Address Resolution Protocol (ARP) quality of service (QoS)
Link Layer Discovery Protocol Media Extensions (LLDP-MED location identification TLV
The following new features of Cisco IOS Software Release 12.2(46)SG are applicable to all supervisor engines and 49xx fixed-configuration systems, unless otherwise stated.
• Cisco Catalyst 4928-10GE Ethernet Switch
This release introduces a new member of the Cisco Catalyst 4900 Series of fixed-configuration switches. The Cisco Catalyst 4928-10GE was designed from the beginning to meet the needs of space-constrained distribution/core networks in the enterprise or branch LAN. The Cisco Catalyst 4928-10GE has 28 Gigabit Ethernet (Small Form-Factor Pluggable [SFP]) and two 10 Gigabit Ethernet (X2) wire-rate ports. This new switch is 1 RU and features 1+1 redundant internal AC or DC power supplies and a hot swappable fan tray. It will run the same image as the Cisco Catalyst 4900 Series Switches.
This offers the same features as the Cisco Catalyst 4948 switches and classic supervisors.
Product number: WS-C4928-10GE
Description: Cisco Catalyst 4928-10GE Switch, optional software image, optional power supplies, fan tray
Shipping: August 2008
• Cisco Catalyst 4900M Switch
The Cisco Catalyst 4900M Switch is part of the Cisco data center switching portfolio. The Cisco Catalyst 4900 Series Switches are designed as a top-of-rack access layer switch for use with rack-optimized servers. It is unique in the top-of-rack space because it is semifixed. This flexibility provides a cost-effective and modular migration path from Gigabit Ethernet to 10 Gigabit Ethernet. This release will support the Cisco Catalyst 4900M Switch. Previously there was a separate release for the Cisco Catalyst 4900M Switch (for example, Release 12.2(40)XO).
Note: Before Release 12.2(46)SG, the Cisco Catalyst 4900M platform was only supported in Release 12.2(40)XO, a short-lived special train that was introduced to support the new Cisco Catalyst 4900M platform. With Release 12.2(46)SG, it is highly recommended that customers who are running Release 12.2(40)XO should migrate to Release 12.2(46)SG for new features and bug fixes. As of Release 12.2(46)SG the Cisco Catalyst 4900M platform will share a common software release with classic and 6-E supervisor engines.
Consult Table 1 to see platform support for the following features.
FlexLinks and FlexLinks+ with VLAN load balancing and MAC address-table move update (MMU):
FlexLinks provides Layer 2 redundancy without requiring Spanning Tree Protocol. FlexLinks is applicable in the following scenarios:
• Top-of-rack data center access switch dual connected to the aggregation
• Metro access switch dual connected to aggregation
• Wiring closet switch dual connected to the distribution
FlexLinks+ allows link-level protection between switches. The protected links are kept at active state, and traffic is load balanced based on VLAN. In case of a link failure, the VLANs switch over to the standby link.
• Simplified backup mechanism
• Fast redundancy/convergence
• No need to run spanning tree
E-OAM 802.3ah and CFM: 802.1ag:
CFM and 802.3ah define a set of fault and performance management features essential for service providers to perform effective operation, administration, and maintenance (OAM) operations. CFM is an end-to-end per-service-instance Ethernet layer OAM protocol. It includes proactive connectivity monitoring, fault verification, and fault isolation. The following CFM features are supported in this release:
• CFM 3.0
• Outward-facing Maintenance End Point (MEP)
• CFM MIB
IEEE 802.3ah is a link layer OAM at the provider edge and is used across a physical IEEE 802.3 medium between a provider and a customer, between two provider ports, or even potentially between two customer ports. 802.3ah performs link monitoring and loopbacks.
This feature enables the out of band management port on the front of the Cisco Catalyst 4948 switches and the rear of the Cisco Catalyst 4900M switch. The management port (interface fastethernet 1) is for management purposes only and cannot pass traffic to any other port in the system. Network administrators can now create an out of band management network to monitor and deploy switches throughout the data center.
Platform: Supported on Cisco Catalyst 49xx and 4900M switches only.
Object tracking is a mechanism to track one object and take an action on another object when there is "no relationship" between the objects. EOT support will allow switches utilizing Hot Standby Router Protocol (HSRP) to track IP service-level agreement (SLA) measurements and trigger hot standby failover based upon jitter, packet loss, or latency. Moreover, the EOT feature separates the tracking mechanism from HSRP and creates a separate standalone tracking process that can be used by any other process as well as HSRP. EOT takes high availability to the next level, whereby availability is defined based on the experience that the traffic received through a given interface. EOT is primarily useful in the campus distribution and in data center access.
The following EOT clients are supported: HSRP, Virtual Router Redundancy Protocol (VRRP), Gateway Load Balancing Protocol (GLBP), IP SLA and static routes.
LLDP for LLDP-MED location identification TLV support:
While Release 12.2(44)SG supports LLDP and LLDP-MED, Release 12.2(46)SG introduces a location-based TLV. LLDP-MED is an extension to LLDP that operates between endpoint devices such as IP phones and network devices such as switches. It specifically provides support for voice over IP (VoIP) applications and provides additional TLVs for capabilities discovery, network policy, Power over Ethernet, and inventory management.
Release 12.2(44)SG specifically supports the "location identification" TLV for LLDP-MED. This TLV allows network connected devices to advertise their locations to the endpoints. There are two formats in which location can be configured. One way consists of civic address format, which includes physical address, street address, city, state, and country. The other format is called emergency local identification number or `Elin' for short.
802.1X identity features:
The following 802.1X features are now supported on the Cisco Catalyst 4500 Supervisor Engine 6-E:
• 802.1X guest VLAN: Users can configure a guest VLAN for each 802.1X port on the switch to provide limited services to clients, such as downloading the 802.1X supplicant. Clients that run legacy operating systems not supporting 802.1X natively can therefore gain access to network resources to retrieve such a supplicant software package. With a guest VLAN enabled on an 802.1X port, the switch assigns clients to a guest VLAN provided (1) the authentication server does not receive a response to its Extensible Authentication Protocol over LAN (EAPoL) request or identity frame or (2) the EAPoL packets are not sent by the client.
• 802.1X with authentication-failed VLAN assignment: By configuring authentication-failed VLAN assignment on any Layer 2 port on the Cisco Catalyst 4500 Series, you can provide limited network services to clients that fail the authentication process.
• 802.1X wake on LAN (aka Unidirectional Controlled Port): Wake on LAN is a feature in which a special "wakeup" packet is sent to a device that has suspended itself to conserve power, causing the device to power up. This feature is often used to push maintenance to PCs in an enterprise network at night. However, many devices terminate their 802.1X session before suspending, which prevents any packets from being sent to them. This feature permits the sending of the "wakeup" packet to devices, even if they have deauthenticated themselves from 802.1X.
• 802.1X RADIUS accounting: Some 802.1X customers need an accounting mechanism to better track the usage of their networking devices, mainly the connection duration of their users, based on which they can determine the charge, among other potential uses of the information. The main functionality is to keep track of important events in the RADIUS server, such as the starting time and stopping time of each supplicant's connection. A supplicant's connection session is defined as the duration from the time the supplicant is authorized to use the port until the time the supplicant stops using the port.
• RADIUS-supplied timeout: Ability to configure the Cisco Catalyst 4500 Series to use a RADIUS-provided reauthentication timeout.
• 802.1X critical authentication: This feature is intended to allow network access for critical machines, when 802.1X is unable to reach the configured RADIUS server(s). Any authentication attempt on a critical port will first check the status of all known 802.1X RADIUS servers. If none is reachable, the port will be immediately AUTHORIZED. This state is known as Critical-Auth.
Service providers (operating Metro Ethernet networks) offer transparent Ethernet access services to their customers for which the Cisco Catalyst 4500 acts as a pure Layer 2 switch (no operational SVI associated with VLAN) connecting customers with pure Layer 2 VLAN switching locally. They also provide multicast services to customers for which the Cisco Catalyst 4500 acts as a router running Open Shortest Path First (OSPF) inside the service provider network on separate VLANs. In addition, service providers have their own control traffic from infrastructure routing and internal services to maintain and manage network connectivity. This model seems to be common among service providers. The Cisco Catalyst 4500 model of capturing control traffic using static content addressable memory (CAM) brings up the various problems related to snooping unwanted control traffic which wastes precious CPU cycles in addition to doing Layer 2 bridging in software (affects throughput). The packet could have been bridged in hardware had it not been sent to the CPU.
Per-VLAN CTI addresses this problem by providing a selective per-VLAN path managed mode of capturing control traffic which can be enabled with global configuration. The corresponding static CAM entries in the input feature ternary content addressable memory (TCAM) are invalidated in the new mode. Control packets are captured by feature-specific ACLs attached to VLANs on which snooping or routing features are enabled.
Auto-MDIX enable/disable CLI:
Auto-MDIX is a feature on 10/100 copper ports that allow the switch to automatically detect the signaling on the cable from the connected device and operates as either an MDI or MDIX port. Currently with auto-MDIX, which is enabled permanently or by default on interfaces of some switch line cards as well as end station network interface cards (NICs), a user can run into problems when the Ethernet connections at both ends try to do auto-MDIX and neither end is able to decide which one should be the cross port.
This feature addresses the above problem by introducing a CLI to enable/disable the auto-MDIX feature on line cards that are auto-MDIX capable. The CLI used to disable this is-"no mdix auto", an interface-specific command.
Remote SPAN (RSPAN):
SPAN is a feature that enables the user to analyze network traffic passing through the ports in a switched network using an RMON probe attached to a switch port. This is done by copying packets to destination ports as they pass through a source port. In local SPAN, the source ports and destination ports must exist on the same physical switch. Remote SPAN allows the source ports and the destination port(s) to be distributed across multiple switches in the network. This is done in the following manner:
• A special VLAN called the RSPAN VLAN is set up in the network. Host learning is disabled in this VLAN to make sure that traffic is flooded to all ports it contains.
• Traffic from the source ports on a given switch is copied and switched onto the RSPAN VLAN.
• The switch(es) with destination ports are configured to copy the traffic on the RSPAN VLAN out the destination port(s) on the switch(es).
RSPAN, like local SPAN, does not affect the switching of network traffic for any of the source ports. The RSPAN feature is implemented in hardware and configured by software using the CLI.
ARP QoS provides protection of high-priority ARP packets going to a Cisco Catalyst 4500 Supervisor Engine 6-E. This feature is required to help bring up high-priority services such as VoIP under oversubscribed conditions.