Release Notes for the Catalyst 4500E Series Switch, Cisco IOS XE Release 3.3.xSG Current release: IOS XE 3.3.2SG—November 1, 2012 Prior releases: IOS XE 3.3.1SG and 3.3.0SG This release note describes the features, modifications, and caveats for the Cisco IOS XE 3.3.1SG software on the Catalyst 4500E series switch with Supervisor Engine 7-E and 7L-E. Support for Cisco IOS XE Release 3.3.1SG follows the standard Cisco Systems® support policy, available at http://www.cisco.
Cisco IOS Software Packaging • Troubleshooting, page 50 • Notices, page 52 Cisco IOS Software Packaging The Enterprise Services image supports all Cisco Catalyst 4500 Series software features based on Cisco IOS Software, including enhanced routing. The IP Base image supports Open Shortest Path First (OSPF) for Routed Access, Enhanced Interior Gateway Routing Protocol (EIGRP) "limited" Stub Routing, Nonstop Forwarding/Stateful Switchover (NSF/SSO), and RIPv1/v2.
Cisco IOS Software Packaging Table 1 LAN Base/IP Base/EnterpriseServices Image Support on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Feature LAN Base IP Base Enterprise Services ACL Logging Yes Yes Yes ACL Policy Enhancements Yes Yes Yes ACL Sequence Numbering Yes Yes Yes Address Resolution Protocol (ARP) Yes Yes Yes ANCP Client No Yes Yes ANSI TIA-1057 LLDP - MED Location Extension Yes Yes Yes ANSI TIA-1057 LLDP - MED Support Yes Yes Yes ARP Opt
Cisco IOS Software Packaging Table 1 LAN Base/IP Base/EnterpriseServices Image Support on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Feature LAN Base IP Base Enterprise Services BGP Link Bandwidth No No Yes BGP Neighbor Policy No No Yes BGP Prefix-Based Outbound Route Filtering No No Yes BGP Restart Neighbor Session After max-prefix Limit Reached No No Yes BGP Route-Map Continue No No Yes BGP Route-Map Continue Support for Outbound Policy No No Yes B
Cisco IOS Software Packaging Table 1 LAN Base/IP Base/EnterpriseServices Image Support on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Feature LAN Base IP Base Enterprise Services Class-Based Shaping Yes Yes Yes Clear Counters Per Port Yes Yes Yes CLI String Search Yes Yes Yes CNS Yes Yes Yes CNS - Configuration Agent Yes Yes Yes CNS - Event Agent Yes Yes Yes CNS - Image Agent Yes Yes Yes CNS - Interactive CLI Yes Yes Yes CNS Config Retrieve En
Cisco IOS Software Packaging Table 1 LAN Base/IP Base/EnterpriseServices Image Support on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Feature LAN Base IP Base Enterprise Services DHCP Configurable DHCP Client Yes Yes Yes DHCPv6 Relay Agent notification for Prefix Delegation Yes Yes Yes DHCP Option 82, Pass Through Yes Yes Yes DHCP Server Yes Yes Yes DHCP Snooping Yes Yes Yes DHCPv6 Ethernet Remote ID option Yes Yes Yes DHCPv6 Relay - Reload persistent
Cisco IOS Software Packaging Table 1 LAN Base/IP Base/EnterpriseServices Image Support on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Feature LAN Base IP Base Enterprise Services FHRP - Enhanced Object Tracking integration with EEM Yes Yes Yes FHRP - GLBP - IP Redundancy API No Yes Yes FHRP - HSRP - Hot Standby Router Protocol V2 No Yes Yes FHRP - Object Tracking List No Yes Yes Filter-ID Based ACL Application Yes Yes Yes FIPS 140-2/3 Level 2 Certificatio
Cisco IOS Software Packaging Table 1 LAN Base/IP Base/EnterpriseServices Image Support on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Feature LAN Base IP Base Enterprise Services IEEE 802.1ab LLDP (Link Layer Discovery Protocol) Yes Yes Yes IEEE 802.1ab LLDP/LLDP-MED Yes Yes Yes IEEE 802.1ab LLDP enhancements (PoE+Layer 2 COS) Yes No No IEEE 802.1p Support Yes Yes Yes IEEE 802.1Q VLAN Trunking Yes Yes Yes IEEE 802.
Cisco IOS Software Packaging Table 1 LAN Base/IP Base/EnterpriseServices Image Support on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Feature LAN Base IP Base Enterprise Services IEEE 802.1x RADIUS-Supplied Session Timeout Yes Yes Yes IEEE 802.1x with ACL Assignments Yes Yes Yes IEEE 802.1x with Port Security Yes Yes Yes IEEE 802.3ad Link Aggregation (LACP) Yes Yes Yes IEEE 802.
