Release Notes for Cisco Catalyst Blade Switch 3120 for HP, Cisco IOS Release 12.2(53)SE and Later March 16, 2010 Cisco IOS Release 12.2(53)SE and later runs on the Cisco Catalyst Blade Switch 3120 for HP switches. These switches support stacking through Cisco StackWise Plus technology. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. These release notes include important information about Cisco IOS Release 12.
Contents Contents These sections provide information about this release: • System Requirements, page 2 • Upgrading the Switch Software, page 4 • Installation Notes, page 7 • New Features, page 7 • Minimum Cisco IOS Release for Major Features, page 8 • Limitations and Restrictions, page 10 • Important Notes, page 17 • Open Caveats, page 20 • Resolved Caveats, page 20 • Documentation Updates, page 23 • Related Documentation, page 33 • Obtaining Documentation and Submitting a Service Re
System Requirements Table 1 Cisco Catalyst Blade Switch 3120 for HP Supported Hardware (continued) Supported by Minimum Cisco IOS Release Switch Hardware Description Cisco X2 transceiver modules X2-10GB-SR X2-10GB-LRM X2-10GB-CX4 12.2(40)EX3 12.2(46)SE X2-10GB-LR X2-10GB-LX4 SFP modules2 GLC-T GLC-SX-MM GLC-LH-SM 12.2(40)EX3 Supports OneX (CVR-X2-SFP10G) and these SFP+ modules SFP-10G-SR SFP-10G-LR SFP-10G-LRM Cisco IOS Release 12.
Upgrading the Switch Software Software Requirements These are the supported operating systems and browsers for the device manager: • Windows 2000, XP, Vista, and Windows Server 2003. • Internet Explorer 5.5, 6.0, 7.0, Firefox 1.5, 2.0 or later. The device manager verifies the browser version when starting a session, and it does not require a plug-in. Cisco Network Assistant Compatibility Cisco IOS 12.2(40)EX1 and later is only compatible with Cisco Network Assistant 5.3 and later.
Upgrading the Switch Software Deciding Which Files to Use The upgrade procedures in these release notes describe how to perform the upgrade by using a combined tar file. This file contains the Cisco IOS image file and the files needed for the embedded device manager. You must use the combined tar file to upgrade the switch through the device manager. To upgrade the switch through the command-line interface (CLI), use the tar file and the archive download-sw privileged EXEC command.
Upgrading the Switch Software You can also configure the switch as a TFTP server to copy files from one switch to another without using an external TFTP server by using the tftp-server global configuration command. For more information about the tftp-server command, see the “Basic File Transfer Services Commands” section of the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2, at this URL: http://www.cisco.com/en/US/docs/ios/12_2/configfun/command/reference/ffun_r.
Installation Notes The /reload option reloads the system after downloading the image unless the configuration has been changed and not saved. For //location, specify the IP address of the TFTP server. For /directory/image-name.tar, specify the directory (optional) and the image to download. Directory and image names are case sensitive. This example shows how to download an image from a TFTP server at 198.30.20.19 and to overwrite the image on the switch: Switch# archive download-sw /overwrite tftp://198.
Minimum Cisco IOS Release for Major Features New Software Feature Support for the ip vrf forwarding vrf-name server-group configuration and the ip radius source-interface global configuration VRF-Aware RADIUS commands. For more information, see the “Updates to the Software Documentation” section on page 24. Minimum Cisco IOS Release for Major Features Table 4 lists the minimum software release (after the first release) required to support the major features of the Catalyst Blade Switch 3120 for HP.
Minimum Cisco IOS Release for Major Features Table 4 Features Introduced After the First Release and the Minimum Cisco IOS Release Required (continued) Minimum Cisco IOS Release Required Feature Catalyst Blade Switch Support MAC move to allow hosts (including the hosts connected behind an IP phone) to 12.2(52)SE move across ports within the same switch without any restrictions to enable mobility.
Limitations and Restrictions Table 4 Features Introduced After the First Release and the Minimum Cisco IOS Release Required (continued) Minimum Cisco IOS Release Required Catalyst Blade Switch Support DHCP server port-based address allocation for the preassignment of an IP address to a switch port 12.2(46)SE 3120 HSRP for IPv6 12.2(46)SE 3120 DHCP for IPv6 relay, client, server address assignment and prefix delegation 12.
