Release Notes for Catalyst 3850 Series Switch, CiscoIOSXERelease3.2.xSE
What’s New in Cisco IOS XE Release 3.2.3SE
Cisco Prime Infrastructure (PI) 2.0
Captive Portal Bypassing for Local Web Authentication
What’s New in Cisco IOS XE Release 3.2.2SE
Enhanced Bring Your Own Device (BYOD) Support
Cisco Wireless LAN Controller Models
Express Setup System Requirements
Finding the Software Version and Feature Set
Deployment and Control Features
Interoperability with Other Client Devices
Caveats Resolved in Cisco IOS XE Release 3.2.3SE
Caveats Resolved in Cisco IOS XE Release 3.2.2SE
Caveats Resolved in Cisco IOS XE Release 3.2.1SE
Catalyst 3850 Switch Hardware Installation Guide
Catalyst 3850 Switch Getting Started Guide
System Management Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Configuring Fast SSID Changing
Obtaining Documentation and Submitting a Service Request
First Published: January 29, 2013
Last Modified: September 3, 2014
This release note describes the features and caveats for the Cisco IOS XE 3.2.xSE software on the Catalyst 3850 series switch.
Unless otherwise noted, the terms switch and device refer to a standalone switch and to a switch stack.
The Catalyst 3850 switches are the next generation of enterprise class stackable access layer switches that provide full convergence between wired and wireless on a single platform. This convergence is built on the resilience of new and improved 480 Gbps StackWise-480 and Cisco StackPower. Wired and wireless security and application visibility and control is natively built into the switch.
The Catalyst 3850 switches also support full IEEE 802.3 at Power over Ethernet Plus (PoE+), modular and field replaceable network modules, redundant fans and power supplies. The Catalyst 3850 switches enhance productivity by enabling applications such as IP telephony, wireless, and video for a true borderless network experience.
The Cisco IOS XE software represents the continuing evolution of the preeminent Cisco IOS operating system. The Cisco IOS XE architecture and well-defined set of APIs extend the Cisco IOS software to improve portability across platforms and extensibility outside the Cisco IOS environment. The Cisco IOS XE software retains the same look and feel of the Cisco IOS software, while providing enhanced future-proofing and improved functionality.
For more information about the Cisco IOS XE software, see http://www.cisco.com/en/US/prod/collateral/iosswrel/ps9442/ps11192/ps11194/QA_C67-622903.html
Cisco PI 2.0 manages both wired and wireless LAN devices such as Catalyst 3850 switches, Cisco 5760 controllers, Cisco 5500 series wireless controllers, and access points. PI 2.0 provides unified management for the features that are common to both switches and wireless controllers. After your devices are added to Prime Infrastructure, you can use the Initial Device Setup workflow to configure the wired and wireless features on switches and controllers.
For more details on PI 2.0, see the documents at this URL:
http://www.cisco.com/en/US/products/ps12239/tsd_products_support_series_home.html
In Cisco IOS XE Release 3.2.2SE, Apple devices that need to resolve Wireless Internet Service Provider roaming (WISPr) and have support for captive portal bypass could not get local web authentication. This issue is resolved in Cisco IOS XE Release 3.2.3SE.
If you have configured virtual IP resulting in a successful web authentication, but when you log out, you receive a popup window prompting you to click a link to log out, you can disable this popup by following these steps:
For more information about captive portal bypassing, see http://www.cisco.com/en/US/docs/wireless/controller/7.5/config_guide/b_cg75_chapter_01010001.html
In the earlier releases, the controller web user interface is accessed by entering http:// ipaddress (the ipaddress is the controller IP address) in the browser. Now, you can enter http:// ipaddress /wireless in the browser, which will also allow you to access the web user interface.
The controller web user interface is enhanced to support the following:
The Configuration Wizard—After initial configuration of the IP address and the local username/password or auth via the authentication server (privilege 15 needed), the wizard provides a method to complete the initial wireless configuration. Start the wizard through Configuration -> Wizard and follow the nine-step process to configure the following:
The Administration tab enables you to configure system logs.
