Guest

Cisco Catalyst 6000 Series Switches

Release Notes for Catalyst 6500 Series Software Release 8.x

 Feedback

Table Of Contents

Release Notes for Catalyst 6500 Series Software Release 8.x

Contents

Release 8.x DRAM Memory Requirements

Boot ROM (ROMMON) Requirements

Upgrading the Boot ROM

Supervisor Engine Bootflash

Redundant Supervisor Engine Configurations

Product and Software Release Matrix

Supervisor Engines

Policy Feature Cards

Switch Fabric Modules

Small Form-Factor Pluggable Modules (SFPs)

10-Gigabit Ethernet Switching Modules

XENPAKs

Gigabit Ethernet Switching Modules

Gigabit Interface Converters (GBICs)

Fast Ethernet Switching Modules

Ethernet/Fast Ethernet (10/100) Switching Modules

Ethernet Switching Modules

Power Over Ethernet Daughter Cards

Voice Modules

FlexWAN Module

Optical Services Modules

Service Modules

ATM Modules

Multilayer Switch Module

Power Supplies

Fan Trays

Modular Chassis

Unsupported Hardware

Orderable Software Images

Software Image Version Compatibility

Catalyst 6500 Series Features

Features for Supervisor Engine Software Release 8.7

Software Release 8.7 Hardware Features

Software Release 8.7 Software Features

Software Release 8.7 Unsupported Software Features

Features for Supervisor Engine Software Release 8.6

Software Release 8.6 Hardware Features

Software Release 8.6 Software Features

Software Release 8.6 Unsupported Software Features

Features for Supervisor Engine Software Release 8.5

Software Release 8.5 Hardware Features

Software Release 8.5 Software Features

Software Release 8.5 Unsupported Software Features

Features for Supervisor Engine Software Release 8.4

Software Release 8.4 Hardware Features

Software Release 8.4 Software Features

Software Release 8.4 Unsupported Software Features

Features for Supervisor Engine Software Release 8.3

Software Release 8.3 Hardware Features

Software Release 8.3 Software Features

Software Release 8.3 Unsupported Software Features

Features for Supervisor Engine Software Release 8.2

Software Release 8.2 Hardware Features

Software Release 8.2 Software Features

Software Release 8.2 Unsupported Software Features

Features for Supervisor Engine Software Release 8.1

Software Release 8.1 Hardware Features

Software Release 8.1 Software Features

Software Release 8.1 Unsupported Software Features

Features for Supervisor Engine Software Releases 7.1 Through 7.6

Features for Supervisor Engine Software Releases 6.1 Through 6.4

Features for Supervisor Engine Software Releases 5.1 Through 5.5

Usage Guidelines and Restrictions

System and Supervisor Engine

Modules and Switch Ports

SFP, XENPAK, and GBIC Behavior

EtherChannel

Quality of Service

Automatic Quality of Service with Cisco IP Phones

Multicast

IGMP Version 3 with MMLS

Spanning Tree

Access Control

High Availability

Multilayer Switching

MIBs

VLANs, VTP, MVRP, and VLAN Trunks

Scalability Data for MVRP

Authentication, Authorization, and Accounting

TDR

Auto-MDI/MDIX

Bidirectional PIM

Binary and Text File Configuration Modes

Binary Configuration Mode

Text File Configuration Mode

802.1X Authentication

NetFlow Data Export

Network Admission Control

Connectivity Fault Management

Scalability Data for Connectivity Fault Management and Alarm Indication Signal

CiscoView

Open and Resolved Caveats in Software Release 8.7(3)

Open Caveats in Software Release 8.7(3)

Resolved Caveats in Software Release 8.7(3)

Open and Resolved Caveats in Software Release 8.7(2)

Open Caveats in Software Release 8.7(2)

Resolved Caveats in Software Release 8.7(2)

Open and Resolved Caveats in Software Release 8.7(1)

Open Caveats in Software Release 8.7(1)

Resolved Caveats in Software Release 8.7(1)

Open and Resolved Caveats in Software Release 8.6(6)

Open Caveats in Software Release 8.6(6)

Resolved Caveats in Software Release 8.6(6)

Open and Resolved Caveats in Software Release 8.6(5)

Open Caveats in Software Release 8.6(5)

Resolved Caveats in Software Release 8.6(5)

Open and Resolved Caveats in Software Release 8.6(4)

Open Caveats in Software Release 8.6(4)

Resolved Caveats in Software Release 8.6(4)

Open and Resolved Caveats in Software Release 8.6(3)

Open Caveats in Software Release 8.6(3)

Resolved Caveats in Software Release 8.6(3)

Open and Resolved Caveats in Software Release 8.6(2)

Open Caveats in Software Release 8.6(2)

Resolved Caveats in Software Release 8.6(2)

Open and Resolved Caveats in Software Release 8.6(1)

Open Caveats in Software Release 8.6(1)

Resolved Caveats in Software Release 8.6(1)

Open and Resolved Caveats in Software Release 8.5(9)

Open Caveats in Software Release 8.5(9)

Resolved Caveats in Software Release 8.5(9)

Open and Resolved Caveats in Software Release 8.5(8)

Open Caveats in Software Release 8.5(8)

Resolved Caveats in Software Release 8.5(8)

Open and Resolved Caveats in Software Release 8.5(7)

Open Caveats in Software Release 8.5(7)

Resolved Caveats in Software Release 8.5(7)

Open and Resolved Caveats in Software Release 8.5(6)

Open Caveats in Software Release 8.5(6)

Resolved Caveats in Software Release 8.5(6)

Open and Resolved Caveats in Software Release 8.5(5)

Open Caveats in Software Release 8.5(5)

Resolved Caveats in Software Release 8.5(5)

Open and Resolved Caveats in Software Release 8.5(4)

Open Caveats in Software Release 8.5(4)

Resolved Caveats in Software Release 8.5(4)

Open and Resolved Caveats in Software Release 8.5(3)

Open Caveats in Software Release 8.5(3)

Resolved Caveats in Software Release 8.5(3)

Open and Resolved Caveats in Software Release 8.5(2)

Open Caveats in Software Release 8.5(2)

Resolved Caveats in Software Release 8.5(2)

Open and Resolved Caveats in Software Release 8.5(1)

Open Caveats in Software Release 8.5(1)

Resolved Caveats in Software Release 8.5(1)

Open and Resolved Caveats in Software Release 8.4(6)

Open Caveats in Software Release 8.4(6)

Resolved Caveats in Software Release 8.4(6)

Open and Resolved Caveats in Software Release 8.4(5)

Open Caveats in Software Release 8.4(5)

Resolved Caveats in Software Release 8.4(5)

Open and Resolved Caveats in Software Release 8.4(4)

Open Caveats in Software Release 8.4(4)

Resolved Caveats in Software Release 8.4(4)

Open and Resolved Caveats in Software Release 8.4(3)

Open Caveats in Software Release 8.4(3)

Resolved Caveats in Software Release 8.4(3)

Open and Resolved Caveats in Software Release 8.4(2a)

Open Caveats in Software Release 8.4(2a)

Resolved Caveats in Software Release 8.4(2a)

Open and Resolved Caveats in Software Release 8.4(2)

Open Caveats in Software Release 8.4(2)

Resolved Caveats in Software Release 8.4(2)

Open and Resolved Caveats in Software Release 8.4(1)

Open Caveats in Software Release 8.4(1)

Resolved Caveats in Software Release 8.4(1)

Open and Resolved Caveats in Software Release 8.3(7)

Open Caveats in Software Release 8.3(7)

Resolved Caveats in Software Release 8.3(7)

Open and Resolved Caveats in Software Release 8.3(6)

Open Caveats in Software Release 8.3(6)

Resolved Caveats in Software Release 8.3(6)

Open and Resolved Caveats in Software Release 8.3(5)

Open Caveats in Software Release 8.3(5)

Resolved Caveats in Software Release 8.3(5)

Open and Resolved Caveats in Software Release 8.3(4)

Open Caveats in Software Release 8.3(4)

Resolved Caveats in Software Release 8.3(4)

Open and Resolved Caveats in Software Release 8.3(3)

Open Caveats in Software Release 8.3(3)

Resolved Caveats in Software Release 8.3(3)

Open and Resolved Caveats in Software Release 8.3(2)

Open Caveats in Software Release 8.3(2)

Resolved Caveats in Software Release 8.3(2)

Open and Resolved Caveats in Software Release 8.3(1)

Open Caveats in Software Release 8.3(1)

Resolved Caveats in Software Release 8.3(1)

Open and Resolved Caveats in Software Release 8.2(2)

Open Caveats in Software Release 8.2(2)

Resolved Caveats in Software Release 8.2(2)

Open and Resolved Caveats in Software Release 8.2(1)

Open Caveats in Software Release 8.2(1)

Resolved Caveats in Software Release 8.2(1)

Open and Resolved Caveats in Software Release 8.1(3)

Open Caveats in Software Release 8.1(3)

Resolved Caveats in Software Release 8.1(3)

Open and Resolved Caveats in Software Release 8.1(2)

Open Caveats in Software Release 8.1(2)

Resolved Caveats in Software Release 8.1(2)

Open and Resolved Caveats in Software Release 8.1(1)

Open Caveats in Software Release 8.1(1)

Resolved Caveats in Software Release 8.1(1)

Catalyst Software Image Upgrade Procedure

Troubleshooting

System Troubleshooting

Module Troubleshooting

VLAN Troubleshooting

STP Troubleshooting

Related Documentation

Notices

OpenSSL/Open SSL Project

License Issues


Release Notes for Catalyst 6500 Series Software Release 8.x


Current Releases
8.7(3)—September 11, 2009
Previous Releases: 8.7(2), 8.7(1), 8.6(6), 8.6 (5), 8.6(4), 8.6 (3), 8.6(2), 8.6(1), 8.5(9), 8.5(8), 8.5(7), 8.5(6), 8.5(5), 8.5(4), 8.5(3), 8.5(2), 8.5(1), 8.4(6), 8.4(5), 8.4(4), 8.4(3), 8.4(2a), 8.4(2), 8.4(1), 8.3(7), 8.3(6), 8.3(5), 8.3(4), 8.3(3), 8.3(2), 8.3(1), 8.2(2), 8.2(1), 8.1(3), 8.1(2), 8.1(1)


Caution Due to a compatibility issue between Supervisor Engine 32 hardware version 1.2 and Catalyst software releases prior to release 8.4(4) and MSFC2A Cisco IOS Releases prior to Release 12.2(17d)SXB9, you need to verify your Supervisor Engine 32 hardware version, and if necessary, take the appropriate action as described in the following paragraphs.

For Supervisor Engine 32 (WS-SUP32-GE-3B and WS-SUP32-10GE-3B), if the hardware version is 1.2, you must run software release 8.4(4) and later releases on the supervisor engine and Cisco IOS Release 12.2(17d)SXB9 and later releases on the MSFC2A. To determine the hardware version, enter the show module command and note the hardware (Hw) version for the supervisor engine.

When Supervisor Engine 32 with hardware version 1.2 is running software release 8.4(4) or later, if the MSFC2A image is not Cisco IOS Release 12.2(17d)SXB9 or later, the MSFC2A is placed in the "other" state and the following message is displayed on the supervisor engine:

%SYS-1-MOD_MSFC_FAILONLINE:MSFC Module 16 FAILED to come ONLINE
2005 Apr 21 01:31:46 %SYS-1-MOD_MSFC_INCOMPATIBLEIMAGE:MSFC Module 16
Image Upgrade Required to support Inband Port ASIC present in System

To correct this problem, you must upgrade the MSFC2A to Cisco IOS Release 12.2(17d)SXB9 and later releases.

Note that in redundant systems, if one Supervisor Engine 32 is hardware version 1.2, the other Supervisor Engine 32 must also be hardware version 1.2 and both supervisor engines must be running software release 8.4(4) or later on the supervisor engine and Cisco IOS release 12.2(17d)SXB9 or later on the MSFC2A.


Caution With software release 8.3(1), we recommend that you run Cisco IOS Release 12.2(17d)SXB1 on the Supervisor Engine 720/MSFC3. It is mandatory that you run Cisco IOS Release 12.2(17d)SXB1 if you plan on using any of the following software release 8.3(1) features: Bidirectional PIM, Policy Feature Card 3BXL, IGMP version 3 snooping with Multicast Multilayer Switching (MMLS), or Gateway Load Balancing Protocol (GLBP).

For Cisco IOS Release requirements for all supervisor engines and modules, see the "Release Notes for Cisco IOS on the MSFC" section at this URL: http://www.cisco.com/en/US/products/hw/switches/ps708/prod_release_notes_list.html


Caution Support for Optical Services Modules (OSMs) and the FlexWAN module in systems with Supervisor Engine 2 running software release 8.1(1) and later releases requires Cisco IOS Release 12.1(19)E and later releases. OSMs are only supported with Supervisor Engine 2; they are not supported with any other supervisor engine. Support for the FlexWAN module in systems with Supervisor Engine 1 and Supervisor Engine 2 running software release 8.1(1) and later releases requires Cisco IOS Release 12.1(19)E and later releases. Support for the FlexWAN module in systems with Supervisor Engine 720 running software release 8.2(1) and later releases requires Cisco IOS Release 12.2(14)SX2 and later releases.

Also note that with software release 8.1(1) and later releases you need to use the Cisco IOS Release 12.1(13)E4 or later version bootloader on the MSFC/MSFC2 to boot a Cisco IOS image reliably from sup-slot0 or sup-bootflash. The Cisco IOS Release 12.1(19)E train bootloader, or bootloaders earlier than Cisco IOS Release 12.1(13)E4, do not support booting the MSFC/MSFC2 from sup-slot0 or sup-bootflash due to caveats CSCeb36759, CSCdz60980, and/or CSCdz31321.

For a complete list of OSMs supported with Catalyst software, see the "Optical Services Modules" section.


Caution The MSFC3 on Supervisor Engine 720 requires Cisco IOS Release 12.2(14)SX2 and later releases.


Caution The 12.2(14r)S9 MSFC3 ROMMON software upgrade is required if you plan to run Catalyst software release 8.1(x) on Supervisor Engine 720 and Cisco IOS software on the MSFC3. For information on the 12.2(14r)S9 MSFC3 ROMMON software upgrade procedure, refer to this URL:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/rommon/OL_4497.html


Caution If stateful switchover (SSO) is enabled on the MSFC, you must enable high availability on the supervisor engine before upgrading to supervisor engine software release 8.5(1) and later releases. Use the set system highavailability enable command to enable high availability on the supervisor engine. For detailed information on configuring SSO on the MSFC, refer to the "Configuring NSF with SSO MSFC Redundancy" chapter of the Catalyst 6500 Series Software Configuration Guide at this URL:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/nde.html


Caution The Supervisor Engines 1 and 1A are not supported in Catalyst software release 8.5(4) or later releases. For more information, refer to Product Bulletin No. 2595 at this URL:

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_end-of-life_notice0900aecd8017a5d1.html


Caution The Supervisor Engine 2 is not supported in Catalyst software release 8.6(5) or later releases. For more information, refer to Product Bulletin No. 1031 at this URL:

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_end-of-life_notice0900aecd80423d31.html


Note Cisco IOS Release 12.2(18)SXF includes features that require Catalyst software release 8.5(1). For details, refer to the Release Notes for Cisco IOS Release 12.2 SX on the Catalyst 6500 Series MSFC at this URL:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/hybrid/release/notes/ol_4563.html


Contents

This document consists of these sections:

Release 8.x DRAM Memory Requirements

Boot ROM (ROMMON) Requirements

Upgrading the Boot ROM

Supervisor Engine Bootflash

Redundant Supervisor Engine Configurations

Product and Software Release Matrix

Unsupported Hardware

Orderable Software Images

Software Image Version Compatibility

Catalyst 6500 Series Features

Usage Guidelines and Restrictions

Open and Resolved Caveats in Software Release 8.7(3)

Open and Resolved Caveats in Software Release 8.7(2)

Open and Resolved Caveats in Software Release 8.7(1)

Open and Resolved Caveats in Software Release 8.6(6)

Open and Resolved Caveats in Software Release 8.6(5)

Open and Resolved Caveats in Software Release 8.6(4)

Open and Resolved Caveats in Software Release 8.6(3)

Open and Resolved Caveats in Software Release 8.6(2)

Open and Resolved Caveats in Software Release 8.6(1)

Open and Resolved Caveats in Software Release 8.5(9)

Open and Resolved Caveats in Software Release 8.5(8)

Open and Resolved Caveats in Software Release 8.5(7)

Open and Resolved Caveats in Software Release 8.5(6)

Open and Resolved Caveats in Software Release 8.5(5)

Open and Resolved Caveats in Software Release 8.5(4)

Open and Resolved Caveats in Software Release 8.5(3)

Open and Resolved Caveats in Software Release 8.5(2)

Open and Resolved Caveats in Software Release 8.5(1)

Open and Resolved Caveats in Software Release 8.4(6)

Open and Resolved Caveats in Software Release 8.4(5)

Open and Resolved Caveats in Software Release 8.4(4)

Open and Resolved Caveats in Software Release 8.4(3)

Open and Resolved Caveats in Software Release 8.4(2a)

Open and Resolved Caveats in Software Release 8.4(2)

Open and Resolved Caveats in Software Release 8.4(1)

Open and Resolved Caveats in Software Release 8.3(7)

Open and Resolved Caveats in Software Release 8.3(6)

Open and Resolved Caveats in Software Release 8.3(5)

Open and Resolved Caveats in Software Release 8.3(4)

Open and Resolved Caveats in Software Release 8.3(3)

Open and Resolved Caveats in Software Release 8.3(2)

Open and Resolved Caveats in Software Release 8.3(1)

Open and Resolved Caveats in Software Release 8.2(2)

Open and Resolved Caveats in Software Release 8.2(1)

Open and Resolved Caveats in Software Release 8.1(3)

Open and Resolved Caveats in Software Release 8.1(2)

Open and Resolved Caveats in Software Release 8.1(1)

Catalyst Software Image Upgrade Procedure

Troubleshooting

Related Documentation

Release 8.x DRAM Memory Requirements

Supervisor Engine 32: The Catalyst 6500 series Supervisor Engine 32 ships with 256-MB DRAM, which fully supports software release 8.4(1) and later releases.

Supervisor Engine 720: The Catalyst 6500 series Supervisor Engine 720 ships with 512-MB DRAM, which fully supports software release 8.x.

Supervisor Engine 2: The Catalyst 6500 series Supervisor Engine 2 ships with 256-MB DRAM (WS-X6K-S2U-MSFC2) and the default 128-MB DRAM (WS-X6K-S2-MSFC2), both of which fully support software release 8.x.


Caution When running software release 8.x with a large number of routes configured, the Supervisor Engine 2 requires 256-MB DRAM. The exact number of routes supported by the Supervisor Engine 2 with 128-MB DRAM depends on the features you have configured.

Supervisor Engine 1: Early versions of the Catalyst 6500 series Supervisor Engine 1 shipped with 64-MB DRAM which does not support software release 8.x (currently, new Supervisor Engine 1 modules ship with 128-MB DRAM). To support software release 8.x, you need 128-MB DRAM.

With the exception of WS-X6K-SUP1A-MSFC, all other Supervisor Engine 1 modules can upgrade to 128-MB DRAM using the MEM-S1-128MB= upgrade kit. For detailed information on the MEM-S1-128MB= upgrade, refer to the Catalyst 6500 Series Switch Supervisor Engine 1A DRAM Upgrade Installation Note at this URL:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_14357.html

To upgrade to 128-MB DRAM on the WS-X6K-SUP1A-MSFC, use the MEM-S1-128MB-UPG= upgrade kit which also includes an MSFC2 upgrade.

Boot ROM (ROMMON) Requirements

For Supervisor Engine 1, the minimum boot ROM (ROMMON) required for software release 5.4(1) and later 5.x(x) releases is 5.2(1). The minimum boot ROM required for software releases 6.x(x), 7.x(x), and 8.x(x) is also 5.2(1). The default (shipping) image for software releases 6.x(x), 7.x(x), and 8.x(x) is 5.3(1).

For Supervisor Engine 2, the minimum boot ROM required for software release 6.2(2) and later releases is 6.1(3).

For Supervisor Engine 720, the minimum boot ROM required for software release 8.1(1) and later releases is 7.7(1).


Note The supervisor engine boot ROM versions must be identical in redundant systems.


Upgrading the Boot ROM

Follow these guidelines to upgrade the supervisor engine boot ROM (ROMMON) on Supervisor Engine 1 or 1A:

For supervisor engines with an MSFC, due to the location of the boot ROM, upgrading the boot ROM could damage your supervisor engine. This hardware configuration is not field upgradable.

For supervisor engines with an MSFC2 or no PFC, the boot ROM upgrade can be done in the field:

The boot ROM upgrade kit part number is WS-X6K-BOOT=


Note The boot ROM upgrade kit is not orderable. If an upgrade is needed, contact the Technical Assistance Center (TAC) to verify your hardware configuration and arrange for delivery of the upgrade kit.


For boot ROM installation information, refer to the Catalyst 6500 Series Switch Supervisor Engine NMP Boot ROM Upgrade Installation Note at this URL:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_10142.html


Note For Supervisor Engine 2 with boot ROM version 6.1(3) or later, the boot ROM software image can be upgraded through a software download from Cisco.com. Refer to the boot ROM software upgrade procedure at this URL:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_13488.html


FLASH PC CARD SUPPORT:

The following Flash PC cards are supported on Catalyst 6500 series switches:

MEM-C6K-FLC16M(=)

Supported only on Supervisor Engine 1 and Supervisor Engine 2.

MEM-C6K-FLC24M(=)

Supported only on Supervisor Engine 1 and Supervisor Engine 2.

MEM-C6K-FLC64M(=)

Supported only on Supervisor Engine 1.

MEM-C6K-ATA-1-64M(=)

Supported only on Supervisor Engine 2.

Prior to software release 7.5(1), Supervisor Engine 1 and Supervisor Engine 2 supported the following Flash PC cards:

16-MB Flash PC card (MEM-C6K-FLC16M=). The device name is slot0:.

24-MB Flash PC card (MEM-C6K-FLC24M=). The device name is slot0:.

With software releases 7.5(1) and later, additional Flash PC card support was added as follows:

64-MB ATA Flash PC card (MEM-C6K-ATA-1-64M=)—Only supported on Supervisor Engine 2. The device name is disk0: and the card requires ROMMON version 7.1(1) and later releases.

64-MB linear Flash PC card (MEM-C6K-FLC64M=)—Only supported on Supervisor Engine 1. The device name is slot0: and the card requires ROMMON software release 5.3(1) and later releases.


Note The MEM-C6K-ATA-1-64M(=) and MEM-C6K-FLC64M= Flash PC cards are not formatted. Although the cards appear to be formatted when first installed, you must format the cards to prevent possible data corruption.



Note The 16-MB MEM-C6K-FLC16M(=) and 24-MB MEM-C6K-FLC24M(=) linear Flash PC cards are not formatted. Supervisor Engine 1 and Supervisor Engine 2 do not support the same Flash PC card format. To use a Flash PC card with Supervisor Engine 2, you must format the card with Supervisor Engine 2. To use a Flash PC card with Supervisor Engine 1, you must format the card with Supervisor Engine 1.


The following Compact Flash cards are supported only on Supervisor Engine 720 with software release 8.1(1) and later releases and Supervisor Engine 32 with software release 8.4(1) and later releases:

MEM-C6K-CPTFL64M=

MEM-C6K-CPTFL128M=

MEM-C6K-CPTFL256M=

MEM-C6K-CPTFL512M=

MEM-C6K-CPTFL512M= is supported with Supervisor Engine 720 and Supervisor Engine 32 starting with software release 8.4(1).


Note For Supervisor Engine 720, a Compact Flash card can be installed only in the DISK 0 slot with software releases prior to release 8.4(1). With software releases 8.4(1) and later releases, you can use the DISK 1 slot.



Note For Supervisor Engine 1, software release 7.6(1) or later CV images need a 24-MB or 64-MB linear Flash PC card.

With the 24-MB linear Flash PC card with a Supervisor Engine 1/MSFC or a Supervisor Engine 1/MSFC2 with a 16-MB MSFC2 bootflash, you need to put the Catalyst image on the 24-MB linear Flash PC card, the IOS bootloader on the MSFC bootflash, and the Cisco IOS image on the 16-MB supervisor engine bootflash.

With the 64-MB linear Flash PC card with a Supervisor Engine 1/MSFC or a Supervisor Engine 1/MSFC2 with a 16-MB MSFC2 bootflash, you can put the Catalyst image and the MSFC/MSFC2 Cisco IOS image on the 64-MB linear Flash PC card, and the Cisco IOS bootloader on the MSFC bootflash.

With the 24-MB or 64-MB linear Flash PC card on a Supervisor Engine 1/MSFC2 with 32-MB MSFC2 bootflash, the MSFC2 bootloader and Cisco IOS image can be put on the MSFC2 bootflash, and the Catalyst image can be put on the 24-MB or 64-MB linear Flash PC cards.


Supervisor Engine Bootflash

Supervisor Engine 32: The Catalyst 6500 series Supervisor Engine 32 ships with a 256-MB bootflash device.

Supervisor Engine 720: The Catalyst 6500 series Supervisor Engine 720 ships with a 64-MB bootflash device.

Supervisor Engine 2: The Catalyst 6500 series Supervisor Engine 2 ships with a 32-MB bootflash device.


Note The default bootflash configuration on Supervisor Engine 2 shipped since late January 2001, is 32 MB. Enter the show version command to determine what size bootflash device is installed on the Supervisor Engine 2. If you have 16 MB, there is an upgrade to 32 MB available at this URL:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_12667.html


Supervisor Engine 1: The Catalyst 6500 series Supervisor Engine 1 (and 1A) ship with a 16-MB bootflash device. The Supervisor Engine 1 (and 1A) bootflash is not upgradeable.

Redundant Supervisor Engine Configurations

In systems with redundant supervisor engines, both supervisor engines must be identical and have the same daughter card configurations. For example, your switch can have the following configurations:

Slot 1—Supervisor Engine 2, PFC2, MSFC2
Slot 2—Supervisor Engine 2, PFC2, MSFC2

Slot 1—Supervisor Engine 2, PFC2
Slot 2—Supervisor Engine 2, PFC2

Slot 1—Supervisor Engine 1, PFC, MSFC2
Slot 2—Supervisor Engine 1, PFC, MSFC2

Slot 1—Supervisor Engine 1, PFC, MSFC1
Slot 2—Supervisor Engine 1, PFC, MSFC1

Slot 1—Supervisor Engine 1, PFC
Slot 2—Supervisor Engine 1, PFC

Slot 1—Supervisor Engine 1
Slot 2—Supervisor Engine 1

The slot locations for Supervisor Engine 720 (with PFC3 and MSFC3) and Supervisor Engine 32 (with PFC3B and MSFC2A) are chassis dependent:

With a 3-slot chassis, install the active supervisor engine in slot 1 and the redundant supervisor engine in slot 2.

With a 6-slot or a 9-slot chassis, install the active supervisor engine in slot 5 and the redundant supervisor engine in slot 6.

With a 13-slot chassis, install the active supervisor engine in slot 7 and the redundant supervisor engine in slot 8.

These configuration requirements apply to all Catalyst 6500 series switches. We do not support configurations that are not identical.

Product and Software Release Matrix

These sections list the minimum supervisor engine version and the current recommended supervisor engine software release for Catalyst 6500 series modules, power supplies, fan trays, and chassis:

Supervisor Engines

Policy Feature Cards

Switch Fabric Modules

Small Form-Factor Pluggable Modules (SFPs)

10-Gigabit Ethernet Switching Modules

XENPAKs

Gigabit Ethernet Switching Modules

Gigabit Interface Converters (GBICs)

Fast Ethernet Switching Modules

Ethernet/Fast Ethernet (10/100) Switching Modules

Ethernet Switching Modules

Power Over Ethernet Daughter Cards

Voice Modules

FlexWAN Module

Optical Services Modules

Service Modules

ATM Modules

Multilayer Switch Module

Power Supplies

Fan Trays

Modular Chassis


Note There might be additional minimum software release requirements for intelligent modules (those that run an additional, separate software image). Refer to the software release notes for the module type for more information.



Note Line modules and Service modules with different Hardware and Firmware can reside on the same chassis. To recognise the modules, you must know the minimum Supervisor Engine software release.


Supervisor Engines


Note Supervisor Engine 32 (WS-SUP32-GE-3B and WS-SUP32-10GE-3B) common features:

Supports 32-Gbps non-fabric-enabled switching bus (the WS-C6500-SFM and WS-C6500-SFM2 modules are not supported)

256-MB bootflash through an internal Compact Flash device (referred to as "bootdisk" in the CLI)

Compact Flash slot (disk 0)

One 10/100/1000 Mbps RJ-45 port (port 9)

Two USB ports

Host port (Type B port) interfaces with a standard host such as a PC

Device port (Type A port) interfaces with devices such as USB disks or USB keys


Note The USB ports are not enabled. These ports will be enabled in a future software release.


QoS port architecture (Rx/Tx): 2q8t/1p3q8t

Eight Gigabit Ethernet SFP ports (ports 1 through 8) on WS-SUP32-GE-3B


Note For a list of supported SFPs, see the "Small Form-Factor Pluggable Modules (SFPs)" section.


Two 10-Gigabit Ethernet uplink ports on WS-SUP32-10GE-3B (require XENPAKs)

For Supervisor Engine 32 fan tray requirements, see the "Fan Trays" section



Note Supervisor Engine 720 common features:

Integrated 720-Gbps Switch Fabric

64-MB bootflash device

2 Compact Flash slots (disk0 and disk1)

Two Ethernet uplink ports:

1-MB packet buffer per port

Port 1—Gigabit Ethernet SFP

Port 2—Configurable as Gigabit Ethernet SFP or 10/100/1000 Mbps RJ-45


Note For a list of supported SFPs, see the "Small Form-Factor Pluggable Modules (SFPs)" section.


QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t

For Supervisor Engine 720 fan tray requirements, see the "Fan Trays" section


Product Number
append with
"=" for spares
Product Description
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release
Supervisor Engine 321 , 2

WS-SUP32-GE-3B

Supervisor Engine 32 with PFC3B:

256-MB DRAM

Policy Feature Card 3B; see the "Policy Feature Cards" section

Multilayer Switch Feature Card 2A (MSFC2A)

256-MB DRAM

32-MB bootflash

8.4(1)

8.4(2)

WS-SUP32-10GE-3B

8.4(4)

8.4(4)

Supervisor Engine 7202

WS-SUP720-3B

Supervisor Engine 720 with PFC3B:

512-MB DRAM

Policy Feature Card 3B; see the "Policy Feature Cards" section

Multilayer Switch Feature Card 3 (MSFC3):

512-MB DRAM

64-MB bootflash

8.7(1)

8.7(1)

Note

There are no memory-only upgrade options for WS-SUP720-3B.

Use WS-F6K-PFC3BXL= to upgrade a WS-SUP720-3B with a PFC3BXL. WS-F6K-PFC3BXL= includes 1 GB memory upgrades for the Supervisor Engine 720 and the MSFC3. Refer to this publication for more information:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_16220.html

WS-SUP720-3BXL

Supervisor Engine 720 with PFC3BXL:

1-GB DRAM

Policy Feature Card 3BXL; see the "Policy Feature Cards" section

Multilayer Switch Feature Card 3 (MSFC3):

1-GB DRAM

64-MB bootflash

8.3(1)

8.3(3)

Note There are no memory upgrade options for WS-SUP720-3BXL.

WS-SUP720

Supervisor Engine 720 with the following features:

512-MB DRAM

Policy Feature Card 3A (PFC3A); see the "Policy Feature Cards" section

Multilayer Switch Feature Card 3 (MSFC3) with 64-MB bootflash device and 512-MB DRAM

8.1(1)

8.3(3)

Supervisor Engine 23

WS-X6K-S2U-MSFC2

Supervisor Engine 2, dual 1000BASE-X GBIC uplinks, fabric-enabled, CEF, PFC2, and MSFC2
256 MB on supervisor engine, 256 MB on MSFC2
QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t

6.1(1d)

6.4(21)

WS-X6K-S2-MSFC2

Supervisor Engine 2, dual 1000BASE-X GBIC uplinks, fabric-enabled, CEF, PFC2, and MSFC2
128 MB on supervisor engine, 128 MB on MSFC2
QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t

6.1(1d)

6.4(21)

WS-X6K-S2-PFC2

Supervisor Engine 2, dual 1000BASE-X GBIC uplinks, fabric-enabled, and PFC2
QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t

6.1(1d)

6.4(21)

Supervisor Engine 14 , 5

WS-X6K-S1A-MSFC2

Supervisor Engine 1A, dual 1000BASE-X GBIC uplinks, PFC, and MSFC2
QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t

5.4(3)

6.4(21)

WS-X6K-SUP1A-MSFC

Supervisor Engine 1A, dual 1000BASE-X GBIC uplinks, PFC, and MSFC
QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t

5.3(1a)CSX

6.4(21)

WS-X6K-SUP1A-PFC

Supervisor Engine 1A, dual 1000BASE-X GBIC uplinks, and PFC
QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t

5.3(1a)CSX

6.4(21)

WS-X6K-SUP1A-2GE

Supervisor Engine 1A, dual 1000BASE-X GBIC uplinks
QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t

5.3(1a)CSX

6.4(21)

WS-X6K-SUP1-2GE

Supervisor Engine 1, dual 1000BASE-X GBIC uplinks, Layer 2 Switching Engine I (WS-F6020) or Layer 2 Switching Engine II (WS-F6020A)
QoS port architecture (Rx/Tx): 1q4t/2q2t

5.1(1a)CSX

6.4(21)

1 Read the Cautionary information on page 1 of this document to verify your Supervisor Engine 32 hardware version. The hardware version determines the required software releases for Supervisor Engine 32.

2 Supervisor Engine 720 and Supervisor Engine 32 require a 2500 W or larger power supply in all 6-, 9-, and 13-slot chassis.

3 Not supported in software release 8.6(5) or later releases.

4 Not supported in the WS-C6513 chassis.

5 Not supported in software release 8.5(4). For more information, refer to Product Bulletin No. 2595 at this URL:
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_end-of-life_notice0900aecd8017a5d1.html


Policy Feature Cards


NoteThe PFC2 supports a theoretical maximum of 128 K MAC addresses (32 K MAC addresses recommended maximum).

The PFC3 supports a theoretical maximum of 64 K MAC addresses (32 K MAC addresses recommended maximum).

You cannot use a PFC3BXL or a PFC3B on one supervisor engine and a PFC3A on the other supervisor engine for redundancy. You must use identical policy feature cards for redundancy.


Product Number
append with
"=" for spares
Product Description
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release

PFC3B1

Policy Feature Card 3B (PFC3B)

8.4(1)

8.4(1)

PFC3BXL1

Policy Feature Card 3BXL (PFC3BXL)

8.3(1)

8.3(3)

PFC3A2

Policy Feature Card 3A (PFC3A)

8.1(1)

8.3(3)

For PFC and PFC2 information, see the "Supervisor Engines" section.

1 Supported on Supervisor Engine 720 and Supervisor Engine 32.

2 Supported only with Supervisor Engine 720.


Switch Fabric Modules


NoteThe Switch Fabric Modules are not supported with Supervisor Engine 720 because the Supervisor Engine 720 has an integrated switch fabric.

The WS-C6500-SFM2 and the WS-X6500-SFM are supported only in systems with a Supervisor Engine 2.

Except in a 13-slot chassis, WS-X6500-SFM2 and WS-C6500-SFM can be used together to provide redundancy.

3-slot chassis do not support WS-X6500-SFM2 or WS-C6500-SFM.


Product Number
append with
"=" for spares
Product Description
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release

WS-C6500-SFM

Switch Fabric Module to support fabric-enabled modules

6.1(1d)

6.4(11)

WS-X6500-SFM2

Switch Fabric Module version 2

6.2(2)

6.4(11)


Small Form-Factor Pluggable Modules (SFPs)


Note For a list of transceiver that support Digital Optical Monitoring (DOM), refer to the Cisco Digital Optical Monitoring Compatibility Matrix at this URL:
http://www.cisco.com/en/US/docs/interfaces_modules/transceiver_modules/compatibility/matrix/OL_8031.html


Product Number
append with
"=" for spares
Product Description
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release

CWDM-SFP

1000BASE-CWDM SFP

8.3(1)

8.3(3)

GLC-T

1000BASE-T SFP

8.3(1)

8.3(3)

GLC-LH-SM

1000BASE-LX/LH SFP

8.1(1)

8.3(3)

GLC-SX-MM

1000BASE-SX SFP

8.1(1)

8.3(3)

GLC-ZX-SM

1000BASE-ZX SFP

8.2(1)

8.3(3)

GLC-FE-100FX

100BASE-FX SFP

8.4(1)

8.4(1)

GLC-FE-100LX

100BASE-LX SFP

8.4(1)

8.4(1)

GLC-FE-100BX-D

GLC-FE-100BX-U

100BASE-BX10 SFPs

8.4(1)

8.4(1)

GLC-BX-U

1000BASE-BX SFP, transmit 1310-nm, receive 1490-nm

8.5(1)

8.5(1)

GLC-BX-D

1000BASE-BX SFP, transmit 1490-nm, receive 1310-nm

8.5(1)

8.5(1)


10-Gigabit Ethernet Switching Modules

Product Number
append with
"=" for spares
Product Description
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release

WS-X6502-10GE

1-port 10GBASE-E Serial 10-Gigabit Ethernet, fabric-enabled
QoS port architecture (Rx/Tx): 1p1q8t/1p2q1t

Note The WS-X6502-10GE module does not support ISL encapsulation.

7.1(1)

7.6(9)

WS-G6483

10GBASE-ER Serial 1550-nm extended-reach Optical Interface Module (OIM)

7.2(2)

7.6(9)

WS-G6488

10GBASE-LR Serial 1310-nm long-haul OIM

7.1(1)

7.6(9)

WS-X6704-10GE 1 , 2 , 3

4-port 10-Gigabit Ethernet, requires XENPAKs, fabric-enabled
QoS port architecture (Rx/Tx): 1q8t/1p7q8t

Note For a list of supported XENPAKs, see the "XENPAKs" section.

8.1(2)

8.3(3)

1 Not supported in a 6503 chassis in software releases prior to release 8.4(1). Supported in the 6503-E chassis with software release 8.4(1) and later releases.

2 In a 13-slot chassis, this module must be installed in slots 9, 10, 11, 12, or 13.

3 Supported only with Supervisor Engine 720.


XENPAKs


Note For a list of transceivers that support Digital Optical Monitoring (DOM), refer to the Cisco Digital Optical Monitoring Compatibility Matrix at this URL:

http://www.cisco.com/en/US/docs/interfaces_modules/transceiver_modules/compatibility/matrix/OL_8031.html


Product Number
append with
"=" for spares
Product Description
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release

XENPAK-10GB-LR

Up to 10-kilometer range, 10GBASE-LR Serial 1310-nm long-haul (SMF)

8.1(2)

8.3(3)

XENPAK-10GB-LX4

10GBASE-LX4 Serial 1310-nm multimode (MMF)

8.2(1)

8.3(3)

XENPAK-10GB-ER

10GBASE-ER Serial 1550-nm extended-reach (SMF)

8.2(1)

8.3(3)

XENPAK-10GB-SR

10GBASE-SR Serial 850-nm short-reach multi-mode (MMF)

8.3(1)

8.3(3)

XENPAK-10GB-CX4

10GBASE-CX4 provides support for copper up to 15 meters on CX4 cable

8.3(1)

8.3(3)

XENPAK-10GB-ZR

10GBASE-ZR XENPAK 1550-nm, SC connector (SMF)

8.5(1)

8.5(1)

XENPAK-10GB-LW

10GBASE-LW XENPAK 1310-nm, SC connector (SMF)

Note The XENPAK-10GB-LW operates at an interface speed compatible with SONET/SDH OC-192/STM-64 and supports transmission at a data rate of 9.6Gbps.

When used with the WS-X6704-10GE module:
8.3(1)

When used with the WS-SUP32-10GE-3B uplinks:
8.4(4)

8.5(3)

DWDM-XENPAK- xx.xx1

Dense Wavelength Division Multiplexing (DWDM) XENPAK transceivers

8.5(1)

8.5(4)

1 For a list of the DWDM XENPAK product numbers, band, and channel assignments, refer to the Cisco DWDM XENPAK Transceiver Installation Note at this URL: http://www.cisco.com/en/US/docs/interfaces_modules/transceiver_modules/installation/note/78_15665.html


Gigabit Ethernet Switching Modules

Product Number
append with
"=" for spares
Product Description
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release

WS-X6148A-GE-TX WS-X6148A-GE-45AF

48-port 10/100/1000BASE-T switching module, RJ-45 (WS-X6148A-GE-45AF provides inline power to IP telephones using the voice daughter card WS-F6K-GE48-AF)
QoS port architecture (Rx/Tx): 1q2t/1p3q8t

8.4(1)

8.4(1)

WS-X6748-GE-TX 1 , 2 , 3

48-port 10/100/1000BASETX switching module, RJ-45, fabric-enabled
QoS port architecture (Rx/Tx): 1q8t/1p3q8t

8.1(2)

8.3(3)

WS-X6748-SFP1, 2, 3

48-port Gigabit Ethernet switching module, requires SFPs, fabric enabled
QoS port architecture (Rx/Tx): 1q8t/1p3q8t

Note For a list of supported SFPs, see the "Small Form-Factor Pluggable Modules (SFPs)" section.

8.3(2)

8.3(3)

WS-X6724-SFP1, 3

24-port Gigabit Ethernet switching module, requires SFPs, fabric-enabled
QoS port architecture (Rx/Tx): 1q8t/1p3q8t

Note For the 24-port Gigabit Ethernet switching module hardware version 2.2 and earlier versions, the recommended supervisor engine software release is 8.1(2).

Note For the 24-port Gigabit Ethernet switching module hardware version 2.3 and later versions, the recommended supervisor software release is 8.3(3).

Note For a list of supported SFPs, see the "Small Form-Factor Pluggable Modules (SFPs)" section.

See the Notes in the Product Description.

See the Notes in the Product Description.

WS-X6148-GE-TX
WS-X6148V-GE-TX

48-port 10/100/1000BASE-TX switching module (WS-X6148V-GE-TX provides inline power to IP telephones using the voice daughter card WS-F6K-GE48-AF or WS-F6K-VPWR-GE)
QoS port architecture (Rx/Tx): 1q2t/1p2q2t

7.6(1)

7.6(9)

WS-X6148-GE-45AF

48-port 10/100/1000BASE-TX switching module, provides inline power to IP telephones using the voice daughter card WS-F6K-GE48-AF
QoS port architecture (Rx/Tx): 1q2t/1p2q2t

8.2(1)

8.3(3)

WS-X6548-GE-TX
WS-X6548V-GE-TX

48-port 10/100/1000BASE-TX switching module, fabric-enabled (WS-X6548V-GE-TX provides inline power to IP telephones using the voice daughter card WS-F6K-GE48-AF or WS-F6K-VPWR-GE)
QoS port architecture (Rx/Tx): 1q2t/1p2q2t

7.6(1)

7.6(9)

WS-X6548-GE-45AF

48-port 10/100/1000BASE-TX switching module, fabric-enabled, provides inline power to IP telephones using the voice daughter card WS-F6K-GE48-AF
QoS port architecture (Rx/Tx): 1q2t/1p2q2t

8.2(1)

8.3(3)

WS-X6516A-GBIC

16-port Gigabit Ethernet GBIC switching module, fabric-enabled, 1-MB per-port packet buffers
QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t

7.5(1)

7.6(9)

WS-X6516-GBIC 4

16-port Gigabit Ethernet GBIC switching module, fabric-enabled
QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t

6.1(1d)

6.4(11)

WS-X6516-GE-TX

16-port 10/100/1000BASE-T Ethernet Module,
fabric-enabled
QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t

6.2(2)

6.4(11)

WS-X6416-GBIC

16-port Gigabit Ethernet GBIC switching module
QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t

5.4(2)

6.4(11)

WS-X6416-GE-MT

16-port Gigabit Ethernet MT-RJ
QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t

5.3(5a)CSX

6.4(11)

WS-X6316-GE-TX

16-port 1000BASE-TX RJ-45 Gigabit Ethernet
QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t

5.4(2)

6.4(11)

WS-X6408A-GBIC

8-port Gigabit Ethernet GBIC
QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t

5.3(1a)CSX

6.4(11)

WS-X6408-GBIC

8-port Gigabit Ethernet GBIC
QoS port architecture (Rx/Tx): 1q4t/2q2t

5.1(1)CSX

6.4(11)

1 Not supported in a 6503 chassis in software releases prior to release 8.4(1). Supported in the 6503-E chassis with software release 8.4(1) and later releases.

2 In a 13-slot chassis, this module must be installed in slots 9, 10, 11, 12, or 13.

3 Supported only with Supervisor Engine 720.

4 Hardware (Hw) revisions 5.0 through 5.4 are not supported with a Supervisor Engine 720 or a Supervisor Engine 32.


Gigabit Interface Converters (GBICs)


Note For a list of transceiver that support Digital Optical Monitoring (DOM), refer to the Cisco Digital Optical Monitoring Compatibility Matrix at this URL:

http://www.cisco.com/en/US/docs/interfaces_modules/transceiver_modules/compatibility/matrix/OL_8031.html


Product Number
append with
"=" for spares
Product Description
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release

WS-G5483

1000BASE-T GBIC transceiver module for Category 5 copper wire
RJ-45 connector

7.2(1)

7.6(17)

WS-G5484

1000BASE-SX GBIC transceiver module for MMF, 850-nm wavelength
SC connector

5.1(1)CSX

6.4(21)

WS-G5486

1000BASE-LX/LH GBIC transceiver for MMF and SMF, 1300-nm wavelength
SC connector

5.1(1)CSX

6.4(21)

WS-G5487

1000BASE-ZX GBIC transceiver module for SMF, 1550-nm wavelength
SC connector

5.1(1)CSX

6.4(21)

CWDM-GBIC- xxxx1

1000BASE-CWDM GBIC

7.2(1)

7.6(17)

DWDM-GBIC- xx.xx2

1000BASE-DWDM GBIC

8.3(1)

8.5(4)

1 For a list of the CWDM GBIC product numbers and wavelengths, refer to the Cisco CWDM GBIC and CWDM SFP Installation Note at this URL:
http://www.cisco.com/en/US/products/hw/modules/ps4999/prod_installation_guides_list.html

2 For a list of the DWDM GBIC product numbers, band, and channel assignments, refer to the DWDM Gigabit Interface Converter Installation Note at this URL:
http://www.cisco.com/en/US/docs/interfaces_modules/transceiver_modules/installation/note/78_15299.html


Fast Ethernet Switching Modules

Product Number
append with
"=" for spares
Product Description
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release

WS-X6148-FE-SFP

48-port 100BASE-FX, requires SFPs
QoS port architecture (Rx/Tx): 1p1q4t/1p3q8t

Note For a list of supported SFPs, see the "Small Form-Factor Pluggable Modules (SFPs)" section.

8.4(1)

8.4(1)

WS-X6524-100FX-MM

24-port 100BASE-FX multimode, fabric-enabled
QoS port architecture (Rx/Tx): 1p1q0t/1p3q1t

7.1(1)

7.6(9)

WS-X6324-100FX-SM
WS-X6324-100FX-MM

24-port 100BASE-FX single mode or multimode, MT-RJ with 128K per-port packet buffers
QoS port architecture (Rx/Tx): 1q4t/2q2t

5.4(2)

6.4(11)

WS-X6224-100FX-MT

24-port 100BASE-FX multimode, MT-RJ
QoS port architecture (Rx/Tx): 1q4t/2q2t

5.1(1)CSX

6.4(11)


Ethernet/Fast Ethernet (10/100) Switching Modules

Product Number
append with
"=" for spares
Product Description
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release

WS-X6196-RJ-21
WS-X6196-21AF

96-port, 10/100BASE-TX RJ-21 (WS-X6196-21AF provides inline power to IP telephones using the voice daughter card WS-F6K-FE48X2-AF)
QoS port architecture: 1p1q0t/1p3q1t

8.4(1)

8.4(1)

WS-X6148A-RJ-45
WS-X6148A-45AF

48-port 10/100BASE-TX RJ-45 with 5.3Mb per-port packet buffers (WS-X6148A-45AF provides inline power to IP telephones using the voice daughter card WS-F6K-48-AF)
QoS port architecture (Rx/Tx): 1p1q4t/1p3q8t

8.4(1)

8.4(1)

WS-X6148X2-RJ-45
WS-X6148X2-45AF

96-port 10/100BASE-TX RJ-45, (WS-X6148X2-45AF provides inline power to IP telephones using the voice daughter card WS-F6K-FE48X2-AF)
QoS port architecture (Rx/Tx): 1p1q0t/1p3q1t

8.2(1)

8.3(3)

WS-X6548-RJ-21

48-port 10/100BASE-TX RJ-21, fabric-enabled
QoS port architecture (Rx/Tx): 1p1q0t/1p3q1t

6.2(2)

6.4(11)

WS-X6548-RJ-45

48-port 10/100BASE-TX RJ-45, fabric-enabled
QoS port architecture (Rx/Tx): 1p1q0t/1p3q1t

6.2(2)

6.4(11)

WS-X6348-RJ21V

48-port 10/100BASE-TX RJ-21 with 128K per-port packet buffers (WS-X6348-RJ21V provides inline power to IP telephones using the voice daughter card WS-F6K-VPWR)
QoS port architecture (Rx/Tx): 1q4t/2q2t

6.2(2)

6.4(11)

WS-X6348-RJ-45 WS-X6348-RJ-45V

48-port 10/100BASE-TX RJ-45 with 128K per-port packet buffers (WS-X6348-RJ-45V provides inline power to IP telephones using the voice daughter card WS-F6K-VPWR)
QoS port architecture (Rx/Tx): 1q4t/2q2t

Without
WS-F6K-VPWR:
5.4(2)

With
WS-F6K-VPWR:
5.5(1)

Without
WS-F6K-VPWR:
6.4(11)

With
WS-F6K-VPWR:
6.4(11)

WS-X6148-RJ-45
WS-X6148-RJ-45V

48-port 10/100BASE-TX RJ-45 with 128K per-port packet buffers (WS-X6148-RJ-45V provides inline power to IP telephones using the voice daughter card WS-F6K-48-AF or WS-F6K-VPWR)
QoS port architecture (Rx/Tx): 1q4t/2q2t

For software releases 6.x: 6.4(1)

For software releases 7.x: 7.2(2)

For software releases 6.x: 6.4(11)

For software releases 7.x: 7.6(9)

WS-X6148-RJ-21
WS-X6148-RJ21V

48-port 10/100BASE-TX RJ-21 with 128K per-port packet buffers (WS-X6148-RJ21V provides inline power to IP telephones using the voice daughter card WS-F6K-48-AF or WS-F6K-VPWR)
QoS port architecture (Rx/Tx): 1q4t/2q2t

For software releases 6.x: 6.4(1)

For software releases 7.x: 7.2(2)

For software releases 6.x: 6.4(11)

For software releases 7.x: 7.6(9)

WS-X6148-45AF

48-port 10/100BASE-TX RJ-45 with 128K per-port packet buffers (WS-X6148-45AF has the WS-F6K-48-AF daughter card to provide inline power to IP telephones)
QoS port architecture (Rx/Tx): 1q4t/2q2t

8.2(1)

8.3(3)

WS-X6148-21AF

48-port 10/100BASE-TX RJ-21 with 128K per-port packet buffers (WS-X6148-21AF has the WS-F6K-48-AF daughter card to provide inline power to IP telephones)
QoS port architecture (Rx/Tx): 1q4t/2q2t

8.2(1)

8.3(3)

WS-F6K-VPWR

Inline-power field-upgrade module mounts on the 48-port 10/100BASE-TX RJ-45 and RJ-21 modules

5.5(1)

6.4(11)

WS-X6248-RJ-45

48-port 10/100BASE-TX RJ-45
QoS port architecture (Rx/Tx): 1q4t/2q2t

5.1(1)CSX

6.4(11)

WS-X6248A-TEL

48-port 10/100BASE-TX RJ-21 with 128K per-port packet buffers
QoS port architecture (Rx/Tx): 1q4t/2q2t

5.3(2)CSX

6.4(11)

WS-X6248-TEL

48-port 10/100BASE-TX RJ-21
QoS port architecture (Rx/Tx): 1q4t/2q2t

5.2(1)CSX

6.4(11)


Ethernet Switching Modules

Product Number
append with
"=" for spares
Product Description
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release

WS-X6024-10FL-MT

24-port 10BASE-FL MT-RJ
QoS port architecture (Rx/Tx): 1q4t/2q2t

5.3(3)CSX

6.4(11)


Power Over Ethernet Daughter Cards

Product Number
append with
"=" for spares
Product Description
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release
WS-F6K-FE48X2-AF

IEEE 802.3af PoE daughter card for:

 
 

WS-X6148X2-45AF

8.2(1)

8.3(3)

WS-X6196-21AF

8.4(1)

8.4(1)

WS-F6K-GE48-AF

IEEE 802.3af PoE daughter card for:

 
 

WS-X6148A-GE-45AF

8.4(1)

8.4(1)

WS-X6148V-GE-TX

7.6(1)

7.6(9)

WS-X6148-GE-45AF

8.2(1)

8.3(3)

WS-X6548V-GE-TX

7.6(1)

7.6(9)

WS-X6548-GE-45AF

8.2(1)

8.3(3)

WS-F6K-48-AF

IEEE 802.3af PoE daughter card for:

 
 

WS-X6148A-45AF

8.4(1)

8.4(1)

WS-X6148-RJ-45V

For software releases 6.x: 6.4(1)

For software releases 7.x: 7.2(2)

For software releases 6.x: 6.4(11)

For software releases 7.x: 7.6(9)

WS-X6148-RJ21V

For software releases 6.x: 6.4(1)

For software releases 7.x: 7.2(2)

For software releases 6.x: 6.4(11)

For software releases 7.x: 7.6(9)

WS-F6K-VPWR-GE

PoE daughter card for:

 
 

WS-X6548V-GE-TX

7.6(1)

7.6(9)

WS-X6148V-GE-TX

7.6(1)

7.6(9)

WS-F6K-VPWR

PoE daughter card for:

 
 

WS-X6348-RJ-45V

5.5(1)

6.4(11)

WS-X6348-RJ21V

6.2(2)

6.4(11)

WS-X6148-RJ-45V

For software releases 6.x: 6.4(1)

For software releases 7.x: 7.2(2)

For software releases 6.x: 6.4(11)

For software releases 7.x: 7.6(9)

WS-X6148-RJ21V

For software releases 6.x: 6.4(1)

For software releases 7.x: 7.2(2)

For software releases 6.x: 6.4(11)

For software releases 7.x: 7.6(9)


Voice Modules

Product Number
append with
"=" for spares
Product Description1
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release

WS-SVC-CMM

Communication Media Module

7.6(12)

8.3(3)

WS-SVC-CMM-6E

16-port E1 interface port adapter

7.6(12)

8.3(3)

WS-SVC-CMM-6T1

6-port T1 interface port adapter

7.6(12)

8.3(3)

WS-SVC-CMM-24FXS

24-port FXS interface port adapter

7.6(12)

8.3(3)

WS-SVC-CMM-ACT

Ad-hoc conferencing and transcoding port adapter

7.6(12)

8.3(3)

WS-X6624-FXS

24-port FXS analog interface module

5.5(1)

6.4(11)

WS-X6608-T1
WS-X6608-E1

8-port T1/E1 PSTN interface modules

5.5(1)

6.4(11)

1 The voice modules are not supported with Supervisor Engine 720 in software release 8.1(x). The voice modules are supported with Supervisor Engine 720 in software release 8.2(1) and later releases.


FlexWAN Module

Product Number
append with
"=" for spares
Product Description
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release

WS-X6582-2PA 1

FlexWAN2, enhanced FlexWAN module

8.5(1)

8.5(1)

WS-X6182-2PA 2 , 3

FlexWAN Module

5.4(2)

6.4(11)

1 For enhanced FlexWAN2 documentation, refer to this URL: http://www.cisco.com/en/US/docs/routers/7600/install_config/flexwan_config/flexwan-config-guide.html

2 The WS-X6182-2PA FlexWAN module is not supported with Supervisor Engine 720 in software release 8.1(x). The WS-X6182-2PA FlexWAN module is supported with Supervisor Engine 720 in software release 8.2(1) and later releases. The WS-X6182-2PA FlexWAN module is not supported with Supervisor Engine 32. For detailed information on Cisco IOS Release requirements for the FlexWAN module, see the "Release Notes for Cisco IOS on the MSFC" section at this URL:
http://www.cisco.com/en/US/products/hw/switches/ps708/prod_release_notes_list.html

3 Refer to the Catalyst 6500 Series Switch FlexWAN Module Installation and Configuration Note.


Optical Services Modules

Product Number
append with
"=" for spares
Product Description1 , 2 , 3
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release
4-port Gigabit Ethernet WAN

OSM-4GE-WAN-GBIC

4-port Gigabit Ethernet Optical Services Module

6.1(2)

6.4(11)

OC-12 Packet over SONET4

OSM-2OC12-POS-MM

2-port OC-12c/STM-4c POS Optical Services Module, MM, with 4 Gigabit Ethernet ports

6.1(2)

6.4(11)

OSM-2OC12-POS-SI

2-port OC-12c/STM-4c POS Optical Services Module, SM-IR, with 4 Gigabit Ethernet ports

6.1(2)

6.4(11)

OSM-2OC12-POS-SL

2-port OC-12c/STM-4c POS Optical Services Module, SM-LR5 , with 4 Gigabit Ethernet ports

6.1(2)

6.4(11)

OSM-4OC12-POS-MM

4-port OC-12c/STM-4c POS Optical Services Module, MM, with 4 Gigabit Ethernet ports

6.1(2)

6.4(11)

OSM-4OC12-POS-SI

4-port OC-12c/STM-4c POS Optical Services Module, SM-IR, with 4 Gigabit Ethernet ports

6.1(2)

6.4(11)

OSM-4OC12-POS-SL

4-port OC-12c/STM-4c POS Optical Services Module, SM-LR, with 4 Gigabit Ethernet ports

6.1(2)

6.4(11)

OC-3 Packet over SONET3

OSM-4OC3-POS-SI

4-port OC-3c/STM-1c POS Optical Services Module, SM-IR, with 4 Gigabit Ethernet ports

7.1(1)

7.6(9)

OSM-8OC3-POS-MM

8-port OC-3c/STM-1c POS Optical Services Module, MM, with 4 Gigabit Ethernet ports

6.1(2)

6.4(11)

OSM-8OC3-POS-SI

8-port OC-3c/STM-1c POS Optical Services Module, SM-IR, with 4 Gigabit Ethernet ports

6.1(2)

6.4(11)

OSM-8OC3-POS-SL

8-port OC-3c/STM-1c POS Optical Services Module, SM-LR, with 4 Gigabit Ethernet ports

6.1(2)

6.4(11)

OSM-16OC3-POS-MM

16-port OC-3c/STM-1c POS Optical Services Module, MM, with 4 Gigabit Ethernet ports

6.1(2)

6.4(11)

OSM-16OC3-POS-SI

16-port OC-3c/STM-1c POS Optical Services Module, SM-IR, with 4 Gigabit Ethernet ports

6.1(2)

6.4(11)

OSM-16OC3-POS-SL

16-port OC-3c/STM-1c POS Optical Services Module, SM-LR, with 4 Gigabit Ethernet ports

6.1(2)

6.4(11)

OC-48 Packet over SONET3

OSM-1OC48-POS-SS

1-port OC-48c/STM-16c POS Optical Services
Module, SM-SR, with 4 Gigabit Ethernet ports

6.1(3)

6.4(11)

OSM-1OC48-POS-SI

1-port OC-48c/STM-16c POS Optical Services
Module, SM-IR, with 4 Gigabit Ethernet ports

6.1(3)

6.4(11)

OSM-1OC48-POS-SL

1-port OC-48c/STM-16c POS Optical Services
Module, SM-LR, with 4 Gigabit Ethernet ports

6.1(3)

6.4(11)

1 The OSMs are only supported with Supervisor Engine 2.

2 Refer to the Optical Services Module Installation and Configuration Note.

3 Channelized OSMs are not supported on Catalyst 6500 series switches; they are supported only on the Cisco 7600 series router platform.

4 Also has four Layer 2 Gigabit Ethernet ports.

5 Single-mode, long reach.


Service Modules

Product Number
append with
"=" for spares
Product Description1
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release
Intrusion Detection System Module (IDSM)2

WS-X6381-IDS 3

Intrusion Detection System Module

6.1(1d)

6.4(11)

WS-SVC-IDSM2-BUN-K9

Intrusion Detection System Module 2

7.5(1)

7.6(9)

Network Analysis Module (NAM)4 , 5

WS-X6380-NAM3

Network Analysis Module, 256-MB RAM

5.5(1)

6.4(11)

WS-SVC-NAM-1

Network Analysis Module, 512-MB RAM, fabric-enabled

7.3(1)

7.6(9)

WS-SVC-NAM-2

Network Analysis Module, 1-GB RAM, fabric enabled, accelerator daughter card

7.3(1)

7.6(9)

Firewall Services Module6

WS-SVC-FWM-1-K9

Firewall Services Module

7.5(1)

7.6(9)

SSL Services Module7

WS-SVC-SSL-1

SSL Services Module

7.5(1)

7.6(9)

Content Switching Module (CSM)8

WS-X6066-SLB-APC 9

Content Switching Module

7.5(1)

7.6(9)

Content Services Gateway (CSG)10

WS-SVC-CSG-1

Content Services Gateway

7.6(1)

7.6(9)

Application-Oriented Networking (AON) Module11

WS-SVC-AON-1-K9

Application-Oriented Networking (AON) Module

8.4(2a)

8.4(2a)

1 The service modules are not supported with supervisor engine WS-SUP720 in software release 8.1(x). The service modules are supported with supervisor engine WS-SUP720 in software release 8.2(1) and later releases. The service modules are supported with supervisor engine WS-SUP720-3BXL in software release 8.3(1) and later releases. The service modules are supported with supervisor engine WS-SUP720-3B in software releases 8.3(7) and later releases. The service modules are supported with supervisor engine WS-SUP32-GE-3B in software release 8.4(1) and later releases. The service modules are supported with supervisor engine WS-SUP32-10GE-3B in software releases 8.4(4) and later releases.

2 Refer to the Catalyst 6500 Series Switch Intrusion Detection System Module Installation and Configuration Note.

3 Not supported with Supervisor Engine 720 or Supervisor Engine 32.

4 Refer to the Network Analysis Module Installation and Configuration Note.

5 The Network Analysis Module (NAM) application image 1.1(1a) and NAM maintenance image 1.1(1a)m are not supported with supervisor engine software releases 6.3(2) and later. For supervisor engine software releases 6.3(2) and later, use the 1.2 NAM image.

6 Refer to the Catalyst 6500 Series Switch and 7600 Series Firewall Services Module Installation and Configuration Note.

7 Refer to the Catalyst 6500 Series Switch SSL Services Module Installation and Configuration Note.

8 Refer to the Cisco Content Switching Module Installation and Configuration Guide.

9 The WS-X6066-SLB-APC module is not supported with Supervisor Engine 32.

10 Refer to the Cisco Content Services Gateway Installation and Configuration Guide.

11 Refer to the Application-Oriented Networking (AON) documentation at this URL: http://www.cisco.com/en/US/products/ps6692/Products_Sub_Category_Home.html


ATM Modules

Product Number
append with
"=" for spares
Product Description1 , 2
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release

WS-X6101-OC12-SMF

Single-port single-mode OC-12 ATM

5.3(2)CSX

6.4(11)

WS-X6101-OC12-MMF

Single-port multimode OC-12 ATM

5.3(2)CSX

6.4(11)

1 The ATM modules are not supported with the Supervisor Engine 720 in software release 8.1(x). The ATM modules are supported with Supervisor Engine 720 in software release 8.2(1) and later releases.

2 Refer to the ATM Configuration Guide and Command Reference.


Multilayer Switch Module

Product Number
append with
"=" for spares
Product Description1 , 2
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release

WS-X6302-MSM

Multilayer Switch Module

5.2(1)CSX

6.4(11)

1 The Multilayer Switch Module is not supported with Supervisor Engine 720 or Supervisor Engine 32 (there will be no Supervisor Engine 720 or Supervisor Engine 32 support in any future software releases).

2 Refer to the Multilayer Switch Module Release Notes.


Power Supplies

Product Number
append with
"=" for spares
Product Description
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release

WS-CAC-6000W 1

6000 W AC power supply

8.4(1)

8.4(1)

PWR-2700-AC 2

2700 W AC power supply

8.4(1)

8.4(1)

PWR-2700-DC2

2700 W DC power supply

8.4(1)

8.4(1)

WS-CAC-1000W

1000 W AC power supply

5.1(1)CSX

6.4(11)

WS-CAC-1300W

1300 W AC power supply

5.1(1)CSX

6.4(11)

WS-CDC-1300W

1300 W DC power supply

5.1(1)CSX

6.4(11)

PWR-1400-AC 3

1400 W AC power supply

8.1(1)

8.3(3)

WS-CAC-2500W

2500 W AC power supply

5.4(2)

6.4(11)

WS-CDC-2500W

2500 W DC power supply

5.4(2)

6.4(11)

WS-CAC-3000W

3000W AC power supply

7.5(1)

7.6(9)

WS-CAC-4000W

4000 W AC power supply

6.1(3)

6.4(11)

PWR-4000-DC 4

4000 W DC power supply

6.1(3)

8.3(3)

PWR-950-AC3

950 W AC power supply

7.5(1)

7.6(9)

PWR-950-DC3

950 W DC power supply

7.5(1)

7.6(9)

PWR-1900-AC/6 5

1900 W AC power supply

7.2(2)

7.6(9)

PWR-1900-DC5

1900 W DC power supply

7.2(2)

7.6(9)

1 Supported in all 65xx and 65xx-E chassis except for the 6503 and 6503-E (form-factor difference). Only the 6513 and -E chassis support the full 6000W; the other chassis rely on software to current limit the power supply.

2 Supported in the 7606 chassis and the 6504-E chassis. Support in the 6504-E chassis requires software release 8.4(2) and later releases.

3 Supported only on the WS-C6503, WS-C6503-E, and CISCO7603 chassis.

4 The full 4000W is only available with software release 8.1(1) and later releases. With software release 6.1(3) and later 6.x and 7.x releases, the maximum wattage is 2506.56W.

5 Supported only on the CISCO7606 chassis.


Fan Trays

Product Number
append with
"=" for spares
Product Description1
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release

FAN-MOD-3

Standard-capacity fan tray for 6503 chassis
Standard-capacity fan tray for 7603 chassis

7.4(2)
7.1(1)

7.6(9)
7.6(9)

FAN-MOD-3HS

High-capacity fan tray for 6503/7603 chassis

8.1(1)

8.3(3)

FAN-MOD-4HS

High-capacity fan tray for the 6504 chassis

8.4(2)

8.4(2)

WS-C6K-6SLOT-FAN

Standard-capacity fan tray for 6506 chassis

5.2(1)CSX

6.4(11)

WS-C6K-6SLOT-FAN22

High-capacity fan tray for 6506 chassis

8.1(1)

8.3(3)

WS-C6K-9SLOT-FAN

Standard-capacity fan tray for 6509 chassis

5.1(1)CSX

6.4(11)

WS-C6K-9SLOT-FAN22, 3

High-capacity fan tray for 6509 chassis

8.1(1)

8.3(3)

WS-C6K-13SLOT-FAN

Standard-capacity fan tray for 6513 chassis
Standard-capacity fan tray for 7613 chassis

6.2(2)
7.6(1)

6.4(11)
7.6(9)

WS-C6K-13SLT-FAN22

High-capacity fan tray for 6513/7613 chassis

8.1(1)

8.3(3)

FAN-MOD-6

Standard-capacity fan tray for 7606 chassis

7.2(2)

7.6(9)

FAN-MOD-6HS2

High-capacity fan tray for 7606 chassis

8.1(1)

8.3(3)

WS-C6506-E-FAN2

High-capacity fan tray for WS-C6506-E chassis

6.3(7)

8.3(3)

WS-C6509-E-FAN2

High-capacity fan tray for WS-C6509-E chassis

6.3(7)

8.3(3)

WS-C6503-E-FAN2

High-capacity fan tray for WS-C6503-E chassis

6.3(7)

8.3(3)

FAN-MOD-09

Standard-capacity fan tray for 6509-NEB-A/7609 chassis

8.1(1)

8.3(3)

FAN-MOD-09-HS2

High-capacity fan tray for 6509-NEB-A/7609 chassis

8.1(1)

8.3(3)

WS-C6509-NEB-FAN

Standard-capacity fan tray for 6509-NEB chassis

5.4(2)

6.4(11)

1 Some chassis require a high capacity fan tray for use with Supervisor Engine 720 and Supervisor Engine 32. To determine which chassis require a fan tray for Supervisor Engine 720 and Supervisor Engine 32, see the "Modular Chassis" section.

2 These fan trays require a 2500 W or 4000 W power supply.

3 This fan tray is supported in all chassis (except for the 3-slot chassis) and all software releases. The minimum power supply requirement is 2500W. It is important that you determine the power requirements for your hardware configuration to ensure that your switch has adequate power for all modules. To determine power requirements, refer to the CCO power calculator at this URL: http://www.cisco.com/go/powercalculator.


Modular Chassis

Product Number
append with
"=" for spares
Product Description
Minimum Supervisor Engine
software release
Recommended
Supervisor Engine
software release

WS-C6513

Catalyst 6513 chassis:

13 slots

64 chassis MAC addresses

Supported only with Supervisor Engine 2, Supervisor Engine 720, and Supervisor Engine 32

Supervisor Engine 720 and Supervisor Engine 32 require WS-C6K-13SLT-FAN2. Each power supply in the chassis must be at least 2500 W

6.2(2)

6.4(11)

WS-C6509-E2

Catalyst 6509 chassis:

9 slots

1024 chassis MAC addresses

Requires WS-C6509-E-FAN

8.3(1)

8.4(1)

WS-C6509

Catalyst 6509 chassis:

9 slots

1024 chassis MAC addresses

Supervisor Engine 720 and Supervisor Engine 32 require WS-C6K-9SLOT-FAN2. Each power supply in the chassis must be at least 2500 W

5.1(1)CSX

6.4(11)

WS-C6509-NEB1

Catalyst 6509-NEB chassis:

9 vertical slots

1024 chassis MAC addresses

5.4(2)

6.4(11)

WS-C6509-NEB-A2

Catalyst 6509-NEB-A chassis:

9 vertical slots

64 chassis MAC addresses

No fan tray upgrade needed to use Supervisor Engine 720 and Supervisor Engine 32

8.1(1)

8.3(3)

WS-C6506-E2

Catalyst 6506 chassis:

6 slots

1024 chassis MAC addresses

Requires WS-C6506-E-FAN

8.3(1)

8.4(1)

WS-C6506

Catalyst 6506 chassis:

6 slots

1024 chassis MAC addresses

Supervisor Engine 720 and Supervisor Engine 32 require WS-C6K-6SLOT-FAN2. Each power supply in the chassis must be at least 2500 W

5.2(1)CSX

6.4(11)

WS-C6504-E

Catalyst 6504 chassis:

4 slots

64 chassis MAC addresses

Does not support:

WS-X6500-SFM2

WS-C6500-SFM

Supervisor Engine 2

Supervisor Engine 1A

8.4(2)

8.4(2)

WS-C6503-E3

Catalyst 6503 chassis:

3 slots

64 chassis MAC addresses

Supervisor Engine 720 and Supervisor Engine 32 require WS-C6503-E-FAN

Does not support:

WS-X6500-SFM2

WS-C6500-SFM

8.3(1)

8.4(1)

WS-C6503

Catalyst 6503 chassis:

3 slots

64 chassis MAC addresses

Does not support SFM

Supervisor Engine 720 and Supervisor Engine 32 require FAN-MOD-3HS=

7.4(2)

7.6(9)

WS-C6009

Catalyst 6009 chassis:

9 slots

1024 chassis MAC addresses

5.1(1)CSX

6.4(11)

WS-C6006

Catalyst 6006 chassis:

6 slots

1024 chassis MAC addresses

5.2(1)CSX

6.4(11)

OSR-7609-AC, -DC1

Cisco 7609 router chassis:

9 vertical slots

1024 chassis MAC addresses

Supported only with Supervisor Engine 2

6.1(1b)

6.4(11)

CISCO7603

Cisco 7603 router chassis:

3 slots

64 chassis MAC addresses

Does not support SFM

Supervisor Engine 720 and Supervisor Engine 32 require FAN-MOD-3HS=

7.1(1)

7.6(9)

CISCO7606

Cisco 7606 router chassis:

6 slots

64 chassis MAC addresses

Supported only with Supervisor Engine 2 and Supervisor Engine 720

Supervisor Engine 720 and Supervisor Engine 32 require FAN-MOD-6HS

7.2(2)

7.6(9)

CISCO76092

Cisco 7609 router chassis:

9 vertical slots

64 chassis MAC addresses

No fan tray upgrade needed to use Supervisor Engine 720 and Supervisor Engine 32

8.1(1)

8.3(3)

CISCO7613

Cisco 7613 router chassis:

13 slots

64 chassis MAC addresses

Supported only with Supervisor Engine 2 and Supervisor Engine 720

Supervisor Engine 720 and Supervisor Engine 32 require WS-C6K-13SLT-FAN2. Each power supply in the chassis must be at least 2500 W

7.6(1)

7.6(9)

1 These chassis are not supported with Supervisor Engine 720 in Release 8.1(x) and 8.2(x).

2 These chassis require a 2500 W or 4000 W power supply. Lower wattage power supplies are not supported.

3 Supervisor Engine 720 requires software release 8.1(1) and later releases and the WS-C6503-E-FAN tray.


Unsupported Hardware

The following hardware is not supported:

Compact Flash adapter (WS-CF-UPG=)


Note This part also appears as CF-ADAPTER-SP in the configuration tool.


16-port Gigabit Ethernet switching module (WS-X6816-GBIC)

Distributed forwarding cards (DFC) installed on WS-X67xx modules:

WS-F6700-DFC3BXL

WS-F6700-DFC3B

WS-F6700-DFC3A

WS-X6708-10G-3C

WS-X6708-10G-3CXL

DFC installed on dCEF256 and CEF256 modules:

WS-F6K-DFC3BXL

WS-F6K-DFC3B

WS-F6K-DFC3A

WS-F6K-DFC

Supervisor Engine 720-10G-3C

Supervisor Engine 720-10G-3CXL

SPA interface processors (7600-SIP-200, 7600-SIP-400, 7600-SIP-600)

Cisco Application Control Engine (ACE10-6500-K9)

WebVPN Services Module (WS-SVC-WEBVPN-K9)

Unsupported modules remain powered down if detected and do not affect system behavior.

Orderable Software Images

Table 1 lists the software releases and applicable ordering information for the Catalyst 6500 series supervisor engine software.


Caution Always back up the switch configuration file before upgrading or downgrading the switch software to avoid losing all or part of the configuration stored in nonvolatile RAM (NVRAM). When downgrading switch software, you will lose your configuration. Use the write network command or the copy config tftp command to back up your configuration to a Trivial File Transfer Protocol (TFTP) server. Use the copy config flash command to back up the configuration to a Flash device.


Note CiscoView images are available approximately 2 weeks after the Flash images are released.


Table 1 Orderable Software Images 

Software Release
Filename
Orderable Product Number1
Supervisor Engine 32

8.7(3) Flash image

cat6000-sup720k8.8-7-3.bin

SC6K-S7K8-8.7

8.7(3) Flash image (Secure Shell)

cat6000-sup720k9.8-7-3.bin

SC6K-S7K9-8.7

8.7(3) Flash image (CiscoView)

cat6000-sup720cvk8.8-7-3.bin

SC6K-S7CVK8-8.7

8.7(3) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-7-3.bin

SC6K-S7CVK9-8.7

8.7(2) Flash image

cat6000-sup720k8.8-7-2.bin

SC6K-S7K8-8.7

8.7(2) Flash image (Secure Shell)

cat6000-sup720k9.8-7-2.bin

SC6K-S7K9-8.7

8.7(2) Flash image (CiscoView)

cat6000-sup720cvk8.8-7-2.bin

SC6K-S7CVK8-8.7

8.7(2) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-7-2.bin

SC6K-S7CVK9-8.7

8.7(1) Flash image

cat6000-sup720k8.8-7-1.bin

SC6K-S7K8-8.7

8.7(1) Flash image (Secure Shell)

cat6000-sup720k9.8-7-1.bin

SC6K-S7K9-8.7

8.7(1) Flash image (CiscoView)

cat6000-sup720cvk8.8-7-1.bin

SC6K-S7CVK8-8.7

8.7(1) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-7-1.bin

SC6K-S7CVK9-8.7

8.6(6) Flash image

cat6000-sup720k8.8-6-5.bin

SC6K-S7K8-8.6

8.6(6) Flash image (Secure Shell)

cat6000-sup720k9.8-6-5.bin

SC6K-S7K9-8.6

8.6(6) Flash image (CiscoView)

cat6000-sup720cvk8.8-6-5.bin

SC6K-S7CVK8-8.6

8.6(6) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-6-5.bin

SC6K-S7CVK9-8.6

8.6(5) Flash image

cat6000-sup720k8.8-6-5.bin

SC6K-S7K8-8.6

8.6(5) Flash image (Secure Shell)

cat6000-sup720k9.8-6-5.bin

SC6K-S7K9-8.6

8.6(5) Flash image (CiscoView)

cat6000-sup720cvk8.8-6-5.bin

SC6K-S7CVK8-8.6

8.6(5) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-6-5.bin

SC6K-S7CVK9-8.6

8.6(4) Flash image

cat6000-sup720k8.8-6-4.bin

SC6K-S7K8-8.6

8.6(4) Flash image (Secure Shell)

cat6000-sup720k9.8-6-4.bin

SC6K-S7K9-8.6

8.6(4) Flash image (CiscoView)

cat6000-sup720cvk8.8-6-4.bin

SC6K-S7CVK8-8.6

8.6(4) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-6-4.bin

SC6K-S7CVK9-8.6

8.6(3) Flash image

cat6000-sup720k8.8-6-3.bin

SC6K-S7K8-8.6

8.6(3) Flash image (Secure Shell)

cat6000-sup720k9.8-6-3.bin

SC6K-S7K9-8.6

8.6(3) Flash image (CiscoView)

cat6000-sup720cvk8.8-5-3.bin

SC6K-S7CVK8-8.6

8.6(3) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-5-3.bin

SC6K-S7CVK9-8.6

8.6(2) Flash image

cat6000-sup32pfc3k8.8-6-2.bin

SC6K-S323K8-8.6

8.6(2) Flash image (Secure Shell)

cat6000-sup32pfc3k9.8-6-2.bin

SC6K-S323K9-8.6

8.6(2) Flash image (CiscoView)

cat6000-sup32pfc3cvk8.8-6-2.bin

SC6K-S323CVK8-8.6

8.6(2) Flash image (Secure Shell and CiscoView)

cat6000-sup32pfc3cvk9.8-6-2.bin

SC6K-S323CVK9-8.6

8.6(1) Flash image

cat6000-sup32pfc3k8.8-6-1.bin

SC6K-S323K8-8.6

8.6(1) Flash image (Secure Shell)

cat6000-sup32pfc3k9.8-6-1.bin

SC6K-S323K9-8.6

8.6(1) Flash image (CiscoView)

cat6000-sup32pfc3cvk8.8-6-1.bin

SC6K-S323CVK8-8.6

8.6(1) Flash image (Secure Shell and CiscoView)

cat6000-sup32pfc3cvk9.8-6-1.bin

SC6K-S323CVK9-8.6

8.5(9) Flash image

cat6000-sup32pfc3k8.8-5-9.bin

SC6K-S323K8-8.5

8.5(9) Flash image (Secure Shell)

cat6000-sup32pfc3k9.8-5-9.bin

SC6K-S323K9-8.5

8.5(9) Flash image (CiscoView)

cat6000-sup32pfc3cvk8.8-5-9.bin

SC6K-S323CVK8-8.5

8.5(9) Flash image (Secure Shell and CiscoView)

cat6000-sup32pfc3cvk9.8-5-9.bin

SC6K-S323CVK9-8.5

8.5(8) Flash image

cat6000-sup32pfc3k8.8-5-8.bin

SC6K-S323K8-8.5

8.5(8) Flash image (Secure Shell)

cat6000-sup32pfc3k9.8-5-8.bin

SC6K-S323K9-8.5

8.5(8) Flash image (CiscoView)

cat6000-sup32pfc3cvk8.8-5-8.bin

SC6K-S323CVK8-8.5

8.5(8) Flash image (Secure Shell and CiscoView)

cat6000-sup32pfc3cvk9.8-5-8.bin

SC6K-S323CVK9-8.5

8.5(7) Flash image

cat6000-sup32pfc3k8.8-5-7.bin

SC6K-S323K8-8.5

8.5(7) Flash image (Secure Shell)

cat6000-sup32pfc3k9.8-5-7.bin

SC6K-S323K9-8.5

8.5(7) Flash image (CiscoView)

cat6000-sup32pfc3cvk8.8-5-7.bin

SC6K-S323CVK8-8.5

8.5(7) Flash image (Secure Shell and CiscoView)

cat6000-sup32pfc3cvk9.8-5-7.bin

SC6K-S323CVK9-8.5

8.5(6) Flash image

cat6000-sup32pfc3k8.8-5-6.bin

SC6K-S323K8-8.5

8.5(6) Flash image (Secure Shell)

cat6000-sup32pfc3k9.8-5-6.bin

SC6K-S323K9-8.5

8.5(6) Flash image (CiscoView)

cat6000-sup32pfc3cvk8.8-5-6.bin

SC6K-S323CVK8-8.5

8.5(6) Flash image (Secure Shell and CiscoView)

cat6000-sup32pfc3cvk9.8-5-6.bin

SC6K-S323CVK9-8.5

8.5(5) Flash image

cat6000-sup32pfc3k8.8-5-5.bin

SC6K-S323K8-8.5

8.5(5) Flash image (Secure Shell)

cat6000-sup32pfc3k9.8-5-5.bin

SC6K-S323K9-8.5

8.5(5) Flash image (CiscoView)

cat6000-sup32pfc3cvk8.8-5-5.bin

SC6K-S323CVK8-8.5

8.5(5) Flash image (Secure Shell and CiscoView)

cat6000-sup32pfc3cvk9.8-5-5.bin

SC6K-S323CVK9-8.5

8.5(4) Flash image

cat6000-sup32pfc3k8.8-5-4.bin

SC6K-S323K8-8.5

8.5(4) Flash image (Secure Shell)

cat6000-sup32pfc3k9.8-5-4.bin

SC6K-S323K9-8.5

8.5(4) Flash image (CiscoView)

cat6000-sup32pfc3cvk8.8-5-4.bin

SC6K-S323CVK8-8.5

8.5(4) Flash image (Secure Shell and CiscoView)

cat6000-sup32pfc3cvk9.8-5-4.bin

SC6K-S323CVK9-8.5

8.5(3) Flash image

cat6000-sup32pfc3k8.8-5-3.bin

SC6K-S323K8-8.5

8.5(3) Flash image (Secure Shell)

cat6000-sup32pfc3k9.8-5-3.bin

SC6K-S323K9-8.5

8.5(3) Flash image (CiscoView)

cat6000-sup32pfc3cvk8.8-5-3.bin

SC6K-S323CVK8-8.5

8.5(3) Flash image (Secure Shell and CiscoView)

cat6000-sup32pfc3cvk9.8-5-3.bin

SC6K-S323CVK9-8.5

8.5(2) Flash image

cat6000-sup32pfc3k8.8-5-2.bin

SC6K-S323K8-8.5

8.5(2) Flash image (Secure Shell)

cat6000-sup32pfc3k9.8-5-2.bin

SC6K-S323K9-8.5

8.5(2) Flash image (CiscoView)

cat6000-sup32pfc3cvk8.8-5-2bin

SC6K-S323CVK8-8.5

8.5(2) Flash image (Secure Shell and CiscoView)

cat6000-sup32pfc3cvk9.8-5-2.bin

SC6K-S323CVK9-8.5

8.5(1) Flash image2

cat6000-sup32pfc3k8.8-5-1.bin

SC6K-S323K8-8.5

8.5(1) Flash image (Secure Shell)

cat6000-sup32pfc3k9.8-5-1.bin

SC6K-S323K9-8.5

8.4(6) Flash image

cat6000-sup32pfc3k8.8-4-6.bin

SC6K-S323K8-8.4

8.4(6) Flash image (Secure Shell)

cat6000-sup32pfc3k9.8-4-6.bin

SC6K-S323K9-8.4

8.4(6) Flash image (CiscoView)

cat6000-sup32pfc3cvk8.8-4-6.bin

SC6K-S323CVK8-8.4

8.4(6) Flash image (Secure Shell and CiscoView)

cat6000-sup32pfc3cvk9.8-4-6.bin

SC6K-S323CVK9-8.4

8.4(5) Flash image

cat6000-sup32pfc3k8.8-4-5.bin

SC6K-S323K8-8.4

8.4(5) Flash image (Secure Shell)

cat6000-sup32pfc3k9.8-4-5.bin

SC6K-S323K9-8.4

8.4(5) Flash image (CiscoView)

cat6000-sup32pfc3cvk8.8-4-5.bin

SC6K-S323CVK8-8.4

8.4(5) Flash image (Secure Shell and CiscoView)

cat6000-sup32pfc3cvk9.8-4-5.bin

SC6K-S323CVK9-8.4

8.4(4) Flash image

cat6000-sup32pfc3k8.8-4-4.bin

SC6K-S323K8-8.4

8.4(4) Flash image (Secure Shell)

cat6000-sup32pfc3k9.8-4-4.bin

SC6K-S323K9-8.4

8.4(4) Flash image (CiscoView)

cat6000-sup32pfc3cvk8.8-4-4.bin

SC6K-S323CVK8-8.4

8.4(4) Flash image (Secure Shell and CiscoView)

cat6000-sup32pfc3cvk9.8-4-4.bin

SC6K-S323CVK9-8.4

8.4(3) Flash image

cat6000-sup32pfc3k8.8-4-3.bin

SC6K-S323K8-8.4

8.4(3) Flash image (Secure Shell)

cat6000-sup32pfc3k9.8-4-3.bin

SC6K-S323K9-8.4

8.4(3) Flash image (CiscoView)

cat6000-sup32pfc3cvk8.8-4-3.bin

SC6K-S323CVK8-8.4

8.4(3) Flash image (Secure Shell and CiscoView)

cat6000-sup32pfc3cvk9.8-4-3.bin

SC6K-S323CVK9-8.4

8.4(2a) Flash image

cat6000-sup32pfc3k8.8-4-2a.bin

SC6K-S323K8-8.4

8.4(2a) Flash image (Secure Shell)

cat6000-sup32pfc3k9.8-4-2a.bin

SC6K-S323K9-8.4

8.4(2a) Flash image (CiscoView)

cat6000-sup32pfc3cvk8.8-4-2a.bin

SC6K-S323CVK8-8.4

8.4(2a) Flash image (Secure Shell and CiscoView)

cat6000-sup32pfc3cvk9.8-4-2a.bin

SC6K-S323CVK9-8.4

8.4(2) Flash image

cat6000-sup32pfc3k8.8-4-2.bin

SC6K-S323K8-8.4

8.4(2) Flash image (Secure Shell)

cat6000-sup32pfc3k9.8-4-2.bin

SC6K-S323K9-8.4

8.4(2) Flash image (CiscoView)

cat6000-sup32pfc3cvk8.8-4-2.bin

SC6K-S323CVK8-8.4

8.4(2) Flash image (Secure Shell and CiscoView)

cat6000-sup32pfc3cvk9.8-4-2.bin

SC6K-S323CVK9-8.4

8.4(1) Flash image

cat6000-sup32pfc3k8.8-4-1.bin

SC6K-S323K8-8.4

8.4(1) Flash image (Secure Shell)

cat6000-sup32pfc3k9.8-4-1.bin

SC6K-S323K9-8.4

8.4(1) Flash image (CiscoView)

cat6000-sup32pfc3cvk8.8-4-1.bin

SC6K-S323CVK8-8.4

8.4(1) Flash image (Secure Shell and CiscoView)

cat6000-sup32pfc3cvk9.8-4-1.bin

SC6K-S323CVK9-8.4

Supervisor Engine 720

8.6(2) Flash image

cat6000-sup720k8.8-6-2.bin

SC6K-S7K8-8.6

8.6(2) Flash image (Secure Shell)

cat6000-sup720k9.8-6-2.bin

SC6K-S7K9-8.6

8.6(2) Flash image (CiscoView)

cat6000-sup720cvk8.8-6-2.bin

SC6K-S7CVK8-8.6

8.6(2) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-6-2.bin

SC6K-S7CVK9-8.6

8.6(1) Flash image

cat6000-sup720k8.8-6-1.bin

SC6K-S7K8-8.6

8.6(1) Flash image (Secure Shell)

cat6000-sup720k9.8-6-1.bin

SC6K-S7K9-8.6

8.6(1) Flash image (CiscoView)

cat6000-sup720cvk8.8-6-1.bin

SC6K-S7CVK8-8.6

8.6(1) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-6-1.bin

SC6K-S7CVK9-8.6

8.5(9) Flash image

cat6000-sup720k8.8-5-9.bin

SC6K-S7K8-8.5

8.5(9) Flash image (Secure Shell)

cat6000-sup720k9.8-5-9.bin

SC6K-S7K9-8.5

8.5(9) Flash image (CiscoView)

cat6000-sup720cvk8.8-5-9.bin

SC6K-S7CVK8-8.5

8.5(9) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-5-9.bin

SC6K-S7CVK9-8.5

8.5(8) Flash image

cat6000-sup720k8.8-5-8.bin

SC6K-S7K8-8.5

8.5(8) Flash image (Secure Shell)

cat6000-sup720k9.8-5-8.bin

SC6K-S7K9-8.5

8.5(8) Flash image (CiscoView)

cat6000-sup720cvk8.8-5-8.bin

SC6K-S7CVK8-8.5

8.5(8) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-5-8.bin

SC6K-S7CVK9-8.5

8.5(7) Flash image

cat6000-sup720k8.8-5-7.bin

SC6K-S7K8-8.5

8.5(7) Flash image (Secure Shell)

cat6000-sup720k9.8-5-7.bin

SC6K-S7K9-8.5

8.5(7) Flash image (CiscoView)

cat6000-sup720cvk8.8-5-7.bin

SC6K-S7CVK8-8.5

8.5(7) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-5-7.bin

SC6K-S7CVK9-8.5

8.5(6) Flash image

cat6000-sup720k8.8-5-6.bin

SC6K-S7K8-8.5

8.5(6) Flash image (Secure Shell)

cat6000-sup720k9.8-5-6.bin

SC6K-S7K9-8.5

8.5(6) Flash image (CiscoView)

cat6000-sup720cvk8.8-5-6.bin

SC6K-S7CVK8-8.5

8.5(6) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-5-6.bin

SC6K-S7CVK9-8.5

8.5(5) Flash image

cat6000-sup720k8.8-5-5.bin

SC6K-S7K8-8.5

8.5(5) Flash image (Secure Shell)

cat6000-sup720k9.8-5-5.bin

SC6K-S7K9-8.5

8.5(5) Flash image (CiscoView)

cat6000-sup720cvk8.8-5-5.bin

SC6K-S7CVK8-8.5

8.5(5) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-5-5.bin

SC6K-S7CVK9-8.5

8.5(4) Flash image

cat6000-sup720k8.8-5-4.bin

SC6K-S7K8-8.5

8.5(4) Flash image (Secure Shell)

cat6000-sup720k9.8-5-4.bin

SC6K-S7K9-8.5

8.5(4) Flash image (CiscoView)

cat6000-sup720cvk8.8-5-4.bin

SC6K-S7CVK8-8.5

8.5(4) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-5-4.bin

SC6K-S7CVK9-8.5

8.5(3) Flash image

cat6000-sup720k8.8-5-3.bin

SC6K-S7K8-8.5

8.5(3) Flash image (Secure Shell)

cat6000-sup720k9.8-5-3.bin

SC6K-S7K9-8.5

8.5(3) Flash image (CiscoView)

cat6000-sup720cvk8.8-5-3.bin

SC6K-S7CVK8-8.5

8.5(3) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-5-3.bin

SC6K-S7CVK9-8.5

8.5(2) Flash image

cat6000-sup720k8.8-5-2.bin

SC6K-S7K8-8.5

8.5(2) Flash image (Secure Shell)

cat6000-sup720k9.8-5-2.bin

SC6K-S7K9-8.5

8.5(2) Flash image (CiscoView)

cat6000-sup720cvk8.8-5-2.bin

SC6K-S7CVK8-8.5

8.5(2) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-5-2.bin

SC6K-S7CVK9-8.5

8.5(1) Flash image2

cat6000-sup720k8.8-5-1.bin

SC6K-S7K8-8.5

8.5(1) Flash image (Secure Shell)

cat6000-sup720k9.8-5-1.bin

SC6K-S7K9-8.5

8.4(6) Flash image

cat6000-sup720k8.8-4-6.bin

SC6K-S7K8-8.4

8.4(6) Flash image (CiscoView)

cat6000-sup720cvk8.8-4-6.bin

SC6K-S7CVK8-8.4

8.4(6) Flash image (Secure Shell)

cat6000-sup720k9.8-4-6.bin

SC6K-S7K9-8.4

8.4(6) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-4-6.bin

SC6K-S7CVK9-8.4

8.4(5) Flash image

cat6000-sup720k8.8-4-5.bin

SC6K-S7K8-8.4

8.4(5) Flash image (CiscoView)

cat6000-sup720cvk8.8-4-5.bin

SC6K-S7CVK8-8.4

8.4(5) Flash image (Secure Shell)

cat6000-sup720k9.8-4-5.bin

SC6K-S7K9-8.4

8.4(5) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-4-5.bin

SC6K-S7CVK9-8.4

8.4(4) Flash image

cat6000-sup720k8.8-4-4.bin

SC6K-S7K8-8.4

8.4(4) Flash image (CiscoView)

cat6000-sup720cvk8.8-4-4.bin

SC6K-S7CVK8-8.4

8.4(4) Flash image (Secure Shell)

cat6000-sup720k9.8-4-4.bin

SC6K-S7K9-8.4

8.4(4) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-4-4.bin

SC6K-S7CVK9-8.4

8.4(3) Flash image

cat6000-sup720k8.8-4-3.bin

SC6K-S7K8-8.4

8.4(3) Flash image (CiscoView)

cat6000-sup720cvk8.8-4-3.bin

SC6K-S7CVK8-8.4

8.4(3) Flash image (Secure Shell)

cat6000-sup720k9.8-4-3.bin

SC6K-S7K9-8.4

8.4(3) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-4-3.bin

SC6K-S7CVK9-8.4

8.4(2a) Flash image

cat6000-sup720k8.8-4-2a.bin

SC6K-S7K8-8.4

8.4(2a) Flash image (CiscoView)

cat6000-sup720cvk8.8-4-2a.bin

SC6K-S7CVK8-8.4

8.4(2a) Flash image (Secure Shell)

cat6000-sup720k9.8-4-2a.bin

SC6K-S7K9-8.4

8.4(2a) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-4-2a.bin

SC6K-S7CVK9-8.4

8.4(2) Flash image

cat6000-sup720k8.8-4-2.bin

SC6K-S7K8-8.4

8.4(2) Flash image (CiscoView)

cat6000-sup720cvk8.8-4-2.bin

SC6K-S7CVK8-8.4

8.4(2) Flash image (Secure Shell)

cat6000-sup720k9.8-4-2.bin

SC6K-S7K9-8.4

8.4(2) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-4-2.bin

SC6K-S7CVK9-8.4

8.4(1) Flash image

cat6000-sup720k8.8-4-1.bin

SC6K-S7K8-8.4

8.4(1) Flash image (CiscoView)

cat6000-sup720cvk8.8-4-1.bin

SC6K-S7CVK8-8.4

8.4(1) Flash image (Secure Shell)

cat6000-sup720k9.8-4-1.bin

SC6K-S7K9-8.4

8.4(1) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-4-1.bin

SC6K-S7CVK9-8.4

8.3(7) Flash image

cat6000-sup720k8.8-3-7.bin

SC6K-S7K8-8.3

8.3(7) Flash image (CiscoView)

cat6000-sup720cvk8.8-3-7.bin

SC6K-S7CVK8-8.3

8.3(7) Flash image (Secure Shell)

cat6000-sup720k9.8-3-7.bin

SC6K-S7K9-8.3

8.3(7) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-3-7.bin

SC6K-S7CVK9-8.3

8.3(6) Flash image

cat6000-sup720k8.8-3-6.bin

SC6K-S7K8-8.3

8.3(6) Flash image (CiscoView)

cat6000-sup720cvk8.8-3-6.bin

SC6K-S7CVK8-8.3

8.3(6) Flash image (Secure Shell)

cat6000-sup720k9.8-3-6.bin

SC6K-S7K9-8.3

8.3(6) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-3-6.bin

SC6K-S7CVK9-8.3

8.3(5) Flash image

cat6000-sup720k8.8-3-5.bin

SC6K-S7K8-8.3

8.3(5) Flash image (CiscoView)

cat6000-sup720cvk8.8-3-5.bin

SC6K-S7CVK8-8.3

8.3(5) Flash image (Secure Shell)

cat6000-sup720k9.8-3-5.bin

SC6K-S7K9-8.3

8.3(5) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-3-5.bin

SC6K-S7CVK9-8.3

8.3(4) Flash image

cat6000-sup720k8.8-3-4.bin

SC6K-S7K8-8.3

8.3(4) Flash image (CiscoView)

cat6000-sup720cvk8.8-3-4.bin

SC6K-S7CVK8-8.3

8.3(4) Flash image (Secure Shell)

cat6000-sup720k9.8-3-4.bin

SC6K-S7K9-8.3

8.3(4) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-3-4.bin

SC6K-S7CVK9-8.3

8.3(3) Flash image

cat6000-sup720k8.8-3-3.bin

SC6K-S7K8-8.3

8.3(3) Flash image (CiscoView)

cat6000-sup720cvk8.8-3-3.bin

SC6K-S7CVK8-8.3

8.3(3) Flash image (Secure Shell)

cat6000-sup720k9.8-3-3.bin

SC6K-S7K9-8.3

8.3(3) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-3-3.bin

SC6K-S7CVK9-8.3

8.3(2) Flash image

cat6000-sup720k8.8-3-2.bin

SC6K-S7K8-8.3

8.3(2) Flash image (CiscoView)

cat6000-sup720cvk8.8-3-2.bin

SC6K-S7CVK8-8.3

8.3(2) Flash image (Secure Shell)

cat6000-sup720k9.8-3-2.bin

SC6K-S7K9-8.3

8.3(2) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-3-2.bin

SC6K-S7CVK9-8.3

8.3(1) Flash image3

cat6000-sup720k8.8-3-1.bin

SC6K-S7K8-8.3

8.3(1) Flash image (Secure Shell)

cat6000-sup720k9.8-3-1.bin

SC6K-S7K9-8.3

8.2(2) Flash image

cat6000-sup720k8.8-2-2.bin

SC6K-S7K8-8.2

8.2(2) Flash image (CiscoView)

cat6000-sup720cvk8.8-2-2.bin

SC6K-S7CVK8-8.2

8.2(2) Flash image (Secure Shell)

cat6000-sup720k9.8-2-2.bin

SC6K-S7K9-8.2

8.2(2) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-2-2.bin

SC6K-S7CVK9-8.2

8.2(1) Flash image

cat6000-sup720k8.8-2-1.bin

SC6K-S7K8-8.2

8.2(1) Flash image (CiscoView)

cat6000-sup720cvk8.8-2-1.bin

SC6K-S7CVK8-8.2

8.2(1) Flash image (Secure Shell)

cat6000-sup720k9.8-2-1.bin

SC6K-S7K9-8.2

8.2(1) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-2-1.bin

SC6K-S7CVK9-8.2

8.1(3) Flash image

cat6000-sup720k8.8-1-3.bin

SC6K-S7K8-8.1

8.1(3) Flash image (CiscoView)

cat6000-sup720cvk8.8-1-3.bin

SC6K-S7CVK8-8.1

8.1(3) Flash image (Secure Shell)

cat6000-sup720k9.8-1-3.bin

SC6K-S7K9-8.1

8.1(3) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-1-3.bin

SC6K-S7CVK9-8.1

8.1(2) Flash image

cat6000-sup720k8.8-1-2.bin

SC6K-S7K8-8.1

8.1(2) Flash image (CiscoView)

cat6000-sup720cvk8.8-1-2.bin

SC6K-S7CVK8-8.1

8.1(2) Flash image (Secure Shell)

cat6000-sup720k9.8-1-2.bin

SC6K-S7K9-8.1

8.1(2) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-1-2.bin

SC6K-S7CVK9-8.1

8.1(1) Flash image

cat6000-sup720k8.8-1-1.bin

SC6K-S7K8-8.1.1

8.1(1) Flash image (CiscoView)

