Release Notes for the Catalyst 4500-X Series Switch, Cisco IOS XE 3.11.xE
Introduction
This release note describes the features, modifications, and caveats for the Cisco IOS XE Release 3.11.xE software on the Catalyst 4500-X Series Switches.
Cisco IOS XE Release 3.11.xE is a feature rich new software feature release for IOS and IOS-XE based Catalyst Access Switching products.
Note |
Although Cisco Catalyst 4500E Series Switches and Cisco Catalyst 4500-X Series Switches have separate release notes, each leverages the same Software Configuration Guide and Command Reference Guide. |
Cisco IOS Software Packaging
Cisco Catalyst 4500-X Series Switches support these license levels or feature sets.
The following permanent right-to-use licenses or base licenses are available:
-
Enterprise Services—image supports all Cisco Catalyst 4500-X Series software features based on Cisco IOS Software, including enhanced routing.
-
IP Base
Starting with Cisco IOS XE Release 3.10.0E, the following add-on license options are available:
-
DNA Essentials
-
DNA Advantage
To find information about platform support and to know which license levels a feature is available with, use Cisco Feature Navigator. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Cisco IOS XE Release Strategy
Customers with Catalyst 4500-X Series Switches who need the latest hardware and software features should migrate to Cisco IOS XE Release 3.11.xE.
Cisco IOS XE Release 3.11.xE, 3.8.xE 3.6.xE, and 3.4.xSG are extended maintenance (EM) trains supporting 4500-X.
Cisco IOS XE Release 3.10.xE, 3.9.xE, 3.7.xE, 3.5.xE, and 3.3.xSG and standard maintenance (SM) trains supporting 4500-X.
Support
Support for Cisco IOS XE Release 3.11.xE follows the standard Cisco Systems® support policy, available at
http://www.cisco.com/en/US/products/products_end-of-life_policy.html.
System Requirements
This section describes the system requirements:
Supported Hardware on the Catalyst 4500-X Series Switch
The following table lists where you can find information about supported pluggable transceiver modules and the minimum Cisco IOS Software release required:
Module Type |
URL |
Cisco 10-Gigabit Ethernet Transceiver Modules Compatibility Matrix |
http://www.cisco.com/c/en/us/td/docs/interfaces_modules/transceiver_modules/compatibility/matrix/10GE_Tx_Matrix.html |
Cisco Gigabit Ethernet Transceiver Modules Compatibility Matrix |
http://www.cisco.com/c/en/us/td/docs/interfaces_modules/transceiver_modules/compatibility/matrix/GE_Tx_Matrix.html |
Cisco 100-Megabit Ethernet SFP Modules Compatibility Matrix |
http://www.cisco.com/c/en/us/td/docs/interfaces_modules/transceiver_modules/compatibility/matrix/100MB_Tx_Matrix.html |
Cisco Wavelength Division Multiplexing Transceivers Compatibility Matrix |
http://www.cisco.com/c/en/us/td/docs/interfaces_modules/transceiver_modules/compatibility/matrix/OL_6982.html |
Feature Support by Image Type
The following table is a detailed list of features supported on Catalyst 4500-X Series switches running Cisco IOS XE Release 3.11.xE categorized by image type. Please visit Feature Navigator for package details:
http://tools.cisco.com/ITDIT/CFN/
Feature |
IP Base |
Enterprise Services |
---|---|---|
2-way Community Private VLANs |
Yes |
Yes |
8-Way CEF Load Balancing |
Yes |
Yes |
10 Gigabit Uplink Use |
Yes |
Yes |
10/100 Mbps for GLC-T transceiver |
Yes |
Yes |
AAA Server Group |
Yes |
Yes |
AAA Server Group Based on DNIS |
Yes |
Yes |
ACL—Improved Merging Algorithm |
Yes |
Yes |
ACL Logging |
Yes |
Yes |
ACL Policy Enhancements |
Yes |
Yes |
ACL Sequence Numbering |
Yes |
Yes |
Address Resolution Protocol (ARP) |
Yes |
Yes |
ANCP Client |
Yes |
Yes |
ANSI TIA-1057 LLDP—MED Location Extension |
Yes |
Yes |
ANSI TIA-1057 LLDP—MED Support |
Yes |
Yes |
Application Visibility and Control with Domain Name System-Authoritative Source (AVC with DNS-AS) |
Yes |
Yes |
ARP Optimization |
Yes |
Yes |
Auto Configuration |
Yes |
Yes |
Auto Identity |
Yes |
Yes |
Auto-LAG |
Yes |
Yes |
Auto QoS |
Yes |
Yes |
Auto QoS Compact |
Yes |
Yes |
Auto Security |
Yes |
Yes |
Auto SmartPorts |
Yes |
Yes |
Auto-MDIX |
Yes |
Yes |
Auto-Voice VLAN (part of Auto QoS) |
Yes |
Yes |
AutoInstall Using DHCP for LAN Interfaces |
Yes |
Yes |
AutoQoS—VoIP |
Yes |
Yes |
AutoRP Enhancement |
Yes |
Yes |
Banner Page and Inactivity timeout for HTTP/S connections |
Yes |
Yes |
BGP |
No |
Yes |
BGP 4 |
No |
Yes |
BGP 4 4Byte ASN (CnH) |
No |
Yes |
BGP 4 Multipath Support |
No |
Yes |
BGP 4 Prefix Filter and In-bound Route Maps |
No |
Yes |
BGP 4 Soft Config |
No |
Yes |
BGP Conditional Route Injection |
No |
Yes |
BGP Configuration Using Peer Templates |
No |
Yes |
BGP Dynamic Update Peer-Groups |
No |
Yes |
BGP Increased Support of Numbered as-path Access Lists to 500 |
No |
Yes |
BGP Link Bandwidth |
No |
Yes |
BGP Neighbor Policy |
No |
Yes |
BGP Prefix-Based Outbound Route Filtering |
No |
Yes |
BGP Restart Neighbor Session After max-prefix Limit Reached |
No |
Yes |
BGP Route-Map Continue |
No |
Yes |
BGP Route-Map Continue Support for Outbound Policy |
No |
Yes |
BGP Soft Rest |
No |
Yes |
BGP Wildcard |
No |
Yes |
Bidirectional PIM (IPv4 only) |
Yes |
Yes |
Bidirectional SXP support |
Yes |
Yes |
Bidirectional Forwarding Detection (BFD) for Intermediate System to Intermediate System (IS-IS) |
No |
Yes |
Boot Config |
Yes |
Yes |
Broadcast/Multicast Suppression |
Yes |
Yes |
Call Home |
Yes |
Yes |
CDP (Cisco Discovery Protocol) Version 2 |
Yes |
Yes |
CDP Enhancement —Host presence TLV |
Yes |
Yes |
CEF/dCEF—Cisco Express Forwarding |
Yes |
Yes |
CEFv6 Switching for 6to4 Tunnels |
Yes |
Yes |
CEFv6/dCEFv6 — Cisco Express Forwarding |
Yes |
Yes |
CFM/IEEE 802.1ag - D8.1 standard Compliant CFM, Y.1731 multicast LBM / AIS / RDI / LCK, IP SLA for Ethernet |
Yes |
Yes |
CGMP — Cisco Group Management Protocol |
Yes |
Yes |
Cisco IOS Scripting w/Tcl |
Yes |
Yes |
Cisco Plug-in for OpenFlow |
Yes |
Yes |
Cisco-Port-QoS-MIB—Support for cportQosQueueEnqueuePkts and cportQosQueueDropPkts |
Yes |
Yes |
Cisco Service Discovery Gateway Support |
Yes |
Yes |
CiscoView Autonomous Device Manager (ADP) |
Yes |
Yes |
Cisco TrustSec—Critical Authentication |
Yes |
Yes |
Cisco TrustSec—SGT Exchange Protocol (SXP) IPv4 |
Yes |
Yes |
Cisco TrustSec—SGT/ SGA |
Yes |
Yes |
Cisco TrustSec—SGACL Logging and Statistics |
Yes |
Yes |
Cisco TrustSec—SGT Exchange Protocol (SXP) IPv4 |
Yes |
Yes |
Cisco TrustSec—SGT/ SGA |
Yes |
Yes |
Cisco TrustSec—SGACL Logging and Statistics |
Yes |
Yes |
Class Based Ethernet CoS Matching & Marking (802.1p & ISL CoS) |
Yes |
Yes |
Class-Based Marking |
Yes |
Yes |
Class-Based Policing |
Yes |
Yes |
Class-Based Shaping |
Yes |
Yes |
Clear Counters Per Port |
Yes |
Yes |
CLI String Search |
Yes |
Yes |
CNS—Configuration Agent, Event Agent, Image Agent, Interactive CLI, Config Retrieve Enhancement with Retry and Interval |
Yes |
Yes |
Command Scheduler (Kron) |
Yes |
Yes |
Command Scheduler (Kron) Policy for System Startup |
Yes |
Yes |
Commented IP Access List Entries |
Yes |
Yes |
Community Private VLAN |
Yes |
Yes |
Configuration Change Tracking Identifier |
Yes |
Yes |
Configuration Change Notification and Logging |
Yes |
Yes |
Configuration Replace and Configuration Rollback; Configuration Rollback Confirmed Change |
Yes |
Yes |
Contextual Configuration Diff Utility |
Yes |
Yes |
Control Plane Policing (Copp) |
Yes |
Yes |
CPU Enhancement |
Yes |
Yes |
CPU Optimization for Layer 3 Multicast Control Packets |
Yes |
Yes |
Critical Authorization for Voice and Data |
Yes |
Yes |
DAI (Dynamic ARP inspection) |
Yes |
Yes |
DBL (Dynamic Buffer Limiting) - Selective DBL |
Yes |
Yes |
Debounce Timer per Port |
Yes |
Yes |
Default Passive Interface |
Yes |
Yes |
Diffserv MIB |
Yes |
Yes |
DHCP Client |
Yes |
Yes |
DHCP Configurable DHCP Client |
Yes |
Yes |
DHCP Gleaning |
Yes |
Yes |
DHCP Option 82, Pass Through |
Yes |
Yes |
DHCPv6 Ethernet Remote ID option |
Yes |
Yes |
DHCPv6 Option 18 |
Yes |
Yes |
DHCPv6 Option 37 (Relay Options Remote-ID) |
Yes |
Yes |
DHCPv6 Option 52 (CAPWAP Access Controller) |
Yes |
Yes |
DHCPv6 Relay Agent notification for Prefix Delegation |
Yes |
Yes |
DHCPv6 Relay - Reload persistent Interface ID option |
Yes |
Yes |
DHCPv6 Repackaging |
Yes |
Yes |
DHCP Server |
Yes |
Yes |
DHCP Snooping |
Yes |
Yes |
DSCP/CoS via LLDP |
Yes |
Yes |
Duplication Location Reporting Issue |
Yes |
Yes |
Dynamic Trunking Protocol (DTP) |
Yes |
Yes |
Easy Virtual Network (EVN) |
No |
Yes |
Easy VSS1 |
Yes |
Yes |
EIGRP |
No |
Yes |
EIGRP Service Advertisement Framework |
Yes |
Yes |
EIGRP Stub Routing |
Yes |
Yes |
Embedded Event Manager (EEM) 3.2 |
Yes |
Yes |
Embedded Syslog Manager (ESM) |
Yes |
Yes |
Energywise Agentless SNMP support |
Yes |
Yes |
Energywise Wake-On-Lan Support |
Yes |
Yes |
Entity API for Physical and Logical Mgd Entities |
Yes |
Yes |
ErrDisable timeout |
Yes |
Yes |
EtherChannel |
Yes |
Yes |
EtherChannel Flexible PAgP |
Yes |
Yes |
EtherChannel Enhancement - Single Port Channel |
Yes |
Yes |
Fast EtherChannel (FEC) |
Yes |
Yes |
FHRP—Enhanced Object Tracking of IP SLAs |
Yes |
Yes |
FHRP—Enhanced Object Tracking integration with EEM |
Yes |
Yes |
FHRP—GLBP - IP Redundancy API |
Yes |
Yes |
FHRP—HSRP - Hot Standby Router Protocol V2 |
Yes |
Yes |
FHRP—Object Tracking List |
Yes |
Yes |
Filter-ID Based ACL Application |
Yes |
Yes |
FIPS 140-2/3 Level 2 Certification |
Yes |
Yes |
FIPS/CC Compliance for NMSP |
Yes |
Yes |
Flexible NetFlow—Application ID |
Yes |
Yes |
Flexible NetFlow —CTS Fields, Device Type, Ethertype, Export to an IPv6 address, Full Flow Support, Ingress support, IPFIX, IPv4 and IPv6 Unicast Flows, Layer 2 Fields, Multiple User Defined Caches, Netflow Export over IPv4, NetFlowV5 Export protocol, NetFlow V9 Export Format, Power Reading, Username, VLAN ID support, |
Yes |
Yes |
Flexible NetFlow (FNF) for AVC with DNS-AS |
Yes |
Yes |
Flex Links+(VLAN Load balancing) |
Yes |
Yes |
Forced 10/100 Autonegotiation |
Yes |
Yes |
FQDN ACL |
Yes |
Yes |
FTP Support for Downloading Software Images |
Yes |
Yes |
Gateway Load Balancing Protocol (GLBP) |
Yes |
Yes |
Generic Routing Encapsulation (GRE) |
Yes |
Yes |
GOLD Online Diagnostics |
Yes |
Yes |
GRE Tunneled Packets Switched on Hardware |
No |
Yes |
HSRP: Global IPv6 Address |
Yes |
Yes |
HSRP - Hot Standby Router Protocol |
Yes |
Yes |
HTTP Security |
Yes |
Yes |
HTTP TACAC+ Accounting support |
Yes |
Yes |
Identity 4.1 Network Edge Access Topology |
Yes |
Yes |
IEEE 802.1ab LLDP (Link Layer Discovery Protocol) IEEE 802.1ab LLDP/LLDP-MED |
Yes |
Yes |
IEEE 802.1p Support |
Yes |
Yes |
IEEE 802.1Q VLAN Trunking |
Yes |
Yes |
IEEE 802.1s Multiple Spanning Tree (MST) Standard Compliance |
Yes |
Yes |
IEEE 802.1s VLAN Multiple Spanning Trees |
Yes |
Yes |
IEEE 802.1t2 |
Yes |
Yes |
IEEE 802.1w Spanning Tree Rapid Reconfiguration |
Yes |
Yes |
IEEE 802.1x Auth Fail Open (Critical Ports) IEEE 802.1x Auth Fail VLAN IEEE 802.1x Flexible Authentication IEEE 802.1x Multiple Authentication IEEE 802.1x Open Authentication IEEE 802.1X with User Distribution IEEE 802.1x VLAN Assignment IEEE 802.1x VLAN User Group Distribution IEEE 802.1x Wake on LAN Support IEEE 802.1x Authenticator IEEE 802.1x Fallback support IEEE 802.1x Guest VLAN IEEE 802.1x Multi-Domain Authentication IEEE 802.1x Private Guest VLAN IEEE 802.1x Private VLAN Assignment |
Yes |
Yes |
IEEE 802.1x RADIUS Accounting IEEE 802.1x RADIUS-Supplied Session Timeout |
Yes |
Yes |
IEEE 802.1x with ACL Assignments IEEE 802.1x with Port Security |
Yes |
Yes |
IEEE 802.3ad Link Aggregation (LACP) IEEE 802.3ad Link Aggregation Port-Channel Standalone Disable |
Yes |
Yes |
IEEE 802.3x Flow Control |
Yes |
Yes |
