Release Notes

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 4503-E Switch

Release Notes for the Catalyst 4500E Series Switch, Cisco IOS XE Release 3.3.xSG

OL-26675-02

Caveats

• On a redundant system consisting of Supervisor Engine 6-E and Supervisor Engine 7-E, when the

system uses considerable memory (for example, with heavy multicast traffic), a crash may occur.

This event is due to a memory mismatch between the two supervisor engines.

Workaround: Upgrade the memory of the Supervisor Engine 6-E to match that of the Supervisor

Engine 7-E.

• A peer policy is not updated after reauthentication if the policy is changed on the AS beforehand.

After reauthentication, the original peer policy is retained.

Workaround: Enter shut and no shut on the port. CSCts29515

• When you enable both Cisco TrustSec and RADIUS accounting, a disparity occurs between the

RADIUS client (Cisco switch) and the RADIUS/CTS server in how the authenticator field in the

header is computed for DOT1X/RADIUS accounting messages.

A Cisco IOS AAA client uses the PAC secret to compute the authenticator; Cisco Secure ACS 5.2

uses the shared secret. This behavior causes a mismatch that results in a rejection of the accounting

message, and the client marks the server as unresponsive.

Workaround: None. You must disable 802.1X accounting. CSCts26844

• When more than one Equal Cost Multipath (ECMP) is available on the downstream switch, and

Mediatrace is invoked to provide flow statistics, the dynamic policy does not show statistics for a

flow.

Mediatrace cannot find the correct inbound interface and applies the dynamic policy on a different

interface from the one used for media flow.

Workaround: None. CSCts20229

• When a switchover is created on the Mediatrace responder, the dynamic access list created for a

monitored flow tuple is not deleted. Although the Mediatrace initiator creates another set of dynamic

access lists after the switchover, the old ones remain in the configuration.

The impact of stale dynamic access lists is to monitor unwanted traffic.

Workarounds:

–

If the switchover is scheduled, remove the scheduled session on the initiator. Reschedule the

session after the new active supervisor engine boots on the responder.

–

If the Mediatrace responder SSO is not planned, after the new active supervisor engine boots,

manually delete the stale dynamic access lists. CSCty75070

• Configuring an interface as unidirectional with the unidirectional send-only | receive-only

command still allows the interface to send (configured as Send-only Unidirection Ethernet mode) or

receive (configured as Receive-only Unidirection Ethernet mode) packets in a bidirectional mode.

Workaround: None. CSCtx95359

• When you add a "bfd" suffix to the snmp server host x.x.x.x configuration command, the BFD traps,

ciscoBfdSessUp and ciscoBfdSessDown, are not generated.

Workaround: Do not specify a "bfd" suffix with the snmp-server host x.x.x.x configuration

command. CSCtx51561

• If a switch enabled with Bidir PIM has a software tunnel interface pointing towards the RP upstream,

packet drops are observed.

Workaround: None. Consider using a physical interface pointing towards RP upstream.

CSCtz11352

• During either a system- or user-initiated reload operation, the following message is observed when

the system shuts down: