fails immediately after an MSFC switchover, the switch might reboot with a TLB exception in the ACL Manager. This problem is resolved in software release 5.4(3). (CSCdp88904)
•In a shared media environment, the UDLD detection mechanism might get stuck if there are concurrent linkup/link down events. This problem is resolved in software release 5.4(3). (CSCdp97787)
•Improper format of the snmpEngineID. The snmpEngineID should be 12 bytes instead of
10 bytes.
When you upgrade from 5.4(1) or 5.4(2) to 5.4(3), 5.5(1) and newer software releases, the local snmpEngineID will automatically be converted from 10 bytes to 12 bytes if there is no local user configured in usmUserTable.
If there are any local users in the usmUserTable, the 10-byte snmpEngineID will still remain unless you do one of the following:
–Delete all the local users from usmUserTable and then reset the system.
–Issue the clear config snmp or clear config all commands.
This problem is resolved in software release 5.4(3). (CSCdr22335)
•When DSBM is enabled, the RSVP task calls the QoS task to set the port to do port-based QoS. However, the QoS task also attaches the CLI-configured ACL to the port, which removes any attached COPS ACL. This problem is resolved in software release 5.4(3). (CSCdr31596)
•In systems with redundant supervisor engines (PFCs) and high availability enabled, when you reset the system and then disable high availability, the standby supervisor engine might have a watchdog timeout. This problem is resolved in software release 5.4(3). (CSCdr32438)
•When several qos enable and qos disable commands are issued from within two different CLI processes (the console and a telnet session), there might be race conditions that cause a new enable/disable event to be processed before the previous one is completely finished. This causes an Assertion "head != NULL" failed .... assertion. This problem is resolved in software release 5.4(3). (CSCdr20448)
•The clear config all command does not clear a port's UDLD configuration. For example, UDLD and aggressive UDLD are enabled on port 3/3. After clearing the system configuration and enabling system wide UDLD, port 3/3 UDLD shows enabled (show udld port 3/3). The clear config all command should have set the port UDLD to disable. This problem is resolved in software release 5.4(3). (CSCdr35885)
•In a network where you have multicast senders and receivers in the same VLAN, if you apply an input IOS ACL on the MSFC to deny multicast traffic, the access list will be honored in software. However, the system is not able to drop them in hardware. This might cause high CPU utilization on the MSFC if there is a lot of multicast traffic coming from the sender. The workaround is to have senders and receivers in different VLANs, in which case MMLS and MFD (multicast fast drop) can be used to drop the multicast traffic before it hits the CPU. This problem is resolved in software release 5.4(3). (CSCdr34122)
•A failed mapping on the MSFC can cause runtime and NVRAM to be out of synchronization. This problem is resolved in software release 5.4(3). (CSCdr23372)
•There might be inconsistent private VLAN mappings between the supervisor engine and the MSFC. The show pvlan mapping command display on the switch might be inconsistent with what is displayed on the router using the show pvlan command. This problem is resolved in software release 5.4(3). (CSCdr45633)
•A private VLAN was deleted to enable GVRP, but GVRP still thinks the private VLAN exists. This problem might happen when a VLAN type is changed from primary, community, or isolated to none. In this case the VLAN was still considered to be part of a private VLAN, so VTP and GVRP could not be enabled. This problem is resolved in software release 5.4(3). (CSCdr35470)
•When you have two switches connected by link A and link B:
link A
SW-1(VTP client) ----------------------- SW-2(VTP server)
| |
--------------------------------
link B
If link A and link B are dot1q trunks and both SW-1 and SW-2 are reset at the same time, there could be a loop in the topology due to a race condition. The workaround is to disable and enable the links after both the systems come up. This problem is resolved in software release 5.4(3). (CSCdr33260)
•A port security bug was allowing traffic from VLANs 1 to 255 to be passed; the rest was getting dropped. This problem is resolved in software release 5.4(3). (CSCdr22508)
•Protocol Independent Multicast (PIM) Hello messages might be suppressed in PIM v1v2 mode. This problem happens only when routers are in PIM v1v2 mode; in this mode, they send odd length PIM packets. The IGMP snooping checksum algorithm was calculating the checksum incorrectly for odd length packets and dropping these packets in the software after capturing them. This caused the routers to time out their PIM neighbors. This problem is resolved in software release 5.4(3). (CSCdr25218)
•When trying to set ifAdminStatus to an invalid value, the SNMP agent might return "noAccess" instead of "wrongValue" and the ATM module might be reset. This problem is resolved in software release 5.4(3). (CSCdr39530)
•The switch might reboot with a breakpoint exception when the set qos acl map command is used. This problem is resolved in software release 5.4(3). (CSCdr45906)
•The switch might reboot with a TLB exception when using the set mls statistics protocol command with a very large protocol number string. This problem is resolved in software
release 5.4(3). (CSCdr43793)
•UDLD enhancements including an aggressive UDLD mode have been added to software release 5.3(4) and later releases. For more information, see the "Features for Supervisor Engine Software Release 5.4" section. This problem is resolved in software release 5.4(3). (CSCdp69036)
•The system time is reduced by 1 hour every time you issue the clear config all command. This problem is only in release 5.4(2). The following message will display when the time changes:
2000 May 04 05:43:22 %SYS-5-SYS_TIMECHNG:System time has changed due to summertime
This problem is resolved in software release 5.4(3). (CSCdr41909)
•In software release 5.4(1) and later, for authentication retries, TACACS+ prompts for a password only but not for a username. This problem is resolved in software release 5.4(3). (CSCdr44356)
•After closing a Telnet session, the switch still shows the session as open. Using the disconnect ip_address command to disconnect a user and manually close the session does not close the session. This problem is resolved in software release 5.4(3). (CSCdp33649)
•The show TopN utility reports errors on trunk ports when no errors occurred. This problem is resolved in software release 5.4(3). (CSCdr23551)
•When a module with no NVRAM is disabled and then brought back online, the administrative group used by the module ports might be shared with ports on another module. This could cause a system reset since bundling ports across modules is not supported. This problem is resolved in software release 5.4(3). (CSCdr25839)
Open and Resolved Caveats in Software Release 5.4(2a)
This section describes open and resolved caveats in supervisor engine software release 5.4(2a).
Open Caveats in Software Release 5.4(2a)
This section describes open caveats in supervisor engine software release 5.4(2a).
•You might experience an out-of-memory condition on the active or standby supervisor engine when performing a large number of commit/clear operations in quick succession on QoS ACLs and VACLs with a large number of ACEs. (CSCdr64288, CSCdr59094, CSCdr60993)
•The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
•When the host from a dynamic VLAN port pings the switch sc0 interface in a different VLAN (so the ping has to go through the MSFC), the port that the host is attached to might get disabled by an EARL failure. The workaround is to use static VLANs for the host port or access sc0 from the same VLAN. (CSCdr67201)
•In rare corner cases, during a fast switchover of the supervisor engines, some of the unconnected ports on an Ethernet module might light up green as if connected and the software reports that the ports are connected and in spanning tree forwarding state. The workaround to clear the port's undefined state, is to reset the module. (CSCdp83157).
•Occasionally, af
