Guest

Cisco IOS Software Releases 12.2 Special and Early Deployments

New Cisco IOS SW Rel 12.2(25)SEC

Hierarchical Navigation

Downloads

Product Bulletin No. 3011

Cisco Systems® announces Cisco IOS® Software updates for Cisco® Catalyst® 3750, Catalyst 3560, Catalyst 3550, and Catalyst 2970 series Intelligent Ethernet switches. This new release furthers Cisco leadership in providing secure, reliable, and feature-rich LAN switching solutions.

OVERVIEW

This product bulletin contains content and delivery information for Cisco IOS Software Release 12.2(25)SEC.
The following new features are available with Cisco IOS Software Release 12.2(25)SEC:

NAC L2 802.1x-NAC L2 802.1x enables a switch to enforce network access privileges based on information such as the revision of anti-virus software or OS level patches running on the end station. This feature uses the 802.1X port authentication mechanism to allow an agent running on the end station to provide Network Admission Control (NAC) information to the AAA server along with the authentication credentials. The AAA server can direct the end station into an appropriate VLAN based on the NAC information.

NAC L2 IP-NAC L2 IP enables a switch to enforce network access privileges based on information such as the revision of anti-virus software or OS level patches running on the end station. This feature detects end stations by snooping ARP and DHCP requests, which allows it to support multiple end stations connected to a single port. The switch validates newly discovered stations by using the EAP over UDP (EoU) protocol to communicate with a AAA server and uses port ACLs to enforce the appropriate network access based on the NAC information.

Virtual Routing and Forwarding (VRF) Lite-VRF Lite allows the customer to configure multiple private routing domains on the switch; each domain has its own routing table, and potentially overlapping network addresses can be routed within each separate domain without conflict. VLANs can be configured to participate in one VRF domain.

IEEE 802.1s Compliance-This enhancement brings the Cisco Multiservice Transport Protocol (MSTP) implementation up to the IEEE 802.1s standard, while retaining backward compatibility with the Cisco prestandard implementation.

Inline Power Consumption-This feature allows the network administrator to configure on a per-port basis the actual power requirements of attached powered devices, overriding the classification settings of the powered device. It allows the customer to manage the power budget of a Cisco Catalyst 3750 and Catalyst switch, down to the individual port level. Many default Class 0 powered devices require much less than the full 15.4W of power that is associated with Class 0. This feature, therefore, helps extend the Power over Ethernet (PoE) power budget. Caution: Misconfiguring this feature may cause damage to the switch and void your warranty. Take precaution not to oversubscribe the power supply.

Configuration Logging-This configuration option sends a syslog message for every configuration change made to the switch for tracking and auditing purposes.

Unique Device Identifier (UDI)-With UDI, customers can uniquely identify and track Cisco products through their business and network operations. The UDI provides a hardware product identification standard that is consistent across Cisco products, giving Cisco customers the ability to automate their asset-management systems. In addition, UDI offers end-to-end product-identification data integrity, providing a consistent electronic, physical, and associated business-to-business information product-identification standard.

Standard 802.1x with Wake on LAN-This feature allows transmission of frames from an unauthenticated port to the connected end station, blocking only inbound traffic until authentication completes. Customers deploying IEEE 802.1X port authentication and also using remote desktop-management systems can use this feature to "wake up" PCs and perform maintenance, even if a user is not currently logged in or the PC is down.

Secure Copy Protocol (SCP)-SCP allows a user with appropriate authorization to copy any file that exists in the Cisco IOS Software File System to and from a switch by using the copy command. This protocol uses the Secure Shell (SSH) Protocol as a transport mechanism for file copy operations, so that software images, configuration files, etc. can be transferred to or from the switch over a secure channel. It also uses authentication, authorization, and accounting (AAA) to authorize a user's privilege level.

Nonstop Forwarding (NSF) Awareness-This feature enhances the Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), and Enhanced Interior Gateway Routing Protocol (EIGRP) routing protocols so that they are "aware" of being connected to a router supporting Cisco NSF. It speeds convergence when the NSF router goes through a failover sequence.

Cross-Stack Link Aggregation Control Protocol (LACP)-Although the Cisco Catalyst 3750 switches have supported cross-stack Cisco EtherChannel® configurations (consisting of ports on multiple stack members) since their initial release, they currently require static, manual configuration; use of the LACP for negotiated Cisco EtherChannel formation is supported only for ports on a single switch. This feature extends LACP support so that ports can be spread across stack members.

Table 1. Cisco IOS Software Release 12.2(25)SEC New Features

Feature

Cisco Catalyst 3750 Series Advanced Services

Cisco Catalyst 3750 Series IP Services

Cisco Catalyst 3750 Series IP Base

Cisco Catalyst 3560 Series Advanced Services

Cisco Catalyst 3560 Series IP Services

Cisco Catalyst 3560 Series IP Base

Cisco Catalyst 3550 Series IP Services

Cisco Catalyst 3550 Series IP Base

Cisco Catalyst 2970 Series LAN Base
NAC L2 802.1x

X

X

X

X

X

X

X

X

X
NAC L2 IP

X

X

X

X

X

X

X

X

N
VRF Lite

X

X

N

X

X

N

E

N

N
IEEE 802.1s Compliance

X

X

X

X

X

X

X

X

X
Inline Power Consumption

X

X

X

X

X

X

N

N`

N
Configuration Logging

X

X

X

X

X

X

X

X

X
UDI

X

X

X

X

X

X

X

X

X
Standard 802.1x with Wake on LAN

X

X

X

X

X

X

X

X

X
SCP

X

X

X

X

X

X

X

X

N
NSF Awareness

X

X

N

X

X

N

X

N

N
Cross-Stack LACP

X

X

X

N

N

N

N

N

N

N = No plans to add platform support for this feature
X = Feature is new for this platform
E = Feature exists for this platform
Table 2 lists the Cisco Catalyst switches supported with this software release.

Table 2. Cisco Catalyst Switches Supported with Cisco IOS Software Release 12.2(25)SEC

Cisco Catalyst 3750 and Catalyst 3560 Series License CD Part Numbers

Cisco Catalyst 3750 Series IP Services Part Numbers

Cisco Catalyst 3750 Series IP Base Part Numbers

Cisco Catalyst 3560 Series IP Services Part Numbers

Cisco Catalyst 3560 Series IP Base Part Numbers

Cisco Catalyst 2970 Series Part Numbers
• 3750-AISK9-LIC-B
• 3750-AISK9-LIC-S
• 3750G-AISK9-LIC-B
• 3750G-AISK9-LIC-S
• 3750G48-AISK9LIC-B
• 3750G48-AISK9LIC-S
• 3560-AISK9-LIC-B
• 3560-AISK9-LIC-S
• 3560G-AISK9-LIC-B
• 3560G-AISK9-LIC-S
• 3750-48TS-E
• 3750-24TS-E
• 3750G-24T-E
• 3750G-48TS-E
• 3750G-24TS-E
• 3750G-12S-E
• 3750G-16TD
• 3750-48PS-E
• 3750-24PS-E
• 3750G-24TS-1U-E
• 3750G-24PS-E
• 3750G-48PS-E
• 3750-48TS-S
• 3750-24TS-S
• 3750G-24T-S
• 3750G-48TS-S
• 3750G-24TS-S
• 3750G-12S-S
• 3750G-16TD
• 3750-48PS-S
• 3750-24PS-S
• 3750G-24TS-1U-S
• 3750G-24PS-S
• 3750G-48PS-S
• 3560-24TS-E
• 3560-48TS-E
• 3560-48PS-E
• 3560-24PS-E
• 3560G-48PS-E
• 3560G-24PS-E
• 3560G-48TS-E
• 3560G-24TS-E
• 3560-24TS-S
• 3560-48TS-S
• 3560-48PS-S
• 3560-24PS-S
• 3560G-48PS-S
• 3560G-24PS-S
• 3560G-48TS-S
• 3560G-24TS-S
• 2970G-24T-E
• 2970G-24TS-E

Table 3.

Cisco Catalyst 3550 Series EMI Part Numbers

Cisco Catalyst 3550 Series SMI Part Numbers
• 3550-12G Switch
• 3550-12T Switch
• 3550-24-EMI Switch
• 3550-24 PWR Switch EMI
• 3550-48-EMI Switch
• 3550-24-FX-SMI Switch with EMI upgrade
• 3550-24-DC-SMI Switch with EMI upgrade
• CD-3550-EMI
• 3550-24-SMI Switch
• 3550-24PWR-SMI
• 3550-48-SMI Switch
• 3550-24-FX-SMI Switch
• 3550-24-DC-SMI Switch

Table 4.

