Information about Cisco Catalyst IE9300 Rugged Series Switch

This document provides release information for the following Catalyst IE switches:

  • Cisco Catalyst IE9310 GE Fiber switch

  • Cisco Catalyst IE9320 GE Fiber switch

  • Cisco Catalyst IE9320 Fiber switch with 10 GE uplinks

  • Cisco Catalyst IE9320 10 GE Copper Data switch

  • Cisco Catalyst IE9320 10 GE PoE switch

  • Cisco Catalyst IE9320 10 G mGig 4PPoE switch

  • Cisco Catalyst IE9320 GE PoE switch

Cisco Catalyst IE9300 Rugged Series Switches provide rugged and secure switching infrastructure for harsh environments. It is suitable for industrial Ethernet applications, including manufacturing, utility substations, intelligent transportation systems (ITSs), rail transportation, and other similar deployments.

The switch fulfills the need for a high-density SFP, RJ-45, and Power over Ethernet (PoE) rack-, or wall-mount switch that can function as a software-defined (SD)-Access fabric edge. It provides end-to-end architectural uniformity in the Cisco Catalyst Center for Internet of Things (IoT) connected communities and extended enterprises.

In industrial environments, the switch can be connected to any Ethernet-enabled industrial communication devices. These devices include programmable logic controllers (PLCs), human-machine interfaces (HMIs), drives, sensors, and input and output (I/O) devices.

New Features for Cisco Catalyst IE9300 Rugged Series Switches and the Cisco Catalyst ESS9300 Embedded Series Switch

The features in the following table are new in this release for the supported switches.

Table 1. New Features for Cisco Catalyst IE9300 Rugged Series Switches

Feature Name

License Level

Description

Supported Switches

Stacking Support—4 members

Network Essentials/Network Advantage

A switch stack has multiple stacking-capable switches connected through their StackWise ports. The stack members work together as a unified system. Layer 2 and Layer 3 protocols present the entire switch stack as a single entity to the network All IE9320 switches:
  • IE-9320-26S2C-E/A

  • IE-9320-22S2C4X-E/A

  • IE-9320-24T4X-E/A

  • IE-9320-24P4X-E/A

  • IE-9320-24P4S-E/A

  • IE-9320-16P8U4X-E/A

High-Availability Seamless Redundancy (HSR)—SAN

Network Essentials

HSR is a network protocol for Ethernet that is designed to achieve zero recovery time in ring topologies. It supports single fault in the ring with no downtime by sending each packet in both directions in the ring.

  • IE-9320-26S2C-E/A

  • IE-9320-22S2C4X-E/A

Media Redundancy Protocol (MRP)

Network Essentials

MRP provides fast convergence in a ring network topology for industrial automation networks. Twelve rings are supported on standalone switches.

The Media Redundancy Manager (MRM) defines its maximum recovery times for a ring in the following range: 200 ms and 500 ms.

All Cisco Catalyst IE9300 Rugged Series Switches

TrustSec Configuration on PRP Interface

Network Advantage

Cisco TrustSec builds secure networks by establishing domains of trusted network devices. Each device in the domain is authenticated by its peers.

TrustSec is supported only on physical interfaces. You can configure TrustSec on member interfaces of a PRP channel but not on a PRP interface.

  • IE-9320-26S2C-E/A

  • IE-9320-22S2C4X-E/A

VLAN Mapping

Network Essentials

A QnQ VLAN tunnel enables a service provider to segregate the traffic of different customers in their infrastructure, while still giving the customer a full range of VLANs for their internal use by adding a second 802.1Q tag to an already tagged frame.

All Cisco Catalyst IE9300 Rugged Series Switches

Table 2. New Features for the Cisco Catalyst ESS9300 Embedded Series Switch

Feature Name

License Level

Description

Supported Switches

Certificate-based MACsec

Network Essentials

Note

 

Network Advantage license required when using 256-bit MACsec.

Certificate-based MACsec Encryption feature uses 802.1X port-based authentication with Extensible Authentication Protocol–Transport Layer Security (EAP-TLS) to carry Certificates for ports where MACsec encryption is required.

This feature makes it feasible to manage the key at the centralized server over preshared key-based MACsec.

Cisco Catalyst ESS9300 Embedded Series Switch

Important Notes

Cisco Catalyst ESS9300 Embedded Series Switch: Upgrade to Latest Boot Software

If you have a Cisco Catalyst ESS9300 Embedded Series Switch, you must upgrade it to the latest version of ROM monitor software (ROMMON).

The upgrade is to accommodate the larger size of Cisco Catalyst IOS XE 17.13.1 caused by enhancements. If you do not upgrade, the switch may fail to boot.

Switch Model Numbers

Cisco Catalyst IE9300 Rugged Series Switches

The following table lists the supported IE9300 series hardware models and the default license levels that they are delivered with.

Model Number

Default License Level

Stacking Support

Description

IE-9310-26S2C-A

Network Advantage

No

  • Total ports: 28

  • SFP uplinks: 4x 1 Gb SFP

    SFP downlinks: 22x 100M/1000M SFP, 2x 100M/1000M dual-media

  • Power supplies: Support for field-replaceable, redundant AC or DC power supplies

IE-9310-26S2C-E

Network Essentials

IE-9320-26S2C-A

Network Advantage

Yes

  • Total ports: 28

  • SFP uplinks: 4x 1 Gb SFP

    SFP downlinks: 22x 100M/1000M SFP, 2x 100M/1000M dual-media

  • Power supplies: Support for field-replaceable, redundant AC or DC power supplies

IE-9320-26S2C-E

Network Essentials

IE-9320-22S2C4X-A

Network Advantage

Yes

  • Total ports: 28

  • SFP uplinks: 4x 10 Gb SFP+

  • SFP downlinks:

    22x 1 Gb SFP, 2x 1-Gb Dual-media ports

  • Power supplies: Support for field-replaceable, redundant AC or DC power supplies

IE-9320-22S2C4X-E

Network Essentials

IE-9320-24T4X-A

Network Advantage

Yes

  • Total ports: 28

  • SFP uplinks: 4x 10 Gb SFP+

  • Copper downlinks: 24x 1 Gb RJ45

  • Power supplies: Support for field-replaceable, redundant AC or DC power supplies.

IE-9320-24T4X-E

Network Essentials

IE-9320-24P4X-A

Network Advantage

Yes

  • Total ports: 28

  • SFP uplinks: 4x 10 Gb SFP+

  • Copper downlinks: 24x 1 Gb RJ45 PoE+

  • Power supplies: Support for field-replaceable, redundant AC or DC power supplies

IE-9320-24P4X-E

Network Essentials

IE-9320-16P8U4X-A

Network Advantage

Yes

  • Total ports: 28

  • SFP uplinks: 4x 10 Gb SFP

  • Copper downlinks: 16 ports 1 Gb RJ45 PoE+, 8 ports 2.5 Gb RJ45 4PPoE (90W/port)

  • Power supplies: Support for field-replaceable, redundant AC or DC power supplies

IE-9320-16P8U4X-E

Network Essentials

IE-9320-24P4S-A

Network Advantage

Yes

  • Total ports: 28

  • SFP uplinks: 4x 1Gb SFP

  • Copper downlinks: 24 ports 1 Gb RJ45 PoE+

  • Power supplies: Support for field-replaceable, redundant AC or DC power supplies

IE-9320-24P4S-E

Network Essentials

All Cisco Catalyst IE9300 Rugged Series Switches have 4 GB of DRAM, four alarm inputs, and one alarm output. Other I/O include the following:

  • SD-cards socket

  • Power input

  • RJ-45 (RS-232) console

  • Micro-USB console

  • USB-A host port


Note


Documentation sometimes uses the following terms:

  • IE9310 GE Fiber switch when referring to both IE-9310-26S2C-A and IE-9310-26S2C-E switches

  • IE9320 GE Fiber switch when referring to both IE-9320-26S2C-A and IE-9320-26S2C-E switches

  • IE9320 Fiber switch with 10 GE uplinks when referring to both IE-9320-22S2C4X-A and IE-9320-22S2C4X-E switches

  • IE9320 10 GE Copper Data switch when referring to both IE-9320-24T4X-A and IE-9320-24T4X-E switches

  • IE9320 10 GE PoE switch when referring to both IE-9320-24P4X-A and IE-9320-24P4X-E

  • IE9320 10 G mGig 4PPoE switch when referring to both IE-9320-16P8U4X-A and IE-9320-16P8U4X-E

  • IE9320 GE PoE switch when referring to both IE-9320-24P4S-A and IE-9320-24P4S-E


Starting with release 17.10.1, both the Network Essentials license and the Network Advantage license are available. The features available in the two licenses follow the IE9300 series, with the exception of MACsec-256.

Network Advantage License

Description

Security

MACsec-256

Routing

Layer 3 routing support

Upgrading the Switch Software

This section covers the various aspects of upgrading or downgrading the device software.


Note


See the Cisco IOS XE Migration Guide for IIoT Switches for the latest information about upgrading and downgrading switch software.


SSH Algorithms for Common Criteria Certification Limitation

Starting from Cisco IOS XE Release 17.10, the following Key Exchange and MAC algorithms are removed from the default list:

  • Key Exchange algorithm:

    • diffie-hellman-group14-sha1

  • MAC algorithms:

    • hmac-sha1

    • hmac-sha2-256

    • hmac-sha2-512


Note


You can use the ip ssh server algorithm kex command to configure the Key Exchange algorithm and the ip ssh server algorithm mac command to configure the MAC algorithms.


