Release Notes for Cisco Catalyst Blade Switch 3120 for HP, Cisco IOS Release 12.2(50)SE and Later Revised August 14, 2009 Cisco IOS Release 12.2(50)SE and later runs on the Cisco Catalyst Blade Switch 3120 for HP switches. These switches support stacking through Cisco StackWise Plus technology. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. These release notes include important information about Cisco IOS Release 12.
Contents Contents These sections provide information about this release: • System Requirements, page 2 • Upgrading the Switch Software, page 4 • Installation Notes, page 7 • New Features, page 8 • Minimum Cisco IOS Release for Major Features, page 9 • Limitations and Restrictions, page 10 • Important Notes, page 18 • Open Caveats, page 20 • Resolved Caveats, page 23 • Documentation Updates, page 28 • Related Documentation, page 36 • Obtaining Documentation and Submitting a Service Re
System Requirements Hardware Supported Table 1 lists the hardware supported on this release. Table 1 Cisco Catalyst Blade Switch 3120 for HP Supported Hardware Switch Hardware Description CBS3120G-S and CBS3120X-S Cisco X2 transceiver modules (supported only on the CBS3120X-S model) • 18 internal Gigabit Ethernet 1000BASE-X downlink ports that connect to the blade enclosure.
Upgrading the Switch Software Device Manager System Requirements These sections describe the hardware and software requirements for using the device manager: • Hardware Requirements, page 4 • Software Requirements, page 4 Hardware Requirements Table 2 lists the minimum hardware requirements for running the device manager. Table 2 Minimum Hardware Requirements Processor Speed 233 MHz minimum DRAM 1 512 MB 2 Number of Colors Resolution Font Size 256 1024 x 768 Small 1. We recommend 1 GHz. 2.
Upgrading the Switch Software Finding the Software Version and Feature Set The Cisco IOS image is stored as a bin file in a directory that is named with the Cisco IOS release. A subdirectory contains the files needed for web management. The image is stored on the system board flash device (flash:). You can use the show version privileged EXEC command to see the software version that is running on your switch. The second line of the display shows the version.
Upgrading the Switch Software Archiving Software Images Before upgrading your switch software, make sure that you have archived copies of the current Cisco IOS release and the Cisco IOS release from which you are upgrading. You should keep these archived images until you have upgraded all devices in the network to the new Cisco IOS image and until you have verified that the new Cisco IOS image works properly in your network. Cisco routinely removes old Cisco IOS versions from Cisco.com.
Installation Notes Step 3 Copy the image to the appropriate TFTP directory on the workstation, and make sure that the TFTP server is properly configured. For more information, see Appendix B in the software configuration guide for this release. Step 4 Log into the switch through the console port or a Telnet session.
New Features New Features These sections describe the new supported hardware and the new and updated software features provided in this release: • “New Hardware Features” section on page 8 • “New Software Features” section on page 8 New Hardware Features For a list of all supported hardware, see the “Hardware Supported” section on page 3. New Software Features These are the new software features for this release: • Network Edge Access Topology (NEAT) with 802.
Minimum Cisco IOS Release for Major Features • These IPv6 features are now supported in the IP services and IP base software licenses: Feature Releases Earlier Than Cisco IOS Release 12.2(50)SE Cisco IOS Release 12.
Limitations and Restrictions Table 4 Features Introduced After the First Release and the Minimum Cisco IOS Release Required (continued) Feature Minimum Cisco IOS Release Required Catalyst Blade Switch Support Support for IPv6 features in the IP base and IP services feature sets 12.2(50)SE 3120 Voice aware IEEE 802.1x and MAC authentication bypass (MAB) security violation 12.2(46)SE 3120 Local web authentication banner 12.2(46)SE 3120 Support for HSRP Version 2 (HSRPv2) 12.
Limitations and Restrictions • Multicasting, page 14 • QoS, page 15 • Routing, page 16 • SPAN and RSPAN, page 16 • Stacking, page 17 Access Control List These are the access control list (ACL) limitations: • The Cisco Catalyst 3120 for HP Blade Switch has 964 TCAM entries available for ACLs in the default and routing SDM templates instead of the 1024 entries that are available on the Catalyst 3560 and Catalyst 3750 switches. There is no workaround.
