Table Of Contents
Release Notes for Cisco IOS Release 15.1SY
Contents
Chronological List of Releases
Hierarchical List of Releases
FPD-Image Dependant Modules
Supported Hardware
Supervisor Engines, PFCs, DFCs, and CFC
Supervisor Engine 2T-10GE
Policy Feature Cards Supported with Supervisor Engine 2T
Distributed Forwarding Cards Supported with Supervisor Engine 2T
Supervisor Engine 720-10GE (CAT6000-VS-S720-10G/MSFC3)
Supervisor Engine 720 (CAT6000-SUP720/MSFC3)
Policy Feature Cards Supported with Supervisor Engine 720
Distributed Forwarding Cards Supported with Supervisor Engine 720
Centralized Forwarding Card (WS-F6700-CFC)
40-Gigabit Ethernet Switching Modules
WS-X6904-40G-2T 4-Port 40-Gigabit Ethernet Switching Module
10-Gigabit Ethernet Switching Modules
WS-X6908-10GE 8-Port 10-Gigabit Ethernet X2 Switching Module
WS-X6816-10T-2T, WS-X6716-10T 16-Port 10-Gigabit Ethernet Copper Switching Module
WS-X6816-10G-2T, WS-X6716-10G 16-Port 10-Gigabit Ethernet X2 Switching Module
WS-X6708-10GE 8-port 10-Gigabit Ethernet X2 Switching Module
WS-X6704-10GE 4-Port 10-Gigabit Ethernet XENPAK Switching Module
WS-X6502-10GE 1-port 10-Gigabit Ethernet Switching Module
Gigabit Ethernet Switching Modules
WS-X6848-SFP-2T, WS-X6748-SFP 48-Port Gigabit Ethernet SFP Switching Module
WS-X6824-SFP-2T, WS-X6724-SFP 24-Port Gigabit Ethernet SFP Switching Module
WS-X6816-GBIC 16-port Gigabit Ethernet GBIC Switching Module
WS-X6516A-GBIC 16-Port Gigabit Ethernet GBIC Switching Module
WS-X6516-GBIC 16-Port Gigabit Ethernet GBIC Switching Module
WS-X6416-GBIC 16-port Gigabit Ethernet GBIC Switching Module
WS-X6408A-GBIC 8-port Gigabit Ethernet GBIC Switching Module
WS-X6408-GBIC 8-port Gigabit Ethernet GBIC Switching Module
10/100/1000 Ethernet Switching Modules
WS-X6848-TX-2T, WS-X6748-GE-TX
WS-X6548-GE-TX, WS-X6548V-GE-TX, WS-X6548-GE-45AF
WS-X6148E-GE-45AT
WS-X6148A-GE-TX, WS-X6148A-GE-45AF
WS-X6148-GE-TX, WS-X6148V-GE-TX, WS-X6148-GE-45AF
WS-X6516-GE-TX
100MB Ethernet Switching Modules
WS-X6148-FE-SFP
WS-X6524-100FX-MM
WS-X6324-100FX-MM
10/100MB Ethernet Switching Modules
WS-X6548-RJ-45
WS-X6548-RJ-21
WS-X6148X2-RJ-45, WS-X6148X2-45AF
WS-X6196-RJ-21, WS-X6196-21AF
WS-X6348-RJ-45, WS-X6348-RJ-45V
WS-X6348-RJ-21V
WS-X6148A-RJ-45, WS-X6148A-45AF
WS-X6148-RJ-45, WS-X6148-RJ45V, WS-X6148-45AF
WS-X6148-RJ-21, WS-X6148-RJ21V, WS-X6148-21AF
Power over Ethernet Daughtercards
WS-F6K-GE48-AF, WS-F6K-48-AF
WS-F6K-FE48X2-AF
WS-F6K-VPWR-GE
WS-F6K-VPWR
Transceivers
CFP Modules
X2 Modules
10 GE SFP+ Modules
XENPAKs
Small Form-Factor Pluggable (SFP) Modules
Gigabit Interface Converters (GBICs)
Service Modules
Application Control Engine (ACE) Module
ASA Services Module
Firewall Services Module (FWSM)
Intrusion Detection System Modules (IDSMs)
Network Analysis Modules (NAMs)
Wireless Services Modules (WiSMs)
Power Supplies
WS-C6503-E Power Supplies
WS-C6504-E Power Supplies
All Other Power Supplies
Chassis
13-Slot Chassis
9-Slot Chassis
6-Slot Chassis
4-Slot Chassis
3-Slot Chassis
Unsupported Hardware
Images and Feature Sets
Universal Boot Loader Image
EFSU Compatibility
New Features in Release 15.1(1)SY1
New Hardware Features in Release 15.1(1)SY1
New Software Features in Release 15.1(1)SY1
New Features in Release 15.1(1)SY
New Hardware Features in Release 15.1(1)SY
New Software Features in Release 15.1(1)SY
Software Features from Earlier Releases
Unsupported Commands
Unsupported Features
Restrictions
Caveats in Release 15.1SY
Open Caveats in Release 15.1SY
Caveats Resolved in Release 15.1(1)SY1
Caveats Resolved in Release 15.1(1)SY
Troubleshooting
System Troubleshooting
Module Troubleshooting
VLAN Troubleshooting
Spanning Tree Troubleshooting
Additional Troubleshooting Information
System Software Upgrade Instructions
Notices
OpenSSL/Open SSL Project
License Issues
Obtaining Documentation and Submitting a Service Request
Release Notes for Cisco IOS Release 15.1SY
May 3, 2013
Note
•See this product bulletin for information about the standard maintenance and extended maintenance 15.1SY releases:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps11821/ps11845/product_bulletin_c25-687567_ps708_Products_Bulletin.html
•For general product information about the Catalyst 6500 series switches, refer to these product bulletins:
http://www.cisco.com/en/US/products/hw/switches/ps708/prod_literature.html
The most current version of this document is available on Cisco.com at this URL:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/release_notes.html
Caution Cisco IOS supports redundant configurations with identical supervisor engines. If they are not identical, one supervisor engine will boot first and become active and hold the other in a reset condition.
Contents
This publication consists of these sections:
•Chronological List of Releases
•Hierarchical List of Releases
•FPD-Image Dependant Modules
•Supported Hardware
•Unsupported Hardware
•Images and Feature Sets
•Universal Boot Loader Image
•EFSU Compatibility
•New Features in Release 15.1(1)SY1
•New Features in Release 15.1(1)SY
•Unsupported Commands
•Unsupported Features
•Restrictions
•Caveats in Release 15.1SY
•Troubleshooting
Chronological List of Releases
Note•See the "Images and Feature Sets" section for information about which releases are deferred.
•See the "Hierarchical List of Releases" section for information about parent releases.
This is a chronological list of the 15.1SY releases:
•Release 15.1(1)SY1—03 May 2013
•Release 15.1(1)SY—15 Oct 2012
Hierarchical List of Releases
These releases support the hardware listed in the "Supported Hardware" section:
•Release 15.1(1)SY1:
–Date of release: 03 May 2013
–Based on Release 15.1(1)SY
•Release 15.1(1)SY:
–Date of release: 15 Oct 2012
–Based on Release 15.0(1)SY2 and Release 12.2(33)SXJ3
Note Release 15.1SY supports only Ethernet ports. Release 15.1SY does not support any WAN features or commands.
FPD-Image Dependant Modules
FPD image packages update FPD images. If a discrepancy exists between an FPD image and the Cisco IOS image, the module that has the FPD discrepancy is deactivated until the discrepancy is resolved. These modules use FPD images:
•ASA services module (WS-SVC-ASA-SM1-K9)—See this publication:
http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn85.html#Upgrading_the_FPD_Image
•Network Analysis Module 3 (WS-SVC-NAM3-6G-K9)—See these publications:
http://www.cisco.com/en/US/products/sw/cscowork/ps5401/prod_release_notes_list.html
Supported Hardware
These sections describe the hardware supported in Release 15.1(1)SY and later releases:
•Supervisor Engines, PFCs, DFCs, and CFC
•40-Gigabit Ethernet Switching Modules
•10-Gigabit Ethernet Switching Modules
•Gigabit Ethernet Switching Modules
•10/100/1000 Ethernet Switching Modules
•100MB Ethernet Switching Modules
•10/100MB Ethernet Switching Modules
•Transceivers
•Power over Ethernet Daughtercards
•Service Modules
•Power Supplies
•Chassis
Note Enter the show power command to display current system power usage.
Supervisor Engines, PFCs, DFCs, and CFC
•Supervisor Engine 2T-10GE
•Policy Feature Cards Supported with Supervisor Engine 2T
•Distributed Forwarding Cards Supported with Supervisor Engine 2T
•Supervisor Engine 720-10GE (CAT6000-VS-S720-10G/MSFC3)
•Supervisor Engine 720 (CAT6000-SUP720/MSFC3)
•Supervisor Engine 720 (CAT6000-SUP720/MSFC3)
•Policy Feature Cards Supported with Supervisor Engine 720
•Distributed Forwarding Cards Supported with Supervisor Engine 720
•Centralized Forwarding Card (WS-F6700-CFC)
Supervisor Engine 2T-10GE
Note For information about DRAM requirements on all supervisor engines, see this publication:
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/qa_c67_457347.html
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
VS-S2T-10G-XL
|
Supervisor Engine 2T-10GE with PFC4XL
|
15.0(1)SY
|
VS-S2T-10G
|
Supervisor Engine 2T-10GE with PFC4
|
Features
•One of these policy feature cards:
–Policy Feature Card 4XL (PFC4XL).
–Policy Feature Card 4 (PFC4).
See the "Policy Feature Cards Supported with Supervisor Engine 2T" section.
•Supports 2-Tbps switch fabric connectivity.
•2-GB DRAM.
•Internal 1-GB bootflash (bootdisk:).
•One external slot:
–disk0:
–For CompactFlash Type II flash PC cards sold by Cisco Systems, Inc., for use in Supervisor Engine 2T-10GE.
•Console ports:
–EIA/TIA-232 (RS-232) port
–USB port
•Ports 1, 2, and 3:
–QoS architecture: 2q4t/1p3q4t
–Ports 1, 2, and 3: Gigabit Ethernet SFP (fiber SFP or 1000 Mbps RJ-45 SFP)
•Ports 4 and 5:
–Support for 10-Gigabit Ethernet X2 tranceivers
–QoS architecture:
· With ports 1, 2, and 3 enabled: 2q4t/1p3q4t
· With ports 1, 2, and 3 disabled: 8q4t/1p7q4t
•One port group: ports 1 through 5
Note See the Supervisor Engine 2T-10GE Connectivity Management Processor Configuration Guide for information about the 10/100/1000 Mbps RJ-45 port.
•Connectivity Management Processor (CMP)—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/cmp_configuration/guide/sup2T_10GEcmp.html
Supervisor Engine 2T-10GE Restrictions
•The 1-Gigabit Ethernet ports and the 10-Gigabit Ethernet ports have the same QoS port architecture (2q4t/1p3q4t) unless you disable the 1-Gigabit Ethernet ports with the platform qos 10g-only global configuration command. With the 1-Gigabit Ethernet ports disabled, the QoS port architecture of the 10-Gigabit Ethernet ports is 8q4t/1p7q4t.
•In RPR redundancy mode, the ports on a Supervisor Engine 2T-10GE in standby mode are disabled.
Policy Feature Cards Supported with Supervisor Engine 2T
•Policy Feature Card 4 Guidelines and Restrictions
•Policy Feature Card 4XL
•Policy Feature Card 4
Policy Feature Card 4 Guidelines and Restrictions
•The PFC4 supports a theoretical maximum of 131,072 (128K) MAC addresses with 118,000 (115.2K) MAC addresses as the recommended maximum.
•The PFC4 partitions the hardware FIB table to route IPv4 unicast, IPv4 multicast, MPLS, and IPv6 unicast and multicast traffic in hardware. Traffic for routes that do not have entries in the hardware FIB table are processed by the route processor in software.
The defaults for XL mode are:
–IPv4 unicast and MPLS: 512,000 routes
–IPv4 multicast and IPv6 unicast and multicast: 256,000 routes
The defaults for Non-XL mode are:
–IPv4 unicast and MPLS: 192,000 routes
–IPv4 multicast and IPv6 unicast and multicast: 32,000 routes
Note The size of the global internet routing table plus any local routes might exceed the non-XL mode default partition sizes.
These are the theoretical maximum numbers of routes for the supported protocols (the maximums are not supported simultaneously):
–XL mode:
· IPv4 and MPLS: Up to 1,007,000 routes
· IPv4 multicast and IPv6 unicast and multicast: Up to 503,000 routes
–Non-XL mode:
· IPv4 and MPLS: Up to 239,000 routes
· IPv4 multicast and IPv6 unicast and multicast: Up to 119,000 routes
Enter the platform cef maximum-routes command to repartition the hardware FIB table. IPv4 unicast and MPLS require one hardware FIB table entry per route. IPv4 multicast and IPv6 unicast and multicast require two hardware FIB table entries per route. Changing the partition for one protocol makes corresponding changes in the partitions of the other protocols. You must enter the reload command to put configuration changes made with the platform cef maximum-routes command into effect.
Note With a non-XL-mode system, if your requirements cannot be met by repartitioning the hardware FIB table, upgrade components as necessary to operate in XL mode.
•You cannot use one type of PFC on one supervisor engine and a different type on the other supervisor engine for redundancy. You must use identical policy feature cards for redundancy.
•PFC4—These restrictions apply to a configuration with a PFC4 and these DFCs:
–PFC4 and DFC4—No restrictions (PFC4 mode).
–PFC4 and DFC4XL—The PFC4 restricts DFC4XL functionality: the DFC4XL functions as a DFC4 (PFC4 mode).
•PFC4XL—These restrictions apply to a configuration with a PFC4XL and these DFCs:
–PFC4XL and DFC4—PFC4XL functionality is restricted by the DFC4: after a reload with a DFC4-equipped module installed, the PFC4XL functions as a PFC4 (PFC4 mode).
–PFC4XL and DFC4XL—No restrictions (PFC4XL mode).
•Switching modules that you install after bootup that are equipped with a DFC that imposes a more restricted PFC mode than the current PFC mode remain powered down.
•You must reboot to use a switching module equipped with a DFC that imposes a more restricted PFC mode than the current PFC mode.
•Enter the show platform hardware pfc mode command to display the PFC mode.
Policy Feature Card 4XL
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
VS-F6K-PFC4XL
|
Policy Feature Card 4XL (PFC4XL)
Note Use VS-F6K-PFC4XL= to upgrade to a PFC4XL.
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
Policy Feature Card 4
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
VS-F6K-PFC4
|
Policy Feature Card 4 (PFC4)
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
Distributed Forwarding Cards Supported with Supervisor Engine 2T
•Distributed Forwarding Card 4XL
•Distributed Forwarding Card 4
Note•See the "Policy Feature Cards Supported with Supervisor Engine 2T" section for Policy Feature Cards (PFC) and Distributed Forwarding Card (DFC) restrictions.
•The DFC4 uses memory that is installed on the switching module.
•For more information about the DFCs, see this document:
http://www.cisco.com/en/US/prod/collateral/modules/ps2797/ps11878/data_sheet_c78-648214.html
Distributed Forwarding Card 4XL
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
WS-F6K-DFC4-EXL
WS-F6K-DFC4-AXL
|
Distributed Forwarding Card 4XL (DFC4XL)
|
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
Distributed Forwarding Card 4
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
WS-F6K-DFC4-E
WS-F6K-DFC4-A
|
Distributed Forwarding Card 4 (DFC4)
|
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
Supervisor Engine 720-10GE (CAT6000-VS-S720-10G/MSFC3)
•Supervisor Engine 720-10GE Common Features
•Supervisor Engine 720-10GE with PFC3C and PFC3CXL
•Supervisor Engine 720-10GE Restrictions
Supervisor Engine 720-10GE Common Features
•Switch processor (SP):
–Internal 1-GB CompactFlash card (sup-bootdisk:).
–1-GB DRAM.
•Route processor (RP):
–Internal 64-MB bootflash.
–1-GB DRAM.
•One of these:
–Policy Feature Card 3CXL (PFC3CXL).
–Policy Feature Card 3C (PFC3C).
–See the "Policy Feature Cards Supported with Supervisor Engine 2T" section.
•Integrated 720-Gbps Switch Fabric.
•One external slot:
–disk0:
–For CompactFlash Type II flash PC cards sold by Cisco Systems, Inc., for use in Supervisor Engine 720-10GE.
•Console port—EIA/TIA-232 (RS-232) port.
•Ports 1 and 2:
–QoS architecture: 2q4t/1p3q4t
–Support for Gigabit Ethernet SFPs
•Port 3:
–10/100/1000 Mbps RJ-45
–QoS architecture: 2q4t/1p3q4t
•Ports 4 and 5:
–Support for 10-Gigabit Ethernet X2 tranceivers
–QoS architecture: 2q4t/1p3q4t or 8q4t/1p7q4t
Note The 1-Gigabit Ethernet ports and the 10-Gigabit Ethernet ports have the same QoS port architecture (2q4t/1p3q4t) unless you disable the 1-Gigabit Ethernet ports with the mls qos 10g-only global configuration command, which is required to configure DSCP-based queueing. With the 1-Gigabit Ethernet ports disabled, the QoS port architecture of the 10-Gigabit Ethernet ports is 8q4t/1p7q4t.
•One port group: ports 1 through 5.
•Two Universal Serial Bus (USB) 2.0 ports (not currently enabled)
Supervisor Engine 720-10GE with PFC3C and PFC3CXL
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
VS-S720-10G-3CXL
|
Supervisor Engine 720-10GE with PFC3CXL
|
15.1(1)SY
|
VS-S720-10G-3C
|
Supervisor Engine 720-10GE with PFC3C
|
15.1(1)SY
|
Supervisor Engine 720-10GE Restrictions
•In RPR redundancy mode, the ports on a Supervisor Engine 720-10GE in standby mode are disabled.
•There are no memory-only upgrade options for the Supervisor Engine 720-10GE.
Supervisor Engine 720 (CAT6000-SUP720/MSFC3)
•Supervisor Engine 720 Common Features
•Supervisor Engine 720 with PFC3BXL
•Supervisor Engine 720 with PFC3B
Supervisor Engine 720 Common Features
•Integrated 720-Gbps Switch Fabric
•Internal 64-MB bootflash device (sup-bootflash:) or CompactFlash card (sup-bootdisk:), 512 MB or larger.
–As an upgrade, WS-CF-UPG=
–See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_17277.html
•Two external slots (disk0: and disk1:) for CompactFlash Type II flash PC cards sold by Cisco Systems, Inc., for use in Supervisor Engine 720.
Note Some Supervisor Engine 720 Release 12.2SX images are larger than the bootflash device and must be stored on a CompactFlash card (sup-bootdisk: or disk0: or disk1:).
•Two Ethernet uplink ports:
–512-KB packet buffer per port
–Port 1—Gigabit Interface Converter (GBIC)
–Port 2—Configurable as either:
· Gigabit Interface Converter (GBIC)
· 10/100/1000 Mbps RJ-45
•QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t
•Port grouping:
–Number of ports: 2
–Number of port groups: 1
–Port ranges per port group: 1-2
Supervisor Engine 720 with PFC3BXL
Note If you install WS-SUP720-3BXL=, upgrade the memory on any DFC3-equipped switching modules. See this document for DFC3 memory upgrades:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_12409.html
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-SUP720-3BXL
|
Supervisor Engine 720 with PFC3BXL:
•Switch processor (SP):
–Internal 64-MB bootflash device (sup-bootflash:)
or
internal CompactFlash card (sup-bootdisk:)
–1-GB or larger DRAM
•Route processor (RP):
–1-GB or larger DRAM
–64-MB bootflash
•Policy Feature Card 3BXL (PFC3BXL)—See the "Policy Feature Cards Supported with Supervisor Engine 2T" section.
|
15.1(1)SY
|
Supervisor Engine 720 with PFC3B
Note•See this document for DFC3 memory upgrades:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_12409.html
•Use WS-F6K-PFC3BXL= to upgrade a WS-SUP720-3B with a PFC3BXL. WS-F6K-PFC3BXL= includes 1 GB memory upgrades for the Supervisor Engine 720 and the MSFC3.
–If you install WS-F6K-PFC3BXL=, upgrade the memory on any DFC3-equipped switching modules.
–See this publication for more information about WS-F6K-PFC3BXL=:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_16220.html
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-SUP720-3B
|
Supervisor Engine 720 with PFC3B:
•Switch processor (SP):
–Internal 64-MB bootflash device (sup-bootflash:)
or
internal CompactFlash card (sup-bootdisk:)
–512-MB or larger DRAM
•Route processor (RP):
–64-MB bootflash
–512-MB or larger DRAM
•Policy Feature Card 3B (PFC3B)—See the "Policy Feature Cards Supported with Supervisor Engine 2T" section
|
15.1(1)SY
|
Policy Feature Cards Supported with Supervisor Engine 720
•Policy Feature Card 3 Guidelines and Restrictions
•Policy Feature Card 4XL
•Policy Feature Card 4
•Policy Feature Card 3BXL
•Policy Feature Card 3B
Policy Feature Card 3 Guidelines and Restrictions
•The PFC3C supports a theoretical maximum of 96 K MAC addresses (64 K MAC addresses recommended maximum).
•The PFC3B and PFC3BXL support a theoretical maximum of 64 K MAC addresses (32 K MAC addresses recommended maximum).
•The PFC3 partitions the hardware FIB table to route IPv4 unicast, IPv4 multicast, MPLS, and IPv6 unicast and multicast traffic in hardware. Traffic for routes that do not have entries in the hardware FIB table are processed by the route processor in software.
The defaults for XL mode are:
–IPv4 unicast and MPLS—512,000 routes
–IPv4 multicast and IPv6 unicast and multicast—256,000 routes
The defaults for non-XL mode are:
–IPv4 unicast and MPLS—192,000 routes
–IPv4 multicast and IPv6 unicast and multicast—32,000 routes
Note The size of the global internet routing table plus any local routes might exceed the non-XL mode default partition sizes.
These are the theoretical maximum numbers of routes for the supported protocols (the maximums are not supported simultaneously):
–XL mode:
· IPv4 and MPLS—Up to 1,007,000 routes
· IPv4 multicast and IPv6 unicast and multicast—Up to 503,000 routes
–Non-XL mode:
· IPv4 and MPLS—Up to 239,000 routes
· IPv4 multicast and IPv6 unicast and multicast—Up to 119,000 routes
Enter the mls cef maximum-routes command to repartition the hardware FIB table. IPv4 unicast and MPLS require one hardware FIB table entry per route. IPv4 multicast and IPv6 unicast and multicast require two hardware FIB table entries per route. Changing the partition for one protocol makes corresponding changes in the partitions of the other protocols. You must enter the reload command to put configuration changes made with the mls cef maximum-routes command into effect.
Note With a non-XL-mode system, if your requirements cannot be met by repartitioning the hardware FIB table, upgrade components as necessary to operate in XL mode.
•You cannot use one type of PFC3 on one supervisor engine and a different type on the other supervisor engine for redundancy. You must use identical policy feature cards for redundancy.
•PFC3B—These restrictions apply to a configuration with a PFC3B and these DFCs:
–PFC3B and DFC3B—No restrictions (PFC3B mode; does not support virtual switch mode).
–PFC3B and DFC3BXL—The PFC3B restricts DFC3BXL functionality: after a reload with a DFC3BXL-equipped module installed, the DFC3BXL functions as a DFC3B (PFC3B mode; does not support virtual switch mode).
–PFC3B and DFC3C—The PFC3B restricts DFC3C functionality: the DFC3C functions as a DFC3B (PFC3B mode; does not support virtual switch mode).
–PFC3B and DFC3CXL—The PFC3B restricts DFC3CXL functionality: the DFC3CXL functions as a DFC3B (PFC3B mode; does not support virtual switch mode).
•PFC3BXL—These restrictions apply to a configuration with a PFC3BXL and these DFCs:
–PFC3BXL and DFC3B—PFC3BXL functionality is restricted by the DFC3B: after a reload with a DFC3B-equipped module installed, the PFC3BXL functions as a PFC3B (PFC3B mode; does not support virtual switch mode).
–PFC3BXL and DFC3BXL—No restrictions (PFC3BXL mode; does not support virtual switch mode).
–PFC3BXL and DFC3C—Each restricts the functionality of the other: the PFC3BXL functions as a PFC3B and the DFC3C functions as a DFC3B (PFC3B mode; does not support virtual switch mode).
–PFC3BXL and DFC3CXL—The PFC3BXL restricts DFC3CXL functionality: the DFC3CXL functions as a DFC3BXL (PFC3BXL mode; does not support virtual switch mode).
•PFC3C—These restrictions apply to a configuration with a PFC3C and these DFCs:
–PFC3C and DFC3B—PFC3C functionality is restricted by the DFC3B: after a reload with a DFC3B-equipped module installed, the PFC3C functions as a PFC3B (PFC3B mode; does not support virtual switch mode).
–PFC3C and DFC3BXL—PFC3C functionality is restricted by the DFC3BXL: after a reload with a DFC3BXL-equipped module installed, the PFC3C functions as a PFC3BXL (PFC3BXL mode; does not support virtual switch mode).
–PFC3C and DFC3C—No restrictions (PFC3C mode).
–PFC3C and DFC3CXL—The PFC3C restricts DFC3CXL functionality: the DFC3CXL functions as a DFC3C (PFC3C mode).
•PFC3CXL—These restrictions apply to a configuration with a PFC3CXL and these DFCs:
–PFC3CXL and DFC3B—PFC3CXL functionality is restricted by the DFC3B: after a reload with a DFC3B-equipped module installed, the PFC3CXL functions as a PFC3B (PFC3B mode; does not support virtual switch mode).
–PFC3CXL and DFC3BXL—PFC3CXL functionality is restricted by the DFC3BXL: after a reload with a DFC3BXL-equipped module installed, the PFC3CXL functions as a PFC3BXL (PFC3BXL mode; does not support virtual switch mode).
–PFC3CXL and DFC3C—PFC3CXL functionality is restricted by the DFC3C: after a reload with a DFC3C-equipped module installed, the PFC3CXL functions as a PFC3C (PFC3C mode).
–PFC3CXL and DFC3CXL—No restrictions (PFC3CXL mode).
•Switching modules that you install after bootup that are equipped with a DFC that imposes a more restricted PFC mode than the current PFC mode remain powered down.
•You must reboot to use a switching module equipped with a DFC that imposes a more restricted PFC mode than the current PFC mode.
•Enter the show platform hardware pfc mode command to display the PFC mode.
Policy Feature Card 3CXL
Note Use VS-F6K-PFC3CXL= to upgrade a VS-S720-10G-3C with a PFC3CXL. See this publication for more information:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_16220.html
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
VS-F6K-PFC3CXL
|
Policy Feature Card 3CXL (PFC3CXL)
|
Supported only with Supervisor Engine 720-10GE
|
15.1(1)SY
|
Policy Feature Card 3C
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
VS-F6K-PFC3C
ME-C6524-PFC3C
|
Policy Feature Card 3C (PFC3C)
|
Supported only with Supervisor Engine 720-10GE
|
15.1(1)SY
|
Policy Feature Card 3BXL
Note Use WS-F6K-PFC3BXL= to upgrade a WS-SUP720 or WS-SUP720-3B with a PFC3BXL. WS-F6K-PFC3BXL= includes 1 GB memory upgrades for the Supervisor Engine 720 and the MSFC3. See this publication for more information:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_16220.html
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-F6K-PFC3BXL
|
Policy Feature Card 3BXL (PFC3BXL)
|
Supported only with Supervisor Engine 720
|
15.1(1)SY
|
Policy Feature Card 3B
Note Use WS-F6K-PFC3B= to upgrade a WS-SUP720 with a PFC3B. See this publication for more information:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_16220.html
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-F6K-PFC3B
|
Policy Feature Card 3B (PFC3B)
|
With Supervisor Engine 720
|
15.1(1)SY
|
Distributed Forwarding Cards Supported with Supervisor Engine 720
•Distributed Forwarding Card 3CXL
•Distributed Forwarding Card 3C
•Distributed Forwarding Card 3BXL
•Distributed Forwarding Card 3B
Note See the "Policy Feature Cards Supported with Supervisor Engine 2T" section for Policy Feature Cards (PFC) and Distributed Forwarding Card (DFC) restrictions.
Distributed Forwarding Card 3CXL
Note•WS-F6700-DFC3CXL uses memory that is installed on the switching module.
•See this publication for information about WS-F6700-DFC3CXL upgrades:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_15893.html
•Requires switching module ROMMON version 12.2(18r)S1 or later. To display the switching module ROMMON version, enter the remote command module module_slot_number show version | include ROM command. To upgrade the switching module ROMMON, see this document:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/rommon/OL_6143.html
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
WS-F6700-DFC3CXL
|
Distributed Forwarding Card 3CXL (DFC3CXL) for use on CEF720 modules
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
Distributed Forwarding Card 3C
Note•WS-F6700-DFC3C uses memory that is installed on the switching module.
•See this publication for information about WS-F6700-DFC3C upgrades:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_15893.html
•Requires switching module ROMMON version 12.2(18r)S1 or later. To display the switching module ROMMON version, enter the remote command module module_slot_number show version | include ROM command. To upgrade the switching module ROMMON, see this document:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/rommon/OL_6143.html
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
WS-F6700-DFC3C
|
Distributed Forwarding Card 3C (DFC3C) for use on CEF720 modules
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
Distributed Forwarding Card 3BXL
•WS-F6700-DFC3BXL
•WS-F6K-DFC3BXL
WS-F6700-DFC3BXL
Note•Not supported in virtual switch mode.
•WS-F6700-DFC3BXL uses memory that is installed on the switching module.
•See this publication for information about WS-F6700-DFC3BXL upgrades:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_15893.html
•Requires switching module ROMMON version 12.2(18r)S1 or later. To display the switching module ROMMON version, enter the remote command module module_slot_number show version | include ROM command. To upgrade the switching module ROMMON, see this document:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/rommon/OL_6143.html
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-F6700-DFC3BXL
|
Distributed Forwarding Card 3BXL (DFC3BXL) for use on CEF720 modules
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
WS-F6K-DFC3BXL
Note•Not supported in virtual switch mode.
•See this publication for information about WS-F6K-DFC3BXL memory upgrades:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_12409.html
•Supervisor Engine 720 supports a WS-F6K-DFC3BXL on these WS-X6516-GBIC switching module hardware revisions:
–Lower than 5.0
–5.5 and higher
•Requires DFC ROMMON version 12.2(18r)S1 or later. To display the switching module ROMMON version, enter the remote command module module_slot_number show version | include ROM command. To upgrade the switching module ROMMON, see this document:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/rommon/OL_6010.html
•Supervisor Engine 720 does not support a DFC3 on WS-X6516-GBIC switching module hardware revisions 5.0 through 5.4. With a Supervisor Engine 720 and with a DFC3 installed, WS-X6516-GBIC switching module hardware revisions 5.0 through 5.4 do not power up.
•With a Supervisor Engine 720 but without a DFC3, WS-X6516-GBIC switching module hardware revisions 5.0 through 5.4 operate in bus mode.
•See external field notice 24494 for more information about Supervisor Engine 720 and a DFC3 on WS-X6516-GBIC switching modules:
http://www.cisco.com/en/US/ts/fn/200/fn24494.html
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-F6K-DFC3BXL
|
Distributed Forwarding Card 3BXL (DFC3BXL) for use on dCEF256 and CEF256 modules
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
Distributed Forwarding Card 3B
•WS-F6700-DFC3B
•WS-F6K-DFC3B
WS-F6700-DFC3B
Note•Not supported in virtual switch mode.
•WS-F6700-DFC3B uses memory that is installed on the switching module.
•See this publication for information about WS-F6700-DFC3B upgrades:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_15893.html
•Requires switching module ROMMON version 12.2(18r)S1 or later. To display the switching module ROMMON version, enter the remote command module module_slot_number show version | include ROM command. To upgrade the switching module ROMMON, see this document:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/rommon/OL_6143.html
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-F6700-DFC3B
|
Distributed Forwarding Card 3B (DFC3B) for use on CEF720 modules
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
WS-F6K-DFC3B
Note•Not supported in virtual switch mode.
•See this publication for information about WS-F6K-DFC3B memory upgrades:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_12409.html
•Requires DFC ROMMON version 12.2(18r)S1 or later. To display the switching module ROMMON version, enter the remote command module module_slot_number show version | include ROM command. To upgrade the switching module ROMMON, see this document:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/rommon/OL_6010.html
•Supervisor Engine 720 supports a WS-F6K-DFC3B on these WS-X6516-GBIC switching module hardware revisions:
–Lower than 5.0
–5.5 and higher
•Supervisor Engine 720 does not support a DFC3 on WS-X6516-GBIC switching module hardware revisions 5.0 through 5.4. With a Supervisor Engine 720 and with a DFC3 installed, WS-X6516-GBIC switching module hardware revisions 5.0 through 5.4 do not power up.
•With a Supervisor Engine 720 but without a DFC3, WS-X6516-GBIC switching module hardware revisions 5.0 through 5.4 operate in bus mode.
•See external field notice 24494 for more information about Supervisor Engine 720 and a DFC3 on WS-X6516-GBIC switching modules:
http://www.cisco.com/en/US/ts/fn/200/fn24494.html
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-F6K-DFC3B
|
Distributed Forwarding Card 3B (DFC3B) for use on dCEF256 and CEF256 modules
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
Centralized Forwarding Card (WS-F6700-CFC)
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
WS-F6700-CFC
|
Centralized Forwarding Card (CFC) for use on CEF720 modules
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
40-Gigabit Ethernet Switching Modules
WS-X6904-40G-2T 4-Port 40-Gigabit Ethernet Switching Module
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
|
|
4-port 40-Gigabit Ethernet module
|
|
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY1
|
•WS-X6904-40G-2T and WS-X6904-40G-2TXL are the orderable product IDs.
•The front panel is labeled WS-X6904-40G.
•Cisco IOS software commands display WS-X6904-40G with either WS-F6K-DFC4-E or WS-F6K-DFC4-EXL.
•Has hardware abstraction layer (HAL) support.
•QoS port architecture (Rx/Tx): 1p7q4t or 2p6q4t/1p7q4t or 2p6q4t
•Dual switch-fabric connections:
–Fabric Channel #1: Ports 1 and 2 or 5 through 12
–Fabric Channel #2: Ports 3 and 4 or 13 through 20
•Number of ports: 4 or 16
Number of port groups: 2
Port per port group:
-Ports 1 and 2 or 5 through 12
-Ports 3 and 4 or 13 through 20
•dCEF2T.
•In a 3-slot chassis, supported only with WS-C6503-E hardware revision 1.3 or higher.
•Upgrade to Release15.0(1)SY1 or later before installing WS-X6904-40G (see the "EFSU Compatibility" section).
•Each bay can support a CFP transceiver (supports one 40 Gigabit Ethernet port) or a FourX adapter (supports four 10 Gigabit Ethernet SFP+ transceivers).
•WS-X6904-40G supported modes (default mode is oversubscribed):
–40 Gigabit Ethernet oversubscribed mode:
—Four 40 Gigabit Ethernet ports
—Ports 1 through 4
–10 Gigabit Ethernet oversubscribed mode:
—Sixteen 10 Gigabit Ethernet ports
—Ports 5 through 20
–Mixed 10/40 Gigabit Ethernet oversubscribed mode:
—Left bays:
-Either two 40 Gigabit Ethernet ports (1 and 2)
-Or eight 10 Gigabit Ethernet ports (5 through 12)
—Right bays:
-Either two 40 Gigabit Ethernet ports (3 and 4)
-Or eight 10 Gigabit Ethernet ports (13 through 20)
–Performance mode:
—Configurable per module or per bay:
no hw-module slot slot_number oversubscription [port-group port_group_number]
—Supported in the top left bay and top right bay.
—Any of these combinations:
-40 Gigabit Ethernet port 1 (top left bay) and port 3 (top right bay)
-10 Gigabit Ethernet ports 5 through 9 (top left bay) and ports 13 through 16 (top right bay)
-Top left bay: 40 Gigabit Ethernet port 1 or 10 Gigabit Ethernet ports 5 through 9
Top right bay: 40 Gigabit Ethernet port 3 or 10 Gigabit Ethernet ports 13 through 16
–40 Gigabit Ethernet performance mode, 10 Gigabit Ethernet oversubscribed mode:
—Either of these combinations:
-Top left bay: 40 Gigabit Ethernet port 1
Right bays: eight 10 Gigabit Ethernet ports (13 through 20)
-Left bays: eight 10 Gigabit Ethernet ports (5 through 13)
Top right bay: 40 Gigabit Ethernet port 3
–40 Gigabit Ethernet oversubscribed mode, 10 Gigabit Ethernet performance mode:
—Either of these combinations:
-Top left bay: four 10 Gigabit Ethernet ports (5 through 9)
Right bays: two 40 Gigabit Ethernet ports (3 and 4)
-Left bays: two 40 Gigabit Ethernet ports (1 and 2)
Top right bay: four 10 Gigabit Ethernet ports (13 through 16)
•For more information about WS-X6904-40G, see these publications:
40 Gigabit Ethernet on Cisco Catalyst 6500 Series Switches: How It Works
40 Gigabit Ethernet Interface Module for Cisco Catalyst 6500 Series Switches Data Sheet
10-Gigabit Ethernet Switching Modules
•WS-X6908-10GE 8-Port 10-Gigabit Ethernet X2 Switching Module
•WS-X6816-10T-2T, WS-X6716-10T 16-Port 10-Gigabit Ethernet Copper Switching Module
•WS-X6816-10G-2T, WS-X6716-10G 16-Port 10-Gigabit Ethernet X2 Switching Module
•WS-X6708-10GE 8-port 10-Gigabit Ethernet X2 Switching Module
•WS-X6704-10GE 4-Port 10-Gigabit Ethernet XENPAK Switching Module
WS-X6908-10GE 8-Port 10-Gigabit Ethernet X2 Switching Module
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
|
|
8-port 10-Gigabit Ethernet X2 module
|
|
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
•Not supported with Supervisor Engine 720 or Supervisor Engine 720-10GE.
•WS-X6908-10G and WS-X6908-10G-XL are the orderable product IDs.
•The front panel is labeled WS-X6908-10GE.
•Cisco IOS software commands display WS-X6908-10GE with either WS-F6K-DFC4-E or WS-F6K-DFC4-EXL.
•dCEF2T
•QoS port architecture (Rx/Tx): 8q4t/1p7q4t
•Dual switch-fabric connections
Fabric Channel #1: Ports 2, 3, 6, 8
Fabric Channel #2: Ports 1, 4, 5, 7
•Number of ports: 8
Number of port groups: 8
Port ranges per port group: 1 port in each group
•In a 3-slot chassis, supported only with WS-C6503-E hardware revision 1.3 or higher.
WS-X6816-10T-2T, WS-X6716-10T 16-Port 10-Gigabit Ethernet Copper Switching Module
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
|
|
16-port 10-Gigabit Ethernet copper (RJ-45) module
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
|
WS-X6716-10T-3C
(WS-X6716-10T with
WS-F6700-DFC3C)
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•The orderable product IDs are:
–WS-X6816-10T-2TXL
–WS-X6816-10T-2T
–WS-X6716-10T-3CXL
–WS-X6716-10T-3C
•The front panel is labeled WS-X6716-10T.
•Cisco IOS software commands display WS-X6716-10T with any DFC.
•dCEF720
•QoS port architecture (Rx/Tx):
–Oversubscription mode: 1p7q2t/1p7q4t
–Performance mode: 8q4t/1p7q4t
•Dual switch-fabric connections
Fabric Channel #1: ports 1-8
Fabric Channel #2: ports 9-16
•Number of ports: 16
Number of port groups: 4
Port ranges per port group: 1-4, 5-8, 9-12, 13-16
•When not configured in oversubscription mode, supported in virtual switch links.
•To configure port oversubscription, use the hw-module slot command.
WS-X6816-10G-2T, WS-X6716-10G 16-Port 10-Gigabit Ethernet X2 Switching Module
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
|
|
16-port 10-Gigabit Ethernet X2 module
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
|
WS-X6716-10G-3C
(WS-X6716-10G with
WS-F6700-DFC3C)
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•The orderable product IDs are:
–WS-X6816-10G-2TXL
–WS-X6816-10G-2T
–WS-X6716-10G-3CXL
–WS-X6716-10G-3C
•The front panel is labeled WS-X6716-10GE.
•Cisco IOS software commands display WS-X6716-10GE with any DFC.
•dCEF720
•QoS port architecture (Rx/Tx):
–Oversubscription mode: 1p7q2t/1p7q4t
–Performance mode: 8q4t/1p7q4t
•Dual switch-fabric connections
Fabric Channel #1: ports 1-8
Fabric Channel #2: ports 9-16
•Number of ports: 16
Number of port groups: 4
Port ranges per port group: 1-4, 5-8, 9-12, 13-16
•When not configured in oversubscription mode, supported in virtual switch links.
•To configure port oversubscription, use the hw-module slot command.
•With Supervisor Engine 720-10GE or Supervisor Engine 720 in a 13-slot chassis, supported only in slots 9 through 13 and does not power up in other slots.
WS-X6708-10GE 8-port 10-Gigabit Ethernet X2 Switching Module
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
|
WS-X6708-10G-3CXL
(WS-X6708-10GE with
WS-F6700-DFC3CXL)
|
8-port 10-Gigabit Ethernet X2 module
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•WS-X6708-10G-3C and WS-X6708-10G-3CXL are the orderable product IDs.
•The front panel is labeled WS-X6708-10GE.
•Cisco IOS software commands display WS-X6708-10GE with either WS-F6700-DFC3C or WS-F6700-DFC3CXL.
•dCEF720
•Supports egress multicast replication
•QoS port architecture (Rx/Tx):
–Oversubscription mode: 1p7q2t/1p7q4t
–Performance mode: 8q4t/1p7q4t
–Both modes support DSCP-based queueing
•Dual switch-fabric connections
Fabric Channel #1: Ports 2, 3, 6, 8
Fabric Channel #2: Ports 1, 4, 5, 7
•Number of ports: 8
Number of port groups: 8
Port ranges per port group: 1 port in each group
•To configure WS-X6708-10GE port oversubscription, use the hw-module oversubscription command.
•WS-X6708-10GE ports do not support VACL capture. (CSCsb59015)
•In a 13-slot chassis, supported only in slots 9 through 13 and does not power up in other slots.
WS-X6704-10GE 4-Port 10-Gigabit Ethernet XENPAK Switching Module
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
WS-X6704-10G
|
4-port 10-Gigabit Ethernet XENPAK
|
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•WS-X6704-10GE requires one of the following:
–With Supervisor Engine 2T-10GE:
· WS-F6K-DFC4-AXL
· WS-F6K-DFC4-A
–With Supervisor Engine 720 or Supervisor Engine 720-10GE:
· WS-F6700-DFC3CXL
· WS-F6700-DFC3C
· WS-F6700-DFC3BXL (not supported in virtual switch mode)
· WS-F6700-DFC3B (not supported in virtual switch mode)
–With any supervisor engine, WS-F6700-CFC
•dCEF720 with a DFC or CEF720 with a WS-F6700-CFC.
•Requires 512-MB DRAM with a WS-F6700-CFC (CSCtk82279). See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_12409.html
•QoS port architecture (Rx/Tx): 8q8t/1p7q8t
•Dual switch-fabric connections:
Fabric Channel #1: Ports 3 and 4
Fabric Channel #2: Ports 1 and 2
•Number of ports: 4
Number of port groups: 4
Port ranges per port group: 1 port in each group
•WS-X6704-10G is the orderable product ID.
•The front panel is labeled WS-X6704-10GE.
•Cisco IOS software commands display WS-X6704-10GE with any DFC.
•On WS-X6704-10GE ports, STP BPDUs are not exempt from Traffic Storm Control multicast suppression. Do not configure multicast suppression on STP-protected WS-X6704-10GE ports that interconnect network devices. (CSCsg86315)
•With Supervisor Engine 720-10GE or Supervisor Engine 720 in a 13-slot chassis, supported only in slots 9 through 13 and does not power up in other slots.
WS-X6502-10GE 1-port 10-Gigabit Ethernet Switching Module
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-X6502-10GE
|
1-port 10-Gigabit Ethernet
Note Not supported with Supervisor Engine 2T.
|
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
Optical Interface Module (OIM) for WS-X6502-10GE
|
WS-G6488
|
10GBASE-LR serial 1310 nm long-reach OIM
|
WS-G6483
|
10GBASE-ER serial 1550 nm extended-reach OIM
|
•Not supported in virtual switch mode.
•dCEF256 with a DFC
•QoS port architecture (Rx/Tx): 1p1q8t/1p2q1t
•Number of ports: 1
Number of port groups: 1
Port ranges per port group: 1 port in 1 group
•Use with a DFC requires DFC ROMMON version 12.2(18r)S1 or later. To display the switching module ROMMON version, enter the remote command module module_slot_number show version | include ROM command. To upgrade the switching module ROMMON, see this document:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/rommon/OL_6010.html
Gigabit Ethernet Switching Modules
•WS-X6848-SFP-2T, WS-X6748-SFP 48-Port Gigabit Ethernet SFP Switching Module
•WS-X6824-SFP-2T, WS-X6724-SFP 24-Port Gigabit Ethernet SFP Switching Module
•WS-X6816-GBIC 16-port Gigabit Ethernet GBIC Switching Module
•WS-X6516A-GBIC 16-Port Gigabit Ethernet GBIC Switching Module
•WS-X6416-GBIC 16-port Gigabit Ethernet GBIC Switching Module
•WS-X6408A-GBIC 8-port Gigabit Ethernet GBIC Switching Module
•WS-X6408-GBIC 8-port Gigabit Ethernet GBIC Switching Module
WS-X6848-SFP-2T, WS-X6748-SFP 48-Port Gigabit Ethernet SFP Switching Module
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
|
|
48-port Gigabit Ethernet SFP
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
|
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•dCEF720 with a DFC or CEF720 with a WS-F6700-CFC.
•QoS architecture: 2q8t/1p3q8t
•Dual switch-fabric connections
Fabric Channel #1: Ports 2, 4, 6, 8, 10, 12,
14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34,
36, 38, 40, 42, 44, 46, 48
Fabric Channel #2: Ports 1, 3, 5, 7, 9, 11,
13, 15, 17, 19, 21, 23, 25, 27, 29, 31, 33,
35, 37, 39, 41, 43, 45, 47
•Number of ports: 48
Number of port groups: 4
Port ranges per port group:
1, 3, 5, 7, 9, 11, 13, 15, 17, 19, 21, 23
2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24
25, 27, 29, 31, 33, 35, 37, 39, 41, 43, 45, 47
26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48
•On WS-X6848-SFP-2T and WS-X6748-SFP ports, STP BPDUs are not exempt from Traffic Storm Control multicast suppression. Do not configure multicast suppression on STP-protected WS-X6848-SFP-2T or WS-X6748-SFP ports that interconnect network devices.
•With Supervisor Engine 720-10GE or Supervisor Engine 720 in a 13-slot chassis, supported only in slots 9 through 13 and does not power up in other slots.
WS-X6824-SFP-2T, WS-X6724-SFP 24-Port Gigabit Ethernet SFP Switching Module
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
|
|
24-port Gigabit Mbps Ethernet SFP
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
|
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•dCEF720 with a DFC or CEF720 with a WS-F6700-CFC.
•QoS architecture: 2q8t/1p3q8t
•Number of ports: 24
Number of port groups: 2
Port ranges per port group: 1-12, 13-24
•On WS-X6824-SFP-2T and WS-X6724-SFP ports, STP BPDUs are not exempt from Traffic Storm Control multicast suppression. Do not configure multicast suppression on STP-protected WS-X6824-SFP-2T or WS-X6724-SFP ports that interconnect network devices.
WS-X6816-GBIC 16-port Gigabit Ethernet GBIC Switching Module
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-X6816-GBIC
|
16-port Gigabit Ethernet GBIC
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•dCEF256
•QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t
•Dual switch-fabric connections
Fabric Channel #1: Ports 1-8
Fabric Channel #2: Ports 9-16
•Number of ports: 16
Number of port groups: 2
Port ranges per port group: 1-8, 9-16
•WS-X6816-GBIC requires one of these:
–WS-F6K-DFC3BXL
–WS-F6K-DFC3B
•Requires DFC ROMMON version 12.2(18r)S1 or later. To display the switching module ROMMON version, enter the remote command module module_slot_number show version | include ROM command. To upgrade the switching module ROMMON, see this document:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/rommon/OL_6010.html
•In a 13-slot chassis, supported only in slots 9 through 13 and does not power up in other slots.
WS-X6516A-GBIC 16-Port Gigabit Ethernet GBIC Switching Module
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-X6516A-GBIC
|
16-port Gigabit Ethernet GBIC
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•dCEF256 with a DFC
•CEF256
•Supports egress multicast replication
•QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t
•Number of ports: 16
Number of port groups: 2
Port ranges per port group: 1-8, 9-16
•Requires DFC ROMMON version 12.2(18r)S1 or later. To display the switching module ROMMON version, enter the remote command module module_slot_number show version | include ROM command. To upgrade the switching module ROMMON, see this document:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/rommon/OL_6010.html
WS-X6516-GBIC 16-Port Gigabit Ethernet GBIC Switching Module
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-X6516-GBIC
|
16-port Gigabit Ethernet GBIC
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•dCEF256 with a DFC
•CEF256
•QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t
•Number of ports: 16
Number of port groups: 2
Port ranges per port group: 1-8, 9-16
•Requires DFC ROMMON version 12.2(18r)S1 or later. To display the switching module ROMMON version, enter the remote command module module_slot_number show version | include ROM command. To upgrade the switching module ROMMON, see this document:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/rommon/OL_6010.html
•Supervisor Engine 720 supports a DFC3 on these WS-X6516-GBIC hardware revisions:
–Lower than 5.0
–5.5 and higher
•Supervisor Engine 720 does not support a DFC3 on WS-X6516-GBIC hardware revisions 5.0 through 5.4. With a Supervisor Engine 720 and with a DFC3 installed, WS-X6516-GBIC hardware revisions 5.0 through 5.4 do not power up.
•With a Supervisor Engine 720 but without a DFC3, WS-X6516-GBIC hardware revisions 5.0 through 5.4 operate in bus mode.
•See external field notice 24494 for more information:
http://www.cisco.com/en/US/ts/fn/200/fn24494.html
WS-X6416-GBIC 16-port Gigabit Ethernet GBIC Switching Module
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-X6416-GBIC
|
16-port Gigabit Ethernet GBIC
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t
•Number of ports: 16
Number of port groups: 2
Port ranges per port group: 1-8, 9-16
WS-X6408A-GBIC 8-port Gigabit Ethernet GBIC Switching Module
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-X6408A-GBIC
|
8-port Gigabit Ethernet GBIC
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t
•Number of ports: 8
Number of port groups: 1
Port ranges per port group: 1-8
WS-X6408-GBIC 8-port Gigabit Ethernet GBIC Switching Module
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-X6408-GBIC
|
8-port Gigabit Ethernet GBIC
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•QoS port architecture (Rx/Tx): 1q4t/2q2t
•Number of ports: 8
Number of port groups: 1
Port ranges per port group: 1-8
10/100/1000 Ethernet Switching Modules
These sections descibe the supported 10/100/1000 Ethernet switching modules:
•WS-X6848-TX-2T, WS-X6748-GE-TX
•WS-X6548-GE-TX, WS-X6548V-GE-TX, WS-X6548-GE-45AF
•WS-X6148E-GE-45AT
•WS-X6148A-GE-TX, WS-X6148A-GE-45AF
•WS-X6148-GE-TX, WS-X6148V-GE-TX, WS-X6148-GE-45AF
•WS-X6516-GE-TX
WS-X6848-TX-2T, WS-X6748-GE-TX
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
|
WS-X6748-GE-TX
|
48-port 10/100/1000 RJ-45
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
WS-X6748-GE-TX
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•dCEF720 with a DFC or CEF720 with a WS-F6700-CFC.
•WS-X6704-10GE requires one of the following:
–With Supervisor Engine 2T-10GE:
· WS-F6K-DFC4-AXL
· WS-F6K-DFC4-A
–With Supervisor Engine 720 or Supervisor Engine 720-10GE:
· WS-F6700-DFC3CXL
· WS-F6700-DFC3C
· WS-F6700-DFC3BXL (not supported in virtual switch mode)
· WS-F6700-DFC3B (not supported in virtual switch mode)
–With any supervisor engine, WS-F6700-CFC
•QoS architecture: 2q8t/1p3q8t
•Dual switch-fabric connections
Fabric Channel #1: Ports 25-48
Fabric Channel #2: Ports 1-24
•Number of ports: 48
Number of port groups: 4
Port ranges per port group: 1-12, 13-24, 25-36, 37-48
•On WS-X6848-TX-2T and WS-X6748-GE-TX ports, STP BPDUs are not exempt from Traffic Storm Control multicast suppression. Do not configure multicast suppression on STP-protected WS-X6848-TX-2T or WS-X6748-GE-TX ports that interconnect network devices.
•With Supervisor Engine 720-10GE or Supervisor Engine 720 in a 13-slot chassis, WS-X6748-GE-TX is supported only in slots 9 through 13 and does not power up in other slots.
WS-X6548-GE-TX, WS-X6548V-GE-TX, WS-X6548-GE-45AF
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-X6548-GE-TX
WS-X6548V-GE-TX
WS-X6548-GE-45AF
|
48-port 10/100/1000 Mbps
Note Not supported with Supervisor Engine 2T.
|
|
|
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•Supports more than 1 Gbps of traffic per EtherChannel on the WS-X6548-GE-TX (and voice-power daughtercard equipped) switching modules.
•WS-X6548-GE-TX (and voice-power daughtercard equipped) switching modules do not support these features:
–Jumbo frames
–802.1Q tunneling
–Traffic storm control
•RJ-45
•CEF256
•WS-X6548-GE-TX supports:
–WS-F6K-VPWR-GE
–WS-F6K-GE48-AF
–WS-F6K-48-AF
•WS-X6548V-GE-TX has WS-F6K-VPWR-GE
•WS-X6548-GE-45AF has WS-F6K-GE48-AF or WS-F6K-48-AF
•With WS-F6K-GE48-AF, supports up to 45 ports of ePoE (16.8W).
•QoS port architecture (Rx/Tx): 1q2t/1p2q2t
•Number of ports: 48
Number of port groups: 2
Port ranges per port group: 1-24, 25-48
•The aggregate bandwidth of each set of 8 ports (1-8, 9-16, 17-24, 25-32, 33-40, and 41-48) is 1 Gbps.
WS-X6148E-GE-45AT
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
WS-X6148E-GE-45AT
|
48-port 10/100/1000 Mbps
|
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
With Supervisor Engine 2T-10GE in VSS mode
|
15.1(1)SY
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•RJ-45
•WS-X6148E-GE-45AT supports up to 45 ports of ePoE (16.8W).
•QoS port architecture (Rx/Tx): 1q2t/1p3q8t
•Number of ports: 48
Number of port groups: 6
Port ranges per port group: 1-8, 9-16, 17-24, 25-32, 33-40, 41-48
•The aggregate bandwidth of each set of 8 ports (1-8, 9-16, 17-24, 25-32, 33-40, and 41-48) is 1 Gbps.
•WS-X6148E-GE-45AT does not support traffic storm control
WS-X6148A-GE-TX, WS-X6148A-GE-45AF
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
WS-X6148A-GE-TX
WS-X6148A-GE-45AF
|
48-port 10/100/1000 Mbps
|
|
|
With Supervisor Engine 2T-10GE (not supported in VSS mode)
|
15.0(1)SY
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•RJ-45
•WS-X6148A-GE-TX supports WS-F6K-GE48-AF or WS-F6K-48-AF
•WS-X6148A-GE-45AF has WS-F6K-GE48-AF or WS-F6K-48-AF
•With WS-F6K-GE48-AF, supports up to 45 ports of ePoE (16.8W).
•QoS port architecture (Rx/Tx): 1q2t/1p3q8t
•Number of ports: 48
Number of port groups: 6
Port ranges per port group: 1-8, 9-16, 17-24, 25-32, 33-40, 41-48
•The aggregate bandwidth of each port group is 1 Gbps.
•Does not support traffic storm control.
WS-X6148-GE-TX, WS-X6148V-GE-TX, WS-X6148-GE-45AF
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-X6148-GE-TX
WS-X6148V-GE-TX
WS-X6148-GE-45AF
|
48-port 10/100/1000 Mbps
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•RJ-45
•WS-X6148-GE-TX supports:
–WS-F6K-VPWR-GE
–WS-F6K-GE48-AF
–WS-F6K-48-AF
•WS-X6148V-GE-TX has WS-F6K-VPWR-GE
•WS-X6148-GE-45AF has WS-F6K-GE48-AF or WS-F6K-48-AF
•With WS-F6K-GE48-AF, supports up to 45 ports of ePoE (16.8W).