When supporting personal devices on a corporate network, you must protect network services and enterprise data by authenticating and authorizing users and their devices. A Cisco Identity Services Engine (ISE) Advanced License provides the tools that you need to allow employees to securely use personal devices on a corporate network.
http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_user_guide.html
Fast SSID changing allows wireless clients to move from one SSID to another without delay. For more information, see Configuring Fast SSID Changing.
Table 2 lists the three optional uplink network modules with 1-Gigabit and 10-Gigabit slots. You should only operate the switch with either a network module or a blank module installed.
Four 1-Gigabit SFP module slots. Any combination of standard SFP modules are supported. SFP+ modules are not supported. |
|
The Catalyst 3850 switches support a wide range of optics. Because the list of supported optics is updated on a regular basis, consult the tables at this URL for the latest SFP compatibility information:
http://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html
Table 4 lists the supported products of the Catalyst 3850 switch.
Cisco Aironet 1040, 1140, 1260, 16001, 2600, 3500, 3600 |
|
Table 5 lists the specific supported Cisco access points.
Table 8 shows the mapping of Cisco IOS XE version number and Cisco IOS version number.
The package files for the Cisco IOS XE software are stored on the system board flash device (flash:).
You can use the show version privileged EXEC command to see the software version that is running on your switch.
Note Although the show version output always shows the software image running on the switch, the model name shown at the end of this display is the factory configuration and does not change if you upgrade the software license.
You can also use the dir filesystem : privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.
For information about how to upgrade the switch software, see the Cisco IOS File System, Configuration Files, and Bundle Files Appendix at the following URL:
http://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/
system_management/appendix/swiosfs.html#wp1311040
Note If you are upgrading from Cisco IOS XE Release 3.2.1 or earlier and you configured auto QoS on the switch, you must remove all auto QoS configurations maps, class maps, and access lists before you reboot the switch with the new software. Follow these steps to remove the auto QoS configurations.
Step 1 In privileged EXEC mode, record all current auto QoS configurations by entering this command:
Step 2 In interface configuration mode, run the appropriate no auto qos command on each interface that has an auto QoS configuration.
Step 3 Return to privileged EXEC mode, and record any remaining auto QoS maps class maps, policy maps, access lists, table maps, or other configurations by entering this command:
show running-config | i AutoQos
Step 4 In global configuration mode, remove the QoS class maps, policy maps, table maps, and any other auto QoS configurations by entering these commands:
a. no policy-map policy-map-name
b. no class-map class-map-name
c. no ip access-list extended Auto-QoS-x
d. no table-map table-map-name
Step 5 Return to privileged EXEC mode, and verify that all auto QoS configurations have been removed by entering the following commands:
a. show running-config | i AutoQos
Step 6 Write the changes to the auto QoS configuration to NV memory by entering the write memory command.
Step 7 Reboot the switch with the new or upgraded software image.
Step 8 Reconfigure auto QoS for the interfaces recorded in Step 1.
The Catalyst 3850 switch supports three different feature sets:
Note A separate AP count license is required to use the Catalyst 3850 switch as a wireless controller.
The device has these features:
– Cisco Smart Install is a transparent plug and play technology used to configure the Cisco IOS software image and switch configuration without user intervention. Smart Install utilizes dynamic IP address allocation and the assistance of other switches to facilitate installation providing transparent network plug and play.
– Cisco Auto Smartports provide automatic configuration as devices connect to the switch port, allowing auto detection and plug and play of the device onto the network.
– Cisco Smart Configuration provides a single point of management for a group of switches and in addition adds the ability to archive and back up configuration files to a file server or switch allowing seamless zero touch switch replacement.
– Cisco Smart Troubleshooting is an extensive array of debug diagnostic commands and system health checks within the switch, including Generic Online Diagnostics (GOLD) and Onboard Failure Logging (OBFL).
– Modular QoS CLI (MQC) for defining and applying QoS common policies.
– Granular QoS policies per access point (AP), radio, SSID, and client.
– Session-based networking provides better control on devices connecting to the network. ACLs and QoS policies can be applied through the Identity Services Engine (ISE) to each session.
– Each 48-port Catalyst 3850 switch provides 40 Gbps of wireless throughput (20 Gbps for the 24 port model). This wireless capacity increases with the number of members in the stack.
