Manualshelf

Release Notes

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 4503-E Switch
31323334353637383940
40
Release Notes for the Catalyst 4500E Series Switch, Cisco IOS XE Release 3.3.xSG
OL-26675-02
Caveats
If you reboot a switch, the configured value of the interface MTU size for the elements of the port
channel interface does not work for IPv6 traffic.
Workaround: After the switch reloads, enter shut and no shut on the port-channel interface.
CSCto27085
Dynamic buffer limiting might not function at queue limits less than or equal to 128.
Workaround: Increase the queue limit to at least 256. CSCto57602
If you use the quick option in the issu changeversion command, the following might occur:
Links flap for various Layer 3 protocols.
A traffic loss of several seconds is observed during the upgrade process.
Workaround: Do not use the quick option with the issu changeversion command. CSCto51562
A device in a guest VLAN that is connected behind a phone that is capable of 2nd-port-notification
experiences packet loss following a SSO failover. The device experiences an authentication restart
after the first CDP frame arrives from the phone.
Workaround: None. CSCto46018
Dynamic ACLs do not function correctly if they have advanced operators, including dscp/ipp/tos,
log/log-input, fragments, and TCP flag operators.
Workaround: Remove these operators from any dynamic ACLs. CSCts05302
If you perform an OIR on a line card, several %C4K_RKNOVA-4-INVALIDTOKENEXPIRED
messages appear in the logs.
Workaround: None. CSCtu37959
On a redundant system consisting of Supervisor Engine 6-E and Supervisor Engine 7-E, when the
system uses considerable memory (for example, with heavy multicast traffic), a crash may occur.
This event is due to a memory mismatch between the two supervisor engines.
Workaround: Upgrade the memory of the Supervisor Engine 6-E to match that of the Supervisor
Engine 7-E.
A peer policy is not updated after reauthentication if the policy is changed on the AS beforehand.
After reauthentication, the original peer policy is retained.
Workaround: Enter shut and no shut on the port. CSCts29515
When you enable both Cisco TrustSec and RADIUS accounting, a disparity occurs between the
RADIUS client (Cisco switch) and the RADIUS/CTS server in how the authenticator field in the
header is computed for DOT1X/RADIUS accounting messages.
A Cisco IOS AAA client uses the PAC secret to compute the authenticator; Cisco Secure ACS 5.2
uses the shared secret. This behavior causes a mismatch that results in a rejection of the accounting
message, and the client marks the server as unresponsive.
Workaround: None. You must disable 802.1X accounting. CSCts26844
When more than one Equal Cost Multipath (ECMP) is available on the downstream switch, and
Mediatrace is invoked to provide flow statistics, the dynamic policy does not show statistics for a
flow.
Mediatrace cannot find the correct inbound interface and applies the dynamic policy on a different
interface from the one used for media flow.
Workaround: None. CSCts20229