Cisco 3020 - Catalyst Blade Switch Release Note
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. 3020 - Cisco Catalyst Blade Switch
  6. Release note
Cisco 3020 - Catalyst Blade Switch Release Note

Cisco 3020 - Catalyst Blade Switch Release Note

Release notes for the cisco catalyst blade switch 3020 for hp, cisco ios release 12.2(35)se and later
Hide thumbs Also See for 3020 - Cisco Catalyst Blade Switch:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual, Release Note
Release Notes for the Cisco Catalyst
Blade Switch 3020 for HP,
Cisco IOS Release 12.2(35)SE and Later
Revised May 22, 2007
Cisco IOS Release 12.2(35)SE and later runs on the Cisco Catalyst Blade Switch 3020 for HP, also
referred to as the switch.
These release notes include important information about Cisco IOS Release 12.2(35)SE and later and
any limitations, restrictions, and caveats that apply to them. Verify that these release notes are correct
for your switch:
For the complete list of Cisco Catalyst Blade Switch 3020 for HP documentation, see the
Documentation" section on page
You can download the switch software from this site (registered Cisco.com users with a login password):
http://www.cisco.com/kobayashi/sw-center/sw-lan.shtml
This software release is part of a special release of Cisco IOS software that is not released on the same
8-week maintenance cycle that is used for other platforms. As maintenance releases and future software
releases become available, they will be posted to Cisco.com in the Cisco IOS software area.
Contents
This information is in the release notes:
Corporate Headquarters:
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
© 2007 Cisco Systems, Inc. All rights reserved.
If you are installing a new switch, see the Cisco IOS release label on the rear panel of your switch.
If your switch is on, use the show version privileged EXEC command. See the
Software Version and Feature Set" section on page
If you are upgrading to a new release, see the software upgrade filename for the software version.
See the
"Deciding Which Files to Use" section on page
"System Requirements" section on page 2
"Upgrading the Switch Software" section on page 3
"Installation Notes" section on page 6
3.
33.
"Finding the
3.
"Related

Advertisement

Table of Contents
loading

Related Manuals for Cisco 3020 - Cisco Catalyst Blade Switch

Summary of Contents for Cisco 3020 - Cisco Catalyst Blade Switch

  • Page 1 Release Notes for the Cisco Catalyst Blade Switch 3020 for HP, Cisco IOS Release 12.2(35)SE and Later Revised May 22, 2007 Cisco IOS Release 12.2(35)SE and later runs on the Cisco Catalyst Blade Switch 3020 for HP, also referred to as the switch. These release notes include important information about Cisco IOS Release 12.2(35)SE and later and any limitations, restrictions, and caveats that apply to them.

  • Page 2: System Requirements

    System Requirements “Limitations and Restrictions” section on page 6 • “Important Notes” section on page 11 • “Open Caveats” section on page 13 • “Resolved Caveats” section on page 16 • “Documentation Updates” section on page 19 • • “Related Documentation” section on page 33 •...

  • Page 3: Software Requirements

    Upgrading the Switch Software Software Requirements Table 2 lists the supported operating systems and browsers for using the device manager, which does not require a plug-in. The device manager verifies the browser version when starting a session to ensure that the browser is supported.
  • Page 4 Upgrading the Switch Software Table 3 lists the filenames for this software release. Table 3 Cisco IOS Software Image Files Filename Description cbs30x0-lanbase-tar.122-35.SE.tar Cisco Catalyst Blade Switch 3020 for HP image file and device manager files. This image has Layer 2+ features. cbs30x0-lanbasek9-tar.122-35.SE.tar Cisco Catalyst Blade Switch 3020 for HP cryptographic image file and device manager files.

  • Page 5: Recovering From A Software Failure

    Upgrading the Switch Software Upgrading a Switch by Using the CLI This procedure is for copying the combined tar file to the switch. You copy the file to the switch from a TFTP server and extract the files. You can download an image file and replace or keep the current image. To download software, follow these steps: Step 1 Table 3 on page 4...

  • Page 6: Installation Notes

    Installation Notes Installation Notes You can assign IP information to your switch by using these methods: The Express Setup program or the HP Onboard Administrator program described in the getting • started guide. The CLI-based setup program, as described in the hardware installation guide. •...
  • Page 7 Limitations and Restrictions Configuration These are the configuration limitations: • A static IP address might be removed when the previously acquired DHCP IP address lease expires. This problem occurs under these conditions: When the switch is booted without a configuration (no config.text file in flash memory). –...
  • Page 8 Limitations and Restrictions This is the IP limitation: When the rate of received DHCP requests exceeds 2,000 packets per minute for a long time, the response time might be slow when you are using the console. The workaround is to use rate limiting on DHCP traffic to prevent a denial of service attack from occurring.
  • Page 9 Limitations and Restrictions Incomplete multicast traffic can be seen under either of these conditions: • You disable IP multicast routing or re-enable it globally on an interface. – A switch mroute table temporarily runs out of resources and recovers later. –...
  • Page 10 Limitations and Restrictions Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP), and Port Aggregation Protocol • (PAgP) packets received from a SPAN source are not sent to the destination interfaces of a local SPAN session. The workaround is to use the monitor session session_number destination {interface interface-id encapsulation replicate} global configuration command for local SPAN.

