This product bulletin describes the primary hardware and software features supported by Cisco IOS® XE Software Release 3.3.0SG and Cisco IOS® Software Release 15.1(1)SG for the following products:
Primary Hardware and Software Service Innovations Delivered in Cisco IOS® XE Software Release 3.3.0SG and Cisco IOS® Software Release 15.1(1)SG
Cisco IOS® XE Software Release 3.3.0SG and Cisco IOS® Software Release 15.1(1)SG are part of the new software release on Catalyst 4500E & Catalyst 4500-X Series Switches that delivers new software and hardware innovations in campus access and aggregation deployments that span across many technologies including Security, Video, High Availability, Network Virtualization, IP Multicast and Lower TCO as following.
Software Features
Security
Device Sensor for Simplified Profiling
Device Sensor is an infrastructure integrated device collection feature running on Catalyst 4500 that facilitates efficient profiling & simplified BYOD deployment for common workspace devices (printers, APs, IP phones & Tablets).
Benefits
• Offload sensor functionality to network infrastructure
• Contextual data passed via RADIUS from Switch to ISE (Cisco Identity Services Engine)
• More scalable & efficient
Figure 1. Device Sensor with ISE for profiling solution
MACSec Encryption on SUP7-E/SUP7L-E uplinks and 47xx Line cards
Cisco MACSec ensures data confidentiality and integrity of all wired network traffic whereas The "hop by hop" nature of MACSec preserves traffic visibility and allows Netflow, QoS, and other layer 2 technologies to work alongside the network encryption. IOS 3.3.0SG will provide support for following MACSec features:
• IEEE 802.1ae MACSec Layer 2 encryption
• IEEE 802.1ae MACSec encryption on user facing ports
• IEEE 802.1ae MACSec encryption on user facing ports SSO
• IEEE 802.1ae MACSec encryption between switch-to-switch links using Cisco SAP (Security Association Protocol)
Figure 2. MACSec uplinks and downlinks
Benefits
• Data confidentiality & Integrity
• Flexibility: Selectively enable MACSec on links where needed
• Network Intelligence: Intermediate network devices can inspect, monitor, and forward
MAC Authentication Bypass (MAB) - configurable user name and password
This feature allows the user to configure the format of the MAC address used in the username and password fields in the RADIUS Access-Request packet for MAB authentication. This allows the easy inter-operatibility with RADIUS servers or MAC databases which expect the MAC address in a different format than provided by the switch as default.
SXPSyslog
This feature enables CTS-SXP syslogs to be generated whenever a change to IP-to-SGT binding occurs (add, delete, change). These changes are learned and propagated on the CTS-SXP connection.
Medianet
Medianet is Cisco's end-to-end IP architecture that enables pervasive and quality rich-media (video, voice and data) experiences. A Medianet reduces total cost of ownership and scales video through features such as auto-configuration and media monitoring. At the same time, it helps to ensure a quality user experience while optimizing bandwidth use and efficiency.
Media Monitoring enhances visibility into the network to simplify, generate baselines, and accelerate troubleshooting of video, voice, and data applications, and validates network capacity and configuration before deploying new applications or before events.
Media Monitoring is composed of three features: Performance Monitor, Mediatrace, and IP SLA video operation (VO). These three features form a suite of tools to help enable the network operator to perform media performance monitoring and troubleshooting.
• Performance Monitor allows administrators to analyze the performance of rich-media traffic across the network to provide a holistic view of the network service being delivered.
• Mediatrace discovers Layer 2 and Layer 3 nodes along a flow path. Mediatrace implicitly uses Performance Monitor to provide a dynamic hop-by-hop analysis of media flows in real time to facilitate efficient and targeted diagnostics.
• IP SLA VO (Video Operations) generates synthetic traffic streams that are very similar to real media traffic. It can be used in conjunction with Mediatrace to perform capacity planning analysis and troubleshooting even before applications are deployed.
Media Awareness and Auto configuration
Cisco endpoints are equipped with the Media Services Interface (MSI) a software component that helps enable endpoints to consistently make use of intelligent network services to improve the quality of experience and reduce the cost of deployment and operations.
Media Services Proxy (MSP) helps by recognizing the type of flow by gleaning a limited set of signaling protocols (RTSP, SIP, H323) to provide same functionality to non-cisco endpoints.
Cisco AutoQoS simplifies quality-of-service (QoS) deployment for video endpoints by providing end to end QoS for voice, data and video traffic.
Wired Location Services
The wired location solution is designed to track the location of devices as they move around the network. Central location management is done with Cisco MSE whereas Campus switches communicate location info with MSE via NMSP protocol.
