Cisco Gigabit Ethernet Switch Module for HP BladeSystem p-Class Release Notes, Cisco IOS Release 12.2(44)SE and Later Revised January 28, 2009 These release notes include important information about this Cisco IOS release for the Cisco Gigabit Ethernet Switch Module (CGESM) for the HP BladeSystem p-Class. This document includes any limitations, restrictions, and caveats that apply to these releases.
System Requirements • “Resolved Caveats” section on page 16 • “Documentation Updates” section on page 24 • “Related Documentation” section on page 26 • “Technical support” section on page 27 System Requirements The system requirements are described in these sections: • “Device Manager System Requirements” section on page 2 • “Cluster Compatibility” section on page 3 Device Manager System Requirements These sections describes the hardware and software requirements for using the device manager: •
Upgrading the Switch Software Table 2 Supported Operating Systems and Browsers Operating System Minimum Service Pack or Patch Microsoft Internet Explorer1 Netscape Navigator Windows 2000 None 5.5 or 6.0 7.1 Windows XP None 5.5 or 6.0 7.1 1. Service Pack 1 or higher is required for Internet Explorer 5.5. Cluster Compatibility You cannot create and manage switch clusters through the device manager. To create and manage switch clusters, use the command-line interface (CLI).
Upgrading the Switch Software Deciding Which Files to Use The upgrade procedures in these release notes describe how to perform the upgrade by using a tar file. This file contains the Cisco IOS image file and the files needed for the embedded device manager. You must use the tar file to upgrade the switch through the device manager. To upgrade the switch through the command-line interface (CLI), use the tar file and the archive download-sw privileged EXEC command.
Installation Notes Step 8 (Optional) Ensure that you have IP connectivity to the TFTP server by entering this privileged EXEC command: ping tftp-server-address For more information about assigning an IP address and default gateway to the switch, refer to the software configuration guide for this release. Step 9 Download the image file from the TFTP server to the switch.
New Software Features New Software Features The *, ip-address, interface interface-id, and vlan vlan-id keywords were introduced to the clear ip dhcp snooping command in this release. Minimum Cisco IOS Release for Major Features Table 3 lists the minimum software release required to support the major features on this switch. Table 3 CGESM Switch Features and the Minimum Cisco IOS Release Required Feature Minimum Cisco IOS Release Required Configuration replacement and rollback 12.
Limitations and Restrictions Limitations and Restrictions You should review this section before you begin working with the switch. These are known limitations that will not be fixed, and there is not always a workaround. Some features might not work as documented, and some features could be affected by recent changes to the switch hardware or software.
Limitations and Restrictions The workaround is to reconfigure the static IP address. (CSCea71176 and CSCdz11708) • 1. Disable auto-QoS on the interface. 2. Change the routed port to a nonrouted port or the reverse. 3. Re-enable auto-QoS on the interface. (CSCec44169) The DHCP snooping binding database is not written to flash or a remote file in either of these situations: – The DHCP snooping database file is manually removed from the file system.
Limitations and Restrictions IP When the rate of received DHCP requests exceeds 2,000 packets per minute for a long time, the response time might be slow when you are using the console. The workaround is to use rate limiting on DHCP traffic to prevent a denial of service attack from occurring. (CSCeb59166) IP Telephony After you change the access VLAN on a port that has 802.1x enabled, the IP Phone address is removed. Because learning is restricted on 802.
Limitations and Restrictions SPAN and RSPAN • An egress SPAN copy of routed unicast traffic might show an incorrect destination MAC address on both local and remote SPAN sessions. This limitation does not apply to bridged packets. The workaround for local SPAN is to use the replicate option. For a remote SPAN session, there is no workaround. This is a hardware limitation: (CSCdy72835) • Egress SPAN routed packets (both unicast and multicast) show the incorrect source MAC address.
Important Notes VLAN • If the number of VLANs times the number of trunk ports exceeds the recommended limit of 13,000, the switch can fail. The workaround is to reduce the number of VLANs or trunks. (CSCeb31087) • When dynamic ARP inspection is configured on a VLAN, and the ARP traffic on a port in the VLAN is within the configured rate limit, the port might go into an error-disabled state.
Important Notes Device Manager Notes These notes apply to the device manager: • We recommend that you use this browser setting to display the device manager from Microsoft Internet Explorer in the least amount of time. From Microsoft Internet Explorer: • 1. Choose Tools > Internet Options. 2. Click Settings in the “Temporary Internet files” area. 3. From the Settings window, choose Automatically. 4. Click OK. 5. Click OK to exit the Internet Options window.
VLAN Interfaces and MAC Addresses Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ip http authentication {enable | local | tacacs} Configure the HTTP server interface for the type of authentication that you want to use. • enable—Enable password, which is the default method of HTTP server user authentication, is used. • local—Local user database, as defined on the Cisco router or access server, is used. • tacacs—TACACS server is used.
Open Caveats References to Cisco IOS Release 12.2(25)SE These older documents refer to Release 12.2(25)SE. The correct release is Release 12.2(25)SE1. • Cisco Gigabit Ethernet Switch Module for HP BladeSystem p-Class Software Configuration Guide, Cisco IOS Release 12.2(25)SE • Cisco Gigabit Ethernet Switch Module for HP BladeSystem p-Class Command Reference Guide, Cisco IOS Release 12.2(25)SE • Cisco Gigabit Ethernet Switch Module for HP BladeSystem p-Class System Message Guide, Cisco IOS Release 12.
Open Caveats Because the switch automatically configures the service config global configuration command, it is in the switch startup-config file when you save the running-config file. This command runs every time the switch is restarted, even if a config.text configuration file is in the switch flash memory. The workaround is to prevent these messages from being generated. To do this, enter the switch configuration mode, and issue the no service config command.
Resolved Caveats Open Device Manager Caveats This is the severity 3 device manager caveat for this release: • CSCef94061 If you enter the letter i by itself in the port description, the VLAN status column displays i; this only occurs when you are using Device Manager through Netscape 7.1. The workaround is to run Device Manager through Internet Explorer if you must enter a port description with only the value “i.
Resolved Caveats Cisco IOS Caveats Resolved in Cisco IOS Release 12.2(44)SE3 • CSCee55603 An SNMP access-control list (ACL) now works correctly on virtual routing and forwarding (VRF) interfaces. • CSCso75052 An end host no longer remains in the guest VLAN after an IEEE 802.1x authentication. • CSCsq71492 The switch no longer reloads with an address error if the TACACS+ server sends an authentication error when the access control system is configured and a timeout request occurs.
Resolved Caveats • CSCsm08603 This traceback error no longer appears when you enter the show aaa subscriber profile privileged EXEC command: *Mar 2 01:50:41.127: %PARSER-3-BADSUBCMD: Unrecognized subcommand 10 in exec command 'show aaa subscriber profile WORD' -Traceback= D003B4 D00AC8 C908A0 C2F040 C8CA18 CB8984 93B670 932338 Note • In Cisco IOS Release 12.2(44)SE2 and later, the subscriber keyword is no longer supported.
Resolved Caveats • CSCsd95616 Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml.
Resolved Caveats • CSCsh46990 The switch no longer reloads when you use the aaa authentication eou default group radius enable global configuration command to configure an EAP over UDP (EOU) method list. • CSCsh48879 A vulnerability exists in the Cisco IOS software implementation of Layer 2 Tunneling Protocol (L2TP), which affects limited Cisco IOS software releases.
Resolved Caveats • CSCsl34355 Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml.
Resolved Caveats • CSCsc26726 Gigabit interfaces 0/23 and 0/24 now link up with another switch when the interface speed is set to an explicit value. In previous releases, these ports would only link up with another switch if the ports on that switch were set to autonegotiate.
Resolved Caveats • CSCsi08513 MAC flap-notification no longer occurs when a switch is running VLAN bridge spanning-tree protocol (STP) and fallback bridging is configured on the VLANs running STP. • CSCsi10584 Multiple Spanning-Tree Protocol (MSTP) convergence time has been improved for Cisco IOS Release 12.2. • CSCsi63999 Changing the spanning tree mode from MSTP to other spanning modes no longer causes tracebacks. • CSCsi77705 Broadcast storm control now works correctly on IEEE 802.1Q trunk ports.
Documentation Updates • CSCsk25175 When the switch has VTP pruning and an RSPAN session configured, the RSPAN VLAN traffic is now correctly pruned as set up by the VTP pruning configuration. • CSCsk38083 When UDLD is enabled on a Layer 2 interface, and the native VLAN for the port is not configured as a VLAN on the switch, UDLD no longer puts the port into an error-disabled state.
Documentation Updates System Messages Guide These are the documentation updates for the system modesties guide: • New System Messages, page 25 • Changed System Messages, page 26 New System Messages These system messages have been added. Error Message DOT1X_SWITCH-5-ERR_ADDING_ADDRESS: Unable to add address [enet] on [chars] Explanation The client MAC address could not be added to the MAC address table because the hardware memory is full or the address is a secure address on another port.
Related Documentation Error Message VQPCLIENT-3-VLANNAME: Invalid VLAN [chars] in response. Explanation The VLAN membership policy server (VMPS) has specified a VLAN name that is unknown to the switch. [chars] is the VLAN name. Recommended Action Ensure that the VLAN exists on the switch. Verify the VMPS configuration by entering the show vmps privileged EXEC command. Error Message WCCP-5-CACHEFOUND: Web Cache [IP_address] acquired. Explanation The switch has acquired the specified web cache.
Technical support • Cisco Gigabit Ethernet Switch Module for HP BladeSystem p-Class Quick Setup Instructions (part number 380263-001) • Cisco Small Form-Factor Pluggable Modules Installation Instructions (part number 380-263-001) • HP BladeSystem p-Class SAN Connectivity Kit Quick Setup Instructions For Installing in Cisco Gigabit Ethernet Switch Module (part number 380262-001) Cisco IOS Release 12.2 documentation is available at http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/index.
Technical support Cisco Gigabit Ethernet Switch Module for HP BladeSystem p-Class Release Notes, Cisco IOS Release 12.
