PB 531034
Overview
This product bulletin describes some of the primary hardware and software features supported by Cisco IOS® Software Release 12.2(52)SG for the following switches and supervisor engines:
• Cisco® Catalyst® 4500 Series Supervisor Engine 6-E
• Cisco Catalyst 4900 Series and 4900M Series Switches
• Cisco Catalyst 4500 Series Supervisor Engine V-10GE, Supervisor Engine V, Supervisor Engine IV, Supervisor Engine II-Plus-10GE, Supervisor Engine II-Plus-TS, and Supervisor Engine II-Plus
Primary Hardware and Software Service Innovations Delivered in Cisco IOS Software Release 12.2(52)SG
Cisco IOS Software Release 12.2(52)SG is available for all shipping Cisco Catalyst 4500 Series Supervisor Engines , Cisco Catalyst 4900 Series, and Cisco Catalyst 4900M Series switches. Release 12.2(52)SG is a time-based release containing new hardware and software features. For detailed information on release trains, visit www.cisco.com/en/US/prod/collateral/switches/ps5718/ps4324/product_bulletin_c25_468800.html.
The following list highlights the primary hardware and software features in this release:
• 6000W power supply with dual AC input supplies (110V-220V, 15A) increases the Power over Ethernet (PoE) density of the chassis.
• Hot Standby Router Protocol (HSRP) version 2 for IPv4 and IPv6: Improved timers and troubleshooting techniques for HSRPv2.
• EnergyWise, a new Cisco technology for power-based management and reporting. EnergyWise provides measuring and reporting power for connected network devices.
• Network Mobility Services Protocol (NMSP), an enhancement that enables switch port tracking of hosts or users connected to switches. As part of the location service, the switch integrates with the Cisco 3300 Series Mobility Services Engine, which can be used for host/user lookup in determining the switch connectivity for troubleshooting purposes
• Cisco Smart Call Home is a proactive, connected service capability of the Cisco SMARTnet® Service, and is available at no additional cost on Call Home-capable devices, including Cisco Catalyst 4500 Series switches. Call Home devices can continuously monitor their own health using GOLD diagnostics technology, and automatically notify you of potential issues using secure transmissions.
• Layer 2 tunnelling protocols and Metro Ethernet feature 802.1q, L2TP, PPPoeIA, and Ethertype classification.
• IPv6 Repackaging: Many IPV6 features previously only available in Enterprise Services are now added to IP Base image.
Table 1 provides a release overview.
Table 4. Release Overview
Features
The following new features of Cisco IOS Software Release 12.2(52)SG are applicable to all supervisor engines and Cisco Catalyst 4900 Series fixed-configuration systems, unless otherwise stated.
Hardware
6000W AC Power Supply
Compatible with all shipping Cisco Catalyst 4500 Series chassis and supervisor engines, the 6000W Power Supply has dual AC inputs:110V and 220V. The 110V is limited to 15A input current, for installation flexibility.
The 6000W Power Supply increases the density of PoE supported on the Cisco Catalyst 4500 Series. Capable of powering a fully loaded 4507R-E with class 3 devices in redundant mode Figure 2 shows the power supply, and Table 2 details the supported PoE numbers.
Figure 1. Cisco Catalyst 4500 Series 6000W Power Supply
Table 5. Scalability Numbers for the 6000W Power Supply
Software Features
Consult Table 1 to see platform support for the following features.
Management
EnergyWise Phase 1
Cisco EnergyWise is an energy management architecture designed to measure power consumption and optimize power usage, resulting in effective delivery of power across the enterprise. IT professionals can quickly optimize the power consumed in a building, and the result is immediate cost saving with a clear return on investment.
Cisco EnergyWise measures current power consumption, can automate and take actions to optimize power levels, and can advise how much power is being consumed. After power consumption is understood, regulation using Cisco EnergyWise network protocols provides command and control of power usage. Energy consumed per location can easily be found with a realistic view of power consumed per wiring closet, building floor, or campus building. An EnergyWise entity is a device that can communicate with an EnergyWise-enabled network. Examples include PCs, phones, access points, and, in the future, HVAC and lighting controllers. Each entity has a unique ID. Entities can contain other entities in a parent-child relationship, such as an IP phone attached to a PoE switch.
An EnergyWise domain is a logical grouping of EnergyWise-enabled entities. All entities in the domain can be visualized as one unit of power consumption. Figure 3 provides an illustration of an EnergyWise network.
Figure 2. EnergyWise Network
Smart Call Home
Cisco Smart Call Home is a proactive, connected service capability of Cisco SMARTnet Service that is available at no additional cost on Cisco Catalyst 4500 Series Switches. Smart Call Home devices can continuously monitor their own health using GOLD diagnostics technology and automatically notify you of potential issues using secure transmissions. If a serious problem arises, Smart Call Home automatically detects it and generates a Cisco Technical Assistance Center (TAC) service request that is routed to the right team for a particular problem.