New NMSP enhancements in this release are as below:
• Location at switch level
• Local timezone change
• GPS support for location
• Priority settings for MIBs
• Name value pair
Lower TCO
Wireshark based Ethernet Analyzer Application
Wireshark based Ethernet Analyzer is an IOS-XE based built-in open source packet analyzer application using Application Hosting Capabilities of IOS XE for network analysis, monitoring and troubleshooting without the need for external sniffer. Wireshark will be available on Cisco® Catalyst® 4500 Series Supervisor Engine 7-E, Supervisor Engine 7L-E and C4500-X starting IOS XE3.3.0SG.
Figure 3. Wireshark Analyzer Application running on IOS-XE
EnergyWise 2.5
Starting with Cisco IOS Release 3.3.0SG and 15.1(1)SG, Energywise will provide support for following features:
Expand Endpoint device support
• New version of toolkit and API based partner integration
Easy Virtual Network (EVN) is Cisco's IP-based network virtualization solution that provides traffic separation and path isolation on a shared network infrastructure. EVN uses existing Virtual Route Forwarding (VRF)-Lite technology to Simplify Layer 3 network virtualization, Improve shared services support and Enhance management, troubleshooting.
This feature in OSPFv3 allows nonstop data forwarding along routes that are already known while the OSPFv3 routing protocol information is being restored.
HSRPv2 Global IPv6 address Support
The HSRP global IPv6 address feature allows users to configure multiple nonlink local addresses as virtual addresses, and it allows for the storage and management of multiple global IPv6 virtual addresses in addition to the existing primary link-local address. If an IPv6 address is used, it must include an IPv6 prefix length. If a link-local address is used, it must not have a prefix.
NSF support extended from Enterprise Services to IP Base
Starting with Cisco IOS Release 3.3.0SG and 15.1(1)SG, support for NSF (NSF for BGP, OSPF and EIGRP) has been extended from Enterprise Services to IP Base feature set.
IP Multicast
IGMPv3 Host Stack
IGMPv3 Host Stack support on the switches will enable the switch to behave as a Multicast network end point or host.
Per Interface IGMP State Limit
This feature allows you to configure a limit on the number of IGMP states on a per-interface or global basis.
Per Interface Mroute State Limit
Per Interface mroute State Limit, feature will limit the number of mroute states on a per-interface basis.
Bandwidth based Call Admission Control (CAC) policy for Multicast
This feature implements a method to monitor bandwidth per interface and multicast group avoiding Oversubscription due to multicast services.
IPv6 SSM mapping - MLDv1 receivers
This feature allows deployment of IPv6 SSM with hosts that are incapable of providing MLD version 2 support in their TCP/IP host stack and their IP multicast receiving application. SSM mapping allows the router to look up the source of a multicast MLD version 1 report either in the running configuration of the router or from a DNS server. The router can then initiate an (S, G) join toward the source. SSM mapping for IPv6 supports both static and dynamic Domain Name System (DNS) mapping for MLD version 1 receivers.
IPv6 BSR - ability to configure RP mapping
This feature allows an IPv6 BSR router to directly announce scope-to-RP mappings instead of learning them from candidate-RP messages.
MSDP MD5 password authentication
The MSDP MD5 Password Authentication feature provides support for Message Digest 5 (MD5) signature protection on a TCP connection between two Multicast Source Discovery Protocol (MSDP) peers.
MLD group limits
This feature allows to configure Global and per-interface CLI to limit number of MLD groups.
IPv6: Multicast Address Group Range Support
The feature is to disable PIM+MLD control plane actions and to disable traffic forwarding for selected multicast groups.
IGMP static group range support
Introduces the capability to configure group ranges in class maps and attach class maps to the ipigmpstatic-group command
PIM triggered joins
This feature achieves better multicast route convergence after HA Switchover
Support directly connected addresses in autoRP candidate RP
This enhancement will allow to accept directly connected addresses as a parameter in send-rp-announce command
Routing
BGP Support for 4-byte ASN
Due to increased demand for AS numbers, IANA started allocating 4 byte AS numbers. The addition of this feature allows to use an expanded 4-byte AS number granted by IANA.
BGP Per Neighbor Graceful Restart Configuration
This feature allows for enabling and disabling Gracefull Restart Per BGP Neighbor
BGP Support for Dual AS Configuration for Network AS Migrations
When a service provider merges its AS with another, this feature provides a seamless way to transition the customers over to the new AS.
BGP Dynamic Neighbors
BGP Dynamic Neighbors allow for configuration of prefix ranges which should accept incoming TCP sessions and dynamically create a BGP neighbor relationship with the source IP
BGP Support for Next-Hop Address Tracking
This feature allows for support of BGP for address tracking to trigger path re-calculation due to changes to BGP next-hop internal routes
OSPF Generic Time to Live (TTL) Security Check (GTSM)
This feature enables checking of ttl values on OSPF packets from Neighbors and also allows users to set TTL values sent to neighbors. This feature increases protection against OSPF denial of service attacks.
OSPF Graceful Shutdown
OSPF Graceful Shutdown will provide the capability to temporarily shutdown a protocol without losing the configuration.
OSPF Mechanism to exclude Connected prefixes from LSA Advertisements
This feature provides OSPF mechanism to exclude IP prefixes of connected networks from link state advertisements (LSAs), thereby reducing OSPF convergence time.
OSPFv3 IPSec ESP Encryption and Authentication
OSPFv3 relies on the IPv6 IPSec Authentication Header (AH) and Encapsulating Security Payload (ESP) to ensure integrity, authentication, and confidentiality of routing exchanges. This feature provides the support for Authentication Header (AH) and Encapsulating Security Payload (ESP) support for Virtual Links.
OSPF Enhanced Traffic Statistics for OSPFv2 and OSPFv3
New OSPF traffic statistics are collected and displayed including:
• per interface statistics of rx/tx packets sorted by packet type
• per interface ospf packet header errors including reason for a drop
• per interface ospf lsa errors including type of the error
• traffic stat are displayed also on per ospf pdb base.
Manageability
Table 1. Supported MIBs for Cisco Catalyst 4500E and 4500-X
MIBs
Platforms
IEEE8021-SECY-MIB
C4500E, C4500-X
CISCO-POWER-ETHERNET-EXT-MIB Enh
C4500E
CISCO-TRUSTSEC-SXP-MIB
C4500E, C4500-X
CISCO-LAG-MIB Enhancement
C4500E, C4500-X
CISCO-VRF-MIB
C4500E, C4500-X
CBQOS MIB
C4500E, C4500-X
CISCO-AUTH-FRAMEWORK-MIB
C4500E, C4500-X
IGMP-STD-MIB
C4500E, C4500-X
CISCO-ENTITY-DISPLAY-MIB
C4500E, C4500-X
Application Visibility
VLAN ID support for Flexible NetFlow
Allows user to configure "ingress VLAN" as a "key field" in the Flexible NetFlow record
SUP7-E, SUP7L-E, C4500-X feature parity with SUP6-E, SUP6L-E
Starting IOS XE 3.3.0SG, SUP7-E, SUP7L-E & C4500-X will have complete features parity with SUP6-E & SUP6L-E.
Cisco Catalyst 4500-X Series Fixed 10 Gigabit Ethernet Aggregation Switch
IOS XE 3.3.0SG enables software support for the brand new Cisco Catalyst 4500-X series compact 10 Gigabit Ethernet Aggregation platform offering industry leading performance, deep buffers, unprecedented traffic visibility and integrated network services. Catalyst 4500-X is the only Cisco platform that combines best-in-class performance and comprehensive Borderless Networks software features in a compact 1RU form factor and is ideal for space constrained campus aggregation deployments. For more details, please visit: http://wwwin.cisco.com/dss/csstg/gsbu/c4500x.
Optics
GLC-FE-100EX and GLC-FE-100ZX for Fast Ethernet SFP ports on WS-X4248-FE-SFP
GLC-GE-100FX and GLC-EX-SMD for Fast Ethernet SFP ports on WS-X4640-CSFP-E
GLC-GE-100FX and GLC-EX-SMD for Fast Ethernet on SFP WS-X4612-SFP-E and WS-X4624-SFP-E
Line cards
Starting with Cisco IOS Release 15.1(1)SG, support for WS-X4640-CSFP-E Line Card has been extended to SUP6E and SUP6L-E.
Repackaging of Features
Starting with Cisco IOS Release 15.1(1)SG and Cisco IOS XE Release 3.3.0SG, support for all IP SLAs and NSF features have been extended from Enterprise Services to IP Base feature set.
Cisco IOS Software Release Trains for the Cisco Catalyst 4500 Series
Cisco IOS Release 15.1(1)SG and Cisco IOS Release XE 3.3.0SG are part of a scheduled time-based release containing new hardware and software features as shown in below figures.
Tables 2, 3 and 4 provide product numbers and ordering information for Cisco IOS® XE Software Release 3.3.0SG and Cisco IOS® Software Release 15.1(1)SG on Catalyst 4500E & Catalyst 4500-X Series Switches
Table 2. Cisco IOS® XE Software Release 3.3.0SG Product Numbers and Images for Cisco Catalyst 4500E Series Switches
