Release Notes for Cisco Catalyst Micro Switch Series, Cisco IOS Release 15.2(8)Ex
Introduction
This release note describes the features, modifications, and caveats for the Cisco IOS Release 15.2(8)Ex software on the Cisco Catalyst Micro Switch Series.
Supported Hardware
Cisco Catalyst Micro Switch Series—Model Numbers
The following table lists the supported hardware models.
Switch Model |
Description |
---|---|
Cisco Catalyst Switch Models and Description | |
CMICR-4PS |
Four 1 Gigabit Ethernet downlink PoE+ ports; two 1 Gigabit Ethernet SFP uplink ports; uses external AC/DC adapters for power sourcing. |
CMICR-4PC |
Four 1 Gigabit Ethernet downlink PoE+ ports; one 1 Gigabit Ethernet SFP and one 1-Gigabit Ethernet RJ-45 uplink ports; uses external AC/DC adapters for power sourcing. |
CMICR-4PT |
Four 1 Gigabit Ethernet downlink PoE+ ports; one 1 Gigabit Ethernet RJ-45 uplink port and one 1 Gigabit Ethernet RJ-45 or SFP combo uplink ports; two USB-C connectors for power sourcing; uses external AC/DC adapters or external PSE through PD ports for power sourcing. |
Optics Modules
The Cisco Catalyst Micro Switch Series support a wide range of optics. Because the list of supported optics is updated on a regular basis, consult the tables at this URL for the latest SFP+ and SFP module compatibility information: https://tmgmatrix.cisco.com
Features of the Switch
Ease of Operation
This section lists the ease-of-operation features supported by Cisco Catalyst Micro Switch Series:
-
Cisco Catalyst Smart Operations is a comprehensive set of features that simplify LAN deployment, configuration, and troubleshooting. Catalyst Smart Operations is a set of features that includes Auto Smartports, Smart Configuration, and Smart Troubleshooting to enhance operational excellence:
-
Auto Configuration determines the level of network access provided to an endpoint based on the type of the endpoint device.
-
Cisco Auto Smartports provide automatic configuration as devices connect to the switch port, allowing auto detection, and plug and play of the device onto the network.
-
Cisco Smart Troubleshooting is an extensive array of debug diagnostic commands and system health checks within the switch, including Generic Online Diagnostics (GOLD) and Onboard Failure Logging (OBFL).
-
Interface templates provide a mechanism to configure multiple commands at the same time and associate it with a target (such as an interface). An interface template is a container of configurations or policies that can be applied to specific ports.
-
Network Security
The Cisco Catalyst Micro Switch Series provide a range of security features to limit access to the network and mitigate threats.
-
In Cisco IOS Release 15.2(7)E3 and later releases, SSH is enabled by default to connect to networks, and Telnet is disabled by default.
-
802.1x monitor mode: Enables authentication across the wired infrastructure in an audit mode without affecting wired users or devices. It helps IT administrators to smoothly manage 802.1x transitions by allowing access and logging system messages when a device requires reconfiguration or is missing an 802.1x supplicant.
-
Bidirectional data support on the Switched Port Analyzer (SPAN) port: Allows Cisco intrusion detection.
-
Bridge protocol data unit (BPDU) Guard: Shuts down Spanning Tree Port Fast-enabled interfaces when BPDUs are received to avoid accidental topology loops.
-
Dynamic Address Resolution Protocol (ARP) Inspection (DAI): Prevents malicious attacks on the device by not relaying invalid ARP requests and responses to other ports in the same VLAN.
-
Dynamic Host Control Protocol (DHCP) snooping: Filters untrusted DHCP messages between untrusted hosts and DHCP servers.
-
Internet Group Management Protocol (IGMP) filtering: Provides multicast authentication by filtering out non-subscribers and limits the number of concurrent multicast streams available per port.
-
MAC address notification: Notifies administrators about users added to or removed from the network.
-
Multilevel security on console access: Prevents unauthorized users from altering the device configuration.
-
Flexible authentication: Supports multiple authentication mechanisms including 802.1X and MAC Authentication Bypass.
-
Open mode: Creates a user-friendly environment for 802.1X operations.
-
Port security: Secures the access to an access or trunk port based on MAC address. It limits the number of learned MAC addresses to deny MAC address flooding.