cat6000-sup720cvk8.8-1-1.bin

SC6K-S7CVK8-8.1.1

8.1(1) Flash image (Secure Shell)

cat6000-sup720k9.8-1-1.bin

SC6K-S7K9-8.1.1

8.1(1) Flash image (Secure Shell and CiscoView)

cat6000-sup720cvk9.8-1-1.bin

SC6K-S7CVK9-8.1.1

Supervisor Engine 2

8.6(4) Flash image

cat6000-sup2k8.8-6-4.bin

SC6K-SUP2K8-8.6

8.6(4) Flash image (Secure Shell)

cat6000-sup2k9.8-6-4.bin

SC6K-SUP2K9-8.6

8.6(4) Flash image (CiscoView)

cat6000-sup2cvk8.8-6-4.bin

SC6K-S2CVK8-8.6

8.6(4) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-6-4.bin

SC6K-S2CVK9-8.6

8.6(2) Flash image

cat6000-sup2k8.8-6-2.bin

SC6K-SUP2K8-8.6

8.6(2) Flash image (Secure Shell)

cat6000-sup2k9.8-6-2.bin

SC6K-SUP2K9-8.6

8.6(2) Flash image (CiscoView)

cat6000-sup2cvk8.8-6-2.bin

SC6K-S2CVK8-8.6

8.6(2) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-6-2.bin

SC6K-S2CVK9-8.6

8.6(1) Flash image

cat6000-sup2k8.8-6-1.bin

SC6K-SUP2K8-8.6

8.6(1) Flash image (Secure Shell)

cat6000-sup2k9.8-6-1.bin

SC6K-SUP2K9-8.6

8.6(1) Flash image (CiscoView)

cat6000-sup2cvk8.8-6-1.bin

SC6K-S2CVK8-8.6

8.6(1) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-6-1.bin

SC6K-S2CVK9-8.6

8.5(9) Flash image

cat6000-sup2k8.8-5-9.bin

SC6K-SUP2K8-8.5

8.5(9) Flash image (Secure Shell)

cat6000-sup2k9.8-5-9.bin

SC6K-SUP2K9-8.5

8.5(9) Flash image (CiscoView)

cat6000-sup2cvk8.8-5-9.bin

SC6K-S2CVK8-8.5

8.5(9) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-5-9.bin

SC6K-S2CVK9-8.5

8.5(8) Flash image

cat6000-sup2k8.8-5-8.bin

SC6K-SUP2K8-8.5

8.5(8) Flash image (Secure Shell)

cat6000-sup2k9.8-5-8.bin

SC6K-SUP2K9-8.5

8.5(8) Flash image (CiscoView)

cat6000-sup2cvk8.8-5-8.bin

SC6K-S2CVK8-8.5

8.5(8) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-5-8.bin

SC6K-S2CVK9-8.5

8.5(7) Flash image

cat6000-sup2k8.8-5-7.bin

SC6K-SUP2K8-8.5

8.5(7) Flash image (Secure Shell)

cat6000-sup2k9.8-5-7.bin

SC6K-SUP2K9-8.5

8.5(7) Flash image (CiscoView)

cat6000-sup2cvk8.8-5-7.bin

SC6K-S2CVK8-8.5

8.5(7) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-5-7.bin

SC6K-S2CVK9-8.5

8.5(6) Flash image

cat6000-sup2k8.8-5-6.bin

SC6K-SUP2K8-8.5

8.5(6) Flash image (Secure Shell)

cat6000-sup2k9.8-5-6.bin

SC6K-SUP2K9-8.5

8.5(6) Flash image (CiscoView)

cat6000-sup2cvk8.8-5-6.bin

SC6K-S2CVK8-8.5

8.5(6) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-5-6.bin

SC6K-S2CVK9-8.5

8.5(5) Flash image

cat6000-sup2k8.8-5-5.bin

SC6K-SUP2K8-8.5

8.5(5) Flash image (Secure Shell)

cat6000-sup2k9.8-5-5.bin

SC6K-SUP2K9-8.5

8.5(5) Flash image (CiscoView)

cat6000-sup2cvk8.8-5-5.bin

SC6K-S2CVK8-8.5

8.5(5) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-5-5.bin

SC6K-S2CVK9-8.5

8.5(4) Flash image

cat6000-sup2k8.8-5-4.bin

SC6K-SUP2K8-8.5

8.5(4) Flash image (Secure Shell)

cat6000-sup2k9.8-5-4.bin

SC6K-SUP2K9-8.5

8.5(4) Flash image (CiscoView)

cat6000-sup2cvk8.8-5-4.bin

SC6K-S2CVK8-8.5

8.5(4) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-5-4.bin

SC6K-S2CVK9-8.5

8.5(3) Flash image

cat6000-sup2k8.8-5-3.bin

SC6K-SUP2K8-8.5

8.5(3) Flash image (Secure Shell)

cat6000-sup2k9.8-5-3.bin

SC6K-SUP2K9-8.5

8.5(3) Flash image (CiscoView)

cat6000-sup2cvk8.8-5-3.bin

SC6K-S2CVK8-8.5

8.5(3) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-5-3.bin

SC6K-S2CVK9-8.5

8.5(2) Flash image

cat6000-sup2k8.8-5-2.bin

SC6K-SUP2K8-8.5

8.5(2) Flash image (Secure Shell)

cat6000-sup2k9.8-5-2.bin

SC6K-SUP2K9-8.5

8.5(2) Flash image (CiscoView)

cat6000-sup2cvk8.8-5-2.bin

SC6K-S2CVK8-8.5

8.5(2) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-5-2.bin

SC6K-S2CVK9-8.5

8.5(1) Flash image2

cat6000-sup2k8.8-5-1.bin

SC6K-SUP2K8-8.5

8.5(1) Flash image (Secure Shell)

cat6000-sup2k9.8-5-1.bin

SC6K-SUP2K9-8.5

8.4(6) Flash image

cat6000-sup2k8.8-4-6.bin

SC6K-SUP2K8-8.4

8.4(6) Flash image (CiscoView)

cat6000-sup2cvk8.8-4-6.bin

SC6K-S2CVK8-8.4

8.4(6) Flash image (Secure Shell)

cat6000-sup2k9.8-4-6.bin

SC6K-SUP2K9-8.4

8.4(6) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-4-6.bin

SC6K-S2CVK9-8.4

8.4(5) Flash image

cat6000-sup2k8.8-4-5.bin

SC6K-SUP2K8-8.4

8.4(5) Flash image (CiscoView)

cat6000-sup2cvk8.8-4-5.bin

SC6K-S2CVK8-8.4

8.4(5) Flash image (Secure Shell)

cat6000-sup2k9.8-4-5.bin

SC6K-SUP2K9-8.4

8.4(5) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-4-5.bin

SC6K-S2CVK9-8.4

8.4(4) Flash image

cat6000-sup2k8.8-4-4.bin

SC6K-SUP2K8-8.4

8.4(4) Flash image (CiscoView)

cat6000-sup2cvk8.8-4-4.bin

SC6K-S2CVK8-8.4

8.4(4) Flash image (Secure Shell)

cat6000-sup2k9.8-4-4.bin

SC6K-SUP2K9-8.4

8.4(4) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-4-4.bin

SC6K-S2CVK9-8.4

8.4(3) Flash image

cat6000-sup2k8.8-4-3.bin

SC6K-SUP2K8-8.4

8.4(3) Flash image (CiscoView)

cat6000-sup2cvk8.8-4-3.bin

SC6K-S2CVK8-8.4

8.4(3) Flash image (Secure Shell)

cat6000-sup2k9.8-4-3.bin

SC6K-SUP2K9-8.4

8.4(3) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-4-3.bin

SC6K-S2CVK9-8.4

8.4(2a) Flash image

cat6000-sup2k8.8-4-2a.bin

SC6K-SUP2K8-8.4

8.4(2a) Flash image (CiscoView)

cat6000-sup2cvk8.8-4-2a.bin

SC6K-S2CVK8-8.4

8.4(2a) Flash image (Secure Shell)

cat6000-sup2k9.8-4-2a.bin

SC6K-SUP2K9-8.4

8.4(2a) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-4-2a.bin

SC6K-S2CVK9-8.4

8.4(2) Flash image

cat6000-sup2k8.8-4-2.bin

SC6K-SUP2K8-8.4

8.4(2) Flash image (CiscoView)

cat6000-sup2cvk8.8-4-2.bin

SC6K-S2CVK8-8.4

8.4(2) Flash image (Secure Shell)

cat6000-sup2k9.8-4-2.bin

SC6K-SUP2K9-8.4

8.4(2) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-4-2.bin

SC6K-S2CVK9-8.4

8.4(1) Flash image

cat6000-sup2k8.8-4-1.bin

SC6K-SUP2K8-8.4

8.4(1) Flash image (CiscoView)

cat6000-sup2cvk8.8-4-1.bin

SC6K-S2CVK8-8.4

8.4(1) Flash image (Secure Shell)

cat6000-sup2k9.8-4-1.bin

SC6K-SUP2K9-8.4

8.4(1) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-4-1.bin

SC6K-S2CVK9-8.4

8.3(7) Flash image

cat6000-sup2k8.8-3-7.bin

SC6K-SUP2K8-8.3

8.3(7) Flash image (CiscoView)

cat6000-sup2cvk8.8-3-7.bin

SC6K-S2CVK8-8.3

8.3(7) Flash image (Secure Shell)

cat6000-sup2k9.8-3-7.bin

SC6K-SUP2K9-8.3

8.3(7) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-3-7.bin

SC6K-S2CVK9-8.3

8.3(6) Flash image

cat6000-sup2k8.8-3-6.bin

SC6K-SUP2K8-8.3

8.3(6) Flash image (CiscoView)

cat6000-sup2cvk8.8-3-6.bin

SC6K-S2CVK8-8.3

8.3(6) Flash image (Secure Shell)

cat6000-sup2k9.8-3-6.bin

SC6K-SUP2K9-8.3

8.3(6) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-3-6.bin

SC6K-S2CVK9-8.3

8.3(5) Flash image

cat6000-sup2k8.8-3-5.bin

SC6K-SUP2K8-8.3

8.3(5) Flash image (CiscoView)

cat6000-sup2cvk8.8-3-5.bin

SC6K-S2CVK8-8.3

8.3(5) Flash image (Secure Shell)

cat6000-sup2k9.8-3-5.bin

SC6K-SUP2K9-8.3

8.3(5) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-3-5.bin

SC6K-S2CVK9-8.3

8.3(4) Flash image

cat6000-sup2k8.8-3-4.bin

SC6K-SUP2K8-8.3

8.3(4) Flash image (CiscoView)

cat6000-sup2cvk8.8-3-4.bin

SC6K-S2CVK8-8.3

8.3(4) Flash image (Secure Shell)

cat6000-sup2k9.8-3-4.bin

SC6K-SUP2K9-8.3

8.3(4) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-3-4.bin

SC6K-S2CVK9-8.3

8.3(3) Flash image

cat6000-sup2k8.8-3-3.bin

SC6K-SUP2K8-8.3

8.3(3) Flash image (CiscoView)

cat6000-sup2cvk8.8-3-3.bin

SC6K-S2CVK8-8.3

8.3(3) Flash image (Secure Shell)

cat6000-sup2k9.8-3-3.bin

SC6K-SUP2K9-8.3

8.3(3) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-3-3.bin

SC6K-S2CVK9-8.3

8.3(2) Flash image

cat6000-sup2k8.8-3-2.bin

SC6K-SUP2K8-8.3

8.3(2) Flash image (CiscoView)

cat6000-sup2cvk8.8-3-2.bin

SC6K-S2CVK8-8.3

8.3(2) Flash image (Secure Shell)

cat6000-sup2k9.8-3-2.bin

SC6K-SUP2K9-8.3

8.3(2) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-3-2.bin

SC6K-S2CVK9-8.3

8.3(1) Flash image3

cat6000-sup2k8.8-3-1.bin

SC6K-SUP2K8-8.3

8.3(1) Flash image (Secure Shell)

cat6000-sup2k9.8-3-1.bin

SC6K-SUP2K9-8.3

8.2(2) Flash image

cat6000-sup2k8.8-2-2.bin

SC6K-SUP2K8-8.2

8.2(2) Flash image (CiscoView)

cat6000-sup2cvk8.8-2-2.bin

SC6K-S2CVK8-8.2

8.2(2) Flash image (Secure Shell)

cat6000-sup2k9.8-2-2.bin

SC6K-SUP2K9-8.2

8.2(2) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-2-2.bin

SC6K-S2CVK9-8.2

8.2(1) Flash image

cat6000-sup2k8.8-2-1.bin

SC6K-SUP2K8-8.2

8.2(1) Flash image (CiscoView)

cat6000-sup2cvk8.8-2-1.bin

SC6K-S2CVK8-8.2

8.2(1) Flash image (Secure Shell)

cat6000-sup2k9.8-2-1.bin

SC6K-SUP2K9-8.2

8.2(1) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-2-1.bin

SC6K-S2CVK9-8.2

8.1(3) Flash image

cat6000-sup2k8.8-1-3.bin

SC6K-SUP2K8-8.1

8.1(3) Flash image (CiscoView)

cat6000-sup2cvk8.8-1-3.bin

SC6K-S2CVK8-8.1

8.1(3) Flash image (Secure Shell)

cat6000-sup2k9.8-1-3.bin

SC6K-SUP2K9-8.1

8.1(3) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-1-3.bin

SC6K-S2CVK9-8.1

8.1(2) Flash image

cat6000-sup2k8.8-1-2.bin

SC6K-SUP2K8-8.1

8.1(2) Flash image (CiscoView)

cat6000-sup2cvk8.8-1-2.bin

SC6K-S2CVK8-8.1

8.1(2) Flash image (Secure Shell)

cat6000-sup2k9.8-1-2.bin

SC6K-SUP2K9-8.1

8.1(2) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-1-2.bin

SC6K-S2CVK9-8.1

8.1(1) Flash image

cat6000-sup2k8.8-1-1.bin

SC6K-SUP2K8-8.1.1

8.1(1) Flash image (CiscoView)

cat6000-sup2cvk8.8-1-1.bin

SC6K-S2CVK8-8.1.1

8.1(1) Flash image (Secure Shell)

cat6000-sup2k9.8-1-1.bin

SC6K-SUP2K9-8.1.1

8.1(1) Flash image (Secure Shell and CiscoView)

cat6000-sup2cvk9.8-1-1.bin

SC6K-S2CVK9-8.1.1

Supervisor Engine 1

8.5(3) Flash image

cat6000-supk8.8-5-3.bin

SC6K-SUPK8-8.5

8.5(3) Flash image (Secure Shell)

cat6000-supk9.8-5-3.bin

SC6K-SUPK9-8.5

8.5(3) Flash image (CiscoView)

cat6000-supcvk8.8-5-3.bin

SC6K-SCVK8-8.5

8.5(3) Flash image (Secure Shell and CiscoView)

cat6000-supcvk9.8-5-3.bin

SC6K-SCVK9-8.5

8.5(2) Flash image

cat6000-supk8.8-5-2.bin

SC6K-SUPK8-8.5

8.5(2) Flash image (Secure Shell)

cat6000-supk9.8-5-2.bin

SC6K-SUPK9-8.5

8.5(2) Flash image (CiscoView)

cat6000-supcvk8.8-5-2.bin

SC6K-SCVK8-8.5

8.5(2) Flash image (Secure Shell and CiscoView)

cat6000-supcvk9.8-5-2.bin

SC6K-SCVK9-8.5

8.5(1) Flash image2

cat6000-supk8.8-5-1.bin

SC6K-SUPK8-8.5

8.5(1) Flash image (Secure Shell)

cat6000-supk9.8-5-1.bin

SC6K-SUPK9-8.5

8.4(6) Flash image

cat6000-supk8.8-4-6.bin

SC6K-SUPK8-8.4

8.4(6) Flash image (CiscoView)

cat6000-supcvk8.8-4-6.bin

SC6K-SCVK8-8.4

8.4(6) Flash image (Secure Shell)

cat6000-supk9.8-4-6.bin

SC6K-SUPK9-8.4

8.4(6) Flash image (Secure Shell and CiscoView)

cat6000-supcvk9.8-4-6.bin

SC6K-SCVK9-8.4

8.4(5) Flash image

cat6000-supk8.8-4-5.bin

SC6K-SUPK8-8.4

8.4(5) Flash image (CiscoView)

cat6000-supcvk8.8-4-5.bin

SC6K-SCVK8-8.4

8.4(5) Flash image (Secure Shell)

cat6000-supk9.8-4-5.bin

SC6K-SUPK9-8.4

8.4(5) Flash image (Secure Shell and CiscoView)

cat6000-supcvk9.8-4-5.bin

SC6K-SCVK9-8.4

8.4(4) Flash image

cat6000-supk8.8-4-4.bin

SC6K-SUPK8-8.4

8.4(4) Flash image (CiscoView)

cat6000-supcvk8.8-4-4.bin

SC6K-SCVK8-8.4

8.4(4) Flash image (Secure Shell)

cat6000-supk9.8-4-4.bin

SC6K-SUPK9-8.4

8.4(4) Flash image (Secure Shell and CiscoView)

cat6000-supcvk9.8-4-4.bin

SC6K-SCVK9-8.4

8.4(3) Flash image

cat6000-supk8.8-4-3.bin

SC6K-SUPK8-8.4

8.4(3) Flash image (CiscoView)

cat6000-supcvk8.8-4-3.bin

SC6K-SCVK8-8.4

8.4(3) Flash image (Secure Shell)

cat6000-supk9.8-4-3.bin

SC6K-SUPK9-8.4

8.4(3) Flash image (Secure Shell and CiscoView)

cat6000-supcvk9.8-4-3.bin

SC6K-SCVK9-8.4

8.4(2a) Flash image

cat6000-supk8.8-4-2a.bin

SC6K-SUPK8-8.4

8.4(2a) Flash image (CiscoView)

cat6000-supcvk8.8-4-2a.bin

SC6K-SCVK8-8.4

8.4(2a) Flash image (Secure Shell)

cat6000-supk9.8-4-2a.bin

SC6K-SUPK9-8.4

8.4(2a) Flash image (Secure Shell and CiscoView)

cat6000-supcvk9.8-4-2a.bin

SC6K-SCVK9-8.4

8.4(2) Flash image

cat6000-supk8.8-4-2.bin

SC6K-SUPK8-8.4

8.4(2) Flash image (CiscoView)

cat6000-supcvk8.8-4-2.bin

SC6K-SCVK8-8.4

8.4(2) Flash image (Secure Shell)

cat6000-supk9.8-4-2.bin

SC6K-SUPK9-8.4

8.4(2) Flash image (Secure Shell and CiscoView)

cat6000-supcvk9.8-4-2.bin

SC6K-SCVK9-8.4

8.4(1) Flash image

cat6000-supk8.8-4-1.bin

SC6K-SUPK8-8.4

8.4(1) Flash image (CiscoView)

cat6000-supcvk8.8-4-1.bin

SC6K-SCVK8-8.4

8.4(1) Flash image (Secure Shell)

cat6000-supk9.8-4-1.bin

SC6K-SUPK9-8.4

8.4(1) Flash image (Secure Shell and CiscoView)

cat6000-supcvk9.8-4-1.bin

SC6K-SCVK9-8.4

8.3(7) Flash image

cat6000-supk8.8-3-7.bin

SC6K-SUPK8-8.3

8.3(7) Flash image (CiscoView)

cat6000-supcvk8.8-3-7.bin

SC6K-SCVK8-8.3

8.3(7) Flash image (Secure Shell)

cat6000-supk9.8-3-7.bin

SC6K-SUPK9-8.3

8.3(7) Flash image (Secure Shell and CiscoView)

cat6000-supcvk9.8-3-7.bin

SC6K-SCVK9-8.3

8.3(6) Flash image

cat6000-supk8.8-3-6.bin

SC6K-SUPK8-8.3

8.3(6) Flash image (CiscoView)

cat6000-supcvk8.8-3-6.bin

SC6K-SCVK8-8.3

8.3(6) Flash image (Secure Shell)

cat6000-supk9.8-3-6.bin

SC6K-SUPK9-8.3

8.3(6) Flash image (Secure Shell and CiscoView)

cat6000-supcvk9.8-3-6.bin

SC6K-SCVK9-8.3

8.3(5) Flash image

cat6000-supk8.8-3-5.bin

SC6K-SUPK8-8.3

8.3(5) Flash image (CiscoView)

cat6000-supcvk8.8-3-5.bin

SC6K-SCVK8-8.3

8.3(5) Flash image (Secure Shell)

cat6000-supk9.8-3-5.bin

SC6K-SUPK9-8.3

8.3(5) Flash image (Secure Shell and CiscoView)

cat6000-supcvk9.8-3-5.bin

SC6K-SCVK9-8.3

8.3(4) Flash image

cat6000-supk8.8-3-4.bin

SC6K-SUPK8-8.3

8.3(4) Flash image (CiscoView)

cat6000-supcvk8.8-3-4.bin

SC6K-SCVK8-8.3

8.3(4) Flash image (Secure Shell)

cat6000-supk9.8-3-4.bin

SC6K-SUPK9-8.3

8.3(4) Flash image (Secure Shell and CiscoView)

cat6000-supcvk9.8-3-4.bin

SC6K-SCVK9-8.3

8.3(3) Flash image

cat6000-supk8.8-3-3.bin

SC6K-SUPK8-8.3

8.3(3) Flash image (CiscoView)

cat6000-supcvk8.8-3-3.bin

SC6K-SCVK8-8.3

8.3(3) Flash image (Secure Shell)

cat6000-supk9.8-3-3.bin

SC6K-SUPK9-8.3

8.3(3) Flash image (Secure Shell and CiscoView)

cat6000-supcvk9.8-3-3.bin

SC6K-SCVK9-8.3

8.3(2) Flash image

cat6000-supk8.8-3-2.bin

SC6K-SUPK8-8.3

8.3(2) Flash image (CiscoView)

cat6000-supcvk8.8-3-2.bin

SC6K-SCVK8-8.3

8.3(2) Flash image (Secure Shell)

cat6000-supk9.8-3-2.bin

SC6K-SUPK9-8.3

8.3(2) Flash image (Secure Shell and CiscoView)

cat6000-supcvk9.8-3-2.bin

SC6K-SCVK9-8.3

8.3(1) Flash image3

cat6000-supk8.8-3-1.bin

SC6K-SUPK8-8.3

8.3(1) Flash image (Secure Shell)

cat6000-supk9.8-3-1.bin

SC6K-SUPK9-8.3

8.2(2) Flash image

cat6000-supk8.8-2-2.bin

SC6K-SUPK8-8.2

8.2(2) Flash image (CiscoView)

cat6000-supcvk8.8-2-2.bin

SC6K-SCVK8-8.2

8.2(2) Flash image (Secure Shell)

cat6000-supk9.8-2-2.bin

SC6K-SUPK9-8.2

8.2(2) Flash image (Secure Shell and CiscoView)

cat6000-supcvk9.8-2-2.bin

SC6K-SCVK9-8.2

8.2(1) Flash image

cat6000-supk8.8-2-1.bin

SC6K-SUPK8-8.2

8.2(1) Flash image (CiscoView)

cat6000-supcvk8.8-2-1.bin

SC6K-SCVK8-8.2

8.2(1) Flash image (Secure Shell)

cat6000-supk9.8-2-1.bin

SC6K-SUPK9-8.2

8.2(1) Flash image (Secure Shell and CiscoView)

cat6000-supcvk9.8-2-1.bin

SC6K-SCVK9-8.2

8.1(3) Flash image

cat6000-supk8.8-1-3.bin

SC6K-SUPK8-8.1

8.1(3) Flash image (CiscoView)

cat6000-supcvk8.8-1-3.bin

SC6K-SCVK8-8.1

8.1(3) Flash image (Secure Shell)

cat6000-supk9.8-1-3.bin

SC6K-SUPK9-8.1

8.1(3) Flash image (Secure Shell and CiscoView)

cat6000-supcvk9.8-1-3.bin

SC6K-SCVK9-8.1

8.1(2) Flash image

cat6000-supk8.8-1-2.bin

SC6K-SUPK8-8.1

8.1(2) Flash image (CiscoView)

cat6000-supcvk8.8-1-2.bin

SC6K-SCVK8-8.1

8.1(2) Flash image (Secure Shell)

cat6000-supk9.8-1-2.bin

SC6K-SUPK9-8.1

8.1(2) Flash image (Secure Shell and CiscoView)

cat6000-supcvk9.8-1-2.bin

SC6K-SCVK9-8.1

8.1(1) Flash image

cat6000-supk8.8-1-1.bin

SC6K-SUPK8-8.1.1

8.1(1) Flash image (CiscoView)

cat6000-supcvk8.8-1-1.bin

SC6K-SCVK8-8.1.1

8.1(1) Flash image (Secure Shell)

cat6000-supk9.8-1-1.bin

SC6K-SUPK9-8.1.1

8.1(1) Flash image (Secure Shell and CiscoView)

cat6000-supcvk9.8-1-1.bin

SC6K-SCVK9-8.1.1

1 Installed on system; append with "=" for spare on floppy media.

2 There are no CiscoView images in software release 8.5(1). CiscoView images are scheduled for software release 8.5(2).

3 There are no CiscoView images in software release 8.3(1). CiscoView images are scheduled for software release 8.3(2).


Software Image Version Compatibility

With high-availability versioning enabled, you can have two different but compatible images on the active and standby supervisor engines. The active supervisor engine exchanges image version information with the standby supervisor engine and determines whether the images are compatible for enabling high availability. If the active and standby supervisor engines are not running compatible image versions, you cannot enable high availability.

Image versioning is supported in supervisor engine software releases 5.4(1) and later. With versioning enabled, high availability is fully supported with the active and standby supervisor engines running different images as long as the images are compatible. The only fully compatible images are as follows:


Note There is no software image version compatibility in the 8.x software release train. This includes major releases such as 8.1(x) to 8.2(x) to 8.3(x) and so on. This also includes subreleases such as 8.1(1) to 8.1(2), 8.2(1) to 8.2(2) and so on.


Supervisor Engine 1

5.5(3) and 5.5(4)

6.1(3) and 6.1(4)

6.2(2) and 6.2(3)

6.3(2) and 6.3(3)

6.3(4) and 6.3(5)

6.3(6) and 6.3(7)

Supervisor Engine 2

6.1(3) and 6.1(4)

6.2(2) and 6.2(3)

6.3(2) and 6.3(3)

Images that are compatible with all modules except Gigabit Ethernet switching modules are as follows:

Supervisor Engine 1

5.4(3) and 5.4(4)

5.5(3) and 5.5(5)

5.5(4) and 5.5(5)

Images that are compatible with Gigabit Ethernet switching modules but not compatible with 10/100BASE-T modules are as follows:

Supervisor Engine 1

5.5(6a) and 5.5(7)

Images that are compatible with all modules except the SFM/SFM2 and fabric-enabled modules are as follows:

Supervisor Engine 2

6.3(4) and 6.3(5)

6.3(6) and 6.3(7)


Note Attempting to run incompatible image versions could result in configuration loss.


Catalyst 6500 Series Features


Note For complete hardware requirements for the software features listed, see the Catalyst 6500 Series Software Configuration Guides.


These sections describe the Catalyst 6500 series features:

Features for Supervisor Engine Software Release 8.7

Features for Supervisor Engine Software Release 8.6

Features for Supervisor Engine Software Release 8.5

Features for Supervisor Engine Software Release 8.4

Features for Supervisor Engine Software Release 8.3

Features for Supervisor Engine Software Release 8.2

Features for Supervisor Engine Software Release 8.1

Features for Supervisor Engine Software Releases 7.1 Through 7.6

Features for Supervisor Engine Software Releases 6.1 Through 6.4

Features for Supervisor Engine Software Releases 5.1 Through 5.5

Features for Supervisor Engine Software Release 8.7


Note Maximum switching performance is achieved when all switch components are fabric enabled. The presence of nonfabric-enabled switching modules might impact overall switching performance.


These sections describe the features in software release 8.7, 23 April 2008:

Software Release 8.7 Hardware Features

Software Release 8.7 Software Features

Software Release 8.7 Unsupported Software Features

Software Release 8.7 Hardware Features

Software release 8.7 provides support for these hardware features:

A 512-MB CompactFlash memory card on Supervisor Engine 720 with a Melody adapter card.

LR+/ER+ XENPAKs with DOM support.

Software Release 8.7 Software Features

Software release 8.7 provides support for the following software features:

IEEE 802.1ag draft 8.0 Metro Ethernet Connectivity Fault Management (CFM) Protocol. CFM incorporates several OAM facilities that allow you to manage Metro Ethernet networks, including an Ethernet continuity check, an end-to-end Ethernet traceroute, a Link Trace Message (LTM), a Loopback Message (LBM), and a Loopback Reply (LBR). These Metro Ethernet CFM elements allow you to identify problems in your network. This protocol replaces IEEE 802.1: 802.1ag-Connectivity Fault Management protocol.

Ethernet Local Management Protocol (ELMI). The ELMI protocols are as follows:

1. Ethernet Virtual Connections (EVC).

2. Ethernet Local Management Interface (ELMI).

The Ethernet Alarm Indication function (ETH-AIS) and the Ethernet Remote Defect Indication (ETH-RDI) are new functional extensions to Metro Ethernet Connectivity Fault Management (CFM). The ETH-AIS is a standard defined by ITU Y.1731 and the ETH-RDI is part of IEEE 802.1ag. AIS-RDI works together to help reduce the management complexity of large SPAN networks and multiple constituent networks that belong to separate organizations.

IEEE 802.1ak Multiple VLAN Registration Protocol (MVRP).

This protocol replaces GVRP in VLAN pruning and dynamic VLAN creation on trunk ports with faster and smaller transmissions, and extends support to larger networks and 4k (4094) VLANs.

1. MVRP default timers need to be tuned appropriately for a high number of VLANs. MVRP is a CPU-intensive protocol that requires an adequate processing interval between PDUs for processing a high number of VLAN states.

2. MVRP does not support Flex link.

3. MVRP does not interoperate with L2PT.

Agentless Hosts Audit Support with MAB

This feature facilitates NAC auditing for agentless hosts with MAB- enabled NAD ports using external audit servers.

QoS and Security ACL assignment with MAB

MAB-enabled ports support ACL assignments similar to 802.1X-enabled ports.

IP Device Tracking (Host Aging using MAB)

This feature tracks the existence of the host and removes aged entries in the CAM table, which ensure that the hosts are removed from the EARL.

MAC Utilization Rate

This feature displays the packet rate, bit rate, and octet rate per port, per module, and per VLAN, based on the load interval that can be specified.

MAC Duplication Indicator

This feature displays an indicator (&) next to the MAC entries that appear more than once in the CAM table.

Mini Protocol Analyzer Enhancements

The Mini Protocol Analyzer Enhancements also capture double tagged frames on dot1qtunnel, PAgP and LACP channel ports, and RFI Link Fault Recovery (OAM Enhancements).

This feature changes the port to the blocking state when a remote link failure is encountered and then automatically changes the port to forwarding state whenever the remote link becomes operational.

Software Release 8.7 Unsupported Software Features

This section lists the unsupported software features in software release 8.7(x):

IEEE P802.1ag/D1 Draft Standard for the Local and Metropolitan Area Networks is not supported.

IEEE P802.1ag/D1 to Draft 8.1 interoperability is not supported.

Change in channel configuration is not supported with Connectivity Fault Management (CFM) enabled.

PVST+ simulation with CFM enabled is not supported.

VTP pruning interoperability with MVRP is not supported.

Features for Supervisor Engine Software Release 8.6


Note Maximum switching performance is achieved when all switch components are fabric enabled. The presence of nonfabric-enabled switching modules might impact overall switching performance.


The following sections describe the features in software release 8.6, 28 February 2007:

Software Release 8.6 Hardware Features

Software Release 8.6 Software Features

Software Release 8.6 Unsupported Software Features

Software Release 8.6 Hardware Features

There are no new hardware features in software release 8.6(x).

Software Release 8.6 Software Features

Software release 8.6 provides support for the following software features:

Policy-Based Forwarding (PBF) macro enhancement

The PBF macro enhancement feature stores macros that were are to create security and adjacency ACLs associated with PBF clients, gateways, and maps in a switch configuration. The set pbf macro commands are included in the output of show config and related commands.

IEEE 802.1ag Ethernet OAM CFM

This protocol provides end-to-end Ethernet connectivity fault management.

Mini Protocol Analyzer

The Mini Protocol Analyzer captures data and control traffic in a flash file that can be read offline using an ethereal client for analysis and troubleshooting purposes.

Digital Optical Monitoring (DOM)

This feature monitors optical power and related information for SFP, GBIC, and XENPAK modules.

Additional QoS statistics

This feature provides peak/maximum QoS statistics for a specified time interval.

Bridge learning MAC move counters

This feature provides a running count of how many times MACs move from one port to another within a VLAN.

Show port per VLAN

This feature displays all ports in a specific VLAN.

Topology change in show spantree

This feature provides the addition of topology change information to show spantree command output. This includes the number of topology changes, the last topology change, the initiator of a topology change, and the time of topology changes.

Downloadable ACLs with 802.1X and webauth

This feature provides the ability to define per-user ACLs in a central location on the AAA server and have the ACLs downloaded on the switch port to enforce access control on the port.

802.1X with PVLAN

This feature provides the ability to use 802.1X on private VLAN ports.

NAC LAN Port 802.1X enhancements

This feature provides support for non-responsive devices (those without Cisco Trust Agents). All the features of LAN port 802.1X are available for these devices.

Inaccessible authentication bypass (IAB)

This feature provides MAC authentication bypass enhancements and web authentication bypass for IAB.

NAC LAN port IP enhancements

This feature provides support for non-responsive or exception devices and URL redirects.

DAI enhancements

This feature adds PACLs that co-exist with dynamic ARP inspection and increase the limit for the maximum number of hosts that can be supported on a port.

SCP w/SSHv2

This feature upgrades SCP so that it can use SSHv2 for enhanced security.

SFTP w/SSHv2

This feature upgrades SFTP to use SSHv2 for enhanced security.

Software Release 8.6 Unsupported Software Features

This section lists the unsupported software features in software release 8.6(x):

IEEE 802.1ad provider bridge

MRP

CAM use optimization

MAC age timeout statistics

Per VLAN MAC address limiting

MAC utilization rate

Counters for unknown frames

HTTPS transport for web authorization proxy

Features for Supervisor Engine Software Release 8.5


Note Maximum switching performance is achieved when all switch components are fabric enabled. The presence of nonfabric-enabled switching modules might impact overall switching performance.


These sections describe the features in software release 8.5, 25 October 2005:

Software Release 8.5 Hardware Features

Software Release 8.5 Software Features

Software Release 8.5 Unsupported Software Features

Software Release 8.5 Hardware Features

Software release 8.5 provides initial support for these modules and chassis:

FlexWAN2—enhanced FlexWAN module (WS-X6582-2PA)

Inline power daughter card (WS-F6K-48-AF)

ZR XENPAK—10GBASE-ZR XENPAK transceiver module for SMF, 1550-nm wavelength, SC connector (XENPAK-10GE-ZR)

Dense Wavelength Division Multiplexing (DWDM) XENPAK

Software Release 8.5 Software Features

Software release 8.5 provides support for these software features:

NAC - L2 IP:

Network Admission Control (NAC) L2 IP extends NAC support to Layer 2 switches and is intended to be deployed on Layer 2 Ethernet access ports at the network edge. The device to be validated must be attached to the Layer 2 port within the first Layer 3 hop. NAC L2 IP does not require 802.1X support on the hosts. Performing posture validation at the edge maximizes the portion of the network that is protected by the access control, and allows posture validation to be performed within a VLAN. NAC - L2 IP acts at the same point in the network as the NAC - L2 IEEE 802.1X feature, but uses different mechanisms to initiate posture validation, to carry the communication between host and authentication server, and to enforce the resulting access limitations.

NAC - L2 IEEE 802.1X:

NAC L2 IEEE 802.1X extends NAC support to Layer 2 switches and wireless access points. Combining it with 802.1X provides a unified authentication and posture validation mechanism at the Layer 2 network edge. This helps protect the network from attack by machines with an insufficient antivirus posture. Performing posture validation at the edge maximizes the portion of the network that is protected and allows posture validation to be performed within a VLAN.

Web Authentication Proxy:

Web-based authentication proxy is an HTTP-based authentication mechanism that allows clients that do not support the 802.1X supplicant functionality to integrate into the Cisco Identity Based Networking Services (IBNS) and NAC strategy using a standard web browser. This feature addresses network environments in which a supplicant code is not available for the given client platform, and environments in which the configuration of the end client is not under administrative control (where the installation and use of an IEEE 802.1X supplicant cannot be enforced despite its availability) and yet controlled access to the network is desired.

IEEE 802.1X - Inaccessible Authentication Bypass:

On an 802.1X-enabled port, if a device fails authentication because access to the back-end authentication server is not available, the port is denied network access. Inaccessible authentication bypass allows network access to critical user-designated servers when access to the back-end authentication server is not available.

MAC Authentication Bypass:

MAC authentication bypass is a MAC address-based authentication mechanism that allows clients that do not support the 802.1X supplicant functionality to integrate into the Cisco Identity Based Networking Services (IBNS) and NAC strategy using the client MAC address. MAC authentication bypass addresses network environments in which a supplicant code is not available for a given client platform and environments in which the configuration of the end client is not under administrative control (where the installation and use of an IEEE 802.1X supplicant cannot be enforced despite its availability) and yet controlled access to the network is desired.

GOLD - Generic Online Diagnostics:

GOLD implements a number of health checks both at system startup and while the system is running. GOLD runs in the background and complements the high-availability features, such as NSF/SSO, alerting them if a disruption occurs. GOLD provides a variety of diagnostic tests; some tests run nonintrusively in the background while other tests can be triggered on demand.

IEEE 802.3ah Ethernet OAM - Operations Administration and Maintenance:

Support for Ethernet OAM refers to a suite of tools designed to install, monitor, and troubleshoot Ethernet networks. Ethernet OAM relies on a new sublayer in the data link layer to provide a way to assist in detecting failing links or fault conditions. This feature provides some key capabilities that enable you to monitor the health of the network and pinpoint the location of the failing links.

Flex Links:

Flex links are a pair of Layer 2 interfaces (switch ports or port channels) configured to act as a backup to another Layer 2 interface. Flex links provide an alternative solution to the Spanning Tree Protocol (STP), allowing you to turn off STP and still provide basic link redundancy.

SmartPorts - Customizable Configuration:

Provides you with a convenient way to save and share common, customizable configurations. It extends the functionality of both SmartPorts and the set alias command by providing a way to define and name a macro and associate one or more commands to that macro. You create a macro using a CLI command and then enter a list of commands that are part of that macro.

Text Configuration Mode Optimization:

Reduces the amount of time required for the system to boot up when you use the text configuration mode. This enhancement ensures that downtime, planned or otherwise, will be shorter.

Firewall Autostate Capability:

The existing autostate feature has been extended as part of this enhancement to add the capability to inform the FWSM when either the first or last port has joined or left a VLAN assigned to that FWSM, excluding the FWSM port channel and trunk port to the MSFC. The FWSM responds to a VLAN down condition by marking the interfaces associated with that VLAN as "Autostate Down." An interface marked as "Autostate Down" is considered a failed interface for purposes of interface-monitoring health status and may cause a failover if the interface-policy threshold is met.

WCCP:

The Web Cache Communication Protocol (WCCP) is a Cisco-developed content-routing technology that allows you to integrate cache engines (such as the Cisco Cache Engine 550) into your network infrastructure.

Software Release 8.5 Unsupported Software Features

This section lists the unsupported software features in software release 8.5(x):

The following QoS features and the commands that are used to configure them are not supported in a system with a Supervisor Engine 720 in software release 8.5(x):

RSVP

COPS

NBAR

Features for Supervisor Engine Software Release 8.4


Note Maximum switching performance is achieved when all switch components are fabric enabled. The presence of nonfabric-enabled switching modules might impact overall switching performance.


These sections describe the features in software release 8.4, 29 December 2004:

Software Release 8.4 Hardware Features

Software Release 8.4 Software Features

Software Release 8.4 Unsupported Software Features

Software Release 8.4 Hardware Features

Software release 8.4 provides initial support for these modules and chassis:

Supervisor Engine 32 (WS-SUP32-GE-3B) with PFC3B and MSFC2A

6000 W power supply (WS-CAC-6000W)

Supported in all Catalyst 65xx and Catalyst 65xx-E chassis except for the 6503 and 6503-E (form-factor difference). Only the 6513 and -E chassis support the full 6000 W; the other chassis rely on software to current limit the power supply.

2700 W power supply (PWR-2700-AC, PWR-2700-DC)

Supported in the Cisco 7606 chassis. Cannot be used in the 65xx chassis.

Catalyst 6500 E-series chassis enhancements

Enhanced power capacity allowing higher-powered modules to be installed (including PoE support for 30 W per-port devices). Additionally, support for the 67xx switching modules in the 6503-E chassis is provided with software release 8.4(1) and later releases.

WS-X6148A-GE-TX, WS-X6148A-GE-45AF

48-port 10/100/1000BASE-T, RJ-45 connectors. WS-X6148A-GE-45AF provides inline power for IP telephones with the WS-F6K-GE48-AF daughter card.

WS-X6148-FE-SFP

48-port 100FX Ethernet, requires SFPs. The following SFPs are introduced with the WS-X6148-FE-SFP module:

GLC-FE-100FX (100BASE-FX SFP)

GLC-FE-100LX (100BASE-LX SFP)

GLC-FE-100BX-U, GLC-FE-100BX-D (100BASE-BX SFP)

WS-X6148A-RJ-45, WS-X6148A-45AF

48-port 10/100BASE-TX, RJ-45 connectors. WS-X6148A-45AF provides inline power for IP telephones with the WS-F6K-GE48-AF daughter card.

WS-X6196-RJ-21, WS-X6196-21AF

96-port 10/100BASE-TX, RJ-21 connectors. WS-X6196-21AF provides inline power for IP telephones with the WS-F6K-FE48X2-AF daughter card.

1000BASE-BX SFP (GLC-BX-1310, GLC-BX-1490)

4-slot 6504-E chassis (WS-C6504-E) (Supported in software release 8.4(2) and later releases.)

Software Release 8.4 Software Features

Software release 8.4 provides support for these software features:

EtherChannel enhancements:

Provides for an automatic failover of traffic from one port in an EtherChannel to another port in the same EtherChannel when one of the ports in the channel exceeds a configurable error threshold within the specified interval. The port failover only occurs if there is an operational port left in the EtherChannel. If the failed port is the last port in the EtherChannel, the port does not enter the "port failover" state and continues to pass traffic regardless of the type of errors being received. Single, nonchanneling ports do not go into the port failover state; these ports go into the errdisable state when the error threshold is exceeded within the specified interval.

VLAN translation:

VLAN mapping has been enhanced to allow you to map any type of VLAN to any other type of VLAN without any VLAN range restrictions. VLAN mapping is now configurable on a per-port or per-ASIC basis.

MAC-based ACLs:

PFC3B and PFC3BXL allow the ACL lookups on all packet types using the MAC ACL. This feature is useful for doing MAC-based matching on all packets regardless of whether the packet is IP version 4, IP version 6, IPX, MPLS, and so on. You can utilize this feature to rate limit all traffic ingressing a VLAN to some specific value by coupling an aggregate policer with a match-all MAC ACL.

SmartPorts enhancements:

Ciscorouter SmartPorts template

Ciscoswitch SmartPorts template

Ciscodesktop SmartPorts template

Ciscoipphone SmartPorts template

Ciscosoftphone SmartPorts template

Global SmartPorts template

System profiles (lockdown profiles):

With the profile files, you can eliminate the features or processes that may pose security risks (for example, disabling CDP or turning off auto-trunking on a port) to your switch. A profile file that has most of the security risks disabled is also known as a "lockdown" profile. A lockdown profile changes the functionality of the switch from enabling access to preventing access by default. When a lockdown profile is applied, you must manually enable the features that were disabled by the profile file.

CRAM algorithm:

The compression and reordering of the ACL masks (CRAM) feature optimizes the mask usage across the different ACLs. This optimization promotes mask sharing and results in more efficient usage of the TCAM and the ability to program more ACLs in the TCAM.

ACL statistics:

When you select the statistics keyword with the set security acl command set, the statistics are stored for the ACEs or the ACLs (VACLs and PACLs). The ACL statistics are disabled by default and can be enabled on a per-ACL, per-VLAN, or per-ACE basis.

NetFlow top talkers:

The show mls statistics entry ip top-talkers command can display the statistics for the netflows with the maximum amount of network usage. The NetFlow entries are pulled out of the NetFlow table based on the number of packets that each flow has. The results are displayed in descending order with the top talkers being the entries with the largest packet count. You can get the statistics for the network (the top 32 talkers will be displayed) or for a specified number of flows such as the top 1 or 2 talkers.

Configuration rollback:

Provides for rolling back the current switch configuration file to a previously saved configuration file if the current file produces undesirable system results. This rollback feature provides a command to set multiple configuration "checkpoint" files. If you no longer want the current configuration file to run on the switch, you can return to one of these configuration checkpoint files quickly and with the least possible disturbance to switch functionality.

SPAN—Multiple destination ports can be specified in each local SPAN session.

NetFlow—Create NetFlow table entries on a per-VLAN basis.

Time domain reflectometer (TDR) support added for the following modules: WS-X6748-GE-TX, WS-X6148A-GE-TX, WS-X6148A-GE-45AF, WS-X6148A-RJ-45, and WS-X6148A-45AF.

Layer 2 protocol tunneling enhancements:

Provides for specifying the drop and shutdown thresholds for individual protocols on a per-port basis. If you configure thresholds only and do not specify a protocol, the packets are rate limited cumulatively irrespective of protocols. If you specify a threshold for a protocol on a port, the packets are rate limited on a cumulative basis and then per-protocol thresholds are applied to the packets.

802.1X authentication failure VLAN:

On a traditional 802.1X port, the switch does not provide access to the network until the supplicant that is connected to the port is authenticated by verifying its identity information with an authentication server. With the authentication failure VLAN feature, you can configure the authentication failure VLAN on a per-port basis and after three failed 802.1X authentication attempts by the supplicant, the port is moved to the authentication failure VLAN where the supplicant can access the network.

802.1X RADIUS server failover enhancements:

Before software release 8.4(1), when the active RADIUS server went down or was unreachable, the 802.1X authentication timed out before the backup RADIUS server could become active. With software release 8.4(1) and later releases, some RADIUS server timer values are now configurable and the show radius command has been enhanced to show the active RADIUS server.

Shaped round robin (SRR):

Provides egress traffic shaping and is supported as an option on Supervisor Engine 32 1p3q8t ports. If you do not enable SRR, weighted round robin (WRR) is used. SRR only allows a queue to use the specific amount of bandwidth that the weight allocates.

Support for the following MIBs:

CISCO-SECURE-SHELL-MIB

CISCO-RADIUS-MIB

CISCO-COPY-CONFIG-MIB

CISCO-VLAN-TRANSLATION-MIB

MAU-MIB

CISCO-MAU-EXT-MIB

POWER-ETHERNET-MIB

CISCO-POWER-ETHERNET-EXT-MIB

CISCO-NETFLOW-MIB

HC-ALARM-MIB

CISCO-VMPS-MIB enhancement

RMON-MIB enhancement

CISCO-STP-EXTENSIONS-MIB enhancement

CISCO-CATOS-ACL-QOS-MIB enhancement

SMON-MIB/CISCO-RMON-CONFIG-MIB enhancement

CISCO-QOS-PIB-MIB enhancement

CISCO-SWITCH-ENGINE-MIB enhancement

CISCO-L2-TUNNEL-CONFIG-MIB enhancement

Software Release 8.4 Unsupported Software Features

This section lists the unsupported software features in software release 8.4(x):

The following QoS features and the commands that are used to configure them are not supported in a system with a Supervisor Engine 720 in software release 8.4(x):

RSVP

COPS

NBAR

The following features are not supported with a Supervisor Engine 720 or Supervisor Engine 32 in software release 8.4(x):

TCP Intercept.

WCCP.

Features for Supervisor Engine Software Release 8.3


Note Maximum switching performance is achieved when all switch components are fabric enabled. The presence of nonfabric-enabled switching modules might impact overall switching performance.


These sections describe the features in software release 8.3, 3 May 2004:

Software Release 8.3 Hardware Features

Software Release 8.3 Software Features

Software Release 8.3 Unsupported Software Features

Software Release 8.3 Hardware Features

Software release 8.3 provides initial support for these modules and chassis:


Note With software release 8.3(1), WS-SUP720-3BXL and WS-SUP720-3B support the same feature set and have the same performance characteristics as WS-F6K-PFC3A.


WS-SUP720-3BXL—Supervisor Engine 720 with PFC3BXL:

1-GB DRAM

Policy Feature Card 3BXL

Multilayer Switch Feature Card 3 (MSFC3):

1-GB DRAM

64-MB bootflash

WS-F6K-PFC3BXL—Policy Feature Card 3BXL:

Use WS-F6K-PFC3BXL= to upgrade a WS-SUP720 with a PFC3BXL. WS-F6K-PFC3BXL= includes 1-GB memory upgrades for the Supervisor Engine 720 and the MSFC3. Refer to this publication for more information:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_16220.html

WS-SUP720-3B—Supervisor Engine 720 with PFC3B:

512-MB DRAM

Policy Feature Card 3B

Multilayer Switch Feature Card 3 (MSFC3):

256-MB DRAM

32-MB bootflash

WS-F6K-PFC3B—Policy Feature Card 3B:

There are no memory-only upgrade options for WS-SUP720-3B.

Use WS-F6K-PFC3BXL= to upgrade a WS-SUP720-3B with a PFC3BXL. WS-F6K-PFC3BXL= includes 1 GB memory upgrades for the Supervisor Engine 720 and the MSFC3. Refer to this publication for more information:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_16220.html

Dense Wavelength Division Multiplexing (DWDM) GBIC transceivers

Coarse Wave Division Multiplexer SFP (CWDM-SFP) (1000BASE-CWDM SFP)

GLC-T (1000BASE-T SFP)

XENPAKs:

XENPAK-10GB-SR—10GBASE-SR Serial 850-nm short-reach multimode (MMF)

XENPAK-10GB-CX4—10GBASE-CX4 provides support for copper up to 15 meters

WS-X6748-SFP module (48-port Gigabit Ethernet SFP)


Note Support for the WS-X6748-SFP module started in software release 8.3(2) and later releases.


Software Release 8.3 Software Features

Software release 8.3 provides support for these software features:

DHCP snooping:

DHCP snooping provides security against Denial-Of-Service (DoS) attacks that are launched using DHCP messages by filtering DHCP packets and building and maintaining a DHCP-snooping binding table. DHCP snooping uses trusted and untrusted ports to filter the DHCP packets that are received by the switch.

