Release Notes for the Cisco CGS 2520, Cisco IOS Release 12.2(53)EX
Device Manager System Requirements
Finding the Software Version and Feature Set
Upgrading a Switch by Using the CLI
Recovering from a Software Failure
Configuring the Device Manager and HTTP Server Interface
Authentication Manager Commands and Earlier 802.1x Commands
Corrections for the Getting Started Guide
Corrections for the CGS 2520 Switch Software Configuration Guide, 12.2(53)EX
Updates for the Hardware Installation Guide
Update for the “Overview” Chapter
Corrections for the “Power Supply Installation” Chapter
Updates for the “Switch Installation” Chapter
Corrections for the Regulatory and Compliance Guide
Obtaining Documentation, Obtaining Support, and Security Guidelines
Last Updated: December 12, 2019
Cisco IOS Release 12.2(53)EX runs on the Cisco Connected Grid Switch (CGS) 2520.
These release notes include important information about Cisco IOS Release 12.2(53)EX and any limitations, restrictions, and caveats that apply to the releases. Verify that these release notes are correct for your switch:
For the complete list of CGS 2520 switch documentation, see the “Related Documentation” section.
You can download the switch software from this site (registered Cisco.com users with a login password):
http://www.cisco.com/cisco/web/download/index.html
Model |
Description |
---|---|
24 10/100 Fast Ethernet ports, 2 dual-purpose ports (2 10/100/1000BASE-T copper ports and 2 SFP1 module slots), and 2 AC- and DC-power-supply module slots. |
|
16 100BASE-FX SFP-module slots; 8 10/100 Fast Ethernet PoE2 ports, 2 dual-purpose ports (2 10/100/1000BASE-T copper ports and 2 SFP module slots), and 2 AC- and DC-power-supply module slots. |
|
SFP modules3 |
Rugged and Industrial SFP modules
|
Note For power supply module descriptions and supported configurations on switch models, see the hardware installation guide. |
Note This model number is referenced in the documentation but is not available:
PWR-RGD-LOW-DC (low-voltage DC power supply)
These are the procedures for downloading software. Before downloading software, read this section for important information:
The Cisco IOS image is stored as a bin file in a directory that is named with the Cisco IOS release. A subdirectory contains the files needed for web management. The image is stored on the compact flash memory card.
You can use the show version privileged EXEC command to see the software version that is running on your switch. The second line of the display shows the version.
You can also use the dir filesystem : privileged EXEC command to see the directory names of other software images that you might have stored in flash memory. For example, use the dir flash: command to display the images in the flash memory.
The upgrade procedures in these release notes describe how to perform the upgrade by using a combined tar file. This file contains the Cisco IOS image file and the files needed for the embedded device manager. You must use the combined tar file to upgrade the switch through the device manager. To upgrade the switch through the command-line interface (CLI), use the tar file and the archive download-sw privileged EXEC command.
Table 3 lists the filenames for this software release.
If you download the IP services image and plan to use Layer 3 functionality, you must use the Switch Database Management (SDM) routing template. To see which template is currently active template, enter the show sdm prefer privileged EXEC command. If necessary, entering the sdm prefer global configuration command to change the SDM template to a specific template. For example, if the switch uses Layer 3 routing, change the SDM template from the default to the routing template.You will need to reload the switch for the new template to take effect.
Before upgrading your switch software, make sure that you have archived copies of the current Cisco IOS release and the Cisco IOS release to which you are upgrading. You should keep these archived images until you have upgraded all devices in the network to the new Cisco IOS image and until you have verified that the new Cisco IOS image works properly in your network.
Cisco routinely removes old Cisco IOS versions from Cisco.com. See Product Bulletin 2863 for information:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps6969/ps1835/prod_bulletin0900aecd80281c0e.html
You can copy the bin software image file on the flash memory to the appropriate TFTP directory on a host by using the copy flash: tftp: privileged EXEC command.
Note Although you can copy any file on the flash memory to the TFTP server, it is time consuming to copy all of the HTML files in the tar file. We recommend that you download the tar file from Cisco.com and archive it on an internal host in your network.
You can also configure the switch as a TFTP server to copy files from one switch to another without using an external TFTP server by using the tftp-server global configuration command. For more information about the tftp-server command, see the “Basic File Transfer Services Commands” section of the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 :
http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_t1.html
This procedure is for copying the combined tar file to the switch. You copy the file to the switch from a TFTP server and extract the files. You can download an image file and replace or keep the current image.
Note Make sure that the compact flash card is inserted into the switch before downloading the software.
To download software, follow these steps:
Step 1 Use Table 3 to identify the file that you want to download.
Step 2 Download the software image file. If you have a SmartNet support contract, go to this URL, and log in to download the appropriate files:
http://www.cisco.com/kobayashi/sw-center/sw-lan.shtml
To download the image for a CGS 2520 switch, click Cisco CGS 2520 software. To obtain authorization and to download the cryptographic software files, click CGS 2520 3DES Cryptographic Software.
