Cisco Gigabit Ethernet Switch Module for HP BladeSystem p-Class Release Notes, Cisco IOS Release 12.2(37)SE and Later Revised August 8, 2007 These release notes include important information about this Cisco IOS release for the Cisco Gigabit Ethernet Switch Module (CGESM) for the HP BladeSystem p-Class. This document includes any limitations, restrictions, and caveats that apply to this release.
System Requirements • “Updates to the Software Configuration Guide” section on page 21 • “Related Documentation” section on page 22 • “Technical support” section on page 22 System Requirements The system requirements are described in these sections: • “Device Manager System Requirements” section on page 2 • “Cluster Compatibility” section on page 3 Device Manager System Requirements These sections describes the hardware and software requirements for using the device manager: • “Hardware Requirem
Upgrading the Switch Software Table 2 Supported Operating Systems and Browsers Operating System Minimum Service Pack or Patch Microsoft Internet Explorer1 Netscape Navigator Windows 2000 None 5.5 or 6.0 7.1 Windows XP None 5.5 or 6.0 7.1 1. Service Pack 1 or higher is required for Internet Explorer 5.5. Cluster Compatibility You cannot create and manage switch clusters through the device manager. To create and manage switch clusters, use the command-line interface (CLI).
Upgrading the Switch Software Deciding Which Files to Use The upgrade procedures in these release notes describe how to perform the upgrade by using a tar file. This file contains the Cisco IOS image file and the files needed for the embedded device manager. You must use the tar file to upgrade the switch through the device manager. To upgrade the switch through the command-line interface (CLI), use the tar file and the archive download-sw privileged EXEC command.
Installation Notes For more information about assigning an IP address and default gateway to the switch, refer to the software configuration guide for this release. Step 9 Download the image file from the TFTP server to the switch. If you are installing the same version of software that is currently on the switch, overwrite the current image by entering this privileged EXEC command: archive download-sw /overwrite /reload tftp:[[//location]/directory]/image-name.
New Software Features New Software Features • VLAN Flex Links load balancing to configure a Flex Links pair to allow both ports to forward traffic for some VLANs (mutually exclusive) • Link Layer Discovery Protocol (LLDP) and LLDP Media Endpoint Discovery (LLDP-MED) for interoperability with third-party IP phones • VLAN aware port security option to shut down the VLAN on the port when a violation occus, instead of shutting down the entire port • DHCP snooping statistics show and clear commands to di
Limitations and Restrictions Limitations and Restrictions You should review this section before you begin working with the switch. These are known limitations that will not be fixed, and there is not always a workaround. Some features might not work as documented, and some features could be affected by recent changes to the switch hardware or software.
Limitations and Restrictions The workaround is to reconfigure the static IP address. (CSCea71176 and CSCdz11708) • 1. Disable auto-QoS on the interface. 2. Change the routed port to a nonrouted port or the reverse. 3. Re-enable auto-QoS on the interface. (CSCec44169) The DHCP snooping binding database is not written to flash or a remote file in either of these situations: – The DHCP snooping database file is manually removed from the file system.
Limitations and Restrictions IP Telephony These are the IP telephony limitations: • After you change the access VLAN on a port that has 802.1x enabled, the IP Phone address is removed. Because learning is restricted on 802.1x capable ports, it takes approximately 30 seconds before the address is relearned. No workaround is necessary.
Limitations and Restrictions SPAN and RSPAN These are the SPAN and Remote SPAN (RSPAN) limitations. • An egress SPAN copy of routed unicast traffic might show an incorrect destination MAC address on both local and remote SPAN sessions. This limitation does not apply to bridged packets. The workaround for local SPAN is to use the replicate option. For a remote SPAN session, there is no workaround.
Device Manager Notes VLAN If the number of VLANs times the number of trunk ports exceeds the recommended limit of 13,000, the switch can fail. The workaround is to reduce the number of VLANs or trunks. (CSCeb31087) Device Manager Limitations and Restrictions These are the device manager limitations and restrictions: • You cannot create and manage switch clusters through the device manager. To create and manage switch clusters, use the CLI.
Device Manager Notes Beginning in privileged EXEC mode, follow these steps to configure the HTTP server interface: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ip http authentication {enable | local | tacacs} Configure the HTTP server interface for the type of authentication that you want to use. • enable—Enable password, which is the default method of HTTP server user authentication, is used.
VLAN Interfaces and MAC Addresses VLAN Interfaces and MAC Addresses All VLAN interfaces have assigned MAC addresses that are derived from the base MAC address. The base MAC address is the hardware address that is on the switch label. It also appears when you enter the show version privileged EXEC command. On the first VLAN interface (VLAN 1), the MAC address is the base MAC address + 0 x 40.
Open Caveats Open IOS Caveats These severity 3 Cisco IOS configuration caveats apply to the CGESM switch: • CSCee08109 If a port-based ACL (PACL) is applied to an 802.1x-enabled port and the client is then disconnected from that port, the PACL is not removed from the port. There is no workaround. • CSCeg04311 When you power on or restart a switch that does not have a config.text file in flash memory, the switch tries to get configuration files from a TFTP server.
Open Caveats • CSCsc26726 Sometimes interfaces Gi0/23 & Gi0/24 will not link up with another switch when the interface speed is set to an explicit value instead of autonegotiated. This does not happen when a copper SFP is used with interfaces Gi0/17 - Gi0/20. The workaround is to autonegotiate the speed with the other device, or to use a different cable type. Use a straight through cable for switch to switch connection, or a cross-over cable for switch to any non switch device connection.
Open Caveats • CSCse14774 If a switch is connected to a third-party router through an EtherChannel and the EtherChannel is running in Link Aggregation Control Protocol (LACP) mode, the interfaces in the EtherChannel might go down after you enter the switchport trunk native vlan vlan-id interface configuration command to change the native VLAN from VLAN 1 (the default) to a different VLAN ID. These are the workarounds.
Resolved Caveats Open HP Caveats These are the HP severity 2 open caveats for this release: • rQm 263546 Disconnecting the cable from the console port does not end a Telnet session. If you are in privileged EXEC mode when you remove the cable, the next session that is started on the console port will also be in privileged EXEC mode. The workaround is to end the session before you remove the cable. • rQm 266129 If you power on a switch that does not have a config.
Resolved Caveats This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml. Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues.
Resolved Caveats This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml. Note Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
Resolved Caveats • CSCsd85587 A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password).
Updates to the Software Configuration Guide Note Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
Related Documentation The MAC address of the device must be configured in the Access Control Server (ACS) for the automatic MAC check to succeed. The automatic MAC check allows managed devices, such as printers, to skip web authentication. Note The interoperability of web authentication (with automatic MAC check) and IEEE 802.1x MAC authentication configured on different ports of the same switch is not supported.
Technical support • Third-party hardware or software • Operating system type and revision level HP contact information For the name of the nearest HP authorized reseller: • In the United States, see the HP US service locator webpage (http://www.hp.com/service_locator). • In other locations, see the Contact HP worldwide (in English) webpage (http://welcome.hp.com/country/us/en/wwcontact.html).
Technical support Cisco Gigabit Ethernet Switch Module for HP BladeSystem p-Class Release Notes, Cisco IOS Release 12.