•QoS port architecture (Rx/Tx): 1q2t/1p2q2t
•Number of ports: 48
Number of port groups: 2
Port ranges per port group: 1-24, 25-48
•The aggregate bandwidth of each port group is 1 Gbps.
•WS-X6148-GE-TX, WS-X6148V-GE-TX, and WS-X6148-GE-45AF do not support these features:
–More than 1 Gbps of traffic per EtherChannel
–Jumbo frames
–802.1Q tunneling
–Traffic storm control
WS-X6516-GE-TX
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-X6516-GE-TX
|
16-port 10/100/1000BASE-T
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•dCEF256 with a DFC
•CEF256
•QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t
•Number of ports: 16
Number of port groups: 2
Port ranges per port group: 1-8, 9-16
100MB Ethernet Switching Modules
•WS-X6148-FE-SFP
•WS-X6524-100FX-MM
•WS-X6324-100FX-MM
WS-X6148-FE-SFP
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
WS-X6148-FE-SFP
|
48-port 100BASE-FX
|
|
With Supervisor Engine 2T-10GE (not supported in VSS mode)
|
15.0(1)SY
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•Requires Fast Ethernet SFPs
•QoS port architecture (Rx/Tx): 1p1q4t/1p3q8t
•Number of ports: 48
Number of port groups: 3
Port ranges per port group: 1-16, 17-32, and 33-48
•Does not support traffic storm control.
WS-X6524-100FX-MM
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-X6524-100FX-MM
|
24-port 100FX Ethernet multimode
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•dCEF256 with a DFC
•CEF256
•QoS port architecture (Rx/Tx): 1p1q0t/1p3q1t
•Number of ports: 24
Number of port groups: 1
Port ranges per port group: 1-24
WS-X6324-100FX-MM
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-X6324-100FX-MM
|
24-port 100FX Ethernet
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•Single mode and multimode MT-RJ
•128-KB per-port packet buffers
•QoS port architecture (Rx/Tx): 1q4t/2q2t
•Number of ports: 24
Number of port groups: 2
Port ranges per port group: 1-12, 13-24
10/100MB Ethernet Switching Modules
•WS-X6548-RJ-45
•WS-X6548-RJ-21
•WS-X6148X2-RJ-45, WS-X6148X2-45AF
•WS-X6196-RJ-21, WS-X6196-21AF
•WS-X6348-RJ-45, WS-X6348-RJ-45V
•WS-X6348-RJ-21V
•WS-X6148A-RJ-45, WS-X6148A-45AF
•WS-X6148-RJ-45, WS-X6148-RJ45V, WS-X6148-45AF
•WS-X6148-RJ-21, WS-X6148-RJ21V, WS-X6148-21AF
WS-X6548-RJ-45
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-X6548-RJ-45
|
48-port 10/100TX RJ-45
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•dCEF256 with a DFC or CEF256
•QoS port architecture (Rx/Tx): 1p1q0t/1p3q1t
•Number of ports: 48
Number of port groups: 1
Port ranges per port group: 1-48
WS-X6548-RJ-21
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-X6548-RJ-21
|
48-port 10/100TX RJ-21
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•dCEF256 with a DFC or CEF256
•QoS port architecture (Rx/Tx): 1p1q0t/1p3q1t
•Number of ports: 48
Number of port groups: 1
Port ranges per port group: 1-48
WS-X6148X2-RJ-45, WS-X6148X2-45AF
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-X6148X2-RJ-45
WS-X6148X2-45AF
|
96-port 10/100TX RJ-45
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•QoS port architecture (Rx/Tx): 1p1q0t/1p3q1t
•WS-X6148X2-RJ-45 supports WS-F6K-FE48X2-AF
•WS-X6148X2-45AF has WS-F6K-FE48X2-AF
WS-X6196-RJ-21, WS-X6196-21AF
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-X6196-RJ-21
WS-X6196-21AF
|
96-port 10/100TX RJ-21
|
With Supervisor Engine 2T-10GE (not supported in VSS mode)
|
15.0(1)SY1
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•Upgrade to Release15.0(1)SY1 or later before installing WS-X6196-21AF (see the "EFSU Compatibility" section).
•QoS port architecture (Rx/Tx): 1p1q0t/1p3q1t
•WS-X6196-RJ-21 supports WS-F6K-FE48X2-AF
•WS-X6196-21AF has WS-F6K-FE48X2-AF
WS-X6348-RJ-45, WS-X6348-RJ-45V
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-X6348-RJ-45
WS-X6348-RJ-45V
|
48-port 10/100TX RJ-45
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•Not supported in VSS mode.
•QoS port architecture (Rx/Tx): 1q4t/2q2t
•WS-X6348-RJ-45 supports WS-F6K-VPWR
•WS-X6348-RJ-45V has WS-F6K-VPWR
•Number of ports: 48
Number of port groups: 4
Port ranges per port group: 1-12, 13-24, 25-36, 37-48
WS-X6348-RJ-21V
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-X6348-RJ-21V
|
48-port 10/100TX RJ-21
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•Not supported in VSS mode.
•QoS port architecture (Rx/Tx): 1q4t/2q2t
•Has WS-F6K-VPWR
•Number of ports: 48
Number of port groups: 4
Port ranges per port group: 1-12, 13-24, 25-36, 37-48
WS-X6148A-RJ-45, WS-X6148A-45AF
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
WS-X6148A-RJ-45
WS-X6148A-45AF
|
48-port 10/100TX RJ-45
|
|
|
With Supervisor Engine 2T-10GE (not supported in VSS mode)
|
15.0(1)SY
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•QoS port architecture (Rx/Tx): 1p1q4t/1p3q8t
•WS-X6148A-RJ-45 supports WS-F6K-GE48-AF or WS-F6K-48-AF
•WS-X6148A-45AF has WS-F6K-GE48-AF or WS-F6K-48-AF
•Number of ports: 48
Number of port groups: 6
Port ranges per port group: 1-8, 9-16, 17-24, 25-32, 33-40, 41-48
WS-X6148-RJ-45, WS-X6148-RJ45V, WS-X6148-45AF
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-X6148-RJ-45
WS-X6148-RJ45V
WS-X6148-45AF
|
48-port 10/100TX RJ-45
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•QoS port architecture (Rx/Tx): 1q4t/2q2t
•WS-X6148-RJ-45 supports WS-F6K-VPWR
•WS-X6148-RJ-45V has WS-F6K-VPWR
•WS-X6148-45AF has WS-F6K-48-AF
•Number of ports: 48
Number of port groups: 4
Port ranges per port group: 1-12, 13-24, 25-36, 37-48
WS-X6148-RJ-21, WS-X6148-RJ21V, WS-X6148-21AF
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-X6148-RJ-21
WS-X6148-RJ21V
WS-X6148-21AF
|
48-port 10/100TX RJ-21
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•QoS port architecture (Rx/Tx): 1q4t/2q2t
•WS-X6148-RJ-21 supports WS-F6K-VPWR
•WS-X6148-RJ-21V has WS-F6K-VPWR
•WS-X6148-21AF has WS-F6K-48-AF
•Number of ports: 48
Number of port groups: 4
Port ranges per port group: 1-12, 13-24, 25-36, 37-48
Power over Ethernet Daughtercards
•WS-F6K-FE48X2-AF
•WS-F6K-GE48-AF, WS-F6K-48-AF
•WS-F6K-VPWR-GE
•WS-F6K-VPWR
WS-F6K-GE48-AF, WS-F6K-48-AF
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-F6K-GE48-AF
WS-F6K-48-AF
|
IEEE 802.3af PoE daughtercard for:
•WS-X6548-GE-TX
•WS-X6148-GE-TX
•WS-X6148A-GE-TX
•WS-X6148A-RJ-45
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•WS-F6K-GE48-AF and WS-F6K-48-AF are not FRUs for these switching modules:
–WS-X6148-RJ-45 or WS-X6148-RJ-45V (replace with WS-X6148-45AF-UG=).
–WS-X6148-RJ-21 or WS-X6148-RJ-21V (replace with WS-X6148-21AF-UG=).
•With WS-X6548-GE-TX, WS-X6148-GE-TX, and WS-X6148A-GE-TX, supports up to 45 ports of ePoE (16.8W).
WS-F6K-FE48X2-AF
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-F6K-FE48X2-AF
|
IEEE 802.3af PoE daughtercard for WS-X6148X2-RJ-45 and WS-X6196-RJ-21
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
WS-F6K-VPWR-GE
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-F6K-VPWR-GE
|
Prestandard PoE daughtercard for WS-X6548-GE-TX and WS-X6148-GE-TX
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
WS-F6K-VPWR
Transceivers
•CFP Modules
•X2 Modules
•10 GE SFP+ Modules
•XENPAKs
•Small Form-Factor Pluggable (SFP) Modules
•Gigabit Interface Converters (GBICs)
CFP Modules
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
CFP-40G-LR4
|
40GBASE-LR4
|
15.0(1)SY1
|
CFP-40G-SR4
|
40GBASE-SR4
|
15.0(1)SY1
|
CVR-CFP-4SFP10G
|
FourX coverter to convert each 40GE port into 4 10GE SFP+ ports
|
15.0(1)SY1
|
X2 Modules
Note•WS-X6716-10G and WS-X6708-10GE do not support X2 modules that are labeled with a number that ends with -01. (This restriction does not apply to X2-10GB-LRM.)
•All X2 modules shipped since WS-X6716-10G became available provide EMI compliance with WS-X6816-10G and WS-X6716-10G.
•Some X2 modules shipped before WS-X6716-10G became available might not provide EMI compliance with WS-X6816-10G and WS-X6716-10G. See the information listed for each type of X2 module in the following table.
•For information about X2 modules, see the Cisco 10GBASE X2 Modules data sheet:
http://www.cisco.com/en/US/prod/collateral/modules/ps5455/ps6574/product_data_sheet0900aecd801f92aa.html
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
CVR-X2-SFP10G
|
10G X2 to SFP+ Converter
|
15.0(1)SY
|
DWDM-X2-60.61=
|
10GBASE-DWDM 1560.61 nm X2 (100-GHz ITU grid)
|
ITU 21
|
15.0(1)SY
|
DWDM-X2-59.79=
|
10GBASE-DWDM 1559.79 nm X2 (100-GHz ITU grid)
|
ITU 22
|
15.0(1)SY
|
DWDM-X2-58.98=
|
10GBASE-DWDM 1558.98 nm X2 (100-GHz ITU grid)
|
ITU 23
|
15.0(1)SY
|
DWDM-X2-58.17=
|
10GBASE-DWDM 1558.17 nm X2 (100-GHz ITU grid)
|
ITU 24
|
15.0(1)SY
|
DWDM-X2-56.55=
|
10GBASE-DWDM 1556.55 nm X2 (100-GHz ITU grid)
|
ITU 26
|
15.0(1)SY
|
DWDM-X2-55.75=
|
10GBASE-DWDM 1555.75 nm X2 (100-GHz ITU grid)
|
ITU 27
|
15.0(1)SY
|
DWDM-X2-54.94=
|
10GBASE-DWDM 1554.94 nm X2 (100-GHz ITU grid)
|
ITU 28
|
15.0(1)SY
|
DWDM-X2-54.13=
|
10GBASE-DWDM 1554.13 nm X2 (100-GHz ITU grid)
|
ITU 29
|
15.0(1)SY
|
DWDM-X2-52.52=
|
10GBASE-DWDM 1552.52 nm X2 (100-GHz ITU grid)
|
ITU 31
|
15.0(1)SY
|
DWDM-X2-51.72=
|
10GBASE-DWDM 1551.72 nm X2 (100-GHz ITU grid)
|
ITU 32
|
15.0(1)SY
|
DWDM-X2-50.92=
|
10GBASE-DWDM 1550.92 nm X2 (100-GHz ITU grid)
|
ITU 33
|
15.0(1)SY
|
DWDM-X2-50.12=
|
10GBASE-DWDM 1550.12 nm X2 (100-GHz ITU grid)
|
ITU 34
|
15.0(1)SY
|
DWDM-X2-48.51=
|
10GBASE-DWDM 1548.51 nm X2 (100-GHz ITU grid)
|
ITU 36
|
15.0(1)SY
|
DWDM-X2-47.72=
|
10GBASE-DWDM 1547.72 nm X2 (100-GHz ITU grid)
|
ITU 37
|
15.0(1)SY
|
DWDM-X2-46.92=
|
10GBASE-DWDM 1546.92 nm X2 (100-GHz ITU grid)
|
ITU 38
|
15.0(1)SY
|
DWDM-X2-46.12=
|
10GBASE-DWDM 1546.12 nm X2 (100-GHz ITU grid)
|
ITU 39
|
15.0(1)SY
|
DWDM-X2-44.53=
|
10GBASE-DWDM 1544.53 nm X2 (100-GHz ITU grid)
|
ITU 41
|
15.0(1)SY
|
DWDM-X2-43.73=
|
10GBASE-DWDM 1543.73 nm X2 (100-GHz ITU grid)
|
ITU 42
|
15.0(1)SY
|
DWDM-X2-42.94=
|
10GBASE-DWDM 1542.94 nm X2 (100-GHz ITU grid)
|
ITU 43
|
15.0(1)SY
|
DWDM-X2-42.14=
|
10GBASE-DWDM 1542.14 nm X2 (100-GHz ITU grid)
|
ITU 44
|
15.0(1)SY
|
DWDM-X2-40.56=
|
10GBASE-DWDM 1540.56 nm X2 (100-GHz ITU grid)
|
ITU 46
|
15.0(1)SY
|
DWDM-X2-39.77=
|
10GBASE-DWDM 1539.77 nm X2 (100-GHz ITU grid)
|
ITU 47
|
15.0(1)SY
|
DWDM-X2-38.98=
|
10GBASE-DWDM 1538.98 nm X2 (100-GHz ITU grid)
|
ITU 48
|
15.0(1)SY
|
DWDM-X2-38.19=
|
10GBASE-DWDM 1538.19 nm X2 (100-GHz ITU grid)
|
ITU 49
|
15.0(1)SY
|
DWDM-X2-36.61=
|
10GBASE-DWDM 1536.61 nm X2 (100-GHz ITU grid)
|
ITU 51
|
15.0(1)SY
|
DWDM-X2-35.82=
|
10GBASE-DWDM 1535.82 nm X2 (100-GHz ITU grid)
|
ITU 52
|
15.0(1)SY
|
DWDM-X2-35.04=
|
10GBASE-DWDM 1535.04 nm X2 (100-GHz ITU grid)
|
ITU 53
|
15.0(1)SY
|
DWDM-X2-34.25=
|
10GBASE-DWDM 1534.25 nm X2 (100-GHz ITU grid)
|
ITU 54
|
15.0(1)SY
|
DWDM-X2-32.68=
|
10GBASE-DWDM 1532.68 nm X2 (100-GHz ITU grid)
|
ITU 56
|
15.0(1)SY
|
DWDM-X2-31.90=
|
10GBASE-DWDM 1531.90 nm X2 (100-GHz ITU grid)
|
ITU 57
|
15.0(1)SY
|
DWDM-X2-31.12=
|
10GBASE-DWDM 1531.12 nm X2 (100-GHz ITU grid)
|
ITU 58
|
15.0(1)SY
|
DWDM-X2-30.33=
|
10GBASE-DWDM 1530.33 nm X2 (100-GHz ITU grid)
|
ITU 59
|
15.0(1)SY
|
|
X2-10GB-T
|
10GBASE-T X2 Module for CAT6A/CAT7 copper cable
|
15.1(1)SY
|
X2-10GB-ZR
|
10GBASE-ZR X2 Module for SMF
|
15.0(1)SY
|
X2-10GB-CX4
|
10GBASE for CX4 (copper) cable
|
15.0(1)SY
|
X2-10GB-ER
|
10GBASE-ER Serial 1550-nm extended-reach, single-mode fiber (SMF), dispersion-shifted fiber (DSF)
Note X2-10GB-ER modules labeled with a number that ends with -02 do not provide EMI compliance with WS-X6716-10G.
|
15.0(1)SY
|
X2-10GB-LR
|
10GBASE-LR Serial 1310-nm long-reach, single-mode fiber (SMF), dispersion-shifted fiber (DSF)
Note X2-10GB-LR modules labeled with a number that ends with -02 or -03 do not provide EMI compliance with WS-X6716-10G.
|
15.0(1)SY
|
X2-10GB-LRM
|
10GBASE-LRM for FDDI-grade multimode fiber (MMF)
Note Not supported by the show idprom command. (CSCsj35671)
|
15.0(1)SY
|
X2-10GB-LX4
|
10GBASE-LX4 Serial 1310-nm multimode (MMF)
Note
•See field notice 62840 for information about unsupported 10GBASE-LX4 modules:
http://www.cisco.com/en/US/ts/fn/misc/FN62840.html
•X2-10GB-LX4 modules labeled with a number that ends with -01 to -03 do not provide EMI compliance with WS-X6716-10G.
|
15.0(1)SY
|
X2-10GB-SR
|
10GBASE-SR Serial 850-nm short-reach multimode (MMF)
|
15.0(1)SY
|
10 GE SFP+ Modules
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
SFP-10G-LR
|
10GBASE-LR for 1310 nm SMF
|
15.0(1)SY1
|
SFP-10G-ER
|
10GBASE-ER for 1550 nm SMF
|
15.0(1)SY1
|
SFP-10G-LRM
|
10GBASE-LRM 1310 nm MMF and SMF
|
15.0(1)SY
|
SFP-10G-SR
|
10GBASE-SR 850 nm MMF
|
15.0(1)SY
|
SFP-H10GB-CU1M
|
1m Twinax cable, passive, 30AWG cable assembly
|
15.0(1)SY
|
SFP-H10GB-CU3M
|
3m Twinax cable, passive, 30AWG cable assembly
|
15.0(1)SY
|
SFP-H10GB-CU5M
|
5m Twinax cable, passive, 24AWG cable assembly
|
15.0(1)SY
|
XENPAKs
Note•For information about DWDM XENPAKs, see the Cisco 10GBase DWDM XENPAK Modules data sheet:
http://www.cisco.com/en/US/prod/collateral/modules/ps5455/ps6576/product_data_sheet0900aecd801f9333.html
•For information about other XENPAKs, see the Cisco 10GBASE XENPAK Modules data sheet:
http://www.cisco.com/en/US/prod/collateral/modules/ps2797/ps5138/product_data_sheet09186a008007cd00_ps5251_Products_Data_Sheet.html
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
XENPAK-10GB-LRM
|
10GBASE-LRM XENPAK Module for MMF
Note Not supported by the show idprom command. (CSCsl21260)
|
15.0(1)SY
|
DWDM-XENPAK
|
10GBASE dense wavelength-division multiplexing (DWDM) 100-GHz ITU grid
|
15.0(1)SY
|
WDM-XENPAK-REC
|
10GBASE receive-only wavelength division multiplexing (WDM)
|
15.0(1)SY
|
XENPAK-10GB-CX4
|
10GBASE for CX4 (copper) cable; uses Infiniband connectors
|
15.0(1)SY
|
XENPAK-10GB-ER
|
10GBASE-ER Serial 1550-nm extended-reach, single-mode fiber (SMF), dispersion-shifted fiber (DSF)
Note XENPAK-10GB-ER units with Part No. 800-24557-01 are not supported, as described in this external field notice (CSCee47030):
http://www.cisco.com/en/US/ts/fn/200/fn29736.html
|
15.0(1)SY
|
XENPAK-10GB-ER+
|
10GBASE-ER Serial 1550-nm extended-reach, single-mode fiber (SMF), dispersion-shifted fiber (DSF)
|
15.0(1)SY
|
XENPAK-10GB-LR
|
10GBASE-LR Serial 1310-nm long-reach, single-mode fiber (SMF), dispersion-shifted fiber (DSF)
|
15.0(1)SY
|
XENPAK-10GB-LR+
|
10GBASE-LR Serial 1310-nm long-reach, single-mode fiber (SMF), dispersion-shifted fiber (DSF)
|
15.0(1)SY
|
XENPAK-10GB-LW
|
10GBASE-LW XENPAK Module with WAN PHY for SMF
Note XENPAK-10GB-LW operates at an interface speed compatible with SONET/SDH OC-192/STM-64. XENPAK-10GB-LW links might go up and down if the data rate exceeds 9Gbs. (CSCsi58211)
|
15.0(1)SY
|
XENPAK-10GB-LX4
|
10GBASE-LX4 Serial 1310-nm multimode (MMF)
|
15.0(1)SY
|
XENPAK-10GB-SR
|
10GBASE-SR Serial 850-nm short-reach multimode (MMF)
|
15.0(1)SY
|
XENPAK-10GB-ZR
|
10GBASE for any SMF type
|
15.0(1)SY
|
Small Form-Factor Pluggable (SFP) Modules
•Gigabit Ethernet SFPs
•Fast Ethernet SFPs
Gigabit Ethernet SFPs
Note•For information about coarse wavelength-division multiplexing (CWDM) SFPs, see the Cisco CWDM GBIC and SFP Solutions data sheet:
http://www.cisco.com/en/US/prod/collateral/modules/ps5455/ps6575/product_data_sheet09186a00801a557c_ps4999_Products_Data_Sheet.html
•For information about DWDM SFPs, see the Cisco CWDM GBIC and SFP Solutions data sheet:
http://www.cisco.com/en/US/prod/collateral/modules/ps5455/ps6576/product_data_sheet0900aecd80582763.html
•See the "Unsupported Hardware" section for information about unsupported DWDM-SFPs.
•For information about other SFPs, see the Cisco SFP Optics For Gigabit Ethernet Applications data sheet:
http://www.cisco.com/en/US/prod/collateral/modules/ps5455/ps6577/product_data_sheet0900aecd8033f885.html
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
GLC-BX-D
|
1000BASE-BX10 SFP module for single-strand SMF, 1490-nm TX/1310-nm RX wavelength
|
15.0(1)SY
|
GLC-BX-U
|
1000BASE-BX10 SFP module for single-strand SMF, 1310-nm TX/1490-nm RX wavelength
|
15.0(1)SY
|
GLC-LH-SMD
GLC-LH-SM
|
1000BASE-LX/LH SFP
Note Supported with WS-X6904-40G-2T in Release 15.1(1)SY1 and later releases.
|
15.0(1)SY
|
GLC-SX-MMD
GLC-SX-MM
|
1000BASE-SX SFP
Note Supported with WS-X6904-40G-2T in Release 15.1(1)SY1 and later releases.
|
15.0(1)SY
|
GLC-T
|
1000BASE-T 10/100/1000 SFP module
Note
•Supported only at 1000 Mbps.
•Supported with WS-X6904-40G-2T in Release 15.1(1)SY1 and later releases.
|
15.0(1)SY
|
GLC-ZX-SM
|
1000BASE-ZX SFP module
|
15.0(1)SY
|
CWDM-SFP-1470
|
CWDM 1470-nm (Gray) Gigabit Ethernet, 1 and 2 Gb Fibre Channel SFP module
|
15.0(1)SY
|
CWDM-SFP-1490
|
CWDM 1490-nm (Violet) Gigabit Ethernet, 1 and 2 Gb Fibre Channel SFP module
|
15.0(1)SY
|
CWDM-SFP-1510
|
CWDM 1510-nm (Blue) Gigabit Ethernet, 1 and 2 Gb Fibre Channel SFP module
|
15.0(1)SY
|
CWDM-SFP-1530
|
CWDM 1530-nm (Green) Gigabit Ethernet, 1 and 2 Gb Fibre Channel SFP module
|
15.0(1)SY
|
CWDM-SFP-1550
|
CWDM 1550-nm (Yellow) Gigabit Ethernet, 1 and 2 Gb Fibre Channel SFP module
|
15.0(1)SY
|
CWDM-SFP-1570
|
CWDM 1570-nm (Orange) Gigabit Ethernet, 1 and 2 Gb Fibre Channel SFP module
|
15.0(1)SY
|
CWDM-SFP-1590
|
CWDM 1590-nm (Red) Gigabit Ethernet, 1 and 2 Gb Fibre Channel SFP module
|
15.0(1)SY
|
CWDM-SFP-1610
|
CWDM 1610-nm (Brown) Gigabit Ethernet, 1 and 2 Gb Fibre Channel SFP module
|
15.0(1)SY
|
DWDM-SFP-5817
|
1000BASE-DWDM 1558.17 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-5252
|
1000BASE-DWDM 1552.52 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-5172
|
1000BASE-DWDM 1551.72 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-5012
|
1000BASE-DWDM 1550.12 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-4692
|
1000BASE-DWDM 1546.92 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-4373
|
1000BASE-DWDM 1543.73 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-4214
|
1000BASE-DWDM 1542.14 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-3977
|
1000BASE-DWDM 1539.77 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-3898
|
1000BASE-DWDM 1538.98 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-3582
|
1000BASE-DWDM 1535.82 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-3504
|
1000BASE-DWDM 1535.04 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-6061
|
1000BASE-DWDM 1560.61 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-5979
|
1000BASE-DWDM 1559.79 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-5898
|
1000BASE-DWDM 1558.98 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-5655
|
1000BASE-DWDM 1556.55 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-5575
|
1000BASE-DWDM 1555.75 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-5494
|
1000BASE-DWDM 1554.94 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-5413
|
1000BASE-DWDM 1554.13 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-5092
|
1000BASE-DWDM 1550.92 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-4851
|
1000BASE-DWDM 1548.51 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-4772
|
1000BASE-DWDM 1547.72 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-4612
|
1000BASE-DWDM 1546.12 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-4453
|
1000BASE-DWDM 1544.53 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-4294
|
1000BASE-DWDM 1542.94 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-4056
|
1000BASE-DWDM 1540.56 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-3819
|
1000BASE-DWDM 1538.19 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-3661
|
1000BASE-DWDM 1536.61 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-3425
|
1000BASE-DWDM 1534.25 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-3268
|
1000BASE-DWDM 1532.68 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-3190
|
1000BASE-DWDM 1531.90 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-3112
|
1000BASE-DWDM 1531.12 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
DWDM-SFP-3033
|
1000BASE-DWDM 1530.33 nm SFP (100-GHz ITU grid) SFP module
|
15.0(1)SY
|
Fast Ethernet SFPs
Note•The CAT6000-VS-S720-10G/MSFC3 and WS-X6148-FE-SFP supports Fast Ethernet SFPs.
•For information about Fast Ethernet SFPs, see the Cisco 100BASE-X SFP For Fast Ethernet SFP Ports data sheet:
http://www.cisco.com/en/US/prod/collateral/modules/ps5455/ps6578/product_data_sheet0900aecd801f931c.html
•GLC-GE-100FX Fast Ethernet SFPs are not supported.
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
GLC-FE-100BX-U
|
100BASE-BX10-U SFP
|
15.0(1)SY
|
GLC-FE-100BX-D
|
100BASE-BX10-D SFP
|
GLC-FE-100EX
|
100BASEEX SFP
|
GLC-FE-100ZX
|
100BASEZX SFP
|
GLC-FE-100FX
|
100BASEFX SFP
|
GLC-FE-100LX
|
100BASELX SFP
|
Gigabit Interface Converters (GBICs)
Note The support listed in this section applies to all modules that use GBICs.
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WDM-GBIC-REC
|
Receive-only wavelength division multiplexing (WDM) GBIC
|
15.0(1)SY
|
DWDM-GBIC
|
Dense wavelength division multiplexing (DWDM) GBIC
|
15.0(1)SY
|
CWDM-GBIC-1470
|
Cisco 1000BASE-CWDM GBIC, 1470 nm (Gray)
|
15.0(1)SY
|
CWDM-GBIC-1490
|
Cisco 1000BASE-CWDM GBIC, 1490 nm (Violet)
|
15.0(1)SY
|
CWDM-GBIC-1510
|
Cisco 1000BASE-CWDM GBIC, 1510 nm (Blue)
|
15.0(1)SY
|
CWDM-GBIC-1530
|
Cisco 1000BASE-CWDM GBIC, 1530 nm (Green)
|
15.0(1)SY
|
CWDM-GBIC-1550
|
Cisco 1000BASE-CWDM GBIC, 1550 nm (Yellow)
|
15.0(1)SY
|
CWDM-GBIC-1570
|
Cisco 1000BASE-CWDM GBIC, 1570 nm (Orange)
|
15.0(1)SY
|
CWDM-GBIC-1590
|
Cisco 1000BASE-CWDM GBIC, 1590 nm (Red)
|
15.0(1)SY
|
CWDM-GBIC-1610
|
Cisco 1000BASE-CWDM GBIC, 1610 nm (Brown)
|
15.0(1)SY
|
WS-G5483
|
1000BASET GBIC
|
15.0(1)SY
|
WS-G5484
|
Short wavelength, 1000BASE-SX
|
15.0(1)SY
|
WS-G5486
|
Long wavelength/long haul, 1000BASE-LX/LH
|
15.0(1)SY
|
WS-G5487
|
Extended distance, 1000BASE-ZX
|
15.0(1)SY
|
Service Modules
Note•For service modules that run their own software, see the service module software release notes for information about the minimum required service module software version.