Limitations and Restrictions • When switches are installed closely together and the uplink ports of adjacent switches are in use, you might have problems accessing the SFP module bale-clasp latch to remove the SFP module or the SFP cable (Ethernet or fiber). Use one of these workarounds: – Allow space between the switches when installing them. – In a switch stack, plan the SFP module and cable installation so that uplinks in adjacent stack members are not all in use.
Limitations and Restrictions EtherChannel These are the EtherChannel limitations: • In an EtherChannel running Link Aggregation Control Protocol (LACP), the ports might be put in the suspended or error-disabled state after a stack partitions or a member switch reloads. This occurs when – The EtherChannel is a cross-stack EtherChannel with a switch stack at one or both ends. – The switch stack partitions because a member reloads.
Limitations and Restrictions • When MAC authentication bypass is configured to use Extensible Authentication Protocol (EAP) for authorization and critical authentication is configured to assign a critical port to an access VLAN: – If the connected device is supposed to be unauthorized, the connected device might be authorized on the VLAN that is assigned to the critical port instead of to a guest VLAN.
Limitations and Restrictions • When you configure the IGMP snooping throttle limit by using the ip igmp max-groups number interface configuration on a port-channel interface, the groups learned on the port-channel might exceed the configured throttle limit number when all of these conditions are true: – The port-channel is configured with member ports across different switches in the stack. – One of the member switches reloads.
Limitations and Restrictions Routing These are the routing limitations: • The switch stack might reload if the switch runs with this configuration for several hours, depleting the switch memory and causing the switch to fail: – The switch has 400 Open Shortest Path First (OSPF) neighbors. – The switch has thousands of OSPF routes. The workaround is to reduce the number of OSPF neighbors to 200 or less.
Limitations and Restrictions Stacking These are the switch stack limitations: • When using the logging console global configuration command, low-level messages appear on both the stack master and the stack member consoles. The workaround is to use the logging monitor global configuration command to set the severity level to block the low-level messages on the stack member consoles.
Important Notes Important Notes These sections describe the important notes related to this software release: • Cisco IOS Notes, page 18 • Device Manager Notes, page 18 Cisco IOS Notes These notes apply to Cisco IOS software: • If the switch requests information from the Cisco Secure Access Control Server (ACS) and the message exchange times out because the server does not respond, a message similar to this appears: 00:02:57: %RADIUS-4-RADIUS_DEAD: RADIUS server 172.20.246.
Important Notes Beginning in privileged EXEC mode, follow these steps to configure the HTTP server interface: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ip http authentication {aaa | enable | local} Configure the HTTP server interface for the type of authentication that you want to use. • aaa—Enable the authentication, authorization, and accounting feature. You must enter the aaa new-model interface configuration command for the aaa keyword to appear.
Open Caveats Open Caveats • CSCsg67684 When a cross-stack LACP EtherChannel has a maximum configuration, such as eight active and eight hot-standby ports, and there are multiple rapid sequential master failovers and stack rejoins that cause extreme stress, the port channel might not function as expected. Some ports might not join the EtherChannel, and traffic might be lost. You can detect the condition by using the remote command all show etherchannel summary privileged EXEC command.
Open Caveats • CSCsi70454 The configuration file used for the configuration replacement feature requires the character string end\n at the end of the file. The Windows Notepad text editor does not add the end\n string, and the configuration rollback does not work. These are the workarounds. (You only need to do one of these.) – Do not use a configuration file that is stored by or edited with Windows Notepad. – Manually add the character string end\n to the end of the file.
Open Caveats • CSCsl63862 When you use the switch renumber global configuration command to renumber a member switch in a switch stack and then reload the switch, the internal server-facing ports do not have the required default of spanning-tree portfast enabled. The workaround is to apply the switch provision configuration before you reboot the switch.
Resolved Caveats • CSCta57846 The switch unexpectedly reloads when copying a configuration file from a remote server or from flash memory containing logging file flash: The workaround is to enter the logging file flash:filename global configuration command to configure logging to flash instead of copying to flash. Resolved Caveats Cisco IOS Caveats Resolved in Cisco IOS Release 12.
Resolved Caveats • CSCsw45277 Third-party IP phones now automatically power up when reconnected to enabled PoE ports on the switch. • CSCsx36608 If a large number of clients in a switch stack use MAC authentication bypass to authenticate at the same time, the clients are no longer in the unauthorized state when – The stack members start at the same time because the stack reloaded or powered up.