IP source guard:

IP source guard prevents IP spoofing by allowing only the IP addresses that are obtained through DHCP snooping on a particular port.

Dynamic ARP inspection:

Dynamic ARP inspection (DAI) uses the binding information that is built by DHCP snooping to enforce the advertisement of bindings to prevent "man-in-the-middle" attacks. These attacks can occur when an attacker intercepts and selectively modifies communicated data to masquerade as one or more of the entries in a communication association. DAI adds an extra layer of security to ARP inspection by verifying that the ARP packet's MAC address and IP address match an existing DHCP snooping binding in the same VLAN.

Port ACLs (PACLs):

Prior to software release 8.3(1), there were two types of access-lists—VACLs and IOS ACLs. The VACLs are applied to Layer 2 and Layer 3 forwarded traffic while the Cisco IOS ACLs are only applied to Layer 3 forwarded packets. Both access list types are applied to VLANs and filter traffic based on the packet header information.

Typically, a VLAN is composed of many physical ports. A PACL provides you with the extra granularity to filter traffic on a specific physical port. A PACL is an access list that is mapped to a physical port. Like VACLs, PACLs are applied to both Layer 2 and Layer 3 forwarded packets.

Fabric enhancements with Supervisor Engine 720:

The integrated 720-Gbps switch fabric supports a high-availability failover to the standby switch fabric.

Automatic QoS enhancement:

Allows you to clear the automatic QoS configuration by using a port-based clear command and a global clear command.

Multiple collectors for NDE:

Allows NetFlow export data to be sent to two destinations simultaneously.

PBF enhancements:

Simplifies the process of setting and committing the security ACLs and adjacency information.

EtherChannel enhancements:

Clears and restores channel-based counters on a per-protocol and per-channel basis.

Disables an auxiliary VLAN until an IP phone is detected:

Provides security for the auxiliary VLANs by ensuring that the auxiliary VLAN is not enabled until an IP phone is detected. As soon the switch detects the presence of an IP phone, the auxiliary VLAN is enabled.

802.1X unidirectional controlled port:

Allows you to use wake-on LAN technology (also referred to as remote wake-up) to perform unattended system backups or software upgrades on hosts attached to the switch.

802.1X with ACL assignments:

When you configure 802.1X with ACL assignments, you can automatically configure the QoS ACLs and VACLs to a user once the user is authenticated. The RADIUS server sends a QoS VLAN-based ACL, QoS port-based ACL, or VACL policy name with the authentication success packet. The policy that is associated with the policy name is already configured on the switch through the CLI. The policy is converted into a set of ACEs and then installed on the switch. Once you configure the 802.1X ACL assignments, the switch does the following:

Authenticates the user(s)

Uses DHCP snooping or dynamic ARP inspection to obtain the IP address of the user(s)

Expands the ACL using the IP address(es) and programs the PFC

802.1X user distribution:

Configuring the 802.1X user distribution feature allows you to distribute users that have the same group name across multiple VLANs. Prior to software release 8.3(1), the RADIUS VLAN assignment feature supported by 802.1X took the VLAN number obtained from the RADIUS server and added all users to that VLAN. With software release 8.3(1) and later releases, you can load balance 802.1X-authenticated users that are configured under one group name by distributing them evenly between VLANs.

802.1X RADIUS accounting and tracking:

Allows you to send 802.1X user accounting information to the RADIUS server.

802.1X authenticated identity-to-port description mappings:

Assigns a port description to the 802.1X port based on the information received from the RADIUS server. This feature makes use of an AV-Pair, "Supplicant Name," to uniquely assign a port description for an authenticated user.

DNS resolution for a RADIUS server configuration:

Allows you to configure the RADIUS server using a DNS name in addition to IP addresses.

VTP version 3 enhancement—MST mapping propagations:

Provides the ability to distribute the MST database across the network using VTP version 3.

802.1s:

The Multiple Spanning Tree (MST) feature is the IEEE 802.1s and is an amendment to 802.1Q. MST extends the 802.1w Rapid Spanning Tree (RST) algorithm to multiple spanning trees. This extension provides for both rapid convergence and load balancing in a VLAN environment. In software release 8.3(1), the MST protocol is compliant with IEEE 802.1s and is backward compatible with 802.1D STP, 802.1w, the Rapid Spanning Tree Protocol (RSTP), and the Cisco PVST+ architecture that was implemented in previous software releases.

Layer 2 PDU rate limiting:

The Layer 2 PDU rate limiters are supported in hardware, and they rate limit traffic on the Local Target Logic (LTL) index. You can configure up to four rate limiters. You can configure rate limiters to limit the following PDU types globally on the switch:

Spanning-tree BPDUs—IEEE and SSTP, CDP, UDLD, VTP, and PAgP

Layer 2 protocol tunnel-encapsulated PDUs

802.1X port security

Automatic module shutdown:

Automatically shut down any module based on the number of times that the module resets itself within a specified time frame. A module that frequently resets itself can disrupt traffic load balancing. By setting the automatic module shutdown, you can limit the number of times that the module resets itself before shutting down completely.

System crash-info files:

The crash-info file contains extended system information that is captured very quickly when the system reloads due to an error condition. Like the core-dump file, the crash-info file is stored in the file system. The information in the crash-info file should be used in addition to the core-dump information and does not replace that information. By examining both the crash-info file and core-dump file, Cisco TAC can better analyze the error condition.

MSFC autostate enhancements:

Normal autostate mode—Autostate shuts down (or brings up) Layer 3 interfaces/subinterfaces on the MSFC and the Multilayer Switch Module (MSM) when specific port configuration changes occur on the switch.

Autostate exclude mode—Allows you to specify the ports to exclude from autostate.

Autostate track mode—Tracks key VLAN or port connections to the MSFC.

Port security on trunk ports

MAC address monitoring:

Because the Catalyst 6500 series switches learn the source MAC addresses automatically, the system is vulnerable to flooding of spoofed traffic and potential Denial of Service (DoS) attacks. To prevent traffic flooding and DoS attacks, you can monitor the number of MAC addresses that are learned by the system on a per-port, per-VLAN, or per-port-per-VLAN basis.

CoS-to-CoS maps on IEEE 802.1Q tunnel ports:

Ingress Cos-to-CoS mapping is supported on 802.1Q tunnel ports on WS-X6704-10GE, WS-X6724-SFP, and WS-X6748-GE-TX switching modules. The CoS-to-CoS mapping feature is disabled on ports that are not configured as 802.1Q tunnel ports.

Back up the VMPS configuration file:

When you reboot a Catalyst 6500 series switch that is configured as a VMPS server, the VMPS requests that are sent by the clients are queued by the TFTP server until the VMPS server downloads the VMPS configuration file from the VMPS server. To ensure that client access is not delayed during a system reboot, you can configure the switch to back up the VMPS configuration file locally and use this file until it is has downloaded the current VMPS configuration file from the remote TFTP server.

SCP:

Secure Copy (SCP) provides a secure method for copying crypto image files. SCP relies on Secure Shell (SSH) and allows you to copy a crypto file to and from the system through an encrypted channel.

Comparing configuration files:

You can compare the configuration files that are stored on the system to determine the differences between the configuration files or to check if changes have been made to the system configuration.

Using Secure Shell Encryption for Telnet sessions (support for SSH version 2)

Secure Shell encryption provides security for Telnet sessions and other remote connections to the switch. Secure Shell encryption is supported for remote logins to the switch only. Telnet sessions that are initiated from the switch cannot be encrypted. To use this feature, you must install the application on the client accessing the switch, and you must configure Secure Shell encryption on the switch. The current implementation of Secure Shell encryption supports SSH version 1and version 2. SSH version 1 supports the DES and 3DES encryption methods, and SSH version 2 supports the 3 DES and AES encryption methods. Secure shell encryption can be used with RADIUS and TACACS+ authentication.

GLBP:

Gateway Load Balancing Protocol (GLBP) provides load-balancing over multiple gateways through a single virtual IP address and multiple virtual MAC addresses. This protocol is similar to Host Standby Router Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP). GLBP protects data traffic from a failed router or circuit, while allowing packet load sharing between a group of redundant routers.

IGMP version 3 snooping with Multicast Multilayer Switching (MMLS):

Prior to software release 8.3(1), IGMP version 3 snooping operated only with MMLS disabled on the supervisor engine. This resulted in the IGMP version 3 snooping capability being available on individual bridged VLANs but there was no IGMP version 3 snooping support for hardware-switched Layer 3 flows. Software release 8.3(1) and later releases provides IGMP version 3 snooping with MMLS integration.

CLI command logging:

Entering the show log command displays recorded commands executed from the CLI through Telnet, SSH, or console sessions. The log provides a history of the events and operations performed by users.

Generic Attribute Registration Protocol (GARP) VLAN Registration Protocol (GVRP) support on Supervisor Engine 720

Verify software images:

Because a software image goes through a sequence of transfers before it is copied into the memory of the switch, the integrity of the image is at risk each time that it is downloaded from Cisco.com. The image size and checksum are automatically checked when the image is copied, but these types of checks do not ensure that the downloaded image has not been corrupted. To ensure the integrity of any images that you download, you can use the set image-verification command. You can set image verification to work when booting, after the image has been copied, or before a system reset.

Bidirectional PIM:

Supervisor Engine 720 supports hardware forwarding of bidirectional PIM groups. To support bidirectional PIM groups, the Supervisor Engine 720 implements a new mode called designated forwarder (DF) mode. The designated forwarder is the router that is elected to forward packets to and from a segment for a bidirectional PIM group. In DF mode, the supervisor engine accepts packets from the reverse path forwarding (RPF) interface and from the DF interface.

VLAN manager enhancements:

Instead of reserved VLANs, we now have only user and internal VLANs. VLAN manager no longer permanently sets aside VLANs for features that require them; they are now dynamically assigned as needed. The entire VLAN range (1 to 4094) is now available for user (and internal) VLANs.

QoS policer burst value change:

The burst value changed from 1-32000 (1 Kb to 32 Kb) to 1-256000 (1 Kb to 256 Mb)

PFC3 output QoS ACLs trust change:

Egress traffic uses the same trust values as ingress traffic when attaching ACLs to a VLAN. Any traffic trusted at ingress will also be trusted at egress.

UDI - Unique Device Identifier:

The Cisco Unique Device Identifier (UDI) provides inventory identification in the output of the show inventory command.

System sanity check:

The show system sanity command runs a series of checks on the configuration and highlights possible conditions that could lead to problems with your configuration.

System health check:

The show system health command tracks registers, counters, and software patch "kick-ins" and compiles a list of entities it considers as "unhealthy" for the system. The feature also lists CPU and memory utilization.

Expanded memory support:

Software release 8.3(1) and later releases support up to 1-GB DRAM on the Supervisor Engine 720.

SmartPort macros:

SmartPort macros provide a convenient way to save and share common configurations. You can use SmartPort macros to enable features and settings based on the location of a switch in the network and for mass configuration deployments across the network.

Virtual Router Redundancy Protocol (VRRP)

VRRP eliminates the single point of failure inherent in the static default routed environment.

Software Release 8.3 Unsupported Software Features

This section lists the unsupported software features in software release 8.3(x):

The following QoS features and the commands that are used to configure them are not supported in a system with a Supervisor Engine 720 in software release 8.3(x):

RSVP

COPS

NBAR

The following features are not supported with a Supervisor Engine 720 in software release 8.3(x):

TCP Intercept.

WCCP.

Features for Supervisor Engine Software Release 8.2


Note Maximum switching performance is achieved when all switch components are fabric enabled. The presence of nonfabric-enabled switching modules might impact overall switching performance.


These sections describe the features in software release 8.2, 4 December 2003:

Software Release 8.2 Hardware Features

Software Release 8.2 Software Features

Software Release 8.2 Unsupported Software Features

Software Release 8.2 Hardware Features

Software release 8.2 provides initial support for these modules and chassis:

The 96-port 10/100BASE-TX switching module (WS-X6148X2-RJ-45) is supported. WS-X6148X2-45AF has the voice daughter card (WS-F6K-FE48X2-AF).

Voice daughter card features include the following:

Inline power for Cisco IP phones, Cisco Aironet wireless access points, and IEEE 802.3af-compliant devices

Power to any of the 96 ports

Up to 15.4 W per port (limited to a total of 740 W per daughter card)

48 ports may be powered at 15.4 W each

96 ports may be powered at 7 W each

Two additional voice daughter cards are supported:

WS-F6K-48-AF for the WS-X6148-RJ-45 and WS-X6148-RJ-21 48-port 10/100BASE-TX switching modules

WS-F6K-GE48-AF for the WS-X6148-GE-TX and WS-X6548-GE-TX 48-port 10/100/1000BASE-TX switching modules

These voice daughter card features are supported:

Inline power for Cisco IP phones, Cisco Aironet wireless access points, and IEEE 802.3af-compliant devices.

Power to all 48 ports (up to 15.4 W per port)


Note To determine your exact power needs, use the CCO power calculator at this URL:

http://www.cisco.com/go/powercalculator


The 1000BASE-ZX SFP (GLC-ZX-SM), single mode only, dual LC connector is supported.

XENPAK-10GB-LX4—10GBASE-LX4 Serial 1310-nm multimode (MMF)

The Catalyst 6500 series switch service modules are supported with Supervisor Engine 720 in software release 8.2(1) and later releases. The "Service Modules" section lists the service modules.

The Catalyst 6500 series switch voice modules are supported with Supervisor Engine 720 in software release 8.2(1) and later releases. The "Voice Modules" section lists the voice modules.

The ATM modules are supported with Supervisor Engine 720 in software release 8.2(1) and later releases. The "ATM Modules" section lists the ATM modules.

The FlexWAN module is supported with Supervisor Engine 720 in software release 8.2(1) and later releases. The "FlexWAN Module" section lists the FlexWAN module.

Software Release 8.2 Software Features

Software release 8.2 provides support for these software features:

Specifying a custom 802.1Q EtherType field

By specifying a custom EtherType field, your network can support Cisco and non-Cisco switches that do not use the standard 0x8100 EtherType to identify 802.1Q-tagged frames.

Supervisor Engine 720 supports these QoS-related features:

Egress QoS

Egress DSCP mutation

Optional egress DSCP rewrite

Disable DSCP rewrite

QDE

Automatic QoS

IEEE 802.3af power compliance

Cisco IP Phone support enhancements:

Support for a high-powered phone to negotiate a low-power mode (dimmed screen) when powered by a pre-standard Cisco PoE daughter card.

Support for a high-powered phone to negotiate a high-power mode (full screen brightness) when powered by a IEEE 802.3af Cisco PoE daughter card.

Support for new SFPs and XENPAKs:

For information on SFP and XENPAK support, see the "SFP, XENPAK, and GBIC Behavior" section.

New auto-10-100 keyword for the set port speed command:

Use the auto-10-100 keyword on ports that support speeds of 10/100/1000 Mbps. Using the auto-10-100 keyword makes the port behave the same as a 10/100-Mbps port that has the speed set to auto. The speed and duplex are negotiated (the 1000-Mbps speed does not take part in the negotiation).

New auto-configure keyword for the set port security command:

Automatically configured addresses are not aged out and are retained across reboots. These addresses are retained if a secure port shuts down because of a security violation, if the port is administratively disabled, or if port security is disabled.

Auto-MDI/MDIX capability:

You can use either straight or crossover cable, and the module will automatically detect and adjust for the cable type. For complete details, see the "Auto-MDI/MDIX" section.

In software release 8.2.2, improved supervisor engine failover rates with high-availability enabled are as follows:

In flow-through, truncated and compact modes, the Supervisor Engine 1 and Supervisor Engine 2 failover time is less than 500 ms.

In flow-through mode, the Supervisor Engine 720 failover time is about 1.5 seconds. In truncated or compact mode, the Supervisor Engine 720 failover time is less than 3 seconds.

In software release 8.2.1, the supervisor engine failover rates with high-availability enabled are as follows:

In flow-through mode, the Supervisor Engine 1 and Supervisor Engine 2 failover time is less than 500 ms. With Supervisor Engine 720, the failover time is approximately 1.5 seconds.

In truncated or compact mode, the Supervisor Engine 2 failover time is about 1.5 seconds. With Supervisor Engine 720, the failover time is approximately 3.5 seconds.

The maximum number of permanent CAM entries has been increased from 128 to 256.

Support for the following MIBs:

CISCO-VLAN-MEMBERSHIP-MIB enhancement

CISCO-CATOS-ACL-QOS-MIB enhancement

Software Release 8.2 Unsupported Software Features

This section lists the unsupported software features in software release 8.2(x):

The following QoS features and the commands that are used to configure them are not supported in a system with a Supervisor Engine 720 in software release 8.2(x):

RSVP

COPS

NBAR

The following automatic QoS clear commands are visible in the CLI but are not supported in software release 8.2(x):

clear qos autoqos

clear port qos mod/port autoqos

The following features are not supported with a Supervisor Engine 720 in software release 8.2(x):

TCP Intercept.

WCCP.

IGMP version 3.

Features for Supervisor Engine Software Release 8.1


Note Maximum switching performance is achieved when all switch components are fabric enabled. The presence of nonfabric-enabled switching modules might impact overall switching performance.


These sections describe the features in software release 8.1, 30 June 2003:

Software Release 8.1 Hardware Features

Software Release 8.1 Software Features

Software Release 8.1 Unsupported Software Features

Software Release 8.1 Hardware Features

Software release 8.1 provides initial support for these modules and chassis:

Supervisor Engine 720 (WS-SUP720)

4000 W DC-power supply (PWR-4000-DC)

Cisco 7609 router chassis, 9 vertical slots (CISCO7609)

Catalyst 6509-NEB-A chassis, 9 vertical slots (6509-NEB-A)

48-port 10/100/1000 Ethernet Module, RJ-45, fabric enabled (WS-X6748-GE-TX)

24-port Gigabit Ethernet Module, requires SFPs, fabric enabled (WS-X6724-SFP)

4-port 10-Gigabit Ethernet Module, requires XENPAKs, fabric enabled (WS-X6704-10GE)

XENPAK—Up to 10-kilometer range, 10GBASE-LR Serial 1310-nm long-haul (SMF) (XENPAK-10GB-LR)

Software Release 8.1 Software Features

Software release 8.1 provides support for these software features:

VTP version 3—VTP version 3 differs from earlier VTP versions in that it does not directly handle VLANs. VTP version 3 is a protocol that is only responsible for distributing a list of opaque databases over an administrative domain. When enabled, VTP version 3 provides the following enhancements to previous VTP versions:

Support for extended VLANs.

Support for the creation and advertising of private VLANs.

Improved server authentication.

Protection from the "wrong" database accidentally being inserted into a VTP domain.

Interaction with VTP version 1 and VTP version 2.

Ability to be configured on a per-port basis.

CallHome—You can use the CallHome feature to set your switch to e-mail or you can page a syslog message of a specified severity to a specified e-mail or pager address or a set of e-mail or pager addresses.

Logging system information to a TFTP, FTP, or rcp server—You can configure your system to periodically execute up to 15 show commands and log the output of these commands in a file on a specified server. The information in the output can be used for debugging and troubleshooting purposes.

TCL scripting—Tool Command Language (TCL) is a simple, programmable, text-based language that allows you to write command procedures that expand the capabilities of the built in set of commands. It is used primarily with interactive programs such as text editors, debuggers, illustrators, and shells. The Catalyst 6500 series switch software supports TCL version 7.4.

VLAN port-provisioning verification—When VLAN port-provisioning verification is enabled, you must specify the VLAN name in addition to the VLAN number when assigning switch ports to VLANs. Because you are required to specify both the VLAN name and the VLAN number, this verification feature helps ensure that ports are not inadvertently placed in the wrong VLAN.

FTP support for downloading software images.

Increased number of command aliases—Use the set alias command to define up to 100 command aliases (shorthand versions of commands) for frequently used or long and complex commands.

Increased number of MAC addresses supported (4097) for port security.

Configure 802.1X guest VLANs on a per-port basis.

Pipe command—Introduces a UNIX style output piping functionality to the Catalyst software. This feature enables you to pipe the output of a command, such as show port, to another command for post-processing.

CMM online diagnostics are supported in software release 8.1(1) and later releases.

Support for the following MIBs:

ENTITY-MIB enhancement

CISCO-UDLDP-MIB enhancement

CISCO-RF-MIB

CISCO-CALLHOME-MIB

CISCO-VTP-MIB enhancement

CISCO-SYS-INFO-LOG-MIB

CISCO-CAT6K-CROSSBAR-MIB enhancement

CISCO-ENTITY-ASSET-MIB

CISCO-SWITCH-ENGINE-MIB enhancement

CISCO-CATOS-ACL-QOS-MIB enhancement

CISCO-PAGP-MIB enhancement

CISCO-LAG-MIB enhancement

CISCO-IGMP-SNOOPING-MIB enhancement

Software Release 8.1 Unsupported Software Features

This section lists unsupported software features:

The following QoS commands are present in software release 8.1(x) images, but are not tested or supported:

set qos dscp-rewrite enable

set qos dscp-rewrite disable

output keyword for the set qos acl and clear qos acl commands

set qos dscp-mutation-map

clear qos dscp-mutation-map

dscp-mutation-map keyword for the show qos commands

The following QoS features and the commands used to configure them are not supported in a system with a Supervisor Engine 720 in software release 8.1(x):

No DSCP rewrite

Egress QoS

PFC3 egress DSCP mutation

Automatic QoS

RSVP

COPS

QoS and voice macros

NBAR

QDE

The following features are not supported with a Supervisor Engine 720 in software release 8.1(x):

TCP Intercept.

WCCP.

IGMP version 3.

Features for Supervisor Engine Software Releases 7.1 Through 7.6

For a complete list of hardware and software features for software releases 7.1 through 7.6, refer to the Release Notes for Catalyst 6500 Series Switch Software Release 7.x at this URL:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/7.x/release/notes/OL_1982.html

Features for Supervisor Engine Software Releases 6.1 Through 6.4

For a complete list of hardware and software features for software releases 6.1 through 6.4, refer to the Release Notes for Catalyst 6500 Series Switch Software Release 6.x at at this URL:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/6.x/release/notes/78_11235.html

Features for Supervisor Engine Software Releases 5.1 Through 5.5

For a complete list of hardware and software features for software releases 5.1 through 5.5, refer to the Release Notes for Catalyst 6500 Series Switch Software Release 5.x at this URL:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/5.x/release/notes/78_6218.html

Usage Guidelines and Restrictions

These sections provide usage guidelines and restrictions for the Catalyst 6500 series switches:

System and Supervisor Engine

Modules and Switch Ports

SFP, XENPAK, and GBIC Behavior

EtherChannel

Quality of Service

Automatic Quality of Service with Cisco IP Phones

Multicast

IGMP Version 3 with MMLS

Spanning Tree

Access Control

High Availability

Multilayer Switching

MIBs

VLANs, VTP, MVRP, and VLAN Trunks

Authentication, Authorization, and Accounting

TDR

Auto-MDI/MDIX

Bidirectional PIM

Binary and Text File Configuration Modes

802.1X Authentication

NetFlow Data Export

Network Admission Control

Connectivity Fault Management

CiscoView

System and Supervisor Engine

This section contains usage guidelines, restrictions, and troubleshooting information that apply to the supervisor engine and to the switch at the system level:


Note For information about AC power requirements and heat dissipation, refer to Chapter 2, "Preparing for Installation," of the Catalyst 6500 Series Switch Installation Guide:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Chassis_Installation/Cat6500/6500_ins.html


On a Catalyst 6500 series switch that runs software release 8.7(3), the 10-Gigabit Ethernet uplink ports on a WS-SUP32-10GE-3B engine cannot transfer frames over 10100 bytes. The switch that operates with Supervisor Engine 720 does not support large frames over 9760 byte maximum transmission units (MTUs).


Note The large frames with 10100 bytes is not supported in Cisco IOS software.


Workaround: None. (CSCsg73697)

On a Catalyst 6500 series switch that runs software release 8.7(3), enabling set cam zero-mac-filter using set cam zero-mac-filter enable command discards all the traffic that comes with the destination MAC address 00-00-00-00-00-00, and it is not seen in CAM table. The MAC address is learnt when the set cam zero-mac-filter is disabled.

Workaorund: None. (CSCsw16568)

On a Catalyst 6500 series switch with WS-SUP32-10GE-3B that runs software release 8.7(1) or later, the configuration of the supervisor module is lost during an upgrade. This problem occurs when the switch operates in binary configuration mode.

Workaround: Upgrade the software in text configuration mode. (CSCsx47569)

For Software Release 8.3(1) and later, the total power available in a system running combined mode will be equal to the larger of a) 1.67 * the smaller supply or b) the larger supply. The previous behavior was to add the output of both supplies. (CSCea60961)

If a high percentage of traffic over 32 Gbps is switched through a 13-slot chassis, protocols such as UDLD, CDP, and STP, may fail and result in network downtime. Both Supervisor Engine 2 and Supervisor Engine 720 systems are affected. This problem affects only the 13-slot chassis. This problem is usually seen when the uplink ports on the Supervisor Engine are passing traffic but there needs to be traffic on other modules to reach 32 Gbps. (CSCee23154)

Moving a Supervisor Engine 2 and MSFC2 between a Catalyst 6509 switch and a Catalyst 6503 switch may corrupt the MSFC2 NVRAM.

Workaround: Save the configuration to Flash memory and restore the configuration after the move. (CSCdy83320)

Cisco 1200 series wireless access points may not receive power from a Catalyst 6500 series switch. This problem usually happens if the switch is reset or power cycled, if the module in the switch to which the access point is connected is reset or power cycled, or if a fast switchover occurs.

When this problem happens, a system message such as the following is displayed:

%SYS-3-PORT_DEVICENOLINK Device on port m/p powered but no link up

However, this system message may not always be seen depending on the type of module used.

Workaround: Disable the Ethernet port that the access point is connected to for 2 to 3 minutes and then enable the port again. If this does not resolve the problem, replace the AIR-RM20A radio module with the AIR-RM21A module. (CSCeg05847)

The broadcast suppression counter undercounts packets that have a size evenly divisible by 16:

A 64-byte packet should be counted as 4 but is counted as 3

65- to 79-byte packets are correctly counted as 4

An 80-byte packet should be counted as 5 but is counted as 4

81- to 95-byte packets are correctly counted as 5

A 96-byte packet should be counted as 6 but is counted as 5

(CSCdr56784)

For software release 8.3(4) and later releases, the show fabric status command does not indicate the fabric speed.

The set option command set was inadvertently removed from software releases 7.6(7) and 8.3(1). The set option command set will be available again (engineering mode only) in software releases 7.6(8) and 8.3(3).

If you are running software release 8.3(1) or later on a Supervisor Engine 720 in text configuration mode and downgrade to software releases 8.1(x) or 8.2(1), the switch will crash with a TLB exception when the downgraded image is booted.

Workaround: To prevent this problem, enter the clear config all command before doing the downgrade. This problem is applicable only to the Supervisor Engine 720 in text configuration mode. Note that you do not see this problem when downgrading to software release 8.2(2). (CSCec56329)

With Supervisor Engine 720, there is a CLI inconsistency between Cisco IOS images for the MSFC and Catalyst images for the supervisor engine due to changes to rate-limiter groups. The inconsistency does not affect rate limiting; it only affects the data displayed using the show mls rate command on the MSFC and show rate limit command on the supervisor engine. The inconsistency may cause the supervisor engine to enable/disable TTL Fail rate limiters as a side effect when some rate limiters, including RPF Fail, No-route, and ICMP unreachable, are enabled/disabled.

The inconsistency is due to a group change on the MSFC. There are two rate-limiter groups that were previously defined as follows:

a) ACL input and ACL output

b) RPF Fail, No-route, ICMP unreachable, and TTL Fail

In group b, for the MSFC, "TTL Fail" was replaced with "IP errors" in Cisco IOS Release 12.2(17a)SX1 but this change was not made in the supervisor engine software until software release 8.3(1).

If the MSFC and Catalyst images do not use the same grouping policy, the inconsistency problem remains. To avoid the inconsistency, note the following software guidelines:

With Catalyst software release 8.3(1) and later releases, you must use Cisco IOS Release 12.2(17a)SX1 or later images.

With Catalyst software releases 8.1(x) and 8.2(x), you must use images earlier than Cisco IOS Release 12.2(17a)SX1.

When you save your configuration to a file when running software release 8.3(1), all trunk configurations are saved with the allowed VLAN range of 1 to 4094. If you try to reuse this configuration when downgrading to an earlier software release, all trunk-related commands fail because the earlier software release is expecting a VLAN range of 1 to 1005 and 1025 to 4094.

MAC addresses—Theoretical and recommended limits

PFC/PFC2: 128K theoretical maximum, 32K recommended

PFC3: 64K theoretical maximum, 32K recommended

A Supervisor Engine 2 might show 100 percent traffic utilization in the show system and show traffic command displays. This problem is cosmetic and does not indicate true traffic utilization. To correct the problem, you need to reprogram the Supervisor Engine 2 EPLD. To reprogram the EPLD, download the epld-sup2-trafficmeter-swupdate.hZ image and follow the instructions documented in the README.epld_update file. (CSCdx54751)

The standby use-bia option should not be used in an HSRP configuration. MLS entries are not created when you use the standby use-bia option. When you configure the standby use-bia option, if an HSRP active interface goes up and down, there will be no router CAM address for the standby VLAN interface. Without the router CAM entry, no shortcuts are created. This problem is independent of any MSFC Cisco IOS release. (CSCdz17169)

When upgrading an image (image synchronization) from the active supervisor engine to the standby supervisor engine, the standby supervisor engine and possibly other modules might report "Minor hardware problem in Module X" to the console display.

Workaround: Either reset the individual modules reporting this error, or reset the switch. (CSCdv51172)

ATA Flash PC cards are supported with software release 7.5(1) and later releases. However, we recommend using software release 7.6(1) and later releases because these releases have corrected earlier Flash file corruption issues.

When the diagnostic mode is set to complete (set test diaglevel complete command), the system might display "local bus stall error" messages when modules come online. The messages are erroneous and can be ignored. This problem does not occur when the system is configured to run minimal (default) diagnostics. (CSCdw09555)

In a redundant supervisor engine configuration, both supervisor engines must be running the same boot ROM version. For information on upgrading the boot ROM version, refer to the Catalyst 6500 Series Switch Supervisor Engine 2 Boot ROM and Bootflash Device Upgrade Installation Note at

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_12667.html

For Supervisor Engine 1, the minimum boot ROM required for software release 5.4(1) and later releases is 5.3(1). For Supervisor Engine 2, the minimum boot ROM required for software
release 6.2(2) and later releases is 6.1(3).

IPX Layer-3 switched traffic with a SAP encapsulation type (Novell Ethernet 802.2) to non-SAP encapsulation type (Novell Ethertype's: Ethernet 802.3, Ethernet II, and Ethernet SNAP) and vice versa, follows the software forwarding path (via MSFC/MSFC2) on the PFC and PFC2 forwarding engines. This might cause high CPU utilization on the MSFC/MSFC2.

Workaround: Avoid SAP to non-SAP and vice versa encapsulation changes when doing IPX Layer 3 switching.

When a Supervisor Engine 2 is running in truncated mode with QoS enabled and policers configured, the traffic subject to policing that is received on a fabric-enabled switching module destined to a non-fabric-enabled switching module is overpoliced. The traffic is policed to half the value configured in the policer. (CSCds02280)

If you perform a manual switchover or reset a switch while high-availability events are waiting in the queue of the standby supervisor engine, when the events will be completely processed is not known, and all configurations might not synchronize to the standby supervisor engine properly. (High-availability events are the result of changing the configuration through the CLI.) We suggest that after changing the configuration, you allow additional time before resetting the switch to allow the supervisor engine to process all synchronized events. (CSCdp59261)

With a PFC2, traffic that matches an egress reflexive ACL is handled by the MSFC2 as a partially switched flow. (CSCds09775)

Changing the console port baud rate from 19,200 to 38,400 incorrectly sets the console port to 9600 baud. After a reset, the console port baud rate is 38,400. Changing the rate to 38,400 from any other setting works correctly. (CSCdk86876)

In extremely rare conditions, if you enter the show module command, the status of the MSFC on the standby supervisor engine might be displayed as other. This has no impact on MSFC behavior and you should ignore this display. (CSCdp87997)

With PFC or PFC2 and a standard network topology as shown below where you have multicast senders in the core and multicast receivers on the access layer:

   

Layer 3 distribution No. 1

   
 

/

 

\

 

Layer 2 access

     

Core

 

\

 

/

 
   

Layer 3 distribution No. 2

   

If both distribution switches have two supervisor engines and MSFCs and are configured to provide multicast functionality for the same access VLANs, then you will see high CPU utilization on the non-DR routers due to non-RPF traffic. (CSCdr74908)

If you configure aging for UDP, it could slow down the removal of TCP entries belonging to a terminated connection. You might see entries no longer used in the NetFlow table being aged with the regular aging time of all the NetFlow entries instead of the very fast LDA aging.

Workaround: Enable the fast UDP aging only when it is really needed (for example, when load balancing UDP). (CSCdp79475)

In a system with a Supervisor Engine 2 and WS-X6101 (ATM LANE) modules, ACLs that you configured from the CLI or COPS on the ATM LANE module ingress ports do not work. (CSCds09425)

With Supervisor Engine 1 and PFC, online diagnostic failures are experienced on modules during bootup, online insertion, or module reset if you reconfigure the QoS default-action MAC ACL to include an aggregate policer with an action of drop. The system default does not include an aggregate policer in the default-action MAC ACL. The likelihood of the diagnostics failures increases as the amount of traffic being policed (dropped) by that aggregate policer increases. As the rate value specified in the policer decreases, the amount of traffic matching all ACLs specifying that aggregate policer increases. (CSCdp15471)


Note For switches with Supervisor Engine 2 and PFC2, CSCdp15471 is resolved in software release 6.1(1a).


In a 13-slot chassis with redundant Supervisor Engine 2s, if the diagnostic mode is set to bypass, the bringup time of the system may be longer.

Workaround: Set the diagnostic mode to minimal or complete. (CSCdw09563)

In a 13-slot chassis with a large number of installed modules (especially 48-port 10/100 modules), there might not be enough NVRAM to save the configuration. In this event, use the text file configuration mode.

Modules and Switch Ports

This section contains usage guidelines, restrictions, and troubleshooting information that apply to modules and switch ports:

On a Catalyst 6500 series switch that runs software release 8.7(3), the Maintenance Intermediate Points (MIPs) continue to send AIS PDUs when the intermediate switch/module is reset. This problem is observed in a network in which an edge switch and an aggregation switch is connected, and when CFM AIS and Link-OAM are enabled.

Workaround:

1) Disable CFM/AIS/Link-OAM on the administratively disabled ports and its connected peer ports.

2) Set the default port status of the switch to disable. The unused ports will stay in the disabled state and will not appear in the nondefault configuration.

3) Keep all the unused ports unplugged.

4) Enable the Link-OAM and AIS feature only on the active ports which are required for the CFM protocol functionality. (CSCsy91845)

The WS-X6724-SFP modules are not recognized correctly on the Catalyst 6500 series switch. For this reason, the recommended supervisior engine software release is as follows:

For the 24-port Gigabit Ethernet switching module hardware version 2.2 and earlier versions, the recommended supervisor engine software release is 8.1(2). (CSCee30191)

For the 24-port Gigabit Ethernet switching module hardware version 2.3 and later versions, the recommended supervisor software release is 8.3(3). (CSCee30191)

It is possible to power down a Switch Fabric Module from the CLI before it comes online but we do not support this action. Powering down a Switch Fabric Module while it is coming online can cause conflicting switching mode change operations to occur simultaneously which can result in delays in restoring the data path and unpredictable switch behavior. This Switch Fabric Module behavior is not going to be addressed by any hardware or software modifications. Rather, we are advising you to wait to power down a Switch Fabric Module until it comes online.

Later model 10/100/1000 switching module ports (such as WS-X6148-GE-TX, WS-X6548-GE-TX, and WS-X6516-GE-TX) that are set to half-duplex may count runts along with collisions. This is a hardware issue and is not related to any software releases. (CSCec79736)

With software release 8.2(1), new CLI commands have been developed to deal with packet buffer memory errors that could occur with the WS-X6248-RJ-45, WS-X6348-RJ-45, and WS-X6348-RJ45V modules (these errors are documented in CSCec37610).

You are given two options to deal with these errors. The first option is to put the ports with this error condition in err-disable state. The second option is to power cycle the module. Putting the ports in the errdisable state is configured as the default. Additionally, there is a new errdisable-timeout cause: packet-buffer-error.

The new CLI is as follows:

Console>(enable) set errordetection packet-buffer ?
errdisable
powercycle
Console>(enable) set errordetection packet-buffer errdisable 
Packet buffer error detection set to errdisable. 
Console>(enable) set errordetection packet-buffer powercycle 
Packet buffer error detection set to powercycle. 
Console>(enable)
Console> show errordetection 
Inband error detection: 	  disabled
Memory error detection:        disabled
Port counter error detection:  disabled
Packet buffer error detection: powercycle 
Console> show errdisable-timeout 
ErrDisable Reason           Timeout Status
----------------------      -------------------
bpdu-guard                  disable
channel-misconfig           disable
duplex-mismatch             disable
udld                        disable
crossbar-fallback           disable
packet-buffer-error         disable
other                       disable
Interval: 300 seconds
Port      ErrDisable Reason
-----      -----------------------
5/1         packet-buffer-error
5/2         packet-buffer-error
5/3         packet-buffer-error
5/4         packet-buffer-error

The WS-X6548-GE-TX, WS-X6548V-GE-TX, WS-X6148-GE-TX, and WS-X6148V-GE-TX modules do not support the following:

More than 1 Gbps of traffic per EtherChannel

ISL trunking

VLAN translation

Jumbo frames

802.1Q tunneling

Traffic storm control

In software release 7.6(x) and earlier releases: Ingress SPAN sources when the switch is operating in truncated and compact modes (also applies to the WS-X6516A-GBIC module)


Note With software release 8.2(1), due to firmware enhancements, the oversubscription problems associated with EtherChannel are no longer an issue with the WS-X6548-GE-TX module.


If a link partner has auto-mdix enabled, this will interfere with the TDR cable diagnostics test and the test results will be misleading. Auto-mdix should only be enabled on one end of the link. (CSCea73643)

With some legacy modules (such as WS-X6148-RJ45/RJ21, WS-X6248, and WS-X6348), jumbo frames are passing through even though jumbo frames have been disabled on the ports. This behavior is expected for the port ASICs on these legacy modules. (CSCeb20374)

The 8-port T1 PSTN interface module (WS-X6608-T1) voice ports will not retain their configuration across switch reboots if the switch is in text config mode.

Workaround: Manually configure the T1 voice module after each switch reset. This problem only applies if the switch is in text config mode. (CSCdv04864)

When the WS-X6548-RJ-45 is operating at 10Mb mode, pre-1994 NICs on ports 7, 15, 23, 31 and 39 may have connectivity problems. If these ports are having connectivity problems, enable auto-polarity detection in the NIC driver (where this is available) or use any of the other module ports. For additional information, refer to CSCdx15951.

With a Switch Fabric Module installed and the switch in flow-through mode, resetting a fabric-enabled module during periods of high traffic might cause other modules to reset. This situation can cause temporary traffic loss until the reset module comes back online. This problem is only seen when the diagnostics are set to minimal or complete (set test diaglevel command).

Workaround: Power cycle the module (set module power up/down mod_num). (CSCdw04861)

When you connect a Cisco IP Phone 7960 to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link remains up but the phone is down. This problem only occurs at 10 Mbps.

Workaround: Disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)

If a module fails to come online after a software upgrade, as a workaround, reset the module to bring it online. (CSCdu77125)

When a module is reset due to a firmware download, the module may take 30 to 50 seconds (depending on the type of module) to come online and another 2 to 30 seconds (depending upon whether PortFast is configured or not) for spanning tree related events.

The Distributed Forwarding Card (WS-F6K-DFC) and 16-port Gigabit Ethernet switching module (WS-X6816-GBIC) are not supported in systems running Catalyst software on the supervisor engine and Cisco IOS software only on the MSFC. These items are supported on systems running Cisco IOS Release 12.1(8a)E or later on both the Supervisor Engine 2 and the MSFC2. For more information, refer to the Release Notes for 12.1(8a)E on Cisco.com:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/release/notes/OL_2310.html

You cannot reset individual ports on WS-X6608-T1 or -E1 modules. To reset a port, reset the module. (CSCds19417)

When you hot insert a module into a Catalyst 6000 or 6500 series chassis, be sure to use the ejector levers on the front of the module to seat the backplane pins properly. Inserting a module without using the ejector levers might cause the supervisor engine to display incorrect messages about the module.

If you see minor hardware failures or sync errors on bootup, reconfirm that the supervisor engine and all the switching modules are fully seated, the ejector levers are fully depressed, and the thumbscrews are fully tightened.

There is a cabling issue with the 48-port 10/100BASE-TX switching module (WS-X6248-TEL). The WS-X6248-TEL module RJ-21 connectors do not support Category 3 RJ-21 telco connectors and cabling. Using Category 3 connectors and cabling causes carrier sense errors. The connectors are keyed for Category 5 telco connectors and cables. You must use Category 5 RJ-21 telco connectors and cables.

24-port 100FX switching modules (WS-X6224-100FX-MT) with a hardware version of 1.1 or lower only support IEEE 802.1Q VLAN trunking; they do not support ISL trunking. Do not configure ISL trunks on 24-port 100FX switching modules (WS-X6224-100FX-MT) with a hardware version of 1.1 or lower. The restriction against ISL VLAN trunking is the only known problem with hardware version 1.1 or lower of these modules. If you do not require ISL VLAN trunking, these modules are fully functional. The ISL VLAN trunking problem has been corrected in hardware version 1.2 or later of these modules. If you wish to return a WS-X6224-100FX-MT module with a hardware version of 1.1 or lower, contact Cisco Systems.

You can identify WS-X6224-100FX-MT hardware versions using one of the following two methods:

Command-line interface (CLI) method—Use the show version command to identify the hardware version of the WS-X6224-100FX-MT module as follows:

Console> show version
< ... output truncated ... >
Mod Port Model               Serial #    Versions
--- ---- ------------------- ----------- --------------------------------------
< ... output truncated ... >
5   24   WS-X6224-100FX-MT   SAD02470006 Hw : 1.1
< ... output truncated ... >
Console>

The example shows a WS-X6224-100FX-MT module with a hardware version of 1.1; this version does not support ISL VLAN trunking.

Physical inspection method—Look for the part number that is printed on a label on the outer edge of the component side of the module. Versions 73-3245-04 or lower do not support ISL trunking.

When multiple instances are configured over a LANE trunk and when the root for one of the instances is moved, the other instances stop receiving BPDUs. The fix for this problem will be available in a Cisco IOS Release for the ATM LANE module later than Release 12.1(2)E1. (CSCdr88794)

The show module command might show different versions for different modules in the chassis when upgraded with versioning enabled. (CSCdr55665)

The following debounce timer command options have been added to increase the jitter tolerance on 10/100 UTP ports to make them interoperable with out-of-spec NICs:
set option debounce enable—Sets debounce to 3.1 seconds on 10/100 cards.
set option debounce disable—Sets debounce to 300 ms. The default is 300 ms debounce.
(CSCdp56343)

If a 16-port Gigabit Ethernet fabric-enabled GBIC switching module (WS-X6516-GBIC) is fully populated with 1000BASE-T GBICs (WS-G5483), it might be difficult to access the insertion/removal bracket on the module.

Workaround: Remove at least two of the 1000BASE-T GBICs before removing the module. (CSCdw25775)

If a 16-port Gigabit Ethernet fabric-enabled GBIC switching module (WS-X6516-GBIC) is fully populated with 1000BASE-T GBICs (WS-G5483), it might be difficult to remove the module in the slot above the WS-X6516-GBIC module.

Workaround: Remove at least two of the 1000BASE-T GBICs before removing the module above the WS-X6516-GBIC module. (CSCdx19538)

A SPAN session with a 10/100 source port and a Gigabit destination port might result in duplicated packets on the destination port. (CSCea32926)

Voice modules, such as a WS-X6624-FXS and a WS-X6608-T1/E1, fail to register with the Cisco CallManager if a WS-X6148-GE-TX is used for the Cisco CallManager connection.

Workaround: Use another type of module, such as a WS-X6148-RJ45V, for the Cisco CallManager connection.

This problem is resolved in Cisco CallManager Release 3.3(3)sr1. (CSCeb38168)

The WS-X6748-GE-TX module, and possibly other modules, might take an unusually long time to come online. This problem is seen only when Layer 2 port security ratelimiters are not enabled, there is significant traffic from Ixia on all the trunk ports, and the switch is rebooting. The problem is not seen when Layer 2 port security ratelimiters are enabled.

Workaround: Enable Layer 2 port security ratelimiters by entering the set rate-limit l2port-security enable command. Note that this command is not supported in truncated mode and is supported only on PFC3. (CSCee44405)

SFP, XENPAK, and GBIC Behavior

This section contains usage guidelines, restrictions, and troubleshooting information that apply to SFP, XENPAK, and GBIC behavior:

All non-Cisco SFPs and XENPAKs come up as "Faulty" and will not work. The port is marked "Failed." A syslog is printed stating that the integrity check on the transceiver has failed. This behavior is true for SFPs since software release 8.1(1), and XENPAKs since software release 8.1(2).

All unsupported Cisco SFPs and XENPAKs come up as "Unknown". A syslog is printed stating that the transceiver is unsupported. This behavior is true for unsupported Cisco SFPs and XENPAKs in software release 8.2(1) only. In software release 8.1(x), all unsupported Cisco SFPs and XENPAKs come up as "Faulty."

All Cisco and non-Cisco SX, LX, LH and ZX GBICs will work with the correct port type. Other third-party GBICs (non-SX, non-LX, non-LH and non-ZX) may or may not work starting with software release 7.2(1). That is, the GBIC might be marked "Faulty," and the port marked "Failed" or they might come up as "Unknown." Some third-party GBICs recognized by the software as "Unknown" may work.

EtherChannel

This section contains usage guidelines, restrictions, and troubleshooting information that apply to EtherChannel:

The WS-X6548-GE-TX, WS-X6548V-GE-TX, WS-X6148-GE-TX, and WS-X6148V-GE-TX modules have a limitation with EtherChannel. EtherChannel is supported on these modules for all configurations (10, 100, and 1000 Mbps speeds) but be aware of the following cases of oversubscription when you are configuring these modules:


Note With software release 8.2(1), due to firmware enhancements, the following oversubscription problems are no longer an issue with the WS-X6548-GE-TX and WS-X6548V-GE-TX modules.


On these modules there is a single 1-Gigabit Ethernet uplink from the port ASIC that supports eight ports. For EtherChannel, the data from all links in a bundle goes to the port ASIC, even though the data is destined for another link. This data consumes bandwidth in the 1-Gigabit Ethernet link. For these modules, the sum total of all data on an EtherChannel cannot exceed 1 Gigabit.

You could also run into the oversubscription problem if you have four WS-X6148-GE-TX or WS-X6148V-GE-TX modules running at 100 Mbps with 48 EtherChannels, and each channel having 4 ports (1 port per module).

If you use the Switch Fabric Module with the WS-X6548-GE-TX or WS-X6548V-GE-TX modules, that configuration would avoid the oversubscription problem. The Switch Fabric Module interface filters and distributes the packets to the correct module per the EtherChannel bundle hash. However, you must have one port per module in the bundle. Once you have more than one port of a WS-X6548-GE-TX or WS-X6548V-GE-TX module in an EtherChannel bundle it will start oversubscribing.


Note Using channeling for Layer 1 redundancy is a valid configuration option with these modules.


Catalyst switches running supervisor engine software releases 6.2(x) and later cannot form a channel with HP-server NICs. TLV checking, which was added for PAgP packets in software
release 6.2(1), uncovered a problem with HP-UX systems where the packet length was set incorrectly. HP has an updated driver available that can solve the problem; contact HP Technical Support for details. (CSCdu84575)

When you enable UplinkFast, the EtherChannel port path cost (set with the set channel cost command) for a 4-port 10/100 EtherChannel is less than the port path cost of a parallel Gigabit Ethernet link. This situation causes the slower 4-port EtherChannel to forward and the Gigabit Ethernet link to block. (CSCds22895)

Quality of Service

This section contains usage guidelines, restrictions, and troubleshooting information that apply to QoS:

The ToS byte remains unchanged in bridged multicast packets when you enable Multicast Multilayer Switching (MMLS). The system does not support multiple, different rewrites for a single packet. A Layer 3 rewrite is generated for multicast; there is no rewrite for the Layer 2 forwarding.

For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). No ToS rewrite occurs for the packets that are bridged in the same incoming VLAN. (CSCdm72364)

The rate and burst parameters for microflow/aggregate policing are specified in terms of kbps (kilobits per second) and Kb (kilobits). However, the following should be noted:

Rate specification—1 kbps is equivalent to 1000 bits per second (as opposed to 1024 bits per second)

Burst specification—1 Kb is equivalent to 1024 bits

Running two or more QoS commands from different Telnet or SSH sessions could cause the switch to hang or reset. We recommend that you do not execute two or more QoS commands simultaneously from different Telnet, SSH, or console sessions. (CSCdy74994)

With Supervisor Engine 1 and Supervisor Engine 2, the set port qos mod/port {port-based | vlan-based} command configures all ports on switching modules with 1p1q0t/1p3q1t QoS port architecture.

Microflow policing does not support policing of identical flows arriving on different interfaces simultaneously. Attempts to do so lead to incorrectly policed flows. (CSCdt72147)

If there is an error in installing any COPS policy, a successful commit is sent to the PDP even if the policy was not correctly installed. In such situations, any modifications to the port's role combination does not install the correct policy on the port and might result in a switch reset. (CSCdp66572)

If you create a security ACL with the redirect option and then replace the module that has the redirect port with another kind of module, the security ACL does not have the redirect port list anymore.

Workaround: Manually modify the security ACL with the new redirect port information. (CSCdp74757)

If you download a COPS ACL containing a policer to the switch and the switch cannot support the exact rate/burst supplied by the policer, no message informs you that the rate/burst was rounded off to the nearest value that the hardware could support. (CSCdr28715)

If the QoS policy source is set to COPS, Catalyst 6500 series switches do not support nonzero WRED minimum values. If a COPS QPM server sends down a COPS policy with a nonzero WRED minimum value, no error report is returned to the COPS server. As a result, there is no indication to the user that the WRED minimum specified in the COPS policy was not used. (CSCdr28819)

On a Catalyst 6500 series switch, when the switch QoS policy source is COPS, no COPS roles are defined for a port, and the port policy source is COPS, the values that you set for the QoS configuration (such as queue mappings and sizes) are inappropriate. For example, all CoS values get mapped to the strict-priority queue on a 1p2q2t or 1p1q4t port type. This situation can lead to bandwidth starvation for other ports in the switch, especially, if these ports with a strict-priority queue are generating high rates of traffic.