•With SPAN configured to include a port-channel interface to support a service module, be aware of CSCth03423 and CSCsx46323.
•EtherChannel configuration can impact some service modules. In particular, distributed EtherChannels (DECs) can interfere with service module traffic. See this field notice for more information:
http://www.cisco.com/en/US/ts/fn/610/fn61935.html
•Application Control Engine (ACE) Module
•ASA Services Module
•Firewall Services Module (FWSM)
•Intrusion Detection System Modules (IDSMs)
•Network Analysis Modules (NAMs)
•Wireless Services Modules (WiSMs)
Application Control Engine (ACE) Module
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
ACE30-MOD-K9
|
Application Control Engine (ACE) module
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•ACE modules run their own software—See these publications:
http://www.cisco.com/en/US/products/ps6906/tsd_products_support_model_home.html
See the ACE module software release notes for information about the minimum required service module software version.
|
ASA Services Module
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-SVC-ASA-SM1-K9
|
ASA Services Module
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY1
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•Upgrade to Release 15.0(1)SY1 or later before installing WS-SVC-ASA-SM1-K9 (see the "EFSU Compatibility" section).
•ASA modules run their own software—See these publications:
http://www.cisco.com/en/US/products/ps11621/tsd_products_support_model_home.html
See the ACE module software release notes for information about the minimum required service module software version.
|
Firewall Services Module (FWSM)
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
WS-SVC-FWM-1-K9
|
Firewall Services Module
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•With Firewall Services Module Software Release 2.3(1) and later releases, WS-SVC-FWM-1-K9 maintains state when an NSF with SSO redundancy mode switchover occurs.
•WS-SVC-FWM-1-K9 runs its own software—See these publications:
http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/tsd_products_support_model_home.html
See the WS-SVC-FWM-1-K9 software release notes for information about the minimum required WS-SVC-FWM-1-K9 software version.
|
Intrusion Detection System Modules (IDSMs)
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-SVC-IDSM2-K9
|
Intrusion Detection System Module 2; CEF256
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE (not supported in VSS mode)
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
•The IDSM runs its own software—See these publications:
http://www.cisco.com/en/US/products/hw/modules/ps2706/ps5058/tsd_products_support_model_home.html
See the IDSM software release notes for information about the minimum required IDSM software version.
|
Network Analysis Modules (NAMs)
Wireless Services Modules (WiSMs)
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Versions
|
WS-SVC-WISM2-1-K9
WS-SVC-WISM2-3-K9
WS-SVC-WISM2-5-K9
|
Wireless Services Module 2 (WiSM2)
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
WS-SVC-WISM-1-K9
|
Wireless Services Module (WiSM)
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
Wireless services modules run their own software—See these publications:
http://www.cisco.com/en/US/products/ps6526/tsd_products_support_model_home.html
See the wireless services modules software release notes for information about the minimum required wireless services module software version.
|
Power Supplies
•WS-C6503-E Power Supplies
•WS-C6504-E Power Supplies
•All Other Power Supplies
WS-C6503-E Power Supplies
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
PWR-1400-AC
|
1,400 W AC power supply
|
15.0(1)SY
|
PWR-950-AC
|
950 W AC power supply
|
15.0(1)SY
|
PWR-950-DC
|
950 W DC power supply
|
15.0(1)SY
|
WS-C6504-E Power Supplies
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
PWR-2700-AC/4
|
2700 W AC power supply
|
15.0(1)SY
|
PWR-2700-DC/4
|
2700 W DC power supply
|
15.0(1)SY
|
All Other Power Supplies
Note The power supplies in this section are not supported in these chassis:
•Catalyst 6503-E
•Catalyst 6504-E
Product ID
(append "=" for spares)
|
Product Description
|
Minimum
Software
Version
|
WS-CAC-8700W-E
|
8,700 W AC power supply
|
15.0(1)SY
|
Note
•WS-CAC-8700W-E supports a remote power cycling feature.
•See this publication for more information:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Chassis_Installation/Cat6500/6500_ins.html
|
PWR-6000-DC
|
6,000 W DC power supply
|
15.0(1)SY
|
WS-CAC-6000W
|
6,000 W AC power supply
|
PWR-4000-DC
|
4,000 W DC power supply
|
WS-CAC-4000W
|
4,000 W AC power supply
|
+WS-CAC-3000W
|
3,000 W AC power supply
|
WS-CAC-3000W
|
3,000 W AC power supply
|
WS-CAC-2500W
|
2,500 W AC power supply
|
WS-CDC-2500W
|
2,500 W DC power supply
|
Chassis
•13-Slot Chassis
•9-Slot Chassis
•6-Slot Chassis
•4-Slot Chassis
•3-Slot Chassis
Note Chassis with 64 MAC addresses automatically enable the Extended System ID feature, which is enabled with the spanning-tree extend system-id command. You cannot disable the extended-system ID in chassis that support 64 MAC addresses. The Extended System ID feature might already be enabled in your network, because it is required to support both extended-range VLANs and any chassis with 64 MAC addresses. Enabling the extended system ID feature for the first time updates the bridge IDs of all active STP instances, which might change the spanning tree topology.
13-Slot Chassis
Note With Supervisor Engine 2T-10GE, the slot reserved for a redundant supervisor engine can be populated with one of these modules:
•WS-X6148E-GE-45AT
•WS-X6148A-GE-TX, WS-X6148A-GE-45AF
•WS-X6148-FE-SFP
•WS-X6148A-RJ-45, WS-X6148A-45AF
•WS-X6196-RJ-21, WS-X6196-21AF
Product ID
(append "=" for spare)
|
Product Description
|
Minimum
Software
Version
|
WS-C6513-E
|
•13 slots
•Slot 7 and slot 8 are reserved for supervisor engines
•64 chassis MAC addresses
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
CISCO7613-S
|
•13 slots
•Slot 7 and slot 8 are reserved for supervisor engines
•64 chassis MAC addresses
|
With Supervisor Engine 2T-10GE
|
15.1(1)SY
|
WS-C6513
|
Catalyst 6513 chassis:
•13 slots
•64 chassis MAC addresses
•Use with Supervisor Engine 720-10GE or Supervisor Engine 720 requires WS-C6K-13SLT-FAN2
•These modules are supported only in slots 9 through 13 and do not power up in other slots:
–WS-X6700 series switching modules except WS-X6724-SFP
–WS-X6816-GBIC switching modules
–WS-SVC-WISM-1-K9
Note Not supported with Supervisor Engine 2T.
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
9-Slot Chassis
Product ID
(append "=" for spare)
|
Product Description
|
Minimum
Software
Version
|
WS-C6509-V-E
|
•9 vertical slots
•64 chassis MAC addresses
•Required power supply:
–2,500 W DC or higher
–3,000 W AC or higher
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
WS-C6509-E
|
•9 horizontal slots
•Chassis MAC addresses:
–Before April 2009—1024 chassis MAC addresses
–Starting in April 2009—64 chassis MAC addresses
Note Chassis with 64 MAC addresses automatically enable the Extended System ID feature, which is enabled with the spanning-tree extend system-id command. You cannot disable the extended-system ID in chassis that support 64 MAC addresses. The Extended System ID feature might already be enabled in your network, because it is required to support both extended-range VLANs and any chassis with 64 MAC addresses. Enabling the extended system ID feature for the first time updates the bridge IDs of all active STP instances, which might change the spanning tree topology.
•Requires 2,500 W or higher power supply
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
CISCO7609-S
|
•9 vertical slots
•64 chassis MAC addresses
•Required power supply:
–2,500 W DC or higher
–3,000 W AC or higher
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY1
|
6-Slot Chassis
Product ID
(append "=" for spare)
|
Product Description
|
Minimum
Software
Version
|
WS-C6506-E
|
•6 slots
•Chassis MAC addresses:
–Before April 2009—1024 chassis MAC addresses
–Starting in April 2009—64 chassis MAC addresses
Note Chassis with 64 MAC addresses automatically enable the Extended System ID feature, which is enabled with the spanning-tree extend system-id command. You cannot disable the extended-system ID in chassis that support 64 MAC addresses. The Extended System ID feature might already be enabled in your network, because it is required to support both extended-range VLANs and any chassis with 64 MAC addresses. Enabling the extended system ID feature for the first time updates the bridge IDs of all active STP instances, which might change the spanning tree topology.
•Requires 2,500 W or higher power supply
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
CISCO7606-S
|
•6 slots
•64 chassis MAC addresses
|
With Supervisor Engine 2T-10GE
|
15.1(1)SY1
|
4-Slot Chassis
Product ID
(append "=" for spare)
|
Product Description
|
Minimum
Software
Version
|
WS-C6504-E
|
•4 slots
•64 chassis MAC addresses
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
CISCO7604
|
•4 slots
•64 chassis MAC addresses
|
With Supervisor Engine 2T-10GE
|
15.1(1)SY
|
3-Slot Chassis
Product ID
(append "=" for spare)
|
Product Description
|
Minimum
Software
Version
|
WS-C6503-E
|
•3 slots
•64 chassis MAC addresses
•WS-X6904-40G-2T and WS-X6908-10GE are supported only with WS-C6503-E hardware revision 1.3 or higher.
|
With Supervisor Engine 2T-10GE
|
15.0(1)SY
|
With Supervisor Engine 720-10GE
|
15.1(1)SY
|
With Supervisor Engine 720
|
15.1(1)SY
|
Unsupported Hardware
Release 15.1SY supports only the hardware listed in the "Supported Hardware" section. Unsupported modules remain powered down if detected and do not affect system behavior.
Release 12.2SX supported these modules, which are not supported in Release 15.1SY:
•Supervisor Engine 32 (CAT6000-SUP32/MSFC2A)
•ME 6500 Series Ethernet Switches (ME6524)
•Policy Feature Card 3A and Distributed Forwarding Card 3A
•76-ES+XT-4TG3CXL, 76-ES+XT-4TG3C
•76-ES+XT-2TG3CXL, 76-ES+XT-2TG3C
•7600-ES+4TG3CXL, 7600-ES+4TG3C
•7600-ES+2TG3CXL, 7600-ES+2TG3C
•Shared Port Adapter (SPA) Interface Processors (SIPs) and Shared Port Adapters (SPAs)
•Services SPA Carrier (SSC) and Services SPAs
•Enhanced FlexWAN Module
•Anomaly Guard Module(AGM)
•Traffic Anomaly Detector Module (ADM)
•Communication Media Module (CMM)
•Content Switching Module (CSM)
•Content Switching Module with SSL (CSM-S)
•Secure Sockets Layer (SSL) Services Module
Images and Feature Sets
Use Cisco Feature Navigator to display information about the images and feature sets in Release 15.1SY.
The releases includes strong encryption images. Strong encryption images are subject to U.S. and local country export, import, and use laws. The country and class of end users eligible to receive and use Cisco encryption solutions are limited. See this publication for more information:
http://www.cisco.com/web/about/doing_business/legal/global_export_trade/general_export/contract_compliance.html
Universal Boot Loader Image
The Universal Boot Loader (UBL) image is a minimal network-aware image that can download and install a Cisco IOS image from a running active supervisor engine in the same chassis. When newly installed as a standby supervisor engine in a redundant configuration, a supervisor engine running the UBL image automatically attempts to copy the image of the running active supervisor engine in the same chassis.
EFSU Compatibility
SX SY EFSU Compatibility Matrix
New Features in Release 15.1(1)SY1
These sections describe the new features in Release 15.1(1)SY1, 03 May 2013:
•New Hardware Features in Release 15.1(1)SY1
•New Software Features in Release 15.1(1)SY1
New Hardware Features in Release 15.1(1)SY1
•WS-X6904-40G-2T switching module support for:
–GLC-LH-SMD 1G SFP
–GLC-SX-MMD 1G SFP
–GLC-T 1G SFP
•Supervisor Engine 2T support with the 7606-S chassis
New Software Features in Release 15.1(1)SY1
•DHCPv6 - Relay chaining for Prefix Delegation—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_dhcp/configuration/15-0sy/dhcp-relay-agent.html
•Egress Microflow Destination-Only Policing—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/qos_class_mark_police.html#Egress_Microflow_Destination-Only_Policing
•Global QoS Policy—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/denial_of_service.html#Global_Protocol_Packet_Policing
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup720/denial_of_service.html#Global_Protocol_Packet_Policing
•HSRP aware PIM—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_pim/configuration/15-sy/imc_hsrp_aware.html
•Interfaces MIB: SNMP context based access—See this publication:
http://www.cisco.com/en/US/partner/docs/ios-xml/ios/snmp/configuration/15-sy/nm-snmp-vpn-context.html
•LISP Locator/ID Separation Protocol—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_lisp/configuration/15-sy/irl-15-sy-book.html
•LISP Virtualization—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_lisp/configuration/15-sy/irl-15-sy-book.html
•Medianet 2.2 features in Cat6500 Ipbase images—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/media_monitoring/configuration/15-sy/mm-15-sy-book.html
•MPLS TE - Bundled Interface Support (EtherChannel and MLP)—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_te_path_setup/configuration/15-sy/mp-bundle-interface.html
•Multicast Feature Reformation Packaging Changes—Release 15.1(1)SY1 and later releases IP Base images support IPv6 multicast
•SGT Name export in NetFlow—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/appc_cat6k.html#wp1019251
•TrustSec Diagnostic Tool Kits - Packet Trace—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/command_sum.html#wp1548654
•TrustSec SGA Conditional Debugging Capabilities—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/command_sum.html#wp1568342
•TrustSec SGA SYSLOG Messages—See this publication:
http://www.cisco.com/en/US/docs/ios/15_0sy/system/messages/15sysmg.html
•VPLS PIM and IGMP Snooping (LAN Interfaces)—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/vpls.html#Configuring_Multicast_Snooping_Support
•VSS Quad-Sup SSO (VS4O)—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/virtual_switching_systems.html#VSS_Quad-Sup_SSO_(VS4O)
•VSS Quad-Sup Uplink Forwarding with HA domains—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup720/virtual_switching_systems.html#VSS_Quad-Sup_Uplink_Forwarding
•WCCPv2 - IPv6 Support—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp/configuration/15-sy/iap-wccp-v2-ipv6.html
New Features in Release 15.1(1)SY
These sections describe the new features in Release 15.1(1)SY, 15 Oct 2012:
•New Hardware Features in Release 15.1(1)SY
•New Software Features in Release 15.1(1)SY
New Hardware Features in Release 15.1(1)SY
•7604S chassis support with the Supervisor Engine 2T—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/release_notes.html#4-Slot_Chassis
•7613-S chassis support with the Supervisor Engine 2T—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/release_notes.html#13-Slot_Chassis
•SFP+ LRM transceiver support—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/release_notes.html#10_GE_SFP+_Modules
•X2-10GB-T transceiver support—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/release_notes.html#X2_Modules
•With Supervisor Engine 2T, VSS mode support for the WS-X6148E-GE-45AT module.
New Software Features in Release 15.1(1)SY
•AAA-Domain Stripping at server group level—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-domain-stripping.html
•Add support for the 61XX linecards in the 6513-E standby sup's slot with sup2T—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/release_notes.html#13-Slot_Chassis
•Auto Interleaved Port priority for LACP—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/etherchannel.html#Configuring_Auto_Interleaved_Port_Priority_For_LACP_Port_Channels
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup720/etherchannel.html#Configuring_Auto_Interleaved_Port_Priority_For_LACP_Port_Channels
•BFD - Static Route Support—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bfd/configuration/15-sy/irb-bi-fwd-det.html
•BFD - VRF Support—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bfd/configuration/15-sy/irb-bi-fwd-det.html
•BFD IPv6 Encaps Support—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bfd/configuration/15-sy/ip6-route-bfd-encaps.html
•BFD Support for IP Tunnel (GRE, with IP address)—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bfd/configuration/15-sy/irb-bi-fwd-det.html
•BFD Support over port channel—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bfd/configuration/15-sy/irb-bi-fwd-det.html
•BGP - Remove/Replace Private AS Filter—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-sy/irg-remove-as.html
•BGP Event Based VPN Import—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-sy/irg-event-vpn-import.html
•BGP Neighbor Policy—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-sy/irg-neighbor-policy.html
•BGP Per Neighbor SOO Configuration—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-sy/irg-neighbor-soo.html
•BGP PIC Edge for IP/MPLS—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-sy/irg-bgp-mp-pic.html
•BGP RT changes without PE-CE neighbor impact—See this publication:
http://www.cisco.com/en/US/docs/ios/iproute_bgp/configuration/guide/irg_event_vpn_import.html
•BGP: RT Constrained Route Distribution—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-sy/irg-rt-filter.html
•BGPConsistency Checker—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-sy/irg-consistency-check.html
•Callhome V2 enhancements—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/callhome.html#callhome_v2_enhancements
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup720/callhome.html#callhome_v2_enhancements
•Capabilities Manager—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/saf/configuration/15-sy/saf-capman.html
•RADIUS Change of Authorization (CoA)—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-rad-coa.html
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_authentifcn.html
•Cisco Express Forwarding - SNMP CEF-MIB Support—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipswitch_cef/configuration/15-sy/isw-cef-snmp-mib.html
http://www.cisco.com/en/US/docs/ios/ipswitch/configuration/guide/cef_snmp_mib.html
•Cisco IOS Shell—See this publication:
http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_ios_shell.html
•Cisco TrustSec L3 Identity Port Mapping—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cts/configuration/15-sy/sec-cts-id-port-map.html
http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/ident-conn_config.html#wp1055308
http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/ident-conn_config.html#wp1070418
•Cisco TrustSec NDAC, Network Device Admission Control—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cts/configuration/15-sy/sec-cts-ndac.html
http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/ident-conn_config.html
•Cisco TrustSec Subnet to SGT Mapping—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cts/configuration/15-sy/cts-subnet-sgt-map.html
http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/ident-conn_config.html#wp1055308
•CISCO-IP-URPF-MIB Support—See this publication:
http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_urpf_mib.html
•Client Information Signalling Protocol (CISP)—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/dot1x_port_based_authentication.html#NEAT_CISP
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup720/dot1x_port_based_authentication.html#NEAT_CISP
•Configuring ITU-T Y.1731 Fault Management Functions—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/cether/configuration/15-sy/ce-cfm-ieee-y1731.html
•Console disconnect—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/commands/cmds1.html#disconnect-timeout
Note This feature is enabled by default.
•CoPP Microflow policing—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/control_plane_policing_copp.html#CoPP_microflow_policing
•Copy based sampling—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_basic/configuration/15-sy/mp-ip-aware-mpls-netflow.html
•Custom Location Type—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-cr-book.html
http://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-e1.html
•DHCP - Server Port Based Address Allocation—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_dhcp/configuration/15-sy/dhcp-prt-bsd-aa.html
•DHCP Relay Server Id Override and Link Selection Option 82 Suboptions—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_dhcp/configuration/15-sy/dhcp-relay-svr-option-82.html
•Diagnostic Signatures—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/callhome.html#diagnostic_signatures
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup720/callhome.html#diagnostic_signatures
•EIGRP IPv6 VRF-Lite—See this publication:
http://www.cisco.com/en/US/docs/ios/iproute_eigrp/configuration/guide/ire_cfg_eigrp.html
•EIGRP MIB—See this publication:
http://www.cisco.com/en/US/docs/ios/iproute_eigrp/configuration/guide/ire_mib.html
•EIGRP Wide Metrics—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_eigrp/configuration/15-sy/ire-wid-met.html
•EIGRP/SAF HMAC-SHA-256 Authentication—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_eigrp/configuration/15-sy/ire-sha-256.html
•Embedded Event Manager (EEM) 3.1—See this publication:
http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_overview.html
http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_policy_cli.html
http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_policy_tcl.html
•Embedded Event Manager (EEM) 3.2—See this publication:
http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_3.2.html
•Embedded Event Manager (EEM) 4.0—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/eem/configuration/15-mt/eem-overview.html
•Enabling OSPFv2 on an Interface Using the ip ospf area Command—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book.html
•EnergyWise 2.5—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/energywise/phase2_5/ios/configuration/guide/2_5ewise.html
•EnergyWise Pre Phase 2.5—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/energywise/phase2/ios/release/notes/OL19810.html
•EVN EIGRP—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/evn/configuration/15-sy/evn-confg.html
http://www.cisco.com/en/US/docs/ios-xml/ios/evn/configuration/15-sy/evn-overview.html
•EVN OSPF—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/evn/configuration/15-sy/evn-confg.html
http://www.cisco.com/en/US/docs/ios-xml/ios/evn/configuration/15-sy/evn-overview.html
•EVN Route Replication—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/evn/configuration/15-sy/evn-shared-svcs.html
•Flex Links Interface Preemption—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/flexlinks.html#flex_links_interface_preemption
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup720/flexlinks.html#flex_links_interface_preemption
•Flexible Netflow - IPv6 bridged flows—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/fnetflow/configuration/15-sy/cfg-ipv6-brg.html
•FTP IPv6 Support—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6_nman/configuration/15-sy/ip6-tftp-supp.html
•Geo Location Type support—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-cr-book.html
http://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-e1.html
•HA support for mLDP—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_lsm/configuration/15-sy/imc_ha_mldp.html
•Hierarchical shaping and two priority queues on WS-X6904-40G-2T—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/qos_policy_based_queueing.html#shaping_2p6q4t
•IEEE 802.1x - RADIUS Change of Authorization (CoA)—See this publication:
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_authentifcn.html
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a3.html
•IGMPv3 Host Stack—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_igmp/configuration/15-sy/imc_igmpv3_hoststack.html
•IP Aware MPLS Netflow—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_basic/configuration/15-sy/mp-ip-aware-mpls-netflow.html
•IP Multicast Load Splitting - Equal Cost Multipath (ECMP) using S, G and Next-hop—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_optim/configuration/15-sy/imc_load_splt_ecmp.html
•IP SLAs - LSP Health Monitor with LSP Discovery—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipsla/configuration/15-sy/sla_lsp_mon_autodisc.html
•IP SLAs VRF Aware 2.0—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipsla/configuration/15-sy/sla_tcp_conn.html
http://www.cisco.com/en/US/docs/ios-xml/ios/ipsla/configuration/15-sy/sla_ftp.html
http://www.cisco.com/en/US/docs/ios-xml/ios/ipsla/configuration/15-sy/sla_dns.html
http://www.cisco.com/en/US/docs/ios-xml/ios/ipsla/configuration/15-sy/sla_http.html
•IP Tunnel - SSO—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/interface/configuration/15-sy/ir-impl-tun.html
•IP-RIP Delay Start—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_rip/command/irr-cr-rip.html
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_rip/configuration/15-sy/irr-cfg-info-prot.html
•IPv6 - Config Logger—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6_nman/configuration/15-sy/ip6-emb-mgmt.html
•IPv6 - HTTP(S)—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6_nman/configuration/15-sy/ip6-emb-mgmt.html
•IPv6 - Per Interface Neighbor Discovery Cache Limit—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6_basic/configuration/15-sy/ip6-nd-cache.html
•IPv6 - TCL—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6_nman/configuration/15-sy/ip6-emb-mgmt.html
•IPv6 ACL Extensions for Hop by Hop Filtering—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-sy/ip6-acl-ext-hbh.html
•IPv6 BSR - Configure RP mapping—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_pim/configuration/15-sy/imc_basic_ipv6.html
•IPv6 Device Tracking—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6_fhsec/configuration/15-sy/ip6-dev-track.html
•IPv6 Neigbor Discovery Non-Stop Forwarding (NSF)—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6_basic/configuration/15-sy/ip6-neighb-disc.html
•IPv6 Neighbor Discovery Inspection—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6_fhsec/configuration/15-sy/ip6-nd-inspect.html
•IPv6 Policy-Based Routing—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_pi/configuration/15-sy/ip6-pbr.html
•IPv6 Router Advertisement (RA) Guard—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6_fhsec/configuration/15-sy/ip6-ra-guard.html
•IPv6 Routing: OSPF for IPv6 (OSPFv3) Authentication Support with IPsec—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/ip6-route-ospfv3-auth-ipsec.html
•IPv6 Support for IPSec and IKEv2—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_vpnips/configuration/15-sy/sec-cfg-vpn-ipsec.html
•IPV6 VACL (Vlan Access Control List)—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/vlan_acls.html#IPV6_VACL_(Vlan_Access_Control_List)
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup720/vlan_acls.html#IPV6_VACL_(Vlan_Access_Control_List)
•IPv6: NSF & Graceful Restart for MP-BGP IPv6 Address Family—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-sy/ip6-mbgp-nsf-gr-rest.html
•IS-IS - MPLS LDP Synchronization—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_ldp/configuration/15-sy/mp-ldp-igp-synch.html
•ISIS BFD TLV—The IS-IS Bidirectional Forwarding Detection (BFD) Tag Length Value (TLV) feature provides a faster method to detect a loss of an IS-IS adjacency. Before, when an IS-IS adjacency reached the UP state (and therefore could be used for forwarding), a BFD session needed to be established with that neighbor. Now, a BFD session is maintained as long as the hello holddown timer for the neighbor does not expire, which is new for BFD TLV. The BFD session is only deleted if the neighbor hello times out. If BFD signals to IS-IS that a session has gone DOWN, the adjacency associated with that session will transition to DOWN state. Once the BFD session goes back UP, the adjacency state can transition back to an UP state.
For a given IS-IS topology, IS-IS determines if BFD is usable for a given neighbor on that topology. BFD is not usable when BFD is enabled on both sides and the BFD session is down. When there are multiple BFD sessions enabled for different address families, such as IPv4 and IPv6, if BFD is not usable for any address family, then BFD is consider not usable for the entire adjacency on that topology. For example, if both IPv4 and IPv6 BFD are enabled for single topology, if either the IPv4 BFD session is down or IPv6 BFD session is down, the neighbor state will be set to DOWN state. If BFD is not enabled for a given address family, then BFD is considered usable for that address family.
For single topology mode, the neighbor state is down when either the IPv4 or IPv6 BFD session is not BFD usable, that is, if BFD is enabled on both sides and the BFD session is DOWN. If BFD is not enabled on either side, BFD will be set to TRUE. For multi-topology mode, IS-IS adjacency will be in UP state as long as any topology is UP . However, the neighbor for the topology where BFD is consider not usable is considered down for that specific topology. For example, if both IPv4 and IPv6 BFD are enabled, and the IPv4 session is DOWN and IPv6 session is UP, then the IS-IS adjacency is still UP. In this case, the IPv4 neighbor is considered DOWN and ipv6 neighbor is considered UP.
•ISIS client for BFD c-bit support—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bfd/configuration/xe-3s/irb-bfd-isis-cbit.html
•ISIS IPv6 client for BFD—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bfd/configuration/15-sy/ip6-bfd-isis-client.html
•ISIS MTR for multicast address familly only—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/mtr/configuration/15-sy/isis-mtr-multicast-address-family.html
•IS-IS Support for an IS-IS Instance per VRF for IP—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_isis/configuration/15-sy/irs-instance-vrf.html
•ISSU - IPv6 Multicast—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_resil/configuration/15-sy/imc_high_availability.html
•ISSU - MPLS VPN 6VPE & 6PE ISSU support—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_ha/configuration/15-sy/mp-6vpe-6pe-issu-sso.html
•L2VPN Advanced VPLS (A-VPLS)—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_l2_vpns/configuration/15-sy/mp-l2vpn-adv-vpls.html
•LACP 1:1 hotstandby dampening—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/etherchannel.html#LACP_1-1_hot_standby_dampening
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup720/etherchannel.html#LACP_1-1_hot_standby_dampening
•Linecards not supported in 15.1(1)SY—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/release_notes.html#Unsupported_Hardware
•LLDP Inline Power Negotiation for PoE+—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/power_over_ethernet.html#LLDP_Inline_Power_Negotiation_for_PoE+
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup720/power_over_ethernet.html#LLDP_Inline_Power_Negotiation_for_PoE+
•LLDP IPv6 address support—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/release_notes.html#LLDP_IPv6_address_support
•LLDP IPv6 address support—The release support IPv6 Link Layer Discovery Protocol (LLDP) and LLDP Media Endpoint Discovery (MED) addresses.
•Mac Move and Replace—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/dot1x_port_based_authentication.html#MAC_Move
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup720/dot1x_port_based_authentication.html#MAC_Move
•Manually configured IPv6 in IPv4 with IPSec—The Manually Configured IPv6 in IPv4 with IPsec feature complies with U.S. Government IPv6 (USGv6) guidelines by supporting the following IPsec features:
–IPv6 Support for IPsec and IKEv2. For more information about this feature, see the "Configuring Internet Key Exchange Version 2 (IKEv2) and FlexVPN Site-to-Site" module and the "Configuring Security for VPNs with IPsec" module at the following links:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/15-sy/sec-cfg-ikev2-flex.html
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_vpnips/configuration/15-sy/sec-cfg-vpn-ipsec.html
–OSPF for IPv6 (OSPFv3) Authentication Support with IPsec. For more information about this feature, see the "IPv6 Routing: OSPF for IPv6 Authentication Support with IPsec" module at the following link:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/ip6-route-ospfv3-auth-ipsec.html
–Call Home version 2 enhancements.
•Medianet Metadata—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/mdata/configuration/15-sy/metadata-framework.html
•MLD Group Limits—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_lsm/configuration/15-sy/ip6-mcast-mld-limits.html
•mLDP Filtering—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_lsm/configuration/15-sy/imc_mldp_filter.html
•MLDP-Based MVPN—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_lsm/configuration/15-sy/imc_mldp-based_mvpn.html
•MPLS LDP - IGP Synchronization—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_ldp/configuration/15-sy/mp-ldp-igp-synch.html
•MPLS over GRE—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_l2_vpns/configuration/15-sy/vpls-o-gre.html
•MPLS Pseudowire Status Signaling—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_l2_vpns/configuration/15-sy/mp-pw-status.html
•MPLS TE - BFD-triggered Fast Reroute (FRR)—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_te_path_protect/configuration/15-sy/mp-te-bfd-frr.html
•MPLS Traffic Engineering (TE) - Path Protection—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_te_path_protect/configuration/15-sy/mp-te-path-prot.html
•MTR Support for Multicast—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_pim/configuration/15-sy/imc_mtr.html
http://www.cisco.com/en/US/docs/ios-xml/ios/mtr/configuration/15-sy/isis-mtr-multicast-address-family.html
•Multi-auth Vlan Assignment—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/dot1x_port_based_authentication.html#Multi-auth_Vlan_Assignment
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup720/dot1x_port_based_authentication.html#Multi-auth_Vlan_Assignment
•Multicast Expansion Table Enhancement for VPLS—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/commands/additional_commands.html
•Multicast Service Reflection—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_serv/configuration/15-sy/imc_service_reflect.html
•MVPN - Data MDT Enhancements—Multicast distribution tree (MDT) groups were selected at random when the traffic passed the threshold and there was a limit of 255 MDTs before they were reused. The MVPN - Data MDT Enhancements feature provides the ability to deterministically map the groups from inside the VPN routing and forwarding (S,G) entry to particular data MDT groups, through an access control list (ACL).
The user can now map a set of VPN routing and forwarding (S,G) to a data MDT group in one of the following ways:
–1:1 mapping (1 permit in ACL)
–Many to 1 mapping (many permits in ACL)
–Many to many mapping (multiple permits in ACL and a nonzero mask data MDT)
Because the total number of configurable data MDTs is 1024, the user can use this maximum number of mappings in any of the described combinations.
•NAT - VRF Aware NAT—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_nat/configuration/15-sy/iadnat-mpls-vpn.html
•NEAT (Network Edge Authentication Topology)—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/dot1x_port_based_authentication.html#NEAT_CISP
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup720/dot1x_port_based_authentication.html#NEAT_CISP
•Netflow Data Export to a collector in a VRF—See this publication:
http://www.cisco.com/en/US/docs/ios/netflow/command/reference/nf_01.html#ip_flow-export_destination
•Netflow(TNF) Export L2 mac and port information for IPv4—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup720/netflow.html#netflow_mac_port
•NHRP Reformation move to IP Services—The Next Hop Resolution Protocol (NHRP) is supported in the IP Services image.
•No Service Password-Recovery 15.1SY—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cfg/configuration/15-sy/sec-no-svc-pw-recvry.html
•NSF/SSO - IPv6 Multicast—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_resil/configuration/15-sy/imc_high_availability.html
•NTPv4 MIB—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/bsm/configuration/15-sy/bsm-ntpv4-mib.html
•NTPv4 Orphan Mode support, Range for trusted key configuration—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/bsm/configuration/15-sy/bsm-time-calendar-set.html
•NTPv4 with support for IPv4 and IPv6—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/bsm/configuration/15-sy/ip6-ntpv4.html
•OSPF - Non-Stop Routing—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-nsr-ospf.html
•OSPF for Routed Access—The OSPF for Routed Access feature allows users to extend layer 3 routing capabilities to the access or Wiring Closet. OSPF for Routed Access supports only one OSPFv2 and one OSPFv3 instance with a maximum number of 200 dynamically learned routes permitted.
With the typical hub and spoke topology in a campus environment, the Wiring Closets (spokes) are connected to the distribution switch (Hub) forwarding all non-local traffic to the distribution layer. There is no requirement to hold a complete routing table at the Wireless Closet switches. In best practices designs, the distribution switch sends a default route to the Wiring Closet switch for reaching inter- area and external routes (OSPF Stub area configuration). The OSPF for Routed Access feature supporst this type of topology.
The IP base image supports OSPF for Routed Access. The Enterprise services image continues to be required if multiple OSPFv2 and OSPFv3 instances with no route restrictions are required. Additionally, Enterprise Services is required to enable the VRF-lite feature.
•OSPF Graceful Shutdown—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-ttl.html
•OSPF support for NSSA RFC 3101—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book.html
•OSPF TTL Security Check—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-ttl.html
•OSPFv3 Address Families—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/ip6-route-ospfv3-add-fam.html
•OSPFv3 BFD—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bfd/configuration/15-sy/ip6-route-bfd-ospfv3.html
•OSPFv3 Fast Convergence - LSA and SPF throttling—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/ip6-route-ospfv3-fastcon.html
•OSPFv3 Graceful Restart—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/ip6-route-ospfv3-gr-rest.html
•OSPFv3 IPSec ESP Encryption and Authentication—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/ip6-route-ospfv3-esp.html
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book.html
•OSPFv3 VRF-Lite/PE-CE—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/command/iro-cr-book.html
•Parser concurrency and locking Improvements—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/config-mgmt/configuration/15-sy/cm-parse-improve.html
•Password strength and management for Common Criteria—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-aaa-comm-criteria-pwd.html
•Per Port Location Configuration—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/cether/configuration/15-sy/ce-per-port-loc-config.html
•PIM MIB Extension for IP Multicast—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_pim/configuration/15-sy/imc_monitor_maint.html
•PIMv6: Anycast RP solution—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_pim/configuration/15-sy/imc_basic_ipv6.html
•PoE Plus (PoE+, PoEP) support—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/power_over_ethernet.html#PoE_Plus_(PoE+,_PoEP)_support
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup720/power_over_ethernet.html#PoE_Plus_(PoE+,_PoEP)_support
•POE/POEP support on Sup2T in VSS mode—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/release_notes.html#Power_over_Ethernet_Daughtercards
•Port Security on Etherchannel Trunk Port—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/port_security.html#Port_Security_on_Etherchannel_Trunk_Port
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup720/port_security.html#Port_Security_on_Etherchannel_Trunk_Port
•Product Security Baseline: Password encryption and complexity restrictions—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cfg/configuration/15-sy/sec-cfg-sec-4cli.html
•Radius over IPv6—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/ip6-aaa-support.html
•Radius Per-VRF Server Group—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-per-vrf-aaa.html
•Radius Statistics VIA SNMP—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_rad/configuration/15-sy/sec-cfg-radius.html
•RSVP Support for Ingress Call Admission Control—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/qos_rsvp/configuration/15-sy/config-rsvp.html
•SAF Dynamic Neighbors—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/saf/configuration/15-sy/saf-dyn-neigh.html
•Show Command Section Filter—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/fundamentals/command/Cisco_IOS_Configuration_Fundamentals_Command_Reference.html
•Smart Install—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/smart_install/configuration/guide/smart_install.html
•SSH Re-Key Support for Server—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_ssh/configuration/15-sy/sec-usr-ssh-sec-shell.html
http://www.cisco.com/en/US/docs/ios-xml/ios/security/d1/sec-cr-i3.html#GUID-DE59554D-4699-46ED-AA7C-9533D92802A0
•SSHv2 Enhancements—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_ssh/configuration/15-sy/sec-secure-shell-v2.html
•SSHv2 Enhancements for RSA Keys—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_ssh/configuration/15-sy/sec-secure-shell-v2.html
•SSO - MPLS VPN 6VPE & 6PE SSO support—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_ha/configuration/15-sy/mp-6vpe-6pe-issu-sso.html
•Static Route Support for BFD over IPv6—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bfd/configuration/15-sy/ip6-bfd-static.html
•Storm Control action -- Port disable—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/traffic_storm_control.html#Storm_Control_Port_disable
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup720/traffic_storm_control.html#Storm_Control_Port_disable
•Switch location configuration—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-cr-book.html
http://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-e1.html
•Tacacs over IPv6—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/ip6-tacacs.html
•TFTP IPv6 support—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6_nman/configuration/15-sy/ip6-tftp-supp.html
•TrustSec Identity Port Mapping—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cts/configuration/15-sy/sec-cts-id-port-map.html
http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/arch_over.html#wp1054498
http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/ident-conn_config.html#wp1070418
•TrustSec Security Group Name Download—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cts/configuration/15-sy/sec-cts-sg-download.html
•TrustSec SGA Environment-Data Change of Authority—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/arch_over.html
•TrustSec SGA SGACL Policy Change of Authority—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/arch_over.html
•TrustSec SGT Caching—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/arch_over.html
•TrustSec SGT RBACL Monitor Mode (Dryrun)—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/arch_over.html
•TrustSec SxP Loop Detection—See this publication:
http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/arch_over.html
•TTL Security Support for OSPF on IPv6—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-ttl-sec-ospfv3.html
•VPLS Autodiscovery, BGP-based—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_l2_vpns/configuration/15-sy/vpls-auto-bgp.html
•VPLS over GRE and MPLS over GRE—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_l2_vpns/configuration/15-sy/vpls-o-gre.html
•VRF aware NTP—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/bsm/configuration/15-sy/bsm-time-calendar-set.html
•VRF aware source interface for syslog transactions—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/esm/configuration/15-sy/esm-vrf.html
http://www.cisco.com/en/US/docs/ios/ipv6/command/reference/ipv6_09.html#wp2342429
http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_09.html#wp1095099
•VRF support for TFTP server, TFTP Client, and FTP client—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/fundamentals/command/Cisco_IOS_Configuration_Fundamentals_Command_Reference.html
•VRF-aware ARP debug—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_arp/configuration/15-sy/arp-vrfaware-arp.html
•VRRPv3 Protocol Support—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp_fhrp/configuration/15-sy/fhrp-vrrpv3.html
•WCCP - Configurable Router ID—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp/configuration/15-sy/iap-wccp-cfg-rtr-id.html
•WCCP: Fast Timers—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp/configuration/15-sy/iap-wccp-ftimers.html
•Web Services Management Agent (WSMA)—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/wsma/configuration/15-sy/wsma.html
•Web Services Management Agent with TLS—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/wsma/configuration/15-sy/wsma-tls.html
•WSMA and XMLPI enhancement—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/wsma/configuration/15-sy/wsma.html
•XML-PI—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/xmlpi/configuration/15-sy/xml-pi.html
Software Features from Earlier Releases
Use Cisco Feature Navigator to display supported features that were introduced in earlier releases.
Unsupported Commands
Cisco IOS images for the Supervisor Engine 2T do not support mls commands or mls as a keyword. See this document for a list of some of the mls commands that have been replaced:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/replacement_commands.html
Note Some of the replacement commands support different keyword and parameter values than those supported by the Release 12.2SX commands.
Cisco IOS images for the Supervisor Engine 2T do not support these commands:
•ip multicast helper-map
•ip pim accept-register route-map
Unsupported Features
Note The IPsec Network Security feature (configured with the crypto ipsec command) is supported in software only for administrative connections to Catalyst 6500 series switches.
These features are not supported in Release 15.1SY:
•WAN features
•Performance Routing (PfR)
•OER Border Router Only Functionality
•Flexible NetFlow on Supervisor Engine 720-10GE and Supervisor Engine 720
•IOS Server Load Balancing (SLB)
Note Release 15.1SY supports server load balancing (SLB) as implemented on the Application Control Engine (ACE) module (ACE30-MOD-K9).
•AppleTalk
•Cisco Group Management Protocol (CGMP)
•Distance Vector Multicast Routing Protocol (DVMRP)
•Dynamic creation of L2 entries for Multicast source-only traffic
•IDS Copy
Note Release 15.1SY supports the SPAN and VACL redirect features, which have equivalent functionality.
•Inter-Switch Link (ISL) trunking
Note Release 15.1SY supports IEEE 802.1Q trunking.
•NAC - L2 IP NAC LAN Port IP
•These Novell NetWare protocols:
–Internetwork Packet Exchange (IPX)
–NetWare Link-Services Protocol (NLSP)
–Service Advertising Protocol (SAP)
•Network Based Application Recognition (NBAR)
•Per-VLAN Spanning Tree (PVST) mode (spanning-tree mode pvst global configuration mode command)
Note Release 15.1SY supports these spanning tree protocols:
—Rapid Spanning Tree Protocol (RSTP):
· spanning-tree mode rapid-pvst global configuration mode command
· Enabled by default
—Multiple Spanning Tree Protocol (MSTP):
· spanning-tree mode mst global configuration mode command
· Can be enabled
•Router-Port Group Management Protocol (RGMP)
•Stub IP Multicast Routing
•TCP Intercept
Note Release 15.1SY supports the Firewall Services Module (WS-SVC-FWM-1-K9).
•Integrated routing and bridging (IRB)
•Concurrent routing and bridging (CRB)
•Remote source-route bridging (RSRB)
•AppleTalk
•Distance Vector Multicast Routing Protocol (DVMRP)
Restrictions
Identifier
|
Component
|
Description
|
CSCtr15373
|
cat6000-acl
|
Standby crashes when copy config from tftp to running-config
|
CSCts70036
|
cat6000-acl
|
With mld snooping,no egress traff seen on v6 vacl vlan after reload/sso.
|
CSCtx50938
|
cat6000-acl
|
c2ma2: FHS: Ra guard features not working without creating the SVI.
|
CSCub95435
|
cat6000-env
|
Sup2T can't deliver 100% throughput on certain 67xx/68xx line cards
|
CSCsh58964
|
cat6000-fabric
|
BFD node down is detected by OIR
|
CSCtx83397
|
cat6000-l2
|
changing switchport mode doesn't reflect in the STP instances
|
CSCub86977
|
cat6000-l2-infra
|
c4hd1: Config sync seen with +encapsulation dot1Q 100
|
CSCsv98626
|
cat6000-l2-mcast
|
Ear8 MVR interaction with IGMP snooping: when IGMPSN is disabled
|
CSCta03980
|
cat6000-l2-mcast
|
PIMSN:No multicast data flood with IGMPSN disable & PIMSN enabled
|
CSCta83272
|
cat6000-l2-mcast
|
IGMP snooping not supported over VPLS ckt.
|
CSCth16692
|
cat6000-l2-mcast
|
IGMPSN report suppression failed to redir MIXED mode same group joins
|
CSCtl86457
|
cat6000-l2-mcast
|
RL for IP Multicast Control frames doesn't work properly
|
CSCto92033
|
cat6000-l2-mcast
|
Multicast data frames blackholed if RTR-GRD is ON and Snooping is OFF
|
CSCty00850
|
cat6000-l2-mcast
|
Root sends GQ instead global leave due to L2 MLD querier flaps
|
CSCua92717
|
cat6000-l2-mcast
|
PD Changes for bug CSCua17878
|
CSCub68068
|
cat6000-l2-mcast
|
Wrong Pseudo Port added as mrtr port after IGMPv2 Leave sent
|
CSCub68144
|
cat6000-l2-mcast
|
MCVPLS: Traffic drop seen when 2 PEs sent IGMPv2 join for the same group
|
CSCtd18777
|
cat6000-mcast
|
NAT config punt Multicast frames to Process Switching
|
CSCtf59230
|
cat6000-mcast
|
Earl8 performance impact on Bidir-PIM routing cases
|
CSCtg58715
|
cat6000-mcast
|
"show mac addr static vlan" CLI does not display mcast entries
|
CSCtg91060
|
cat6000-mcast
|
IPV6 PING not working on SVI when MLD Snooping is turned ON
|
CSCti43981
|
cat6000-mcast
|
HW BiDir mroutes not restored after temporarily losing the RP path
|
CSCti97217
|
cat6000-mcast
|
Traffic forwarding to incorrect fabric channel after PO shu/no shut
|
CSCto75104
|
cat6000-mcast
|
Mcast Traffic blkholing upon VSS DA when all VSL links are on DFC
|
CSCtr05033
|
cat6000-mpls
|
Caveats for MPLS VPN over mGRE
|
CSCtq43621
|
cat6000-rommon
|
fc2 image:Verification FAILED err seen on bootup whn cs_fips disable_dev
|
CSCtz90055
|
cat6000-routing
|
MA2:No recirc in case of BGP PIC on MPLS TE causing traffic drop
|
CSCtz90758
|
cat6000-routing
|
MA2 : CEF glean rate-limiter not working for IPv6
|
CSCua37884
|
cat6000-routing
|
MA2: IPV6 BFD sessions keep flapping periodically when interval < 200ms
|
CSCtj16159
|
cat6000-svc
|
standby reboots twice and comes up in rpr due to config sync fail
|
CSCtw91029
|
cts
|
clear cts role-based counters does not give expected results
|
CSCty37278
|
ip-tunnels
|
Tunnel forwarding down if no global IP address configured.
|
CSCtz90970
|
ip-tunnels
|
A loop in the OCE chain has been detected when IPinIP tunnel goes down
|
CSCth50799
|
pim
|
Multicast traffic slow convergence with 20k-30k mroute entries
|
Caveats in Release 15.1SY
•Open Caveats in Release 15.1SY
•Caveats Resolved in Release 15.1(1)SY1
•Caveats Resolved in Release 15.1(1)SY
Open Caveats in Release 15.1SY
Identifier
|
Component
|
Description
|
CSCud42723
|
c6k-l3-lisp
|
LISP:Adj is pointing to recirc instead of LISP0 for IPv6 VRF traffic
|
CSCue27826
|
c6k-l3-lisp
|
LISP: set dscp tunnel with LISP not marking outer hdr for IPv6 traffic
|
CSCuf83644
|
c6k-l3-lisp
|
LISP: Traffic drop on ITR encap when destined to PETR
|
CSCug08012
|
cat6000-acl
|
LISP: Encap traffic drops if we unconfigure "ipv4 etr"
|
CSCue72286
|
cat6000-diag
|
MA2b:Diagnostic handler is not found for DFC card after switchover
|
CSCtr29528
|
cat6000-hw-fwding
|
NO_ROUTE RL fails due to OAL
|
CSCuf46062
|
cat6000-hw-fwding
|
MAC Sync is not working properly
|
CSCuf24777
|
cat6000-l2-mcast
|
MCVPLS: PIMSN (*,g) mroutes not removed after stops joins and source
|
CSCud26697
|
cat6000-ltl
|
%BIT-SW1-4-OUTOFRANGE: error on 11/17 build
|
CSCtx97733
|
cat6000-mcast
|
%SYSTEM_CONTROLLER-3-MISTRAL_RESET:with mcast traffic hittin 0x7f802 adj
|
CSCud45116
|
cat6000-mcast
|
MCVPLS: Traffic drop seen at other Rx when one of the Rx sends leave
|
CSCue53147
|
cat6000-mcast
|
C4 Quadsup Traffic drops seen twice~2 sec after 130 seconds of sso
|
CSCtj90838
|
cat6000-medianet
|
packet counters in "show policy-map type perf int" not working on Cat6k
|
CSCug28878
|
cat6000-qos
|
c4mk1: Traceback@vs_get_pslot_switch_id
|
CSCue65316
|
cat6000-routing
|
MA2b:MPLS recirc goes missing for newly added NHRP node in L2oGRE
|
CSCtx93042
|
cat6000-svc
|
MA1B:ASA-SM/ACE/FWSM VLANs not getting removed on VSS setup from SUP
|
CSCty14223
|
cat6000-svc
|
Trifecta project name seen in show module output of NAM3
|
CSCua96981
|
cat6000-svc
|
Some module may reset after SSO in a heavy loaded chassis
|
CSCtx28226
|
cat6k-vs-infra
|
"redundancy reload peer" leads to dual-active with mcast traffic
|
CSCug23479
|
cat6k-vs-infra
|
Switch PMK configured on slot 6 sup not synced to sup on slot 5
|
CSCts59702
|
cts
|
CTS dot1x link not up between CTS capable and CTS aware cards in E8
|
CSCtz48366
|
ipsec-core
|
Standby config is getting marked dirty during boot due to ctid/crypto
|
CSCtn53347
|
ip-tunnels
|
Issue with tunnel path_mtu_discovery after sso switchover
|
CSCub99424
|
ip-tunnels
|
TB seen @ xdr_mcast_receive_process on sso
|
CSCtl50549
|
itasca-sup
|
CNMA1: ACE RHI Routes are withdrawn after doing an SSO
|
CSCub89797
|
mpls-mfi
|
Standby Router reloads due to Config Sync: Line-by-Line sync failure
|
CSCtz12715
|
nat
|
TB while deleting Static nat entry which has interface as global address
|
CSCts16791
|
vrfinfra
|
cnma1b: vnet cli present when vnetcore to switchport and then to routed
|
CSCty37233
|
vrfinfra
|
VNET:stby crash @swidb_if_index_assign after swover with vrf vnet subif
|
Caveats Resolved in Release 15.1(1)SY1
Resolved aaa Caveats
•CSCtk15666—Resolved in 15.1(1)SY1
Symptoms: IOS password lentgh is limited to 25 characters.
Conditions: IOS password lentgh is limited to 25 characters on NG3K products.
Workaround: N/A
PSIRT Evaluation: The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Resolved accsw-ease-of-use Caveats
•CSCub55790—Resolved in 15.1(1)SY1
The Smart Install client feature in Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
Affected devices that are configured as Smart Install clients are vulnerable.
Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that have the Smart Install client feature enabled.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-smartinstall
Resolved ipsec-core Caveats
•CSCua21166—Resolved in 15.1(1)SY1
Symptoms: Unable to form IPSec tunnels due to error: "RM-4-TUNNEL_LIMIT: Maximum tunnel limit of 225 reached for Crypto functionality with securityk9 technology package license."
Conditions: Even though the router does not have 225 IPsec SA pairs, error will prevent IPSec from forming. Existing IPSec SAs will not be affected.
Workaround: Reboot to clear out the leaked counter, or install hsec9 which will disable CERM (Crypto Export Restrictions Manager).
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 2.8/2.3:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:M/C:N/I:N/A:P/E:U/RL:W/RC:C
No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Resolved ipsec-ikev2 Caveats
•CSCub39268—Resolved in 15.1(1)SY1
Symptom: Cisco ASR 1000 devices running an affected version of IOS-XE are vulnerable to a denial of service vulnerability due to the improper handling of malformed IKEv2 packets. An authenticated, remote attacker with a valid VPN connection could trigger this issue resulting in a reload of the device. Devices configured with redundant Route Processors may remain active as long as the attack is not repeated before the affected Route Processor comes back online.
Conditions: Cisco ASR1000 devices configured to perform IPSec VPN connectivity and running an affected version of Cisco IOS-XE are affected. Only authenticated IKEv2 connection is susceptible to this vulnerability.
Workaround: None.
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.8/5.6:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:S/C:N/I:N/A:C/E:F/RL:OF/RC:C CVE ID CVE-2012-5017 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Resolved mpls-te Caveats
•CSCtg39957—Resolved in 15.1(1)SY1
The Resource Reservation Protocol (RSVP) feature in Cisco IOS Software and Cisco IOS XE Software contains a DoS vulnerability.
Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability.
This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-rsvp
Note: The March 27, 2013, Cisco IOS Software Security Advisory bundled publication includes seven Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2013 bundled publication.
Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar13.html
Resolved nat Caveats
•CSCtg47129—Resolved in 15.1(1)SY1
The Cisco IOS Software implementation of the virtual routing and forwarding (VRF) aware network address translation (NAT) feature contains a vulnerability when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-nat
Note: The March 27, 2013, Cisco IOS Software Security Advisory bundled publication includes seven Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2013 bundled publication.
Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar13.html
Other Resolved Caveats in Release 15.1(1)SY1
Identifier
|
Component
|
Description
|
CSCtc72940
|
aaa
|
ip vrf forwarding command not being executed under aaa
|
CSCty74859
|
aaa
|
ISG PWLAN: Memory leaks@ cpf_get_unbundle_pak_buffer with latest image
|
CSCua01641
|
aaa
|
NAS-IP address in Accounting-on packet is 0.0.0.0.
|
CSCua18679
|
aaa
|
Framed-IP-Address is not included in Acct-Start for Dual-Stack sessions
|
CSCua30053
|
aaa
|
Client failing to authenticate with dot1x authentication
|
CSCua58100
|
aaa
|
SYS-2-NOTQ TBs with EAPSIM Roaming at Scale
|
CSCua83073
|
aaa
|
ASR 1000 route processor failure
|
CSCua85934
|
aaa
|
SessProvisioning fail in ISG-SCE interface
|
CSCub33045
|
aaa
|
ASR1k: Memory leak in XE3.6
|
CSCub69350
|
aaa
|
aaa accounting suppress null-username doesn't work with domain-stripping
|
CSCub91677
|
aaa
|
Accounting interim update gets delayed after RP switchover
|
CSCuc48245
|
aaa
|
Impossible to remove vrf command "ip radius source-interface" from conf
|
CSCty57476
|
bgp
|
BGP-GSHUT: Need to support formats NNNN AA:NN
|
CSCua61330
|
bgp
|
NSF traffic loss during switchover for prefixes with BGP learnt NH
|
CSCua75069
|
bgp
|
BGP PIC: Update/Withdraw are not sent correctly
|
CSCua96958
|
bgp
|
BGP PIC with confederations require next hop self configuration
|
CSCub30577
|
bgp
|
Incorrect RTs are attached to redistributed routes
|
CSCub48495
|
bgp
|
BGP RTC:BGP RT Filter using route-map causing crash
|
CSCub70336
|
bgp
|
BGP Task crash on bgp hard reset
|
CSCub73177
|
bgp
|
ASR1K crash with Watchdog Process: BGP Router
|
CSCub78143
|
bgp
|
clear ip bgp vpnv4 unicast damp rd cli doesn't clear damp info in VRF
|
CSCub86706
|
bgp
|
XE3.7.1: router crash with BGP HA SSO while switch-over on pE
|
CSCub92997
|
bgp
|
BGP Route Server crashes when GR-supported client session flaps
|
CSCuc87208
|
bgp
|
Router Crashed while configuring 'inherit peer-session'
|
CSCud03273
|
bgp
|
BGP nexthop is not resolved marked inaccessible though route is availab
|
CSCud70041
|
bgp
|
Make BGP NH unchanged for IPv6 LLA
|
CSCud88983
|
bgp
|
<min-holdtime> NOT written in running with default "timers bgp 60 180"
|
CSCtc60463
|
c7600-l2
|
RSP720/Sup720 crash on "traceroute mac <src_mac> <dst_mac>" command
|
CSCso63807
|
c7600-mpls
|
vpn-num is 0 in vlan-ram after moving int to a new vrf
|
CSCek74844
|
c7600-snmp
|
sysObjectID is wrong for 7603-S and 7609-S
|
CSCue05681
|
call-home
|
ISSU XE381->MCP_DEV:Traceback @ fsm_execute_internal after loadversion
|
CSCub07847
|
cat6000-acl
|
High CPU seen on receiving DHCPINFORM on SVI with pbr enabled
|
CSCuc00098
|
cat6000-acl
|
Crash occurs with two Sup2Ts while standby Sup is initializing
|
CSCuc91306
|
cat6000-acl
|
MEM LEAK seen with DHCP SNOOPING on MA1.3
|
CSCud97653
|
cat6000-acl
|
IP device tracking is not working.
|
CSCue33266
|
cat6000-acl
|
SUP2T: DHCP relay not working after configuring secondary IP address
|
CSCuc02668
|
cat6000-cfm
|
Script cat6k_me_cfmosvlanbd_d8_y1731 fails for some 21 TCS
|
CSCuc81745
|
cat6000-cm
|
TCAM error for interface with QOS policies
|
CSCuc67656
|
cat6000-diag
|
"show diagn result"causing high CPU issue when bad LC is power down.
|
CSCub23671
|
cat6000-dot1x
|
Authentication loop in dot1x->mab->guest vlan for supplicantless PC
|
CSCub60449
|
cat6000-dot1x
|
Switch starts second authentication after port in guest vlan
|
CSCud22789
|
cat6000-dot1x
|
IGMP joins when port is in auth-fail state not forward to mrouter
|
CSCua50391
|
cat6000-env
|
C6KENV-SW2_SPSTBY-2-MAJORTEMPALARM msg seen in 150-1.IA273.330_120613
|
CSCub54653
|
cat6000-env
|
Many entSensorThresholdNotifications for the Cat6500 down interfaces
|
CSCub86068
|
cat6000-env
|
PCIe error print on console but not log
|
CSCud41173
|
cat6000-env
|
Console problem seen in Mfg side during MA2 software modeling
|
CSCud53949
|
cat6000-env
|
ME-C6524 crashes after "%MLSCEF-SP-4-FIB_EXCEPTION_THRESHOLD:" error
|
CSCue76640
|
cat6000-env
|
No service password-recovery on sup2t doesn't work
|
CSCud22843
|
cat6000-fabric
|
supervisor module crash
|
CSCud68540
|
cat6000-fabric
|
VSS may log 'VSLP Hello Packets dropped'
|
CSCue18618
|
cat6000-fabric
|
Cat6500 not reporting Optical Power Level for X6904 40G Linecard
|
CSCuc10919
|
cat6000-firmware
|
WS-X6904-40G power on leads to control-plane traffic loss on Cat6K
|
CSCtz53188
|
cat6000-ha
|
Multiple Traceback @ ipc_locate_port after switchover
|
CSCuf20989
|
cat6000-ha
|
MA2b: ICS also goes for a reload on sso saying "Active not responding"
|
CSCsj97387
|
cat6000-hw-fwding
|
show mls cef hardware does not honour pager
|
CSCub46713
|
cat6000-hw-fwding
|
Migrating mls rate-limit config to sup2t sets burst size to 1 packet
|
CSCub82035
|
cat6000-hw-fwding
|
C2 4SUP: After triggering Port-Sec err-dis, sh mac-add o/p hangs console
|
CSCuc76227
|
cat6000-hw-fwding
|
SUP2T - packet forward to the wrong dest index
|
CSCuc43594
|
cat6000-ipc
|
VSS NTI_AGENT_STATUS_TIMED_OUT: IPC sessions not cleared on sup failover
|
CSCua16716
|
cat6000-l2-ec
|
Stdby supervisor crashes with PO secondary aggregator
|
CSCty86250
|
cat6000-l2-infra
|
Sup2T Failover Changes DLY Value
|
CSCub72971
|
cat6000-l2-infra
|
inrerface resets counter shows 4294967295 after module OIR/switchover
|
CSCub94484
|
cat6000-l2-infra
|
Mem leak is seen in pool_grow_cache
|
CSCud43211
|
cat6000-l2-infra
|
6500 Switch Crash / Port channel configration on SXI3 Image
|
CSCuc00432
|
cat6000-l2-mcast
|
memory leak seen in mcast_etrack_locate_stats
|
CSCuf34043
|
cat6000-ltl
|
C4 Quad: On Z-Switchover remote link is going to UDLD err-disabled state
|
CSCud67557
|
cat6000-mcast
|
MVPN feature not available in advipservices image
|
CSCud83152
|
cat6000-mcast
|
MVPN traffic punted to RP due to misprogrammed MTU
|
CSCue52637
|
cat6000-mcast
|
Multicast traffic blackholed after deleting a vlan
|
CSCug10856
|
cat6000-mcast
|
s72033-ipbasek9:ISSU from ma2.0 to ma2.b old active sp crashes & reloads
|
CSCue21282
|
cat6000-netflow
|
SUP2T I/O Memory Leak Due to CDP
|
CSCuc84396
|
cat6000-oir
|
Missing modules in CISCO-STACK-MIB
|
CSCud60412
|
cat6000-oir
|
reset of the stdby chassis Estelle causes CPU_MONITOR, KPA & VSL msg
|
CSCsq15198
|
cat6000-qos
|
EPC:SRD:RSP720:OSPF/BFD flaps when Gi5/2 (RSP gi link) is no shutted
|
CSCub81771
|
cat6000-qos
|
Revert support to allow multiple ace's in class-map
|
CSCub93731
|
cat6000-qos
|
Cat6K Sup2T crash in QoS policy
|
CSCuc06115
|
cat6000-qos
|
C2-Quad: Aggregate policy programming inconsistent after each SSO
|
CSCuc28707
|
cat6000-qos
|
MLS QoS statistics Export not exporting all statisticS
|
CSCud36335
|
cat6000-qos
|
Certain queuing functionality not configurable in slot 1 cards
|
CSCud98850
|
cat6000-qos
|
Sup2T: Crash when execute sh platform datapath last multiple times
|
CSCue57638
|
cat6000-qos
|
LC 6904 expects priority queue limit in rcv-queue cli
|
CSCue82604
|
cat6000-qos
|
'TCAM label capacity exceeded' may log with low TCAM utilization
|
CSCua84226
|
cat6000-routing
|
LISP: "earl_lif_free_entry failed for LISP0" seen on del router lisp
|
CSCud49596
|
cat6000-routing
|
secondary pvlan traffic fails urpf strict check
|
CSCud96150
|
cat6000-routing
|
6500 15.1(1)SY VRF vpn-num misprogammed causes connectivity issues
|
CSCue03296
|
cat6000-routing
|
Build errors due to CSCud49596
|
CSCue03531
|
cat6000-snmp
|
6500-Transceiver/SFP SNMP polling interrupted when changing port config
|
CSCub65063
|
cat6000-span
|
standby sup crashed when "no ipv6 pim rp-address" is configured
|
CSCub12941
|
cat6000-svc
|
Etherchannel of IDSM goes 'W' state after SSO
|
CSCub94085
|
cat6000-svc
|
SXJ: CSM/CSM-S/SSLM modules should be powered down
|
CSCud15384
|
cat6000-svc
|
Vlan-Based Qos fails for Wism module
|
CSCue06000
|
cat6000-svc
|
Boot device statements are lost after reload on a VSS.
|
CSCuf39348
|
cat6000-svc
|
C4MA2B: %OIR-SW1_STBY-3-SOFT_RESET_SSO Error for FWSM on SUP SSO
|
CSCud16543
|
cat6000-sw-fwding
|
IBC TX Freeze on Sup2T with CTS/MACsec
|
CSCuc31256
|
cat6k-vs-diag
|
Sup2T Quad Sup: Active sup crashes and does not recover
|
CSCub45763
|
cdp
|
crash following SYS-2-FREEFREE and SYS-6-MTRACE messages
|
CSCub72198
|
config-sync
|
DUT getting crash while upgrading from Zave-SG7 to Texel
|
CSCud24601
|
config-sync
|
dC4MA2B:ics_cs_nego_open_active_port: ERROR seen on SSO in Quad-SUP
|
CSCtz74540
|
cpu
|
2 Sup VSS - Mistral interrupt on SP : old active remains in RP Rommon
|
CSCto39849
|
cts
|
"cts dot1x" intfs in startup-config lead to long bootup time in VSS
|
CSCub85948
|
device-sensor
|
Memory leak caused by CDP, LLDP or DHCP traffic
|
CSCub65395
|
dhcp
|
Sup720 crashes at dhcpd_forward_reply
|
CSCud51025
|
dhcp
|
DHCP relay crash @dhcpd_relay_remove_info_option
|
CSCud52349
|
dot1x-ios
|
Abnormal role selection when aaa is unreachable from seed device
|
CSCud62199
|
eigrp
|
IOS EIGRP Speaker Fails to Install Routes from ASA Peer after CSCtt17785
|
CSCtq91063
|
fib
|
Crash while fragmenting a tunnel packet
|
CSCub15402
|
fib
|
VRF is not getting deleted for a long time.
|
CSCuc37047
|
fib
|
VSS crashes on reconfiguring "ipv6 unicast-forwarding" couple of times
|
CSCue31321
|
fib
|
Crash while running "show ip cef ... detail"
|
CSCuc19862
|
flexible-netflow
|
Flexible Netflow on cellular int cause spurious mem access and CPU HOG
|
CSCud16764
|
flexible-netflow
|
Traceback@ async_fastsend upon reload
|
CSCud86954
|
flexible-netflow
|
Flexible Netflow with DMVPN: Lost cache entry
|
CSCud71233
|
ha-ifindex-sync
|
c4ma2: Notification timer Expired for RF Client: IfIndex(139)
|
CSCue61332
|
ha-issu-infra
|
MA2B : Active sup hangs during boot up after 2nd SSO in IPBASE image
|
CSCuc54300
|
ha-red-mode-client
|
Standby crashes, Notification timer Expired for RF Client
|
CSCsw74926
|
idb
|
show interface <int name> dampening command is broken
|
CSCtx43599
|
idb
|
Backup Interface does not go into backup state
|
CSCud57852
|
ifs
|
c4ma2b: Startup-config is erased when i copy to nvram and reload on ICS
|
CSCue93416
|
ifs
|
c4ma2b: Startup-config is erased when i copy to nvram and reload on ICS
|
CSCub12694
|
ip
|
%SYS-2-INTSCHED: 'may suspend' -Process= "IP SNMP" logs seen
|
CSCuc88846
|
ip
|
Extend Unicast Multitopology Routing (MTR) support to Cat6k
|
CSCuc93361
|
ip
|
"ip" protocol is not accepted in ping command
|
CSCud94939
|
ip
|
IP ICMP debugs needs to print MTU Value
|
CSCee23195
|
ipc
|
Spurious memory access in show ipc queue .
|
CSCud11731
|
ipc
|
c2ma2b: ALIGN-1-FATAL: Corrupted program counter
|
CSCue55377
|
ipc
|
Module (WS-X6816-10GE) crash @ ipc_compare_seats
|
CSCub17584
|
ipmulticast
|
IOSD crash ipmulticast pim when flapping LNS sessions
|
CSCuc19046
|
ipmulticast
|
Crash in pmt_mrib_delete_entry following "clear ip mroute *"
|
CSCuc22217
|
ipmulticast
|
PIM Registration Delay after Link Flap
|
CSCud08166
|
ipmulticast
|
ASR1K Crashes on mvrf delete when RP ACL is extended (unsupported cfg)
|
CSCud36723
|
ipmulticast
|
RPF updates not working for IPv6 multicast on t_base_3
|
CSCtu28696
|
ip-rip
|
ASR1k RP exception @ rip_process_mgd_timers on clear ip route*
|
CSCua91473
|
ipsec-api
|
crypto_kmi_add_data_to_pyld memory leak at IPSEC key engine process
|
CSCuc71706
|
ipsec-api
|
show run command runs for minutes
|
CSCtr45287
|
ipsec-core
|
3900 router crashes when the dvti tunnel count reaches 2500+
|
CSCts08224
|
ipsec-core
|
Expected Inspect ACL/Sessions are not found for most of the protocols,
|
CSCtz50204
|
ipsec-core
|
Crash seen while applying "vrf ivrf2" on Server
|
CSCtz69527
|
ipsec-core
|
RRI: Route not found on UUT for RRI testcases
|
CSCtz94286
|
ipsec-core
|
Router with ISM-VPN module requires GRE permit entry on outside ACL
|
CSCua15292
|
ipsec-core
|
router crashed at be_crypto_check_acl
|
CSCua21201
|
ipsec-core
|
RP2 reloaded in 8k tunnel overnight traffic test
|
CSCua33821
|
ipsec-core
|
crypto_acl: CPU utilization shoots up to 99% after config crypto maps
|
CSCua55423
|
ipsec-core
|
"security-association lifetime" not reflected in configs
|
CSCua78782
|
ipsec-core
|
EzVPN Connection down due IPSEC SA nego failure on Inception
|
CSCub49291
|
ipsec-core
|
DMVPN IPv6: Static tunnels failed to build between hub and spokes
|
CSCub95141
|
ipsec-core
|
FP pending message refs on removing 'crypto local-address loopback'
|
CSCub99756
|
ipsec-core
|
ASR1K GETVPN GM uses wrong SPI after rekey until old SA expires.
|
CSCuc25529
|
ipsec-core
|
Incorrect mask being applied when route is added
|
CSCud03877
|
ipsec-core
|
XE371: after volume rekey, ipsec pd flow set soft/hard traffi limit to 0
|
CSCua45206
|
ipsec-dmvpn
|
Hub crashed while removing Stale Cache entry
|
CSCub10809
|
ipsec-dmvpn
|
NHRP commands removed when using EEM script to unshut the interface
|
CSCuc45528
|
ipsec-dmvpn
|
Incremental leaks at :__be_nhrp_recv_error_indication
|
CSCua39107
|
ipsec-flexvpn
|
iprib_first_hop not returning NHO route added by NHRP
|
CSCub07382
|
ipsec-flexvpn
|
FlexVPN : Spoke to Spoke : NHRP cache entry expires even with traffic
|
CSCub20385
|
ipsec-getvpn
|
GETVPN SNMP: Rekey failure trap not sent on installation failure
|
CSCub42920
|
ipsec-getvpn
|
GETVPN: KS fails to validate hash in rekey ACK from previous GM versions
|
CSCub99778
|
ipsec-getvpn
|
ASR1K GETVPN GM does not attempt registration after reload interface up
|
CSCuc77704
|
ipsec-getvpn
|
GETVPN Suite-B: esp-sha2-hmac TEK policy not downloaded to COOP-KS Sec
|
CSCua51991
|
ipsec-ikev2
|
Inconsistency for IPSec SA count between IKEv2 and IPSec PI database
|
CSCuc47399
|
ipsec-ikev2
|
IKEv2-Accounting Wrong values in STOP Records when locally cleared
|
CSCty48712
|
ipsec-isakmp
|
DMVPN/EZVPN Hub can't tell difference between endpoints with the same IP
|
CSCua15759
|
ipsec-isakmp
|
IOS crashed in function construct_phase2_hash
|
CSCua18823
|
ipsec-switching
|
DMVPN tunnel on 7200 pltfm encaps packets with TTL=1 on MPLS-VRF setup
|
CSCub45054
|
ip-tunnels
|
OQD Counter issue:Packet Drops seen on mGRE tunnel.
|
CSCub96618
|
ip-tunnels
|
[RLS14]idb creation failed: XDR updates arrived before parser updates
|
CSCuc39148
|
ipv6
|
PPP-Prefix delegatation - IPv6 /128 route not installed to routing table
|
CSCuc50764
|
ipv6
|
Removing ND Prefix doesn't remove the associated connected route
|
CSCud22222
|
isis
|
ISIS IP FRR crash upon interface/neighbor up event
|
CSCud38297
|
isis
|
IPv6 ISIS summary-prefix advertised as inter-area route
|
CSCud38774
|
ldap
|
Router get stuck at 100% CPU while doing scale testing with curl-loader
|
CSCud89244
|
ldap
|
IOS LDAP w/ Win 2008 Server : Intermittent Failure w/ socket write error
|
CSCts75737
|
lisp
|
Traceback @ swidb_if_index_link_identity on standby RP
|
CSCua37873
|
mcast-vpn
|
LSM: MCAST traffic drops at th3 rx PE upon VSS SSO when VSL come back up
|
CSCub38559
|
mcast-vpn
|
MVPNV6:Recursive RPF lookup fails on egress PE w/static route/mroute
|
CSCua18166
|
medianet-metadata
|
Need to support sub-app-id
|
CSCua60785
|
medianet-metadata
|
Metadata class-map matches only the first match statement for mediatype
|
CSCua86620
|
medianet-metadata
|
Metadata App-ID for vmware incorrect
|
CSCud33159
|
mpls-mfi
|
C3925: MPLS traffic is Process switched over ATM interface
|
CSCuc13805
|
mpls-te
|
MPLS-TE leak; explicit ID path options; high#failed activation
|
CSCud71211
|
mpls-te
|
reoptimization cleanup delay does not work for path protection
|
CSCua12396
|
mrib
|
MFIB Linecard Sync Fails across stack in IPV6 Multicast Routing
|
CSCed01880
|
nat
|
Not able to configure NAT tcp timeouts beyond 4194 sec
|
CSCub18395
|
nat
|
PAT not working when shut/no shut nat+hrsp config interface
|
CSCub78079
|
nat
|
NAT per VRF: parser fail with route-map applied to static nat
|
CSCud08682
|
nat
|
NAT not translating Traceroute's ICMP Unreachables
|
CSCud09626
|
nat
|
NAT PPTP use_count 1 entry not removed if TCP data segment with FIN flag
|
CSCud95251
|
nat
|
static nat with vrf looses vrf name after nat translations expire
|
CSCue21223
|
nat
|
Intermitant HSRP hellos not sent w/ IP NAT redundancy configured on SVI
|
CSCua31934
|
nhrp
|
Crash seeen at __be_address_is_unspecified
|
CSCub99216
|
nhrp
|
ASR: hub should not fwd resolution req for an authoritative cache entry
|
CSCub98634
|
ntp
|
ntp access-group serve prevent proper client synchronization
|
CSCud70205
|
nvram
|
VSS - Standby Reload when NVRAM accessed from multiple sessions
|
CSCue81327
|
oce
|
C4MA2B : Crash seen while hardware reset on stand-by
|
CSCud53872
|
os-logging
|
ASR1K sends syslogs with the wrong source address after a reboot.
|
CSCtw65575
|
ospf
|
get for ospfv3AreaAggregateTable objects causes router to crash
|
CSCua47056
|
ospf
|
Seeing crash in core switch with nsf enabled
|
CSCub04112
|
ospf
|
Quick interface re-configuration causes removal of OSPF routes
|
CSCub06859
|
ospf
|
VSS quad-sup invokes standby down notification on active on switchover
|
CSCub80386
|
ospf
|
OSPF MANET:Mismatched hello parameters experienced with Relay IPv6 Test
|
CSCuc05728
|
ospf
|
7600 OSPF looses "TE MCAST" for mcast route and install it in GRT
|
CSCud01774
|
ospf
|
OSPFv2 : crash on router unconfig
|
CSCua13273
|
parser
|
RP Crash on executing 'show crypto ipsec security'
|
CSCua97589
|
parser
|
No service prompt config command shows incorrect prompt
|
CSCub83068
|
parser
|
Archive config fails if protocol sctp is defined in an IPC zone
|
CSCud27379
|
parser
|
WS-SUP720-3B Crashes due to parser component issue
|
CSCub88742
|
pim
|
MLDPv6 Scale - Ingress PE, SSO twice then flap "mpls mldp" Crash
|
CSCtz68776
|
pki
|
correct OCSP response invalidated due to thisUpdate field in the future
|
CSCtz81129
|
pki
|
OCSP revocation check uses the source interface loopback for destination
|
CSCua16122
|
pki
|
CRL revocation check fails when chain-validation configured
|
CSCua46153
|
pki
|
IOS-CA server at standby device gets disabled during autorollover
|
CSCua49764
|
pki
|
Https created WExp certificate - WExp went to offline after upgrade
|
CSCua65639
|
pki
|
IOS CA Server fails to auto-grant RA CS certificate requests
|
CSCua93995
|
pki
|
Memory leak in PKI-CRL process - negative CRL cache size reported
|
CSCub91815
|
pki
|
Authentication with valid certificate fails on spoke-to-spoke DMVPN
|
CSCuc08964
|
pki
|
IOS PKI server updates CRL even when server is shut down
|
CSCuc53085
|
pki
|
PKI public key cache entries randomly deleted after manual CRL update
|
CSCuc43794
|
redundancy-rf
|
asr903: %PRST_VBL-3-GENERAL: Persistent general error: Is API usable
|
CSCty44654
|
ribinfra
|
router Crash seen with GRE+IPV6+VRF : ipmcast_lib_ipv6_rpf_lookup
|
CSCua98902
|
ribinfra
|
Remote LFA FRR support for whales - fibidbnot getting initialized
|
CSCuc55634
|
ribinfra
|
IPV6 static route unable to resolve the destination
|
CSCud03646
|
ribinfra
|
Repair path points to drop adj with remote-LFA after 2nd SSO
|
CSCsr02168
|
rsps-time-rptr
|
Unexpected NO_SYNC when using microseconds precision.
|
CSCtx45970
|
rsps-time-rptr
|
Crash with group scheduling when freq. is not multiple of history interv
|
CSCuc61817
|
rsvp
|
ASR903 crashes @ rsvp_rsb_expiry while removing mpls te tunnels
|
CSCtg82170
|
sla
|
IP SLA destination IP/port config changes over a random period of time
|
CSCtz13812
|
sla
|
2960S can not receive the IP SLA control message from sender
|
CSCua03037
|
sla
|
IP SLA: NumOfRTT & PacketLateArrival incremented for same packet
|
CSCua54689
|
sla
|
Wrong source IP used in path-jitter probe configured in VRF
|
CSCua80784
|
sla
|
Invalid number of IP SLA configurable probes
|
CSCub47374
|
sla
|
Router crashes during IP SLA probe removal/reconfiguration
|
CSCud11078
|
sla
|
MA1.3: Crash observed with auto IP SLA probe for ethernet cfm
|
CSCua66481
|
smartoperations
|
SMI-Image tftp permission is deleted when one group is deleted
|
CSCuc55547
|
smartoperations
|
SMI Startup VLAN is tied to SVI-1's IP for becoming director
|
CSCth03648
|
snmp
|
Pending SNMP Informs builds up and eventually crashes 29xx/37xx switches
|
CSCts87275
|
snmp
|
Cat4k with sup7e : same snmp engineID on different cat4k switches
|
CSCub80710
|
ssl
|
SSL handshake failure with ASR 3.7
|
CSCud79481
|
udp
|
Crash on 6500 on executing "show ip helper address"
|
Caveats Resolved in Release 15.1(1)SY
Resolved AAA Caveats
•CSCsv06973—Resolved in 15.1(1)SY
Symptom: Router crashes For Authentication RESPONSE with GETUSER and when getuser-header-flags is modified and sent.
Conditions: TACACS single-connection is configured. When authorization is configured Telnet to router and removing authorization,telnet to router again
Workaround: Do not use TACACS single-connection option.
•CSCsv38166—Resolved in 15.1(1)SY
The server side of the Secure Copy (SCP) implementation in Cisco IOS software contains a vulnerability that could allow authenticated users with an attached command-line interface (CLI) view to transfer files to and from a Cisco IOS device that is configured to be an SCP server, regardless of what users are authorized to do, per the CLI view configuration. This vulnerability could allow valid users to retrieve or write to any file on the device's file system, including the device's saved configuration and Cisco IOS image files, even if the CLI view attached to the user does not allow it. This configuration file may include passwords or other sensitive information.
The Cisco IOS SCP server is an optional service that is disabled by default. CLI views are a fundamental component of the Cisco IOS Role-Based CLI Access feature, which is also disabled by default. Devices that are not specifically configured to enable the Cisco IOS SCP server, or that are configured to use it but do not use role-based CLI access, are not affected by this vulnerability.
This vulnerability does not apply to the Cisco IOS SCP client feature.
Cisco has released free software updates that address this vulnerability.
There are no workarounds available for this vulnerability apart from disabling either the SCP server or the CLI view feature if these services are not required by administrators.
This advisory is posted at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090325-scp.
Resolved IPServices Caveats
•CSCtl59814—Resolved in 15.1(1)SY
Symptoms: Kerberos/Encrypted Telnet code needs to be improved. There is a potential buffer overflow condition in the code. There is no proof of an attack vector/exploit. However, the code needs to be improved.
Conditions: Cisco IOS device configured for Kerberos/Encrypted Telnet access.
Workaround: None
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5.4/4.1: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:U/RC:UC No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Resolved Multicast Caveats
•CSCts37717—Resolved in 15.1(1)SY
Symptoms: Active RP may crash while processing packets. Conditions: Device is processing packets which are being punted to the RP at a rate faster than memory can be allocated or deallocated. Workaround: Implementing a CoPP policy rate-limiting packets punted to the RP may be a workaround, depending on specific circumstances and traffic pattern PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5.4/4.5: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C CVE ID CVE-2012-1317 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCtz28544—Resolved in 15.1(1)SY
Symptoms: Cisco ASR 1000 Series Aggregation Services Routers configured for Multicast Listener Discovery (MLD) tracking for IPv6 may reload after receiving certain MLD packets. The following traceback will be shown in the logs.
Exception to IOS Thread: Frame pointer 4081B7D8, PC = 1446A878
ASR1000-EXT-SIGNAL: U_SIGSEGV(11), Process = MLD
Conditions: Cisco ASR 1000 Series Aggregation Services Routers configured for Multicast Listener Discovery (MLD) tracking for IPv6.
Workaround: The only workaround is to disable MLD tracking.
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.1/5.8:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:A/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:U/RC:C
CVE ID CVE-2012-1366 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Resolved Routing Caveats
•CSCin14467—Resolved in 15.1(1)SY
Symptoms: A router may forward IP packets even when IP processing is disabled on the incoming interface.
Conditions: This symptom is observed on all Cisco routers running Cisco Express Forwarding (CEF).
Workaround: Configure an inbound access-list denying all traffic on the interface without IP address. Example :
access-list 100 deny ip any any
int x no ip address ip access-group 100 in
•CSCti33534—Resolved in 15.1(1)SY
Symptoms: After launching a flood of random IPv6 router advertisements when an interface is configured with "ipv6 address autoconf", removing the IPv6 configuration on the interface with "no ipv6 address autoconf" may cause a reload. Other system instabilities are also possible during and after the flood of random IPv6 router advertisements.
Conditions: Cisco IOS is configured with "ipv6 address autoconf".
Workarounds: Not using IPv6 auto-configuration may be used as a workaround.
Further Information: Cisco IOS checks for the hop limit field in incoming Neighbour Discovery messages and packets received with a hop limit not equal to 255 are discarded. This means that the flood of ND messages has to come from a host that is directly connected to the Cisco IOS device.
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.1/5.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:A/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2010-4671 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCts16133—Resolved in 15.1(1)SY
Symptoms: Cisco IOS Software on the Catalyst 6500 and 7600 may crash after removing/readding object-group configuration.
Conditions:
–Ie: Initial config:
object-group ip address foo_obj
–Then configure:
no object-group ip address foo_obj
object-group ip address foo_obj
10.1.1.0 255.255.255.0 <<< Sup may crash here
Workarounds:
–Workaround is to perform object-group changes in this order:
· First remove the ACLs which are referencing the object-group
· Then remove/rebuild the object-group
· Then reconfigure the ACL
Ie:
no ip access-list extended foo_acl
no object-group ip address foo_obj
object-group ip address foo_obj
ip access-list extended foo_acl
permit tcp addrgroup foo_obj any log-input
<...re-configure rest of ACL>
Further Problem Description:
Cisco IOS Software on the Catalyst 6500 and 7600 series contains a vulnerability that could allow an authenticated, local attacker to cause a reload of an affected device.
The vulnerability issue is due to logic processing in the ACL code. An attacker could exploit this vulnerability by editing the ACLs on the device.
An exploit could allow the attacker to reload the affected device.
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.6/3.8: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:L/AC:L/Au:S/C:N/I:N/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2012-5037 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCtt35379—Resolved in 15.1(1)SY
Summary Cisco IOS Software contains a vulnerability in the Border Gateway Protocol (BGP) routing protocol feature.
The vulnerability can be triggered when the router receives a malformed attribute from a peer on an existing BGP session.
Successful exploitation of this vulnerability can cause all BGP sessions to reset. Repeated exploitation may result in an inability to route packets to BGP neighbors during reconvergence times.
Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-bgp
Note: The September 26, 2012, Cisco IOS Software Security Advisory bundled publication includes 9 Cisco Security Advisories. Eight of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2012 bundled publication.
Individual publication links are in "Cisco Event Response: Semi-Annual Cisco IOS Software Security Advisory Bundled Publication" at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.1/5.9: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C CVE ID CVE-2012-4617 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCty58300—Resolved in 15.1(1)SY
Summary Cisco IOS Software contains a vulnerability in the Border Gateway Protocol (BGP) routing protocol feature.
The vulnerability can be triggered when the router receives a malformed attribute from a peer on an existing BGP session.
Successful exploitation of this vulnerability can cause all BGP sessions to reset. Repeated exploitation may result in an inability to route packets to BGP neighbors during reconvergence times.
Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-bgp
Note: The September 26, 2012, Cisco IOS Software Security Advisory bundled publication includes 9 Cisco Security Advisories. Eight of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2012 bundled publication.
Individual publication links are in "Cisco Event Response: Semi-Annual Cisco IOS Software Security Advisory Bundled Publication" at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.1/5.9: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C CVE ID CVE-2012-4617 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCty89224—Resolved in 15.1(1)SY
Symptom: IOS router may crash under certain circumstances when receiving a mvpnv6 update
Conditions: Receive mvpnv6 update
Workaround: None
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.8/5.6: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:S/C:N/I:N/A:C/E:F/RL:OF/RC:C CVE ID CVE-2012-3895 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Resolved Security Caveats
•CSCsu73525—Resolved in 15.1(1)SY
Symptom: Traceroute output becomes incorrect because VSA does not do a TTL decrement on the packet after decryption.
Conditions: The symptom is observed when configured IPSec with C7200 NPE-G2 VSA.
Workaround: Disable HW crypto engine - Use VTI
•CSCta79031—Resolved in 15.1(1)SY
Symptom: If a cert map is changed of added to the trustpoint, the pub key cache for the peers is not cleared. This makes it possible for a client which was connected in the past to reconnect again even if it's cert was banned by the cert map.
Updated the `Configuring Authorization and Revocation of Certificates in a PKI' module with notes to indicate - If a certificate map is changed or added to the trustpoint, the public key cache for the peers is not cleared.
The link to the latest document is: http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_cfg_auth_rev_cert.html#wp1107650
Workaround: N/A
•CSCth82164—Resolved in 15.1(1)SY
Symptom: A peer's key is cached indefinitely in the key cache.
The following messages indicate bypassing the revocation check.
*Jul 13 18:43:18.095: ISAKMP:(1002): peer's pubkey is cached
*Jul 13 18:43:18.095: CRYPTO_PKI: Found public key in hash table. Bypassing
certificate validation
Conditions: A method (OCSP, CDP, etc.) to check for certificate revocation is used, then it is changed to "none" ("revocation check none"), and finally it gets changed to some revocation method again.
This configuration transition "revocation check -> no revocation check -> revocation check" is what causes a problem.
Workaround: None.
Further Information: The problem is independent of which revocation method is used (OCSP, CDP). The problem will happen when revocation check is disabled with the command "revocation none". This would cache the peer's key infinitely into the cache. After this, turning on any revocation method will have no efect; validation will always succeed since the keys are cached.
The problem will only happen if someone turns off revocation and then later realizes that it was a mistake and turns it back on. If remote peer's key is cached within that period then that cache entry will never be deleted. End Result: If the same remote peer tries to establish the tunnel again we would bypass validation and would not check if it is still a valid peer or not.
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5.0/4.1:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:U/RC:C
CVE ID CVE-2011-0935 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCtl59829—Resolved in 15.1(1)SY
Symptom: Login success and failure messages only display the first 32 bits of the IPv6 source address in IPv4 format.
Source Address FC00::1
*Aug 5 19:39:07.195: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: cisco] [Source: 252.0.0.0] [localport: 23] [Reason: Login Authentication Failed - BadPassword] at 19:39:07 EST Wed Aug 5 2009
Conditions:
–Telnet or SSH from IPv6 enabled device to IPv6 address on router or switch.
–Have login success and failure logging enabled.
login on-failure log
login on-success log
Workaround: None
Further Problem Description: The IPv4 address is derived from the first 32 bits of the IPv6 address.
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4/3.3:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:S/C:N/I:P/A:N/E:F/RL:OF/RC:C
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCto00318—Resolved in 15.1(1)SY
Symptoms: SSH session that is initiated from a router that is running affected Cisco IOS software may cause the router to reboot.
Conditions: Occurs when performing a SSH client session from the router.
Workaround:
Do not initiate a SSH session from the device.
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.6/4: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:L/AC:L/Au:S/C:N/I:N/A:C/E:H/RL:OF/RC:C
CVE ID CVE-2012-4638 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCtq61128—Resolved in 15.1(1)SY
Symptom: Router crash with Segmentation fault(11)
Conditions: It was observed on routers acting as IPSEC hub using certificates.
Workaround None PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.3/5.2: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:S/C:N/I:N/A:C/E:F/RL:OF/RC:C CVE ID CVE-2011-4231 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCts68262—Resolved in 15.1(1)SY
Symptoms: Certain SSH version 2 packets may cause a memory leak on a Cisco IOS device configured for SSH. Authentication is needed in order to exploit this vulnerability.
Conditions: This issue is observed on a Cisco IOS device configured for SSH version 2 after it has received malformed SSHv2 packets. Successful, exploitation may cause system degradation or a partial denial of service condition on an affected device.
Workaround: The only workaround is to disable SSH version 2.
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4/3.6: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:U/RC:C
CVE ID CVE-2011-3312 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCtt28703—Resolved in 15.1(1)SY
Symptom: VPN client with RSA-SIG can access a profile where his CA trustpoint is not anchored
Conditions: Use of RSA-SIG
Workaround: Restrict access by using a certificate-map matching the right issuer.
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:S/C:P/I:N/A:N/E:POC/RL:W/RC:C No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCth99104—Resolved in 15.1(1)SY
Symptom: Certificate that should not be allowed bypasses validations checks.
Conditions: This happens when the PKI validation test command is used.
Workaround: Do not use the PKI validation test command.
Further Information: The PKI validation test command invokes the pubkey insert api which erroneously adds pubkey entries when at times it should not. this results in all subsequent validations bypassed for the same certificate.
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 1.7/1.4:
https://intellishield.cisco.com/security/alertmanager/cvss?target=new&version=2.0&vector=AV:L/AC:L/Au:S/C:P/I:N/A:N/E:F/RL:OF/RC:C/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Resolved Cisco IOS Caveats
•CSCta11223—Resolved in 15.1(1)SY
Symptoms: A Cisco router may crash when the show dmvpn or show dmvpn detail commands are entered.
Conditions: This symptom is observed when the device is running Cisco IOS and configured with DMVPN. The crash occurs when the show dmvpn or show dmvpn detail commands are entered two or more times.
Workaround: There is no known workaround.
•CSCtc49782—Resolved in 15.1(1)SY
Symptoms: Upgrade from 12.2(18)SXF6 to 12.2(33)SXH5 introduced additional vty lines to the running-configuration (vtp line 5 - 15). These new lines do not inherit the security ACL or transports configured by the customer on the old lines (0-4). Switch upgrade caused device to be non-compliant with network security policy defined by customer.
Condition: Software upgrade from 12.2(18)SXF6 to 12.2(33)SXH5.
Workaround: We have to manually configure the ACL for those newly introduced vty lines.
•CSCtd35382—Resolved in 15.1(1)SY
Symptom: Smart Install is a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches. This means that a customer can ship a switch to a location, place it in the network and power it on with no configuration required on the switch.
When a vulnerability scanner such as NMAP, Nessus, Retina or other is run against the Smart Install port (TCP port 4786) the switch may display some memory error messages such as the following:
14w1d: %SYS-2-MALLOCFAIL: Memory allocation of 1633771873 bytes failed from 0x1BB2EE8,
alignment 0
Pool: Processor Free: 5159776 Cause: Not enough free memory
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "SMI IBC server process", ipl= 0, pid= 185
-Traceback= 29AF8E4 29B1E04 29B2068 2C3D198 1BB2EEC 1BB3144 1BB32D4 1BB35E8 1BB1EF0
1B2EDA8 1B25878
!! smi_socket_recv_read_data : Malloc Failed for msg_data
!! smi_socket_recv_read_data : Malloc Failed for msg_data
These messages do not cause any operational impact to the affected device (switch).
Conditions: Switch configured with the Smart Install feature (client or director).
Workaround: In Smart Install implementations the client switches are served by a common director. The switch selected as the director provides a single management point for images and configuration of client switches. hen a client switch is first installed into the network, the director automatically detects the new switch, and identifies the correct Cisco IOS image and the configuration file for downloading.
Switches that are clients have the Smart Install feature enabled by default and it cannot be disabled. The only way to workaround this issue is to apply an access control list (ACL) blocking TCP port 4786, if smart install is not needed.
•CSCtd95386—Resolved in 15.1(1)SY
Symptom: An IPSec tunnel can be torn down if the router receives a replayed QM (Quick Mode) packet.
Conditions: This is only a problem when a replayed QM packet is received on an IPSec endpoint.
Workaround: None at this time.
•CSCtg09360—Resolved in 15.1(1)SY
Symptom: Dot1x or port-security violation with RSPAN configured was observed.
Conditions: RSPAN should be configured.
Workaround:
–Disable RSPAN
Or
–For Dot1x - change dot1x authentication mode on interface to multi-host
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 2.9/2.9: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:A/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:C No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCti54173—Resolved in 15.1(1)SY
Symptoms: A Cisco7200 w/VAM2 2 configured for GETVPN may experience a memory leak for every packet that is fragmented at high CPU. This may cause system stability and the device to potentially reload. These packets are received from a trusted and configured GETVPN peer.
Conditions: The symptom is observed on a Cisco 7200 series router.
Workaround: There is no workaround.
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.9/4: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:S/C:N/I:N/A:C/E:F/RL:OF/RC:C No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCti99869—Resolved in 15.1(1)SY
Symptom: Middle buffer iomem leaks seen with dhcp snooping in relay agent environments alongwith the following error messgaes (error messages are seen when the free iomem goes very low and is unable to service a request for a buffer from it)
%SYS-2-MALLOCFAIL: Memory allocation of 1748 bytes failed from 0x42275FC0, alignment 32 Pool: I/O Free: 1264736 Cause: Memory fragmentation Alternate Pool: None Free: 0 Cause: No Alternate pool -Process= "Pool Manager", ipl= 0, pid= 9
Conditions: DHCP snooping configured on the switch and snooping is operating in a relay agent environment. Problem is seen in 12.2SXI-12.2SXI4.
Problem not present in 12.2SXF, 12.2SXH, 12.2SRC,SRB,SRD based releases
Workaround: Force process switching of software switched packets on the dhcp server facing interface on the cat6k by configuring the no ip route-cache command on the router facing interface.
PSIRT Evaluation: The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCtj90091—Resolved in 15.1(1)SY
Symptom: When an ICMPv6 ACL is applied to an interface on PFC3C system, fragment entry may not be created in TCAM.
Conditions: None
Workaround: No workaround
Further Problem Description: None
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.1: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C CVE ID CVE-2011-4012 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCtj95182—Resolved in 15.1(1)SY
Symptom: When using a network scanner to check the network components if there have security issues or are woundable on a 3750, it apears that CPU goes high and there is a memory leak in SMI IBC server process
Conditions : Network scanner run on a 3750 running 12.2.55.SE
Workaround: None
•CSCtk54650—Resolved in 15.1(1)SY
Symptoms: After modifying the IPv6 ACL it can happen that some lines in the ACL get multiply indefinitely. Once we try to save such a config it will generate the following error:
%SYS-SP-4-CONFIG_NV_NEED_OVERRUN: Non config data present at the end of nvram
needs to be overwritten to fit the configuration into nvram
and the VTY line will hang.
Reloading the box in this state will result in empty configuration.
Conditions: Modifying the IPv6 ACL
Workaround: Remove and reapply the ACL
Further Problem Description: Upgrade to a release that has Cisco Bug ID: CSCts16133 integrated.
•CSCtl88673—Resolved in 15.1(1)SY
Symptom: Enhancements to GDOI processing
Conditions: N/A
Workaround: N/A
•CSCtn22376—Resolved in 15.1(1)SY
Symptoms: A memory leak occurs when processing specific packets, when ikev2 debugging is enabled.
Conditions: ikev2 debugging must be enabled
Workaround: Disable ikev2 debugging.
Further Problem Description: None.
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/3.9: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C CVE ID CVE-2012-0360 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCto10165—Resolved in 15.1(1)SY
Summary A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device.
Cisco has released free software updates that address this vulnerability.
There are no workarounds available to mitigate this vulnerability other than disabling the Smart Install feature.
This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-smart-install.
•CSCto72927—Resolved in 15.1(1)SY
Symptoms: Configuring an event manager policy may cause a cisco Router to stop responding.
Conditions: This issue is seen when a TCL policy is configured and copied to the device.
Workaround: There is no workaround.
•CSCtq36327—Resolved in 15.1(1)SY
Symptom: A loop between a dot1x enabled port and another a)dot1x enabled port configured with open authentication or b) non-dot1x port, will create a spanning-tree bpdu storm in the network.
Workaround: Avoid creating a loop.
Further Problem Description: This is a day-1 issue and the fix is available in SXI7, SXJ2 and MA2.
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.1/5.8: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:A/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:U/RC:C CVE ID CVE-2011-2057 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCtt03207—Resolved in 15.1(1)SY
Symptom: Traffic flows through unauthorized supplicant switch
Conditions: Authenticator Switch should have established auto-config with authorized supplicant switch. Now bring up, unauthorized supplicant switch by physically connecting to hub placed between ASW & SSW. Though wrong dot1x credential is used, ASW allows network access for unauthorized SSW.
Workaround: None
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 2.9/2.4: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:A/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCtt16051—Resolved in 15.1(1)SY
Cisco IOS Software contains a vulnerability in the Smart Install feature that could allow an unauthenticated, remote attacker to cause a reload of an affected device if the Smart Install feature is enabled. The vulnerability is triggered when an affected device processes a malformed Smart Install message on TCP port 4786.
Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.
This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-smartinstall
•CSCtw80533—Resolved in 15.1(1)SY
Symptom: Error message in the logs: %SYS-4-CHUNKSIBLINGSEXCEED: Number of siblings in a chunk has gone above the threshold. It is a result of a slow memory leak.
Conditions: Observed on ASR1000 running 15.1(2)S when polling crypto statistics
Workaround: Avoid stressing the box with multiple SNMP requests. Reload if the memory is completely depleted.
•CSCty90293—Resolved in 15.1(1)SY
Processing Improvements for GREv6 over IPv6 Currenlty requires IP CEFv6 to be disabled
Workaround: use "tunnel protection" instead
•CSCty96049—Resolved in 15.1(1)SY
Summary Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending a single DHCP packet to or through an affected device, causing the device to reload.
Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-dhcp
Note: The September 26, 2012, Cisco IOS Software Security Advisory bundled publication includes nine Cisco Security Advisories. Eight of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2012 bundled publication.
Individual publication links are in "Cisco Event Response: Semi-Annual Cisco IOS Software Security Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.8/6.4: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2012-4621 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCte83104—Resolved in 15.1(1)SY
Conditions: When an ipv6 RACL is confiured on an interface. All packets containing ipv6 optional headers are punted to RP. But if any packets that are sent with no L4 header are also hitting this punt entry present at the top of tcam.
Workaround: No Workaround:
•CSCtr88193—Resolved in 15.1(1)SY
Symptom: Either High CPU or Crash resulting from large number of ipv6 hosts.
Conditions: This has been seen while sending Multicast Listener Discovery packets with IPv6 and mld snooping enabled.
Workaround: none
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5.7/4.7:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:A/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2012-3062 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCtq39602—Resolved in 15.1(1)SY
Symptom: DMVPN Tunnel is down with IPSEC configured. The show dmvpn from Spoke shows the state is IKE.
Conditions: After heavy traffic was pumping from DMVPN Hub to Spoke for some time, from a few minutes to a couple of hours.
Workaround: Configure "set' security-association lifetime kilobytes disable" to disable volumn based rekeying will reduce the problem.
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.3/3.6: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C CVE ID CVE-2012-3915 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
•CSCtz02622—Resolved in 15.1(1)SY
Symptoms: FlexVPN spoke crashed while passing spoke to spoke traffic.
Conditions: Passing traffic from spoke to spoke or clearing IKE SA on the spoke
Workaround: None
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.1/5: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:M/C:N/I:N/A:C/E:F/RL:OF/RC:C CVE ID CVE-2012-3893 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Other Resolved Caveats in Release 15.1(1)SY
Identifier
|
Technology
|
Description
|
CSCec79136
|
—
|
Crypto Isakmp key adds subnet /24bits
|
CSCef95765
|
—
|
RIP offset-list interface option not saved in AF VRF context
|
CSCsg78501
|
—
|
IKE should not delete established tunnel upon RSA key regeneration
|
CSCsj19194
|
—
|
SP crashes after %PM-3-INTERNALERROR due to switchport flapping
|
CSCsj38112
|
—
|
High CPU due to interrupts on WS-X6704-10GE
|
CSCsk29975
|
—
|
Tunnel not up, invalid local address after modify the local address .
|
CSCsk62032
|
—
|
DHCP snooping support to detect rogue dhcp servers
|
CSCsm63524
|
—
|
SUP32 crashes due to SP hang when it recovers from errdisable
|
CSCsm70924
|
—
|
Radius accounting STOP contains zero output for short sessions, on C10k
|
CSCso63459
|
—
|
Unallowed RADIUS attributes in CoA Ack/Nak in LI cases
|
CSCso93708
|
—
|
IPsec-HA:RFclient timingout on7200 running 12.4(15)Tx, AdvSecurity fse
|
CSCsq15994
|
—
|
C10K BBA: Low CPS seen with all PPPoA, PPPoE sessions
|
CSCsu01846
|
—
|
Authentication Per Realm with VRF fails on HA4.0
|
CSCsu29301
|
—
|
C2W21: Ingress SPAN on Sup - ACE module duplicates packets
|
CSCsu84927
|
—
|
c2w2:allow DIVC to negotiate red mode when matrix overide check is yes
|
CSCsu92000
|
—
|
Inconsistency in configurations on a secured port with aging timer
|
CSCsv20595
|
—
|
An invalid input detected error message on bootup
|
CSCsv21770
|
—
|
PAC re-provisioning fails, AAA generates endless number of Prov Requests
|
CSCsv24908
|
—
|
L2 Fwd Broken on other modules when int flaps
|
CSCsv36306
|
—
|
BFD: Removing BGP on the router makes the neigh router crash
|
CSCsv63040
|
—
|
EzVPN server does not apply group attributes when per-user attr present
|
CSCsv80230
|
—
|
Red zone block overruns & mallocfails lead to LC and stby RP crashes
|
CSCsv82285
|
—
|
Cat6k: UDP port 10000 is opened by default
|
CSCsv90904
|
—
|
Cat6k: UDP port 2228 is opened by default
|
CSCsv97424
|
—
|
router crashes due to memory corruption in IO pool running 12.4(22)T
|
CSCsw89720
|
—
|
CPU-HOG error messages are seen when we query cbQosPoliceStatsTable.
|
CSCsx08671
|
—
|
Service Logon for subnet session is failing
|
CSCsx24934
|
—
|
CPU Monitor not heard and ipc TBs on Active VSS switch on issuing Reload
|
CSCsx56011
|
—
|
Switch may crash when issuing "show mac-address-table"
|
CSCsx62864
|
—
|
GETVPN: GM reloads while crypto map is removed and re-applied to interfa
|
CSCsx66105
|
—
|
GET_VRF::Chunk memory leak at "SADB SA Header" for clear crypto gdoi
|
CSCsy69914
|
—
|
Some lines are omitted when Copy and paste of TCL script in TCL shell
|
CSCsy82679
|
—
|
Memory leak at fh_dup_policyQ_for_nvgen when using a policy description
|
CSCsy89677
|
—
|
"% Ambiguous command" returned in the TCLSH for all commands
|
CSCsy89795
|
—
|
ASR1K: IOSd crash after running clear counters
|
CSCsz00865
|
—
|
GETVPN: cannot configured loopback as registration interface
|
CSCsz12460
|
—
|
Cron timer may execute EEM policies twice in the same minute
|
CSCsz29564
|
—
|
Traffic loss between ASR and IOS GM if IOS GM missed REKEY.
|
CSCsz86894
|
—
|
GETVPN: %CRYPTO-4-RECVD_PKT_MAC_ERR: does not print src and dst IP's
|
CSCta02570
|
—
|
IPSec dVTI: iosd crash at crypto_ipsec_clear_cryptomap_sas during PBR dv
|
CSCta17587
|
—
|
VRF + RHI combination does not work on FWSM
|
CSCta20590
|
—
|
GETVPN: GM pseudotime [TBAR] gets desynchronized after re-registering
|
CSCta22746
|
—
|
ASR1k: RP crashes at crypto_ipsec_delete_sibling_sas()
|
CSCta23902
|
—
|
DMVPN P3: seeing pkt drops due to Type: incomplete entry in NHRP Cache
|
CSCta25824
|
—
|
Normal Buffers Leaking
|
CSCta27279
|
—
|
WCCP s/w switching with Ingress redirection & interface ACL
|
CSCta30298
|
—
|
CHKPT-SP-3-NOMEM: Memory leak seen and later the box crashed
|
CSCta32902
|
—
|
IPSEC HA should support the "set nat demux" option on the crypto map
|
CSCta32922
|
—
|
SP crash due to heartbeat failure.
|
CSCta50110
|
—
|
GETVPN1.4::GM does not register if crypto map is applied to only tunnel
|
CSCta55574
|
—
|
Once in a while catalyst fails to apply to proxyACL with auto mac-check
|
CSCta56305
|
—
|
Detector data port operation status not OK after boot
|
CSCta93316
|
—
|
Memleaks are seen in Coop testing
|
CSCta94179
|
—
|
Recirculated MPLS packets becasue of egress service policy are dropped
|
CSCta95295
|
—
|
IOMEM depleted when PKI servers unavailable for CRL checking
|
CSCta97714
|
—
|
%SYS-2-SHARED: Attempt to return buffer with sharecount 2
|
CSCta98108
|
—
|
With NAT, on Netflow database cleanup timer expiry, CPU spikes on 7600
|
CSCtb05792
|
—
|
sh event manager environment all displays only 30 chars for variables
|
CSCtb13421
|
—
|
KS registration fails if one of the gdoi interfaces on GM is down
|
CSCtb28712
|
—
|
SPAN Reflector not enabled for WS-SVC-ADM-1-K9
|
CSCtb42862
|
—
|
GETVPN_SCALE: GM 3845 router crashed due to illegal memory access
|
CSCtb43009
|
—
|
GETVPN_SCALE: GM 3845 router crashed when key server removed from list
|
CSCtb49373
|
—
|
Route Watch Does Not Notify Client for one route loop
|
CSCtb50678
|
—
|
Crash @ registry_add_case with VSS when change from RPR to SSO
|
CSCtb55858
|
—
|
No qos rewrite on untrusted port in SXI2
|
CSCtb56183
|
—
|
ASR does not use the lowest MTU for crypto SA after reboot
|
CSCtb56607
|
—
|
GETVPN: GM does not perform PMTUD correctly with TBAR
|
CSCtb58724
|
—
|
GETVPN: to commit additional seqnum/PST checking code
|
CSCtb60330
|
—
|
VTI: Missed DPD ACK on phase 1 expiry causing phase 2 deletion.
|
CSCtb65406
|
—
|
QoS ACL May Not Program L4 ports Correctly In TCAM
|
CSCtb66273
|
—
|
EZVPN+DVTI: Ping through EZVPN tunnel fails with Split-tunneling
|
CSCtb74547
|
—
|
DMVPN- ASR1k reloads at process IPSEC key engine
|
CSCtb76774
|
—
|
IPSec does not handle PMTU updates properly
|
CSCtb76775
|
—
|
QoS on NM-1A-T3/E3 + NME-IPS Promiscous mode causes large IO mem leak
|
CSCtb87454
|
—
|
DHCP Rogue Server Detection
|
CSCtb89745
|
—
|
RRI breaks when devices are running in HA pair
|
CSCtc02012
|
—
|
GETVPN: KS sends port 500 in his ID payload instead of 848
|
CSCtc03011
|
—
|
GETVPN KS Crash in unicast_rekey
|
CSCtc04351
|
—
|
RP Crashes @ crypto_ipsec_process_gdoi_multicast_rekey
|
CSCtc06486
|
—
|
VTI: Headend routes are removed when ezvpn client reboots and reconnects
|
CSCtc06629
|
—
|
crash/tracebacks seen @ crypto_ident_count_ipsec_sas_to_peer
|
CSCtc17058
|
—
|
VC stops sending traffic due to duplicate vpn id in port based EoMPLS
|
CSCtc17083
|
—
|
Tunnel decap not programmed, hence traffic RP switched
|
CSCtc17162
|
—
|
Ezvpn - SegV crash at ikmp_profile_vrf_set while clearing int dialer 0
|
CSCtc32207
|
—
|
Need better accuracy in RP crash reporting
|
CSCtc38771
|
—
|
12.2SXH: Intermittent BPDU drop over Dot1Q tunnel.
|
CSCtc38905
|
—
|
Disabling IPv6 MLD Snooping breaks IPv4 IGMP and PIM Snooping
|
CSCtc39052
|
—
|
svclc module command adds firewall module command to configuration
|
CSCtc39592
|
—
|
Classification is broken after applying crypto on ATM PVC bundle
|
CSCtc40420
|
—
|
Basic packet forwarding failed when GRE tunnel is configured
|
CSCtc52655
|
—
|
GetVPN KS/GM report sequence number failures after several weeks
|
CSCtc53375
|
—
|
C2W2B : pagp_switch_sp2mp:idbman_update_mp_delete_agport
|
CSCtc54878
|
—
|
NDE direct export packets are checked by egress ACL
|
CSCtc67457
|
—
|
ASR1k - RP2 Crash seen on process Crypto IKMP with getvpn vrf-lite
|
CSCtc70462
|
—
|
port-security Line-by-Line sync verifying failure
|
CSCtc71996
|
—
|
SSO : Bulk-sync failure at "ip flow-export source"
|
CSCtc72699
|
—
|
OSPFv3 neighbor cannot be established by using IPSec authentication.
|
CSCtc73441
|
—
|
CPUHOG in GETVPN Key Server when doing "show crypto gdoi ks members"
|
CSCtc78951
|
—
|
C2W2C: port's not recovering from "s" state with non-default native vlan
|
CSCtc87183
|
—
|
Crash by bus error in software with adjacency errors
|
CSCtc88424
|
—
|
Could not set values for certain 3G OIDs
|
CSCtc90469
|
—
|
Supervisor module crashes just after boot up with ACL Deny Test Failure
|
CSCtc95423
|
—
|
RLS6:ASR RP crash observed @ ipsec_bug_main during config/unconfig
|
CSCtd11886
|
—
|
Memory leak was observed at Hub at "nhrp_forward" function
|
CSCtd13970
|
—
|
'ip cef accounting per-prefix non-recursive' breaks hw-based PBR
|
CSCtd17586
|
—
|
Kron policy cli show tech removed from configuration after occurrence.
|
CSCtd18573
|
—
|
EARL-SPSTBY-2-SWITCH_BUS_IDLE: & PF_ASIC dump with 'clear mls qos'
|
CSCtd27511
|
—
|
Crypto map on a tunnel interface with vrf, sadb in global table
|
CSCtd27768
|
—
|
CISCO-ENTITY-FRU-CONTROL-MIB reports missing module 12.2.(33)SXI2a
|
CSCtd49232
|
—
|
rx packets dropped on protected GRE tunnel in a vrf in MPLS/VPN setup
|
CSCtd55638
|
—
|
Standby Getvpn hsrp router tries to register with key server and fails
|
CSCtd59027
|
—
|
Crypto crash in association with EzVPN client disconnection
|
CSCtd60194
|
—
|
Global MLD snooping disable does not reset snoop condition registers
|
CSCtd61443
|
—
|
GETVPN Key Server may crash after modifying group ACL
|
CSCtd62858
|
—
|
Standby resets due to Event Manager client timeout during SSO switchover
|
CSCtd68627
|
—
|
memory leak @ ikev2_profile_set_laddr
|
CSCtd68951
|
—
|
Crash occurs as a flurry of ingress IKEv2 sessions begin
|
CSCtd69074
|
—
|
VSS: No resv vlan assigned after del-add VRF after SSO.
|
CSCtd74965
|
—
|
DSCP marking on VTP packets needs to be changed
|
CSCtd75076
|
—
|
EzVPN: Client might initiate double renegotiation causing tunnel to fail
|
CSCtd92196
|
—
|
show crypto maps cmd lead to Unexpected exception to CPU: vector 1400
|
CSCtd92821
|
—
|
SSH + SSO crashes with large RSA keys
|
CSCtd94789
|
—
|
PFS setting not used for the dynamic crypto map on standby HA for rekey
|
CSCtd94947
|
—
|
Multicast traffic breaks crypto engine
|
CSCte01303
|
—
|
KS Policy Change not allowed on new Primary KS after a failover
|
CSCte05199
|
—
|
EEM syslog event detection failure due to logger queue getting full
|
CSCte08785
|
—
|
mac notification change history log not seen for deleted mac entries.