-
Port-based ACLs for Layer 2 interfaces: Allow security policies to be applied on individual switch ports.
-
RADIUS Change of Authorization (CoA): Enables asynchronous policy management.
-
Secure Shell (SSH) Protocol and Simple Network Management Protocol Version 3 (SNMPv3): Provides network security by encrypting administrator traffic during Telnet and SNMP sessions. SSH Protocol, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software image because of U.S. export restrictions.
-
Standard and extended access control lists (ACLs): Define security policies on routed interfaces for control-plane and data-plane traffic. IPv6 ACLs can be applied to filter IPv6 traffic.
-
TACACS+ and RADIUS authentication: Facilitates the centralized control of a device and restricts unauthorized users from altering the configuration.
Deployment and Control Features
This section lists the deployment and control features:
-
Auto-negotiation on all ports automatically selects half- or full-duplex transmission mode to optimize bandwidth.
-
Dynamic Host Configuration Protocol (DHCP) auto-configuration of multiple switches through a boot server eases switch deployment.
-
Dynamic Trunking Protocol (DTP) facilitates dynamic trunk configuration across all switch ports.
-
IEEE 802.1s/w Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) provide rapid spanning-tree convergence independent of spanning-tree timers and also offers the benefit of Layer 2 load balancing and distributed processing.
-
Internet Group Management Protocol (IGMP) v1, v2, v3, snooping for IPv4. Multicast Listener Discovery (MLD) v1 and v2 Snooping provide fast client joins and leaves of multicast streams and limit bandwidth-intensive video traffic to only the requester.
-
Layer 2 traceroute eases troubleshooting by identifying the physical path that a packet takes from source to destination.
-
Link Aggregation Control Protocol (LACP) allows the creation of Ethernet channeling with devices that conform to IEEE 802.3ad.
-
Network Timing Protocol (NTP) provides an accurate and consistent timestamp to all intranet switches.
-
Port Aggregation Protocol (PAgP) automates the creation of Cisco Fast EtherChannel groups and Gigabit groups.
-
TFTP reduces the cost of administering software upgrades by downloading from a centralized location.
-
Switch-port auto-recovery (error-disable) automatically attempts to reactivate a link that is disabled because of a network error
-
Storm control for unicast, broadcast and multicast traffic to prevent disruption in the network due to packet flooding on the LAN.
-
Unidirectional Link Detection Protocol (UDLD) and Aggressive UDLD allow unidirectional links caused by incorrect wiring. Also, port faults can be detected and disabled on the interfaces.
-
Voice VLAN simplifies telephony installations by keeping voice traffic on a separate VLAN for easier administration and troubleshooting.
Quality of Service
This section lists the quality of service (QoS) features:
-
Multilayer Switching (MLS) QoS provides the ability to configure granular policies and classes on every interface. These policies include policers, markers, and classifiers.
-
Supports up to 4 egress queues per port, and finer flow segregation using 2 threshold markers for non-strict-priority queues.
-
Strict priority queuing to ensure that the highest-priority packets are serviced ahead of all other traffic.
-
Weighted Round Robin (WRR) scheduling to ensure differential prioritization of packet flows.
Software Features in Cisco IOS Release 15.2(8)E7
None.
Software Features in Cisco IOS Release 15.2(8)E6
None.
Software Features in Cisco IOS Release 15.2(8)E5
None.
Software Features in Cisco IOS Release 15.2(8)E4
None.
Software Features in Cisco IOS Release 15.2(8)E3
None.
Software Features in Cisco IOS Release 15.2(8)E2
None.
Software Features in Cisco IOS Release 15.2(8)E1
None.
Software Features in Cisco IOS Release 15.2(8)E
None.
Compatibility Matrix
The following table provides software compatibility information.
Catalyst Micro Switches |
Cisco Identity Services Engine |
---|---|
Cisco IOS Release 15.2(8)E1 |
2.7 |
Cisco IOS Release 15.2(8)E |
2.7 |
Cisco IOS Release 15.2(7)E3k |
2.7 |
Upgrading the Switch Software
Finding the Software Version and Feature Set
The Cisco IOS image is stored as a bin file in a directory that is named with the Cisco IOS release number. The files necessary for web management are contained in a subdirectory. The image is stored on the system board flash device (flash:).