Resolved Caveats • CSCsz05975 A stack member no longer fails when the hostname is longer than 36 characters. • CSCsz12381 When open1x authentication and MAC authentication bypass are enabled on a port, an IP phone is connected to the port, and DHCP snooping is enabled on the switch, DHCP traffic is now forwarded on the voice VLAN before open 1x authentication times out and the switch uses MAC authentication bypass to authorize the port.
Resolved Caveats Cisco IOS Caveats Resolved in Cisco IOS Release 12.2(50)SE • CSCsk64158 Symptoms: Several features within Cisco IOS software are affected by a crafted UDP packet vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked input queue on the inbound interface. Only crafted UDP packets destined for the device could result in the interface being blocked, transit traffic will not block the interface.
Resolved Caveats Cisco has released free software updates that address this vulnerability. Several mitigation strategies are outlined in the workarounds section of this advisory. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090325-tcp.shtml • CSCsr50766 When keepalive is disabled on an interface, the interface is no longer put in an error-disabled state when it receives keepalive packets.
Documentation Updates This advisory is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090325-scp.shtml. • CSCsv64023 A switch port configured for IGMP snooping no longer lose its group membership when the port receives a query comes from an upstream device that is not configured for IGMP snooping.
Documentation Updates debug authentication Use the debug authentication privileged EXEC command to enable debugging of the authentication settings on an interface. Use the no form of this command to disable debugging.
Documentation Updates Defaults Authentication debugging is disabled. Command Modes Privileged EXEC Command History Release Modification 12.2(50)SE This command was introduced. Usage Guidelines The undebug authentication command is the same as the no debug authentication command. On stacking switches, when you enable debugging, it is enabled only on the stack master.
Documentation Updates Updates to the Switch Getting Started Guide When you launch Express Setup, you are prompted for the switch password. Enter the default password, cisco. The switch ignores text in the username field. Before you complete and exit Express Setup, you must change the password from the default password, cisco.
Documentation Updates Error Message %EC-5-MINLINKS_MET: Port-channel [chars] is up as its bundled ports ([dec]) meets min-links Recommended Action The administrative configuration of minimum links is equal to or less than the number of EtherChannel ports. The port channel is up. [chars] is the EtherChannel, and [dec] is the EtherChannel group number. Recommended Action No action is required.
Documentation Updates Error Message %PAGP_DUAL_ACTIVE-3-OBJECT_CREATE_FAILED: Unable to create [chars] Explanation The switch cannot create the specified managed object. [chars] is the object name. Recommended Action No action is required.
Documentation Updates Error Message %SPANTREE_VLAN_SHIM-3-ADD_REGISTRY_FAILED: Subsystem [chars] fails to add callback function [chars] Explanation A subsystem has added its callback functions. Use this message only for debugging. The first [chars] is the subsystem name, and the second [chars] is the function name. Recommended Action No action is required. Error Message %SPANTREE_VLAN_SHIM-2-MAX_INSTANCE: Platform limit of [dec] STP instances exceeded. No instance created for [chars] (port [chars]).
Documentation Updates Error Message DOT1X_SWITCH-5-ERR_VLAN_NOT_FOUND: Attempt to assign non-existent or shutdown VLAN [dec] to 802.1x port [chars] Error Message DOT1X_SWITCH-5-ERR_VLAN_ROUTED_PORT: Attempt to assign VLAN [dec] to routed 802.1x port [chars] Error Message UDLD-3-UDLD_IDB_ERROR: UDLD error handling [chars] interface [chars]. Error Message UDLD-3-UDLD_INTERNAL_ERROR: UDLD internal error [chars]. Error Message UDLD-3-UDLD_INTERNAL_IF_ERROR: UDLD internal error, interface [chars] [chars].
Related Documentation Error Message %VQPCLIENT-7-RECONF: Reconfirming VMPS responses Error Message %VQPCLIENT-2-SHUTDOWN: Interface [chars] shutdown by VMPS Error Message %VQPCLIENT-3-THROTTLE: Throttling VLAN change on [chars] Related Documentation These documents provide complete information about the Cisco Catalyst 3120 for HP Blade Switch and are available from this Cisco.com site: http://www.cisco.com/en/US/products/ps6748/tsd_products_support_series_home.
Obtaining Documentation and Submitting a Service Request Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.
Obtaining Documentation and Submitting a Service Request Release Notes for Cisco Catalyst Blade Switch 3120 for HP, Cisco IOS Release 12.
