This product bulletin introduces Cisco IOS® Software Release 12.2(33)SXI2, highlighting the new features it offers.
Cisco IOS® Software Release 12.2SX provides new features and hardware support for the Cisco® Catalyst® 6500 Series Switch. Cisco IOS Software Release 12.2(33)SXI2, the latest 12.2SX release, delivers new Cisco Catalyst 6500 Series hardware and software innovations that span multiple technology areas, including high availability, Catalyst 6500 Virtual Switch System 1440, Multiprotocol Label Switching (MPLS) and VPNs, IPv6 support, integrated security, and embedded management. Cisco IOS Software Release 12.2(33)SXI2 is the second rebuild release of Cisco IOS Software Release 12.2(33)SXI.
The broad range of hardware-enabled services (IPv6, MPLS, Network Address Translation/Port Address Translation [NAT/PAT], generic routing encapsulation [GRE], and Bidirectional Protocol Independent Multicast [PIM]) and Cisco IOS Release 12.2SX software features (Nonstop Forwarding with Stateful Switchover [NSF/SSO] and software modularity) makes the Cisco Catalyst 6500 Series one of the most comprehensive switching platforms available today.
For detailed information about the features and hardware supported in Cisco IOS Software Release 12.2SX and 12.2(33)SXI, refer to the Cisco IOS Software Release 12.2SX release notes and customer documentation at:
Not all features are supported on all platforms. Use the Cisco Feature Navigator to find information about platform support and Cisco IOS Software image support at http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp. (You must have a Cisco.com account.)
Cisco IOS Release 12.2SX is developed for and intended to run only on Cisco Catalyst 6500 Series Switches.
Feature Highlights of Cisco IOS Software Release 12.2(33)SXI2
The following sections discuss the hardware, software and manageability feature highlights of Cisco IOS Software Release 12.2(33)SXI2, including:
• OneX 10G X2 to SFP+ Converter (CVR-X2-SFP10G)
• 1 Port 10 Gigabit Ethernet SPA (SPA-1X10GE-L-V2)
• Content Switching Module (CSM) and Content Switching Module with SSL (CSM-S)
• IPv6 Support with Catalyst 6500 Virtual Switching System 1440
• MPLS Support with Catalyst 6500 Virtual Switching System 1440
• Bidirectional Forwarding Detection with Stateful Switchover (BFD SSO)
• Filter-ID and per-user access control list (ACL)
• 802.1ag IEEE D8.1 standard compliance
• Subinterface Crypto connect vlan support for E-Flexwan/FE PA
• Local forwarding on standby supervisor uplinks with Catalyst 6500 Supervisor 720
• CISCO-AUTH-FRAMEWORK-MIB enhancement for vlan group
• CISCO-CALLHOME-MIB enhancement for VRF Support
• CISCO-ENTITY-DIAG-MIB enhancement for last test type
• CISCO-IP-URPF-MIB Support
OneX 10G X2 to SFP+ Converter (CVR-X2-SFP10G)
Cisco Catalyst 6500 Series is introducing the "OneX" adapter that offers investment protection for customers using X2-based 10Gigabit Ethernet ports. The adapter converts an X2 port into SFP+ which helps provide the added flexibility to choose between SFP+CX-1 and SFP+SR flavors as well as provide a standardization path towards SFP+. Note that this adapter is also supported with Catalyst 6500 Virtual Switching System 1440 in 12.2(33)SXI2.
1 Port 10 Gigabit Ethernet SPA (SPA-1X10GE-L-V2)
Cisco Catalyst 6500 series is extending support for the SPA-1x10GE-L-V2 onto 7600-SIP-400 in addition to the existing support on 7600-SIP-600. Note that the SIP Modules are only supported in a standalone mode and not supported Catalyst 6500 Virtual Switching System 1440 in 12.2(33)SXI2.
Content Switching Module (CSM) and Content Switching Module with SSL (CSM-S)
Cisco Catalyst 6500 series is re-introducing support for CSM and CSM-S modules. Note that these modules are not supported with Catalyst 6500 Virtual Switching System 1440 .
IPv6 Support with Catalyst 6500 Virtual Switching System 1440
Internet Protocol Version 6 (IPv6) was designed to increase Internet global address space to accommodate the rapidly increasing numbers of users and applications that require unique global IP addresses and help enable a global environment where the addressing rules of the network are again transparent to applications. As an early pioneer in IPv6 technology since its inception, Cisco has been a driving force in developing IPv6 standards through various standards bodies, including the Internet Engineering Task Force, and has been shipping a wide variety of end-to-end IPv6 product and solutions.
