This product bulletin describes the key hardware and software innovations supported by Cisco IOS® Software Release 12.2(54)SG for the following switches and supervisor engines:
• Cisco® Catalyst® 4500 Series Supervisor Engine 6-E, the new Supervisor Engine 6L-E, Supervisor Engine V-10GE, Supervisor Engine V, Supervisor Engine IV, Supervisor Engine II-Plus-10GE, Supervisor Engine II-Plus-TS, and Supervisor Engine II-Plus
• Cisco Catalyst 4900, ME4900 and Catalyst 4900M Series Switches
Primary Hardware and Software Service Innovations Delivered in Cisco IOS Software Release 12.2(54)SG
Cisco IOS Software Release 12.2(54)SG is a new feature release delivering leading Borderless Network services in campus access and aggregation deployments. Key innovations include:
• Cisco TrustSec® Identity 4.1 to simplify campus identity deployment
• New medianet innovations to enable automatic switch provisioning for video endpoints
• Innovations to support Enterprise collaboration applications with Cisco Service Advertisement Framework (SAF) for simplified unified communications deployment and Power over Ethernet Plus (PoEP) for next-generation collaboration devices
• Supporting Cisco EnergyWise 2.0: Extending EnergyWise from PoE devices to PCs and Servers
• Leading IPv6 First Hop Security features, IPv6 RA Guard and Port Access lists (PACL)
• Ease of operational management with Cisco IOS Embedded Event Manager (EEM) 3.2 and XML PI
• Enhanced wired location services
Cisco IOS Software Release 12.2(54)SG continues to deliver data center smart top-of-rack services:
• Hardware support for the new Cisco Catalyst 4948E
• Hardware support for the new Cisco Catalyst 4900M 8-Port 10GBASE-T RJ-45 Half Card (WS-X4908-10G-RJ45)
• Ease of operational management with eXtensible Markup Language Programmatic Interface (XML-PI)
• Improved resiliency features, Fast UDLD and Link State Tracking
Table 1 highlights the primary hardware and software features in this release.
Table 1. Release Overview
Classic Cisco Catalyst 4500 Supervisors
Cisco Catalyst 4900, ME4900
Cisco Catalyst 4500 E-series Supervisors 6-E and 6L-E
• RADIUS Session and Change of Authorization (CoA)
• MAC move and MAC replace
Link Layer Discovery Protocol (LLDP) enhancements
Inline PoEP negotiation using LLDP
Cisco Service Advertisement Framework (SAF)
Subsecond unidirectional link detection (UDLD)
Energy Efficiency and Lower Total Cost of Ownership (TCO)
Cisco EnergyWise Phase 2.0
IPv6 Interface Statistics
Virtual Route Forwarding (VRF)-aware TACACS
Intermediate System-to-Intermediate System (IS-IS) Versions 4 and 6
Hierarchical civic location
Per Vlan Mac Learning
Cisco EnergyWise 2.0 MIB
IPv6 MIB (RFC42930
The following new features of Cisco IOS Software Release 12.2(54)SG are applicable to all supervisor engines and Cisco Catalyst 4900 Series fixed-configuration systems, unless otherwise stated.
Cisco Catalyst 4948E
Figure 1. Cisco Catalyst 4948E
The Cisco Catalyst 4948E is a wire-speed, low-latency, Layer 2-4, 1-rack unit (1RU), fixed-configuration switch for rack-optimized server switching (Figure 1). Based on the award-wining Cisco Catalyst 4948 hardware and software architecture, the Cisco Catalyst 4948E doubles uplink capacity to four 10 Gigabit Ethernet uplinks, offers front-to-back cooling, supports IPv6 in hardware, and continues to offer:
• Exceptional performance and reliability for high-density, multilayer aggregation of high-performance, rack-optimized servers and workstations
• Forty-eight ports of wire-speed 10/100/1000BASE-T with 4 alternative wired ports that can accommodate optional 1000BASE-X
• SFP optics
• Optional internal AC or DC 1 + 1 hot-swappable power supplies and a hot-swappable fan tray with redundant fans for exceptional reliability and serviceability
The Cisco Catalyst 4900M 8-Port 10GBASE-T RJ-45 Half Card (WS-X4908-10G-RJ45) is a member of the Cisco Catalyst 4900M line-card family that provides deployment flexibility and investment protection for the Cisco Catalyst 4900M Switch system (Figure 2). The card provides 8 ports of 1 Gigabit or 8 ports of 10 Gigabit Ethernet RJ-45. It is compliant with the 802.3an standard and all 802.3an-supported devices, and it supports a distance reach of up to 100 meters. For more information, please visit:
Cisco EnergyWise 2.0 extends the network as a platform for the power control plane to collect, manage, and reduce power consumption for all devices, resulting in companywide optimized power delivery and reduced energy costs.
Cisco EnergyWise 2.0 introduces Cisco EnergyWise Orchestrator, the latest addition to the Cisco EnergyWise framework, which is a dedicated, easily deployed power management solution for IT assets. Through its client-server architecture, Cisco EnergyWise Orchestrator provides the ability not only to administer the energy requirements of Power over Ethernet (PoE) devices, but also to extend enterprise power management to desktop and laptop PCs. Thus you have broader control over your power usage and can reduce your energy costs (Figure 3).
Cisco EnergyWise Orchestrator is defined by several core components:
• The Cisco EnergyWise Orchestrator server, which provides configuration, management, data aggregation, and console services for the solution
• Cisco EnergyWise technology on routers and switches, which enables coordinated power management of disparate device types and enforces policy on attached PoE devices
• The Cisco EnergyWise Orchestrator PC Client, which enables sophisticated and granular energy management for PCs and laptops
Figure 3. Cisco EnergyWise 2.0 and Cisco Orchestrator
eXtensible Markup Language Programmatic Interface (XML-PI): Manage Cisco Catalyst 4500/4900 in a More Automated and Programmatic Way
The eXtensible Markup Language Programmatic Interface (XML-PI) leverages the Network Configuration Protocol (NETCONF) and offers new data models that collect show command output down to the keyword level and running configurations without the complexity and expense of screen-scraping technologies or external XML-to-Command Line Interface (CLI) gateways. XML-PI allows you to quickly develop XML-based network management applications that remotely adapt and control the behavior of any number of network devices simultaneously. XML-PI uses an industry standard protocol that allows Cisco Catalyst 4500/4900 devices to be managed in a more automatic and programmatic way and is CLI accessible
Zero-touch configuration: Catalyst 4500/4900 can dynamically learn and apply configurations when a device is plugged into a switch port
Auto Smartports (ASP) macros dynamically configure ports based on the device type detected on a Cisco Catalyst 4500 or Catalyst 4900 switchport. When a switch detects a new device on a port, it applies the appropriate ASP macro to the port. For example, connecting a Cisco IP phone to a switchport, ASP automatically applies the IP phone macro. The IP phone macro enables quality of service (QoS), security features, and a dedicated voice VLAN to ensure proper treatment of delay-sensitive voice traffic.
Auto SmartPort detects device connections using Cisco Discovery Protocol; LLDP; a Dot1x authentication response from an authentication, authorization, and accounting (AAA) server; or when known MAC addresses are learned.
The macro is defined using Cisco IOS Software shell functions. Table 2 lists the built-in available macros. It is also possible to create customizable macros.
Table 2. Auto Smarport Built-In Macros
Cisco light-weight access point
Cisco access point
Medianet Cisco IP surveillance cameras
Medianet digital media players
Cisco TrustSec Identity 4.1
Securing the Network and Simplifying Deployment with Cisco TrustSec Identity 4.1
Network Edge Access Topology
NEAT extends identity to areas outside the wiring closet (conference rooms for example)
Catalyst 4500-e in the wiring closet authenticates the conference room switch first before enabling traffic on the port in which the switch is connected to the upstream. The switch in the conference room (the downstream switch) is known as the SSw (Supplicant Switch) and the upstream switch, Catalyst 4500-E, in the wiring closet is known as the ASw (Authenticator Switch). The ASw authenticates the SSw first before it switches any traffic from the SSw. Once, the SSw authenticates itself as a supplicant using dot1x, ASw trusts all the packets that the SSw sends and switches it. The following is the flow description of how NEAT works.
Figure 4 shows the NEAT process. Clients connecting to the conference room switch must also authenticate before access to the network is granted.
Figure 4. NEAT
802.1X User Distribution
Deployments with multiple VLANs (for a group of users) can improve scalability of the network by load balancing users across different VLANs. Authorized users are assigned to the least-populated VLAN in the group, assigned by a RADIUS server.
RADIUS Change of Authorization
RADIUS Change of Authorization (CoA) provides a mechanism to change the attributes of a certain session after it is authenticated. When there is a change in policy for a user or user group in AAA, administrators can send the RADIUS CoA packets from the AAA server such as Cisco Secure Access Control Server (ACS) to reinitialize authentication and apply the new policies.
MAC replace allows new hosts to connect to abandoned ports behind a hub or third-party IP phone without generating a violation. The switch terminates the initial session and resets the authentication sequence based on the new MAC address. For directly connected hosts or for hosts behind Cisco IP phones, the switches now know the initial host has been removed.
