Release Notes for the Cisco Catalyst Blade Switch 3020 for HP, Cisco IOS Release 12.2(55)SE and Later Revised March 28, 2012 Cisco IOS Release 12.2(55)SE runs on the Cisco Catalyst Blade Switch 3020 for HP, referred to as the switch. If you wish to use Device Manager to upgrade the switch from Cisco IOS Release 12.2(35)SE through Cisco IOS Release 12.2(40)SE1 (the LAN Base image) to Cisco IOS Release 12.2(50)SE or later (the IP base image), you must first upgrade to Cisco IOS Release 12.2(40)SE2.
System Requirements • “Important Notes” section on page 12 • “Open Caveats” section on page 13 • “Resolved Caveats” section on page 14 • “Documentation Updates” section on page 24 • “Related Documentation” section on page 34 • “Obtaining Documentation, Obtaining Support, and Security Guidelines” section on page 34 System Requirements • “Hardware Supported” section on page 2 • “Device Manager System Requirements” section on page 2 Hardware Supported Table 1 Supported Hardware Switch Descr
Upgrading the Switch Software The device manager verifies the browser version when starting a session, and it does not require a plug-in.
Upgrading the Switch Software Table 3 lists the filenames for this software release. Table 3 Cisco IOS Software Image Files Filename Description cbs30x0-ipbase-tar.122-55.se.tar Cisco Catalyst Blade Switch 3020 for HP image file and device manager files. This image has Layer 2+ features. cbs30x0-ipbasek9-tar.122-55.se.tar Cisco Catalyst Blade Switch 3020 for HP cryptographic image file and device manager files. This image has the Kerberos and SSH features.
Upgrading the Switch Software Upgrading a Switch by Using the CLI This procedure is for copying the combined tar file to the switch. You copy the file to the switch from a TFTP server and extract the files. You can download an image file and replace or keep the current image. To download software, follow these steps: Step 1 Use Table 3 on page 4 to identify the file that you want to download. Step 2 Download the software image file: a. If you are a registered customer, go to this URL and log in.
Installation Notes Recovering from a Software Failure For additional recovery procedures, see the “Troubleshooting” chapter in the software configuration guide for this release. Installation Notes You can assign IP information to your switch by using these methods: • The Express Setup program or the HP Onboard Administrator program described in the getting started guide. • The CLI-based setup program, as described in the hardware installation guide.
Limitations and Restrictions MAC replace can be configured so that when a host disconnects from a port without ending its session, the session can be ended and the authentication sequence reset when a new MAC address connects to the port. • Support for increasing the NVRAM buffer size for saving large configuration files. • ARP tracking probe enhancement to specify a source IP address for a VLAN.
Limitations and Restrictions – When the switch is connected to a DHCP server that is configured to give an address to it (the dynamic IP address is assigned to VLAN 1). – When an IP address is configured on VLAN 1 before the dynamic address lease assigned to VLAN 1 expires. The workaround is to reconfigure the static IP address.
Limitations and Restrictions IP • When the rate of received DHCP requests exceeds 2,000 packets per minute for a long time, the response time might be slow when you are using the console. The workaround is to use rate limiting on DHCP traffic to prevent a denial of service attack from occurring. (CSCeb59166) • After you change the access VLAN on a port that has IEEE 802.1x enabled, the IP phone address is removed. Because learning is restricted on IEEE 802.
Limitations and Restrictions – Cancel membership in the multicast group by using the no ip igmp join-group group-address interface configuration command on an SVI. – Disable IGMP snooping on the VLAN interface by using the no ip igmp snooping vlan vlan-id global configuration command. (CSCeh90425) Quality of Service (QoS) • Some switch queues are disabled if the buffer size or threshold level is set too low with the mls qos queue-set output global configuration command.
Limitations and Restrictions Trunking • The switch treats frames received with mixed encapsulation (IEEE 802.1Q and Inter-Switch Link [ISL]) as frames with FCS errors, increments the error counters, and the port LED blinks amber. This happens when an ISL-unaware device receives an ISL-encapsulated packet and forwards the frame to an IEEE 802.1Q trunk interface. There is no workaround. (CSCdz33708) • IP traffic with IP options set is sometimes leaked on a trunk port.
Important Notes Important Notes • “Cisco IOS Notes” section on page 12 • “Device Manager Notes” section on page 12 Cisco IOS Notes • The behavior of the no logging on global configuration command changed in Cisco IOS Release 12.2(18)SE and later. You can only use the logging on and then the no logging console global configuration commands to disable logging to the console. (CSCec71490) • In Cisco IOS Release 12.
Open Caveats • If you are not using the default method of authentication (the enable password), you need to configure the HTTP server interface with the method of authentication used on the switch. Beginning in privileged EXEC mode, follow these steps to configure the HTTP server interface: Command Purpose Step 1 configure terminal Enter global configuration mode.
Resolved Caveats • CSCth94904 An internal switch port is down when one of these HP Flex 10-Gigabit Ethernet network interface cards (NICs) is up: – Flex 522m Mezz – Flex 542m Mezz – Flex 552m Mezz The workaround is to use the speed nonegotiate interface configuration command on the internal port.
Resolved Caveats • CSCtc18841 If local proxy Address Resolution Protocol (ARP) is configured on the VLAN interface, the ARP entry for the Hot Standby Router Protocol (HSRP) enters into an incomplete state. The workaround is to remove the proxy ARP feature on the VLAN interface (by using the no ip local-proxy-arp interface configuration command) and restart the interface.
Resolved Caveats • CSCtr28857 A vulnerability in the Multicast Source Discovery Protocol (MSDP) implementation of Cisco IOS Software and Cisco IOS XE Software could allow a remote, unauthenticated attacker to cause a reload of an affected device. Repeated attempts to exploit this vulnerability could result in a sustained denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
Resolved Caveats • CSCtt37202 If a client switch is authorized using MAC Authentication Bypass (MAB), and then by using the 802.1x standard and dynamic VLAN assignment, the MAC address of the switch is not updated in the MAC address table of slave switches. The workaround is to not use both the 802.1x and dynamic VLAN assignment configurations for the client switch. • CSCtu17483 The switch crashes when an IP phone that uses LLDP and authenticates itself using MAC Authentication Bypass (MAB) or 802.
Resolved Caveats • CSCti37197 If a tunnel interface is configured with Cisco Discovery Protocol (CDP), the switch fails when it receives a CDP packet. The workaround is to disable CDP on the interface by using the no cdp enable interface configuration command. • CSCtj56719 The switch fails when the Differentiated Services Code Point (DSCP) mutation name is longer than 25 characters. The workaround is to configure DSCP mutation names with fewer than 25 characters.
Resolved Caveats Caveats Resolved in Cisco IOS Release 12.2(55)SE3 • CSCtg71149 When ports in an EtherChannel are linking up, the message EC-5-CANNOT_BUNDLE2 might appear. This condition is often self-correcting, indicated by the appearance of EC-5-COMPATIBLE message following the first message. On occasion, the issue does not self-correct, and the ports may remain unbundled.
Resolved Caveats • CSCto55124 When a member switch port security is used with port-based dot1x authentication and the switch MAC address is sticky, a connected device authenticates itself. Its MAC address is added as sticky in the switch configuration and in the port security tables of the stack switches. When the switch is shut down, the device MAC address is removed from the master switch, but it is retained in the member switch security tables.
Resolved Caveats • CSCtc57809 Switches running Cisco IOS Release 12.2(52)SE might reload after you enter the no mac address-table static mac-address vlan vlan-id interface interface-id global configuration command if the interface is up and the MAC address was dynamically learned before it was changed to static.
Resolved Caveats The workaround is to downgrade to 12.2(52)SE • CSCte99016 When two blade switches in a blade server are running Cisco IOS release 12.2(53)SE, with no stack cable connection between them, if you enter the no shutdown interface command on gigabitethernet ports 1/0/17 and 1/0/18, the output of the show running-config or show interface privileged EXEC command shows the ports to be down. The workaround is to downgrade the software to Cisco IOS Release 12.2(52)SE.
Resolved Caveats • CSCtf78276 A switch running Cisco IOS Release 12.2(53)SE1 stops when IEEE 802.1x authentication is enabled. The workaround is to apply a VLAN that the RADIUS server assigned to the switch. • CSCtg26941 Multidomain authentication (MDA) with guest VLAN or MAC authentication bypass (MAB) as a fallback method is enabled on a switch running Cisco IOS Release 12.2(53)SE. When a non-802.
Documentation Updates • CSCtj86299 If a static MAC address entry is configured for an IP address in the global routing table, ping requests are sent through the global context, and replies are sent through Virtual Routing and Forwarding (VRF). This is a VRF leak. The workaround is to remove the static MAC address entry.
Documentation Updates Step 9 Command Purpose show ipv6 rip [name] [database] [next-hops] Display information about IPv6 RIP processes. or Step 10 show ipv6 route rip [updated] Display the contents of the IPv6 routing table. copy running-config startup-config (Optional) Save your entries in the configuration file. Updates to the System Message Guide New System Messages Error Message AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface [chars], new MAC address ([enet) is seen.
Documentation Updates Error Message AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client ([chars]) on Interface [chars] AuditSessionID [chars] Explanation All available authentication methods have been tried for the client, but authentication has failed. The first [chars] is the client ID, the second [chars] is the interface, and the third [chars] is the session ID. Recommended Action No action is required.
Documentation Updates Error Message DOT1X_SWITCH-5-ERR_ADDING_ADDRESS: Unable to add address [enet] on [chars] AuditSessionID [chars] Explanation The client MAC address could not be added to the MAC address table because the hardware memory is full or the address is a secure address on another port. This message might appear if IEEE 802.1x is enabled. [enet] is the client MAC address, the first [chars] is the interface, and the second [chars] is the session ID.
Documentation Updates Error Message IFMGR-3-IFINDEX_PERSIST_ENTRY_CORRUPT: [chars] seems to be corrupted. Trying to read [dec] size Explanation The ifIndex table is corrupted. [chars] is the path to the IfIndex file, and [dec] is the number of bytes that was being read from the ifIndex table when the corruption was detected. Recommended Action Delete the ifindex table.
Documentation Updates Error Message SCHED-3-UNEXPECTEDEVENT: [traceback] [process information] Process received unknown event (maj [hex], min [hex]) Explanation A process did not handle an event. The first [hex] is the major event number, and the second [hex] is the minor event number, both of which allow you to identify the event that occurred. Recommended Action Copy the message exactly as it appears on the console or in the system log.
Documentation Updates Error Message DOT1X_SWITCH-5-ERR_PRIMARY_VLAN_NOT_FOUND: Attempt to assign VLAN [dec], whose primary VLAN does not exist or is shutdown, to 802.1x port [chars] AuditSessionID [chars] Explanation An attempt was made to assign a private VLAN whose primary VLAN does not exist or is shut down. [dec] is the VLAN, the first [chars] is the port, and the second [chars] is the session ID. Recommended Action Make sure that the primary VLAN exists and is not shut down.
Documentation Updates Error Message DOT1X_SWITCH-5-ERR_VLAN_EQ_VVLAN: Data VLAN [dec] on port [chars] cannot be equivalent to the Voice VLAN AuditSessionID [chars] Explanation An attempt was made to assign a data VLAN to an 802.1x port that is the same as the voice VLAN. [dec] is the VLAN, the first [chars] is the port, and the second [chars] is the session ID. Recommended Action Change either the voice VLAN or the 802.1x-assigned VLAN on the interface so that they are not the same.
Documentation Updates Error Message DOT1X_SWITCH-5-ERR_VLAN_PROMISC_PORT: Attempt to assign VLAN [dec] to promiscuous 802.1x port [chars] AuditSessionID [chars] Explanation An attempt was made to assign a VLAN to a promiscuous IEEE 802.1x port, which is not allowed. [dec] is the VLAN, the first [chars] is the port, and the second [chars] is the session ID. Recommended Action Change the port mode so that it is no longer a promiscuous port, or change the configuration so that no VLAN is assigned.
Documentation Updates Error Message DOT1X-5-SUCCESS: Authentication successful for client ([chars]) on Interface [chars] Explanation Authentication was successful. [chars] is the interface. Recommended Action No action is required. Error Message DOT1X_SWITCH-5-ERR_ADDING_ADDRESS: Unable to add address [enet] on [chars] Explanation The client MAC address could not be added to the MAC address table because the hardware memory is full or the address is a secure address on another port.
Related Documentation 4 Mode button 10 Gigabit Ethernet ports LEDs for ports 17x to 24x 5 Console port 11 Gigabit Ethernet ports 17x to 24x 6 UID1 LED 1. UID: unit identifier. This information in the Cisco Catalyst Blade Switch 3020 for HP Getting Started Guide has been updated: When you launch Express Setup, you are prompted for the switch password. Enter the default password, cisco. The switch ignores text in the username field.
