This product bulletin describes the hardware and software features supported by Cisco IOS® Software Release 12.2(25)SG for the Cisco® Catalyst® 4500 Series Supervisor Engine II-Plus, II-Plus-TS, II-Plus-10GE, IV, V, and Supervisor Engine V-10GE. The Cisco Catalyst 4500 Series Supervisor Engine III is not supported in this software release.
NEW HARDWARE FEATURES
Cisco Catalyst 4500 Series Supervisor Engine II-Plus-10GE
The Cisco Catalyst 4500 Series Supervisor Engine II-Plus-10GE is the next generation Supervisor Engine II-Plus providing added bandwidth and functionality. Two 10 Gigabit Ethernet and four 1 Gigabit Ethernet uplinks are supported along with enhanced features (e.g. QinQ, Broadcast/Multicast Suppression). Additionally, please note that the Supervisor Engine II-Plus-10GE will now support Layer 3 routing capabilities via EIGRP-stub in the 12.2(25)SG IP Base image at no extra cost. Supported on the Cisco Catalyst 4503, 4506, and 4507R, the Supervisor Engine II-Plus-10GE increases the bandwidth switching capacity up to 108 Gbps at 81 mpps.
Cisco Catalyst 4500 Series 48-Port 100BASE-X, SFP Line Card
The Cisco Catalyst 4500 Series 48-port, nonblocking, 100BASE-X line card provides customers the ability to mix and match various Small Form-Factor Pluggable (SFP) optics, based on the network need. One to forty-eight 100BASE-X SFP optics can be populated on a single line card, as 100BASE-X SFP optics are optional. In Cisco IOS 12.25(SG) supported SFP optics include FX, LX10, BX-D, and BX-U. This line card is compatible with any Cisco Catalyst 4500 Series chassis.
NEW SOFTWARE FEATURES
NAC L2 IP
NAC L2 IP is an integral part of Cisco Network Admission Control. It offers the first line of defense for infected hosts (PCs and other devices attached to a LAN port) attempting to connect to the corporate network. NAC L2 IP on the Cisco Catalyst 4500 Series performs posture validation at the Layer 2 edge of the network for non-802.1x-enabled host devices. Host device posture validation includes anti-virus state and OS patch levels. Depending on the corporate access policy and host device posture, a host may be unconditionally admitted, admitted with restricted access, or quarantined to prevent the spread of viruses across the network.
NAC L2 802.1x
The Cisco Catalyst 4500 Series extends NAC support to 802.1x-enabled devices. Like NAC L2 IP, the NAC L2 802.1x feature determines the level of network access based on endpoint information.
Time Domain Reflectometry
Time Domain Reflectometry (TDR) is a technology used for diagnosing copper cable state. TDR detects impedance changes along an attached cable (for example, Category V) to determine opens, shorts, and terminated states. The fault distance from the switch is also supported. TDR is supported on the following Cisco Catalyst 4500 Series 1000BASE-T hardware products: the Enhanced 48-port 10/100/1000 line card, the 48-port 10/100/1000, 802.3af Power over Ethernet (PoE) line card; the 24-port PoE, 802.3af 10/100/1000 line card; and the Supervisor Engine II-Plus-TS. TDR is also supported on the Catalyst 4948 and Catalyst 4948-10GE switches.
Microflow Policing Full Flow Match
Microflow Policing Full IP Flow Match is typically used to offer granular flow rate limiting, such as different outbound flow and inbound flow rates. The full IP flow match extends classification granularity from source/destination IP addresses to the full IP flow label. When enabled, each flow is policed at a specified rate based on a unique group of Layer 3 and Layer 4 information: IP source address, IP destination address, IP protocol, Layer 4 source port, and Layer 4 destination port. Microflow Policing Full Flow Match is only available on the Cisco Catalyst 4500 Series Supervisor Engine V-10GE.
802.1x Authentication Failure
The 802.1x Authentication Failure feature offers certain limited network access to guests with 802.1x supplicants enabled. This differs from the 802.1x guest VLAN feature for those guests without 802.1x supplicants. 802.1x Authentication Failure VLAN is a user-configurable VLAN, aside from the guest VLAN. Guests (contractors, visitors) with 802.1x supplicants enabled will fail 802.1x authentication. These guest users will be placed into this special failure VLAN, typically with Internet access only. The 802.1x authentication failure VLAN can be configured to provide any type of limited access to network resources, including Internet access.
Cisco Catalyst 4500 Series Supervisor Engine V-10GE Uplink Enhancement
In previous Cisco IOS Software releases, the Cisco Catalyst 4500 Supervisor Engine V-10GE allowed the user to enable either the dual wire-speed 10 Gigabit Ethernet ports (X2 optics), or four alternatively wired Gigabit Ethernet SFP uplink ports. With Release 12.2(25)SG, customers with the Supervisor Engine V-10GE can simultaneously deploy the dual 10 Gigabit Ethernet ports and the four Gigabit Ethernet SFP ports. This capability is supported on the Catalyst 4503, Catalyst 4506, and Catalyst 4507R chassis. When deploying a Catalyst 4510R chassis, one of three configurations is supported:
• Enable the four Gigabit Ethernet ports (SFP optics) only.
• Enable both dual 10 Gigabit Ethernet and the four Gigabit Ethernet ports, with the understanding that the tenth slot (Flex-Slot) will only support a 2-port gigabit interface converter (GBIC) line card when in this mode.
OSPF Fast Convergence
OSPF Fast Convergence minimizes system downtime when an unexpected event, such as link failure, occurs. OSPF Fast Convergence consists of the following components:
• Fast Hellos-Support for user-configurable, subsecond, Open Shortest Path First (OSPF) hello intervals results in faster convergence in an OSPF network, especially in LAN segments.
• Incremental Shortest Path First (iSPF)-Enhances routing to intelligently determine the change in the Shortest Path Tree (SPT) and re-compute only the effected nodes upon SPT update. This increases efficiency and allows faster OSPF convergence on new routing topologies in reaction to network events.
• LSA Throttling-OSPF Link-State Advertisement (LSA) throttling provides a dynamic mechanism to slow down LSA updates in OSPF during times of network instability. LSA rate limiting in milliseconds allows faster OSPF convergence.
HTTPS
HTTPS is the secure version of HTTP. It uses Secure Sockets Layer (SSL) to provide device authentication and data encryption. HTTPS is required for secure communications with Cisco Network Assistant.
IS-IS MIB
Intermediate System-to-Intermediate System (IS-IS) is a link-state routing protocol designed for use within a single autonomous system and widely deployed as the Interior Gateway Protocol (IGP) of choice by many service providers. The IS-IS MIB enhances monitoring capabilities of network events for the overall state of the network.
NEW CISCO IOS SOFTWARE PACKAGING FOR THE CISCO CATALYST 4500 SERIES
Cisco Systems® announces a new Cisco IOS Software package for the Cisco Catalyst 4500 Series switches. This package creates a new foundation for features and functionality, and provides consistency across all Catalyst switches. The new Cisco IOS Software release train is designated as 12.2SG.
Prior Cisco IOS Software images for the Catalyst 4500 Series, formally known as "Basic L3" and "Enhanced L3" images, now map to "IP Base" and "Enterprise Services," respectively. Border Gateway Protocol (BGP) is now included in the "Enterprise Services" image. Unless otherwise specified, all currently shipping Catalyst 4500 software features based on Cisco IOS Software are supported in the 12.2(25)SG, IP Base image with a few points to note:
• The IP Base image will not support the following routing related features: BGP, EIGRP, OSPF, IS-IS, IPX, Apple Talk, Virtual Route Forwarding [VRF]-lite, and Policy-Based Routing [PBR])
The Enterprise Services image supports all Catalyst 4500 Series software features based on Cisco IOS Software, including enhanced routing. Customers planning to enable BGP on Supervisor Engines IV, V, or V-10GE will no longer need to purchase a separate BGP license (FR-IRC4); BGP capability is included in the Enterprises Services package. Table 1 shows a more detailed description of the feature differences between the IP Base and Enterprise Services (ES) images as they relate to the Catalyst 4500 Series supervisor engines.
Table 1. Feature Comparison for Cisco IOS Software Release 12.2(25)SG IP Base and Enterprise Services
Feature
Supervisor Engine II-Plus, II-Plus-TS, II-Plus-10GE: IP Base
Supervisor Engine IV: IP Base
Supervisor Engine IV: ES
Supervisor Engine V: IP Base
Supervisor Engine V: ES
Supervisor Engine V-10GE: IP Base
Supervisor Engine V-10GE: ES
NACv2.0
Yes
Yes
Yes
Yes
Yes
Yes
Yes
RIP and Static Route
Yes
Yes
Yes
Yes
Yes
Yes
Yes
NetFlow v1, v5, and v8
No
Yes
Yes
Yes
Yes
Yes
Yes
EIGRP
No
No
Yes
No
Yes
No
Yes
EIGRP-Stub
Yes
Yes
Yes
Yes
Yes
Yes
Yes
OSPF/IS-IS
No
No
Yes
No
Yes
No
Yes
BGP
No
No
Yes
No
Yes
No
Yes
VRF-lite
No
No
Yes
No
Yes
No
Yes
Apple Talk
No
No
Yes
No
Yes
No
Yes
IPX
No
No
Yes
No
Yes
No
Yes
PBR
No
No
Yes
No
Yes
No
Yes
Note: Please note that the Cisco Catalyst 4500 Series Supervisor Engine III is not supported in Cisco IOS Software Release 12.2(25)SG.
CISCO IOS SOFTWARE MIGRATION GUIDE
Figure 1 displays the Cisco IOS Software Release 12.2(25)SG plan relative to the 12.2S and 12.1 releases, and identifies the recommended migration path.
Figure 1. Cisco IOS Software Release Plan for the Cisco Catalyst 4500 Series
Summary of Migration Plan
• Customers requiring the latest Cisco Catalyst 4500 Series hardware and software features should migrate to Cisco IOS Software Release 12.2(25)SG. In the new Cisco IOS Software package, the 12.2EW designation is replaced by 12.2SG. Both software release trains are based on 12.2S Release 5.
• Releases 12.2(18)EW and 12.2(25)EWA will continue offering maintenance releases.
• The 12.1 EW train will reach end of sale on October 4, 2005.
• Cisco IOS Software 12.1 releases will stop at 12.1(26)E2 because of limited hardware and software support.