You can use the show version privileged EXEC command to see the software version that is running on your switch.
Note |
Although the show version output always shows the software image running on the switch, the model name shown at the end of this display is the factory configuration and does not change if you upgrade the software license. |
You can also use the dir filesystem: privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.
Software Image
If you have a service support contract and order a software license or if you order a switch, you receive the universal software image and a specific software license.
Image |
Filename |
---|---|
Universal image |
cmicr-universalk9-mz |
Universal image |
cmicr-universalk9-tar |
Scaling Guidelines
For information about feature scaling guidelines, see the Cisco Catalyst Micro Switch Series datasheet at: https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-micro-switches/nb-06-cat-micro-switch-series-ds-cte-en.html
Caveats
Caveats describe unexpected behavior in Cisco IOS releases. Caveats listed as open in a prior release are carried forward to the next release as either open or resolved.
Cisco Bug Search Tool
The Cisco Bug Search Tool (BST) allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The BST is designed to improve the effectiveness in network risk management and device troubleshooting. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.
To view the details of a caveat, click on the identifier.
Open Caveats
None
Resolved Caveats in Cisco IOS Release 15.2(8)E7
Caveat ID Number |
Description |
---|---|
Cisco IOS and IOS XE Software IKEv1 Fragmentation Denial of Service Vulnerabilities |
|
Cisco IOS and IOS XE Software Web UI Cross-Site Request Forgery Vulnerability |
|
Cisco IOS and IOS XE Software Resource Reservation Protocol Denial of Service Vulnerabilit |
|
Issue when upgrading with ISSU from any release to 3.11.10 |
|
Cisco DNA Ctr 2.3.5.6 - Incorrect Temperature Reading for CMICR-4PS Switch on the "Device 360" page. |
Resolved Caveats in Cisco IOS Release 15.2(8)E6
Caveat ID Number |
Description |
---|---|
SDA - ARP Reply packets dropped by CMICR as Extended Node post reload |
|
CMICR - IGMP Queries Consumed by snooping, not forwarded to Endpoints |
Resolved Caveats in Cisco IOS Release 15.2(8)E5
Caveat ID Number |
Description |
---|---|
Cisco IOS and IOS XE Software Cisco GETVPN Software Out-of-Bounds Write Vulnerability |
Resolved Caveats in Cisco IOS Release 15.2(8)E4
Caveat ID Number |
Description |
---|---|
Intermittent Failures CMICR-4PC Switch |
Resolved Caveats in Cisco IOS Release 15.2(8)E3
Caveat ID Number |
Description |
---|---|
Incorrect operation of wrr-queue bandwidth limit command on CMICR-4PC switch. |
|
Archive download-sw upgrade process is slow. |
|
Intermittent failure/high CPU on CMICR-4PC switch. |
|
DHCPv6: Memory allocation of DHCPv6 relay option results in crash. |
|
Cisco IOS and IOS XE software SSH Denial of Service vulnerability. |
Resolved Caveats in Cisco IOS Release 15.2(8)E2
Caveat ID Number |
Description |
---|---|
Loopback detection is not working as expected on CMICR-4PC. |
Resolved Caveats in Cisco IOS Release 15.2(8)E1
Caveat ID Number |
Description |
---|---|
In CMICR-4PC switch [peridot_stats_update_port_counters:66]:Failed to read port=* statistics in IOS |
|
In CMICR (4PC and 4PS) switch, port speed intermittently wrongly reported in IOS |
|
Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability |
Resolved Caveats in Cisco IOS Release 15.2(8)E
Caveat ID Number |
Description |
---|---|
RSTP convergence fails with VTP pruning enabled; ports stuck in RSTP dispute. |
|
The output of the show power command does not display the correct value with 65 Watt power supply. |
|
The output of the show inventory command does not display the transceiver information. |
|
By default, the switch is configured for 65 Watt Power supply. |
Troubleshooting
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at this URL:
https://www.cisco.com/en/US/support/index.html
Go to Product Support and select your product from the list or enter the name of your product. Look under Troubleshoot and Alerts, to find information for the problem that you are experiencing.
Related Documentation
Cisco Validated Designs documents at this URL: https://www.cisco.com/go/designzone
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business results you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco DevNet.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.