Cisco EtherSwitch Service Modules for Cisco 2600, 2800, 3700, 3800 Series Routers Part Numbers
• NME-16ES-1G
• NME-16ES-1G-P
• NME-X-23ES-1G
• NME-X-23ES-1G-P
• NME-XD-24ES-1S-P
• NME-XD-48ES-2S-P

ADDITIONAL RESOURCES

Software Download

The following software is available for download:

• Cisco Catalyst 3750 Series software: http://www.cisco.com/pcgi-bin/tablebuild.pl/cat3750

• Cisco Catalyst 3560 Series software: http://www.cisco.com/pcgi-bin/tablebuild.pl/cat3560

• Cisco Catalyst 3550 Series software: http://www.cisco.com/pcgi-bin/tablebuild.pl/cat3550

• Cisco Catalyst 2970 Series software: http://www.cisco.com/pcgi-bin/tablebuild.pl/cat2970

You must purchase the EMI/IP Services or Advanced IP Services software upgrade kit when upgrading a switch from SMI/IP Base to EMI/IP Services or Advanced IP Services software. Downloads of SMI/IP Base, EMI/IP Services, and Advanced IP Services files are monitored for adherence to this requirement.
Because of export restrictions on strong cryptography software, a separate image is required for the cryptographic features (SSH, SNMPv3, and Kerberos Protocol). These software images can be downloaded from the corresponding Triple Data Encryption Standard (3DES) area of the links provided in this section. Note that the Cisco Advanced IP Services license is available only in cryptographic format.

Product Information

Additional product information is available at the following URLs:

• Cisco Catalyst 3750 Series switches: http://www.cisco.com/go/catalyst3750

• Cisco Catalyst 3560 Series switches: http://www.cisco.com/go/catalyst3560

• Cisco Catalyst 3550 Series switches: http://www.cisco.com/go/catalyst3550

• Cisco Catalyst 2970 Series switches: http://www.cisco.com/go/catalyst2970

• Cisco Catalyst 3750, 3560, 3550, and 2970 series release notes:

– http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/index.htm

– http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/index.htm

– http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/index.htm

– http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2970/index.htm

• Cisco EtherSwitch Service Modules for Cisco 2600, 2800, 3700,3800 Series Routers http://www.cisco.com/en/US/products/ps5854/products_data_sheet0900aecd8028d15f.html

Support

Cisco IOS Software Release 12.2(25)SEC follows the standard Cisco support policy indicated at: http://www.cisco.com/en/US/products/products_end-of-life_policy.html

Software Image Migration Guide

Figure 1 displays Cisco IOS Software Release 12.2(25)SEC functions relative to the 12.2S and 12.2SE releases and identifies the recommended migration path.

Figure 1. Cisco IOS Software Release 12.2 Release Train

Text Box: Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel: 408 526-4000 800 553-NETS (6387)Fax: 408 526-4100 European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel: 31 0 20 357 1000Fax: 31 0 20 357 1100 Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel: 408 526-7660Fax: 408 527-0883 Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital TowerSingapore 068912www.cisco.comTel: +65 6317 7777Fax: +65 6317 7799Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed onthe Cisco Website at www.cisco.com/go/offices.Argentina · Australia · Austria · Belgium · Brazil · Bulgaria · Canada · Chile · China PRC · Colombia · Costa Rica · Croatia · Cyprus Czech Republic · Denmark · Dubai, UAE · Finland · France · Germany · Greece · Hong Kong SAR · Hungary · India · Indonesia · Ireland · Israel Italy · Japan · Korea · Luxembourg · Malaysia · Mexico · The Netherlands · New Zealand · Norway · Peru · Philippines · Poland · Portugal Puerto Rico · Romania · Russia · Saudi Arabia · Scotland · Singapore · Slovakia · Slovenia · South Africa · Spain · Sweden · Switzerland · Taiwan Thailand · Turkey · Ukraine · United Kingdom · United States · Venezuela · Vietnam · ZimbabweCopyright 2005 Cisco Systems, Inc. All rights reserved. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R) 205482.Z_ETMG_CC_10.05Printed in the USA Text Box: Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel: 408 526-4000 800 553-NETS (6387)Fax: 408 526-4100 European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel: 31 0 20 357 1000Fax: 31 0 20 357 1100 Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel: 408 526-7660Fax: 408 527-0883 Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital TowerSingapore 068912www.cisco.comTel: +65 6317 7777Fax: +65 6317 7799Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed onthe Cisco Website at www.cisco.com/go/offices.Argentina · Australia · Austria · Belgium · Brazil · Bulgaria · Canada · Chile · China PRC · Colombia · Costa Rica · Croatia · Cyprus Czech Republic · Denmark · Dubai, UAE · Finland · France · Germany · Greece · Hong Kong SAR · Hungary · India · Indonesia · Ireland · Israel Italy · Japan · Korea · Luxembourg · Malaysia · Mexico · The Netherlands · New Zealand · Norway · Peru · Philippines · Poland · Portugal Puerto Rico · Romania · Russia · Saudi Arabia · Scotland · Singapore · Slovakia · Slovenia · South Africa · Spain · Sweden · Switzerland · Taiwan Thailand · Turkey · Ukraine · United Kingdom · United States · Venezuela · Vietnam · ZimbabweCopyright 2005 Cisco Systems, Inc. All rights reserved. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R) 205482.Z_ETMG_CC_10.05Printed in the USA