Workaround: Avoid this problem is to either configure a COPS role on all ports in the switch or configure all ports without a COPS role to use local policy. (CSCdp44965)

If a large number of QoS ACLs are defined on the system during switch bootup, some packets might get switched before the QoS ACLs are installed in hardware. This scenario would result in some packets getting an incorrect ToS or no policing applied. After the QoS ACLs are installed in hardware, the correct ToS and policers are applied. It is considered inappropriate to block traffic from flowing until all the QoS policy is installed. (CSCdp68608)

After setting the QoS policy source to local, you might need to wait approximately 20 seconds before the QoS policy source can be set back to COPS. (CSCdp34367)

The COPS policy fails to install on ports with a large number of QoS policers.

Workaround: Unmap the local ACLs before installing the COPS policy. (CSCdp63138)

Use the QoS strict-priority queues for your highest-priority traffic only. The strict-priority queues are designed to accommodate only a limited volume of traffic. If you overload the strict-priority queues, the supervisor engine cannot service the standard queues. (CSCdm90683)

With QoS disabled, an EtherChannel can contain ports with both strict-priority queues and ports without strict-priority queues. With QoS enabled, an EtherChannel cannot contain both port types. If you enable QoS, ports drop out of any EtherChannels that contain both port types.

When COPS is the QoS policy source, TFTP traffic and switching might be affected if a COPS policer is configured with a rate or burst value that the Catalyst 6500 series switch cannot support. (CSCds16976)

Except for ports that support 1p1q0t/1p3q1t and 1q2t/1p2q2t, the set port qos trust command and the trust-ipprec and trust-dscp port keywords are not supported on 10-, 10/100-, and 100-Mbps ports. Instead, configure ACLs with the trust-cos, trust-dscp, and trust-ipprec ACE keywords. Note that the trust-cos port keyword can be used on 10-, 10/100-, and 100-Mbps ports to enable receive-queue drop thresholds.


Note The WS-X6148-RJ45, WS-X6148-RJ45V, WS-X6148-RJ-21, and WS-X6148-RJ21V modules also support trust-cos, trust-ipprec, and trust-dscp.


To avoid the case where all traffic is out of profile, the burst size specified in a QoS policing rule must be at least as large as the maximum packet size permissible in the traffic to which the rule is applied.

With heavy COPS protocol traffic between either the COPS-DS client or the COPS-RSVP client and the PDP, it is possible for a connection keep-alive timeout event to occur and for the COPS connection manager to miss a Client Close from the PDP. When this happens, the switch might have an exception later. (CSCdp64213)

Automatic Quality of Service with Cisco IP Phones

This section contains usage guidelines, restrictions, and troubleshooting information that apply to configuring automatic QoS with Cisco IP Phones:

Cisco IP Phone 79xx phone marking—The Cisco IP Phone 79xx does not mark its protocol packets such as DHCP, TFTP, and DNS packets with nonzero DSCP values. This causes the IP phone to see DHCP, DNS, and/or TFTP timeouts when an uplink port on a switch is oversubscribed. This results in the IP phone taking a long time to register with the Cisco CallManager or the IP phone might not register at all. Additionally, phone directories, IP phone services, call logs, ring tones, and so on become unavailable or do not work correctly for the IP phone user.

Workaround: Use custom QoS ACLs instead of automatic QoS on the switch. For this problem, caveat CSCdy62735 has been logged against the Cisco IP phone.

Cisco CallManager is not marking protocol packets—This Cisco CallManager issue is similar to the above issue (CSCdy62735). If uplink ports are oversubscribed, TFTP packets from the Cisco CallManager are dropped by the switch.

Workaround: Use custom QoS ACLs instead of automatic QoS on the switch.

Cisco IP Phone 79xx phone reset problem—The Cisco IP Phone 79xx resets when the IP phone's PC port is oversubscribed. This problem is seen in rare circumstances; the IP phone's PC port should not get oversubscribed unless there is a broadcast storm or some other outage in the network. This problem was addressed with caveat CSCdy50584 and has been resolved in Cisco CallManager release 3.3(2) SPC.

CDP issue—CDP protocol packets are not CoS labeled correctly. This problem prevents the switch from properly prioritizing the "hello" packets being sent to and from the IP phone. Under heavy traffic conditions, this results in loosing the IP phone from the CDP perspective. This problem was addressed with caveat CSCdy53339 and has been resolved in software release 7.6(1) and later releases.

Cisco SoftPhone does not tag any voice signaling packets—With this problem, voice signaling packets from Cisco SoftPhones get dropped and Cisco Soft Phones fail to connect to the Cisco CallManager and the user cannot make or receive calls if the switch uplink ports are oversubscribed.

Workaround: Use custom QoS ACLs instead of automatic QoS on the switch. For this problem, caveat CSCdy60186 has been logged against Cisco SoftPhone.

Multicast

This section contains usage guidelines, restrictions, and troubleshooting information that apply to multicast protocols and traffic on the switch:

Support for multicast sources protected by the IDSM-2 module requires using Cisco IOS as the software on the Catalyst 6500 series switch with the SPAN reflector feature (monitor session service module) enabled. Using the Catalyst operating system on the Catalyst 6500 series switch with the IDSM-2 module does not allow multicast switching in hardware for multicast sources protected by the IDSM-2 module.

With bidirectional PIM enabled, a TTL=1 multicast packet is not bridged to the ingress VLAN when rate limiting of TTL failure is enabled and index redirection of TTL failure is configured. This problem is seen with PFC, PFC2, and PFC3A. It is not seen with PFC3BXL. (CSCed66503)

The Cisco IOS last-member-query-interval command allows you to increase the time that the router waits for host responses to IGMP GS queries (group-specific queries). The switch implements this interval statically, as defined in RFC 2236 (the default is 1000 ms). If you configure a router that is connected to the switch with a "last-member-query-interval" that is greater than the default interval as defined in RFC 2236, and you enable IGMP snooping on the switch, then hosts connected to the switch might have packets discarded if these hosts are unable to respond to GS queries within the interval implemented on the switch. The supervisor engine software does not modify its behavior based on the last-member-query-interval that is configured on the connected routers. Do not modify the last-member-query-interval on the routers that are connected to the switch if IGMP snooping is enabled.

Workaround: Disable IGMP snooping on the switch. (CSCdu72041)

A new command, set igmp ratelimit [disable | enable], has been added to the 6.x, 7.x, and 8.x software releases starting with the following releases:

6.4(7)

7.6(5)

8.2(1)

IGMP rate limiting is disabled by default. In the 6.4(x) software release, rate-limit counters are supported only in text configuration mode. The set igmp ratelimit [disable | enable] command is supported in both text and binary configuration modes in all software release trains.

If IGMP rate limiting and multicast are enabled, multicast router ports might age out sporadically because the rate of the multicast control packets (such as PimV2-hellos or IGMP-General Queries) exceed the IGMP rate-limit watermarks that were configured. The default values for these watermarks is 100. The workaround (documented in CSCea44331) is to increase the PimV2-hellos rate limit; we recommend that you set the value to 3000 using the set igmp ratelimit pimv2 3000 command. You can also increase the IGMP-General Queries rate limit; we recommend that you set the value to 500 using the set igmp ratelimit general-query 500 command.

In software release 8.3(1) and later releases, IGMP rate-limiting commands are deprecated and a multicast rate-limiting mechanism is introduced. Through this mechanism, IGMP control packets are rate limited. Because the IGMP rate-limiting mechanism is deprecated and a new multicast rate-limiting mechanism is introduced, all caveats specific to IGMP rate limiting do not apply to software release 8.3(1) and later releases. The new commands introduced in software release 8.3(1) are the set multicast ratelimit commands and the show multicast ratelimit-info command. For details on these commands, see the Catalyst 6500 Series Switch Command Reference, software release 8.3(1).

The maximum number of supported user-configured multicast CAM entries is 256. After adding 256 permanent or static multicast CAM entries, the switch produces the error "Failed to add CAM entry." After adding 256 static or permanent CAM entries, all attempts to add more static or permanent multicast entries fail. This is true for the same port/same VLAN, different port/same VLAN, and different port/different VLAN.

If you install an MSFC2 and the VLAN interface that is defined on the MSFC2 is in shutdown mode, bridged IP multicast traffic will not be policed. (CSCdu12731)

The only ports that send out the GMRP LeaveAll messages are the ports that have previously received GMRP joins.

With software releases 7.1(1) and later, the maximum number of Layer 2 multicast entries is 15488.

If RGMP-enabled routers connected to an RGMP-enabled Catalyst 6500 series switch join many groups, the switch might run out of memory. Ensure that the total number of entries displayed by the show rgmp group count command is fewer than 800. The actual maximum number of entries will vary depending on the features enabled on the Catalyst 6500 series switch and the amount of memory installed.

When a multicast goes to both bridged and routed addresses, the multicast packets going to the routed addresses are Layer 3 switched, and the multicast matches an ACL so that QoS rewrites the ToS byte in the multicast packet. QoS does not rewrite the ToS byte for the multicast packets that are bridged.

We recommend that you do not use more than 1500 multicast groups with GMRP. This restriction does not apply to IGMP.

In extremely rare conditions, multicast traffic might be blocked due to a mismatch between hardware and software entries. (CSCdp81324)

SPAN, RSPAN, Private VLANs, and RGMP are not supported with IGMP version 3 snooping.

Be aware of the following multicast traffic caveats specific to Supervisor Engine 2 (these caveats apply to all software releases supporting Supervisor Engine 2):

If an outgoing IOS ACL is configured on an interface, Supervisor Engine 2 based systems will match/apply the IOS ACL in software. This results in all outgoing multicast flows for that interface being handled in software (based upon specific deny/permit all statements). MMLS is effectively disabled for the interface. Be aware that handling outgoing IOS ACLs in software increases CPU utilization.

Outgoing VACLs are not applied to multicast traffic with Supervisor Engine 2.

IGMP version 3 reports are flooding on VLANs. The reports should be sent only to IGMP version 3 router ports and IGMP version 3 hosts. This problem only occurs with PFC2. There is no problem with PFC3. (CSCdx51216)

Under conditions of severe load on the switch, such as either a large number of VLAN ports and their port-state changes or a high rate of multicast control traffic, IGMP snooping may get automatically disabled for approximately 2 minutes. When IGMP snooping is automatically disabled, a syslog is generated and the show igmp mode command and the show multicast protocol status command show that IGMP is operationally disabled.

IGMP Version 3 with MMLS

This subsection contains usage guidelines, restrictions, and troubleshooting information that apply to IGMP version 3 with MMLS on the switch:

IGMP version 3 with MMLS applies only to Supervisor Engine 720. On Supervisor Engine 2, IGMP version 3 snooping cannot be performed for MMLS-switched flows; therefore, MMLS cannot be enabled when IGMP version 3 is enabled.

IGMP version 3 with MMLS applies to the SSM-Range configured on the MSFC. The SSM-Range should be either the default, or the ACL that you use to configure a range should have ACEs with the action as permit only.

On Supervisor Engine 720, IGMP version 3 snooping works only with MMLS hardware-switched flows (as documented in CSCin51214). Therefore, IGMP version 3 snooping should be enabled if MMLS is enabled.

With software release 8.3(3) and later releases, IGMP version 3 snooping does not work with static multicast CAM entries configured. If there are user-configured static multicast CAM entries that correspond to a multicast group operating in IGMP version 3, the multicast traffic directed to the multicast group does not reach the ports that are configured in the static multicast CAM entry. A symptom of this problem is when ports that are configured in the static multicast CAM entry do not receive traffic destined for that GDA MAC address.

Workaround: Disable IGMP version 3 snooping by entering the set igmp v3-processing disable command. (CSCee36768)

Spanning Tree

This section contains usage guidelines, restrictions, and troubleshooting information that apply to Spanning Tree:

On a Catalyst 6500 series switch that runs software release 8.7(3), with an MST multiregion topology, a topology change in a region removes the CAM table of the other regions even if the VLANs / instances are pruned on the border switch links. This problem occurs when spanning tree is set in the MST mode.

Workaround: None. (CSCsz18147)

On a Catalyst 6500 series switch that runs software release 8.7(3), a linkdown/up traffic convergence can occur within a leaveall timer period. This problem occurs when the spanning tree mode is PVST+.

Workaround: None. (CSCta68861)

On a Catalyst 6500 series switch that runs software release 8.7(3), when you enter the show spantree [vlan | mst] and show spantree statistics mod/port [vlan | mst] command, the spanning tree variable last topology change occurrs but the topology change initiator does not get updated. This problem occurs when the topology change propagates in the network at a node that is not local to a switch. However, the variable fields display the correct values when the topology change is initiated by a switch.

Workaround: None. (CSCsd 84159)

On Catalyst 6500 series switches that runs software release 8.5(7) in the same region, if two switches that are configured with MST and VLANs are mapped, and a third switch is configured with PVST+, then the output of the command show spantree statistics mod/port mst num displays invalid MAC addresses including zeros.

Workaround: Allow the native VLAN on the trunk port of MST that is connected to the other region of MST or to PVST+. (CSCs63901)

In rare circumstances with a topology that we do not recommend, when you have a root switch with high availability enabled running MST, additional switches running Rapid-PVST+ connected to the root switch, and the switches running Rapid-PVST+ are also connected to each other, the switches running Rapid-PVST+ reconverge when a high-availability switchover occurs on the root switch running MST. This problem occurs only when the Rapid-PVST+ switches are connected with each other (such as in a triangular topology).

Workaround: Do not connect the leaf switches. The Rapid-PVST+ switches should connect directly to the MST switches (we recommend this topology). (CSCee02592)


Note With software release 8.1(1) and later releases, Rapid-PVST+ is the default spanning tree protocol.


After upgrading from software release 5.x to software release 8.3(1), the switch comes up with Rapid-PVST+ as the default spanning tree protocol which is expected as Rapid-PVST+ is the default spanning tree protocol in software release 8.1(1) and later releases. However, prior to the upgrade, the default spanning tree protocol was IEEE 802.1D bridge spanning tree protocol. With IEEE 802.1D, the show spantree summary command shows the listening port count as 0 and constant. With Rapid-PVST+, the show spantree summary command shows the listening port count fluctuating. Resetting the switch does not correct the problem.

Workaround: Upgrade to software release 6.x and then upgrade to software release 8.3(1). (CSCee43648)

MST problemPowering down the Switch Fabric Module usually takes between 3 and 5 seconds. During this time, traffic and protocol packets are disrupted. The MST root port does not receive BPDUs during this period and the re-root mechanism is called (the re-root mechanism causes the root port to go to the blocking state). As soon as the MST port starts receiving BPDUs, the topology reconverges. (CSCdv86120)

If the forward delay, max age, and hello time Spanning Tree Protocol (STP) parameters are reduced in value, ensure that the number of instances of STP are also reduced proportionally to avoid STP loops in the network.

Occasionally (less than once in every 100 attempts), the console process might lock when an STP mode changes from PVST+ to MISTP.

Workaround: Reset the switch. (CSCds20952)

If you have a Catalyst switch in your network with MAC address reduction enabled, you should also enable MAC address reduction on all other Layer-2 connected switches to avoid undesirable root election and spanning tree topology issues.

When MAC address reduction is enabled, the root bridge priority becomes a multiple of 4096 plus the VLAN ID. With MAC address reduction enabled, a switch bridge ID (used by the spanning-tree algorithm to determine the identity of the root bridge, the lowest being preferred) can only be specified as a multiple of 4096. Only the following values are possible: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.

Therefore, if another bridge in the same spanning-tree domain does not run the MAC address reduction feature, it could claim and win root bridge ownership because of the finer granularity in the selection of its bridge ID.


Note The MAC address reduction feature is enabled by default on Cisco switches that have 64 MAC addresses (Cisco 7606, CISCO7603, WS-C6503, and WS-C6513).


Access Control

This section contains usage guidelines, restrictions, and troubleshooting information that apply to security:

When you are running Cisco IOS Release 12.2(17a)SX and later releases on the MSFC and Catalyst software release 8.5(1) and later releases on the supervisor engine, if you enable QoS microflow policing on a VLAN and have a reflexive ACL configured on the VLAN, the reflexive ACL traffic will be software switched.

Workaround: If you use the reflexive ACL in combination with QoS microflow policing and you want this traffic to be hardware switched, you must upgrade your MSFC to Cisco IOS Release 12.2(18)SXF and later releases. (CSCsb89613)

A security ACL will not take effect for sources that are present in the INCLUDE list if the IGMP version 3 state is in INCLUDE mode and the multicast source and receiver are in the same VLAN. (CSCdy15849)

Note that the VACLs access-control all traffic passing through a VLAN. This includes broadcast traffic and packets going to and from the router. Therefore, you must use care when defining a VACL.

For example, to allow traffic from a local IPX client (daf11511) to a remote server (daf00402), the following VACL is configured (remote server is learned through a routing protocol):

set security acl ipx jg_ipx_permit
 ---------------------------------------------------
 1. permit any DAF00402 DAF11511 
 2. permit any DAF11511 DAF00402 
 3. permit any DAF01023 DAF01023 
 4. permit any DAF11511 0 
 5. permit any 0 0 
 6. permit any DAF11511 DAF11511 

The VACL description is as follows:

1, 2. Allow IPX between client and server.

3. The router needs to see the RIP/SAP packets.

4. If packets are dropped during a connection, the client tries to find another route to the server by sending out RIP requests to IPX network 0.ffff.ffff.ffff. Not doing this results in a lost connection after packet drop.

5. Upon startup, a client sends its first packets to 0.ffff.ffff.ffff and uses 0.ffff.ffff.ffff as its one IPX address.

6. When a server connection socket is timed out, the client reconnects by sending a request to its local network to find its server.

As the example shows, just 1 and 2 is not enough; you also have to define 3 through 6 to achieve the goal. (CSCdm55828)

Make sure that the redirect port defined in a VACL is on the same VLAN as the "incoming" VLAN for the packet that is to be redirected. Otherwise, the redirected packet will be dropped.

For example, a redirect VACL is defined on VLAN 5 and the redirect destination port is also on VLAN 5. If an MLS entry is destined to VLAN 5, packets that are coming from VLAN 2 hit this MLS entry and also hit the VACL redirect ACE (both VLAN 2 and VLAN 5 ACLs will be checked) and are redirected in the incoming VLAN, VLAN 2. The redirect destination port will drop them on VLAN 5 rather than on VLAN 2.

In a Catalyst 6500 series switch with two Supervisor Engine 2s, if you have more than 300 QoS ACLs and each QoS ACL is mapped to a different VLAN, the active supervisor engine might reset after clearing all the QoS ACLs and then committing the change. (CSCdu85021)

High Availability

This section contains usage guidelines, restrictions, and troubleshooting information that apply to high availability:

With software release 8.5(1) and later releases, supervisor engine high availability is enabled by default.

In single router mode (SRM) or dual router mode, when configuration changes are made in the running configuration of the designated router while the nondesignated router is either not fully up or has not completed the high-availability handshakes, negate (no) commands (such as no shut and no ip address) may not show up on the nondesignated router once the running configuration synchronization completes. After the high-availability switchover, the affected negate commands do not show up in the running configuration of the designated router either. This problem is documented in caveat CSCeg19764.

MSFC configuration synchronization is only supported for IP and IPX configurations. Before enabling synchronization, you must ensure that both MSFCs have identical configurations for all protocols. If you are using AppleTalk, DECnet, VINES, or any other routing, you must manually ensure that identical configurations are on both MSFCs for all protocols.

Redundant supervisor engines must be of the same type with the same model feature card. Note that WS-X6K-SUP1-2GE and WS-X6K-SUP1A-2GE (both without PFCs) are compatible for redundancy. For supervisor engines with PFCs, the PFCs must be identical for redundancy (two PFCs or two PFC2s).

High availability does not support use of the Reset button. Pressing the Reset button to initiate a switchover results in a high-availability switchover failure.

Workaround: Make the active supervisor engine the standby supervisor engine first, and then remove it from the chassis. (CSCdp76806)

NVRAM synchronization and high-availability synchronization does not work between supervisor engine software release 6.3(1) and any later version. (CSCdv43206)

Multilayer Switching

This section contains usage guidelines, restrictions, and troubleshooting information that apply to MLS:

If you have routed flows with MLS disabled (no shortcuts created), candidate entries age out rapidly to ensure that the forwarding table is used as much as possible by shortcut flows. A side effect of this rapid aging of candidate entries is that the microflow policer does not work accurately because its policing history is lost when the entries age out. When the same flow creates a new entry, it gets the entire traffic contract again even if it had exceeded the contract before the entry aged out. (CSCdp59086)

Layer 3 switching on the Catalyst 6500 series switches does not support full or destination-source flows for IPX traffic. With Supervisor Engine 1 and PFC, when the MLS flow mask is destination-source or full-flow, the show mls entry ipx destination command that should select a specific destination displays all IPX Layer 3 entries rather than just those for a specific destination IPX address. (CSCdm46984)

MIBs

This section contains usage guidelines, restrictions, and troubleshooting information that apply to SNMP MIBs, RMON groups, and traps:


Note For information on MIBs, RMON groups, and traps, refer to the Cisco public MIB directory located at this URL:http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml


You cannot use the tftpGrp MIB object to download Catalyst 6000 ATM software. (CSCdp16574)

VLANs, VTP, MVRP, and VLAN Trunks

This section contains usage guidelines, restrictions, and troubleshooting information that apply to VTP, VLANs, MVRP, and VLAN trunks:

On a Catalyst 6500 series switch that runs software release 8.7(3), toggling the VTP trunk stops VLAN declarations from 1001 to 4094 on MVRP-enabled trunks. This problem occurs when the switches are connected in the following topology:

IXIA-----SW1-----------SW2-------------SW3

SW1 is a VTP switch and pruning enabled.

SW2 is a VTP to MVRP Interop switch and pruning is enabled.

SW3 is an MVRP switch.

Toggle the trunk on SW2 facing SW1 and observe that the trunk facing SW3, stop propagating the VLAN declarations from 1001 to 4094.

Workaround: None. (CSCsv02479)


Note VTP Pruning and MVRP interop is not supported in software release 8.7(3).


On a Catalyst 6500 series switch that runs software release 8.7(3), the VLAN declaration propagates on the forwarding MVRP trunks/channels when you move from the normal registration mode to the fixed registration mode on the blocked port. This problem occurs when MVRP is enabled.

Workaround: None. (CSCsv62190)

On a Catalyst 6500 series switch that runs software release 8.7(3), creating bulk VLANs on VTP server affects VLAN propagation from the edge switches that have a VTP to MVRP scenario, with VTP trunks at the edge of the network. Some random declarations are seen on MVRP trunks. For example, more than 2000 VLANs are created during a bulk VLAN creation.

Workaround: Create VLANs incrementally in sets of 500 or 1000 VLANs. (CSCsz42975)

On a Catalyst 6500 series switch that runs software release 8.7(3), the path discovery of the fault isolation of Link Trace Messages (LTMs) is not possible in the MVRP network. This problem occurs when MVRP is enabled on all the trunks. The link failure occurs and causes VLANs to be pruned on the trunk links.

Workaround: None. (CSCsz55416)

On a Catalyst 6500 series switch that runs software release 8.7(3), when VTP pruning is enabled with MVRP Interop in place, then VLANs 1 to 1000 move to the Quiet Active (QA) state. This problem occurs when MVRP is enabled and then disabled on the VTP domain that faces the trunk port.


Note QA is one of the states in the Applicant State Machine (ASM).


Workaround: Toggle the VTP domain that faces the trunk. (CSCsq06760)

On a Catalyst 6500 series switch that runs software release 8.7(3), in following topology,

sw1 ----------------------- sw2

when VTP pruning is enabled on sw1, the VLANs on sw2 get pruned. This problem occurs when VTP pruning is disabled on sw2.

Workaround: Toggle VTP pruning globally on the switch (sw2) by using the set vtp pruning {enable | disable} command. (CSCsy26407)

On a Catalyst 6500 series switch that runs software release 8.7(2), all dot1q-all-tagged MVRP PDUs get dropped by some Inter-Switch Link (ISL) trunks. This problem causes all the VLANs to be pruned by MVRP.

Workaround: Disable dot1q-all-tagged on ISL trunks on both ends when MVRP is enabled. (CSCsq26579)

On a Catalyst 6500 series switch that runs software release 8.7(2), when MVRP is enabled, the VLAN registration does not occur on blocked ports. This problem causes the blocked port to move to the forwarding state and the registration takes place only in the leave all timer expiry.

Workaround: None. (CSCsu59109)

The SPT port state transitions to the PVID inconsistent state when there are native VLANs on the trunk links. This problem occurs when the native VLANs of the trunk ports are changed over a span of a few seconds or less.

Workaround: Flap the link on the other side of the trunk to reconverge to the original topology. (CSCsj55292)

A Traffic outage occurs for a few seconds with LACP channels. This problem occurs with the default values of MVRP timers and when the number of VLANs is greater than 1500.

Workaround: MVRP timer values need to be increased proportionally as the number of VLANs increase. With higher timer values, there is no traffic outage. (CSCso89647)

When a switch running IEEE MVRP Standard, the Registrar Admin Control should be per participant per VLAN. The current implementation is for per trunk ports only. This condition occurs when the switch is running software release 8.7(1). (CSCsm02521)

On MVRP enabled switches, with VTP Interop in place, a PVLAN on the VTP side is created as a regular VLAN on a MVRP side. This condition occurs when the switch is running software release 8.7(1).

Workaround: PVLAN is not supported with MVRP as they are mutually exclusive. PVLANs should not be used in MVRP to VTP Interop. (CSCsm09604)

Scalability Data for MVRP

On a Catalyst 6500 series switch with Supervisor Engine 720, that runs software release 8.7(3), the switch supports the following within an optimal operational CPU utilization:

MVRP pruning for 4094 VLANs on 6 trunks/channels.

MVRP pruning for 2500 VLANs on 11 trunks/channels

The default timer values are Join- 20 Centi-seconds, Leave-150 Centi-seconds, and Leave All-6000 Centi-seconds.


Caution Increase in number of VLANs and decreased timer values from the set default, results in high CPU utilization.

Same MAC address being seen on different VLANs. CAM table shows the MAC as a duplicate entry. This condition occurs when the same MAC address received on the switch on separate VLANs it appears as duplicate entries in the CAM table and the dot1x enabled port does not shut down. (CSCsi97845)

Configuring private VLANs for any bidirectional PIM group is not supported in software release 8.3(x) and 8.4(x). (CSCin64195)

IGMP version 3 does not support private VLANs. Support for private VLANs will be added in a future release. (CSCdx08912)

When manually pruning VLANs on trunks, if you have more than 64 trunks you need to run in text configuration mode; you cannot manually prune VLANs in binary configuration mode if there are more than 64 trunks.


Note All Catalyst 6500 switches running software release 8.4 and above with supervisor engine 720 and supervisor engine 32, the restriction of number of trunks can be increased from 64 to 128.


The VLAN locking feature causes configuration loss in text configuration mode. Therefore, the VLAN locking feature is not supported in text configuration mode. This problem is resolved in software release 8.5(1). (CSCeb34004)

Use caution when including the sc0 interface in a normal or private VLAN. Under heavy traffic conditions, there is a risk of losing connectivity with the interface. We recommend that you do not configure the sc0 interface in any VLAN with user data. (CSCdv12023)

This problem is related to the following configuration:

The Cat6k-A configuration is as follows:

100Primary VLAN

101Secondary VLAN (isolated/community/two-way community)

102Secondary VLAN (isolated/community/two-way community)

2/1Promiscuous port carrying the mapping from VLAN 101 to VLAN 100 and VLAN 102 to VLAN 100

3/1ATM trunk port carrying VLANs 100, 101, 102, 200, 300

The Cat6k-B configuration is as follows:

100Primary VLAN

101Secondary VLAN (isolated/community/two-way community)

102Secondary VLAN (isolated/community/two-way community)

3/1ATM trunk port carrying VLANs 100, 101, 102

2/1Private port with VLAN 101 to VLAN 100 association

2/2Private port with VLAN 102 to VLAN 100 association

In this configuration, assume that Server 1 is interacting with the router and there is no traffic between Server 2 and the router. If Server 2 suddenly starts interacting with the router, the traffic between Server 1 and the router might stop. This happens when the Cat6k-A 3/1 port is on the WS-X6101-OC12-MMF ATM module.

In summary, do not have a configuration with a promiscuous port on switch A and secondary ports on switch B connected through an ATM trunk on the WS-X6101-OC12-MMF module. (CSCdy03515)

When using a VLAN interface other than the VLAN 1 interface, a VLAN added on a Catalyst 3500XL running 120.5.1-XP does not appear in the Catalyst 6500 series switch database. As soon as management interfaces are put back in VLAN 1, a VLAN configured on the 3500XL is sent properly to the Catalyst 6500 series switch through VTP. Check the status of CSCdr80902 in your Cisco IOS release. (CSCdr66376)

In a redundant configuration, if you modify the VLAN mapping on the active supervisor engine and a high-availability switchover occurs before the VLAN mapping is synchronized between the supervisor engines, you might experience a mapping inconsistency (VLANs claimed by two different instances) if you reenter the mapping command.

Workaround: Recreate a new mapping on a different instance after the switchover. On the newly active supervisor engine, enter the set vlan vlan_num mistp none command and reenter the mapping. (CSCds27902)

Authentication, Authorization, and Accounting

This section contains usage guidelines, restrictions, and troubleshooting information that apply to authentication, authorization, and accounting (AAA):

For login authentication, starting from software releases 5.5(15), 6.3(7), and 7.3(1), if you press the Enter key and then type in your password (<Enter> <password>) the ACS TACACS+ server will treat it as an indication that you are attempting to change your password. This behavior is related to CSCdx08395. Before the CSCdx08395 fix, the user privilege level was hard coded to 15 in the TACACS+ authentication request packet. With the CSCdx08395 fix, the user privilege level is set based on the privilege level that the user is authenticated as. For example, if the user is doing a login authentication, the privilege level would be 1. If the user is doing an enable authentication, the privilege level would be 15.

The Cisco ACS TACACS+ server acts differently for <Enter> <password>. For login authentication, if the user priv-lvl is hard coded to 15, <Enter> <password> is treated as a regular password attempt. If the user priv-lvl is set to 1 (CSCdx08395) during login authentication, then <Enter> <password> is treated as an indication of a changing password. The latter case is a behavior consistent with TACACS+ enable authentication and Cisco IOS software handling of <Enter> <password>. (CSCdy35129)

TDR

This section contains usage guidelines, restrictions, and troubleshooting information that applies to the time domain reflectometer (TDR) feature:

The TDR test can only be run on 16 ports at a time. (CSCea46739)

The TDR test does not provide accurate results if it is run on a link where the remote link partner is configured at 100-Mbps fixed speed (CSCea70930). 10 Mbps, 1000 Mbps, and auto speeds on the remote link partner will not interfere with the TDR test. Also, a 100-Mbps port without a link partner will complete the TDR test successfully.

The WS-X6148 and WS-X6548 GE-TX modules have the following cable restrictions with the TDR test: If a Revision B0 Marvell PHY is used, the maximum cable length that can be detected is 115 meters. If a Revision C0 Marvell PHY is used, the maximum length that can be detected is 168 meters. (CSCea76395)

Auto-MDI/MDIX

With auto-MDI/MDIX you can use either a straight or crossover cable, and the module will automatically detect and adjust for the cable type. Auto-MDI/MDIX works with the speed set to auto/1000 Mbps, but not with the speed set to 10 Mbps or 100 Mbps. This means that the link will come up with either a straight or crossover cable if the speed is set to auto/1000 using the set port speed mod/port auto command or the set port speed mod/port 1000 command. The link comes up even if the speed is autonegotiated at 10 Mbps or 100 Mbps in auto mode. However, if you enter the set port speed mod/port 10 command or the set port speed mod/port 100 command, the link fails to come up if the wrong cable is used.

Auto-MDI/MDIX has always been enabled on the following modules:

WS-X6548-RJ-45, WS-X6548-RJ-21, WS-X6148-GE-TX, WS-X6548-GE-TX

Auto-MDI/MDIX works in 10-, 100-, and 1000-Mbps modes with autonegotiated and fixed speeds.

WS-X6516-GE-TX

Auto-MDI/MDIX works with the speed set to auto/1000 Mbps, but not with the speed set to 10 Mbps or 100 Mbps.

WS-X6316-GE-TX

With software release 8.2(1) and later releases, auto-MDIX is also enabled on the following modules:

WS-X6748-GE-TX, Supervisor Engine 720 port 2 (RJ-45)

Auto-MDI/MDIX works with the speed set to auto/1000, but not with the speed set to 10 Mbps or 100 Mbps

WS-X6148X2-RJ-45, WS-X6148X2-45AF

Auto-MDI/MDIX works with the speed set to auto, but not with the speed set to 10 Mbps or 100 Mbps.


Note Auto-MDI/MDIX is not supported on any other 10/100-Mbps Ethernet modules or GBIC, SFP, and XENPAK ports.


With software release 8.3(1) and later releases, the set port auto-mdix mod/port {enable | disable} command is introduced to disable auto-MDI/MDIX on all the modules that currently have this feature enabled by default. Use the show port auto-mdix [mod[/port]] command to display auto-MDI/MDIX settings.

Bidirectional PIM

This section contains usage guidelines, restrictions, and troubleshooting information that apply to bidirectional PIM:

Bidirectional PIM is supported on Supervisor Engine 720 and Supervisor Engine 32 (with WS-SUP32-GE-3, the minimum Cisco IOS Release is 12.2(17d)SXB8 and with WS-SUP32-10GE-3B, the minimum Cisco IOS Release is 12.2(17d)SXB9).

When configuring bidirectional PIM group ACEs, a deny is not accepted. Groups can only be included.

(*,G/m) entries are installed on a best-effort basis as an optimization on source-only networks. There are several conditions where (*,G) may be installed on a source-only network.

Bidirectional PIM flows related to only four rendezvous points are hardware switched.

With multiple bidirectional PIM rendezvous points, flows related to only four rendezvous points are hardware switched and these four rendezvous points are chosen depending on the order in which they come up.

Binary and Text File Configuration Modes

The main purpose of storing configuration information in NVRAM blocks is to restore the system configuration when the switch comes up after a reset. The supervisor engine bring-up process includes reading the NVRAM blocks and using the configuration information in the blocks to configure the system. Before restoring the configuration from an NVRAM block, a new checksum is generated on the data in the block and the new checksum is compared with the checksum stored in the block itself. If both the checksums match, the data is determined to be valid and the data in the block is used to restore the configuration. If the checksum matching fails, the NVRAM block is deallocated and the default configuration is used.

There are two modes for storing the configuration file, binary configuration mode and text file configuration mode. These modes are described in the following sections.

Binary Configuration Mode

In binary configuration mode, the NVRAM configuration model uses binary data structures to save information. The NVRAM is allocated in blocks, and each data structure is stored as an NVRAM block as follows:

A global block is statically allocated for saving global configuration information.

Per-module NVRAM blocks are allocated for each module to store information for every module and port.

Other NVRAM blocks include blocks for SNMP,VTP, SSH, NVRAM logging, and so on.

When you enter a command to configure a feature, the information is stored immediately in one of the NVRAM blocks. Some blocks are allocated at startup, such as the global block, the SNMP block, and the VTP block. Other blocks are allocated as needed. For example, a module block is only allocated when a nondefault setting is configured for the module or configured for a port on the module. Some NVRAM blocks also grow dynamically. The VTP block, by default, allows for 256 VLANs to be configured. If more than 256 VLANs are configured, the VTP block is expanded to allow 256 additional VLANs. Binary configuration mode provides an easy way to store the configuration immediately without the need for a write memory command to commit the configuration to NVRAM.

Binary storage of data is also space efficient. For example, remembering if a feature is enabled or not requires a single bit of NVRAM.

Text File Configuration Mode

A disadvantage of the binary configuration mode is that although configured features can be stored efficiently, a lot of NVRAM space can be wasted by features that are not configured by the user. For example, the global block currently requires approximately 150 KB, but users may have configured only a few features. Similarly, a 48-port module consumes approximately 25 KB of NVRAM space (about 0.5 KB per port) even if only a single port on the module has been configured with a nondefault setting.

With software release 6.3(1) and later releases, the text file configuration mode was introduced to support the new 13-slot chassis and all the configurable options on the switch. With text file configuration mode, you can store the configuration as a text file in Flash memory or NVRAM. In text file configuration mode, the binary NVRAM data structures are deleted from NVRAM. The only blocks not deleted from NVRAM are those that contain information not stored in the configuration file. These blocks include the following:

Boot block (B_BOOTAREA)—This block must stay in NVRAM. It contains information about the location of configuration blocks (NVRAM or DRAM).

Option block (B_OPTION)—Contains the configuration for hidden commands.

Module logging block (B_MODULELOG)—Contains the NVRAM log traces (NVLOG).

Command logging block (B_CMDLOG)—Contains the command history log.

RSAKEY (B_RSAKEY)—Contains encrypted key information that should not be regenerated every time.

I/F index block (B_MODULEIFINDEX)—Contains SNMP interface index information that is not in the text configuration file.

RMON blocks (B_RMON, B_RMON2, and B_EXTENDEDRMON)—Contains RMON information that is not in the text configuration file.

SNMP block (B_SNMP)—Contains SNMP-related information that is not in the text configuration file. Additionally, fields in this block can be specified as non-volatile by the user through SNMP; those fields must be saved immediately to non-volatile storage.

VTP blocks—Need to stay in NVRAM to be compliant with the VTP specification in VTP server mode.

The NVRAM blocks are copied to DRAM before being deleted. Except for some isolated code dealing with the copying of the NVRAM blocks into DRAM, this change is transparent to the rest of the software. The data structures are manipulated and accessed as before, the only difference being that they are now stored in the DRAM instead of the NVRAM memory region.

A new B_GENERAL NVRAM block is also created when operating in text configuration mode. This block contains any configuration from a deleted block that must still be saved in NVRAM. For example, there are time zone and encryption-related fields in the global block that must be stored in NVRAM. These fields are moved to the new B_GENERAL block whenever text configuration mode is selected. The B_GENERAL block is deleted when moving back to binary configuration mode.

When operating in text file configuration mode, most user settings are no longer saved immediately to NVRAM. Configuration changes instead are only written to DRAM. You must enter the write memory command to store the configuration in non-volatile storage. The non-volatile storage may be either the Flash file system or NVRAM. Because the text file configuration file in most cases requires less space than the binary data structures, NVRAM is a good place for the configuration file. Alternatively, you may specify a file in the Flash file system.


Note When a new VLAN is added (created), the VTP domain information fields (such as VtpDomainName, VtpPassword, VtpMode, VtpInterval, VtpRevisionNo, VtpVlanCount, VtpUdpater, VtpDomainIindex, VtpPruningMode, and VtpV2Enabled) are updated if their values are different from the current values in NVRAM. Out of all of these information fields, the VtpVlanCount field is the only one that is changed when a VLAN is added or deleted. When the VtpVlanCount field is changed, the global block in NVRAM is changed resulting in the following trap being sent: "Global block changed by Console//." This behavior is documented in caveat CSCea23160.


802.1X Authentication

This section contains usage guidelines, restrictions, and troubleshooting information that apply to 802.1X authentication:

On a Catalyst 6500 series switches, when dot1x is enabled on a multi-host port the IP address is not obtained for the host.

show dot1x user all --- shows IP as 0.0.0.0

As the IP address is not stored for the first host, IP device tracking will not work for multihost ports. This condition occurs when both dot1x and IP device tracking are enabled on multihost ports.

Workaround: None. (CSCsm68672)

A problem is seen when Microsoft IAS is configured as the authentication server for 802.1X user authentication purposes. If the username does not exist in the active directory, the supplicant is not providing a popup window for entering the username and password. Instead, if the user enters the nonexisting username for the first time, the supplicant sends the stored username with every response for the request. This problem is not an issue with the switch or the authenticator. The problem is with the supplicant or active directory configuration that is used for creating the usernames in the domain.

Workaround: Create the username in the active directory so that the popup window for entering the username and password appears.

NetFlow Data Export

This section contains usage guidelines, restrictions, and troubleshooting information that apply to NetFlow Data Export (NDE):

In software release 8.5(1) and later releases, with a large number of NetFlow entries in the NetFlow table, statistics may not be received by the MSFC if the Network Address Translation (NAT) timeout value expires. The configurable timeout value determines when a translation times out after a period of nonuse. If the NAT timeout value expires, NetFlow entries are dropped resulting in shortcuts needing to be reinstalled.

The recommended value for the NAT timer on the MSFC is 600 seconds and is configured using the following commands:

ip nat translation timeout value

ip nat translation tcp-timeout value

ip nat translation udp-timeout value

With the NetFlow table full and a 600 second timeout value configured on the MSFC, there should be no dropped NetFlow entries.

Cisco IOS Release 12.2(18)SXF includes the hardware-accelerated NAT feature. Because of flow mask resolution requirements in NDE and NAT, if the NDE flow mask has been configured and you need to use hardware-accelerated NAT, the NDE flow mask must be cleared. To clear the flow mask, enter the set mls flow null command.

For detailed information on using the set mls flow null command, refer to the "Configuring MLS" chapter of the Catalyst 6500 Series Software Configuration Guide at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/nde.html

For detailed information on using NDE, refer to the "Configuring NDE" chapter of the Catalyst 6500 Series Software Configuration Guide at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/nde.html

Network Admission Control

This section contains usage guidelines, restrictions, and troubleshooting information that apply to Network Admission Control (NAC):

When the NAC server performs a posture validation on the host by verifying the LAN port IP address, the ACL manager process might cause high CPU utilization in the switch.

Workaround: None. This condition is transient and is to be expected. (CSCei90699)

With LAN port IP, if a PC connected to the switch has more than one NIC, only one of the NICs will be posture validated.

Workaround: None. (CSCei15212)

Connectivity Fault Management

This section contains usage guidelines, restrictions, and troubleshooting information that apply to Connectivity Fault Management (CFM):

On a Catalyst 6500 series switch that runs software release 8.7(3), the Continuity Check (CC) does not start if the domain name and the Maintenance Association (MA) name exceed 21 characters. The domain name and the MA name in the CLI configuration can have a maximum of 21 characters.

Workaround: None. (CSCsr03859)

On a Catalyst 6500 series switch that runs software release 8.7(3), when the Server MEP detects a Link-OAM fault condition, it sends the Alarm Indication Signal protocol data units (AIS PDUs) for all the affected VLANs at a specific maintenance domain level. This problem occurs when Ethernet-CFM AIS is enabled.

Workaround: None. (CSCsy77929)

On a Catalyst 6500 series switch that runs software release 8.7(3), the active VLANs that are configured with an MA, generate Alarm Indication Signal protocol data units (AIS PDUs). The AIS PDUs are transmitted at 1 packet/sec (default). The periodic transmission value cannot be changed to one minute. This problem occurs when the Ethernet-CFM AIS is enabled.

Workaround: None. (CSCsy79352)

On a Catalyst 6500 series switch that runs software release 8.7(3), when the MEPs detect an AIS, they will not send SNMP traps to the network management system. This problem occurs when Ethernet-CFM is enabled.


Note Standard MIB does not support the AIS specific trap. A syslog will be generated for the SNMP.


Workaround: None. (CSCsy81369)

On a Catalyst 6500 series switch that runs software release 8.7(3), the Server MEP that is configured with MIP will genearate AIS PDUs only for the MIP-configured VLANs. This problem occurs when the AIS level is set to default, and when Ethernet-CFM is enabled on a switch.


Note The default AIS level is 8.


Workaround: None. (CSCsy89248)

On a Catalyst 6500 series switch that runs software release 8.7(3), with CFM AIS enabled, the Remote Defect Indication (RDI) (Dying Gasp, Link Fault, and Critical Event) from a peer on a spanning tree redundant path generates AIS PDUs at the configured maintenance domain level for all the active VLANs.

In this case, the AIS trigger cannot be stopped because the AIS is generated prior to the spanning tree convergence.

Workaround: Use the set port ethernet-cfm {mod | port} ais disable command to stop the AIS PDU transmission. (CSCsy75976)

On a Catalyst 6500 series switch with Supervisor Engine 720 that runs software release 8.7(3), when you toggle the Alarm Indication Signal (AIS) defect status on the remote local Maintenance End Points (MEPs), the AIS is enabled, and the switchover is executed on the server MEP that transmits the AIS with a one-second AIS interval.

Workaround: Change the server MEP AIS interval to one minute to prevent AIS flaps on the remote MEP side. (CSCsz45479)

On a Catalyst 6500 series switch that runs software release 8.7(3) with CFM enabled, the CPU utilization increases up to 100 percent. This problem occurs when the number of links in a channel increases with a larger number of MEPs and MIPs configured.

Workaround: Reduce the number of MEPs and MIPs configured on the channel link. (CSCsv62168)

Remote MPDB entries time out occasionally for a short period when the Continuity Check (CC) interval is changed from a smaller to a larger value for a level or for a set of VLANs in a level. The aging time continues to increase for these entries in the Maintenance Domain Intermediate Points (MIPs) Connectivity Check database (CCDB). This problem occurs when a user modifies the CC interval settings from a smaller value to a larger value for a level or for a set of VLANs in a level. This problem is fixed, once the next CC message is received from the remote end for that VLAN/set of VLANs and a match is found in the MIP CCDB.

Workaround: None. (CSCsr26738)

On a Catalyst 6500 series switch that runs software release 8.7(2), with Connectivity Fault Management (CFM) enabled, the traceroute command fails to report egress port details of the intermediate switches consistently. This problem occurs when you configure Maintenance Domain Intermediate Points (MIPs) on an interface for that level and the ingress and egress ports that receive and forward link trace messages (LTMs).

Workaround: Configure MIPS for the level where MIPs are configured and VLAN on the ingress and egress ports which receive and forward link trace messages (LTM) messages. (CSCsr41045)

On a Catalyst 6500 series switch that runs software release 8.7(2), with CFM enabled, a outward MEP configured on a spanning tree blocking port, and trace route initiated, the LTM for the outward MEP fails. However, LTR's are received through blocked ports.

Workaround: None. (CSCsr72098)

On a Catalyst 6500 series switch that runs software release 8.7(2), with CFM enabled, the software does not support the configuration of Continuity Check message intervals of 3.3 milliseconds, 10 milliseconds, 100 milliseconds, and 1 second intervals.


Note The software does not support a subsecond CC interval due to a platform limitation. The CC interval has three configurable values for CC interval:10 seconds, 1 minute and 10 minutes.


Workaround: None. (CSCso59138)

On a Catalyst 6500 series switch that runs software release 8.7(2), the Maintenance Association (MA) is removed when a user creates two domains at the same level and same VLAN. This problem occurs when two domains are at the same level within the common VLAN.

Workaround: Create two domains at the same level with unique VLANs. (CSCso65215)


Note On Catalyst 6500 series switches that run software release 8.x, the fast lookup and dynamic data structures store the CFM configuration. When CFM is configured in binary mode, the fast lookup structures are used to cache the CFM configuration. When CFM is globally enabled, the configuration is applied from the fast lookup structures to the dynamic data structures. The fast lookup for MA or VLAN is designed per VLAN and level and is updated for just that level and VLAN. Any lookup that would hold another entry at the same level and within VLAN are not maintained. When two domains are at the same level and same VLAN, the new MA entry overwrites the old entry.


On a Catalyst 6500 series switch that runs software release 8.7(2), a link trace from a MEP to a MIP at the same level fails if the MIP entry is not present in the Forwarding database (FDB). This condition occurs when CFM is enabled and when a link trace is initiated from a MEP to a MIP that is configured at the same level.

Workaround: Initiate a loopback/ping from the local MEP to the MIP or a linktrace from the local MEP to the remote MEP at the same level. Ensure that the MIP entry at the same level will now be present in the FDB. (CSCso68264)

On a Catalyst 6500 series switch, that runs software release 8.7(2) with CFM enabled, untagged MAs and MEPs are not supported.

Workaround: None. (CSCsq17877)

On a Catalyst 6500 series switch that runs software release 8.7(2) with CFM enabled, the CLI show ethernet-cfm maintenance-point remote is not sorted based on the MPID or VLAN.

Workaround: None. (CSCsq90852)

On a Catalyst 6500 series switch that runs software release 8.7(2), with CFM enabled and when the MEP direction is changed at the local end with the same MPID, REMOTE MEPCCDB cataloging fails at the remote end.

Workaround: Enable and disable CFM on the switch globally. This will clear out all entries from the database so that the switch can relearn all the new entries. (CSCsr64576)

On a Catalyst 6500 series switch that runs on software release 8.7(2), traceroute hops are not displayed ina sequential order. When there are more number of MIPs configured between MEPs. This condition occurs when CFM is enabled and the traceroute is initiated.

Workaround: None. (CSCsr46137)

On a Catalyst 6500 series switch that run software release 8.7(2), remote MEP entry is seen on forwarding or blocking port. This condition occurs when the spanning tree state changes to blocking and when ingress port is not updated for DOWN MEP. If this Continuity Check Messages (CCM) is seen on the blocked port and if it is redundant on MEP CCDB, the CCM is ignored.

Workaround: Disable and enable the CFM, which will cause the existing entry to flush. The new entry is seen on the forwarding port or blocked port depending upon where CCM is first received. (CSCsv56848)

On a Catalyst 6500 series switch that runs software release 8.7(2), with both CFM and ELMI enabled, some CE implementations are not processing ELMI frames when a null UNI id is configured. This brings down the ELMI link status on the PE device.

Workaround: By default, configure UNI on the port where ELMI is enabled. (CSCsu82587)

Scalability Data for Connectivity Fault Management and Alarm Indication Signal

On a Catalyst 6500 series switch with Supervisor Engine 720 that runs software release 8.7(3), when CFM or CFM with MVRP are enabled together on dot1q trunk ports with a 10 second CC interval, the switch supports the following:

The CCM traffic up to 2000 services or VLANs.

The Customer Edge (CE) switch supports 2000 customer level MIPs, and 2000 higher-level flood traffic (traffic coming at the level higher than the maximum Maintenance level configured on the switch).

The Provider Edge (PE) switch up to 200 upward MEPs.


Caution An increase in number of MIPs, provider level MEPs or higher level flood traffic will increase the CPU utilization, and might degrade performance of the system.

On a Catalyst 6500 series switch with Supervisor Engine 720 that runs software release 8.7(3), when CFM or CFM with MVRP enabled together on the EtherChannel ports (4 ports in a bundle) and with a 10 seconds CC interval, the switch supports the following:

The CCM traffic up to 1000 services or VLANs.

1000 customer level MIPs and 1000 higher-level flood traffic (traffic coming at the level higher than the maximum Maintenance level configured on the switch).

200 Provider Level Up MEPs.


Caution An increase in the number of ports to the EtherChannel or increase in the number of MIPs on a bundled port, will increase the CPU utilization. This may result in CC lifetime expiry for the remote MEPs, and trigger false indication of fault in the network.

On a Catalyst 6500 series switch with Supervisor Engine 720 that runs software release 8.7(3), when CFM-AIS or CFM-AIS and MVRP are enabled together on dot1q trunk/EtherChannel ports with 10 second CC interval the switch supports the following:

In the event of link failure, the switch supports CCM traffic for up to 2000 services in the normal state.

The switch supports 2000 customer level MIPs and 2000 higher-level flood traffic (traffic coming at the level higher than the maximum Maintenance level configured.

Up to 200 Provider level Up MEPs.


Note In the event of link failure, a CPU spike occurs at every one minute time interval because of the AIS timer spread logic.



Caution An increase in the number of MIPs, provider level MEPs or higher level flood traffic will increase the CPU utilization and may degrade system performance.


Note On a Catalyst 6500 series switch that runs software release 8.7(3), when an AIS detects the link fault condition occurs the configured number of AIS PDUs will be sent (default 5) at 1 second transmission interval for each of the affected VLAN on the failed trunk. Then the AIS transmission period is changed to 1 minute automatically in the software (timer spread logic). This will increase the CPU utilization at every 1 minute until the fault condition is cleared, which is an expected behavior.


CiscoView

This section contains usage guidelines, restrictions, and troubleshooting information that apply to CiscoView:

With software releases 8.3(x), 8.4(x), and 8.5(x) the CiscoView image cannot be launched on HP-UX platforms. (CSCsa21515)

With CiscoView, the Firewall Services Module, Content Services Module, and SSL Services Module features might not work consistently with Windows NT. When you try to launch CiscoView ADP on Windows NT, the progress dialog either runs for a long time and then stops or it might launch suddenly. This problem is occurring only with Windows NT with Internet Explorer and Netscape browsers. There is no problem with Windows 2000 or Solaris platforms.

Workaround: Because the problem is intermittent, the workaround is to close the dialog and try launching the application again. (CSCin41067)

In rare occurrences, when trying to launch the CiscoView image with the FWSM, CSM, and SSL service module features, the progress dialog might occasionally hang.

The frequency of the problem varies by platform as follows:

Windows NT, approximately 30 percent to 40 percent of the time

Windows 2000, approximately 2 percent to 5 percent of the time

Solaris, approximately 2 percent to 5 percent of the time

Workaround: Close the progress dialog and try launching again. (CSCin42718)

In rare occurrences with CiscoView, you might experience the following two problems:

Case 1: Clicking the "Cancel" button causes an exception when you perform this procedure: When you launch any FWSM, CSM, or SSL dialog, such as "FWSM - Assign Vlans to Firewall blade," the progress dialog bar displays. Then, if you click the cancel button, the "Aborting the operation. Please wait" message displays. After a period of time, the "Failed to retrieve category: Assign VLANs to Firewall Blade.java.lang.NullPointerException" window displays. If you close this window, the "Aborting the operation, please wait" main window closes. Although this problem occurs intermittently, the cancel operation for the VLAN flows dialogs works correctly.

Workaround: Close the exception and try to launch the dialog again.

Case 2: Close the progress dialog bar by clicking the asterisk (*) button (this is not applicable for Solaris platforms) then launch any dialog such as "FWSM - Assign Vlan to blade." The progress bar appears, now close the progress bar by clicking the "X" button. This results in a "Ciscoview Error" message and the application might hang.

Workaround: Close the session and try launching it again. Instead of using the "X" button to close the progress bar, use the cancel button. (CSCin43633)

CiscoView device discovery fails when Supervisor Engine 1 in slot 1 is in ROMMON mode and Supervisor Engine 2 in slot 2 is active. This problem is resolved in software release 8.1(2). (CSCin43526)

The 7.1(1) and 7.1(2) CiscoView + SSH images may fail to boot on Supervisor Engine 1 systems with 64-MB DRAM. This problem applies to all models of Supervisor Engine 1 (WS-X6K-SUP1-2GE, WS-X6K-SUP1A-2GE, WS-X6K-SUP1A-PFC, WS-X6K-SUP1A-MSFC, WS-X6K-S1A-MSFC2). Due to this problem, the cat6000-supcvk9.7-1-1.bin and cat6000-supcvk9.7-1-2.bin CCO images have been deferred. As an alternative, the cat6000-supcvk8.7-1-1.bin or the cat6000-supcvk8.7-1-2.bin images may be used if SSH support is not required. If both CiscoView and SSH support is required, the 6.3(x) supcvk9 images or the 7.2(x) and later supcvk9 images should be used. This issue is documented in open caveat CSCdw70549.

The supported client platforms, browsers, and Java Plug-in versions supported by CiscoView are as follows:

Client Platform
Web Browser
Java Plug-in

Solaris 2.7/2.8

Netscape Navigator 4.76, 4.77, 4.78, 4.79

Java Plug-in 1.3.0 (JRE 1.3.0)
Java Plug-in 1.3.1 (JRE 1.3.1)

Windows 98
Windows NT 4.0
Windows 2000

Internet Explorer 5.5
Netscape Navigator 4.76, 4.77, 4.78, 4.79

Java Plug-in 1.3.0-C (JRE 1.3.0)
Java Plug-in 1.3.1 (JRE 1.3.1)

HPUX 11.0

Netscape Navigator 4.77, 4.78, 4.79

Java Plug-in 1.2.2 (JRE 1.2.2)
Java Plug-in 1.3.1 (JRE 1.3.1)

AIX 4.3.3

Netscape Navigator 4.77, 4.78, 4.79

Java Plug-in 1.3.0 (JRE 1.3.0)
Java Plug-in 1.3.1 (JRE 1.3.1)



Note The Java Plug-in can be downloaded from http://www.cisco.com/pcgi-bin/tablebuild.pl/cview-plugin



Note Java Plug-in versions 1.3.0_01 and 1.3.0_02 do not work with CiscoView.



Note Java Plug-in versions 1.3.1_01 and later are not supported by CiscoView.


If the CiscoView chassis scroll bar does not appear, resize the browser window. Another workaround is to right-click on the chassis and select "Resize" to decrease the size of the chassis view.

On Windows NT machines with Java Plug-in 1.3.0 installed and Netscape running, the CiscoView chassis scroll bar does not appear, even after resizing it. To correct the problem, upgrade to Java Plug-in 1.3.1. (CSCdw58407)

On Solaris machines with Java Plug-in 1.3.1 installed, if you are running either Netscape Navigator 4.77, 4.78, or 4.79, you might see a blank screen after launching CiscoView. (CSCdw13384)

To correct the problem, perform these steps:


Step 1 Uninstall the current Java Plug-in from your machine.1

Step 2 Download the Java Plug-in from the following location and install it on your machine:

http://www.cisco.com/pcgi-bin/tablebuild.pl/cview-plugin

Step 3 Clear the cache by entering the following CLI command: rm -rf ~/.netscape

Step 4 Enter the following CLI command: export NPX_PLUGIN_PATH = /usr/j2se/jre/plugin/sparc/ns4

Step 5 Launch Netscape Navigator.

Step 6 Select Edit > Preferences, and then click Advanced in the navigation tree.

Step 7 Make sure the Enable Java checkbox is not selected.

Step 8 Specify the IP address of the device you want to access and launch CiscoView. The Java console is displayed, but the chassis view does not appear.

Step 9 Select Edit > Preferences, and then click Advanced in the navigation tree.

Step 10 Select the "Enable Java" checkbox.

Step 11 Specify the IP address of the device you want to access and launch CiscoView. Both the Java console and chassis view should now be displayed.

If you are running Netscape and have a Java Plug-in installed that is an earlier version than version 1.3.0, you might get a blank screen when you launch CiscoView. (CSCdw59601)

To correct the problem, download Java Plug-in 1.3.0 or later from the following location: http://www.cisco.com/pcgi-bin/tablebuild.pl/cview-plugin

If your machine is running Windows 2000, Windows NT, or Windows 98 and the chassis view does not appear, you should disable the Java Plug-in's JAR caching feature, as follows:

For Java Plug-in 1.3.1:

1) Select Start > Settings > Control Panel > Java Plug-in 1.3.1.

2) Click the Cache tab.

3) Click Clear JAR Cache.

For Java Plug-in 1.3.0:

1) Select Start > Settings > Control Panel > Java Plug-in.

2) Click the Basic tab.

3) Make sure the "Cache JARs In Memory" checkbox is not selected.

4) Click Apply.

If your machine runs on the HP-UX platform, we recommend that you use the HP release of Netscape. The HP release of Netscape can be downloaded from the following location:
http://www.hp.com/workstations/products/unix/software/netscape/index.html
(CSCdw59617)

CiscoView images take approximately 12 minutes to download from a TFTP server to a Flash PC card. (CSCdr14437)

In the VLAN & Bridge dialog box (Device > Configure > VLAN & Bridge), deleting the primary VLAN after unbinding the secondary VLAN returns an error message.

Workaround: Close and reopen the dialog box and then delete the primary VLAN.

After binding a secondary VLAN to the primary VLAN, delete the primary VLAN and the following error message is displayed: "Set failed due to snmpRspGenErr for vtpVlanEditRowStatus.1.199."

Workaround: Close and then reopen the dialog box. You should now see the correct error message: "The Primary is bounded ..." (CSCdt65530)

The Carrier Alarm LED status on WAN modules is not supported by SNMP. (CSCdw50111)

CWDM GBICs and 1000BASE-TX (copper) GBICs installed in WAN modules display as normal GBIC ports in CiscoView. (CSCdy18652)

If you have configured Internet Explorer to bypass certain addresses in the proxy server (such as the IP address of the switch), the Java applet on the PC will still try to connect to the switch through the proxy server. For security reasons, this may cause the CiscoView GUI to fail if the proxy server cannot talk to the switch directly. (CSCdw48852)

In the EtherChannel dialog box (Port > Configure > Ether Channel), when EtherChannel Operation Mode is changed from "pagpOn" to "off/manual," click Refresh and the PAgP dialog box displays "N/A" for every field. To work around the problem, close and reopen the dialog box. (CSCdw76309)

If you use QoS Device Management to create a policy name and try to delete the policy name, the following incorrect error message appears:

Unable to set row status

(CSCdu11333)

If you use QoS Device Management to add an IP ACL, select the Add/Edit ACE option, select an entry and make some changes, and then either click Cancel or OK. The configuration fails due to misconfigurations when you select OK; the previously entered values will appear as defaults when you attempt to edit your configuration.

Workaround: Overwrite the values in the fields if necessary.

(CSCdu05678 and CSCdu15066)

If you use QoS Device Management to add or edit an IP/IPX/MAC ACL, no buttons are available to move ACE entries up and down.

Workaround: Select the entry that needs to be moved and click on Edit and select OK. This entry is then moved to the bottom of the ACE list. (CSCdt64023)

If you use QoS Device Management and select Policy Selection, Add/Edit Policies >Change, and then select a policy and click OK, selecting Cancel when the confirmation window displays will not cancel the operation. The policy is still added to the Policy Selection.

Workaround: Delete the policy selection entry that was added. (CSCdu43690)

The Catalyst 6000 CiscoView (CV) images do not support the Carrier Alarm LED for WAN modules. (CSCdt52011)

There is a problem when you highlight the MultiChannel DS3 Port Adapter in the WS-X6182-PA module, and then select Configure > Interface. The dialog box displays "n/a" or the incorrect values in every field. Also, if you select Monitor > Interface, the charts in the resulting dialog box do not get updated, and an error message is displayed in the status bar. This problem is corrected in MSFC Cisco IOS Releases 12.1(13)E, E1, and E2. (CSCdr39591)

Disabled WAN modules are placed in the power-down state. This problem is resolved in software release 7.2(2). (CSCdw50083)

802.1X Authentication timer fields are available in the port-level PAE dialog box (Port > Config > PAE > Port Authenticator). This problem is resolved in software release 7.3(1). (CSCdw86044)

The Redetect Protocol function in the MST Port Status dialog box (Port > Configure > Spanning Tree > MST Port Status) does not work on voice ports. This problem is resolved in software release 7.3(1). (CSCdx04800)

When a device is set to MST Spanning Tree mode, the "Path Cost" and "Priority" fields in the Bridge Details dialog box (Port > Configure > Bridge > Bridge Details) cannot be set on a channeling port that is using PAGP or LACP. This problem is resolved in software release 7.3(1). (CSCdx23200 and CSCdx23217)

With CiscoView, the SVI configuration dialog box is still shown under Device -> Configure -> VLAN&Bridge for the Firewall Services Module, Content Services Module, and SSL Services Module when a Supervisor Engine 1 module is installed. Because these modules require a Supervisor Engine 2, the dialog box should not be displayed. (CSCin43687)

Open and Resolved Caveats in Software Release 8.7(3)

These sections describe open and resolved caveats in supervisor engine software release 8.7(3):

Open Caveats in Software Release 8.7(3)

Resolved Caveats in Software Release 8.7(3)

Open Caveats in Software Release 8.7(3)

This section describes open caveats in supervisor engine software release 8.7(3):

On a Catalyst 6500 series switch that runs software release 8.7(3), with CFM enabled, on an HA switchover from active to standby, the trunk mode and encapsulation of ports changes from desirable dot1q to auto-negotiate (default mode). This problem occurs after you load the configuration on the active supervisor engine by copying it from a file. Also, the trunk mode and encapsulation of ports enabled with CFM do not synchronize with the standby supervisor engine.

Workaround:

1. After a switchover, on the new active supervisor engine, manually reconfigure the trunk mode and encapsulation of the CFM-enabled port.

2. Manually configure the trunk mode and encapsulate the CFM-enabled port before the switchover.

3. Boot the switch with auto configuration; the trunk mode synchronizes with the standby supervisor engine. (CSCsv85531)

On a Catalyst 6500 series switch with a redundant Supervisor Engine 32 that runs software release 8.7(3), an error message "No clusters left while allocating for address 0x2ce81200" displays when you create 1000 outward MEPs. This inband failure occurs when CFM is enabled and the switch has been configured with 200 or more MEPs.

Workaround: Configure the switch with less than 200 MEPs. (CSCta48612)

On a Catalyst 6500 series switch that runs software release 8.7(3), the random VLANs get stuck in the listening or learning state of spanning tree and fails to move to the final forwarding or blocking state. This problem occurs when a Rapid-PVST + is configured in spanning tree mode and when a large set of VLANs are created in the primary server using the command set vlan 2-4094.

Workaround: Create a smaller set of VLANs using the command set vlan 2-500. (CSCta62870)

On a Catalyst 6500 series switch that runs software release 8.7(3), when the Alarm Indication Signal (AIS) gets detected, a clear syslog message is generated for all the links that are part of a channel for the same MEPs. This problem occurs when both CFM and AIS are enabled.

Workaround: None. (CSCtb30848)

On a Catalyst 6500 series switch that runs software release 8.7(3), the Link Trace Response (LTR) is sent out without the Ingress/Egress Type-Length-Value (TLV), in response to Link Trace Messages (LTM). This problem occurs when CFM is enabled and when a MIP is configured on the port other than an Ingress/Egress ports.

Workaround: None. (CSCtb32987)

On a Catalyst 6500 series switch that runs software release 8.7(3), and when MVRP enabled, random VLANs declaration is seen with the redundant channels. This happens when a channel's spanning tree state moves from alternate to root.

Workaround: Disable and Enable MVRP. (CSCtb78713)

Resolved Caveats in Software Release 8.7(3)

This section describes resolved caveats in supervisor engine software release 8.7(3):

On a Catalyst 6500 series switch that runs software release 8.7(3), when a spanning tree blocked port moves to the forwarding state, the traffic convergence over the link with 4094 VLANs on a topology change takes approximately 20 seconds. Similarly, the traffic convergence over the 3- port channel takes approximately 22 seconds. These values are subject to the topology being used and the position of the link failures in the network.


Note Traffic convergence is faster when you have a fewer VLANs.


This problem occurs when MVRP is enabled with 4094 VLANs.

Workaround: None. (CSCsv89137)

On a Catalyst 6500 series switch that runs software release 8.7(3) with MVRP enabled, the MVRP leave timer value can be configured greater than leave all timer value. The restriction imposed on leave all timer value to be twice greater than join timer.

Workaround: None. (CSCta68895)

On a Catalyst 6500 series switch that runs software release 8.7(2) with CFM enabled, when you receive a valid CC message with an interval of one second, the CC message is dropped. Also, in the reply ingress Type-Length-Value (TLV), the value field contains a value of 12 bytes while the expected value is 13. This problem is observed during the end-to-end 802.1 ag CFM interoperability test during CFM implementation.


Note Numeric codes provided in software release 8.7(2) are 1 = 10 seconds, 2 = 1 minute, and 3 = 10 minutes. The new numeric codes provided in software release 8.7(3) will read as 5 = 10 seconds, 6 = 1 minute, and 7 = 10 minutes.


Workaround: None. This problem is resolved in software release 8.7(3). (CSCsw75537)

On a Catalyst 6500 series switch that runs software release 8.7(3), the Server MEP generates the AIS at the highest level MIP. This problem occurs when there are multiple level MIPs configured for the same VLAN across different interfaces and when the Server MEP detects the link failure condition.

Workaround: Configure the highest level MIP on the port that has a smaller interface index than the lower level MIP. This problem is resolved in software release 8.7(3). (CSCsz27904)

On a Catalyst 6500 series switch that runs software release 8.7(3), A VTP trunk in a split channel condition regroups to form a single channel. Further, the VLAN declaration stops on all the MVRP enabled trunks/channels for all the allowed VLANs, that are part of the VTP channel. This problem occurs when MVRP to VTP interop condition exist on the switch.

Workaround: Enable MVRP on the VTP channel and configure the registration mode in fixed state by using set port mvrp mod | port enable and set port mvrp mod | port registration fixed commands. (CSCtb37282)

On a Catalyst 6500 series switch, the Server MEP and Local MEP AIS defect condition and AIS period configuration synchronization do not occur on a HA switchover from the active to standby supervisor engine. This problem occurs only if the HA is enabled and the redundant supervisor engine configuration operational status is ON.

Workaround: None. This problem is resolved in software release 8.7(3). (CSCsy78946)

On a Catalyst 6500 series switch that runs software release 8.7(3), a large number of CC messages increases CPU utilization. The CPU utilization increases up to 99 percent. This problem occurs when CFM is globally enabled and when the MEPs are configured for a large number of VLANs with Continuity Check (CC) enabled.

Workaround: None. This problem is resolved in software release 8.7(3). (CSCsx43546)

On a Catalyst 6500 series switch that runs software release 8.7(3), the show mvrp trunk and show trunk command output includes additional information such as pruned VLANs, declared VLANs, registered VLANs, and registered and spanning tree forwarding VLANs list for each MVRP enabled trunks/channels.


Note This is an enhancement to the existing CLI show mvrp trunk and show trunk commands.


Workaround: None. This has been resolved in software release 8.7(3). (CSCsx16646)

On a Catalyst 6500 series switch that runs software release 8.7(3), the traffic convergence at the newly configured link-up spanning tree forwarding port takes approximately15 seconds for 4094 VLANs. Similarly, the traffic convergence at the 3-port channel takes approximately 35 seconds. These values are subject to the topology being used and the position of the link failures in the network. This problem occurs when MVRP is enabled with 4094 VLANs in MST spanning tree mode.

Workaround: None. (CSCsz03210)

Open and Resolved Caveats in Software Release 8.7(2)

These section describes open and resolved caveats in supervisor engine software release 8.7(2):

Open Caveats in Software Release 8.7(2)

Resolved Caveats in Software Release 8.7(2)

Open Caveats in Software Release 8.7(2)

This section describes open caveats in supervisor engine software release 8.7(2):

On a Catalyst 6500 series switch that runs software release 8.7(2), the switch that is reset on one of the switches in the network may activate the reset of the standby supervisor engine of the adjacent switch that is connected through the EtherChannels. This problem occurs when the HA-enabled switch with active and standby supervisor engine is plugged in and MVRP is enabled.

Workaround: None. (CSCsv67215)

On a Catalyst 6500 series switch that runs software release 8.7(2), the CLI command clear mvrp statistics mod/port may fail with a message "Failed to clear MVRP statistics. Trunk is not MVRP enabled". This problem occurs when you try to enter the command on the first port of the MVRP- enabled channel.

Workaorund:

1. Enter the CLI command clear mvrp statistics mod/port on all the ports of the channel individually.

2. Enter the CLI command clear mvrp statistics all. (CSCsw19333)

On a Catalyst 6500 series switch that runs software release 8.7(2), the Layer 2 traceroute database in the Ethernet-CFM protocol displays all the entries with the maximum number of hops in each traceroute entry to be equal or less than the Time-to-live (TTL) in the recent Layer 2 traceroute execution.

Workaorund: Enter the traceroute command without specifying the number of TTL hops before check the traceroute database. (CSCsv99804)

On a Catalyst 6500 series switch that runs software release 8.7(2), the nonoperational channels display MVRP pruning information when you enter the show mvrp trunk and show trunk commands and MVRP is enabled.

Workaround: None. (CSCsv84776)

On a Catalyst 6500 series switch that runs software release 8.7(2), when MVRP is enabled on all the trunks, the VLAN traffic is disrupted for 40 seconds during an HA switchover from the active to the standby supervisor engine and there are more than 1000 VLANs.

Workaround: None. (CSCsv91026)

On a Catalyst 6500 series switch that runs software release 8.7(2), the LTM initiated through the CLI is restrained by the traceroute database size. But, the LTM initiated through SNMP is not restrained by traceroute database size. This problem occurs when CFM is enabled and LTM is initiated through SNMP with a traceroute database size that is set to less.

Workaround: None. (CSCsv37479)

On a Catalyst 6500 series switch that runs software release 8.7(2), with CFM enabled, on an HA switchover from active to standby, the trunk mode and encapsulation of ports changes from desirable dot1q to autonegotiate(default mode). This problem occurs after you load the configuration on the active supervisor engine by copying it from a file. Also, the trunk mode and encapsulation of ports enabled with CFM do not synchronize with the standby supervisor engine.

Workaround:

1. After a switchover, on the new active supervisor engine, manually reconfigure the trunk mode and encapsulation of the CFM-enabled port.

2. Manually configure the trunk mode and encapsulate the CFM-enabled port before the switchover.

3. Boot the switch with autoconfiguration; the trunk mode synchronizes with the standby supervisor engine. (CSCsv85531)

On a Catalyst 6500 series switch that runs software release 8.7(2) with CFM enabled, the dot1agCfmLtrRelay command returns a value 4, which is not defined in a MIB. This problem occurs when the FDB sends a traceroute message and no corresponding entry in present in the FDB at the remote end device.

Workaround: None. (CSCsv92187)

On a Catalyst 6500 series switch that runs software release 8.7(2), 801.1X for a host, in port based mode with no ACL mapping on the port if the RADIUS sends a VLAN that is mapped statically to an ACL on the switch the host will get stuck in IP waiting state.

Workaround: Map ACL on the port or change the port to VLAN-based mode and send ACL dynamically from radius. (CSCsv57441)

On a Catalyst 6500 series switch that runs software release 8.7(2), the Ethernet OAM feature error block option is not supported on EtherChannels. This problem occurs when Ethernet OAM and trunking are enabled on ports and when the port is set as an EtherChannel group.

Workaround: None. (CSCsm77810)

Loop trap Error is not cleared on switches that runs catalyst operating system software release 8.7(2).

In the following scenario,

3/1 3/1 3/2 3/1

SW1-----------SW2-----------------SW3

1. Check that the switches are in spanning tree MST mode.

2. Check that SW1 and SW3 and its trunks are enabled with CFM.

3. Check that SW2 and its trunks are enabled with CFM transparent mode.

4. Configure MEPs on both the SW1 and SW3 trunks with CC enabled and ensure that the MEPs are cataloged on either end.

5. Change the spanning tree mode of SW2 to PVST+ and observe that all the MEPs get a "Loop Trap Error" message reported in both SW1 and SW3.

6. Change back the STP mode to MST on SW2 and observe that all the MEPs entries get cataloged back correctly. Note that the Loop Trap Error is not cleared.

Workaround: None. (CSCsr15987)

Resolved Caveats in Software Release 8.7(2)

This section describes resolved caveats in supervisor engine software release 8.7(2):

On a Catalyst 6500 series switch that runs software release 8.7(2), when CFM and MVRP are enabled on modules that have two match registers, CFM will not be supported on two match register modules, unless earl-match-register is enabled to support CFM on the forwarding ports.

Workaround: Use the set ethernet-cfm earl-match-reg [enable | disable] command and the show ethernet-cfm earl-match-status command to support CFM on the forwarding ports. This problem is resolved in software release 8.7(2). (CSCsr91231)

On a Catalyst 6500 series switch that runs software release 8.7(2), dropped packets and sequence number errors occur when ELMI PDUs are sent untagged to the CE-ISR 3845.

Workaround: Enable dot1q-all-tagged globally and then disable dot1q-all-tagged explicitly on the UNI PE port that connects to the CE-ISR 3845. This problem is resolved in software release 8.7(2). (CSCsq95350)

On a Catalyst 6500 series switch with the Supervisor Engine 720 that runs software release 8.7 (2), in a redundant link setup, when inward/outward MEPs and MIPs are configured at various levels, Connectivity Check Message (CCM) storms occur in the network. These storms cause high CPU usage and traceroute to fail. This problem occurs only when the user has MIPs and outward MEPs configured on the blocked or redundant links.

Workaround: Remove the MIPs from the blocked port and configure the MIPs on the forwarding port. Remove the outward MEPs from the redundant link. This problem is resolved in software release 8.7(2). (CSCsq77245)

On a Catalyst 6500 series switch that run software release 8.7(2), when a VLAN is configured, using the traceroute command fails to report egress port details of the intermediate switches. This condition occurs when CFM is enabled, MIPs are configured on intermediate switches, and the traceroute command is initiated from MEP on one end to the other end of the port.

Workaround: None. This problem is resolved in software release 8.7(2). (CSCsr43049)

On a Catalyst 6500 series switch that runs software release 8.7(2), when CFM is enabled on a channel that has a minimum of two ports, the ping fails on an outward Maintenance End Point (MEP), when the first active port of the channel is disabled and the switch is reset. This condition is seen when the outward MEP is configured and you enter the set ethernet-cfm port-mac-enabled for the first active port of the channel.

Workaround: After the switch reset, set the MAC port for the first active port of the channel using the set ethernet-cfm port-mac-enable mod/port vlan command. This problem is resolved in software release 8.7(2). (CSCsr60352)

On a Catalyst 6500 series switch that runs software release 8.7(2) with CFM and MVRP enabled on two match register modules, MVRP fails to program the match register with the syslog.

Workaround: Disable MVRP globally and enable it again. This problem is resolved in software release 8.7(2). (CSCsr91125)

Open and Resolved Caveats in Software Release 8.7(1)

These sections describe open and resovled caveats in the supervisor engine software release 8.7(1):

Open Caveats in Software Release 8.7(1)

Resolved Caveats in Software Release 8.7(1)

Open Caveats in Software Release 8.7(1)

This section describes open caveats in the supervisor engine software release 8.7(1):

After disabling/enabling two ports of a channel in the quick succession, the spanning tree gets re-initialized. This problem is observed when show spantree mod/port is executed. This condition is observed only when the LACP channel mode is active or while disabling and enabling two ports of a channel in a time span of around 5-10 seconds.

Workaround: Do not enable the ports in quick succession. Allow the first port to join the LACP channel and then enable the second port after 15-20 seconds. (CSCso25187)

Channels take too long to come up with MVRP enabled switch during boot up. The time taken to boot up increases as the number of trunks and VLANs increase.This condition occurs when the switch is running with software release 8.7(1).

Workaround: None. (CSCso74278)

Enabling MVRP periodic timer increases the CPU utilization on the switch. This condition is observed when an HA-enabled Supervisor Engine running on software release 8.7(1) has more that 2000 VLANs.

Workaround: Disable periodic timer if HA is enabled and when the number of VLANs are greater than 2000. (CSCso58988)

On a Catalyst 6500 series switch running software release 8.7(1), enabling MVRP globally holds the console for a longer period of time. This causes the console delay that increases with the number of trunks, channels and VLANs added.

Workaround: None. (CSCso28767)

When MVRP is enabled, the overall total convergence is impacted, except for MST STP convergence. This condition occurs when the switch is running software release 8.7(1) and when the spanning tree mode is set to MST and is MVRP-enabled.

Workaround: Tune the MVRP-related timers based on topology and the number of trunk (number of MST instances) to improve the overall convergence. (CSCsq14830)


Note With MVRP- enabled, the convergence time is: Total Convergence = Spantree Convergence + MVRP Convergence


On a catalyst 6500 series switch running software release 8.7(1), bulk creation/deletion of VLANs on a VTP primary server may cause high CPU utilization when an MVRP enabled in that VTP domain. This condition is observed typically when more than 1000 VLANs is created or deleted simultaneously.

Workaround: Enable MVRP and reduce the number of VLANs creation/deletion in single command set vlan <vlan>. (CSCsm77504)

For example:

Console (enable) set vlan 100-110
VTP advertisements transmitting temporarily stopped,
and will resume after the command finishes.
Vlan 100 configuration successful
Vlan 101 configuration successful
Vlan 102 configuration successful
Vlan 103 configuration successful
Vlan 104 configuration successful
Vlan 105 configuration successful
Vlan 106 configuration successful
Vlan 107 configuration successful
Vlan 108 configuration successful
Vlan 109 configuration successful
Vlan 110 configuration successful

On a switch running software release 8.7(1) with a MVRP dynamic VLAN creation enabled, where the native VLAN assigned to the trunk is not present on the switch, the MVRP PDU's received are dropped without processing. This condition occurs only when an MVRP dynamic VLAN creation is enabled and native VLANs of trunks are not present.

Workaround: Create native VLANs manually on the switch. (CSCsq09170)

On a dot1x authenticated host whenthe "re-auth period server" is enabled, the re-auth timer is disabled, and no re-auth/initialize action takes place. This condition occurs if the "re-auth period server" is enabled and from the radius and no session-timeout (IETF 27) is sent.


Note This is a misconfiguration. Ensure to send session timeout from the radius when re-auth period server is enabled.


Workaround: Ensure the session timeout is sent from theradius when "re-auth period" server is enabled. (CSCso49904)

On a Catalyst 6500 series switch with redundant Supervisor engine, running on software release 8.6(2), the PBF client and gateway cofiguration are absent only from the standby supervisor, only if a map between the PBF client and gateway is attempted after clearing the same map. This condition occurs if more than 160 PBF clients are mapped to the same gateway.

Workaround: None. (CSCsq05015)

On a switch running software release 8.7(1), the MVRP module reset programs LTLs for all the MVRP pruned VLANs. This condition occurs when the MVRP - enabled trunks present on the specific module and the module are reset.

Workaround: Toggle the MVRP state of the specific trunk. (CSCsq18717)

When MVRP is enabled, the overall total convergence is impacted. But Rapid PVST + STP convergence is not affected. This condition occurs when the switch is running software release 8.7(1) and when the spanning tree mode is set to Rapid PVST + STP.

Workaround: Tune the MVRP-related timers based on topology and the number of trunk to improve the overall convergence. (CSCso99273)


Note With MRRP-enabled, the convergence time is: Total Convergence = Spantree Convergence + MVRP Convergence. MVRP starts after the spanning tree protocol enables the ports in the forwarding state and make the MVRP convergence time additive.


On a Catalyst 6500 series switch running software release 8.7(1) when MVRP is enabled on a port, the MVRP non participant applicant state is not supported.

Workaround: None. (CSCsk69185)

When MVRP and VTP pruning are enabled in a VTP Interop situation, then disable MVRP on the trunk facing the VTP domain, which causes all VLANs to move to QA. This condition is observed when the MVRP is enabled and disabled on the trunk port facing the VTP domain.

Workaround: Toggle the VTP domain facing trunk. When the trunk comes up, VTP pruning is enabled for VLANs below 1k. VLANs above 1k are declared on MVRP trunks and moved to QA.(CSCsq06760)

On a switch running software release 8.7(1), upon switch reset, the LTLs are programmed for pruned VLANs. This condition occurs when MVRP is enabled.

Workaround: Enable and disable the MVRP on those trunks. (CSCsq21359)

Configuring a new trunk or channel on an MVRP enabled switch causes momentary (10 seconds) traffic outage for the existing VLAN. This condition occurs when MVRP is enabled on the switch.

Workaround: Enable MVRP on the trunk, before configuring a trunk or channel. (CSCsq28711)

When the switch is running on software release 8.7(1), upon executing "clear mvrp configuration all" the default action performed by the confirmation message is "n", but the default action displayed is "[y]" as shown below:

Console> (enable) clear mvrp statistics all
Warning:MVRP statistics will be cleared.
Do you want to continue (y/n) [y]?

Workaround: Specify the action which needs to be performed for the confirmation message either "n" or "y" explicitly. (CSCso31117)

Resolved Caveats in Software Release 8.7(1)

This section describes resolved caveats in supervisor engine software release 8.7(1):

Artemis crashes when port channel interface, WS-X6502-10GEs are reset using the shut/no shut command repetitively.

Workaround: None. This problem is resolved in software release 8.7(1). (CSCsg74212)

Centaurus links connected in loopback on the same switch remain in down state even after reset. This condition occurs when either 100base-BX10-D/U or 100base-FX SFP is connected in loopback on a Centaurus linecard. The ports may result in a down state, if one or both of the ports toggle the link.

Workaround: Physically remove the fiber cable and reconnect to establish the link again. This problem is resolved in software release 8.7(1). This problem is resolved in software release 8.7(1). (CSCsk83636)

On WS-X6548-RJ-45 trunk interface, packets received on VLAN causes the input-drops counter to increment if the packets are also allowed on trunk.

Workaround: Enable auto-negotiation. This problem is resolved in software release 8.7(1). (CSCsj52192)

Under certain conditions, when VTP pruning is enabled, multicast traffic may stop forwarding out of the switch on a trunk connection (which could be a single connection or a port-channel). This problem that affects multicast traffic, not unicast traffic. This condition seen with VTP pruning enabled, multicast traffic and may stop egressing out on a trunk connection.

During the problem, unicast traffic is not affected and show trunk still showing the correct output that the VLAN which should receive the multicast traffic is still listed under "VLANs in spanning tree forwarding state and not pruned" under show trunk state.

Workaround: None. This problem is resolved in software release 8.7(1). (CSCsk7575Changing the system time manually has no effect on summertime.

For example:

If system time is Nov 4, 01:30:00 AM and the Summertime is enabled then when the system time ticks to 02:00 AM the summtertime ends and falls back by one hour to 01:00 AM. Now the show summertime shows 2008 summertime period which is correct.

When, the system time is changed to March 3, 2007 09:00:00 AM, the show summertime still shows 2008 summer time period. It should show the summertime for the year reflected in the current time.

Workaround: Set the summertime manually. This problem is resolved in software release 8.7(1). (CSCsi15955)

Catalyst 6500 series switch fails to clear VLAN- ACL mapping when switching to the standby Supervisor Engine . This condition is observed only when dot1x is enabled.

Workaround: None. This problem is resolved in software release 8.7(1). (CSCso08889)

On a Catalyst 6500 series switch running Catalyst operating system, CGMP may not work as expected. If the IGMP mode is set to"auto", the operational mode may remain IGMP - only even when a CGMP router is connected to the switch.

Workaround:

1. Change the IGMP mode from "auto" to "igmp-cgmp" by using the command "set igmp mode igmp-cgmp".

2. Place the sc0 interface in a VLAN in which a CGMP- enabled router exists.This problem is resolved in software release 8.7(1). (CSCsg82446)

When a channel spans multiple modules and one of the links goes down and comes up, the ifindex related to that EtherChannel may be lost. This condition does not impact the etherchannel in form or function.

Workaround: Disabe all the ports in the channel and enable them again should resolve this issue. This problem is resolved in software release 8.7(1). (CSCsh23570)

Open and Resolved Caveats in Software Release 8.6(6)

These sections describe open and resolved caveats in supervisor engine software release 8.7(1):

Open Caveats in Software Release 8.6(6)

Resolved Caveats in Software Release 8.6(6)

Open Caveats in Software Release 8.6(6)

This section describes open caveats in supervisor engine software release 8.6(6):

EAPOL is not rate-limited when 802.1X is enabled on a port. All EAPOL BPDU packets that are received by the port are sent to the switch processor.

Workaround: None. (CSCsl09177)

Link Layer Discovery Protocol (LLDP) is processed regardless of 802.1state on a port.

Workaround: None. (CSCsl01711)

Online diagnostics fail on most modules after they are upgraded to software release 8.6(4).

Workaround: None. (CSCsl42629)

On a Catalyst 6500 series switch running software release 8.6(6), after sending an EAP-start packet, if a dot1x-enabled supplicant host connected to an IP phone, , is disconnected without authentication and another nonsupplicant host is connected to the IP phone, the host does not fall to MAB(MAC Authentication Bypass) and the port gets locked in dot1x.

Workaround: Authenticate the dot1x enabled supplicant host, log off and then connect to a nonsupplicant host. (CSCsq93015)

Resolved Caveats in Software Release 8.6(6)

This section describes resolved caveats in supervisor engine software release 8.6(6):

On Catalyst 6500 series switches running on software release 8.6(5) and redundant Supervisor Engine 720 with MSFC, CPU hog is encountered on the switch processor when WCCP is diabled. This problem occurs because WCCP fails to find the cache engine before WCCP is disabled. This problem also leads to a NetFlow CPU hike nearly 100 percent indefinitely.

Workaround: Reset the switch or activate the standby supervisor engine. This problem is resolved in software release 8.6(6). (CSCso68324)

On a Catalyst 6500 series switch running software release 8.6(6), if you execute a file transfer using FTP and AAA authentication, the console locks up.

Workaround: Reload the switch. This problem is resolved in software release 8.6(6). (CSCso88314)

On a Catalyst 6500 series switch running software release 8.5(2) multiple WS-X6148A-GE-45AF linecards generate the following error:

%SYS-2-MOD_TEMPSENSORFAIL:Module # temperature sensors failed, please %powercycle the 
module 

Workaround: Power cycle the module as per the error message. This problem is resolved in software release 8.6(6). (CSCsl37513)

PIM hellos are not reaching the Supervisor Engine 2 after an interface down event occurs on the last active port of a module. This condition is observed when a switch running on Catalyst Operating System 8.6(4) on Supervisor Engine 2 and MSFC2 on IOS 12.2(18)SXF11).

Workaround:

Do not shut or disconnect the last link on an interface module.

Power down the interface module and if the last active link on it needs to be removed or disconnected enter"set module power {up| down} <mod>"command. This problem is resolved in software release 8.6(6). (CSCsq01258)

When a Rapid-PVST + is configured in spanning tree mode dot1q trunk is not formed properly on the connected ports after a VTP domain mismatch. The dot1q trunk fails to form dynamically even after associated trunk ports are disabled and reenabled. This condition occurs when Rapid-PVST+ is enabled even in a transparent VTP mode.

Workaround: Correct the VTP domain mismatch and powercycle the affected switch, which will allow the dot1q trunk to form properly. This problem is resolved in software release 8.6(6). (CSCso07238)

Open and Resolved Caveats in Software Release 8.6(5)

These sections describe open and resolved caveats in supervisor engine software release 8.6(5):

Open Caveats in Software Release 8.6(5)

Resolved Caveats in Software Release 8.6(5)

Open Caveats in Software Release 8.6(5)

This section describes open caveats in supervisor engine software release 8.6(5):

Link Layer Discovery Protocol (LLDP) is processed irrespective of 802.1X state on a port.

Workaround: None. (CSCsl01711)

EAPOL is not rate-limited when 802.1X is enabled on a port. All EAPOL BPDU packets that are received by the port are sent to the switch processor.

Workaround: None.(CSCsl09177)

Online diagnostics fail on most cards after upgrading to 8.6(4).

Workaround: None. (CSCsl42629)

SPT port state transitions to PVID-Inconsistent state on change of native VLANs on the trunk links. This conditions is seen when the native VLANs of the trunk ports are to be changed over a span of few seconds or less.

Workaround: Flap the link on the other side of the trunk to reconverge to original topology. (CSCsj55292)

On Catalyst 6500 Series Switches running on software release 8.6(5) and hybrid redundant Supervisor Engine 720 with MSFC, CPU Hog is encountered on SP when disabling WCCP. This problem occurs because WCCP fails to find the Cache Engine before WCCP is disabled. This problem also leads to NetFlow CPU hike nearly 100% indefinitely.

Workaround: Reset the switch or activate the standby supervisor module. (CSCso68324)

Resolved Caveats in Software Release 8.6(5)

This section describes resolved caveats in supervisor engine software release 8.6(5):

When the configuration is fully loaded in the 13 Slot Catalyst 6500 switch with redundant Supervisor Engine 32 running software release 8.6(4), the following diagnostic test message appears after resetting the switch.

DIAG-3-CARD_ABSENT: Module 14 is not detected. 

This symptom appears irrespective of one or multiple port-channels are configured on the system. This is misleading as if Catalyst 6500 switch with redundant Supervisor Engine 32 supports only 13 modules.

Workaround: None. This problem is resolved in software release 8.6(5). (CSCsl62029)

After HA, 802.1X reauth timer value is set to the reauth value instead of the session timeout value. This condition occurs in Catalyst 8.6(2) operating system.

Workaround: None. This problem is resolved in software release 8.6(5). (CSCsk23245)

The show port mac-auth-bypass command displays a port in authenticated state on reauth when the critical feature is enabled on the port and RADIUS is unreachable.

Workaround: None. This problem is resolved in software release 8.6(5). (CSCsl47391)

When upgrading from 7.6(9) to 8.6(3), the QoS ACL is lost. This condition occurs when the switch running 7.x image has low free NVRAM memory and is upgraded to 8.3 or post 8.3 image in binary configuration mode.

Workaround: Change the configurationmode to text and upgrade.

This problem is resolved in software release 8.6(5). (CSCsl17301)

A Catalyst 6000 series switch may experience a memory leak in general message handler process when disabling or enabling a port connected to an access point on a WS-X6148A-GE-45AF with WS-F6K-48-AF submodel. This condition occurs only with VDB Police capable cards with inline power daughter board.

Workaround: None.

This problem is resolved in software release 8.6(5). (CSCsm26682)

A very slow memory leak occurs with dot1x and EAP-TTLS authentication mechanism enabled on a switch running 8.6(3). This causes the switch to run out of memory clusters and display the following log message:

SYS-3-SYS_MEMLOW: MCluster usage exceeded 90% 

Workaround: Reboot the switch.

This problem is resolved in software release 8.6(5). (CSCsm81461)

The connectivity to the switch may be lost between a secondary PVLAN and its associated primay PVLANs promiscuous port after a reset occurs. But the connectivity between clients in the same community VLAN is not lost. This condition occurs when PVLAN mapping is created on the reset of switch.

Workaround: Clear the PVLAN mapping with the clear pvlan mapping <x> command and then reconfigure the mappings appropriately.

This problem is resolved in software release 8.6 (5). ( CSCsi23783)

On Catalyst 6500 series switches running on software release 8.6(3), both Firewall Service Modules become active. This condition occurs when you upgrade to software release 8.6(4). The switch would be utilizing configuration mode text with auto-save at the default of 30 minutes. The EtherChannel dynamically formed for the FWSM may show 5 of 6 trunks in an error disabled state due to misconfiguration. This can be seen in the output of showport errdisable channel-misconfig.

Workaround: Manually reset the slot where the FSWSM is resident.

This problem is resolved in software release 8.6(5). (CSCsm77097)

The show envi temp command displays N/A for MSFC3 intake and exhaust temperature on Supervisor Engine 720.

Workaround: None. This problem is resolved in software release 8.6(5). (CSCsk59113)

The switch becomes non-responsive and eventually reloads after the following sequence of commands:

#set trace tacacs

#show config all | include

Workaround: Turn off tacacs trace before issuing show config #set trace tacacs 0

This problem is resolved is software release 8.6(5). (CSCsl09481)

Open and Resolved Caveats in Software Release 8.6(4)

These sections describe open and resolved caveats in software release 8.6(4):

Open Caveats in Software Release 8.6(4)

Resolved Caveats in Software Release 8.6(4)

Open Caveats in Software Release 8.6(4)

This sections describe open caveats in supervisor engine software release 8.6(4):

After HA, 802.1X reauth timer value is set to the reauth value instead of the session timeout value. This condition occurs in Catalyst 8.6.2 operating system.

Workaround: None.(CSCsk23245)

DAI is enabled on few VLANs after a system reset.

Workaround: None.(CSCsh64209)

Four-port Gigabit Interface out of sync on all LC after non-HA with traffic.

Workaround: Enable HA before performing switchover. (CSCsl65788)

Online diagnostics fail on most cards after upgrading to 8.6 (3.28).

Workaround: None. (CSCsl42629)

When the configuration is fully loaded in the 13 Slot Catalyst 6500 with redundant Supervisor Engine 32 running software release 8.6(3.32). It is observed that the following diagnostic test message appears after resetting the switch. This symptom seems to appear only if one or multiple port-channels are configured on the system.

DIAG-3-CARD_ABSENT: Module 14 is not detected. 

Workaround: None. (CSCsl62029)

Link Layer Discovery Protocol (LLDP) is processed irrespective of 802.1X state on a port.

Workaround: None. (CSCsl01711)

EAPOL is not rate-limited,when 802.1X is enabled on a port. All EAPOL BPDU packets that are received by the port are sent to the switch processor and are not rate-limited.

Workaround: None.(CSCsl09177)

The command "show port mac-auth-bypass" displays port in authenticated state on reauth when critical feature enabled on port and RADIUS unreachable.

Workaround: None.(CSCsl47391)

When 802.1X is enabled on a port, violation is not triggered with Voice-VLAN-ID

Workaround: None. (CSCsl64046)

Resolved Caveats in Software Release 8.6(4)

This section describes resolved caveats in supervisor engine software release 8.6(4):

In Catalyst operating system supervisor running on software release 8.6(1), DACL cannot be applied when parsing of other VSAs fail. When DACL is sent along VSAs, like QOS vacl and port is in port-based qos mode, the port does not move to auth-fail, it goes in an connecting->authenticating->policy-config->waiting loop.

Workaround: None. This problem is resolved in software release 8.6(4). (CSCsj14165)

In Catalyst 8.6.1 operating system, ports authenticated with IEEE 8021x that had HA subsequently enabled, sometimes saw an IEEE 8021x authentication error

Workaround: Disable/enable the port . This problem is resolved in software release 8.6(4). (CSCsj28712)

In Catalyst 8.6.1 operating system, the aux port in a VLAN configured with IEEE 802.1X authentication, shuts down when EAPOL or EPOL encapsulation over LAN-Start of a different MAC address is seen.

Workaround: None . This problem is resolved in software release 8.6(4).(CSCsh22945)

Pings or other traffic destined for the FE interface of a 128-port Adhoc conferencing, and transcoding (ACT) port adapter (WS-SVC-CMM-ACT), whic is installed in a Cisco Communication Media Module (CMM), may not go through, and the following error messages appear:

"SYNDIAGS:Minor hardware problem in Module" or
"%SYS-1-MOD_MINORFAIL:Minor problem in module" or
"%SYS-4-NVLOG:SYNDIAGS:Minor hardware problem in Module"

These messages indicates the module number of the CMM. The output of the show diagnostic result module and module-number command shows "F" for both the Gigabit and Fast Ethernet interfaces of the WS-SVC-CMM-ACT. These symptoms are observed on a Cisco Catalyst 6000 series switch and Cisco 7600 series router that have a Supervisor Engine 32 in which a CMM is installed. The symptoms occur in Cisco IOS Release 12.4(12) but may also affect other releases.

Workaround: During the boot process, the supervisor engine performs a diagnostic test for line cards. If the diagnostics test fails for the WS-SVC-CMM-ACT, the error messages that are mentioned above appear. The supervisor engine places the WS-SVC-CMM-ACT in the "err-disabled" state. To bypass the diagnostic test for line cards, enter the following commands:

For the Cisco IOS software image:

router(config)#diagnostic bootup level bypass

For the CatOS software image:

Console>(enable)set test diaglevel bypass

This problem is resolved in software release 8.6(4). (CSCsi29144)

After failing over from active to standby Supervisor in a redundant Supervisor Engine 720-3b system running 8.5(8), allmodules have incorrect fpoe programmed for management.

Workaround:None. This problem is resolved in software release 8.6(4). (CSCsk34156)

Link flaps may intermittently occur on 10Gigabit Ethernet interfaces with certain XENPAK transceivers.This problem only occurs on 10GBase-SR . As DOM is not supported for this XENPAK type by IOS, the interaction between the XENPAK DOM hardware and the IOS DOM polling mechanism may cause the link to flap.

Workaround: None. This problem is resolved in software release 8.6(4). (CSCsj73669)

A Catalyst 6500 switch with WS-6704-10GE or SUP32-10GE cards using XENPAK transceivers, may not enable the XENPAK's transmitter upon module reload or live-insertion of the XENPAK transceiver. As a result, the partner port reports that the link is down. The XENPAK transceiver's transmitter might not get turned on, upon XENPAK live-insertion, or after the module is reloaded.

Workaround: Execute shut/ no shut, will recover the interface. This problem is resolved in software release 8.6(4). (CSCsi94863)

If an interface that is in"notconnect" state and is linked up incorrectly because of removing and inserting in very short period of time peer XENPAK, which is in"disabled" state.One is "disabled" (shut), the other is "notconnect" (no shut). It does not depend on the type of XENPAK. Remove XENPAK on "disabled" port and reinsert it in very short a period of time. The "notconnect"port is to be linked up even though the other side is "disabled".

Xenpak (disabled) -------- Xenpak (notconnect)

Workaround: Enter "no shut" then "shut" on the "disabled" port. This problem is resolved in software release 8.6(4).(CSCsh18773)

After enabling DHCP IPSG on a port that is in port-based security-acl mode and then disabling IPSG, it is not possible to set the port back to VLAN-based security-acl mode. An error message appears indicating that you cannot change the mode to VLAN-based while there is an ACL mapped to the port. In addition, a "show security acl tcam [port]" prints one line reading "Input," rather than stating "No ACL programmed on this interface." Resetting the supervisor engine resolves the issue. Conditions:

set port security-acl [mod/port] port-based
set port dhcp-snooping [mod/port] source-guard enable

Workaround: Reset the supervisor.This problem is resolved in software release 8.6(4). (CSCsg40658)

When VTP pruning is enabled, multicast traffic sourced from vlan may still get forwarded out of the port-channel, which should be pruned off the port-channel due to VTP pruning.This problem happens after one of the member ports in the port-channel goes up anddown. During the problem, "VLANs in spanning tree forwarding state and not pruned" under "show trunk" does not show the problem in the output and shows only the VLAN, that the multicast traffic is sourced from,and is pruned correctly.