MAC move allows hosts (including the hosts connected behind the phone) to move across ports within the same switch without any restrictions, enabling mobility. With MAC move, the switch treats the reappearance of the same MAC address on another port in the same way as a completely new MAC address.
Fast Unidirectional Link Detection
Fast UDLD reduces the timer values for UDLD to hundreds of milliseconds, providing sub-second detection of faults on a link, which may be caused by incorrect topologies, mismatched wiring, or other reasons that cannot be detected at the physical layer.
The Fast UDLD protocol runs on a link between two interfaces on two different switches. After an initial setup-handshake phase, both the Fast UDLD peer switches enter steady state, where the link is expected to be directional. In the steady state, the switches exchange a series of hello-ping messages controlled by a timer. When a switch does not receive these messages from its peer after a certain timeout interval, the link is deemed to be unidirectional and is error-disabled. This action can prevent spanning-tree loops and "black-holing" of traffic on a network.
In a common network deployment, a server or a device has a dual network-interface-card (NIC) connection to two different switches (Figure 5). If the primary connection fails, it can switch transparently to its secondary link. However, if the primary link to the switch remains up, even though the corresponding uplink ports on the switch are down, the dual NIC device will not know that it may need to switch to its secondary link.
The Link-State Tracking or failover feature provides a solution to this problem by allowing the binding of link status across multiple interfaces. Link-State Tracking can be configured such that when a set of uplink ports goes down, other ports related through command-line interface (CLI) commands go down as well (Figure 5).
Figure 5. Fast UDLD and Link-State Tracking
Cisco Service Advertisement Framework
The Cisco Service Advertisement Framework (SAF) provides a mechanism for advertisement and discovery of services within an enterprise network. Information about services is distributed through a network of SAF forwarders. SAF clients connect to this network, and can then advertise their own services, or request information about services from the network. One example of how SAF can be used is in a Cisco Unified Communications environment (Instead of statically adding dial-number (DN) ranges across a global unified communications network, Cisco SAF advertizes and listens for other call agents dynamically propagating and learning information. Cisco SAF has the potential to reduce unified communications deployment tasks considerably and maximize scalability (Figure 6).
Figure 6. Cisco SAF and Unified Communications: Enabling Dynamic Call Agent Discovery
Link Layer Discovery Protocol Enhancements
Cisco IOS Software Release 12.2(54)SG introduces LLDP enhancements: With the ratification of the 802.3at standard, the Cisco Catalyst 4500 fully supports PoEP. Powered devices (PD) can now use Cisco Discovery Protocol or LLDP to negotiate with the inline power for the Cisco Catalyst 4500 power up to 30 watts.
Other enhancements for LLDP include Layer 2 priority (class of service [CoS]) and differentiated-services-code-point (DSCP) settings. Customers can now define the CoS and DSCP values for voice and voice signaling on the Cisco Catalyst 4500 that will be propagated to the connected IP phones.
Cisco IOS Software Release 12.2(54)SG for Catalyst 4500/4900 adds IPv6 for Borderless Network services. New and enhanced security, routing and management features complement the full suite of existing IPv6 features on the platform.
• Security: RA Guard (Host Mode) and Port ACL
• Routing: Full support for IS-IS Version 6
• Management: Interface statistics for IPv6 and added support for the IPv6 MIB RFC 4293.
Figure 7 captures the added IPv6 features for the Cisco IOS Software Release 12.2(54)SG. These features allow the Cisco Catalyst 4500 and Catalyst 4900 platforms to remain at the forefront of IPv6 support in hardware.
Figure 7. IPv6 Features Added with Cisco IOS Software Release 12.2(54)SG
Cisco IOS Software Release Trains for the Cisco Catalyst 4500 Series
Cisco IOS Software Release 12.2(54)SG is a scheduled time-based release containing new hardware and software features. The Cisco Catalyst 4500 Series currently has two active maintenance trains: 12.2(50)SG and 12.2(53)SG.
Figure 8 shows the current release trains for the Cisco Catalyst 4500 and Catalyst 4900.
Figure 8. Cisco IOS Software Release Trains for Cisco Catalyst 4500 and Catalyst 4900
• Customers requiring the latest Cisco Catalyst 4500 Series hardware and software features should migrate to Cisco IOS Software Release 12.2(54)SG.
• Cisco IOS Software Release 12.2(53)SG is a long-lived extended maintenance release, and we will continue offering rebuilds through calendar year 2013. The latest release from this maintenance train was 12.2(53)SG2 on March 26, 2010.