Limitations and Restrictions Access Control List • The Cisco Catalyst 3120 for HP Blade Switch has 964 TCAM entries available for ACLs in the default and routing SDM templates instead of the 1024 entries that are available on the Catalyst 3560 and Catalyst 3750 switches. There is no workaround. (CSCse33114) • When a MAC access list is used to block packets from a specific source MAC address, that MAC address is entered in the switch MAC-address table.
Limitations and Restrictions Configuration • If a half-duplex port running at 10 Mb/s receives frames with Inter-Packet Gap (IPG) that do not conform to Ethernet specifications, the switch might stop sending packets. There is no workaround.
Limitations and Restrictions The EtherChannel ports are put in the error-disabled state because the switches in the partitioned stacks send STP BPDUs. The switch or stack at the other end of the EtherChannel receiving the multiple BPDUs with different source MAC addresses detects an EtherChannel misconfiguration. After the partitioned stacks merge, ports in the suspended state should automatically recover.
Limitations and Restrictions Multicasting • Multicast packets with a time-to-live (TTL) value of 0 or 1 are flooded in the incoming VLAN when all of these conditions are met: – Multicast routing is enabled in the VLAN. – The source IP address of the packet belongs to the directly connected network. – The TTL value is either 0 or 1. The workaround is to not generate multicast packets with a TTL value of 0 or 1, or disable multicast routing in the VLAN.
Limitations and Restrictions • Egress shaped round robin (SRR) sharing weights do not work properly with system jumbo MTU frames. There is no workaround. (CSCsc63334) • In a hierarchical policy map, if the VLAN-level policy map is attached to a VLAN interface and the name of the interface-level policy map is the same as that for another VLAN-level policy map, the switch rejects the configuration, and the VLAN-level policy map is removed from the interface.
Limitations and Restrictions • When the logging event-spanning-tree interface configuration command is configured and logging to the console is enabled, a topology change might generate a large number of logging messages, causing high CPU utilization. CPU utilization can increase with the number of spanning-tree instances and the number of interfaces configured with the logging event-spanning-tree interface configuration command.
Important Notes You can use one of these workarounds: – Enter the shutdown and the no shutdown interface configuration commands to reset the port. – Remove and reconfigure the VLAN. (CSCsi26444) • When you use the switch renumber global configuration command to renumber a member switch in a switch stack and then reload the switch, the internal server-facing ports do not have the required default of spanning-tree portfast enabled.
Important Notes Cisco IOS Notes These notes apply to Cisco IOS software: • If the switch requests information from the Cisco Secure Access Control Server (ACS) and the message exchange times out because the server does not respond, a message similar to this appears: 00:02:57: %RADIUS-4-RADIUS_DEAD: RADIUS server 172.20.246.206:1645,1646 is not responding. If this message appears, make sure that there is network connectivity between the switch and the ACS.
Important Notes Beginning in privileged EXEC mode, follow these steps to configure the HTTP server interface: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ip http authentication {aaa | enable | local} Configure the HTTP server interface for the type of authentication that you want to use. • aaa—Enable the authentication, authorization, and accounting feature. You must enter the aaa new-model interface configuration command for the aaa keyword to appear.
Open Caveats Open Caveats • CSCsy85676 When you configure an ACL and enter the access-group interface configuration command to apply it to an interface for web authentication, the output from the show epm session ip-address or show ip access_list interface interface-id privileged EXEC command does not show any web authentication filter ID. There is no workaround. • CSCsz18634 On a switch running Cisco IOS release 12.
Resolved Caveats Cisco IOS Caveats Resolved in Cisco IOS Release 12.2(53)SE1 • CSCsx97605 The CISCO-RTTMON-MIB is not correctly implemented in this release. • CSCtb10158 A switch can fail when an SNMP process attempts to configure dot1x authentication when it is already configured. There is no workaround.
Resolved Caveats Cisco IOS Caveats Resolved in Cisco IOS Release 12.2(53)SE • CSCsj68446 The Network Time Protocol (NTP) might not synchronize when the switch is configured as an NTP client. These are the two possible workarounds: – Enter the no ntp global configuration command twice. – Reconfigure NTP on the port. For more information, see the “Configuring NTP” section of the “Administering the Switch” chapter in the software configuration guide.