Workaround:Disable all ports in the channel and then re-enable them all. This problem is resolved in software release 8.6(4). (CSCsj82593)

Removing a port from a vlan will cause the entire vlan's multicast cam table to flush, even if that port is not the source or the receiver of the traffic. This condition occurs when Layer 2 Multicast with no PIM is configured on a Catalyst operating system software on the supervisor engine and Cisco IOS software on the MSFC.

Workaround: 1) Disable igmp flooding:set igmp flooding disable. 2) Force PIM to be the IGMP querier, enable PIM on VLAN interface. This problem is resolved in software release 8.6(4). (CSCsk07136)

After configuring 'set spantree global-default portfast enable' and 'set spantree global-default bpdu-guard enable' on the SP, port 15/1 went into err-disable.However,could not recover the port status since 15/1 is not configurable. You need to reload the switch. This condition occurs when doing fallback bridging on the MSFC for design reasons.

Workaround: Disable BPDU guard and BPDU filter explicitly for MSFC ports. This problem is resolved in software release 8.6(4). (CSCsk15951)

Serial Link Protocol (SLP) communication sent through EOBC between the two Supervisor Engine 2 fails to send packets. The message is observed periodically on the console port.

Workaround: Remove the standby Supervisor Engine Module. This problem is resolved in software release 8.6(4). (CSCsk62773)

A Catalyst 6500 series switch running on software release 8.6(3), stops responding when copying a file to an SCP server, when using SCP copy. For example, entering switch> (enable) copy config scp all command may lead to this condition.

Workaround: Use a different method to transfer files to/from the switch. For example, use TFTP on your network. This problem is resolved in software release 8.6(4). (CSCsk63863)

Port channel configuration loss occurs in text configuration mode after a reset/upgrade. The problem might not happen after every reset/upgrade.This problem can happen for PAGP and LACP and it is time related.

Workaround: Change the configuration mode to binary. This problem is resolved in software release 8.6(4). (CSCsl02526)

The switch may exhibit SPANTREE-2-LOOPGUARDBLOCK error message on a port channel interface. The spanning tree message will note: moved to loop-inconsistent state. This condition is seen when a FWSM is set to shutdown (not powered down) other port channels on the switch. It may exhibit loop-inconsistent state and fail to come back to operation for long periods of time or not come back to operation at all. The affected VLANs are associated with the external and internal port channels used by the FWSM.

Workaround: Alternate to using shutdown command to disable the FWSM, would be to use set module power down <slot_num>

This problem is resolved in software release 8.6(4). (CSCsl24220)


Caution If configuration auto save is enabled then the configuration for the FWSM slot may be lost after the auto save time period or the write memory command is issued.

After upgrading from software release 7.x to 8.6(4), the image sync timer is changed from 120 seconds to 2 seconds. This condition is observed in a dual supervisor configuration.

Workaround: Reconfigure it back to120 by entering set boot sync timer 120 command. This problem is resolved in software release 8.6(4). (CSCsl34565)

When the spanning tree protocol is changed on a root bridge from PVST+ to Rapid-PVST+ and if the loop guard is present on the ports attached to other PVST+ bridges, the VLAN goes into an inconsistent state. This symptom is observed when spanning tree loop guard is present on ports interconnecting PVST+ bridges and subsequently the spanning tree protocol is changed to Rapid-PVST+ on the root bridge.

Workaround: Disabling spanning tree loop guard will prevent the VLAN from going into a loop-inconsistent state. When both bridges' spanning tree protocol are set to Rapid-PVST+, loop guard can be enabled again. This problem is resolved in software release 8.6(4). (CSCsl34983)

With large amounts of unicast or multicast traffic, the following error message may be generated on a Supervisor Engine 2 or a line card that functions in bus/flow through mode:

Bus Asic #0 out of sync error: Module needs troubleshooting

This symptom is observed on a Cisco Catalyst 6500 series switch and Cisco 7600 series router and may occur on one of the following cards.

Sup2

WS-SVC-FWM-1

6516-GBIC

6516-GE-TX

6501-10GEX4

6502-10GE

6548-RJ-45

6548-RJ-21

6524-100FX-MM

These cards must be operating in bus/flow through. In order to not operate in bus/flow through mode an SFM (WS-C6500-SFM) module must be installed or a Sup720 must be used. To determine which mode your module is operating in you can verify with the show fabric command. If you are not in bus/flow through mode this is not an issue. Catalyst software releases 8.6(1) through 8.6(3) are affected.

Workaround:There is no configurable workaround. The only options are to upgrade or operate in a mode other than bus/flow through with the use of an SFM or a Supervisor Engine 720. This problem is resolved in software release 8.6(4). (CSCsl48923)

High CPU utilization in the SUPERVISOR running 8.5(x) in the FIB process, when a large number of recursive routes in iBGP. Conditions: Issue was found on a switch running SUP2/MSFC2 with 8.5(x) + 12.1E IOS with FLEXWAN and PA-A3-T3 + Two Equal cost path to the iBGP NEXT HOP which MUST include the ATM link. + The two equal cost path can be:

external EIGRP/OSPF routes

the static routes

For example:

ip route 172.16.99.1 255.255.255.255 20.20.20.20  ---> out VLAN2
ip route 172.16.99.1 255.255.255.255 30.30.30.30  ---> out ATM interface on FLEXWAN

Workaround: The issue does not occur if the two equal cost paths are pointing out VLAN interfaces

For example:
#ip route 172.16.99.1 255.255.255.255 10.10.10.10  ---> out VLAN1
#ip route 172.16.99.1 255.255.255.255 20.20.20.20  ---> out VLAN2

This problem is resolved in software release 8.6(4). (CSCsk19133)

When connecting to the device via ssh, you are automatically put in enable mode to execute all commands. However, when doing a remote execution of commands using SSH, you can only execute priv1 commands. Both cases you can use the same username.

ssh -l username 1.1.1.1 "show ver"  -> will work (priv level is 1)
ssh -l username 1.1.1.1 "show run"  -> fails (priv level 15)

This symptom is observed when:

Using TACACS+ authentication on the switch

Using SSH to remotely execute commands on the switch

Workaround: Use local authentication or login to the switch through SSH and manually execute the command. This problem is resolved in software release 8.6(4).(CSCsk87443)

On a Catalyst 6500 series switch with Supervisor Engine-720 running 8.6(1), if the switch is configured for re authenticating an Odyssey Client either by using the value set by RADIUS server or locally setting the timeout, the switch adds a slight drift delaying the time the Request Identity is sent out.

Further, this drift increases linearly with session-timeout value. For example, if the session timeout is set to 4mins (240 secs), the switch initiates an Identity Request around 4 mins 44 secs (274 secs- 284). If this timeout is increased to 5 mins, the switch sends the request at 5 mins 55 second. Roughly the drift increases by 10 seconds for increase of 1 min in the timeout value.

For this particular client, it expects an Identity Request within 120 seconds from the timeout. For example, if timeout=4 mins, client expects Id Req within 6 mins. So, when timeout = 12 mins, the reauthentication never happens within 120 seconds causing the client to drop off the network.

Conditions: Server --- Switch -- Client

Steel Belted Radius Server and an Odyssey Client which implement the EAP-TTLS authentication protocol. Seen with 8-6-1 release with session-timeout set locally or obtained from the RADIUS server.

Workaround: For the Odyssey client, to set the session-timeout to less than 12 minutes. This problem is resolved in software release 8.6(4). (CSCsi80855)

A Catalyst 6500 series switch running on a Catalyst operating system release 8.6(4), it is observed that during bootflash squeeze operation, the process lockup. As a result, bootflash is not accessible or usable. Also a reboot of the system in this status will give as a result a corrupted image, the system would need to boot from external compact flash image.

Other symptoms observed on the same switches (when bootflash is locked up):

show conf command is not able to be performed, since shows up:

TFTP session in progress. Try again later.

logging functionality stops working (no more messages generated into the logging buffer)

This condition is triggered when DHCP snooping is also enabled on the box, and binding database being written on the bootflash.

Workaround: Reload the system from external disk. This problem is resolved in software release 8.6(4). (CSCsj64000)

In Catalyst operating system software release 8.6 (2), ports with IEEE802.1X and configured with QoS acl result in map not being applied in HA scenario.

Workaround: None. This problem is resolved in software release 8.6(4). (CSCsj12739)

With 802.1X is configured on a port, and the port gets a PVLAN from the ACS server, all ports in the ASIC group automatically have their trunk mode set to off. For the ports in the ASIC group that are affected by PVLANs having their trunk mode not set to off , 802.1X authentication should fail.

Workaround: Fail the authentication if any port's trunk status is not set to off in the same ASIC. This problem is resolved in software release 8.6(4). (CSCsg86688)

Configuration loss occurs on critical auth on an upgrade from software release 8.5.8 to 8.6.1.

Workaround: Reconfigure critical auth. The command line interface on software release 8.5.8 for critical auth is deprecated. This problem is resolved in software release 8.6(4)(CSCsh75713)

DHCP-snooping bindings are not created for ports in a channel.

Workaround: None. This problem is resolved in software release 8.6 (4)(CSCsh72616)

Open and Resolved Caveats in Software Release 8.6(3)

These sections describe open and resolved caveats in supervisor engine software release 8.6(3):

Open Caveats in Software Release 8.6(3)

Resolved Caveats in Software Release 8.6(3)

Open Caveats in Software Release 8.6(3)

This section describes open caveats in supervisor engine software release 8.6(3):

Tracebacks and alignment errors may occur after an asynchronous PPP call disconnects.

Workaround: None.

The Link Aggregation Control Protocol (LACP) channel breaks after several non-HA switchovers.

Workaround: None. (CSCsd61508)

Configuration loss occurs on critical auth on an upgrade from software release 8.5.8 to 8.6.1.

Workaround: Reconfigure critical auth. The command line interface on software release 8.5.8 for critical auth is deprecated. (CSCsh75713)

DHCP-snooping bindings are not created for ports in a channel.

Workaround: None. (CSCsh72616)

DAI is enabled on few VLANs after a system reset.

Workaround: None. (CSCsh64209)

The IP Phone ACE is not present in the TCAM after a system reset configured for auto-save.

Workaround: None. (CSCsh52990)

DAI on switch ports is not functioning with IPSG when DAI is enabled first.

Workaround: None. (CSCsh48166)

MAB ports are in forwarding state on multiple VLANs.

Workaround: This is a display problem. Traffic is not affected. (CSCsg94068)

Port shutdown occurs on the second MAC address on a port security-enabled port configured with an auxiliary VLAN and dot1x.

Workaround: None. (CSCsg78223)

URL redirect is not working with a different HTTP server port.

Workaround: None. URL redirection is supported on HTTP port 80 only. (CSCsd43177)

On a switch with PVLANs configured, the active supervisor engine crashes after a non-high availability switchover.

Workaround: None. (CSCsh55379)

A new PVLAN map cannot be configured on a port unless the port is in OFF mode.

Workaround: None. (CSCsh65474)

Packet capture can result in dropped protocol packets (for example, STP, UDLD, and PAGP), which results in network instability. The dropped packets can also affect system performance or inband connectivity when sc0/sc1 interface packets are dropped without warning.

Workaround: None. (CSCsh19826)

Unknown unicast traffic floods the VLAN. Multicast or flood traffic is not captured in the transmit direction in MPA. The traffic comes on broadcast and multicast LTLs and therefore cannot be rate-limited and can cause the inband to choke and crash.

Workaround: None. (CSCsg88097)

The destination device may receive twice the number of packets actually transmitted from the switch. In addition, the dump file may not reflect proper statistics. This might happen when the switch is operating in truncated mode. This is a hardware limitation.

Workaround: None. (CSCsf19014)

Multicast or flood traffic is not captured in the transmit direction in MPA. This occurs because the traffic comes on broadcast and multicast LTLs and therefore cannot be rate-limited and can cause the inband to choke and crash.

Workaround: None. (CSCsh23980)

CFM Continuity Check (CC) messages are not reaching the NMP if the receive port is on a WS-6148X2-RJ-45.


Note CFM is not supported on the WS-6148X2-RJ-45 and WS-6548-RJ-45.


Workaround: None. (CSCsd25109)

CFM loopback and traceroute fails if forwarding link is an ISL trunk.

Workaround: None. (CSCsd13642)

You cannot enable CFM on an RSPAN VLAN.

Workaround: None. (CSCsd26451)

The show qos statistics l3stats command is supported in Supervisor Engine 2s equipped with a WS-F6K-PFC2. However, peak and average rate counters are broken and/or inaccurate for non-IP packets with COS changed.

Workaround: None. (CSCse17681)

The show qos statistics l3stats command indicates that the peak rate for "non-IP packets with TOS changed" is inaccurate at times.

Workaround: None. (CSCsg86633)

The show qos statistics l3stats command in all supported supervisor engines indicates that the peak rate, average rate, and total packets for "Packets dropped due to policing" is inaccurate.

Workaround: None. (CSCsd82861)

If an aux vlan is configured and port security is enabled with maximum MAC 3, phone traffic on native vlan after port security is enabled, shuts down the port.

Workaround: Power off and power on the phone. (CSCsg79868)

In Catalyst 8.6.1 operating system, when the MAC address mask is configured with values in the mask field the host goes into exception state and the URL-Redirect string and group policies are not applied. For instance, when MAC address and mask is 00-12-79-cd-88-69 00-00-00-00-00-FF, host goes to exception state.

Workaround: For above mac mask, the correct mask is 00-12-79-cd-88-00 00-00-00-00-00-FF (the last 2 bytes of mac address should be 00). (CSCsh72654)

In Catalyst 8.6.1 operating system, the aux port in a VLAN configured with IEEE 802.1X authentication, shuts down when EAPOL or EPOL encapsulation over LAN-Start of a different MAC address is seen.

Workaround: None (CSCsh22945)

In Catalyst 8.6.1 operating system, ports authenticated with IEEE 8021x that had HA subsequently enabled, sometimes saw an IEEE 8021x authentication error

Workaround: Disable/enable the port (CSCsj28712)

In Catalyst 8.6.1 operating system, DACL cannot be applied when parsing of other VSAs fail. When DACL is sent along VSAs, like QOS vacl and port is in port-based qos mode, the port does not move to auth-fail, it goes in an connecting->authenticating->policy-config->waiting loop.

Workaround: None (CSCsj14165)

Port authenticated with IEEE 802.1X does not move to auth fail, if there is configuration mismatch on the switch. This is seen only when QOS ACL is assigned from the Radius

Workaround: Configure the switch with proper configuration. QOS ACL should not be sent from Radius (CSCsj07424)

In Catalyst 8.6.2 operating system, IEEE 802.1X radius-keepalive when disabled is shown in show config. output but not in show dot1x output.

Workaround: None. (CSCsi75267)

In Catalyst 8.6.2 operating system, if you map a vacl to the port with the same deny arp-inspection ace in the vacl, it gets denied and port remains in ipwaiting state. Deny arp-inspection ace does not work in pacl.

Workaround: Map vacl with deny arp-inspection ace or use DAI on port. (CSCsi88922)

In Catalyst 8.6.2 operating system, portsauthenticated with IEE802.1X and configured have Qos acl and security acl mapped to same vlan, the acl goes to non committed state when an HA switch over takes place.

Workaround: Unmap qos acl from vlan and map it after the HA switchover. (CSCsj12624)

In Catalyst 8.6.2 operating system, ports with IEEE802.1X and configured with QoS acl result in map not being applied in HA scenario.

Workaround: None (CSCsj12739)

Secondary vlan traffic seen on Prom trunk after switch reset. The switch is configured with pvlan Prom trunks and traffic flows on primary vlan as expected before switch reset. After a reset, the traffic is seen on secondary vlan on prom trunk. Switch must be configured with pvlan prom trunks and the behavior is observed after system reset.

Workaround: Clear pvlan mapping config on the prom trunk and reconfiguring will solve the problem. Or enable/disable the prom trunk. (CSCsi84971)

Resolved Caveats in Software Release 8.6(3)

This section describes resolved caveats in supervisor engine software release 8.6(3):

CFM CC messages are not generated during a supervisor engine switchover if there are multiple CFM domains mapped to one CFM level.

This problem is resolved in software release 8.6(3). (CSCsh81272)

On switches with a Supervisor Engine 2 and MSFC 2 that are running hybrid software (Catalyst operating system and MSFC Cisco IOS), the supervisor engine might crash due to a watchdog timeout on the ACL manager shortly after a large RACL (contains 2,000 or more ACEs) is applied to one of the switch virtual interfaces (SVIs) on the MSFC.

This problem is resolved in software release 8.6(3). (CSCse44785)

In the Catalyst operating system software release 8.6.2, a change in the IP address on ports authenticated with IEEE 802.1X, causes the reauth-timer to restart.

This problem is resolved in software release 8.6(3). (CSCsj19840)

The switch might fail to forward multicast traffic.

This problem is resolved in software release 8.6(3). (CSCsc75774)

If daylight saving time is enabled on a switch with active and standby supervisor engines, the time displayed by the standby supervisor engine does not change to one hour earlier when daylight saving time ends. If a switchover occurs, and the standby supervisor engine becomes the new active supervisor engine, the time displayed by the new active supervisor engine also does not change to one hour earlier when daylight saving time ends.

This problem is resolved in software release 8.6(3). (CSCsi86485)

If daylight saving time is enabled using the set summertime recurring command on a switch with active and standby supervisor engines, and daylight saving time ends after a switchover has occurred, the time displayed by the new active supervisor engine changes to one hour earlier. However, the year value used to calculate the start and end dates for daylight saving time does not increment.

This problem is resolved in software release 8.6(3). (CSCsi89867)

When using DTP for trunking when the native VLAN is not VLAN 1 and the ports are in a channel, if you change the channel mode from desirable/nonegotiate dot1q to off, and then back again, the root bridge periodically fails to send configured BPDUs.

Forwarding loops are introduced across the channel links, and eventually are errdisabled due to channel misconfiguration.

This problem is resolved in software release 8.6(3). (CSCsj26890)

On Catalyst 6500 series switches running software release 8.5(x), if you upgrade the EPLD on the WS-X6548-GE-TX module (download epld command), the switch can fail.

Workaround: Use a Catalyst OS software release other than software release 8.5(x) to upgrade the EPLD.

This problem is resolved in software release 8.6(3). (CSCsd29099)

When switching from binary mode to text mode and enabling the autosave feature using the set config mode text auto-save enable command, the autosave feature does not function.

Workaround:

Change the config mode to text mode and reboot before you enable the autosave feature.

Reboot the switch to trigger the auto-save timer if you are changing to text mode and enabling auto-save at the same time.

This problem is resolved in software release 8.6(3). (CSCsh72411)

When receiving a BPDU timeout change referring to a single instance only, the CAM contents of all MST instances are removed. This occurs in software releases 8.5(7) and 8.5(8).

Workaround: None.

This problem is resolved in software release 8.6(3). (CSCsi15394)

The Catalyst 6500 series switch generates the newRoot trap even if it never becomes a root bridge.

Workaround: Disable the newRoot traps.

This problem is resolved in software release 8.6(3). (CSCsi40326)

When you set up a SPAN session and an MSFC ports (15/1 or 16/1) is the source port, the unicast flood packets are sent out the destination port on the SPAN. The supervisor engine does not allow unicast flood packets to be sent to the MSFC on VLANs that are on the trunk that is going to the MSFC. Traffic is sent out of the SPAN destination port that is not going to the MSFC.

Workaround: None.

This problem is resolved in software release 8.6(3). (CSCsi53648)

When configuring the spanning-tree mode to MISTP, channel flapping occurs.

Workaround:

Configure the spanning-tree mode to other than MISTP.

Configure the channel mode to on instead of desirable mode.

This problem is resolved in software release 8.6(3). (CSCsj06480)

When entering show commands with a network management tool that is connected to the Catalyst 6500 series switch with SSH version 2, a system failure occurs. A regular SSH session to the switch does not cause a system failure.

Workaround: Use SSH version 1 or telnet to the switch.

This problem is resolved in software release 8.6(3). (CSCsj47769)

Open and Resolved Caveats in Software Release 8.6(2)

These sections describe open and resolved caveats in supervisor engine software release 8.6(2):

Open Caveats in Software Release 8.6(2)

Resolved Caveats in Software Release 8.6(2)

Open Caveats in Software Release 8.6(2)

This section describes open caveats in supervisor engine software release 8.6(2):

Tracebacks and alignment errors may occur after an asynchronous PPP call disconnects.

Workaround: None.

The Link Aggregation Control Protocol (LACP) channel breaks after several non-HA switchovers.

Workaround: None. (CSCsd61508)

Configuration loss occurs on critical auth on an upgrade from software release 8.5.8 to 8.6.1.

Workaround: Reconfigure critical auth. The command line interface on software release 8.5.8 for critical auth is deprecated. (CSCsh75713)

DHCP-snooping bindings are not created for ports in a channel.

Workaround: None. (CSCsh72616)

DAI is enabled on few VLANs after a system reset.

Workaround: None. (CSCsh64209)

The IP Phone ACE is not present in the TCAM after a system reset configured for auto-save.

Workaround: None. (CSCsh52990)

DAI on switch ports is not functioning with IPSG when DAI is enabled first.

Workaround: None. (CSCsh48166)

MAB ports are in forwarding state on multiple VLANs.

Workaround: This is a display problem. Traffic is not affected. (CSCsg94068)

Port shutdown occurs on the second MAC address on a port security-enabled port configured with an auxiliary VLAN and dot1x.

Workaround: None. (CSCsg78223)

URL redirect is not working with a different HTTP server port.

Workaround: None. URL redirection is supported on HTTP port 80 only. (CSCsd43177)

On a switch with PVLANs configured, the active supervisor engine crashes after a non-high availability switchover.

Workaround: None. (CSCsh55379)

A new PVLAN map cannot be configured on a port unless the port is in OFF mode.

Workaround: None. (CSCsh65474)

CFM CC messages are not generated upon a supervisor engine switchover if there are multiple CFM domains mapped to one CFM level.

Workaround: Do not map multiple CFM domains to the same CFM level. Alternatively, disable and re-enable CFM globally on the new active supervisor engine after the supervisor engine switch over. (CSCsh81272)

Packet capture can result in dropped protocol packets (for example, STP, UDLD, and PAGP), which results in network instability. The dropped packets can also affect system performance or inband connectivity when sc0/sc1 interface packets are dropped without warning.

Workaround: None. (CSCsh19826)

Unknown unicast traffic floods the VLAN. Multicast or flood traffic is not captured in the transmit direction in MPA. The traffic comes on broadcast and multicast LTLs and therefore cannot be rate-limited and can cause the inband to choke and crash.

Workaround: None. (CSCsg88097)

The destination device may receive twice the number of packets actually transmitted from the switch. In addition, the dump file may not reflect proper statistics. This might happen when the switch is operating in truncated mode. This is a hardware limitation.

Workaround: None. (CSCsf19014)

Multicast or flood traffic is not captured in the transmit direction in MPA. This occurs because the traffic comes on broadcast and multicast LTLs and therefore cannot be rate-limited and can cause the inband to choke and crash.

Workaround: None. (CSCsh23980)

CFM Continuity Check (CC) messages are not reaching the NMP if the receive port is on a WS-6148X2-RJ-45


Note CFM is not supported on the WS-6148X2-RJ-45 and WS-6548-RJ-45.


Workaround: None. (CSCsd25109)

CFM loopback and traceroute fails if forwarding link is an ISL trunk.

Workaround: None. (CSCsd13642)

You cannot enable CFM on an RSPAN VLAN.

Workaround: None. (CSCsd26451)

The show qos statistics l3stats command is supported in Supervisor Engine 2s equipped with a WS-F6K-PFC2. However, peak and average rate counters are broken and/or inaccurate for non-IP packets with COS changed.

Workaround: None. (CSCse17681)

The show qos statistics l3stats command indicates that the peak rate for "non-IP packets with TOS changed" is inaccurate at times.

Workaround: None. (CSCsg86633)

The show qos statistics l3stats command in all supported supervisor engines indicates that the peak rate, average rate, and total packets for "Packets dropped due to policing" is inaccurate.

Workaround: None. (CSCsd82861)

If an aux vlan is configured and port security is enabled with maximum MAC 3, phone traffic on native vlan after port security is enabled, shuts down the port.

Workaround: Power off and power on the phone. (CSCsg79868)

In Catalyst 8.6.1 operating system, when the MAC address mask is configured with values in the mask field the host goes into exception state and the URL-Redirect string and group policies are not applied. For instance, when MAC address and mask is 00-12-79-cd-88-69 00-00-00-00-00-FF, host goes to exception state.

Workaround: For above mac mask, the correct mask is 00-12-79-cd-88-00 00-00-00-00-00-FF (the last 2 bytes of mac address should be 00). (CSCsh72654)

In Catalyst 8.6.1 operating system, the aux port in a VLAN configured with IEEE 802.1X authentication, shuts down when EAPOL or EPOL encapsulation over LAN-Start of a different MAC address is seen.

Workaround: None (CSCsh22945)

In Catalyst 8.6.1 operating system, ports authenticated with IEEE 8021x that had HA subsequently enabled, sometimes saw an IEEE 8021x authentication error

Workaround: Disable/enable the port (CSCsj28712)

In Catalyst 8.6.1 operating system, DACL cannot be applied when parsing of other VSAs fail. When DACL is sent along VSAs, like QOS vacl and port is in port-based qos mode, the port does not move to auth-fail, it goes in an connecting->authenticating->policy-config->waiting loop.

Workaround: None (CSCsj14165)

In Catalyst 8.6.2 operating system, a change in the IP address on ports authenticated with IEEE 802.1X, results in the reauth-timer is restarting. DHCP-Snooping [timeout/clear bindings] ->ARP, the reauth-timer is restarted.

Workaround: None (CSCsj19840)

Port authenticated with IEEE 802.1X does not move to auth fail, if there is configuration mismatch on the switch. This is seen only when QOS ACL is assigned from the Radius

Workaround: Configure the switch with proper configuration. QOS ACL should not be sent from Radius (CSCsj07424)

In Catalyst 8.6.2 operating system, IEEE 802.1X radius-keepalive when disabled is shown in show config. output but not in show dot1x output.

Workaround: None. (CSCsi75267)

In Catalyst 8.6.2 operating system, if you map a vacl to the port with the same deny arp-inspection ace in the vacl, it gets denied and port remains in ipwaiting state. Deny arp-inspection ace does not work in pacl.

Workaround: Map vacl with deny arp-inspection ace or use DAI on port. (CSCsi88922)

In Catalyst 8.6.2 operating system, portsauthenticated with IEE802.1X and configured have Qos acl and security acl mapped to same vlan, the acl goes to non committed state when an HA switch over takes place.

Workaround: Unmap qos acl from vlan and map it after the HA switchover. (CSCsj12624)

In Catalyst 8.6.2 operating system, ports with IEEE802.1X and configured with QoS acl result in map not being applied in HA scenario.

Workaround: None (CSCsj12739)

Secondary vlan traffic seen on Prom trunk after switch reset. The switch is configured with pvlan Prom trunks and traffic flows on primary vlan as expected before switch reset. After a reset, the traffic is seen on secondary vlan on prom trunk. Switch must be configured with pvlan prom trunks and the behavior is observed after system reset.

Workaround: Clear pvlan mapping config on the prom trunk and reconfiguring will solve the problem. Or enable/disable the prom trunk. (CSCsi84971)

Resolved Caveats in Software Release 8.6(2)

This section describes resolved caveats in supervisor engine software release 8.6(2):

100BASE-T SFPs (GLC-T) do not support features such as UDLD and auto-mdix disable. We recommend that you do not enable UDLD on these SFPs. Auto-mdix is always enabled on these SFPs and cannot be disabled.

This problem is resolved in software release 8.6(2). (CSCec26310)

The URL-redirect string in a policy is not accepting "?".

Workaround: Set editing disable.

This problem is resolved in software release 8.6(2). (CSCse29446)

802.1X URL-redirect entries are not cleared in port-based mode.

Workaround: Clear url-redirect entries manually.

This problem is resolved in software release 8.6(2). (CSCsf01060)

A memory leak occurs when L2IP is enabled. With EOU RADIUS accounting enabled , there is a memory leak of 2K bytes in the NacSMProc process during the DHCP IP release/renew.

Workaround: Disable EOU RADIUS accounting.

This problem is resolved in software release 8.6(2). (CSCsg92525)

You can disable the summertime setting by using the set summertime disable command when you are actually in summertime. This command will cause the clock to be set back to offset time. You can define the offset by using the set summertime recurring command or the offset will be set to a default of 60 minutes. (CSCsh11577)

This problem is resolved in software release 8.6(2). (CSCse79110)

MAB remains in the authenticated critical state after reauthentication.

Workaround: None.

This problem is resolved in software release 8.6(2). (CSCsh34895)

Clearing a primary or secondary VLAN on a dot1x- or MAB-authenticated port might cause the system to crash.

Workaround: Clear the mapping of the PVLAN to the port before clearing the PVLAN.

This problem is resolved in software release 8.6(2). (CSCsh70693, CSCsh46541)

CAM static entries are not cleared when a switching module is powered down.

Workaround: None.

This problem is resolved in software release 8.6(2). (CSCsh69300)

DHCP-snooping bindings are not created for ports in a channel.

Workaround: None.

This problem is resolved in software release 8.6(2). (CSCsh72616)

In Software Release 8.5(9), a new ignore keyword has been added. This option will detect the packet buffer failure and log a syslog message. During the detection process, traffic forwarding will stop for a few seconds. Once this process is complete, an attempt is made to resume traffic while leaving the packet buffer in this error state. This situation may result in the affected ports experiencing some indeterminate amount of packet loss.

This problem is resolved in software release 8.6(2). (CSCsi26386)

The output of the show logging buffer command displays some messages that do not conform to the standard message format. The messages include a date/time stamp at the beginning of the message. This situation prevents some syslog servers from correctly interpreting messages and notifying customers when necessary.

Workaround: None.

This problem is resolved in software release 8.6(2). (CSCsh86516)

When you use the set summertime date command to enable a change to daylight saving time (during the summertime), the switch may reset (or switch over to the standby supervisor engine if one is present) when the end of daylight saving time is reached.

This problem is resolved in software release 8.6(2). (CSCsi00968)

Small percentage of packet drops were observed in Queue3 after configuring wrr-queue to cos-mapping on a 6148A-GE-TX. Packets serviced in other queues were not affected.

Workaround: Reset the module affected or disable and enable a port that belongs to the same ASIC channel internally. Note that each internal channel has 8 external ports associated with it. This problem is resolved in software release 8.6(2).(CSCsh49043)

When running 7.6(3a) and rebooting a redundant SUP2 (due to an exception) with HA enabled, a packet drop is observed for few seconds.

Workaround: Disable diagnostic using the set test diaglevel bypass command. This problem is resolved in software release 8.6(2).(CSCsd89614)

The Catalyst 6000 system, is not sent a TC message during the uplinkfast routine the is being moved from forwarding to blocking ona later port. However, TC message is sent move from forwarding to blocking on previous port. This occurs on with software release 8.5(6) or earlier

Workaround: None. This problem is resolved in software release 8.6(2).(CSCsg24290)

When a Catalyst 6500 system is running on a single supervisor running CatOS and a supervisor running IOS is inserted or removed (OIR- online insertion removal) in the redundant slot, the system crashes. The behavior should either be that the second supervisor running an IOSsoftware release should either be disabled / powered down or should not crash the system. The symptom are consistently reproducible with system running 8.5(6).

Workaround: Do not install the redundant supervisor with IOS in a system that is already running on a supervisor with CatOS. This problem is resolved in software release 8.6(2). (CSCsg28478)

With a hybrid Supervisor Engine 2 configured to use configuration mode "text", the firewall services module (FWSM) module may not recover properly on reload of the entire switch. The startup configuration for this module does not get copied into the running config. Also, the port-channel between the FWSM and the backplane can come up as 2 separate port-channel groups instead of the proper single port-channel group.

Workaround: There are a couple ways to recover. 1) Change to configuration mode "binary" to no longer see this problem with the FWSM. 2) Reset the FWSM individually. This problem is resolved in software release 8.6(2). (CSCsg64817)

Under certain conditions with EtherChannel configured for desirable, a channel can take longer than a power up/down or a reset of the switch. Periods of up to 8 hours have been seen during testing. During this time, the trunk shows up, but no VLANs are in the not pruned list, spanning-tree has no state, and connectivity is broken. One side may also show the port channel up with one or multiple ports in the channel. CDP and DTP appear to work ok. Problem was seen on sup32 uplink ports, with QOS enabled.

Workaround: Configure channel mode "on". Disabling QoS fixes the problem immediately. This problem is not consistent in approximately 3/5 reloads. This problem is resolved in software release 8.6(2). (CSCsh17514)

On a Catalyst 6500 switch running Native IOS an interface configured to for full duplex may show up as half duplex in the output of the show int command. This is a cosmetic issue and some modules it has been seen on are: WS-X6248-RJ-45, WS-X6348-RJ-45 WS-X6148A-GE-TX

Workaround: None This problem is resolved in software release 8.6(2). (CSCsh38728)

When the supervisor crashes -a syslog message is displayed: * Cause: Breakpoint Exception. * CPU Hog. - Stack Decode: printf function Conditions: Supervisor crashes due to a printf (trace) function called on the DHCP Snooping packet processing routine. This function is being called in the code in the interrupt context.

Workaround: None.This problem is resolved in software release 8.6(2). (CSCsh52934)

On a Catalyst 6500 switch running in hybrid mode when a port in an etherchannel is disabled/enabled, rxOversizedPkts and ifInErrors counters count up. This symptom is seen even when there is no traffic traversing the link. The problem has been seen with the switch running CatOS release 8.5x.

Workaround: None. This problem is resolved in software release 8.6(2).(CSCsh68327)

Whenthe system is not in a redundant setup the supervisor and the corresponding MSFC show different states for the moduleStandbyStatus OID. The moduleStandbyStatus shows the value of "active" for the supervisor and shows the value of "other" for the MSFC. This occurs on a supervisor running CatOS 8.5(7) and a MSFC running 12.1(26) E6 when supervisor and MSFC are not in redundant setup.

Workaround: None. This problem is resolved in software release 8.6(2). (CSCsh88540)

Catalust 6500 running 8.5 and 8.6 on a SUP2 system crashes with TLB exception when certain aces with fragment keyword are applied. When an icmp or ip ace with fragment keyword is configured the box might crash with TLB exception.

Workaround: icmp or ip aces should not have fragment keyword configured in the CLI. This problem is resolved in software release 8.6(2). (CSCsi34126)

The cpaeUserGroupEntry is disappears ona port configureed IEEE 802.1X that has dACL enabled. This is because the entry is only populated with GroupManager feature, while GroupManager and dACL are mutually exclusive. cpaeHostInfoUserName, cpaeHostInfoAddrType, and cpaeHostInfoAddr were introduced to provide user name and it's IP address regardless the type of ACL currently used. The problem occurs in CatOS software release 8.6(1). Fix of this problem is applied to CatOS software 8.6(2) and later release.

Workaround: None This problem is resolved in software release 8.6(2). (CSCsi52821)

In a specific scripted environment, the switch will crash when running the clear pbf client command. Running this command on the CLI manually will not produce the problem. Running the command through some scripts will not produce the problem. The problem is seen in one specific scripted scenario and is considered a rare occurrence.

Workaround: Do not script this command, type it in manually through the CLI when it is time for that command to be run. This problem is resolved in software release 8.6(2). (CSCsi76364)

Egress traffic on wrong vlan port occurs upon module reset when the promiscuous trunk port is configured with more than 32 mappings. Switch must be running 8.6(2) or later image and PVLAN Promiscuous Trunk port must be configured with more than 32 pvlan mappings and the symptom is observed only after switch reset.

Workaround: The prom trunk needs to be configured with less than 32 pvlan mappings. Or after a switch reset, user need to clear the pvlan mapping on the port by using CLI clear pvlan mapping mod/port CLI and reconfigure the pvlan mappings. This problem is resolved in software release 8.6(2). (CSCsh55275)

In software release 8.2(1), the set errordetection packet-buffer command was added to detect packet buffer memory errors. You can use the set errordetection packet-buffer command to configure the switch to take one of three actions:

Use the set errordetection packet-buffer ignore command to detect an ecc error and log a syslog for packet buffer failures. The switch will continue to try to forward traffic.


Caution Do not use the ignore option in production networks. It is intended for debugging only.

Use the set errordetection packet-buffer power-cycle command to automatically power cycle the module when errors are detected. A power cycle of the module will disable all 48 ports for 30-40 seconds if the Rapid Boot feature is not used, or for 10 seconds if the Rapid Boot feature is used. A power cycle of the line module is necessary in order to fully recover all failed ports.

Use the set errordetection packet-buffer errdisable command (enabled by default) to automatically put the ports with this error condition in errdisable state. This command error-disables 12 or 24 or 48 ports depending upon where an error condition is detected.When you enter the errdisable detect cause packet-buffer-error command, the packet buffer error error-disables all the ports controlled by the port ASIC, and in some cases, all the ports on a module. A syslog message is displayed when a port experiences the error condition.

This option has the least impact on the network service during production hours. If possible, move the connection that is affected by the error-disabled ports to other available switch ports in order to restore service. Schedule a manual power cycle of the line card during the maintenance window.

The ports controlled by the port ASIC are as follows:

Supervisor Engine 720

WS-SUP720-3BXL—Port ranges per port group: 1-2
WS-SUP720-3B—Port ranges per port group: 1-2
WS-SUP720—Port ranges per port group: 1-2

Supervisor Engine 2

WS-X6K-S2U-MSFC2—Port ranges per port group: 1-2
WS-X6K-S2-MSFC2—Port ranges per port group: 1-2

10-Gigabit Ethernet Switching Modules

WS-X6708-10G-3C (WS-X6708-10GE with WS-F6700-DFC3C)—Port ranges per port
group: 1 port in each group
WS-X6708-10G-3CXL (WS-X6708-10GE with WS-F6700-DFC3CXL)—Port ranges per port group: 1 port in each group
WS-X6704-10GE—Port ranges per port group: 1 port in each group
WS-X6502-10GE—Port ranges per port group: 1 port in 1 group

Gigabit Ethernet Switching Modules

WS-X6748-SFP—Port ranges per port group: 1, 3, 5, 7, 9, 11, 13, 15, 17, 19, 21, 23, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 25, 27, 29, 31, 33, 35, 37, 39, 41, 43, 45, 47, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48
WS-X6724-SFP—Port ranges per port group: 1-12, 13-24
WS-X6816-GBIC—Port ranges per port group: 1-8, 9-16
WS-X6516A-GBIC—Port ranges per port group: 1-8, 9-16
WS-X6516-GBIC—Port ranges per port group: 1-8, 9-16
WS-X6416-GBIC—Port ranges per port group: 1-8, 9-16
WS-X6416-GE-MT—Port ranges per port group: 1-8, 9-16
WS-X6316-GE-TX—Port ranges per port group: 1-8, 9-16
WS-X6408A-GBIC—Port ranges per port group: 1-8
WS-X6408-GBIC—Port ranges per port group: 1-8

10/100/1000 Ethernet Switching Modules

WS-X6748-GE-TX—Port ranges per port group: 1-12, 13-24, 25-36, 37-48
WS-X6548-GE-TX—Port ranges per port group: 1-24, 25-48
WS-X6548V-GE-TX—Port ranges per port group: 1-24, 25-48
WS-X6548-GE-45AF—Port ranges per port group: 1-24, 25-48
WS-X6148A-GE-TX—Port ranges per port group: 1-8, 9-16, 17-24, 25-32, 33-40, 41-48
WS-X6148A-GE-45AF—Port ranges per port group: 1-8, 9-16, 17-24, 25-32, 33-40, 41-48
WS-X6516-GE-TX—Port ranges per port group: 1-8, 9-16

Fast Ethernet Switching Modules

WS-X6148-FE-SFP—Port ranges per port group: 1-16, 17-32, and 33-48
WS-X6524-100FX-MM—Port ranges per port group: 1-24
WS-X6324-100FX-SM—Port ranges per port group: 1-12, 13-24
WS-X6324-100FX-MM—Port ranges per port group: 1-12, 13-24
WS-X6224-100FX-MT—Port ranges per port group: 1-12, 13-24

Ethernet/Fast Ethernet (10/100) Switching Modules

WS-X6548-RJ-45—Port ranges per port group: 1-48
WS-X6548-RJ-21—Port ranges per port group: 1-48
WS-X6348-RJ-45—Port ranges per port group: 1-12, 13-24, 25-36, 37-48
WS-X6348-RJ-45V—Port ranges per port group: 1-12, 13-24, 25-36, 37-48
WS-X6348-RJ-21V—Port ranges per port group: 1-12, 13-24, 25-36, 37-48
WS-X6248-RJ-45—Port ranges per port group: 1-12, 13-24, 25-36, 37-48
WS-X6248A-TEL—Port ranges per port group: 1-12, 13-24, 25-36, 37-48
WS-X6248-TEL—Port ranges per port group: 1-12, 13-24, 25-36, 37-48
WS-X6148A-RJ-45—Port ranges per port group: 1-8, 9-16, 17-24, 25-32, 33-40, 41-48
WS-X6148A-45AF—Port ranges per port group: 1-8, 9-16, 17-24, 25-32, 33-40, 41-48
WS-X6148-RJ-45—Port ranges per port group: 1-12, 13-24, 25-36, 37-48
WS-X6148-RJ-45V—Port ranges per port group: 1-12, 13-24, 25-36, 37-48
WS-X6148-45AF—Port ranges per port group: 1-12, 13-24, 25-36, 37-48
WS-X6148-RJ-21—Port ranges per port group: 1-12, 13-24, 25-36, 37-48
WS-X6148-RJ-21V—Port ranges per port group: 1-12, 13-24, 25-36, 37-48
WS-X6148-21AF —Port ranges per port group: 1-12, 13-24, 25-36, 37-48

Ethernet Switching Modules

WS-X6024-10FL-MT—Port ranges per port group: 1-12, 13-24

Workaround: None. (CSCse00944)

Open and Resolved Caveats in Software Release 8.6(1)

These sections describe open and resolved caveats in supervisor engine software release 8.6(1):

Open Caveats in Software Release 8.6(1)

Resolved Caveats in Software Release 8.6(1)

Open Caveats in Software Release 8.6(1)

This section describes open caveats in supervisor engine software release 8.6(1):

Tracebacks and alignment errors may occur after an asynchronous PPP call disconnects.

Workaround: None.

The Link Aggregation Control Protocol (LACP) channel breaks after several non-HA switchovers.

Workaround: None. (CSCsd61508)

Clearing a primary or secondary VLAN on a dot1x- or MAB-authenticated port might cause the system to crash.

Workaround: Clear the mapping of the PVLAN to the port before clearing the PVLAN. (CSCsh70693, CSCsh46541)

Configuration loss occurs on critical auth on an upgrade from software release 8.5.8 to 8.6.1.

Workaround: Reconfigure critical auth. The command line interface on software release 8.5.8 for critical auth is deprecated. (CSCsh75713)

DHCP-snooping bindings are not created for ports in a channel.

Workaround: None. (CSCsh72616)

CAM static entries are not cleared when a switching module is powered down.

Workaround: None. (CSCsh69300)

DAI is enabled on few VLANs after a system reset.

Workaround: None. (CSCsh64209)

The IP Phone ACE is not present in the TCAM after a system reset configured for auto-save.

Workaround: None. (CSCsh52990)

DAI on switch ports is not functioning with IPSG when DAI is enabled first.

Workaround: None. (CSCsh48166)

MAB remains in the authenticated critical state after reauthentication.

Workaround: None. (CSCsh34895)

MAB ports are in forwarding state on multiple VLANs.

Workaround: This is a display problem. Traffic is not affected. (CSCsg94068)

Port shutdown occurs on the second MAC address on a port security-enabled port configured with an auxiliary VLAN and dot1x.

Workaround: None. (CSCsg78223)

The URL-redirect string in a policy is not accepting "?".

Workaround: Set editing disable. (CSCse29446)

802.1X URL-redirect entries are not cleared in port-based mode.

Workaround: Clear url-redirect entries manually. (CSCsf01060)

URL redirect is not working with a different HTTP server port.

Workaround: None. URL redirection is supported on HTTP port 80 only. (CSCsd43177)

On a switch with PVLANs configured, the active supervisor engine crashes after a non-high availability switchover.

Workaround: None. (CSCsh55379)

A new PVLAN map cannot be configured on a port unless the port is in OFF mode.

Workaround: None. (CSCsh65474)

CFM CC messages are not generated upon a supervisor engine switchover if there are multiple CFM domains mapped to one CFM level.

Workaround: Do not map multiple CFM domains to the same CFM level. Alternatively, disable and re-enable CFM globally on the new active supervisor engine after the supervisor engine switchover. (CSCsh81272)

Packet capture can result in dropped protocol packets (for example, STP, UDLD, and PAGP), which results in network instability. The dropped packets can also affect system performance or inband connectivity when sc0/sc1 interface packets are dropped without warning.

Workaround: None. (CSCsh19826)

Unknown unicast traffic floods the VLAN. Multicast or flood traffic is not captured in the transmit direction in MPA. The traffic comes on broadcast and multicast LTLs and therefore cannot be rate-limited and can cause the inband to choke and crash.

Workaround: None. (CSCsg88097)

The destination device may receive twice the number of packets actually transmitted from the switch. In addition, the dump file may not reflect proper statistics. This might happen when the switch is operating in truncated mode. This is a hardware limitation.

Workaround: None. (CSCsf19014)

Multicast or flood traffic is not captured in the transmit direction in MPA. This occurs because the traffic comes on broadcast and multicast LTLs and therefore cannot be rate-limited and can cause the inband to choke and crash.

Workaround: None. (CSCsh23980)

CFM Continuity Check (CC) messages are not reaching the NMP if the receive port is on a WS-6148X2-RJ-45


Note CFM is not supported on the WS-6148X2-RJ-45 and WS-6548-RJ-45.


Workaround: None. (CSCsd25109)

CFM loopback and traceroute fails if forwarding link is an ISL trunk.

Workaround: None. (CSCsd13642)

You cannot enable CFM on an RSPAN VLAN.

Workaround: None. (CSCsd26451)

The show qos statistics l3stats command is supported in Supervisor Engine 2s equipped with a WS-F6K-PFC2. However, peak and average rate counters are broken and/or inaccurate for non-IP packets with COS changed.

Workaround: None. (CSCse17681)

The show qos statistics l3stats command indicates that the peak rate for "non-IP packets with TOS changed" is inaccurate at times.

Workaround: None. (CSCsg86633)

The show qos statistics l3stats command in all supported supervisor engines indicates that the peak rate, average rate, and total packets for "Packets dropped due to policing" is inaccurate.

Workaround: None. (CSCsd82861)

Resolved Caveats in Software Release 8.6(1)

This section describes resolved caveats in supervisor engine software release 8.6(1):

The IP phone is switched off when link goes down during a TDR cable test. This causes TDR test signals to get incorrect results when the length of cable connected is short (approximately three to six meters).


Note Cisco does not currently support TDR when inline power is being used.


Workaround: Keep the phone on during the TDR test. When the TDR test is not finished the phone will behave normally (when a link goes down, power to the phone is switched off). Alternatively, use a longer cable. When the cable length is long (approximately 80m or more), this problem does not occur.

This problem is resolved in software release 8.6(1). (CSCeb83155)

When the show polaris fib tcam command is given incorrect register parameters, the switch will lock up (for example, no console access will be available) while still passing traffic at L2 to some extent. This might cause a network outage. A hard reset by power-cycling the switch is required to recover from this state.

Workaround: Make sure to enter the correct register range when using this command.

This problem is resolved in software release 8.6(1). (CSCed21794)

When you change the root port of an edge switch with uplinkfast, the channel port cannot send a TCN trap. If you do not use the channel port, the software will send a TCN trap to only one port. The following conditions must be present for this situation to occur:

The STP mode is MISTP

Uplinkfast is used

CatOS 7.1(1) and 7.6(3) or later experiences the same behavior.

Workaround: None.

This problem is resolved in software release 8.6(1). (CSCed52709)

In rare circumstances, a group of four ports (1 to 4, 5 to 8, 9- to 12, or 13 to 16) on the WS-X6516-GE-TX module may experience connectivity problems. If this problem occurs, the following syslog messages might be seen:

%PM_SCP-SP-6-LCP_FW_ERR_INFORM: Module 4 is experiencing the following error: Pinnacle 
#0 Frames with Bad Packet CRC Error (PI_CI_S_PKTCRC_ERR - 0xC7) = 110 

This problem is resolved in software release 8.6(1). (CSCef46923)

If you enter the show power command when a WS-F6K-PWR power module is installed in slot 8 or slot 9, the command displays "Unknown." This problem does not affect operation.

This problem is resolved in software release 8.6(1). (CSCsb81734)

Automatic detection of inline power does not work on WS-X6196-RJ-21 switching modules, and the following message is displayed:

%C6K_POWER-SP-4-PD_NOLINKUP: The device connected to 1/37 is powered up but its link 
is not up in 5 seconds. Therefore, power is withdrawn from the port.

This problem is resolved in software release 8.6(1). (CSCek30589)

A connection between two WS-X6704-10GE switching module ports equipped with 10GBASE-LR XENPAKs occasionally stops transmitting and receiving, but the interface state always remains "up/up."

This problem is resolved in software release 8.6(1). (CSCef96465)

The source MAC addresses of traffic received on a Layer 2 distributed EtherChannel (DEC) might be learned in multiple VLANs.

This problem is resolved in software release 8.6(1). (CSCeh40945)

With a Supervisor Engine 720, egress traffic loss might occur if you configure the wrr queue-limit and wrr random-detect max-threshold commands to nondefault values.

This problem is resolved in software release 8.6(1). (CSCei33393)

In a PE router configuration, per-VLAN spanning tree (PVST) bridge protocol data units (BPDUs) are incorrectly untagged.

This problem is resolved in software release 8.6(1). (CSCsa57079)

With the default flow control configuration, the ports in an unstable link between a Supervisor Engine 720 equipped with a copper SFP and a port in a chassis with a Supervisor Engine 2 remain in the "up/down" state.

This problem is resolved in software release 8.6(1). (CSCsa61788)

Ports on a WS-X6748-GE-TX switching module, hardware revision 2.1, stop sending traffic when configured to operate only at 10 Mbps or only at 100 Mbps.

This problem is resolved in software release 8.6(1). (CSCsa76031)

There is reduced performance for traffic between non-DFC-equipped switching modules and DFC-equipped switching modules, and some additional Layer 2-traffic flooding occurs.