Network Mobility Service Protocol
Network Mobility Service Protocol (NMSP) enables switch port tracking of hosts or users connected to switches (Figure 4). As part of the location service, the switch integrates with the Cisco Mobility Services Engine, which can be used for host/user lookup to determine the switch connectivity for troubleshooting purposes. NMSP can also be used in the data center to locate servers, provide a centralized view of all servers and switch port utilization, and provide updates if a server is decommissioned or powered down.
Figure 3. NMSP Illustration
Security
• Identity ACL Policy Enforcement Enhancements
Filter-ID and per-user access control list (ACL):
ACLs are an important policy enforcement option in identity-based networks.
Per-user ACLs are fully defined on the authentication server. Each element in a per-user ACL is defined as a RADIUS vendor-specific attribute (VSA). The authentication server returns the VSAs in the RADIUS Access-Accept message that it sends to the switch after a successful authentication.
Filter-IDs offer a more distributed method of group-to-policy mapping. In this mode, the full definition of the identity-based ACLs resides on the switch. The authentication server determines the user's group and the identifier (the Filter-ID) of the ACL that should be applied to that user. The authentication server sends the Filter-ID to the switch as an attribute in the RADIUS Access-Accept message. The switch matches the Filter-ID to a locally configured ACL that has the same number as the Filter-ID (for example, Filter-ID=101 will match up to ACL 101). That ACL is then applied to the port. While Filter-ID ACLs lack the centralized management of per-user ACLs, they do allow for local variation in policy.
• Voice-Aware Port Security
Allows more granular control of port security and includes the ability to shut down an individual VLAN if there is a port-security, bpdu-guard, dhcp-rate-limit, or arp-inspection violation on a trunk. For example, a trunk port had an IP phone connected with a PC, if the PC commits a violation, it is now possible to disable the data VLAN without affecting the voice VLAN.
Layer 2 Tunneling and Metro Ethernet Features
IEEE 802.1Q Tunneling and Layer 2 Tunneling Protocol now supported on the Supervisor Engine 6-E in addition to the legacy supervisors.
IEEE 802.1Q (QinQ) allows ISPs to use VLANs internally while mixing traffic from clients that are already VLAN-tagged. The outer tag comes first, followed by the inner tag. As the Layer 2 traffic enters a service provider switch from a customer switch, the existing VLAN tag (imposed by the customer switch) is preserved and a new tag controlled by the ISP is imposed on the frame, in addition to the existing tag. The new tagged frame is treated as a Layer 2 frame with unknown EtherType and the outer VLAN tag is used for subsequent switching inside the service provider infrastructure.
When the frame reaches the other end of the service provider network, the outermost tag is stripped off at the edge switch before sending to the customer network, which sees the same frame that was sent out of its peer customer edge switch.
Each customer edge port connected to an 802.1Q tunnel port is typically configured as a trunk port. The port on the customer edge is unaware of the presence of an 802.1Q tunnel on the other end, and can reach all other customer edge trunk ports connected to the service provider network as if they were directly connected.
Layer 2 Tunneling Protocol (L2TP) allows customer switches on either side of the service provider network to participate in Layer 2 protocols by allowing protocol packets to be encapsulated with a special tunnel MAC address, which is used for forwarding the protocol frames through the service provider infrastructure. The edge service provider switches decapsulate the protocol frames and forward them to the appropriate customer switches, which can then process the frames as if they had been received from a neighboring switch. The protocols that are tunneled are Spanning Tree Protocol, Cisco Discovery Protocol, and VLAN Trunking Protocol (VTP).
EtherType Classification
The ability to classify non-IP packets based on the EtherType value allows users to apply security ACLs and QoS policies on non-IP packets that belong to different protocols, such as Point-to-Point Protocol over Ethernet (PPPoE).
In order to support EtherType classification on the Supervisor Engine 6-E hardware, the existing MAC access list configuration CLI is modified to allow EtherType as a classification criterion. Once an access list is created to match the EtherType value, it can be attached to a target interface as a security ACL (to accept/drop packets with specific EtherType values). Also, Modular QoS CLI (MQC) constructs can be used to define QoS policies based on the classification criteria, which are then attached to the required target interfaces (port and/or VLAN).