  • Page 11: Important Notes

    Important Notes Important Notes These sections describe the important notes related to this software release: “Cisco IOS Notes” section on page 11 • “Device Manager Notes” section on page 11 • Cisco IOS Notes These notes apply to Cisco IOS software: The behavior of the no logging on global configuration command changed in Cisco IOS •...
  • Page 12 Important Notes Beginning in privileged EXEC mode, follow these steps to configure the HTTP server interface: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ip http authentication {aaa | enable | Configure the HTTP server interface for the type of authentication that local} you want to use.

  • Page 13: Open Caveats

    Open Caveats Open Caveats This section describes the open severity 3 caveats for this software release. Open Cisco IOS Caveats This section describes the open severity 3 Cisco IOS configuration caveats with possible unexpected activity in this software release: CSCei63394 •...
  • Page 14 Open Caveats CSCsd03580 • When you globally disable IEEE 802.1x on the switch by using the no dot1x system-auth-control global configuration command, some interface level configuration commands, including the dot1x timeout and dot1x mac-auth-bypass commands, become unavailable. The workaround is to enable the dot1x system-auth-control global configuration command before you attempt to configure interface level IEEE 802.1x parameters.
  • Page 15 Open Caveats CSCsg18176 • When dynamic ARP inspection is enabled and IP validation is disabled, the switch drops ARP requests that have a source address of 0.0.0.0. The workaround is to configure an ARP access control list (ACL) that permits IP packets with a source IP address of 0.0.0.0 (and any MAC) address) and apply the ARP ACL to the desired DAI VLANs.
  • Page 16 Resolved Caveats Resolved Caveats This section describes the caveats that have been resolved in this release. CSCei63394 • When an IEEE 802.1x restricted VLAN was configured on a port and a hub with multiple devices was connected to that port, no syslog messages were generated. This is not a supported configuration.
  • Page 17 Resolved Caveats Cisco IOS is affected by the following vulnerabilities: Processing ClientHello messages, documented as Cisco bug ID CSCsb12598 – Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304 – Processing Finished messages, documented as Cisco bug ID CSCsd92405 – Cisco has made free software available to address these vulnerabilities for affected customers.
  • Page 18 Resolved Caveats CSCsd08314 • When you remove a voice VLAN that has no per-VLAN configuration from a secure port, a PORT_SECURITY-6-VLAN_REMOVED message no longer appears. If an address was learned on a VLAN, the error message still appears when that VLAN is aged Note out or removed.

  • Page 19: Documentation Updates

    Documentation Updates CSCsd92405 • Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device. Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS);...
  • Page 20 Documentation Updates When you configure one end of an EtherChannel in either PAgP or LACP mode, the system negotiates with the other end of the channel to determine which ports should become active. In previous releases, the incompatible ports were suspended. Beginning with Cisco IOS Release , instead of a suspended state, the local port is put into an independent state and continues to carry data traffic as would any other single link.
  • Page 21 Documentation Updates Command Purpose Step 3 aaa authentication login default group Use RADIUS authentication. Before you can use this authentication radius method, you must configure the RADIUS server. For more information, see Chapter 9, “Configuring Switch-Based Authentication.” The console prompts you for a username and password on future attempts to access the switch console after entering the aaa authentication login command.
  • Page 22 Documentation Updates Command Purpose Step 3 interface interface-id Specify the port to be configured, and enter interface configuration mode. Step 4 switchport mode access Set the port to access mode. Step 5 ip access-group access-list in Specify the default access control list to be applied to network traffic before web authentication.

  • Page 23: Dot1X Fallback

    Documentation Updates Command Purpose Step 11 exit Return to privileged EXEC mode. Step 12 show dot1x interface interface-id Verify your configuration. Step 13 copy running-config startup-config (Optional) Save your entries in the configuration file. This example shows how to configure IEEE 802.1x authentication with web authentication as a fallback method.

  • Page 24: Fallback Profile

    Documentation Updates Command Modes Interface configuration Command History Release Modification 12.2(35)SE This command was introduced. Usage Guidelines You must enter the dot1x port-control auto interface configuration command on a switch port before entering this command. Examples This example shows how to specify a fallback profile to a switch port that has been configured for IEEE 802.1x authentication: Switch# configure terminal Enter configuration commands, one per line.
  • Page 25 Documentation Updates Command Modes Global configuration Command History Release Modification 12.2(35)SE This command was introduced. Usage Guidelines The fallback profile is used to define the IEEE 802.1x fallback behavior for IEEE 802.1x ports that do not have supplicants. The only supported behavior is to fall back to web authentication. After entering the fallback profile command, you enter profile configuration mode, and these configuration commands are available: •...
  • Page 26 Documentation Updates Syntax Description rule Apply an IP admission rule to the interface. Command Modes Global configuration Command History Release Modification 12.2(35)SE This command was introduced. Usage Guidelines The ip admission command applies a web authentication rule to a switch port. Examples This example shows how to apply a web authentication rule to a switchport: Switch# configure terminal...