This problem is resolved in software release 8.6(1). (CSCsa76290)

A WS-X6548-GE-TX port might stop forwarding unicast traffic. This problem occurs when WS-X6548-GE-TX ports are configured as Layer 2 switch ports, are not part of an EtherChannel, and the LTL consistency checker is enabled, which is the default state.

Workaround: Disable the LTL consistency checker by entering the no ip cef table consistency-check command.

This problem is resolved in software release 8.6(1). (CSCsb08512)

A system might drop Rx SPAN packets when there is an outbound ACL applied on the source interface of the SPAN session.

This problem is resolved in software release 8.6(1). (CSCsb21148)

The port ASIC ISR message rate limiter is set to an inappropriate value and allows high CPU usage.

This problem is resolved in software release 8.6(1). (CSCsb60409)

AToM packets with small frame replay packets (11 bytes) that are sent from an Enhanced FlexWAN module are dropped when sent to a WS-X6548-GE-TX or a WS-X6148-GE-TX.

This problem is resolved in software release 8.6(1). (CSCsb90472)

A system configured with a WS-X6748-SFP or a WS-X6724-SFP switching module and copper SFPs might display the following message during initialization:

%SYS-CFC1-3-CPUHOG: Task is running for (4000)msecs, more than (2000)msecs 
(1/0),process = fw_lcp process.

This problem is resolved in software release 8.6(1). (CSCsc59332)

Power may be incorrectly applied to the wrong port of a WS-X6148-21AF or a switching module equipped with a PoE daughter card, when the module is reset. A device that cannot tolerate inline power might get damaged if you plug it into this port.

This problem is resolved in software release 8.6(1). (CSCsc92114)

Egress traffic monitoring might stop when RSPAN is enabled and then disabled, and then SPAN is enabled on the same device with the same session number.

This problem is resolved in software release 8.6(1). (CSCsd42247)

The link from a PoE Axis Video Camera to a WS-X6148A-RJ-45 switching module with a PoE daughtercard installed does not come up. This problem is an autonegotiation issue between the Broadcom 5248 on the WS-X6148A-RJ-45 switching module and the ASIC in the camera.

This problem is resolved in software release 8.6(1). (CSCsd67341)

A VACL might not filter RSPAN traffic if there is an active distributed EtherChannel (DEC) on the system.

This problem is resolved in software release 8.6(1). (CSCse41963)

Some service modules (such as FWSM, NAM, or IDS) transmit or retransmit packets without packet recirculation. If these packets pass over VLANs that are configured in a distributed EtherChannel (DEC) or a multi-module EtherChannel, the packets will be lost. For more information, see FN - 61935 located at this URL:

http://www.cisco.com/en/US/ts/fn/610/fn61935.html

Workaround: Use the fabric switching-mode force busmode command to force all affected service modules to communicate through the chassis shared bus instead of through the switched fabric.

This problem is resolved in software release 8.6(1). (CSCse87210)

Jumbo frames are unable to get through the Firewall Services Module (FWSM).

This problem is resolved in software release 8.6(1). (CSCse87210)

Catalyst 6500 series switches equipped with a WS-X6502-10GE switching module are recording few CRC errors on their link to another Catalyst 6500 series switch equipped with a WS-X6704-10GE switching module. No CRCs were recorded when a WS-X6502-10GE switching module was in place on the central switch. (CSCee10844)

The user may notice a higher usage of labels depending on the order in which port-based security and QoS ACLs are mapped with respect to each other. The effect is more noticeable when label usage approaches the maximum number of allowed labels.

Workaround: Map PACLs after mapping all QoS ACLs to improve label usage.

This problem is resolved in software release 8.6(1). (CSCee61775)

A Catalyst 6500 switch configured with DHCP snooping with MAC address matching enabled might log some errors indicating that it is dropping DHCP NAK packets with the source MAC address of the DHCP relay interface. This condition does not impact service on lease grants and renewals on DHCP clients.

Workaround: None.

This problem is resolved in software release 8.6(1). (CSCef73277)

The 6316-GE-TX switching module might have difficulty linking to non-Cisco Ethernet switches. In particular there may be problems with the Allied Telesis (Telesyn) 8624XL.
Workaround: None.

This problem is resolved in software release 8.6(1). (CSCef79662)

Firmware for x6724, x6748, and x6704 might be sending too many messages to the supervisor engine due to some non-fatal internal events, causing the supervisor engine software to run out of memory and therefore crashing.

Workaround: Replace the switching module that is causing this.

This problem is resolved in software release 8.6(1). (CSCeg18179)

A Supervisor Engine 720 system in which the majority of modules are of type WS-X67xx may experience system traffic flow degradation under certain traffic profiles. Typically this would include meshed communication among hosts connected to all switching modules in the system and many-to-one communications. The symptoms seen under this condition include:

Overruns on almost all active interfaces

Lbus drops associated with the supervisor engine slot (seen using the show fabric channel-counters command)

TestMacNotification test failed messages seen repeatedly using the show log command for switching modules with DFCs installed

Ports leaving and re-joining an EtherChannel

Routing protocol flaps (HRSP, OSPF, etc.)

Line protocols for multiple interfaces becoming inoperative

Typically the time interval between occurrences of this problem fluctuates greatly. When this problem occurs, the overall PPS (packets-per-second) performance is drastically reduced through the system as (use the show mls statistics command).

Workaround: Reduce the amount of traffic flowing through the switch, particularity on interfaces seeing the most overruns.

This problem is resolved in software release 8.6(1). (CSCeg49196)

In some instances, on a Catalyst 6500 switch with a Supervisor Engine 720 and a 10-Gigabit Ethernet switching module, the show counter interface TenGigabitEthernet x/x command will show rxHCDropEvents counter incrementing with no other indication of errors by the device.

Workaround: None.

This problem is resolved in software release 8.6(1). (CSCeg62365)

SNMP:ciscoMemoryPoolUsed/Free returns an incorrect value.

This problem is resolved in software release 8.6(1). (CSCeg85768)

After a system reset has been scheduled for a future time with a valid reason (with reset at command), executing commands such as set autoshut and show autoshut will cause the switch to crash. A system reset must have been scheduled previously with a valid reason. It does not matter if it has been subsequently cancelled.

Workaround: Avoid using both scheduled resets and the module autoshut feature.

This problem is resolved in software release 8.6(1). (CSCeh38557)

The Catalyst 6500 switch is transmitting garbage or DLC link frames on a port that is in a shutdown state.

Workaround: Set the ports on both sides of the connection to shutdown state.

This problem is resolved in software release 8.6(1). (CSCeh39470)

When a switch is running VTP version 3 and auto configuration (config mode) is configured with the "overwrite" option, the switch may lose all the VLAN-, trunk-, and channel-related configuration during system reset.

Workaround: Configure the switch for auto configuration only with the "append" option.

This problem is resolved in software release 8.6(1). (CSCei17832)

The switch crashes when configuring csilCommandsTable using createAndGo. There is no problem when configuring using createAndWait or the CLI.

Workaround: None

This problem is resolved in software release 8.6(1). (CSCei20622)

A Catalyst 6500 switch with WS-X6748-SFP or WS-X6724-SFP switching module and copper SFPs may repeatedly log the following error messages:

ant48_cu_sfp_phy_rd_reg: port=22 err

ant48_cu_sfp_phy_wr_reg error: port=22 rc = 80

The actual port number may vary, but the errors always correspond to ports with copper SFPs installed (port numbers here are 0-based). The copper SFP ports fail internal power-up diagnostics.

Workaround: Reset the switching module or remove and reinsert the SFP.

This problem is resolved in software release 8.6(1). (CSCei21965)

When using the show cbl mod_num/port * [start_index[-]end_index] debugging command to display the CBL table for a port, it is displayed incorrectly.

Workaround: Use the show cbl mod_num index [count] command instead.

This problem is resolved in software release 8.6(1). (CSCei39029)

Reception of BPDUs is not guaranteed when enabling multicast suppression on the following switching modules:

WS-X6724-SFP

WS-X6748-GE-TX

WS-X6748-SFP

WS-X6704

WS-XSUP32

This can also cause BPDUs to be suppressed on the ports of the above switching modules when multicast suppression is enabled and the multicast suppression threshold has been exceeded.

Workaround: Avoid using multicast suppression on ports that need to receive BPDUs. Potential side effects include root port loss or spanning tree loops when the suppression threshold has been exceeded.

This problem is resolved in software release 8.6(1). (CSCei52323)

When an IP exception list is configured with IP mask, the SET EOU AUTH MAC addresses and IP addresses are not displayed as configured.

Workaround: None.

This problem is resolved in software release 8.6(1). (CSCei69405)

The set port description command is supported only in the text mode configuration.

This problem is resolved in software release 8.6(1). (CSCei78613)

Whena link is up and fixed at 10Mbps and the port speed is changed to 100Mbps and then back to 10Mbps, the port might remain at 100Mbps. This only happens with the 6548A-RJ-45 switching module with inline power enabled.

Workaround: Disable and reenable the port.

This problem is resolved in software release 8.6(1). (CSCej21495)

When the switch receives a PIMv1 RP Reachability packet using IGMP, it will resort to the NMP when IGMP snooping is enabled. The NMP will discover that the packet is not a real IGMP packet and will then flood it to all ports in the VLAN (except the port where it was received). This is normal. However, NMP might send it back on the port where it was received. If this happens, the packet is looped at Layer 2, causing the switch to become unusable. PIMv1 uses IGMP for control messages and those are forwarded to 224.0.0.2 (to all MCAST routers and not to all PIM routers).

Workaround: Reset the switch.

This problem is resolved in software release 8.6(1). (CSCej25077)

If a port is hard coded to 10 or 100 Mbps upon initialization of a WS-X6748-GE-TX switching module, receive traffic will stop. The interface counters will show traffic for transmit, but not receive and no CAM entry will be learned on the port.

Workaround: Set the port speed back to auto and then return it to the hard-coded value. This will resolve the stopped condition until the card or switch is reset.

This problem is resolved in software release 8.6(1). (CSCsa40955)

Optical transmit power is output from a WS-X6704-10GE switching module 10-GB interface while the switching module is administratively down after system restart.

This problem is resolved in software release 8.6(1). (CSCsa65200)

The switch may take up to 15 seconds to detect a link when set to auto speed.

Workaround: Manually hard code the speed.

This problem is resolved in software release 8.6(1). (CSCsb26429)

Packet loss may occur when a high rate of traffic is received before a multicast protocol state is created. This is caused by incorrectly programming the first entry in the multicast expansion table (MET). The incorrect programming can occur due to a race condition between incoming multicast traffic and local CPU processing as both processes require access to the local multicast replication ASIC. This ASIC is responsible for packet switching and multicast replication. The current hardware implementation sets multicast replication at a high priority to allow high performance switching of packets. CPU processing is implemented at a lower priority requiring only processing for the first packet received to build a multicast protocol state. All priorities associated to ASIC functions are permanently set in hardware.

This problem is resolved in software release 8.6(1). (CSCsb46887)

When Source Guard and dot1x are enabled on a port, an IP phone on the port can not obtain a DHCP address.

Workaround: Apply port-security on the port to enable the IP phone to get an IP address.

This problem is resolved in software release 8.6(1). (CSCsb90670)

One or more WS-X6548-GE-TX switching module ports are not transmitting unicast or broadcast traffic. Multicast and ingress traffic is transmitted normally. This can affect any WS-X6548-GE switching module, including the WS-X6548-GE-TX and WS-X6548-GE-45AF. This problem does not affect all ports on the switching module. The OutUcastPkts counters will display 0 when the show interface GigabitEthernet x/y counters are issued.

This problem can be seen after starting up on both single and redundant supervisor systems. This problem might be more likely to appear following a supervisor failover in a dual-supervisor system running RPR+ redundancy protocol. The problem may be seen regardless of where the WS-X6548-GE switching module is placed in the system.

This problem is resolved in software release 8.6(1). (CSCsc13676)

Enhancements to SPRP inband ping monitoring test should include additional information when there are test failures.

This problem is resolved in software release 8.6(1). (CSCsc35405)

SSH version 2 does not handle password padding from a client.

Workaround: Use a different client without the password padding feature.

This problem is resolved in software release 8.6(1). (CSCsc41737)

The output of a show counters mod/port command will report ifInDiscards when jumbo frames are enabled on the switch and a frame larger than 1518 bytes is received on a WS-X6148A-GE-TX switching module. The jumbo packets are recorded as ifInDiscards. The packets are succesfully processed by the switch and are not dropped.

Workaround: None.

This problem is resolved in software release 8.6(1). (CSCsc60909)

The interface state is unchanged upon removal of a unidirectional (single fiber) XENPAK.

Workaround: None.

This problem is resolved in software release 8.6(1). (CSCsc62786)

The deferred transmit counts of only Gigabit Ethernet on a Supervisor Engine 720 are incremented regardless of the flow control setting.

Workaround: None.

This problem is resolved in software release 8.6(1). (CSCsc64991)

When you enter the show fabric channel counters command, the system displays "rx errrors" either on the supervisor engine slot (Supervisor Engine 720) or on slots that have a 10-GB switching module installed. There is no traffic impact.

Workaround: None.

This problem is resolved in software release 8.6(1). (CSCsd23452)

Errors will be categorized as minor and major. All major errors are reported immediately. Minor alarms are reported if, at the end of a 10-second interval, there is non-zero occurrence of the event that initiated the alarm.

This problem is resolved in software release 8.6(1). (CSCsd25879)

Switches with WS-6724-SFP or WS-6748-SFP switching modules may flap on copper SFP ports during a neighboring switch's reboot due to a loss of Etherchannel negotiation messages. This may cause the switch to suspend the ports. The ports should be unsuspended when the neighbor switch finishes rebooting. In some cases, the ports might still be suspended. Alternatively, copper SFP ports might intermittantly not have their flow-control advertisement set correctly when the switching module powers up, or after hot insertion of a copper SFP.

W orkaround: Configure the port's (and its link-partner's) flow-control advertisement to flow rec on and flow send on. Alternatively, a shut/no shut of the port will cause the condition to correct itself.

This problem is resolved in software release 8.6(1). (CSCsd66082)

There is a compatibility issue between WS-X6148X2-RJ-45 switching modules and non-Cisco network interface cards (NICs).

Workaround: None.

This problem is resolved in software release 8.6(1). (CSCsd88897)

A port configured for port security with the violation mode set to restrict may error disable the port if a high rate of packets with unique MAC addresses is received by the port.

Workaround: None.

This problem is resolved in software release 8.6(1). (CSCse03479)

Using the shut and no_shut features on an interface may cause the overrun counter to increment on an active interface of a WS-X6748-GE-TX switching module.

Workaround: None.

This problem is resolved in software release 8.6(1). (CSCse29076)

In a switch with redundant supervisor engines, the set qos enable command might cause a standby Supervisor Engine 32 to reset.

Workaround: When configuring the switch for the first time, enable QOS first. The error messages will not appear and the standby supervisor engine will not reset.

This problem is resolved in software release 8.6(1). (CSCse31932)

When rx span is configured, NetFlow double counts packets for flows ingressing the switch using an rx span source port. The FIB statistics counter shows the correct number of packets.

Workaround: There is no workaround other than disabling rx span.

This problem is resolved in software release 8.6(1). (CSCse31973)

On switches with a Supervisor Engine 2 and MSFC 2 that are running hybrid software (CatOS and MSFC IOS), the supervisor engine might crash due to a Watchdog Timeout on the AclManager shortly after a large RACL (contain 2,000 or more ACEs) is applied to one of the switch virtual interfaces (SVIs) on the MSFC.

Workaround: None.

This problem is resolved in software release 8.6(1). (CSCse44785)

The output of a show vtp domain command will be displayed as a negative value once the configuration revision is higher than 0x7FFFFFFF (2147483647).

Workaround: To clear the parser error, perform one of the following tasks:

Change the VTP mode from server mode to transparent mode and then back to server mode.

Change the VTP domain name from its current name to a different name and then back to the original name.

Reload the switch.

This problem is resolved in software release 8.6(1). (CSCse47765)

A WS-X6148-FE-SFP switching module interface counter increments even if the link is down.

Workaround: Connect the system cables before booting up the system.

This problem is resolved in software release 8.6(1). (CSCsf11639)

On WS-6724-SFP switching modules, all ports with GLC-T adapters do not boot up.

Workaround: Replace the adapters with adapters that have fiber connectors.

This problem is resolved in software release 8.6(1). (CSCsf27493)

When an RSPAN is configured, packets from a source VLAN or source interface that have an inbound QoS policy attached do not get copied properly to the RSPAN remote VLAN. These packets arrive at the sniffer or analyzer unmarked.

Workaround: Remove the policy from the interface and manually set the markings on the client to preserve the QoS markings. This works provided the inbound interface has MLS QoS trust DSCP configured.

This problem is resolved in software release 8.6(1). (CSCsg20201)

The WS-X6148-FE-SFP switching module stops putting out light when it does not detect light from a peer.

Workaround: None.

This problem is resolved in software release 8.6(1). (CSCsg77629)

Third-party IP phones connected to a switch port enabled with port security might drop calls and might reboot. This occurs when the MAC address of the IP phone secured on the primary VLAN has expired because inactivity has exceeded the port-security inactivity timer. This can occur even when the MAC address of the IP phone is secured on the voice (auxiliary) VLAN.

This occurs only when IP phones do not have any voice VLAN information cached. No port-security violation is reported by the switch.

Workaround: Clear port security MAC addresses on affected ports. using the clear port security mod/port all command.

This problem is resolved in software release 8.6(1). (CSCsg99222)

Unicast trafficon a Supervisor Engine 2 does not pass from an FWSM (WS-SVC-FWM-1) to ATM (WS-X6101-OC12-MMF) in truncated mode.

Workaround: Change the global switching mode to bus with the set system switchmode allow bus-only command. (CSCsg27928)

The syslog may send out multiple duplicate traps for the traps which have already been sent out.

This problem is resolved in software release 8.6(1). (CSCsg80406)

All Catalyst 6500 switches running software release 5.4 and above have the VMPS push enhancement integrated. This enhancement allows VMPS servers to update VMPS clients when a download VMPS is executed on the VMPS server instead of waiting for the VMPS client to reconfirm the database per the configured reconfirm interval.

In some specific deployments of VMPS, this may not be the desired behavior and may cause problems.

Workaround: Downgrade to software release 8.3(7) or earlier on the VMPS server or upgrade to 8.6(1) or greater and use set vmps auto-push-config disable command to disable the feature.

This problem is resolved in software release 8.6(1). (CSCsh55500)

The Webauth or LPIP feature used alone is prone to a DoS attack. If a second user uses DHCP with the same MAC address as the first user , the DHCP bindings get overwritten and the first user's policies and DACL will be removed resulting in a denial of service.

Workaround: Use a Layer 2 authentication feature such as 802.1X/MAB/port.

This problem is resolved in software release 8.6(1). (CSCsd73901)

The TCP-2-TCP_MAXESTABLISHED system message may appear during simultaneous webauth authentication with a large number of hosts.

Workaround: None.

This problem is resolved in software release 8.6(1). (CSCsf14780)

The show security acl interface tcam command does not show the permit tcp any host hostaddr range with a DACL.

Workaround: Enter the show security acl info all command to see the permit tcp any host hostaddr range with a DACL.

This problem is resolved in software release 8.6(1). (CSCsf97862)

The clear security acl all command does not clear all the "any acls" when any acl with an include keyword is mapped to a port.

Workaround: Unmap the ACL with the include keyword from the ports before entering the clear sec acl all command.

This problem is resolved in software release 8.6(1). (CSCsg87395)

DHCP snooping bindings are not created when an ACL with a DHCP-snooping ACE is mapped to a server port and the DHCP-snooping ACL is enabled on the port.

Workaround: When a DHCP-snooping ACL is enabled on a host and server port, enable a DHCP-snooping ACL on the host VLAN. This is applicable when the switch is equipped with an MSFC.

This problem is resolved in software release 8.6(1). (CSCsd06951)

Static ARP rules are considered when DAI is enabled on the switch ports.

Workaround: Make sure that you only have static bindings in the DHCP snooping table.

This problem is resolved in software release 8.6(1). (CSCsf13447)

When you have a unidirectional configuration on a port, the transmit counter associated with that port will not increment with traffic. Transmit traffic will continue to flow on that port.

Workaround: Use the debug oir command on the affected switching module.

This problem is resolved in software release 8.6(1). (CSCef48695)

After resetting the active supervisor engine, a show module command entered while the standby supervisor engine is running does not show the presence of some switching modules.

Workaround: Reset or power cycle the switch.

This problem is resolved in software release 8.6(1). (CSCsc00264)

Open and Resolved Caveats in Software Release 8.5(9)

These sections describe open and resolved caveats in supervisor engine software release 8.5(9):

Open Caveats in Software Release 8.5(9)

Resolved Caveats in Software Release 8.5(9)

Open Caveats in Software Release 8.5(9)

This section describes open caveats in supervisor engine software release 8.5(9):

When a packet buffer failure occurs, traffic loss may be experienced on the affected ports. Prior to Software Release 8.5(9), the following actions were available using specific keywords with the set errordetection packet-buffer command:

Err-disable (default). When you use the errdisable keyword, this option will send a syslog message, and disable the affected ports and any ports sharing the same ASIC.

Rapid Reboot. When you use the powercycle keyword, this option will power-cycle the affected module quickly to recover from the packet buffer failure condition, and send a syslog message.

In Software Release 8.5(9), a new ignore keyword has been added. This option will detect the packet buffer failure and log a syslog message. During the detection process, traffic forwarding will stop for a few seconds. Once this process is complete, an attempt is made to resume traffic while leaving the packet buffer in this errored state. This situation may result in the affected ports experiencing some indeterminate amount of packet loss. (CSCsi26386)

Resolved Caveats in Software Release 8.5(9)

None.

Open and Resolved Caveats in Software Release 8.5(8)

These sections describe open and resolved caveats in supervisor engine software release 8.5(8):

Open Caveats in Software Release 8.5(8)

Resolved Caveats in Software Release 8.5(8)

Open Caveats in Software Release 8.5(8)

This section describes the open caveats in supervisor engine software release 8.5(8):

When Dot1x is enabled on a port, the ACS server sends a VACL nac_acl and VLAN 30 for dot1x authentication. After dot1x is authenticated, nac_acl is assigned to dot1x user user. But the output of a show security acl tcam interface 30 command shows no details.

Workaround: Reboot the switch and enter the show security acl tcam interface 30 command, which will then show the proper information.(CSCsg84865)

Dot1x sysauth enable is not clearing the MAB critical ports. (CSCsg60284)

A memory leak occurs when L2IP is enabled. With EOU RADIUS accounting enabled , there is a memory leak of 2K bytes in the NacSMProc process during the DHCP IP release/renew.

Workaround: Disable EOU RADIUS accounting. (CSCsg92525)

Dot1x critical information must be synchronized with the standby supervisor engine. MAB information is already synchronized. (CSCsg76236)

Resolved Caveats in Software Release 8.5(8)

This section describes resolved caveats in supervisor engine software release 8.5(8):

The dynamic L2 entry (cam entry) for a particular MAC address in a VLAN may disappear from the L2 table while traffic from that address is still received. The traffic to the missing address may be forwarded to the wrong port instead of being flooded. The clear cam mac_address command will not restore connectivity.

Workaround: Establish a static L2 entry for the affected MAC address pointing to the correct port.

This problem is resolved in software release 8.5(8). (CSCsb29319)

When loopguard has been enabled, there are some situations in which both sides of a link will stay in loop-inconsistent state if rapid PVST is used and the root bridge gets removed from the network or changes its priority.

Workaround: Disable loopguard on the designated side of the link.

This problem is resolved in software release 8.5(8). (CSCsd61118)

When enabling auto-qos voip ciscoipphone on a port on a 1q4t/2q2t module, ACL_IP-PHONES is not created. Enter the show port capabilities mod/port command to determine the module type.

Workaround: Enable the ACL manually.

This problem is resolved in software release 8.5(8). (CSCse64635)

Loopback test and netflow inline rewrite online diagnostic tests fail on WS- X6148A-GE-TX and WS-X6148A-45-AF switching modules running CatOS 8.5(6) if port security is enabled on any of the ports.

Workaround: Disable port security before running online diagnostics. Do not run online diagnostics when port security is enabled.

This problem is resolved in software release 8.5(8). (CSCsg26584)

Dot1x response identification comes after the port is moved to the authenticating state. The response identification must be dropped or the challenge-response packet from the supplicant is not handled properly.

This problem is resolved in software release 8.5(8). (CSCsd63565)

This problem occurs in configurations on which MSFC is used as a DHCP relay agent on the switch. A PC is connected to the DHCP-snooping-enabled port. The PC has its IP address and the PBACLs on the port VLAN are re-configured with the IP address and polices are applied.

When the host is moved or the the host performs a renew to get a new IP address, the renew packet might be a unicast packet. This is causing the unicast packet to be hardaware switched as the router is in the switch itself. The binding entry will not be updated till the DHCP packet comes to the software and DHCP snooping software picks up for processing. Since the binding is not updated, the policies are not re-configured with the new IP address. This will consistently happen if the binding is expired on the switch and the end host does a IP renew.

Workaround: Do a release and renew on the PC. Use the external router instead of the internal MSFC to act as the DHCP relay agent.

This problem is resolved in software release 8.5(8). (CSCse66480)

Open and Resolved Caveats in Software Release 8.5(7)

These sections describe open and resolved caveats in supervisor engine software release 8.5(7):

Open Caveats in Software Release 8.5(7)

Resolved Caveats in Software Release 8.5(7)

Open Caveats in Software Release 8.5(7)

This section describes open caveats in supervisor engine software release 8.5(7):

When the multispeed (10 MB/100 MB/1 GB) port of the WS-SUP32-10GE-3B supervisor engine is set to the 10-MB speed and you change the default QoS Tx queue ratio sizes, all packets flowing through this interface may be dropped in the appropriate queue. This problem is more frequent with jumbo-sized packets.

Workaround: Disable and then enable QoS. (CSCeh33526)

100BASE-T SFPs (GLC-T) do not support features such as UDLD and auto-mdix disable. We recommend that you do not enable UDLD on these SFPs. Auto-mdix is always enabled on these SFPs and cannot be disabled. (CSCec26310)

With Supervisor Engine 1, the boot string contains several boot images but only the first image, actually exists in the file system. When you enter the show system sanity command, no boot image is reported as invalid (missing). If the one valid image is cleared from the boot string, then all of the remaining (invalid) images are flagged. If the one valid image is added back to the boot string (at the end, instead of the beginning), the missing images are flagged. (CSCed56928)

A bidirectional PIM ACE configured on the MSFC with a mask of 32 bits may cause traffic to hit the resulting (*,G/m) or (*,G). This situation could result in inconsistent forwarding.

Workaround: Configure the ACE with a mask of 31 bits. (CSCin62624)

With 802.1X authentication, if a high-availability switchover occurs during an authentication after the switchover completes, single authentication and port security are in the authenticated state but the port might not get added to the spanning tree. If this situation occurs, then the port would not receive Color Blocking Logic (CBL) or Local Target Logic (LTL) information. When you enter the show port security command the port MAC address is shown as secured, but no MAC address is in the CAM table. (CSCin20244)

When there is continuous traffic through a port, MAC authentication bypass will not work if the following operations are performed on the port in the sequence specified:

1. MAC authentication bypass is enabled on the port.

2. Port security is enabled on the port.

3. The static CAM entry installed by port security on the port is confirmed.

4. MAC authentication bypass is globally enabled.

This problem occurs only when MAC authentication bypass is globally enabled after port security has been enabled on the port. There is no problem with enabling or disabling port-level MAC authentication bypass after port security has been enabled.

Workaround: Disable and then enable port security. (CSCin97632)

On switches that run the CiscoView image, the Java Plug-in certificate has an expiration date of 6/29/2006. After that date, when you connect to an HTTP server, a Java Plug-in security warning displays the following message:

The certificate is expired. Do you want to ignore this warning and proceed?

Workaround: Click Yes, and then you can proceed to launch the embedded CiscoView. The expiration does not affect the applet's security or functionality. (CSCse46929)

If you are running a Catalyst 6500 series switch with dual supervisor engines, you may see a "PWR Deny" on random ports in some modules after you enter the show log command.

Workaround: If all the ports that are denied are disabled/enabled, "partial-deny" status on the module will be cleared. There is no reset required on the module. (CSCse86056)

Resolved Caveats in Software Release 8.5(7)

This section describes resolved caveats in supervisor engine software release 8.5(7):

When enabling both portfast and bpdu-guard on a port on a Catalyst 6000 series switch, the port does not go into errdisable status.

Workaround: Enable BPDU guard on the access port.

This problem is resolved in software release 8.5(7). (CSCsd94558)

Issuing a show config command on a Catalyst 6509 switch that is acting as a distribution switch, may cause loop guard blocking on downstream neighbors (access switches). No error messages are generated on the switch.

Workaround: None.

This problem is resolved in software release 8.5(7). (CSCse55490)

On a Catalyst 6000 series switch running CatOS software release 8.5(5) configured in text mode, ports that are configured to operated at 100Mbps and full duplex may not power up on switch restart and may remain in a disconnected state.

Workaround: Disable and re-enable the ports.

This problem is resolved in software release 8.5(7). (CSCsf26400)

On a Catalyst 6000 series switch running CatOS software release 8.5(x), module configuration might be loaded before global configuration is done.

Workaround: Reload the missing configuration.

This problem is resolved in software release 8.5(7). (CSCsf97631)

On a Catalyst 6000 series switch with the Call Home feature enabled, the Supervisor module reloads with following message:

crash decode- (callhome_dispatch_message + 0x6b8) (callhome_dispatch_message + 0x6b8) (syslogTask + 0x6c4) (start_process + 0x50)

Workaround: Disable the Call Home feature.

This problem is resolved in software release 8.5(7). (CSCsg12867)

A Catalyst 6509 switch containing a WS-X6524-100FX-MM module may experience an issue where the module interfaces are receiving traffic but the number of transmitted frames does not increase.

Workaround: Reset the module to correct this issue. This problem is resolved in software release 8.5(7). (CSCse81638)

On a Catalyst 6500 series switch, if an ACE already exists in a given QoS ACL with a DSCP field value and you attempt to create an additional ACE for the same ACL with a different DSCP field value, the following message may be displayed:
Identical ACE found in IP ACL
Failed to set qos acl.
Workaround: None. This problem is resolved in software release 8.5(7). (CSCsf27155)

In a Catalyst 6500 series switch with Supervisor Engine 720, a WS-X6704-10GE module may reset under heavy traffic conditions. Before resetting, the online diagnostics display the message, intermittently:
MINOR ERROR

The following message is displayed on the console:

SYS-5-MOD_NOSCPPINGRESPONSE:Module <module#> not responding... resetting module

Workaround: None. This problem is resolved in software release 8.5(7). (CSCsf96953)

Open and Resolved Caveats in Software Release 8.5(6)

These sections describe open and resolved caveats in supervisor engine software release 8.5(6):

Open Caveats in Software Release 8.5(6)

Resolved Caveats in Software Release 8.5(6)

Open Caveats in Software Release 8.5(6)

This section describes open caveats in supervisor engine software release 8.5(6):

When the multispeed (10 MB/100 MB/1 GB) port of the WS-SUP32-10GE-3B supervisor engine is set to the 10-MB speed and you change the default QoS Tx queue ratio sizes, all packets flowing through this interface may be dropped in the appropriate queue. This problem is more frequent with jumbo-sized packets.

Workaround: Disable and then enable QoS. (CSCeh33526)

100BASE-T SFPs (GLC-T) do not support features such as UDLD and auto-mdix disable. We recommend that you do not enable UDLD on these SFPs. Auto-mdix is always enabled on these SFPs and cannot be disabled. (CSCec26310)

With Supervisor Engine 1, the boot string contains several boot images but only the first image, actually exists in the file system. When you enter the show system sanity command, no boot image is reported as invalid (missing). If the one valid image is cleared from the boot string, then all of the remaining (invalid) images are flagged. If the one valid image is added back to the boot string (at the end, instead of the beginning), the missing images are flagged. (CSCed56928)

A bidirectional PIM ACE configured on the MSFC with a mask of 32 bits may cause traffic to hit the resulting (*,G/m) or (*,G). This situation could result in inconsistent forwarding.

Workaround: Configure the ACE with a mask of 31 bits. (CSCin62624)

With 802.1X authentication, if a high-availability switchover occurs during an authentication after the switchover completes, single authentication and port security are in the authenticated state but the port might not get added to the spanning tree. If this situation occurs, then the port would not receive Color Blocking Logic (CBL) or Local Target Logic (LTL) information. When you enter the show port security command the port MAC address is shown as secured, but no MAC address is in the CAM table. (CSCin20244)

When there is continuous traffic through a port, MAC authentication bypass will not work if the following operations are performed on the port in the sequence specified:

1. MAC authentication bypass is enabled on the port.

2. Port security is enabled on the port.

3. The static CAM entry installed by port security on the port is confirmed.

4. MAC authentication bypass is globally enabled.

This problem occurs only when MAC authentication bypass is globally enabled after port security has been enabled on the port. There is no problem with enabling or disabling port-level MAC authentication bypass after port security has been enabled.

Workaround: Disable and then enable port security. (CSCin97632)

On switches that run the CiscoView image, the Java Plug-in certificate has an expiration date of 6/29/2006. After that date, when you connect to an HTTP server, a Java Plug-in security warning displays the following message:

The certificate is expired. Do you want to ignore this warning and proceed?

Workaround: Click Yes, and then you can proceed to launch the embedded CiscoView. The expiration does not affect the applet's security or functionality. (CSCse46929)

If you are running a Catalyst 6500 series switch with dual supervisor engines, you may see a "PWR Deny" on random ports in some modules after you enter the show log command.

Workaround: If all the ports that are denied are disabled/enabled, "partial-deny" status on the module will be cleared. There is no reset required on the module. (CSCse86056)

Resolved Caveats in Software Release 8.5(6)

This section describes resolved caveats in supervisor engine software release 8.5(6):

A Catalyst 6500 series switch running Catalyst operating system release 7.6(14) or later may unexpectedly reload due to a TLB exception.

Workaround: None.

This problem is resolved in software release 8.5(6). (CSCsb91548)

A Catalyst 6000 or 6500 series switch running software release 8.5(3) that is configured for SPAN or RSPAN may not forward frames destined to a multicast MAC address out the SPAN destination port if that MAC address is configured as permanent CAM entry. The switch does forward the traffic out the port configured with the permanent CAM entry.

Workaround:

1. Clear the permanent CAM entry from the configuration using either the clear cam perm [vlan_id] or the clear cam perm<B/> command and then reconfigure it.

2. Use a permanent multicast CAM entry with the form of 01-00-5e-xx-xx-xx.

This problem is resolved in software release 8.5(6). (CSCsd68362)

On a Supervisor Engine 32 running software releases 8.5(1) and 8.5(5), the following message might be seen in the syslog:

Can not open destination file disk0:cdomi (File or directory already in use)

This situation occurs when you configure DHCP snooping using the following command, and you reload the system:

set dhcp-snooping bindings-database auto-save 2 set dhcp-snooping bindings-database disk0:cdomi

Workaround: None.

This problem is resolved in software release 8.5(6). (CSCse84902)

If you modify the wildcard mask of an existing ACE in an ACL without modifying the IP address field, the mask is not modified and the old mask value is shown in the TCAM. You must modify the mask along with IP address field in order for it to be programmed properly in TCAM.

Workaround: None.

This problem is resolved in software release 8.5(6). (CSCeg54937)

A Catalyst 6500 series switch running software release 8.4(4) leaves the auxiliary VLAN in an inactive state if the VLAN was not connected when the switch was reloaded.

Workaround: Unplug the cable and plug it in again, or disable the port and then re-enable it.

This problem is resolved in software release 8.5(6). (CSCsd20208)

The standby supervisor engine crashes when the active supervisor is removed from the chassis if high availability is enabled and the Catalyst operating system release supports Generic OnLine Diagnostics (GOLD).

Workaround: Enter the clear diagnostic monitor module 15 command, or disable high availability.

This problem is resolved in software release 8.5(6). (CSCsd46071)

With Catalyst operating system software release 8.3(1), the system crashes after doing a mibwalk of the portSecurityTable.

Workaround: None.

This problem is resolved in software release 8.5(6). CSCse44896

With Catalyst operating system software release 8.4(1) or later, when attempting to copy the switch configuration from NVRAM to an ATA flash device (disk0), the following error may be displayed:

Console> (enable)  copy config flash all<NoCmdBold>
Flash device [bootflash]? disk0:
Wrong device.

Workaround: Copy the configuration file from NVRAM to bootflash: and then from bootflash: to disk0:

This problem is resolved in software release 8.5(6). (CSCse79985)

The MSFC might not be able to ping the sc0 interface on VLAN 1. This is a reoccurrence of the problem seen in CSCeb02380. This problem is resolved in software release 8.5(6). (CSCee66310)

OSPF hello packets are not being forwarded from the switching module to the MSFC on the standby supervisor engine resulting in OSPF adjacencies going down on the MSFC. This problem is observed when the FPOE consistency checker is enabled.

Workaround: Disable the FPOE consistency checker. This problem is resolved in software release 8.5(6). (CSCeh74503)

On a switch running software release 7.6(7), applying the patch/fix for FN29407 fails and reloads the switch instead of just the module(s) that the fix should be applied to. This problem is resolved in software release 8.5(6). (CSCei63548)

You might experience a TLB (Load/Fetch) exception during booting when the Layer 3 cache is disabled and the diagnostic level is set to complete.

Workaround: Enable the Layer 3 cache or set the diagnostic level to minimal or bypass instead of complete. This problem is resolved in software release 8.5(6). (CSCsc91179)

When you initiate and abort a format of a Flash card on any standby supervisor engine, and then attempt to view a directory listing, the standby supervisor engine's file system locks, the disk becomes inaccessible, and you see a "Try again later" message as shown in the example below:

Console> (enable) dir 1/disk0: 
File system in use (2). Try again later.

Workaround: Reset the supervisor engine.

This problem is resolved in software release 8.5(6). (CSCse35781)

Open and Resolved Caveats in Software Release 8.5(5)

These sections describe open and resolved caveats in supervisor engine software release 8.5(5):

Open Caveats in Software Release 8.5(5)

Resolved Caveats in Software Release 8.5(5)

Open Caveats in Software Release 8.5(5)

This section describes open caveats in supervisor engine software release 8.5(5):

When the multispeed (10 MB/100 MB/1 GB) port of the WS-SUP32-10GE-3B supervisor engine is set to the 10-MB speed and you change the default QoS Tx queue ratio sizes, all packets flowing through this interface may be dropped in the appropriate queue. This problem is more frequent with jumbo-sized packets.

Workaround: Disable and then enable QoS. (CSCeh33526)

100BASE-T SFPs (GLC-T) do not support features such as UDLD and auto-mdix disable. We recommend that you do not enable UDLD on these SFPs. Auto-mdix is always enabled on these SFPs and cannot be disabled. (CSCec26310)

With Supervisor Engine 1, the boot string contains several boot images but only one, the first one, actually exists in the file system. When you enter the show system sanity command, no boot image is reported as invalid (missing). If the one valid image is cleared from the boot string, then all of the remaining (invalid) images are flagged. If the one valid image is added back to the boot string (at the end, instead of the beginning), the three missing images are flagged. (CSCed56928)

A bidirectional PIM ACE configured on the MSFC with a mask of 32 bits may result in traffic hitting the resulting (*,G/m) or (*,G). This situation could result in inconsistent forwarding.

Workaround: Configure the ACE with a mask of 31 bits. (CSCin62624)

With 802.1X authentication, if a high-availability switchover occurs during an authentication after the switchover completes, single authentication and port security are in the authenticated state but the port might not get added to spanning tree. If this situation occurs, then the port would not receive Color Blocking Logic (CBL) or Local Target Logic (LTL) information. The show port security command shows that the port MAC address is secured, but no MAC address is in the CAM table. (CSCin20244)

With continuous traffic through a port, MAC authentication bypass will fail to work if the following operations are performed on the port in the sequence specified:

1. MAC authentication bypass is enabled on the port.

2. Port security is enabled on the port.

3. The static CAM entry installed by port security on the port is confirmed.

4. MAC authentication bypass is globally enabled.

This problem occurs only when MAC authentication bypass is globally enabled after port security has been enabled on the port. There is no problem with enabling or disabling port-level MAC authentication bypass after port security has been enabled.

Workaround: Disable and then enable port security. (CSCin97632)

For switches that run the CiscoView image, the Java Plug-in certificate has an expiration date of 6/29/2006. After that date, when you connect to an HTTP server, a Java Plug-in Security Warning displays the following message:

The certificate is expired. Do you want to ignore this warning and proceed?

Click Yes, then you can proceed to launch the embedded CiscoView. The expiration does not affect the applet's security or functionality. (CSCse46929)

Resolved Caveats in Software Release 8.5(5)

This section describes resolved caveats in supervisor engine software release 8.5(5):

A Catalyst 6500 switch may disable the SC0 or SC1 interface if both interfaces are configured in the same subnet. Depending on the network topology, this problem might affect switch connectivity but should not affect switch operation.

Workaround: Do not configure SC0 and SC1 interfaces in the same subnet. This problem is resolved in software release 8.5(5). (CSCsd60686)

When a packet buffer error is detected, the module powers down instead of being power cycled. This problem is resolved in software release 8.5(5). (CSCsd79236)

A Catalyst 6500 switch might generate temperature traps indicating that the "Module 1 Switch-Eng Intake" and "Module 1 Switch-Eng Exhaust" temperature sensors are not present:

ciscoEnvMonTemperatureStatusDescr=Module 1 Switch-Eng Intake; 
ciscoEnvMonTemperatureStatusValue=0; ciscoEnvMonTemperatureState=6
ciscoEnvMonTemperatureStatusDescr=Module 1 Switch-Eng Exhaust; 
ciscoEnvMonTemperatureStatusValue=0; ciscoEnvMonTemperatureState=6

This problem is most likely due to an issue with the temperature sensors rather than an issue with the trap mechanism. This problem is resolved in software release 8.5(5). (CSCsd95563)

Some servers that are hardcoded with speed duplex 100M/full are not able to send traffic when they are connected to ports on the WS-X6348-RJ-45 module. The problem occurs after the switch, module, or host is reset.

Workaround 1: Enable autonegotiation on both the host and the switch port.

Workaround 2: Disable and then enable the switch ports.

Workaround 3: Disable inline power with the 100M/Full setting. This problem is resolved in software release 8.5(5). (CSCsd99700)

Open and Resolved Caveats in Software Release 8.5(4)

These sections describe open and resolved caveats in supervisor engine software release 8.5(4):

Open Caveats in Software Release 8.5(4)

Resolved Caveats in Software Release 8.5(4)

Open Caveats in Software Release 8.5(4)

This section describes open caveats in supervisor engine software release 8.5(4):

When the multispeed (10 MB/100 MB/1 GB) port of the WS-SUP32-10GE-3B supervisor engine is set to the 10-MB speed and you change the default QoS Tx queue ratio sizes, all packets flowing through this interface may be dropped in the appropriate queue. This problem is more frequent with jumbo-sized packets.

Workaround: Disable and then enable QoS. (CSCeh33526)

100BASE-T SFPs (GLC-T) do not support features such as UDLD and auto-mdix disable. We recommend that you do not enable UDLD on these SFPs. Auto-mdix is always enabled on these SFPs and cannot be disabled. (CSCec26310)

With Supervisor Engine 1, the boot string contains several boot images but only one, the first one, actually exists in the file system. When you enter the show system sanity command, no boot image is reported as invalid (missing). If the one valid image is cleared from the boot string, then all of the remaining (invalid) images are flagged. If the one valid image is added back to the boot string (at the end, instead of the beginning), the three missing images are flagged. (CSCed56928)

A bidirectional PIM ACE configured on the MSFC with a mask of 32 bits may result in traffic hitting the resulting (*,G/m) or (*,G). This situation could result in inconsistent forwarding.

Workaround: Configure the ACE with a mask of 31 bits. (CSCin62624)

With 802.1X authentication, if a high-availability switchover occurs during an authentication after the switchover completes, single authentication and port security are in the authenticated state but the port might not get added to spanning tree. If this situation occurs, then the port would not receive Color Blocking Logic (CBL) or Local Target Logic (LTL) information. The show port security command shows that the port MAC address is secured, but no MAC address is in the CAM table. (CSCin20244)

With continuous traffic through a port, MAC authentication bypass will fail to work if the following operations are performed on the port in the sequence specified:

1. MAC authentication bypass is enabled on the port.

2. Port security is enabled on the port.

3. The static CAM entry installed by port security on the port is confirmed.

4. MAC authentication bypass is globally enabled.

This problem occurs only when MAC authentication bypass is globally enabled after port security has been enabled on the port. There is no problem with enabling or disabling port-level MAC authentication bypass after port security has been enabled.

Workaround: Disable and then enable port security. (CSCin97632)

Resolved Caveats in Software Release 8.5(4)

This section describes resolved caveats in supervisor engine software release 8.5(4):

When you use the WS-F6K-FE48X2-AF inline-power daughter card with the WS-X6196-RJ-21 module, IP phones do not receive power using auto detect. When you connect the phone, the following message appears:

%C6K_POWER-SP-4-PD_NOLINKUP: The device connected to 1/37 is powered up but its link 
is not up in 5 seconds. Therefore, power is withdrawn from the port. 

Workaround: Enter the power inline static command. This problem is resolved in software release 8.5(4). (CSCek30589)

Packet loss can occur on a CEF720 module when a high rate of multicast traffic is received before a multicast protocol state is built. This condition occurs only with high levels of traffic when the multicast packet sizes are below a specific threshold (144 bytes), and when there is a topology change. This problem is resolved in software release 8.5(4). (CSCsd33647)

A Supervisor Engine 2 running software release 8.5(3) with high availability enabled running rapid-PVST+ may show a root bridge ID of 0/00-00-00-00-00-00 after a supervisor engine switchover.

Workaround 1: Run PVST+ spanning tree instead of rapid-PVST+.

Workaround 2. Enter the set system highavailability disable command to disable high availability. This problem is resolved in software release 8.5(4). (CSCsd69668)

A Catalyst 6500 switch with Supervisor Engine 720 running software release 8.5(x) may drop packets if a Distributed EtherChannel is configured. The packet loss is dependent on the traffic flow and ports that are in the channel.

Workaround: Reload the switch with the desired EtherChannel configured. This problem is resolved in software release 8.5(4). (CSCsd54277)

In binary configuration mode, the QoS MAC ACL configuration is corrupted after upgrading to software release 8.5(3) from any 7.x or later release.

Workaround: Save the configuration prior to upgrading and then reapply the configuration after the upgrade. This problem is resolved in software release 8.5(4). (CSCsd20162)

With the SSL-VPN module (WS-SVC-WEBVPN-K9) and SSL module (WS-SVC-SSL-1SSL), after a non-high availability switchover, both modules lose connectivity.

Workaround: Reset the modules after the switchover. This problem is resolved in software release 8.5(4). (CSCei46039)

After upgrading from software release 7.6(x) to software release 8.x or from software release 8.4(x) to software release 8.5(x), the FWSM port channel does not always form. The problem occurs only after configuration changes have been made to the FWSM configuration; the problem is not seen with the default FWSM configuration. This problem is resolved in software release 8.5(4). (CSCei72342)

The switch might crash during the loading of the configuration file if the configuration file used for the system profiles file feature has additional spaces at the end of the last line "end" point.

Workaround: Make sure that there are no additional spaces at the end of the last line "end" point. The system-generated configuration files do not have this problem unless the file has been edited. This problem is resolved in software release 8.5(4). (CSCsd46020)

On a Supervisor Engine 2/MSFC2 with PFC hardware version 2.0, you might see high CPU utilization after committing a large VACL that results in spanning tree recalculations. This problem is not seen with PFC hardware version 1.0 or 1.3. This problem is resolved in software release 8.5(4). (CSCeh37782)

After a high-availability switchover, you might experience a MISTP reconvergence on the newly active supervisor engine and the following message may display:

2005 Sep 09 16:00:49 JST +09:00 %SPANTREE-2-SWOVER_TOOLONG: switchover took too much 
time. All STP ports restarted. 

This problem is resolved in software release 8.5(4). (CSCej37841)

The supervisor engine might crash after accepting numerous SSH login attempts. This problem is resolved in software release 8.5(4). (CSCsc01175)

A switch running MST with high availability enabled might have stalled root information and mistakenly reuse the root information.

Workaround: Disable high availability. This problem is resolved in software release 8.5(4). (CSCsc37456)

Adding a VLAN to the FWSM may cause inconsistencies in allowed and trunked VLANs. After the FWSM is reset, ports in the FWSM port channel might errdisable due to a channel misconfiguration. When this problem occurs, the following is displayed:

%DTP-5-TRUNKPORTON:Port 4/1 has become dot1q trunk %SYS-3-MOD_PORTINTFINSYNC:Port 
Interface in sync for Module 4 %ETHC-5-PORTTOSTP:Port 4/1 joined bridge port 4/1-6 
%DTP-5-TRUNKPORTON:Port 4/2 has become dot1q trunk %DTP-5-TRUNKPORTON:Port 4/3 has 
become dot1q trunk %DTP-5-TRUNKPORTON:Port 4/4 has become dot1q trunk 
%DTP-5-TRUNKPORTON:Port 4/5 has become dot1q trunk %ETHC-3-ONMODEFAIL:Port 4/5 
errdisabled, ON mode attributes mismatch %DTP-5-TRUNKPORTON:Port 4/6 has become dot1q 
trunk %ETHC-3-ONMODEFAIL:Port 4/6 errdisabled, ON mode attributes mismatch 
%ETHC-5-PORTTOSTP:Port 4/2 joined bridge port 4/1-6 %ETHC-5-PORTTOSTP:Port 4/3 joined 
bridge port 4/1-6 %ETHC-5-PORTTOSTP:Port 4/4 joined bridge port 4/1-6 
%DTP-5-NONTRUNKPORTON:Port 4/5 has become non-trunk %DTP-5-NONTRUNKPORTON:Port 4/6 has 
become non-trunk 

Workaround: Manually add/delete the VLANs to the individual ports. This problem is resolved in software release 8.5(4). (CSCsd15946)

After a switchover in a redundant system, a syslog message configured to be sent as a trap may not be sent as a trap. This problem is resolved in software release 8.5(4). (CSCsd23319)

The switch might fail to return the complete Fully Qualified Domain Name (FQDN). The switch returns just the hostname, and the domain is appended to the snmpset. When a management application reads the name, it sees the hostname as being different than the running config. The management application then attempts to set the name by various means and starts a loop. This problem is resolved in software release 8.5(4). (CSCsd37685)

With PAgP mode set to "on," you might not be able to map a QoS ACL to a channel port when the port's status is "not connected." An example of the problem is as follows:

Console> (enable) set qos acl map test-qos 3/9