With the upcoming Cisco IOS Software Maintenance Release, Virtual Switching provides the ability to enable IPv6 deployments with higher performance, scalability and resiliency while simplifying the operational manageability.
MPLS support with Catalyst 6500 Virtual Switching System 1440
Cisco Enterprise customers typically use MPLS for creating Layer 2 and Layer 3 Virtual Private Networks (VPN). Ethernet over MPLS (EoMPLS) and Virtual Private LAN Service (VPLS) are two technical alternatives to providing Layer 2 VPN services, whereas MPLS VPN, by combining the use of Virtual Routing and Forwarding (VRF) and MPLS, allows for the creation of Layer 3 VPNs.
With 12.2(33)SXI2, Virtual Switching provides the ability to eliminate the need for pseudowire redundancy for Layer 2 VPNs as well as reduce the number of PE devices for Layer 3 VPNs.
Bidirectional Forwarding Detection with Stateful Switchover (BFD SSO)
Stateful Switchover (SSO) is a key feature toward achieving a highly available and robust network. On a dual Route Processor (RP) configuration, such as on the Cisco Catalyst 6500 series switch, SSO allows the standby RP to take immediate control and maintain connectivity protocols in case of failure of the primary RP. BFD SSO implements the capability to switchover from the active RP to the standby RP.
When evaluating BFD SSO for the network, the customer should note the following considerations.
• Cisco Catalyst 6500 series switches typically support upto 128 BFD sessions with hello interval of 50ms or higher and multiplier of 3 or higher. When configured with dual sups in SSO mode, the number of sessions supported is 50 with timers of 500ms or higher and multiplier of 3 or higher. This scale ensures that BFD Sessions don't flap during the time it takes for the system to failover to the secondary supervisor.
• BFD SSO is supported on Cisco Catalyst 6500 Series E-chassis and 67xx Line Cards only. Centralized Forwarding Cards (CFC) are not supported.
• During the ISSU cycle the line Cards are reset which causes a routing flap in the BFD session.
• For EIGRP, the number of BFD sessions supported under BFD SSO is reduced to 30.
In addition to VLAN assignment, Access Control List (ACL) is another policy enforcement method that allows enterprise IT to provide flexible role-based network access control upon successful endpoint authentication using IEEE 802.1X. The Filter-ID and Per-user ACL use IEFT standard-based RADIUS attributes or Vendor Specific Attributes (VSA) that allows enterprise IT the flexibility to use Cisco ACS server or other third-party AAA servers of choice as the identity policy server
ACL is one of the policy enforcement methods in a 802.1x deployment.
Per-user ACLs are centrally defined on the AAA server. Each element in a per-user ACL is defined as a Cisco RADIUS vendor-specific attribute (VSA). The AAA server returns the VSAs in the RADIUS Access-Accept message that it sends to the switch after a successful authentication.
Filter-ID ACL offers a distributed ACL policy definition model. In this mode, the full definition of the identity-based ACLs resides on the campus LAN switches. Upon successful identity authentication, the AAA server determines the user's group and the associated identifier (the Filter-ID) of the ACL that should be applied to the authenticated device. The AAA server sends the Filter-ID to the switch using a standard IEFT RADIUS attribute in the RADIUS Access-Accept message. The switch matches the Filter-ID to a locally configured ACL that has the same number as the Filter-ID (for example, Filter-ID=101 will match up to ACL 101). That ACL is then applied to the port.
This feature implements IEEE 802.1ag Ethernet CFM standard according to the latest IEEE draft (8.1). It provides capabilities for detecting, verifying and isolating connectivity failures in Layer 2 bridged networks.
Subinterface Crypto Connect Vlan Support for E-Flexwan/FE PA
Support for "crypto connect vlan <xyz>" on Enhanced Flexwan2 FE subinterface is introduced from 12.2(33)SXI2. This allows customers the ability to perform IPsec encryption under Fast Ethernet subinterfaces on Enhanced Flexwan2 modules.
Local Forwarding on Standby Supervisor Uplinks with Sup720 Supervisors
This functionality that is already available on Sup720-10G supervisors is now also being made available with Sup-720 supervisors. When used in redundant mode, this feature allows the standby supervisor uplinks to act in DFC mode and therefore all traffic on the standby supervisor uplinks is not impacted in case of an OIR of a linecard.