– Mobility Agent—In this mode, the switch terminates the CAPWAP tunnels from access points and provides wireless connectivity to wireless clients. The switch enforces security and QoS policies for wireless clients and access points.
– Mobility Controller—In this mode, the switch performs all Mobility Agent tasks as well as Mobility coordination, Radio Resource Management (RRM), and clean air coordination.
Table 9 is a detailed list of wireless features supported on the device.
This section describes the interoperability of this version of the switch software release with other client devices.
Table 10 lists the client types on which the tests were conducted. The clients included laptops, handheld devices, phones, and printers.
Do not turn off the switch or reset the switch until the booting process is complete.
The following features are not supported in Cisco IOS XE Release 3.2.xSE:
– Mesh, FlexConnect, and OEAP deployment
– Secure Group Access (SXP, SGT)
– Wireless Guest Anchor Controller (The Catalyst 3850 switch can be configured as a foreign controller.)
– Hot Standby Router Protocol (HSRP)
– Virtual Router Redundancy Protocol (VRRP)
– MVR (Multicast VLAN Registration)
– Secure Group Access - Security Group Tag (SGT) Secure Group Access List (SGACL)
– Security Group Tag (SGT) Exchange Protocol (SXP)
– IPv6 routing - OSPFv3 Authentication
– Critical VLAN for voice devices
– IPv6 First Hop Security: IPv6 Source Guard
– Port Security on EtherChannel
– 802.1x Configurable username and password for MAB
– Government Certificates: Common Criteria & FIPS
– Link State Tracking (L2 Trunk Failover)
– Disable Per VLAN MAC Learning
– IEEE 802.1X-2010 with 802.1AE support
– IEEE 802.1AE MACsec (MKA & SAP)
– IPv6 Ready Logo phase II - Host
– OSPFv3 Graceful Restart (RFC 5187)
– Fallback bridging for non-IP traffic between VLANs
– Support for 16 static IPv4 routes in LAN Base
– DHCP snooping ASCII circuit ID
– Per VLAN Policy & Per Port Policer
– Ingress/egress Shared Queues
– Trust Boundary Configuration
– Cisco Group Management Protocol (CGMP)
– Performance Monitor (Phase 1)
– AAA: RADIUS over IPv6 transport
– AAA: TACACS over IPv6 Transport
– Auto QoS for Video endpoints
– IPv6 Strict Host Mode Support
– IPv6 Static Route support on LAN Base images
– VACL Logging of access denied
– RFC5460 DHCPv6 Bulk Leasequery
– DHCPv6 Relay Source Configuration
– RFC 4292 IP-FORWARD-MIB (IPv6 only)
If you need information about a specific caveat that does not appear in these release notes, you can use the Cisco Bug Toolkit to find caveats of any severity. Click this URL to browse to the Bug Toolkit:
http://tools.cisco.com/Support/BugToolKit/
(If you request a defect that cannot be displayed, the defect number might not exist, the defect might not yet have a customer-visible description, or the defect might be marked Cisco Confidential.)
The following sections lists Open Caveats and Resolved Caveats for the Catalyst 3850 switch, Cisco IOS XE Release 3.2.xSE.
The following tracebacks are noticed on normal setup:
DATACORRUPTION-1-DATAINCONSISTENCY: strstr_s: dmax exceeds max, -PC= 0x240BE60Cz
-Traceback= 190BA74z 182D4C8z 5E68CD5z 5E68B63z 55817EBz 55815D7z 558154Dz 5580E60z 5580444z 55802CAz
There is no workaround. There is no functional impact.
When a VLAN filter is configured on an RSPAN monitor session, duplicate packets are captured on the RSPAN destination port.
Following a switchover in a four-member stack, full reconciliation of high availability (HA) services may be delayed by up to 15 seconds. The re-association of wireless clients is similarly delayed.
When the Ethernet management port receives a frame whose destination MAC address is not FA1, it does not drop the traffic. Instead, the port uses the vrf mgmtVrf routing table to route the traffic back.
When the NetFlow collector address for the Flow Exporter is configured in the VRF route table, flow records are exported to the same IP address in the global route table.
The workaround is to connect the NetFlow collector in the global route table instead of the VRF route table.