  • Page 27: Show Fallback Profile

    Documentation Updates Defaults Web authentication is disabled. Command Modes Global configuration Command History Release Modification 12.2(35)SE This command was introduced. Usage Guidelines The ip admission name proxy http command globally enables web authentication on a switch. After you enable web authentication on a switch, use the ip access-group in and ip admission web-rule interface configuration commands to enable web authentication on a specific interface.
  • Page 28 Documentation Updates show fallback profile [ append | begin | exclude | include | { [redirect | tee ] url } expression ] Syntax Description | append (Optional) Append redirected output to a specified URL | begin (Optional) Display begins with the line that matches the expression. | exclude (Optional) Display excludes lines that match the expression.
  • Page 29 Documentation Updates Command Description dot1x fallback Configure a port to use web authentication as a fallback method for clients that do not support IEEE 802.1x authentication. fallback profile Create a web authentication fallback profile. ip admission Enable web authentication on a switch port ip admission name proxy Enable web authentication globally on a switch http...
  • Page 30 Documentation Updates Updates to the System Message Guide These system messages were added to the system message guide: Error Message DOT1X-5-SECURITY_VIOLATION: Security violation on the interface [chars], new MAC address [enet] is seen. A host on the specified interface is trying to access the network or to authenticate in a Explanation host mode that does not support the number of hosts attached to the interface.
  • Page 31 Documentation Updates Error Message GBIC_SECURITY_CRYPT-4-UNRECOGNIZED_VENDOR: GBIC in port [chars] manufactured by an unrecognized vendor The small form-factor pluggable (SFP) module was identified as a Cisco SFP module, Explanation but the switch could not match its manufacturer with one on the known list of Cisco SFP module vendors.
  • Page 32 Documentation Updates Error Message WCCP-1-SERVICELOST: Service [chars] lost on WCCP Client [IP_address] Explanation WCCP has lost the service associated with the specified WCCP client. [chars] is the name of the service, and [IP_address] is the client IP address. Verify the operational state of the WCCP client. Recommended Action These system messages were updated in the system message guide: Error Message EC-5-CANNOT_BUNDLE_LACP: [chars] is not compatible with aggregators in...

  • Page 33: Related Documentation

    Related Documentation Updates to Getting Getting Started Guide This illustration in the Cisco Catalyst Blade Switch 3020 for HP Getting Started Guide has been updated: Figure 1 The Catalyst Blade Switch 3020 for HP S Y S T S T A T D L X U ID S P D...

  • Page 34: Obtaining Documentation

    Obtaining Documentation Obtaining Documentation Cisco documentation and additional literature are available on Cisco.com. This section explains the product documentation resources that Cisco offers. Cisco.com You can access the most current Cisco documentation at this URL: http://www.cisco.com/techsupport You can access the Cisco website at this URL: http://www.cisco.com You can access international Cisco websites at this URL: http://www.cisco.com/public/countries_languages.shtml...

  • Page 35: Cisco Product Security Overview

    Cisco Product Security Overview Cisco Product Security Overview Cisco provides a free online Security Vulnerability Policy portal at this URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html From this site, you will find information about how to do the following: • Report security vulnerabilities in Cisco products Obtain assistance with security incidents that involve Cisco products •...

  • Page 36: Obtaining Technical Assistance

    Product Alerts and Field Notices Product Alerts and Field Notices Modifications to or updates about Cisco products are announced in Cisco Product Alerts and Cisco Field Notices. You can receive these announcements by using the Product Alert Tool on Cisco.com. This tool enables you to create a profile and choose those products for which you want to receive information.

  • Page 37: Submitting A Service Request

    Obtaining Technical Assistance Displaying and Searching on Cisco.com If you suspect that the browser is not refreshing a web page, force the browser to update the web page by holding down the Ctrl key while pressing F5. To find technical information, narrow your search to look in technical documentation, not the entire Cisco.com website.

  • Page 38: Obtaining Additional Publications And Information

    Obtaining Additional Publications and Information Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations. Obtaining Additional Publications and Information Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
  • Page 39 Obtaining Additional Publications and Information This document is to be used in conjunction with the documents listed in the “Related Documentation” section. CCVP, the Cisco Logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.;...
  • Page 40 Obtaining Additional Publications and Information Release Notes for the Cisco Catalyst Blade Switch 3020 for HP, Cisco IOS Release 12.2(35)SE and Later OL-8918-03...

Table of Contents