Finding the Software Version

The package files for Cisco IOS XE software can be found on the system board's internal flash memory device (flash:) or an external USB, depending on the device configuration.

You can use the show version privileged EXEC command to see the software version that is running on your switch.


Note


Although the show version output always shows the software image running on the switch, the model name shown at the end of this display is the factory configuration and does not change if you upgrade the software license.

You can also use the dir filesystem: privileged EXEC command to see the names and versions of other software images that you might have stored in flash memory.

Software Images for Cisco IOS XE 17.13.x

The following table provides the filenames for the IOS XE 17.13.x software image for Cisco Catalyst IE9300 Rugged Series Switches and the Cisco Catalyst ESS9300 Embedded Series Switch.

Release

Image Type

Filename

Switch Models

Cisco IOS XE.17.13.1

Universal

ie9k_iosxe.17.13.01.SPA.bin

  • Cisco Catalyst IE9300 Rugged Series Switches

  • Cisco Catalyst ESS9300 Embedded Series Switch

Software Installation Options

The following table lists the options for the install command for Cisco Catalyst IE9300 Rugged Series Switches.

To install and activate the specified file, and to commit changes to be persistent across reloads, enter the following command: install add file filename [ activate commit]

Option

Description

abort

Abort the current install operation.

activate

Activate an installed package.

add

Install a package file to the system.

auto-abort-timer

Install auto-abort-timer.

autoupgrade

Initiate software auto-upgrade on all incompatible switches.

commit

Commit the changes to the load path.

deactivate

Deactivate an install package.

label

Add a label name to any installation point.

remove

Remove installed packages.

rollback

Rollback to a previous installation point.

Licensing

This section provides information about the licensing packages for features available on Cisco Catalyst IE9300 Rugged Series Switches.

License Levels

The software features available on Cisco Catalyst IE9300 Rugged Series Switches fall under these base or add-on license levels.

Base Licenses

  • Network Essentials

  • Network Advantage: Includes features available with the Network Essentials license and more.

Add-on Licenses

Add-on licenses require a Network Essentials or Network Advantage as a prerequisite. The features available with add-on license levels provide Cisco innovations on the switch, and on the Cisco Catalyst Center.

  • Catalyst Center DNA Essentials

  • Catalyst Center DNA Advantage: Includes features available with the Catalyst Center DNA Essentials license and more.

To find information about platform support and to know which license levels a feature is available with, use Cisco Feature Navigator. To access Cisco Feature Navigator, go to https://cfnng.cisco.com. An account on Cisco.com is not required.

Smart Licensing Using Policy

Smart Licensing Using Policy, which is an enhanced version of Smart Licensing, is the default and the only supported method to manage licenses.

Smart Licensing using Policy provides a licensing solution that does not interrupt the operations of your network. Instead, it enables a compliance relationship to account for the hardware and software licenses you purchase and use.

With this licensing model, you do not have to complete any licensing-specific operations, such as registering or generating keys before you start using the software and the licenses that are tied to it. Only export-controlled and enforced licenses require Cisco authorization before use. License usage is recorded on your device with timestamps, and the required workflows can be completed later.

Multiple options are available for license usage reporting – this depends on the topology you implement. You can use the Cisco Smart Licensing Utility (CSLU) Windows application, or report usage information directly to Cisco Smart Software Manager (CSSM). A provision for offline reporting for air-gapped networks, where you download usage information and upload to CSSM, is also available.

Starting with this release, Smart Licensing Using Policy is automatically enabled on the device. This is also the case when you upgrade to this release.

By default, your Smart Account and Virtual Account in CSSM is enabled for Smart Licensing Using Policy.

Caveats

Caveats describe unexpected behavior in Cisco IOS XE releases.

Open Caveats

Identifier

Description

CSCwh78844

Memory Leak under timingd process

CSCwi06291

IE9300 : Link is down with "GLC-TE" SFP after reload

Resolved Caveats

Identifier

Description

CSCwf41579

"logging alarm informational" command causes the generation of irrelevant information from PTP logs

CSCwh87343

Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

Troubleshooting

For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at this URL:

https://www.cisco.com/en/US/support/index.html

Go to Product Support and select your product from the list or enter the name of your product. Look under Troubleshoot and Alerts, to find information for the problem that you are experiencing.

Related Documentation

Information about Cisco IOS XE at this URL: https://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html.

Information about Cisco Catalyst IE9300 Rugged Series Switches is at this URL: https://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html

Cisco Validated Designs documents at this URL: https://www.cisco.com/go/designzone

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs