Release Notes for Cisco Catalyst Blade Switch 3120 for HP, Cisco IOS Release 12.2(55)SE and Later Revised March 28, 2012 Cisco IOS Release 12.2(55)SE runs on the Cisco Catalyst Blade Switch 3120 for HP switches. These switches support stacking through Cisco StackWise Plus technology. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. These release notes include important information about Cisco IOS Release 12.
Contents Contents • System Requirements, page 2 • Upgrading the Switch Software, page 4 • Installation Notes, page 7 • New Software Features, page 7 • Minimum Cisco IOS Release for Major Features, page 8 • Limitations and Restrictions, page 10 • Important Notes, page 17 • Open Caveats, page 19 • Resolved Caveats, page 20 • Documentation Updates, page 30 • Related Documentation, page 38 • Obtaining Documentation and Submitting a Service Request, page 39 System Requirements • Hardwar
System Requirements Table 1 Cisco Catalyst Blade Switch 3120 for HP Supported Hardware (continued) Supported by Minimum Cisco IOS Release Switch Hardware Description SFP modules2 GLC-T GLC-SX-MM GLC-LH-SM 12.2(40)EX3 Supports OneX (CVR-X2-SFP10G) and these SFP+ modules SFP-10G-SR SFP-10G-LR SFP-10G-LRM Cisco IOS Release 12.2(53)SE Only version 02 or later CX13 cables are supported: SFP-H10GB-CU1M SFP-H10GB-CU3M SFP-H10GB-CU5M 1. X2 module supported only on the CBS3120X-S model 2.
Upgrading the Switch Software The device manager verifies the browser version when starting a session, and it does not require a plug-in. Cisco Network Assistant Compatibility Cisco IOS 12.2(40)EX1 and later is only compatible with Cisco Network Assistant 5.3 and later. You can download Network Assistant from this URL: http://www.cisco.com/pcgi-bin/tablebuild.pl/NetworkAssistant For more information about Cisco Network Assistant, see the Release Notes for Cisco Network Assistant on Cisco.com.
Upgrading the Switch Software Note Table 3 To use the IPv6 routing and IPv6 ACL features on the Cisco Catalyst Blade Switch 3120 for HP, you must purchase the IP services software license from Cisco. Cisco IOS Software Image Files Filename Description cbs31x0-universal-tar.122-55.SE.tar Cisco Catalyst Blade Switch 3120 for HP universal image and device manager files. This image has all the supported features that are enabled by the software license installed on the switch. cbs31x0-universalk9-tar.
Upgrading the Switch Software Upgrading a Switch by Using the Device Manager or Network Assistant You can upgrade switch software by using the device manager or Network Assistant. For detailed instructions, click Help. Note When using the device manager to upgrade your switch, do not use or close your browser session after the upgrade process begins. Wait until after the upgrade process completes. Upgrading a Switch by Using the CLI This procedure is for copying the combined tar file to the switch.
Installation Notes For /directory/image-name.tar, specify the directory (optional) and the image to download. Directory and image names are case sensitive. This example shows how to download an image from a TFTP server at 198.30.20.19 and to overwrite the image on the switch: Switch# archive download-sw /overwrite tftp://198.30.20.19/cbs31x0-universal-tar.122-40.EX1.
Minimum Cisco IOS Release for Major Features • The IP Base image supports OSPF for routed access to enable customers to extend Layer 3 routing capabilities to the access or wiring closet. The IP services image is required if you need multiple OSPFv2 and OSPFv3 instances without route restrictions. • MAC move to allow hosts (including the hosts connected to an IP phone) to move across ports within the same switch without any restrictions to enable mobility.
Minimum Cisco IOS Release for Major Features Table 4 Features Introduced After the First Release and the Minimum Cisco IOS Release Required (continued) Minimum Cisco IOS Release Required Catalyst Blade Switch Support NEAT to change the port host mode and to apply a standard port configuration on the authenticator switch port 12.2(52)SE 3120 VLAN-ID based MAC authentication 12.2(52)SE 3120 MAC move 12.
Limitations and Restrictions Table 4 Features Introduced After the First Release and the Minimum Cisco IOS Release Required (continued) Feature Minimum Cisco IOS Release Required Catalyst Blade Switch Support DHCP for IPv6 relay, client, server address assignment and prefix delegation 12.2(46)SE 3120 IPv6 default router preference (DRP) for improving the ability of a host to select 12.2(46)SE an appropriate router.
Limitations and Restrictions • When a MAC access list is used to block packets from a specific source MAC address, that MAC address is entered in the switch MAC-address table. The workaround is to block traffic from the specific MAC address by using the mac address-table static mac-addr vlan vlan-id drop global configuration command.
Limitations and Restrictions • When there is a VLAN with protected ports configured in fallback bridge group, packets might not be forwarded between the protected ports. The workaround is to not configure VLANs with protected ports as part of a fallback bridge group. (CSCsg40322) When a switch port configuration is set at 10 Mb/s half duplex, sometimes the port does not send in one direction until the port traffic is stopped and then restarted.
Limitations and Restrictions • The switch might display tracebacks similar to this example when an EtherChannel interface port-channel type changes from Layer 2 to Layer 3 or the reverse: 15:50:11: %COMMON_FIB-4-FIBNULLHWIDB: Missing hwidb for fibhwidb Port-channel1 (ifindex 1632) -Traceback= A585C B881B8 B891CC 2F4F70 5550E8 564EAC 851338 84AF0C 4CEB50 859DF4 A7BF28 A98260 882658 879A58 There is no workaround.
Limitations and Restrictions The workaround is to not generate multicast packets with a TTL value of 0 or 1, or disable multicast routing in the VLAN. (CSCeh21660) • Multicast packets denied by the multicast boundary access list are flooded in the incoming VLAN when all of these conditions are met: – Multicast routing is enabled in the VLAN. – The source IP address of the multicast packet belongs to a directly connected network.
Limitations and Restrictions • If the ingress queue has low buffer settings and the switch sends multiple data streams of system jumbo MTU frames at the same time at the line rate, the frames are dropped at the ingress. There is no workaround. (CSCsd72001) • When you use the srr-queue bandwidth limit interface configuration command to limit port bandwidth, packets that are less than 256 bytes can cause inaccurate port bandwidth readings.
Limitations and Restrictions Stacking • When using the logging console global configuration command, low-level messages appear on both the stack master and the stack member consoles. The workaround is to use the logging monitor global configuration command to set the severity level to block the low-level messages on the stack member consoles.
Important Notes Device Manager Limitations • When you are prompted to accept the security certificate and you click No, you only see a blank screen, and the device manager does not start. The workaround is to click Yes when you are prompted to accept the certificate. (CSCef45718) • If you launch the device manager from a Firefox web browser, an invalid certificate alert appears. If you launch the device manager from an Internet Explorer 7.0 browser, a certificate error appears.
Important Notes Device Manager Notes • You cannot create and manage switch clusters through the device manager. To create and manage switch clusters, use the CLI or Cisco Network Assistant. • We recommend this browser setting to reduce the time needed to display the device manager from Microsoft Internet Explorer. From Microsoft Internet Explorer: • 1. Choose Tools > Internet Options. 2. Click Settings in the “Temporary Internet files” area. 3. From the Settings window, choose Automatically. 4.
Open Caveats Beginning in privileged EXEC mode, follow these steps to configure the HTTP server interface: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ip http authentication {enable | local | tacacs} Configure the HTTP server interface for the type of authentication that you want to use. • enable—Enable password, which is the default method of HTTP server user authentication, is used.
Resolved Caveats • CSCtx73953 A port that is programatically configured with auth-default ACL does not allow any traffic on the switch except DHCP traffic. If the configurations on the interface are cleared and the interface is restarted, the auth-default ACL configuration remains and the problem persists. There is no workaround. Resolved Caveats • Caveats Resolved in Cisco IOS Release 12.2(55)SE5, page 20 • Caveats Resolved in Cisco IOS Release 12.
Resolved Caveats • CSCtj88307 When you enter the default interface, switchport, or no switchport interface configuration command on the switch, this message appears: EMAC phy access error, port 0, retrying...... There is no workaround. • CSCtj89743 CPU usage is high when a device connected to the switch is accessed using the https://IP_address command on the router. The workaround is to reload the device.
Resolved Caveats • CSCts34688 The switch crashes due to the "HACL Acl Manager" memory fragmentation when a large access control list (ACL) is modified. • CSCts54282 A memory leak occurs when a Switch Virtual Interface (SVI) is configured and an external management port is disabled on the Advanced Management Module (AMM). There is no workaround. • CSCts58073 A threshold violation error message is displayed when a X2-10GB-LR module is installed on the switch (with or without a fiber cable).
Resolved Caveats Caveats Resolved in Cisco IOS Release 12.2(55)SE4 • CSCta85026 The Dynamic Host Configuration Protocol (DHCP) CLI does not accept white spaces in raw ASCII option in the DHCP pool configuration submode. This issue is seen in Cisco IOS Release 12.4(24)T1 and later. There is no workaround. • CSCtg11547 In a VPN Routing and Forwarding (VRF) aware setup, messages are not sent to the syslog server. This issue applies to Cisco IOS Release 12.2(53)SE and 12.2(53)SE1.
Resolved Caveats • CSCtl60151 The switch sometimes reloads after a CPU overload, regardless of the process that is overloading the CPU. This problem has been corrected. • CSCtn11259 If a switch stack is configured with the stack-mac persistent timer value interface configuration command, the switch virtual interface (SVI) should remain in shutdown mode during a switchover. In this case, the SVI is in up mode.
Resolved Caveats shut down, the device MAC address is removed from the master switch, but it is retained in the member switch security tables. When the interface is re-enabled, the device MAC address is restored to the master switch configuration. The workaround is to use port security without dot1x authentication. Caveats Resolved in Cisco IOS Release 12.
Resolved Caveats • CSCtb58779 When a switch is low on memory (less than 256 MB), it can reload and display a SYS-2-WATCHDOG error. There is no workaround. Enter the show memory debug leak privileged EXEC command to check for signs of a memory leak and address these symptoms. • CSCtc02635 On switches running Cisco IOS release 12.
Resolved Caveats • CSCte14603 A vulnerability in the Internet Group Management Protocol (IGMP) version 3 implementation of Cisco IOS Software and Cisco IOS XE Software allows a remote unauthenticated attacker to cause a reload of an affected device. Repeated attempts to exploit this vulnerability could result in a sustained denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. This advisory is posted at http://www.cisco.
Resolved Caveats • CSCtf19991 If the RADIUS authentication server is unavailable and inaccessible authentication bypass is enabled, the switch grants the client access to the network by putting the connected port in the critical-authentication state in the RADIUS-configured or the user-specified access VLAN. After the server is available, the client is not reinitialized and moved out of the critical VLAN. There is no workaround. • CSCtf33948 A PC in 802.
Resolved Caveats • CSCti04980 After you upgrade the switch software to Cisco IOS Release 12.2(55)SE, enhanced auto-QoS commands are generated when – auto-QoS is enabled on an interface and – mls qos command is not enabled on the switch If the mls qos command was already enabled on the switch, enhanced auto-QoS commands are generated only when you configure one of these commands: – auto qos classify [police] – auto qos trust {cos | dscp} – auto qos video {cts | ip-camera} Cisco IOS Release 12.
Documentation Updates Documentation Updates • Updates to the Software Configuration Guide, page 30 • Updates to the Switch Getting Started Guide, page 30 • Updates for the System Message Guide, page 31 Updates to the Software Configuration Guide In the “Configuring RIP for IPv6” section in the “Configuring IPv6 Unicast Routing” chapter, the task table is incorrect. This is the correct table: Command Purpose Step 1 configure terminal Enter global configuration mode.
Documentation Updates Updates for the System Message Guide New System Messages Error Message AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface [chars], new MAC address ([enet) is seen. AuditSessionID [chars] Explanation A host on the interface attempted to gain access to the network or attempted an authentication. The interface mode does not support the number of hosts that are attached to the interface. This is a security violation, and the interface has been error-disabled.
Documentation Updates Error Message AUTHMGR-7-RESULT: Authentication result [chars] from [chars] for client [chars] on Interface [chars] AuditSessionID [chars] Explanation The results of the authentication. The first [chars] is the status of the authentication, the second [chars] is the authentication method, the third [chars] is the client ID, the fourth [chars] is the interface, and the fifth [chars] is the session ID. Recommended Action No action is required.
Documentation Updates Error Message HARDWARE-3-ASICNUM_ERROR: [traceback] Port-ASIC number [dec] is invalid Explanation The port ASIC number is invalid. [dec] is the port ASIC number. Recommended Action Copy the message exactly as it appears on the console or in the system log. Research and attempt to resolve the error by using the Output Interpreter. Use the Bug Toolkit to look for similar reported problems.
Documentation Updates Error Message ILET-1-AUTHENTICATION_FAIL: This Switch may not have been manufactured by Cisco or with Cisco’s authorization. This product may contain software that was copied in violation of Cisco’s license terms. If your use of this product is the cause of a support issue, Cisco may deny operation of the product, support under your warranty or under a Cisco technical support program such as Smartnet. Please contact Cisco’s Technical Assistance Center for more information.
Documentation Updates Error Message DOT1X_SWITCH-5-ERR_INVALID_PRIMARY_VLAN: Attempt to assign primary VLAN [dec] to 802.1x port [chars] AuditSessionID [chars] Explanation An attempt was made to assign a primary VLAN to an 802.1x port, which is not allowed. [dec] is the VLAN, the first [chars] is the port, and the second [chars] is the session ID. Recommended Action Use a different VLAN. Note This message applies to switches running the IP base image.
Documentation Updates Error Message DOT1X_SWITCH-5-ERR_SPAN_DST_PORT: Attempt to assign VLAN [dec] to 802.1x port [chars], which is configured as a SPAN destination AuditSessionID [chars] Explanation An attempt was made to assign a VLAN to an 802.1x port that is configured as a Switched Port Analyzer (SPAN) destination port. [dec] is the VLAN, the first [chars] is the port, and the second [chars] is the session ID.
Documentation Updates Error Message DOT1X_SWITCH-5-ERR_VLAN_ON_ROUTED_PORT: Attempt to assign VLAN [dec] to routed 802.1x port [chars] AuditSessionID [chars] Explanation An attempt was made to assign a VLAN to a supplicant on a routed port, which is not allowed. [dec] is the VLAN ID, the first [chars] is the port, and the second [chars] is the session ID. Recommended Action Either disable the VLAN assignment, or change the port type to a nonrouted port.
Related Documentation Deleted System Messages Error Message DOT1X-4-MEM_UNAVAIL: Memory was not available to perform the 802.1X action. Explanation The system memory is not sufficient to perform the IEEE 802.1x authentication. Recommended Action Reduce other system activity to reduce memory demands. Error Message DOT1X-5-SUCCESS: Authentication successful for client ([chars]) on Interface [chars] Explanation Authentication was successful. [chars] is the interface. Recommended Action No action is required.
Obtaining Documentation and Submitting a Service Request • Note Release Notes for the Cisco Catalyst Blade Switch 3120 for HP Before you install, configure, or upgrade the switch module, see the release notes on Cisco.com for the latest information.
Obtaining Documentation and Submitting a Service Request Release Notes for Cisco Catalyst Blade Switch 3120 for HP, Cisco IOS Release 12.