Documentation Updates • CSCtc30872 When a BPDU guard is globally enabled on a switch and the access VLAN is a VLAN other than VLAN 1, BPDU guard does not run on a multiple VLAN access port. The workaround is to enable BPDU guard on the port. • CSCtc57809 When the no mac address-table static mac-addr vlan vlan-id interface interface-id global configuration command is used to remove a dynamically learned MAC address, the switch fails under these conditions: – The physical interface is in a no shut state.
Documentation Updates Updates to the Software Documentation Update to the “Configuring IP Unicast Routing” Chapter This section was added to the “Configuring IP Unicast Routing” chapter: User Interface for VRF-Aware RADIUS To configure VRF-Aware RADIUS, you must first enable AAA on a RADIUS server.
Documentation Updates Update to the “Configuring IEEE 802.1x Port-Based Authentication” Chapter This guideline was added to the “802.1x Authentication” section of the “Configuring IEEE 802.1x Port-Based Authentication” chapter. • When IP phones are connected to an 802.1x-enabled switch port that is in single host mode, the switch grants the phones network access without authenticating them.
Documentation Updates • Writing Embedded Event Manager Policies Using the Cisco IOS CLI http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_policy_cli.html • Writing Embedded Event Manager Policies Using Tcl http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_policy_tcl.
Documentation Updates Error Message %DOT1X-5-RESULT_OVERRIDE: Authentication result overridden for client ([chars]) on Interface [chars] AuditSessionID [chars] Recommended Action The authentication result was overridden. The first [chars] is the client ID, the second [chars] is the interface, and the third [chars] is the session ID. Explanation No action is required.
Documentation Updates Error Message DOT1X_SWITCH-5-ERR_PRIMARY_VLAN_NOT_FOUND: Attempt to assign VLAN [dec], whose primary VLAN does not exist or is shutdown, to 802.1x port [chars] AuditSessionID [chars] Explanation An attempt was made to assign a private VLAN whose primary VLAN does not exist or is shut down. [dec] is the VLAN, the first [chars] is the port, and the second [chars] is the session ID. Recommended Action Make sure the primary VLAN exists and is not shut down.
Documentation Updates Error Message DOT1X_SWITCH-5-ERR_VLAN_INTERNAL: Attempt to assign internal VLAN [dec] to 802.1x port [chars] AuditSessionID [chars] Explanation An attempt was made to assign an invalid VLAN to an IEEE 802.1x port. The VLAN specified is used internally and cannot be assigned to this port. [dec] is the VLAN, the first [chars] is the port, and the second [chars] is the session ID. Explanation Assign a different VLAN.
Documentation Updates Error Message DOT1X_SWITCH-5-ERR_ADDING_ADDRESS: Unable to add address [enet] on [chars] Explanation The client MAC address could not be added to the MAC address table because the hardware memory is full or the address is a secure address on another port. This message might appear if IEEE 802.1x is enabled. [enet] is the client MAC address, and [chars] is the interface. Recommended Action If the hardware memory is full, remove some of the dynamic MAC addresses.
Documentation Updates Error Message DOT1X_SWITCH-5-ERR_SPAN_DST_PORT: Attempt to assign VLAN [dec] to 802.1x port [chars], which is configured as a SPAN destination Explanation An attempt was made to assign a VLAN to an IEEE 802.1x port that is configured as a Switched Port Analyzer (SPAN) destination port. [dec] is the VLAN, and [chars] is the port.
Documentation Updates Error Message DOT1X_SWITCH-5-ERR_VLAN_NOT_FOUND: Attempt to assign non-existent or shutdown VLAN [dec] to 802.1x port [chars] Explanation An attempt was made to assign a VLAN to an IEEE 802.1x port, but the VLAN was not found in the VLAN Trunking Protocol (VTP) database. [dec] is the VLAN, and [chars] is the port. Recommended Action Make sure that the VLAN exists and is not shut down, or use another VLAN.
Related Documentation Error Message SW_VLAN-4-VTP_USER_NOTIFICATION: VTP protocol user notification: [chars]. Explanation This message means that the VTP code encountered an unusual diagnostic situation. [chars] is a description of the situation. Recommended Action Find out more about the error by using the show tech-support privileged EXEC command. Copy the message exactly as it appears on the console or in the system log. Research and attempt to resolve the error by using the Output Interpreter.
Obtaining Documentation and Submitting a Service Request Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.