|
CSCte14561
|
—
|
L2 port's mac-address is not same as the BIA after reload
|
CSCte19413
|
—
|
EzVPN on sub-interface doesnt come up after reload
|
CSCte19478
|
—
|
crypto isakmp xauth timeout doesn't seem to work
|
CSCte20914
|
—
|
SPAN Reflector not enabled for WS-SVC-ADM-1-K9 : 2nd Commit
|
CSCte37412
|
—
|
after deleting isakmp profile and certificate-map, cert-map still in use
|
CSCte39051
|
—
|
EzVPN NEM VTI with secondary IP address fails to send primary ip route
|
CSCte40472
|
—
|
FWSM: Private vlan association not syncing on VSS systems from switch
|
CSCte42041
|
—
|
DMVPN crypto socket stuck on peer router
|
CSCte65688
|
—
|
"Client_type=CISCO_SW_VPN_CLIENT" should show up instead of "—"
|
CSCte72214
|
—
|
ME6500 - Traffic may be dropped on applying cos-map.
|
CSCte74909
|
—
|
Modifying crypto ACLs causes crash
|
CSCte78562
|
—
|
Regexp action may generate %SYS-2-BADFREE
|
CSCte81230
|
—
|
IP Source Guard feature goes into an incorrect state
|
CSCte83779
|
—
|
dmvpn2mpls:mgre interface cleanup causes iosd crash
|
CSCte85669
|
—
|
qos state in TM = 0 and QM = 1 is different msg on toggling qos
|
CSCte90261
|
—
|
6500 PoE issues with 1120 and 1230 line of APs when using dot1x
|
CSCte90427
|
—
|
In-correct\>Mis-leading **%CRYPTO-6-IKMP_NO_PRESHARED_KEY:** Message
|
CSCte90818
|
—
|
MPLS Label to GRE traffic stops on toggling 'mls mpls tun-recir'
|
CSCte91203
|
—
|
Bus error crash when executing 'show crypto sessions'
|
CSCte94156
|
—
|
ASR1k TBAR does not update PST upon GM Re-Register
|
CSCte97511
|
—
|
IKEv1-PKI non-blocking Interaction
|
CSCtf13942
|
—
|
GETvpn manual certificate import deletes ISAKMP SA
|
CSCtf15479
|
—
|
VSS: TestMatchCapture failure causing Sup Minor error after manual failo
|
CSCtf16330
|
—
|
DHCP Rogue Server Detection : Multiple DHCPDISCOVER's issue
|
CSCtf18061
|
—
|
Modify warning message when removing "crypto ipsec client ezvpn"
|
CSCtf25141
|
—
|
Mem leak seen msc_create_met_set, msc_update_met_set & hal_send_met_job
|
CSCtf26923
|
—
|
Error reading DOM printed when configured L2 port on non DOM capable LC
|
CSCtf36117
|
—
|
Crash occurs on executing 'Show crypto session brief'
|
CSCtf39056
|
—
|
RRI routes not deleted
|
CSCtf41721
|
—
|
Dmvpnv6 hub crashes @ ifs_lookup_prefix_common
|
CSCtf42209
|
—
|
show crypto ipsec sa count displays incorrect SA counts
|
CSCtf43071
|
—
|
IBC crash - seen on 2960 and 3560v2
|
CSCtf45755
|
—
|
EEM software forced crash when unregistering an applet if poll-interval
|
CSCtf48179
|
—
|
AH drops - Bad IP header checksum with ah-md5-hmac transform-set
|
CSCtf50155
|
—
|
CDP neighbors aren't seen on layer2 subinterface
|
CSCtf51541
|
—
|
System controller reset due to TM_DATA_PARITY_ERROR error
|
CSCtf52407
|
—
|
Sup720 may reload when passing GRE traffic
|
CSCtf53433
|
—
|
Knob 'platform ipv6 acl punt extension-header' default should be false
|
CSCtf56107
|
—
|
Software forced crash
|
CSCtf61757
|
—
|
4sup: Power to module in slot 7 set off (Module Failed SCP dnld)
|
CSCtf70959
|
—
|
ip address check on dialer intf does not complete before initiating ezvp
|
CSCtf71010
|
—
|
Trafic doesnt flow through HUB(3900) in vrf aware tunnel protection
|
CSCtf79637
|
—
|
3750X -- VSTACK_ERR: smi_ibc_dl_handle_events : invalid messag
|
CSCtf83906
|
—
|
W2.Clix: after apply/remove/re-apply v6 ACL's, TCAM full
|
CSCtf83910
|
—
|
Event Manager SNMP action snmp-trap incorrectly nvgens
|
CSCtf87039
|
—
|
Device crashes in crypto_ikmp_process_xauth_reply
|
CSCtf91692
|
—
|
Insertion of 6708/6716 linecard into the chassis resets another linecard
|
CSCtf93876
|
—
|
"sh plat hardware capacity multicast" does not work after switchover
|
CSCtg01020
|
—
|
IPSec tunnel fails to establish on ASR due to invalid SPI (SPI leak)
|
CSCtg08496
|
—
|
After merge KS deletes all GMs, send rekey fails and all GM reregister
|
CSCtg08509
|
—
|
Failed to decrement IPSec Client connection
|
CSCtg09000
|
—
|
GETVPN - Old SAs not cleared on GM after modifying ACL on KS
|
CSCtg09619
|
—
|
Web Auth host gets dropped after DHCP renewal with DHCP snooping enabled
|
CSCtg11344
|
—
|
PPPoA sessions fail to sync up with stand-by after SSO in a scaled setup
|
CSCtg17979
|
—
|
vs_ltl_set_ucast_source_indices slot 19 num_ports 8 fail msgs on bootup
|
CSCtg19546
|
—
|
Incorrect TAG ADJ post encap on tunnel interface
|
CSCtg30383
|
—
|
vif int address change causing vlan/vpn programming mismatch in sp
|
CSCtg32797
|
—
|
c6k long failover issue with multicast MVPN
|
CSCtg41606
|
—
|
RRI configuration drops egress traffic due to incomplete adjacency
|
CSCtg42904
|
—
|
Crash in fnf_cache_unlock_entry_internal when apply FNF to EasyVPN
|
CSCtg44108
|
—
|
informer Bus error bad pointer crash in ipsec
|
CSCtg50024
|
—
|
Router crash in NHRP multicast packet replication due to freed pointer
|
CSCtg50990
|
—
|
6500 DHCPv6 relay does not forward on layer 3 vlan interfaces.
|
CSCtg54691
|
—
|
Met2 is not programmed when p2p gre tunnel is IIF for service reflect gr
|
CSCtg55338
|
—
|
Crypto socket not created after a reload on GRE interface
|
CSCtg55435
|
—
|
"show crypto route" unusable with clients using multiple subnet support
|
CSCtg55447
|
—
|
Secondary KS TEK Seq number out of synch after primary KS failure
|
CSCtg60424
|
—
|
Fast-UDLD:Some ports connecting to VSS stby getting err-disalbed on boot
|
CSCtg62986
|
—
|
A Cisco router may crash reporting a software forced crash
|
CSCtg65763
|
—
|
"Clear crypto gdoi" on KS does not clear the KS Policies
|
CSCtg75452
|
—
|
SDH POS VC-4c interface config replace to base config causes RP crash
|
CSCtg76885
|
—
|
ISR drops encrypted fragmented packets failing post decrypt checking
|
CSCtg79262
|
—
|
EEM: policies can get stuck in the active queue
|
CSCtg79692
|
—
|
W2C: Multicast traffic duplicated when OIR card comes back up
|
CSCtg92327
|
—
|
MET entries are not deleted properly
|
CSCtg93243
|
—
|
QOS+Crypto::Tunnel Protection on VSA is broken with 15.0(1)M2.8
|
CSCtg94316
|
—
|
IKE SA does not rekey after lifetime expires with DPD & active IPsec SA
|
CSCtg95940
|
—
|
dh-group2 KE generation fails in the following scenario.
|
CSCtg98525
|
—
|
ISSU MLS MSC Client(6036) incompatible while issu btn SXI2a->SXI4.FC2
|
CSCth04998
|
—
|
[VSS] DFC installs drop index for MAC-address
|
CSCth05533
|
—
|
memory leak in IPSEC key engine
|
CSCth12206
|
—
|
6500 with 12.2(33)SXI3 May Not Forward Multicast With SLB Configured
|
CSCth15109
|
—
|
Flowmask conflict between "Intf full flow" and "full flow least"
|
CSCth15924
|
—
|
RRI routes remains after disconnection if connecting from local LAN
|
CSCth16962
|
—
|
GETVPN KEK timer gets stuck to zero after GDOI policy change and rekey
|
CSCth20862
|
—
|
asr1k:RLS7:ios crash on changing gre ipsec tunnel destination on PE
|
CSCth26920
|
—
|
TCL: ungraceful exit from tclsh can leave the Tcl Server running
|
CSCth29511
|
—
|
EEM policy execution cannot be fully disabled
|
CSCth36114
|
—
|
crash after executing "write memory" via sdm
|
CSCth36813
|
—
|
VSL PO goes down while changing the switch fabric mode
|
CSCth37830
|
—
|
12.2(33)SXI3 - xconnect traffic stops when neighboring xconnect removed
|
CSCth37905
|
—
|
The value of ifType for logical lacp ports should be ieee8023adLag
|
CSCth40213
|
—
|
multiple pre-shared keys with address 0.0.0.0 not supported
|
CSCth43911
|
—
|
active crash when configuring subscribe-to-alert-group.
|
CSCth46251
|
—
|
encryption ipsec w/ esp 3des on ipv6 ospf can't form neighbor 2800 3845
|
CSCth47686
|
—
|
ASR1K:Crash seen on EXEC process on GM with psuedotime configured on KS
|
CSCth61317
|
—
|
Noc Payload Crc Error Logged
|
CSCth64271
|
—
|
Routers are staying stuck in manual swact disabled
|
CSCth64507
|
—
|
" event manager policy multiple_ed_8.tcl type user" causes bulk sync fa
|
CSCth67788
|
—
|
sVTI broken when 'ip local policy route-map' configured
|
CSCth69504
|
—
|
7600 - Small buffer leak on SP due to IGMP snooping
|
CSCth70437
|
—
|
876 - Crypto Fails with %SYS-2-QCOUNT and %SYS-2-BADSHARE
|
CSCth73553
|
—
|
dot1x phone unregistered during SSO switch-over
|
CSCth74294
|
—
|
ASR1K ezvpn accounting missing Octets and Packets information
|
CSCth74527
|
—
|
Cat6K: Timing issue with diagnostics corrupt data-forwarding registers
|
CSCth74953
|
—
|
SPI Value shown incorrectly as zero for ipsec sa with crypto profiles
|
CSCth78343
|
—
|
Fetching PSK from keyring should not be restricted to local addr config
|
CSCth80298
|
—
|
Encrypted specific size packet does not go through over MLP
|
CSCth83455
|
—
|
C2WA1b: set default interface <serial interface> is not working
|
CSCth83634
|
—
|
RSTP: Shut/No shut on unrelated neighbour causes root flap
|
CSCth85618
|
—
|
KS Trace@%SYS-3-MGDTIMER@Process= "Crypto IKMP"@gdoi_init_rekey_timer
|
CSCth87937
|
—
|
Crash after configuring 'ip multicast boundary'
|
CSCth92629
|
—
|
On Bootup/SSO or traffic, few S,G are not installed completely in Hrdwar
|
CSCth92828
|
—
|
TACACS key is not blanked out
|
CSCth93066
|
—
|
IPV6 mcast traffic is SW forwded over standby uplink with DCEF-only mode
|
CSCti01426
|
—
|
Switch crashes after configuring 'auto qos voip trust'
|
CSCti06901
|
—
|
SMI:director not sent dhcp option3 when configure vstack dhcp-localserve
|
CSCti15448
|
—
|
C4HD1: Traffic loss due to ACE intra-chassis failover on VSS setup
|
CSCti15990
|
—
|
EZVPN not up immediately after Virtual-access interface up
|
CSCti16649
|
—
|
ASR1K: GM re-registers with KS when ACL is add/remove in KS.
|
CSCti23872
|
—
|
traceroute double hop with set vrf due to double ttl decrement
|
CSCti32358
|
—
|
linkup is detected earlier than that of the connected device
|
CSCti36423
|
—
|
ASR memory leaks when configured with NHRP, SNMP and DMVPN
|
CSCti37172
|
—
|
Ingress SPAN on Sup duplicates packets to ACE module
|
CSCti39902
|
—
|
RRI: Route still seen on UUT via router1 after deletion of ipsec SA
|
CSCti41891
|
—
|
Traceback@verrmsg and stanby continuosly reboots
|
CSCti42958
|
—
|
IKEv2 should not select ESN amongst proposal until supported
|
CSCti47250
|
—
|
MVPN: S,G entry not created in mroute table for default-MDT group
|
CSCti48407
|
—
|
Incorrect TTL handling in MPLS traceroute if TTL=1
|
CSCti49472
|
—
|
System acct off fails to work on suppress CLI enabled for SSO
|
CSCti51196
|
—
|
SSH [ipv6] to any link-local address connects to itself
|
CSCti57096
|
—
|
6500 OIR causes crash w/ service policty on Distributed Etherchannel
|
CSCti59656
|
—
|
After tp tunnel cutover OCE chain is inconsistent between RP and LC
|
CSCti60740
|
—
|
crash after disconnect command
|
CSCti64429
|
—
|
Bus Error Crash at fm_process_nf_dbase_clr_timer
|
CSCti66454
|
—
|
Crash in TunPro_v4_fivrf ipsec sanity test case
|
CSCti71807
|
—
|
cnfTopFlowsOutputIfIndex returns value 0, instead of destIf
|
CSCti72095
|
—
|
c2wa1: Switch crashed after ISSU runversion from latest sierra to SXI2a
|
CSCti84025
|
—
|
VRFs hardware re-mapping causing MLS/CEF inconsistencies
|
CSCti93310
|
—
|
With static IGMP outgoing port not programmed in hardware after reload
|
CSCti94107
|
—
|
c2wa1:BOOTUP_TEST_FAIL: Switch 2 Module 1: TestQos failed
|
CSCtj01235
|
—
|
Crash after "debug crypto isakmp" during isakmp profile selection
|
CSCtj04195
|
—
|
Additional bridge asic registers need to be removed from TestErrorCounte
|
CSCtj04278
|
—
|
IPv6 forwarding fails post encap in Multipoint GRE tunnel (DMVPN IPv6)
|
CSCtj04562
|
—
|
PBR with 'set interface null' causes incorrect tcam programming
|
CSCtj06067
|
—
|
Chunk memory leak on the process MallocLite @__be_pdb_distance
|
CSCtj06432
|
—
|
Crash seen @ msc_destroy_met_set during SSO
|
CSCtj07133
|
—
|
Incorrect switchover to SPT with Multipath configured
|
CSCtj10515
|
—
|
Exnet: Mrib and Mroute entry goes out of sync after a routing loop
|
CSCtj14921
|
—
|
IOS_INTR_OVER_LIMIT and crypto map memleak with dVTI & DynCMAP stress.
|
CSCtj15088
|
—
|
c2w2:MDEBUG tracebacks @ qm process while applying service policy.
|
CSCtj17637
|
—
|
MF: HTTPS generates a new self-signed cert on reboot even if one exists
|
CSCtj22529
|
—
|
some mcast shortcut are process switched in ISSU RV.
|
CSCtj27523
|
—
|
On Standby Sup SP, Memory leak seen related to MET
|
CSCtj30297
|
—
|
System returned to ROM by address error at PC 0x10B81BC, address 0x0
|
CSCtj38057
|
—
|
QOS ACEs with 'eq' for dst ports not programmed when LOUs/label exceeded
|
CSCtj40564
|
—
|
crypto keyring binding with local address is broken in some scenarios;
|
CSCtj46927
|
—
|
MF:Access Vlan is removed when 802.1x is enabled on port
|
CSCtj48039
|
—
|
ikev2 account send out 2 Acct-Session-Id attribute
|
CSCtj52347
|
—
|
Span confg removed from PO span dest causes L3 protocols to not work
|
CSCtj55624
|
—
|
Router crash with show crypto ruleset CLI with v6 crypto maps
|
CSCtj58219
|
—
|
Standby switch crashes when repl mode is changed to egress in ISSU RV
|
CSCtj59721
|
—
|
%PM_SCP-2-LCP_FW_ERR_INFORM: module 8 is experiencing the following err
|
CSCtj61261
|
—
|
DFC has misprogrammed i2k_slvan for private vlan after reload
|
CSCtj63031
|
—
|
SNMP syslog trap for OER_MC-5-NOTICE msg is not sent
|
CSCtj66392
|
—
|
IPSec Stateful Failover: TP doesn't open crypto socket on standby router
|
CSCtj66981
|
—
|
MET2 is not programmed for new SR translation rules added in ISSU RV
|
CSCtj76176
|
—
|
Port-Channel members go to w state (Up Mstr Not-in-Bndl) after SSO
|
CSCtj76788
|
—
|
Bulk-sync failure @ set ip next-hop recursive vrf in route-map
|
CSCtj91384
|
—
|
IPC Crash Seen In SXH
|
CSCtj91928
|
—
|
C6K PBR set ip nexthop verify-availability w/ tracking & nexthop tunnel
|
CSCtj94510
|
—
|
Crypto_SS_process crashed at sessions setup
|
CSCtj94589
|
—
|
Crash happened at unconfig vrf under crypto isakmp profile
|
CSCtj96837
|
—
|
Blank occurred on show run when the system switchover.
|
CSCtj99724
|
—
|
SXI1: Memory leak in "mls-msc Process"
|
CSCtk00198
|
—
|
Stack master crashed on defaulting ASw interface
|
CSCtk03526
|
—
|
Segmentation fault at Crypto IKEv2 process while scaling static CMs
|
CSCtk05747
|
—
|
TCAM remerge seen on interface up/down, causing 100% CPU
|
CSCtk10279
|
—
|
LISP crash when receiving map-reply with IPv6 RLOC without IPv6 routing
|
CSCtk10374
|
—
|
Crash @ cts_dot1x_authc_supp_info.
|
CSCtk12122
|
—
|
Tracebacks @crypto_ipsec_sa_lifetime_expiry,crypto_ipsec_key_engine
|
CSCtk14496
|
—
|
WA1: system crash when issue {red reload peer} on VS setup and non-VSS
|
CSCtk14941
|
—
|
Memory leak seen @ fh_applet_config_entry_proc
|
CSCtk16232
|
—
|
MVPN traffic software switched due to mtu failure
|
CSCtk31978
|
—
|
c2wa1: VSS Act (SW2) reloads after ISSU LV and AV if NAM card is in SW1
|
CSCtk32622
|
—
|
WS-X6748-GE-TX May Reset If All Ports Are Shutdown With Interface Range
|
CSCtk59012
|
—
|
Deprecate LSD HA
|
CSCtk60169
|
—
|
config sync not happening after setting crcSpanDstPermitListEnabled obj
|
CSCtk61460
|
—
|
Set vlanPortVlan on a port to diff access vlan disconnect IP phone
|
CSCtk63049
|
—
|
Bulk-sync failure due to PRC mismatch due to mls sampling interface
|
CSCtk65429
|
—
|
Traffic crossing MPLS passes in clear and does not hit crypto map
|
CSCtk66648
|
—
|
Traceback Spurious memory access pm_get_bcast_supp_discard_counters
|
CSCtk68647
|
—
|
ASR1K: DMVPN Shared TP - crypto sockets not cleared + exhaust resources
|
CSCtk69114
|
—
|
RP rest @crypto_ipsec_clear_endpt with crypto config
|
CSCtk76633
|
—
|
Wrong FPOE programing after replacing the chassis with different type
|
CSCtk84116
|
—
|
GETVPN ks crash during split and merge happening between the key servers
|
CSCtk99699
|
—
|
GETVPN : Rekey functionality is broken if you remove and add crypto Key
|
CSCtl00995
|
—
|
ikev2: ASR1K with 1897 svti tunnels & ikev2 reloads @ IPSEC Key Engine
|
CSCtl03781
|
—
|
ISSU:ONLINE-SW1_SPSTBY-6-INITFAIL: Module 6: Failed to bring up DFC
|
CSCtl05514
|
—
|
IDSM etherchannel fails after SSO
|
CSCtl05684
|
—
|
XAUTH user remains if authenticated by different user during P1 rekey
|
CSCtl08594
|
—
|
EZVPN client fails when outside interface is fastethernet and NAT config
|
CSCtl23179
|
—
|
Incorrect TCAM Programming when new DHCP address received.
|
CSCtl23439
|
—
|
Need to increase CRYPTO_IPSEC_TRANSIENT_SPI_AGING_INTERVAL timer value
|
CSCtl23748
|
—
|
EoMPLS over GRE (DMVPN) with IPSec protection not working after reboot
|
CSCtl24871
|
—
|
GLBP virtual mac not programmed in tunnel internal vlan
|
CSCtl45122
|
—
|
CSCsv76509 seen again in SXI4
|
CSCtl46816
|
—
|
DMVPN spoke should not init. invalid SPI recov while already negotiating
|
CSCtl54046
|
—
|
Standby Sup crashes@dot1x_get_supp_sb with cts dot1x/manual
|
CSCtl58505
|
—
|
sa connection id created are out of the permissible range of <1-32766>
|
CSCtl58612
|
—
|
Stby Sup resets with "boot bootldr", but file doesn't exist on stby
|
CSCtl58831
|
—
|
small buffer leak on WS-X6708-10GE
|
CSCtl59710
|
—
|
Multicast traffic process switched if nat outside configured on FWD intf
|
CSCtl73660
|
—
|
c2wa1: IP ACL TCAM doesn't get reset after removing ACL filter from MPA
|
CSCtl75972
|
—
|
CPUHOG for "Virtual Exec" seen when removing/adding ACL on VSS
|
CSCtl76189
|
—
|
On inserting JIAN the SVC ips of all WISMs/JIANs in the system flushed
|
CSCtl83517
|
—
|
C2WA1: ISSU cycle from sierra->SXI with 256PO not working - red_mode
|
CSCtl88070
|
—
|
IPv6 VRF configuration causes software punt for global uRPF
|
CSCtl92049
|
—
|
IPSec memory leak was observed after simulating smurf attack on UUT
|
CSCtl98884
|
—
|
Crashes noticed in AAA create user (kron /console buffer got corrupted)
|
CSCtn00835
|
—
|
Traceroute via mpls cloud does not show egress PE in 3C mode
|
CSCtn02208
|
—
|
ISG: Old peruer acl not removed on applying new acl
|
CSCtn03582
|
—
|
TTL Failure rate-limiter not working
|
CSCtn05007
|
—
|
ip multicast boundary command not filtering in both directions
|
CSCtn09789
|
—
|
Traceback seen after fixing this ddts CSCtk58012
|
CSCtn12119
|
—
|
Add support for dual signing
|
CSCtn12243
|
—
|
T/b @ icc_send_mcast_request upon bootup
|
CSCtn16303
|
—
|
The notification was generated incorrectly by ME-C6524GT-8S.
|
CSCtn18654
|
—
|
Mem corruption @ checkheaps after remove and insert LC on diff. slot
|
CSCtn18962
|
—
|
ospf :s72033-lanbase-mz image missing subsystems
|
CSCtn22325
|
—
|
ikev2-ra access-request radius should contains a calling-station-id
|
CSCtn22339
|
—
|
Pre-shared-key lost after router reload
|
CSCtn25253
|
—
|
command in EEM script gone missing after router reload
|
CSCtn31309
|
—
|
"int g0" command on ASR1000 creates unwanted GMPLS0 interface
|
CSCtn39632
|
—
|
Unable to configure RSA key under crypto keyring
|
CSCtn39950
|
—
|
Reventon not working with BRI-PRI connection
|
CSCtn42811
|
—
|
"Template name contains one or more illegal characters[OK]" while bootup
|
CSCtn46263
|
—
|
mem leaks seen for ikev2 sanity on 152-3.22.2.PIB16
|
CSCtn46329
|
—
|
IKEV2 should send an authentication failed after an auth timeout
|
CSCtn47119
|
—
|
Crash @ ipsecv6_check_if_icmp_embedded
|
CSCtn49482
|
—
|
CONFIG_NV_NEED_OVERRUN and config lock after configuring IDS module
|
CSCtn51740
|
—
|
Memory leak found in 2800 router "ezvpn_parse_mode_config_msg"
|
CSCtn52417
|
—
|
IKEV2-RA some Radius accounting attributes are missing
|
CSCtn55187
|
—
|
pak is not freed in crypto_ipv6_udp_write if tunnel i/f is shut
|
CSCtn55847
|
—
|
Mem leaks seen at crypto_isakmp_save_qm in DVTI scenario
|
CSCtn57039
|
—
|
Memory leak in RADIUS and EAP Framework processes with dot1x configs
|
CSCtn61834
|
—
|
Transport nat overload flow process test failed in ipsec_nat_wrapper
|
CSCtn62033
|
—
|
VA fails to come up, when loopback int is used as IKE end pt
|
CSCtn64575
|
—
|
Notification of multicast alternate next hop updates is delayed
|
CSCtn65137
|
—
|
mem leaks found in NHRP
|
CSCtn65393
|
—
|
MPLS imposing in-correct TTL when using sVTI Encryption
|
CSCtn67577
|
—
|
SIP-400 is crashing while modifying cell-packing values
|
CSCtn68317
|
—
|
Cat6500/SXI: DHCP snooping removed from vlan on module OIR
|
CSCtn68537
|
—
|
GETVPN: "Registering to" field might not be present
|
CSCtn68643
|
—
|
OSPFv3 hellos are not processed w/IPsec authentication or encryption
|
CSCtn72884
|
—
|
IKEv2 - ASA to IOS cert based fails - Interop Issue
|
CSCtn74249
|
—
|
Post-Frag behavior is changed to pre-frag when changing the IPSEC SA MTU
|
CSCtn91337
|
—
|
mem leaks found @ nhrpSnmpAddr2OctetStrAdd
|
CSCtn95395
|
—
|
VTEMPLATE Background Mgr crashed after clear crypto session on CES
|
CSCto10485
|
—
|
Locally generated traffic may fail IPSec replay check w/ GRE over IPSec
|
CSCto11025
|
—
|
Packet drop on crypto engine with Buffer Unavailable if QoS is applied
|
CSCto14268
|
—
|
Crypto ruleset corrupted during the initial configuration of a getvpn GM
|
CSCto15371
|
—
|
system crashed at [crypto_check_acl]
|
CSCto16601
|
—
|
EzVPN input feature disappears with "flow restrict" enabled
|
CSCto29645
|
—
|
DHCP SNOOPING: Dhcp relay information option (Option 82) replace
|
CSCto33424
|
—
|
After SSO "mls cef error action reset" cli gets added on standby
|
CSCto43776
|
—
|
"shared" keyword does not work as expected on second tunnel interface
|
CSCto47294
|
—
|
Router crash while configuring EzVPN dVTI client
|
CSCto53119
|
—
|
ES40:EoMPLS for a vlan X not progmd on LC after allowing&removing frm VE
|
CSCto53332
|
—
|
%AAA-3-BUFFER_OVERFLOW: Radius I/O buffer has overflowed
|
CSCto56052
|
—
|
MPLS Forwarding not working on PPPoA Dialer Interface
|
CSCto60399
|
—
|
GETVPN:having icmp/ip acl's in KS, ping is not working IN 15.2(0.7)T
|
CSCto61098
|
—
|
chunk leaks observed @IPToOctetString "SNMP SMALL CHUN" in 15.2(0.9)T
|
CSCto61485
|
—
|
High CPU Util seen on LNS after PPPoX session disconnect with scaling
|
CSCto63954
|
—
|
Router continuously crashing with GETVPN configs
|
CSCto64858
|
—
|
rate limiter cli not sync on unconfiguring port-security and perform SSO
|
CSCto69916
|
—
|
Apply ACL in order of IPv4 then IPV6 disables TCAM screening on int.
|
CSCto73345
|
—
|
Router Crashed while reloading
|
CSCto73878
|
—
|
Intermittent PAT Order-of-Operations problem
|
CSCto76018
|
—
|
ASR1000-WATCHDOG crashed after clear crypto session on CES
|
CSCto76700
|
—
|
Multihop bfd session goes DOWN with TE-FRR cutover
|
CSCto80719
|
—
|
Crash seen using "tunnel protection ipsec profile tunpro" on IPv6 tunnel
|
CSCto81814
|
—
|
Router crash when SSH over IKEv2 tunnel to manage the router
|
CSCto89922
|
—
|
GetVPN KS sends a Rekey ,even when the KS ACL is un-supported
|
CSCto90252
|
—
|
Standby RP stuck to "init, standby" for about 10 hours after reload
|
CSCto92123
|
—
|
continuous tracebacks at ce_sw_encrypt_ipsec_packet
|
CSCto92529
|
—
|
%OSPFv3-3-IPSEC_POLICY_ALREADY_EXIST:Unable to configure ipv6 ospf auth
|
Feedback