Step 3 Copy the image to the appropriate TFTP directory on the workstation, and make sure that the TFTP server is properly configured.
For more information, see the Cisco CGS 2520 Software Configuration Guide.
Step 4 Log into the switch through the console port or a Telnet session.
Step 5 (Optional) Ensure that you have IP connectivity to the TFTP server by entering this privileged EXEC command:
For more information about assigning an IP address and default gateway to the switch, see the software configuration guide for this release.
Step 6 Download the image file from the TFTP server to the switch. If you are installing the same version of software that is currently on the switch, overwrite the current image by entering this privileged EXEC command:
The /overwrite option overwrites the software image in flash memory with the downloaded one.
The /reload option reloads the system after downloading the image unless the configuration has been changed and not saved.
For // location, specify the IP address of the TFTP server.
For / directory / image-name .tar, specify the directory (optional) and the image to download. Directory and image names are case sensitive.
This example shows how to download an image from a TFTP server at 198.30.20.19 and to overwrite the image on the switch:
You can also download the image file from the TFTP server to the switch and keep the current image by replacing the /overwrite option with the /leave-old-sw option.
You can assign IP information to your switch by using these methods:
You should review this section before you begin working with the switch. These are known limitations that will not be fixed, and there is not always a workaround. Some features might not work as documented, and some features could be affected by recent changes to the switch hardware or software.
These Cisco IOS limitations apply to the CGS 2520:
The workaround is to use switch ports other than those specified for redundancy and for applications that immediately detect active links. (CSCeh70503)
15:50:11: %COMMON_FIB-4-FIBNULLHWIDB: Missing hwidb for fibhwidb Port-channel1 (ifindex 1632) -Traceback= A585C B881B8 B891CC 2F4F70 5550E8 564EAC 851338 84AF0C 4CEB50 859DF4 A7BF28 A98260 882658 879A58
up
and sometimes as down
, resulting in conflicts. This status depends on when you respond to the reboot query: Would you like to enter the initial configuration dialog?
– After a reboot if you wait until the Line Protocol status of VLAN 1 appears on the console before responding, VLAN 1 line status is always shown as down
. This is the correct state.
– The problem (VLAN 1 reporting up
) occurs if you respond to the query before VLAN 1 line status appears on the console.
The workaround is to wait for approximately 1 minute after rebooting and until the VLAN 1 interface line status appears on the console before you respond to the query. (CSCsl02680)
– Two-link ports on the same switch are connected with a crossover cable.
– The switch is running Cisco IOS 12.2(53)EX or later.
The workaround is to connect the two ports with a straight-through cable. (CSCsr41271)
The workaround is to not set an ARP timeout value lower than 120 seconds. (CSCea21674)
The workaround is to use rate limiting on DHCP traffic to prevent a denial of service attack from occurring. (CSCea21674)
No workaround is necessary. (CSCea85312)
The workaround is to enable PoE and to configure the switch to recover from the PoE error-disabled state. (CSCsf32300)
The workaround is to remove the VLAN from the bridge group or to remove the static MAC address from the VLAN. (CSCdw81955)
The workaround is to disable fallback bridging or to disable port security on all ports in all VLANs participating in fallback bridging. To remove an interface from a bridge group and to remove the bridge group, use the no bridge-group bridge-group interface configuration command. To disable port security on all ports in all VLANs participating in fallback bridging, use the no switchport port-security interface configuration command. (CSCdz80499)
There is no workaround for this problem because non-RPF traffic is continuous in certain topologies. As long as the trunk port is a member of the group in at least one VLAN, this problem occurs for the non-RPF traffic. (CSCdu25219)
The workaround is to not apply a router ACL set to deny access to a VLAN interface. Apply the security through other means; for example, apply VLAN maps to the VLAN instead of using a router ACL for the group. (CSCdz86110)
The workaround is to enable IP routing or to disable multicast routing on the switch. You can also use the ip igmp snooping querier global configuration command if IP multicast routing is enabled for queries on a multicast router port. (CSCsc02995)
There is no workaround. (CSCea52915)
– Port security is enabled with the violation mode set to protected.
– The maximum number of secure addresses is less than the number of switches connected to the port.
– There is a physical loop in the network through a switch whose MAC address has not been secured, and its BPDUs cause a secure violation.
