Cisco® announces Cisco IOS® Software updates for Cisco Catalyst® 3750, 3560, 3550, 2960, 2970 Series Switches and CBS30x0 Series Blade Switches. This new release furthers Cisco leadership in providing secure, reliable, integrated data and voice LAN switching solutions.
This product bulletin contains content and delivery information for Cisco IOS Software
The following new features are available with Cisco IOS Software Release 12.2(35)SE for enterprise Ethernet switches:
• Multi Domain Authentication (MDA)-MDA provides enhanced security for IP phone deployments. This allows an IP phone (Cisco or third-party) and a single host behind the IP phone to independently authenticate using 802.1x. Using this method, a switch can place the host in the data VLAN and IP phone in the voice VLAN, though they appear on the same switch port. Data VLAN can be downloaded from the authentication, authorization, and accounting (AAA) server. For non-802.1x devices, MAC Authentication Bypass (MAB) can be used as the fallback to authenticate using the MAC address of the device. For
non-802.1x deployments, MAB can be used to authenticate both IP phones and hosts.
• Local Web Authentication-Allows non-802.1x users to authenticate using a login page. The switch intercepts an HTTP packet from the host and sends an HTML login page. The user keys in the credentials (such as username and password) and gets authenticated by an AAA server.
• MAC Authentication Bypass (MAB) for Voice VLAN-This feature allows non-802.1x IP phones (with no 802.1x supplicant) to authenticate to the network, utilizing the MAC address of the IP phone. The switch will initiate an Extensible Authentication Protocol (EAP) conversation with an AAA server on behalf of the IP phone to authenticate the MAC address itself. This process is transparent to the end user and utilizes a prepopulated database on the AAA server.
• MAB aging timer-Provides a mechanism to detect inactive hosts after they have authenticated using MAB. The switch flushes the entries for hosts that remain inactive
for this duration, thus allowing new hosts to get authenticated on the same port.
• Fast Stack Image Update-Updates the software images for all the stack members
in parallel, improving the speed and performance of image updates.
• Generic Online Diagnostics Framework (GOLD) for Cisco Catalyst 3560-GOLD is a fault detection framework that provides troubleshooting tools for customers and the Cisco Technical Assistance Center (TAC) and can be either run on demand or scheduled.
– Supports the same level of GOLD functionality available on the Cisco Catalyst 3750.
• Power over Ethernet (PoE) MIB-A new CISCO-POWER-ETHETNET-EXE-MIB provides PoE visibility and allows administrators to proactively monitor power usage. Table 1 describes managed objects related to PoE.
Table 1. Overview of New PoE MIB Object Types
MIB Object Type
• Enable PoE mode (auto/static and so on)
• Max power allowed on this port (optional)
• Threshold for allocated power
• When allocated power exceeds specified threshold
• PoE mode (auto/static and so on)
• Operational status (power deny/on/off scenarios)
• Power allocated (through Cisco Discovery Protocol negotiation or power class) on the interface
• Type of the device plugged into the port
• IEEE power classification class
• Enhanced Object Tracking (EoT)-Provides ability for Hot Standby Router Protocol (HSRP)-like protocols to monitor the link and route state objects and dynamically adjust to state changes. This provides increased network availability during failover.
• STACK MAC Persistent Timer-Currently, when a stack master is removed and a new master takes over, by default, the MAC address of the new stack master becomes the new stack MAC router address. This feature enables users to configure a timer to allow a time delay before stack MAC address changes to the new master MAC address. A value of "0" helps ensure the original master MAC address remains the stack MAC router address, thus making it transparent to the endpoints.
• Cisco Catalyst Blade Switch 30x0 Series carry no new features in this release. However, the common bug fixes to the 12.2(35)SE release are included
Table 2 describes product support for new features of Cisco IOS Software Release 12.2(35)SE for enterprise switches.
Table 2. Cisco IOS Software Release 12.2(35)SE New Features for Enterprise Switches
You must purchase the EMI/IP Services or Advanced IP Services software upgrade kit when upgrading a switch from SMI/IP Base to EMI/IP Services or Advanced IP Services software. Downloads of SMI/IP Base, EMI/IP Services, and Advanced IP Services files are monitored for adherence to this requirement.
Because of export restrictions on strong cryptography software, a separate image is required for the cryptographic features (Secure Shell [SSH] Protocol, Simple Network Management Protocol Version 3 [SNMPv3], and Kerberos Protocol). These software images can be downloaded from the corresponding Triple Data Encryption Standard (3DES) area of the links provided in this section. Note that the Cisco Advanced IP Services license is available only in cryptographic format.
Additional product information is available at the following URLs: