Cisco IOS Software Release 12.1(13)EW for the
Catalyst 4000/4500 Supervisor Engine III
and Supervisor Engine IV
This product bulletin lists the hardware and software features that are supported in Cisco IOS® Software Release 12.1(13)EW for the Cisco Catalyst® 4000/4500 Supervisor Engine III and Supervisor Engine IV. Cisco IOS Software Release 12.1(13)EW is derived from the Cisco IOS Software 12.1E train and is supported on the Cisco Catalyst 4000/4500 Supervisor Engine III and Supervisor Engine IV. Cisco IOS Release 12.1(13)EW is not supported on the Catalyst 4000 Supervisor Engine I or Supervisor Engine II, or any other Cisco switching or routing platforms.
|New hardware supported by Cisco IOS Software Release 12.1(13)EW|
Cisco IOS Software Release 12.1(13)EW Hardware Support
The Cisco Catalyst 4000 NetFlow Services Card (WS-F4531) is an optional daughter card for the Catalyst 4000/4500 Supervisor Engine IV. It extends the functions of the Supervisor Engine IV by collecting NetFlow statistics and enhanced virtual LAN (VLAN) statistics without affecting the forwarding performance rates of the supervisor engine. It can be shipped pre-installed with a Supervisor Engine IV from the factory or as a separate, field-replaceable unit. It is not supported on the Supervisor Engine I, II, or III.
The Cisco 1000BASE-T Gigabit Interface Converter (GBIC) (WS-G5483=) provides full-duplex Gigabit Ethernet connectivity to high-end workstations, servers, and between switches over existing copper network infrastructures. This GBIC technology uses the industry's flexible, standards-based 1000BASE-X design, allowing for a simple and low cost 1-port (RJ-45) 1000BASE-T solution.
The Cisco Catalyst® 4000 Access Gateway Module (AGM) integrates Cisco IOS® routing and telephony services into the Catalyst 4000 Family of switches. Combining the LAN, WAN, and telephony infrastructure enables businesses to reduce network complexity, improve network deployment times, and prepare for voice, video, and data convergence. Session command is not supported in this IOS release for AGM.
- Dynamic Buffer Limiting
- Policy-based Routing
- Jumbo frames
- Compliant with IEEE 802.3ad specification
- Port security
- Unicast Media Access Control (MAC) address filtering
- Private VLAN Dynamic Host Configuration Protocol (DHCP) snooping
- Secure Shell (SSH v1)
- VLAN Membership Policy Server (VMPS) client
- Intermediate System to Intermediate System (IS-IS)
- Unidirectional Ethernet port
- NetFlow statistics collection and export
- Enhanced VLAN statistics
- Layer 2 traceroute utility
- Enhanced Simple Network Management Protocol (SNMP) Management Information Base (MIB) support
Dynamic Buffer Limiting (DBL) is a congestion-avoidance quality-of-service (QoS) technique for the Cisco Catalyst 4000/4500 Supervisor Engine IV. DBL effectively recognizes and handles numerous misbehaving flows at wire speed and operates in the switch hardware. Misbehaving flows take all the bandwidth that is available, consume switch buffers, fill output queues, and do not respond to congestion feedback such as random early detection (RED)-like packet dropping. Misbehaving flows can cause denial of service to well-behaved flows.
DBL operates by keeping track of buffering for each flow in the switch, reacting quickly to excessive buffer demands from misbehaving flows and limiting their data rates. A flow is defined as a source IP address, destination IP address, IP protocol, Layer 4 Transmission Control Protocol/User Datagram Protocol (TCP/UDP) ports, and VLAN. If the buffer usage of a flow exceeds a dynamically computed buffer limit, DBL constrains its buffering until the flow reaches a lower threshold. DBL is implemented at wire speed on all ports in the Catalyst 4000 Family with Supervisor Engine IV.
Policy-based routing (PBR) provides a flexible means of routing packets based on the policies defined by the network administrators. PBR extends and complements the traditional destination-based IP forwarding with routing protocols. Policies can be based on IP addresses, port numbers, or protocols. PBR enables users to classify traffic based on extended access control list (ACL) criteria, and route packets to specific traffic-engineered paths. PBR is typically enabled when certain packets need to be routed some way other than the obvious shortest path. Possible PBR applications include equal-access routing or protocol-sensitive routing, source-sensitive routing, routing based on interactive versus batch traffic, or routing based on dedicated links. PBR is supported in Cisco IOS Software on the Catalyst 4000 with a combination of hardware and software forwarding.
Jumbo frames are Ethernet frames up to 9216 bytes (larger than the IEEE Ethernet maximum transmission unit [MTU]). This feature enables a switch to forward frames as large as 9216 bytes, rather than declaring them "oversized" and discarding them. Jumbo frames are only supported on nonblocking Gigabit Ethernet ports in the Catalyst 4000 Family with Supervisor Engine III or IV. Both Layer 2 and Layer 3 switching can be enabled for jumbo frames on a per-port basis. Jumbo frames are typically enabled to improve performance of large data transfers between servers.
Link Aggregation Control Protocol (LACP), as defined in IEEE 802.3ad, enables Cisco switches to negotiate Ethernet channels with other devices that conform to the 802.3ad specification. 802.3ad allows the grouping of multiple ports into one logical port to provide higher aggregated bandwidths, traffic load sharing, and link redundancy. It bundles ports with similar characteristics to form a channel through dynamic negotiation with a partner system. EtherChannel® technology can be either Layer 2 (MAC-based) or Layer 3 (IP-based). 802.3ad complements the Cisco Port Aggregation Protocol (PAgP) for Fast EtherChannel technology and Gigabit EtherChannel technology. Both 802.3ad and PAgP can co-exist on the Catalyst 4000 chassis.
Port security enables a network administrator to restrict the MAC addresses allowed or the maximum number of MAC addresses on a per-port basis. The allowed MAC addresses on a given port can be either statically configured by the administrator or dynamically learned by the switch.
A security violation occurs when either the maximum number of MAC addresses on a given port is exceeded or a frame with a nonsecure source MAC address is seen on that port. The port is then shut down, or alternatively, an SNMP trap is generated. Aging with either inactivity or a predefined time interval can be configured with port security for the dynamic or static secure MAC addresses. Port security on the Catalyst 4000 is not supported on trunk ports, dynamic ports, Switched Port Analyzer (SPAN) destination ports, or 802.1x ports. Port security locks down a port and blocks access from a station with a MAC address different from the ones specified for that port.
Unicast MAC filtering drops unicast packets that have the given source or destination MAC address in a particular VLAN. Specifying its MAC address and VLAN filters a host. All packets with the specified source or destination host MAC address are discarded in the given VLAN. The specified MAC addresses are saved in the configuration file; they do not age out. Unicast MAC filtering is used to protect the Layer 2 network from malicious activities generated by rogue or hostile devices as they move around the campus.
DHCP snooping is a per-port security mechanism to differentiate an untrusted switch port connected to an end user from a trusted switch port connected to a DHCP server or another switch. It can be enabled on a per-VLAN basis. DHCP snooping intercepts all DHCP messages between a client and a DHCP server, and tracks DHCP IP address assignment binding between the DHCP server and the client. DHCP snooping can be used to filter the DHCP server response messages from an untrusted port, and perform per-port DHCP message rate limiting. DHCP snooping is typically used to prevent DHCP-related denial-of-service attacks by identifying subscribers and filtering unauthorized network traffic. Private VLAN DHCP snooping extends the DHCP snooping function to private VLANs, where DHCP packets in both primary and secondary VLANs are intercepted and processed within the private VLAN.
Secure Shell (SSH) is an application and a protocol that provides a secure remote connection to a switch. SSH provides strong data encryption using standard cryptographic mechanisms at the application layer. SSH avoids the transmission of clear text passwords across the unsecured network. Any device that wants to accept SSH connections must be running an SSH server, and an SSH client is required to initiate a connection to the server. The Cisco Catalyst IOS Software provides both SSH server and SSH client capabilities. End users will be able to initiate connections to the switch using SSH clients, and will be able to initiate SSH connections from the switch to other devices on the network. A cryptographic image of the Cisco Catalyst IOS is needed for this feature.
VLAN Management Policy Server (VMPS) is a database of MAC address-to-VLAN mappings. The VMPS client feature enables a VLAN to be assigned to a dynamic port by a VMPS server based on the source MAC address of the attached host. A dynamic port can belong to one VLAN at a time, but the VLAN it belongs to can change dynamically with different attached hosts. Dynamic ports with the VMPS client function in the Cisco Catalyst 4000 enable users to stay in the same VLAN while moving from port to port. VMPS server functions are not supported in the Cisco Catalyst IOS Software.
Intermediate System to Intermediate System (IS-IS) is a link-state routing protocol. It distributes network connectivity information to all participating routers in the forms of Link State PDUs (LSPs). Each router maintains a full topology map of the network based on its current database of LSPs, and runs a shortest path first algorithm to discover the shortest end-to-end path to each entity. IS-IS offers fast convergence to avoid packet delays or losses with problematic links or routers. IS-IS is typically used by ISPs for intradomain routing to exchange reachability information between all the subnets and routers in their respective backbones. A Cisco Catalyst 4000 enhanced Layer 3 Cisco IOS image is required for this feature.
Unidirectional Ethernet Port feature enables a Gigabit Ethernet port to transmit traffic without having status information about the receiving Gigabit Ethernet port and vice versa. The Unidirectional Ethernet Port feature is typically used to transport video streams over Gigabit Ethernet infrastructure. The Unidirectional Ethernet Port feature is supported on nonblocking Gigabit Ethernet ports in the Catalyst 4000 Family and can be enabled on a per-port basis. A unidirectional transmit port should be connected with a unidirectional receive port on the other end, and vice versa. Applying the Gigabit EtherChannel feature to a combination of bidirectional and unidirectional Gigabit Ethernet ports can create asymmetric links. Enabling the Unidirectional Ethernet Port feature will automatically disable UniDirectional Link Detection (UDLD) on the port.
NetFlow statistics collection and export are supported by the NetFlow Services Card on the Cisco Catalyst 4000/4500 Supervisor Engine IV. NetFlow statistics enable flow-level monitoring of all IPv4 routed traffic through the switch. A flow is defined as a source IP address, destination IP address, IP protocol, Layer 4 source port, and Layer 4 destination port. Collected statistics can be exported via NetFlow Data Export (NDE) to an external device, such as a NetFlow collector or a NetFlow analyzer. NetFlow statistics can be exported and analyzed for a variety of purposes such as network traffic accounting, usage-based network billing, network planning, network monitoring, and data mining.
Enhanced VLAN statistics extend the basic Layer 3 per-VLAN statistics to full output per-VLAN statistics. It collects and reports both routed and bridged traffic output VLAN statistics for the complete IEEE 802.1q VLAN range. Output packet count and byte count are included in VLAN statistics. Unicast statistics are separated from the multicast statistics. The NetFlow Services Card on the Catalyst 4000/4500 Supervisor Engine IV is required for this feature.
Traceroute is a widely used utility to trace the Layer 3 path of packets in an IP network for debugging purposes. Layer 2 traceroute extends Layer 3 traceroute to the "physical" path of unicast traffic across each Layer 2 device between a source and a destination using Cisco Discovery Protocol data. Layer 2 traceroute shows the Layer 2 path taken by the packet by displaying the device and port information of all the intermediate Cisco Catalyst switches that the packet traverses. Layer 2 traceroute on the Catalyst 4000 does not support multicast traffic.