The workaround is to change any one of the listed conditions. (CSCed53633)
The workaround for local SPAN is to use the replicate option. For a remote SPAN session, there is no workaround. (CSCdy72835)
The workaround is to use the encapsulate replicate keywords in the monitor session global configuration command. Otherwise, there is no workaround. (CSCdy81521)
Decreased egress SPAN rate
. In all cases, normal traffic is not affected; the degradation limits only how much of the original source stream can be egress spanned. If fallback bridging and multicast routing are disabled, egress SPAN is not degraded. There is no workaround. If possible, disable fallback bridging and multicast routing. If possible, use ingress SPAN to observe the same traffic. (CSCeb01216)
There is no workaround. (CSCed71422)
The workaround is to define another policy-map name for the second-level policy-map with the same configuration to be used for another policy-map. (CSCef47377)
The workaround is to configure the burst interval to more than 1 second. (CSCse06827)
From Microsoft Internet Explorer:
1. Choose Tools > Internet Options.
2. Click Settings in the “Temporary Internet files” area.
3. From the Settings window, choose Automatically.
5. Click OK to exit the Internet Options window.
Beginning in privileged EXEC mode, follow these steps to configure the HTTP server interface:
If you change the HTTP port, you must include the new port number when you enter the IP address in the browser Location or Address field (for example, http://10.1.126.45:184 where 184 is the new HTTP port number). You should write down the port number through which you are connected. Use care when changing the switch IP information.
If you are not using the default method of authentication (the enable password), you need to configure the HTTP server interface with the method of authentication used on the switch.
Beginning in privileged EXEC mode, follow these steps to configure the HTTP server interface:
The authentication manager commands provide the same functionality as earlier 802.1x commands.
A valid recursive static IPv6 route might not be added to the IP routing table even if the specified next hop resolves to a valid IPv6 output interface in the default route. This occurs when the default route is removed from the IP routing table and then added to the table. The recursive status route might not be removed from the table and the restored with the default route updates.
The workaround is to configure the recursive static IPv6 route with a specific interface.
After the web-based authentication feature with the default settings sends an HTML login page to a user and authentication succeeds, web-based authentication might not send a Login-Successful HTML page to the host.
The workaround is to close and open the browser window several times.
When the switch receives more than 1000 IPv6 prefixes from the Border Gateway Protocol (BGP), the CPU utilization increases.
The switch fails when it adds IPv6 routes to the ternary content addressable memory (TCAM).
The workaround is to reload the switch by entering the reload privileged EXEC command.
When a default gateway connects the switch to a TFTP server in a different network segment and the switch receives messages from the server, an ARP entry for the server is added to the switch ARP cache. If you replace the default gateway with another one, the switch and replaced default gateway cannot communicate with the TFTP server until the nonstatic ARP entries time out.
The workaround is to use the clear arp-cache privileged EXEC command to remove all nonstatic entries from the ARP cache.
A vulnerability in the Internet Group Management Protocol (IGMP) version 3 implementation of Cisco IOS Software and Cisco IOS XE Software allows a remote unauthenticated attacker to cause a reload of an affected device. Repeated attempts to exploit this vulnerability could result in a sustained denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-igmp.shtml.
Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in “Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication” at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
This is the updated information:
Use twisted-pair copper wire (14- to 18-AWG) long enough to connect from the power-input terminal to the power source.
For power source connections, use wires rated for at least 194°F (90°C).
MAB + NEAT is not supported as noted in the following section: “802.1x Supplicant and Authenticator Switches with Network Edge Access Topology (NEAT)”
For a list of the supported SFPs, see this URL:
http://www.cisco.com/en/US/docs/switches/connectedgrid/cgs2520/hardware/installation/guide/higoverview.html#wp1394699
This is the updated information:
Use twisted-pair copper wire (14- to 18-AWG) long enough to connect from the power-input terminal to the power source.
For power source connections, use wires rated for at least 194°F (90°C).
The Cisco CGS 2520 switches use 23-inch and ESTI brackets in addition to 19-inch brackets. The instructions for installing the 19-inch brackets are in the switch hardware guide.
You can order the 23-inch and ESTI brackets:
Figure 1 Attaching Brackets for 23-Inch Racks
Figure 2 Attaching Brackets for ETSI Racks
For instructions on mounting the switch in rack:
http://www.cisco.com/en/US/docs/switches/connectedgrid/cgs2520/hardware/installation/guide/higinstall.html#wp1172376
Step 1 Locate the SD flash memory card slot on the cable-side of the switch.
Step 2 Use a number-1 Phillips screwdriver to loosen the captive screw. See Figure 1-3.
Figure 1-3 Loosening the Captive Screw
Step 3 Pull the cover open, and pull the cover tabs from the hinge. See Figure 1-4.
Figure 1-4 Removing the SD Slot Cover
Step 4 Gently push the SD flash memory card to eject it out. See Figure 1-5. Place it in an antistatic bag to protect it from static discharge.
Figure 1-5 Removing the SD Flash Memory Card
Step 5 Push the replacement card (upside down) into the slot, and press it firmly in place. The card is keyed so that you cannot insert it the wrong way.
Step 6 Place the SD slot cover tabs into the hinge.
Step 7 Close the cover, and use a ratcheting torque number-1 Phillips screwdriver to torque the screw to
4.5 in-lb.
http://www.cisco.com/en/US/products/ps10978/tsd_products_support_series_home.html
SFP module installation notes:
http://www.cisco.com/en/US/products/hw/modules/ps5455/prod_installation_guides_list.html
Compatibility matrix documents:
http://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.