Cisco IOS Software Packaging Table 1 LAN Base/IP Base/EnterpriseServices Image Support on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Feature LAN Base IP Base Enterprise Services IP Multicast Load Splitting - Equal Cost Multipath (ECMP) using S, G and Next-hop No No Yes IP Multicast Load Splitting across Equal-Cost Paths No Yes Yes IP Named Access Control List Yes Yes Yes IPv6 Tunnels (in software) No Yes Yes IP Routing Yes Yes Yes IP SLAs - DHCP Operatio
Cisco IOS Software Packaging Table 1 LAN Base/IP Base/EnterpriseServices Image Support on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Feature LAN Base IP Base Enterprise Services IP Summary Address for RIPv2 No Yes Yes IP Unnumbered for VLAN-SVI interfaces No Yes Yes IPSG (IP Source Guard) v4 Yes Yes Yes IPSG (IP Source Guard) v4 for Static Hosts Yes Yes Yes IPv4 Routing: Static Hosts/Default Gateway Yes Yes Yes IPv6 BGP No No Yes IPv6 CNS Agents Yes
Cisco IOS Software Packaging Table 1 LAN Base/IP Base/EnterpriseServices Image Support on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Feature LAN Base IP Base Enterprise Services IPv6 Multicast: PIM Source-Specific Multicast (PIM-SSM) No Yes Yes IPv6 Multicast: PIM Sparse Mode (PIM-SM) No Yes Yes IPv6 Multicast: Routable Address Hello Option No Yes Yes IPv6 Multicast: RPF Flooding of Bootstrap Router (BSR) Packets No Yes Yes IPv6 Multicast: Scope Boundaries
Cisco IOS Software Packaging Table 1 LAN Base/IP Base/EnterpriseServices Image Support on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Feature LAN Base IP Base Enterprise Services IPv6 Switching: CEFv6 Switched ISATAP Tunnels (in software) No Yes Yes IPv6 Tunneling: Automatic 6to4 Tunnels (in software) No Yes Yes IPv6 Tunneling: Automatic IPv4-compatible Tunnels (in software) No Yes Yes IPv6 Tunneling: IPv6 over IPv4 GRE Tunnels (in software) No Yes Yes IPv6 T
Cisco IOS Software Packaging Table 1 LAN Base/IP Base/EnterpriseServices Image Support on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Feature LAN Base IP Base Enterprise Services MAB with Configurable User Name/Password Yes Yes Yes MAB for Voice VLAN Yes Yes Yes MAC Address Notification Yes Yes Yes MAC Authentication Bypass Yes Yes Yes MAC Move and Replace Yes Yes Yes Management IPV6 port Yes Yes Yes Medianet: AutoQoS SRND4 Macro No Yes Yes Median
Cisco IOS Software Packaging Table 1 LAN Base/IP Base/EnterpriseServices Image Support on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Feature LAN Base IP Base Enterprise Services NEAT Enhancement: Re-Enabling BPDU Guard Based on User Configuration Yes Yes Yes NETCONF over SSHv2 Yes Yes Yes Network Edge Access Topology (NEAT) Yes Yes Yes Network Time Protocol (NTP) Yes Yes Yes Network Time Protocol (NTP) master Yes Yes Yes NMSP Enhancements No Yes Yes
Cisco IOS Software Packaging Table 1 LAN Base/IP Base/EnterpriseServices Image Support on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Feature LAN Base IP Base Enterprise Services OSPF Not-So-Stubby Areas (NSSA) No Yes2 Yes OSPF Packet Pacing No Yes2 Yes OSPF Shortest Paths First Throttling No Yes2 Yes OSPF Stub Router Advertisement No Yes2 Yes OSPF Support for Fast Hellos No Yes2 Yes OSPF Support for Link State Advertisement (LSA) Throttling No Yes2 Ye
Cisco IOS Software Packaging Table 1 LAN Base/IP Base/EnterpriseServices Image Support on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Feature LAN Base IP Base Enterprise Services Private VLANs Yes Yes Yes Propagation of Location Info over CDP Yes Yes Yes PVLAN over EtherChannel Yes Yes Yes PVST + (Per VLAN Spanning Tree Plus) Yes Yes Yes Q-in-Q No Yes Yes QoS Packet Marking Yes Yes Yes QoS Priority Percentage CLI Support Yes Yes Yes RADIUS Yes Y
Cisco IOS Software Packaging Table 1 LAN Base/IP Base/EnterpriseServices Image Support on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Feature LAN Base IP Base Enterprise Services Smart Port Yes Yes Yes SNMP (Simple Network Management Protocol) Yes Yes Yes SNMP Inform Request Yes Yes Yes SNMP Manager Yes Yes Yes SNMPv2C Yes Yes Yes SNMPv3 - 3DES and AES Encryption Support Yes Yes Yes SNMPv3 (SNMP Version 3) Yes Yes Yes Source Specific Multicast (SS
Cisco IOS Software Packaging Table 1 LAN Base/IP Base/EnterpriseServices Image Support on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Feature LAN Base IP Base Enterprise Services Standard IP Access List Logging Yes Yes Yes Standby Supervisor Port Usage Yes Yes Yes Sticky Port Security Yes Yes Yes Sticky Port Security on Voice VLAN Yes Yes Yes Storm Control - Per-Port Multicast Suppression Yes Yes Yes STP Syslog Messages Yes Yes Yes Stub IP Multicast R
Cisco IOS Software Packaging Table 1 LAN Base/IP Base/EnterpriseServices Image Support on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Feature LAN Base IP Base Enterprise Services TrustSec: IEEE 802.1ae MACSec encryption on user facing ports No Yes Yes TrustSec: IEEE 802.1ae MACSec encryption on user facing ports SSO No Yes Yes TrustSec: IEEE 802.
Cisco IOS Software Packaging 2. IP Base supports only one OSPFv2 and one OSPFv3 instance with a maximum number of 1000 dynamically learned routes. 3. TDR is not supported on 46xx linecards. For information on MiBs support, please refer to this URL: http://ftp.cisco.com/pub/mibs/supportlists/cat4000/cat4000-supportlist.
Cisco Classic IOS Release Strategy Table 2 Cisco IOS Software Release 3.3.
Support 3.1.1SG Software Release Strategy for the Catalyst 4500E Series Switch 3.2.0SG 3.3.0SG 3.2.0SG Maintenance Train 332911 Figure 1 Support Support for Cisco IOS Software Release 3.3.0SG follows the standard Cisco Systems® support policy, available at http://www.cisco.com/en/US/products/products_end-of-life_policy.html For more information on the Catalyst 4500 series switches, visit the following URL: http://www.cisco.
System Requirements Table 3 Supported Hardware on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Product Number (append Product Description with “=” for spares) WS-X4712-SFP+E 12-port 10 Gigabit Ethernet (SFP+) line card Not supported on 4507R-E and 4510R-E chassis.
System Requirements Table 3 Supported Hardware on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Product Number (append Product Description with “=” for spares) WS-X4148-FE-BD-LC 48-port 100BASE-BX10-D module WS-X4248-FE-SFP 48-port 100BASE-X SFP switching module WS-U4504-FX-MT 4-port 100BASE-FX (MT-RF) uplink daughter card Ethernet/Fast Ethernet (10/100) Switching Modules WS-X4124-RJ45 24-port 10/100 RJ-45 module WS-X4148-RJ 48-port 10/100 RJ-45 switching module WS-X4148
System Requirements Table 3 Supported Hardware on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Product Number (append Product Description with “=” for spares) CWDM-SFP-xxxx CWDM small form-factor pluggable module (See Table 4 on page 27 for a list of supported wavelengths.) For DOM support, see Table 6 on page 29.
System Requirements Table 3 Supported Hardware on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Product Number (append Product Description with “=” for spares) PWR-C45-1000AC Catalyst 4500 series switch 1000 Watt AC power supply for chassis 4503, 4506, and 4507R (data only) PWR-C45-1400DC Catalyst 4500 series switch 1400 Watt DC triple input power supply (data-only) PWR-C45-1400DC-P Catalyst 4500 series switch 1400 Watt DC power supply with integrated PEM PWR-C45-1400AC Cat
System Requirements Table 5 briefly describes the supported DWDM wavelengths in the Catalyst 4500E Series Switch. Table 5 DWDM SFP Supported Wavelengths on Cisco Catalyst 4500E Supervisor Engine 7-E and Supervisor Engine 7L-E Product Number (append with “=” for spares) Product Description DWDM-SFP-6061= Cisco 1000BASE-DWDM SFP 1560.61 nm DWDM-SFP-5979= Cisco 1000BASE-DWDM SFP 1559.79 nm DWDM-SFP-5898= Cisco 1000BASE-DWDM SFP 1558.98 nm DWDM-SFP-5817= Cisco 1000BASE-DWDM SFP 1558.
System Requirements Table 6 briefly describes the DOM support on the Catalyst 4500E Series Switch.
New and Changed Information Table 7 Supported E-Series Hardware Product Number Description WS-C4507R-E Cisco Catalyst 4500E Series 7-Slot Chassis WS-C4507R+E WS-C4510R-E • Fan tray • No Power Supply • Redundant supervisor engine capability • In this chassis, supervisor engines must sit in slots 3 and/or 4; the backplane will enforce this restriction.
New and Changed Information New Software Features in Release IOS XE 3.3.1SG Release IOS XE 3.3.1SG provides no new new software on the Catalyst 4500 series switch: New Hardware Features in Release IOS XE 3.3.1SG Release IOS XE 3.3.1SG provides no new hardware on the Catalyst 4500 series switch. New Software Features in Release IOS XE 3.3.0SG Release IOS XE 3.3.
New and Changed Information • OSPFv3 Authentication • IPsecv3/IKEv2 (for management traffic only) • FIPS 140-2/3 Level 2 Certification • No Service Password Recovery • Easy Virtual Network (EVN) • ND cache limit per interface • HSRPv2 for IPv6 Global Address Support • MAB with configurable user name/ password • BFD Support for Routing Protocols (IPv4 and IPv6 based BFD support for static routes and for dynamic routing protocols encompassing BGP, EIGRP and OSPF) • BGP Wildcard • 802.
New and Changed Information • BGP 4Byte ASN (CnH) • BGP graceful restart per neighbor • BGP Nexthop tracking • Dynamic PBR API • Multicast Call Admission Control—Per interface route state limit • Bandwidth-based Call Admission Control policy for Multicast • Ability to disallow mcast group ranges • IPv6 SSM mapping—MLD v1 receivers • IPv6 BSR—Ability to configure RP mapping • MSDP MD5 password authentication • MLD group limits • IPv6 multicast—Disable group ranges • IGMP static grou
Cisco IOS XE to Cisco IOS Version Number Mapping New Hardware Features in Release IOS XE 3.3.0SG Release IOS XE 3.3.
Limitations and Restrictions Limitations and Restrictions These sections list the limitations and restrictions for the current release of Cisco IOS software on the Catalyst 4500E series switch. • Starting with Release IOS XE 3.3.0SG and IOS 15.1(1)SG, the seven RP restriction was removed. • The WS-X4712-SFP+E module is not supported in the WS-C4507R-E or WS-C4510R-E chassis and does not boot. This module is supported in the WS-C4503-E, WS-C4506-E, WS-C4507R+E, and WS-C4510R+E chassis.
Limitations and Restrictions The remaining lines all contain the term host. As a result, the specification file may report the desired values by specifying that string. For example, this line PAGE 37Limitations and Restrictions – Attach the same monitor to multiple targets. CSCti43798 • ciscoFlashPartitionFileCount object returns an incorrect file count for bootflash:, usb0:, slot0:, slaveslot0:, slavebootflash:, and slaveusb0:. Workaround: Use the dir device command (for example, dir bootflash:) to obtain the correct file count.
Limitations and Restrictions • The system cannot scale to greater than 512 SIP flows with MSP and metadata enabled. Workaround: None. CSCty79236 • When sup1 is in ROMMON and sup2 is in IOS, only sup2 can read the SEEPROM contents of the following chassis components: – chassis – fan-tray – clock-module – power-supplies – mux-buffer for each linecard slot – linecards On sup1, when the sprom read .. command is entered for any of the above components, the SEEPROM contents are displayed as all “0”s.
Caveats Caveats Caveats describe unexpected behavior in Cisco IOS releases. Caveats listed as open in a prior release are carried forward to the next release as either open or resolved. Note For the latest information on PSIRTS, refer to the Security Advisories on CCO at the following URL: http://www.cisco.com/en/US/products/products_security_advisories_listing.html Open Caveats for Cisco IOS XE Release 3.3.2SG This section lists the open caveats for Cisco IOS XE Release 3.3.
Caveats • If you reboot a switch, the configured value of the interface MTU size for the elements of the port channel interface does not work for IPv6 traffic. Workaround: After the switch reloads, enter shut and no shut on the port-channel interface. CSCto27085 • Dynamic buffer limiting might not function at queue limits less than or equal to 128. Workaround: Increase the queue limit to at least 256.
Caveats • When a switchover is created on the Mediatrace responder, the dynamic access list created for a monitored flow tuple is not deleted. Although the Mediatrace initiator creates another set of dynamic access lists after the switchover, the old ones remain in the configuration. The impact of stale dynamic access lists is to monitor unwanted traffic. Workarounds: – If the switchover is scheduled, remove the scheduled session on the initiator.
Caveats Resolved Caveats for Cisco IOS XE Release 3.3.2SG This section lists the new resolved caveats for Cisco IOS XE Release 3.3.2SG: • After booting a switch with Cisco IOS XE 3.3.0SG or 3.3.1SG with a crypto (k9) image, a linecard may display a status of Auth Fail, and will not be brought online. Non-crypto images are unaffected. Workaround: Reset the linecard either with the hw-module module m reset command or through a manual OIR. CSCuc64146 • Following an upgrade to Cisco IOS XE 3.3.
Caveats • If you reboot a switch, the configured value of the interface MTU size for the elements of the port channel interface does not work for IPv6 traffic. Workaround: After the switch reloads, enter shut and no shut on the port-channel interface. CSCto27085 • Dynamic buffer limiting might not function at queue limits less than or equal to 128. Workaround: Increase the queue limit to at least 256.
Caveats • When a switchover is created on the Mediatrace responder, the dynamic access list created for a monitored flow tuple is not deleted. Although the Mediatrace initiator creates another set of dynamic access lists after the switchover, the old ones remain in the configuration. The impact of stale dynamic access lists is to monitor unwanted traffic. Workarounds: – If the switchover is scheduled, remove the scheduled session on the initiator.
Caveats The power supply or power supply inputs are incorrectly listed as 110V when they should be list as 220V. The power supply may go into an err-disable state if only one power supply has the issue. If both power supplies have the issue and are both recognized as 110V, they will not go into an err-disable state. Additionally, other modules in the switch might be denied power and will not power on.
Caveats – Enter shut then no shut on the port. CSCua63562 • If a switch enabled with Bidir PIM has a software tunnel interface pointing towards the RP upstream, packet drops are observed. Workaround: None. Consider using a physical interface pointing towards RP upstream. CSCtz11352 • A switch running Cisco XE 3.3.0SG crashes when you use SPAN. Workaround: None.
Caveats Open Caveats for Cisco IOS XE Release 3.3.0SG This section lists the open caveats for Cisco IOS XE Release 3.3.0SG: • When an SNMP query includes the cpmCPUProcessHistoryTable, the query time is very slow, and CPU utilization of the os_info_p process (OS Info provider) increases substantially. The time required for a full walk of an almost fully populated table is 68 minutes. Workaround: None.
Caveats • On a redundant system consisting of Supervisor Engine 6-E and Supervisor Engine 7-E, when the system uses considerable memory (for example, with heavy multicast traffic), a crash may occur. This event is due to a memory mismatch between the two supervisor engines. Workaround: Upgrade the memory of the Supervisor Engine 6-E to match that of the Supervisor Engine 7-E. • A peer policy is not updated after reauthentication if the policy is changed on the AS beforehand.
Caveats HARDWARE WATCHDOG This message is not observed during a system bootup. Workaround: None required. This message is information only. CSCtz15738 • A switch running a Supervisor Engine 7-E or Supervisor Engine 7L-E fails if you enter show memory debug leak on the console while show memory detailed process iosd debug leaks is being executed from another Telnet session. Workaround: Avoid running both commands simultaneously. CSCty27680 • A switch running Cisco XE 3.3.0SG crashes when you use SPAN.
Troubleshooting – The RADIUS server becomes available again, and a dot1x client attempts to authenticate. Workaround: None. CSCtx61557 • Front panel power supply LEDs do not always correspond to power supply state. Workaround: None. CSCtz01430 • After booting a switch with Cisco IOS XE 3.3.0SG or 3.3.1SG with a crypto (k9) image, a linecard may display a status of Auth Fail, and will not be brought online. Non-crypto images are unaffected.
Troubleshooting • Troubleshooting MIBs, page 52 Netbooting from ROMMON Netbooting using a boot loader image is not supported. Instead, use one of the following options to boot an image: 1. Boot from an SD card by entering the following command: rommon 1> boot slot0: 2. Use ROMMON TFTP boot.
Notices Troubleshooting Modules This section contains troubleshooting guidelines for modules: • When you hot insert a module into a chassis, always use the ejector levers on the front of the module to seat the backplane pins properly. Inserting a module without using the ejector levers might cause the supervisor engine to display incorrect messages about the module. For module installation instructions, refer to the Catalyst 4500 Series Module Installation Guide.
Notices 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgment: “This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)”. 4.
Notices 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: “This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)”. The word ‘cryptographic’ can be left out if the routines from the library being used are not cryptography-related. 4.