IPV6 first-hop security does not work with EtherChannel.
Layer 3 multicast traffic is not transmitted on a statically joined port after using the shutdown and no shutdown commands on an SVI.
The workaround is to unconfigure the static join and configure it again.
When policy maps are PRE chained in conjunction with concurrent or sequential authentication sessions, events associated with each authentication method's chained policy are evaluated and executed instead of only those events associated with the method for which the session was authorized. For example, a policy specifies that sessions be authenticated using dot1x or mab, and upon success of either method, chain (attach) a child policy map. If both authentication methods succeed, the session, based on priority, is authorized with dot1x. Subsequent events are matched against both the MAB and dot1x chained policy maps instead of the dot1x chained policy map.
The workaround is to avoid using PRE chaining with concurrently authenticated sessions.
In very rare cases, all traffic to and from the switch ceases; all access points and LAG links disconnect as the switchfails to transmit the LACP PDUs; however, the management interfaces function.
Run the sh platform punt statistics port-asic 0 cpuq -1 direction tx command to verify whether the suspend/unsuspend count is stuck for any of the transmission queues. Run the command several times to make sure that the suspend/unsuspend counters are no longer incrementing, and the TX suspend count = TX unsuspend count + 1. If you see this problem on any of the transmission queues, open a case with the TAC, or contact your Cisco technical support representative.
There is no workaround. Reboot the switch.
The following message may appear in the switch logs:
There is no workaround. There is no functional impact.
When the same PV HQOS policies are applied to both directions of an interface, the output policy stops working when the input policy is removed.
The workaround is to detach the output policy and reapply it to the interface.
After a HQOS policy is attached to interface and the interface speed or bandwidth is changed while the policy is attached, the HQOS policy gets detached from the interface.
The workaround is to detach the policy, change the bandwidth or speed of the interface, and reattach the policy.
When Layer 3 interfaces on the active switch in a switch stack are deleted and reapplied, the new member switch that joins the stack may reload.
The workaround is to reload the stack.
After a switchover, and a default to a Layer 3 interface, the CLI may not respond for several minutes.
After a switchover on a switch stack, the show interface status command displays the status of the Uplink SFP as unknown.
The workaround is to use the show inventory command on the interface.
When you update the power or channel on a four-member stack using the snmp set command, the operation fails on the standby switch, and the following error message is displayed:
When the switch stack is running in install mode and set to boot with the boot system switch all flash:packages.conf command, the show boot system command does not properly display the BOOT variable for the standby and member switches. The effect is only on the show commands; there is no effect on operations.
Rogue Location Discovery Protocol (RLDP) does not work when the AP is in local mode. This problem occurs when there is no WLAN configured in controller or monitor mode AP.
The workaround is to ensure that you configure one SSID on the controller when AP is in local mode. RLDP does not work when the AP is in monitor mode and there is no workaround.
The mac-address table is updated with BPDU SA from neighbor switch. This is a default behavior. The workaround is to use the test matm ctrl_pkt_lrn command in the enable mode to disable this feature.
The class video counters for the AP port policy appear as zero when you use the show policy-map interface wireless ap command.
When a class is removed from a queuing policy map that is attached to a wired port, the queue programming in the hardware is removed.
The workaround is to remove the policy from the port before making modifications.
When the incoming rate is far beyond the rate configured in a policy map through policing, the traffic is not properly shaped.
The workaround is to configure the policy map with priority level 1 percent and priority level 2 percent instead of configuring the policy with priority level x and policing.
When you modify the webauth virtual IP while there are active webauth sessions, the session stays in the pending-delete state and you cannot create a new session.
The workaround is to not make CLI changes when authorized webauth sessions are in use.
When a policy with priority and a policer is attached to a range of interfaces on an uplink, in some scenarios, any change made to the policer rate causes the policy to be unprogrammed on one or more ports.
The workaround is to remove the policy from the affected ports and reattach it.
When configuring policy maps using absolute values, the maximum rate is limited to 2G/second.
The workaround is to configure policy maps using the priority level 1 percent x command instead of configuring absolute values with the priority level 1 x command.
When policers are attached to uplink interfaces using the range command, the policers do not always work.
The workaround is to attach the policy to each port, one by one.
In a hierarchical queueing policy, a table map under the child policy continues to mark traffic after the policy is detached from an interface.
The workaround is to attach a default policy, for example:
After a queuing policy is deleted from one uplink port (10 G), the queueing policy on the other 1-G uplink stops working.
The workaround is to detach the policy and reattach it.
When using hierarchical policies, the child classification does not work properly when its matching value is a subset of the parent class's matching values for COS, DSCP, UP, and PREC classes.
The workaround is to configure hierarchical policies to achieve one of these results:
– The parent user-defined class is match vlan.
– The parent class has only class-default and the child class has user-defined classes.
– The parent class has user-defined classes and the child has only class-default.
When the standby switch in a switch stack is reloaded and added back to the stack as a member, sometimes the Feature Forwarding Manager (FFM) process fails, causing a reload. This problem occurs in configurations with a combination of Layer-3 routing, PBR and ACL features.
The snmp get command on cLMobilityExtMoMcLinkStatus for a given mobility controller (MC) and on cLMobilityExtMcAssocTime for a given mobility controller's client returns incorrect values.
The workaround is to use the following commands:
– show wireless mobility oracle summary to display the link status between the mobility oracle and the mobility controller
– show wireless mobility controller client summary to display the client association time.
After a per-VLAN policy is removed from a port, the policer stays active. The VLAN has an SVI with a policy attached that is performing a set.
The workaround is to remove the policy from the SVI before removing it from the port.
You cannot apply both IPv6 and IPv4 ACLs to an snmp-server group.
The workaround is to use the snmp-server user command instead.
During a configuration synchronization, the passwd key zeroize command can cause the standby switch in the stack to stop functioning.
The workaround is to remove the passwd key zeroize command from the configuration and use the
crypto key zeroize rsa command instead.
The DHCP snooping database agent fails to start while changing the DNS entry that the URL pointed to or when restarting the DHCP server. To avoid this issue, use another file transport mechanism like SCP or TFTP.
The workaround is to reload the switch.
When a 1-G port on a Catalyst 3850 switch is connected to a 10-G port on a 5760 controller with a 1-G SFP module, the 10-G controller port stays up even when the switch port is shut down.
The show power inline command does not accurately reflect changes to the amount of available power.
There is no workaround. There is no functional impact.
In WebUI, it takes up to 10 to 15 seconds for the home page to load.
If you copy and paste several wireless configuration lines into the configuration, the system drops the first few characters from every other line. The number of characters dropped appears to be related to how long the command takes to execute. The issue does not occur on non-wireless configuration lines.
The workaround is to copy and paste line by line.
Multicast traffic travels on the WLAN-mapped VLAN rather than on the AP-group mapped VLAN when an AP is placed in an AP group where VLAN is overridden for the SSID and a client associates with the AP that is broadcasting this SSID.
In a switch stack, the Wireless Control Module (WCM) on the active switch stops working due to high CPU usage.
The console displays %IPC-5-WATERMARK log messages repeatedly.
There is no workaround. There is no functional impact.
ARP traffic is occasionally dropped. The ARP loss corresponds with buffer counter under “failures” incrementing in the output of show platform punt client.
If IP device tracking is not required and neither dot1x or DAI is used, then the workaround is to add the nmsp attachment suppress command at the interface level of all switchports. This stops ARP snooping from being enabled on the ports.
When voice and data clients are authorized in multi authentication mode and the host-mode is subsequently changed to multi-domain authentication (MDA) mode, the switch unexpectedly reboots.
In a switch stack, a member switch stops working due to a loop with the NGWC Learning Process. This loop can occur when multiple MAC addresses flap between ports, for example, after a wired to wireless MAC move.
Stack port change messages are not properly trapped and displayed with the SNMP trap snmp-server enable traps stackwise.
The workaround is to configure an EEM script to pull the correct OID. For example:
When a fiber interface is configured with the default configuration, the following error message is displayed:
and the interface is placed in the error-disabled state.
The workaround is to configure the interface with the no keepalive command.
When the Network Time Protocol (NTP) configuration is removed from the switch, the Cisco IOS software unexpectedly halts.
A WLAN configured to authenticate users with the local webauth method uses the default network authorization method instead of the configured network authorization method. For example, with this global configuration:
authentication goes through the RADIUS server and not through local authentication.
The workaround is to use the aaa authorization network default local command to configure the default network authorization method as local.
Caveats Resolved in Cisco IOS XE Release 3.2.3SE
Inconsistencies are displayed or the switch unexpectedly resets when you try to remove an existing password from the console or a VTY (telnet port). Use the show running | be line command to verify. This problem occurs while the switch is used in a stack.
The workaround is to avoid using a login password for VTY lines and minimize password configuration changes; the use of AAA for login is recommended. If you need to make password configuration changes, ensure that you save the configuration in a standalone switch, and then include the switch in the stack.
Here is an example of AAA configuration using local username and password:
During many simultaneous dot1x authentication operations, sessions may time out and fail to correctly authenticate. The console will continuously report authorization and authentication messages.
The router crashes when polling ipMRouteEntry while executing the clear ip mroute command.
The workaround is to not query ipMRouteEntry and use the clear ip mroute command at the same time.
The switch can crash when there are concurrent sessions and you try remove an existing password from the console or VTY. Various inconsistencies can be seen in the running configuration that can result in a crash.
The workaround is to minimize configuration changes to the password, and to use a standalone switch when making such changes.
The switch fails to create extended VLANs on a 9-member switch stack.
All wireless clients become stuck in idle state. Once idle, the clients cannot reconnect to the wireless network. New clients can connect, but will become idle on disconnect.
The workaround is to reload the affected device or stack and upgrade to release 3.3.0(SE) or greater.
A port channel is in the “not connect” status when BPDU packets are received.
When sending traffic from two IXIA ports, the switch packet counter (InUcastPkts and OutUcastPkts) frame value is displayed incorrectly.
Active to backup conversion of FlexLink is slow when the network module C3850-NM-2-10G is used.
Layer 3 traffic routed on one switch or stack member fails for newly added devices.
There is no direct workaround. Reload the impacted switch to recover.
When the internal process takes more than 3 seconds to process the mobility state change request, the client can be stuck in local state on the foreign switch. As a result, traffic is not forwarded through the anchor; instead, traffic is forwarded through the foreign switch.
You cannot use a Microsoft NLB deployment to assign a static ARP entry to a non-IPv4 multicast MAC address.
When multiple activities such as the following are running in parallel, the switch may unexpectedly reboot.
– multiple show-tech CLI commands executed
There is an QoS ACL matching issue when multiple classes match in the ACL range.
The workaround is to remove auto qos voip cisco-softphone from all attaching interfaces and then reattach the policy.
BW of the show interfaces port-channel privileged EXEC command does not display correctly.
The standby switch in a stack of Catalyst 3850 switches fails to boot up when the speed nonegotiate command is configured on an interface and a switch is either reset, or powered up after the command is configured. This may cause all the member switches to reset.
The workaround is to remove speed nonegotiate from all interfaces using the no speed nonegotiate command, or to use the redundancy config-sync ignore mismatched privileged EXEC commands.
Some WS-C3850-48T-S switches do not recognize GLC-T SFPs in the uplink module.
The workaround is to use a downlink 1 Gbps copper port.
Output sensor 1 or HotSpot sensor 2 has an incorrect yellow threshold. This can cause intermittent false SNMP alarms on the SNMP server. New threshold values are set to address the issue.
The external webauth page redirect stops working after some time.
The workaround is to reboot the system.
When a switch port detects a false short it never recovers to power an IEEE PD. This happens when a PoE port is connected to a PC that has no power and the cable is moved to connect IEEE PD devices.
There are two workarounds. The first is to use the shutdown and no shutdown commands to restart the port. The second workaround is to connect the port to a powered on non-PD (like a PC) and wait for the link up. After removing the non-PD link, the port regains the PD detection capability. Then connect the port to the desired PD to get power.
The input queue size counter may exceed the maximum defined threshold of 10, and does not increment any drops.
A Catalyst 3850 stack produces an FCS-Err on some ports. The counter is either 18446744073709551614 or 18446744073709551615.
The show interface command does not show any CRC errors and functionality is not affected.