Point-to-Point Protocol over Ethernet Intermediate Agent (PPPoEIA)
PPPoEIA enables subscriber line identification over Ethernet during the PPPoE discovery phase. The switch tags PPPoE discovery packets that are destined for the broadband remote-access server with the subscriber's circuit and remote IDs, and untags PPPoE discovery packets that are destined for the subscriber. The software release supports access, trunk, and private VLAN ports; per-port and per-port-per-VLAN configuration; Dynamic Host Control Protocol (DHCP) option 82; configurable circuit and remote IDs; and nonstop forwarding (NSF) and single signon (SSO). Simple Network Management Protocol (SNMP) MIB is not supported in this release. Upon release, this feature will be compliant with RFC 2516 and DSL Forum TR-101 Section 3.9.2.
IP Routing and Multicast
Policy-Based Routing (PBR)
Support for PBR has been added to the Supervisor Engine 6E. PBR provides a flexible means of routing packets based on configured policies. When administrative issues dictate that traffic be routed through specific paths, PBR provides the solution by defining policies that selectively cause packets to take different paths, essentially overriding the forwarding behavior specified by the routes derived from routing protocols.
IPv6 Repackaging
Many features previously available in Enterprise Services image are now being made available in the IP Base image. This will ensure parity between IPv6 and IPv4 features available within packages. Following table captures some of the key features from both images.
Table 6.
HSRP Version 2 (HSRPv2) IPv4 and IPv6
HSRPv2 advertises and learns millisecond timer values. This change ensures stability of the HSRP groups in all cases.
HSRPv2 permits an expanded group number range, 0 to 4095, and consequently uses a new MAC address range of 0000.0C9F.F000 to 0000.0C9F.FFFF. The increased group number range does not imply that an interface can, or should, support that many HSRP groups. The expanded group number range was changed to allow the group number to match the VLAN number on subinterfaces.
HSRPv2 provides improved management and troubleshooting. The HSRPv2 packet format includes a 6-byte identifier field that is used to uniquely identify the sender of the message. Typically, this field is populated with the interface MAC address.
HSRPv2 uses the new IP Multicast address 224.0.0.102 to send hello packets instead of the address of 224.0.0.2, which is used by version 1. This new address allows Cisco Group Management Protocol leave processing to be enabled at the same time as HSRP.
PIM SSM Mapping
The Source Specific Multicast (SSM) Mapping feature extends the Cisco IOS suite of SSM transition tools, which also includes URL Rendezvous Directory (URD) and Internet Group Management Protocol Version 3 Lite (IGMP v3lite). SSM mapping supports SSM transition in cases where neither URD nor IGMP v3lite is available, or when supporting SSM on the end system is impossible or unwanted due to administrative or technical reasons. SSM mapping enables you to use SSM for video delivery to legacy set-top boxes (STBs) that do not support IGMPv3, or for applications that do not take advantage of the IGMPv3 host stack.
Cisco IOS Software Release Trains for the Cisco Catalyst 4500 Series
Cisco IOS Software Release 12.2(52)SG is a scheduled time-based release containing new hardware and software features. The Cisco Catalyst 4500 Series currently has two active maintenance trains: 12.2(31)SGA and 12.2(50)SG. This 12.2(52)SG is a new feature release containing the lates hardware and software features.
Figure 4. Overview of SG and SGA released images
Cisco Catalyst 4500 Cisco IOS Software Migration Guide
• Customers requiring the latest Cisco Catalyst 4500 Series hardware and software features should migrate to Cisco IOS Software Release 12.2(52)SG.
• Cisco IOS Software Release 12.2(50)SG will continue offering maintenance releases. .
Cisco IOS Software Release 12.2(52)SG Release Summary
Cisco IOS Software Release 12.2(52)SG is a new feature time-based release. For more information on release trains, visit www.cisco.com/en/US/prod/collateral/switches/ps5718/ps4324/product_bulletin_c25_468800.html.
This release provides new hardware support, i with the 6000W Power Supply, and many new software and management features such as EnergyWise Phase 1, Smart Call Home, and NMSP.
For configuration details and information about the new features in Cisco IOS Software Release 12.2(52)SG, visit the release notes at www.cisco.com/en/US/products/hw/switches/ps4324/prod_release_notes_list.html.
Support
Support for Cisco IOS Software Release 12.2(52)SG follows the standard Cisco support policy, available at www.cisco.com/en/US/products/products_end-of-life_policy.html.
For more information about the Cisco Catalyst 4500 Series, visit www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/index.htm.
Ordering Information
Tables 4 and 5 provide product numbers and ordering information for Cisco IOS Software Release 12.2(52)SG and supporting hardware.
Table 7. Cisco IOS Software Release 12.2(52)SG Product Numbers and Images for Cisco Catalyst 4500 Series
Table 8. Cisco IOS Software Release 12.2(52)SG Product Numbers and Images for Cisco Catalyst 4900 Series