The workaround is to bounce the interface to reset the counter to zero.
One switch in a stack of three Catalyst 3850 switches reboots randomly when QoS is enabled.
After a TACACS authentication, the wireless GUI is not available on the switch.
The workaround is to use CLI interface (Telnet, Console, SSH) and configure the device.
Segmentation fault crash in process cpf_msg_rcvq_process.
The broadcast queue can become stuck and the switch drops all packets destined to that queue.
The workaround is to reload the switch. In the case of ARP traffic, you can re-enable NMSP using the no nmsp attachment suppress command to enable ARP traffic to be processed.
The results of the snmp get command entered on the SNMP MIB bsnMobileStationRssiData from bsnMobileStationRssiDataTableon are incorrect.
The workaround is to use one of the following commands in the AP console:
show wireless client mac-address mac_address detail
The ranges for cLQd11aRadioMaxStreams/cLQd11bRadioMaxStreams and cLQd11aClientMaxStreams/cLQd11aClientMaxStreams do not start at 0. This situation occurs when you perform an snmp set on cLQd11aRadioMaxStreams or cLQd11bRadioMaxStreams under cLQd11aCACConfig. The same situation exists for a Radio type.
The switch stack fails to generate a system report log when reloaded.
The workaround is to manually delete older system reports in the crashinfo partition.
In a four-member stack, large IPv6 RACLs are attached to an ingress port and QoS with policy rate is attached to egress port. When a change is made to the QoS policy map, the switch member unexpectedly reloads.
After reloading a member switch, the NetFlow configuration previously applied to an interface does not work.
The workaround is to remove the NetFlow configuration from the interface and apply it again.
The snmp get command returns an incorrect value on bsnMobileStationWepState from bsnMobileStationTable.
The workaround is to use the show wlan name profile-name command.
After a roam operation, when you enter the show policy command, the police-conformed rate state under a child policy is displayed incorrectly.
When LoopGuard is enabled globally, the edge access ports that do not have PortFast configured are moved to a blocking state due to loop inconsistency. This problem occurs when edge ports configured as Layer 2 ports without PortFast perform a switchover.
The workaround is to enable PortFast on Layer 2 edge ports if LoopGuard is enabled.
After a switchover on a switch stack running Rapid-PVST in which the root port goes down as part the switchover, uplink connectivity is lost.
The workaround is to use the shutdown command followed by the no shutdown command to enable the new root port. Another option is to configure the root port as a Layer 2 port channel so that it will not go down as part of the switchover.
When you perform a continuous SNMPWALK on the table's attributes, the output is inconsistent.
When you perform a set on the cLD11ClientCalibTable, SNMPWALK gives the correct data for the first few minutes and then it does not return any data.
When you hotswap an FRU or hotswap a 10-G SFP with a 1-G SFP, uplink port traffic fails. In a standalone WS-3850 or a stack of WS-3850 switches, the following operations do not work:
– Inserting a FRU for the first time when the switch is already in READY state
– Replacing a FRU with another type of FRU
– Replacing a 1-G SFP with a 10-G SFP or a 10-G SFP with a 1-G SFP on a FRU that supports
10-G interfaces.
The workaround for the first two scenarios is to reload the switch where the FRU uplink was inserted or swapped. The workaround for the third scenario is to use the clear errdisable interface interface recover-uplink on the uplink where SFP module was inserted or swapped.
The options under the errdisable recovery cause ? command are located on the right side of the display.
When wireless clients use downloadable ACLs with multiple RADIUS servers configured to authenticate clients, the switch reloads.
The workaround is to use the named ACL with Filter-ID instead of downloadable ACLs when there are multiple RADIUS servers in the network.
When the standby switch and a member switch are being reloaded while the active switch is up and running, the Table_manager process on the active switch fails, causing a reload.
When the startup configuration has the exception dump device second usbflash0: command configured and the stack undergoes a staggered boot, the standby switch is reset due to a bulk synchronization failure.
The workaround is to boot all switches simultaneously. Another workaround is to remove the exception dump device command from the configuration and after all the switches are up and running, add the exception dump device second usbflash0: command to the configuration.
When a nonhierarchical policy is installed on SSID output and when you try to overwrite it with a new policy which is in a hierarchical format, the policy change fails. This problem occurs only when a nonhierarchical policy is overwritten with a hierarchical policy.
The workaround is to unconfigure the existing policy and apply the new policy.
With an emergency install, the timestamp for the installed package files and the conf file is set to Dec 31 1969.
After a switchover, when 500 or more clients are trying to join, a few clients do not reassociate.
The workaround is to manually reassociate the failed clients.
If a client is roaming from Mobility Agent (MA) to Mobility Controller (MC) and joins another MA in a different peer group before complete authentication to MC, and then tries to rejoin to MC, the client entry cannot be deleted from the database. The client will not be able to join on the AP connected to MC but can join anywhere else in the network.
The workaround is to use the test platform llm clear-database client_mac_address true command to remove the client entry on MC.
The switch displays the following message:
The switch crashes after about 200 days of uptime.
When UDLD aggressive is configured between two switches and the send port ID and receive port IDs are the same, UDLD detects an error.
The workaround is to use a different port ID when connecting two switches with a fiber cable.
When you apply auto qos trust on a port on one of the expansion modules of a non-active switch in a switch stack, errors are displayed.
The show environment power all command randomly displays a power supply failure message and displays the wattage is displayed incorrectly as 235 W.
The Layer 2 or Layer 3 path is breaks, all SNMP packets are dropped, or all wireless clients are idle.
The workaround is to reload the affected member switch and restore service.
When significant traffic (~ 4 billion packets) has traversed the CPU, the switch reloads unexpectedly. Depending on the control traffic pattern, it can take days or weeks for CPU-bound traffic to reach 4 billion. To check for this condition use the
show platform punt stat port-asic 0 cpuq -1 direction rx command.
A Macbook client bug causes connectivity problems with a recent OS X update. This problem is triggered by the client sending an out of sequence packet.
The workaround is to disable A-MPDU.
When the auto qos voip cisco-phone command is applied to a port, data traffic over 10 (or 20) Mb/s is dropped at ingress ports.
The workaround is to remove the policer from the following class-map policy:
Service-policy input: AutoQos-4.0-CiscoPhone-Input-Policy
Class AutoQos-4.0-Default-Class
police cir 10000000 bc 8000 be 8000
exceed-action set-dscp-transmit dscp table policed-dscp
Auto QoS policy maps, class maps, and access lists are incorrectly generated in Cisco IOS XE Release 3.2.0 and 3.2.1. If you are upgrading your system from Cisco IOS XE Release 3.2.1 or eariler, to Cisco IOS XE Release 3.2.2 or later, refer to the “Upgrading the Switch Software” section.
Phones that are connected to the switch does not register or get an IP address.
When the switch is in VTP client mode, all broadcast traffic is blocked for a given VLAN when a vtp prune event is immediately followed by a re-join event. ARP does not complete and consequently MAC addresses on upstream devices are not learned.
In certain boot sequences, the BOOT variable is removed from the switch. At the next reboot attempt, the reboot fails, and the switch remains in the bootloader prompt.
– Boot the switch with boot flash:file_name command.
or
– Set the BOOT variable explicitly in the bootloader using BOOT=flash: file_name and, then boot the switch using boot command.
Note The Catalyst 3850 switches might have slight cosmetic differences on the bezels.
Dimensions shown exclude the extraction handle, which measures 1.55 in. (3.9 cm) and the keying feature which measures 0.44 in (1.1 cm).
When the client sends a new association for a different SSID and fast SSID changing is disabled, the client entry in the controller connection table is cleared before the client is added to the new SSID. This means that the controller enforces a delay before clients are allowed to move to a new SSID. When fast SSID changing is enabled, there is no delay, and clients move more quickly from one SSID to another.
Beginning in privileged EXEC mode, follow these steps to configure fast SSID changing:
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at this URL:
http://www.cisco.com/en/US/support/index.html
Choose Product Support > Switches. Then choose your product and click Troubleshoot and Alerts to find information for the problem that you are experiencing.
http://www.cisco.com/go/cat3850_docs
http://www.cisco.com/en/US/products/hw/modules/ps5455/tsd_products_support_series_home.html
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html.
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.