IGMP Fast Leave IGMP Filtering IGMP Snooping IGMP Version 1 IGMP Version 2 IGMP Version 3 IGMP Version 3 - Explicit Tracking of Hosts, Groups, and Channels |
Yes |
Yes |
IGMPv3 Host Stack IGMPv3 Snooping: Full Support |
Yes |
Yes |
Image Verification |
Yes |
Yes |
Individual SNMP Trap Support |
Yes |
Yes |
Interface Index Persistence |
Yes |
Yes |
Interface Range Specification |
Yes |
Yes |
Interface Templates |
Yes |
Yes |
IOS Based Device Profiling |
Yes |
Yes |
IP Enhanced IGRP Route Authentication |
No |
Yes |
IP Event Dampening |
Yes |
Yes |
IP Multicast Load Splitting - Equal Cost Multipath (ECMP) using S, G and Next-hop |
No |
Yes |
IP Multicast Load Splitting across Equal-Cost Paths |
Yes |
Yes |
IP Named Access Control List |
Yes |
Yes |
IPv6 Tunnels (in software) |
Yes |
Yes |
IP Routing |
Yes |
Yes |
IP SLAs: DHCP Operations Distribution of Statistics |
Yes |
Yes |
IP SLAs: DNS Operation FTP Operation HTTP Operation ICMP Echo Operation ICMP Path Echo Operation Multi Operation Scheduler One Way Measurement Path Jitter Operation Random Scheduler Reaction Threshold Responder Scheduler Sub-millisecond Accuracy Improvements TCP Connect Operation UDP Based VoIP Operation UDP Echo Operation UDP Jitter Operation Video Operations VoIP Threshold Traps |
Yes |
Yes |
IP Summary Address for RIPv2 |
Yes |
Yes |
IP Unnumbered for VLAN-SVI interfaces |
Yes |
Yes |
IPSG (IP Source Guard) v4 |
Yes |
Yes |
IPSG (IP Source Guard) v4 for Static Hosts |
Yes |
Yes |
IPv4 OGACLs |
Yes |
Yes |
IPv4 Policy-Based Routing IPv4 Policy-Based Routing with recursive next hop |
Yes |
Yes |
IPv4 Routing —Static Hosts/Default Gateway |
Yes |
Yes |
IPv6 (Internet Protocol Version 6) |
Yes |
Yes |
IPv6 Access Services: DHCPv6 Relay Agent |
Yes |
Yes |
IPv6 Anycast Address |
Yes |
Yes |
IPv6 / v4 BFD with OSPF/ BGP/ EIGRP and Static |
Yes |
Yes |
IPv6 BGP |
No |
Yes |
IPv6 Bootstrap Router (BSR) Scoped Zone Support |
No |
Yes |
IPv6 CNS Agents |
Yes |
Yes |
IPv6 Config Logger |
Yes |
Yes |
IPv6 First Hop Security (FHS): DHCPv6 Guard IPv6 Destination Guard IPv6 Snooping (Data Gleaning, per-limit Address Limit) IPv6 Neighbor Discovery (ND) Inspection IPv6 Neighbor Discovery Multicast Suppression IPv6 Router Advertisement (RA) Guard |
Yes |
Yes |
IPv6 First Hop Security (FHS) Phase 2: Binding table recovery Lightweight DHCPv6 Relay Agent (LDRA) IPv6 Snooping (Data Gleaning, per-limit Address Limit) Neighbor Discovery (ND) Multicast Suppress Source and Prefix Guard3 FHS EtherChannel Support |
Yes |
Yes |
IPv6 HSRP |
Yes |
Yes |
IPv6 HTTP(S) |
Yes |
Yes |
IPv6 ICMPv6 |
Yes |
Yes |
IPv6 ICMPv6 Redirect |
Yes |
Yes |
IPv6 Interface Statistics |
Yes |
Yes |
IPv6 IP SLAs (UDP Jitter, UDP Echo, ICMP Echo, TCP Connect) |
Yes |
Yes |
IPv6 Static Route support for Object Tracking |
Yes |
Yes |
IPv6 TCL |
Yes |
Yes |
IPv6 Interface Statistics |
Yes |
Yes |
IPv6 Access Services: DHCPv6 Relay Agent |
Yes |
Yes |
IPv6: Anycast Address |
Yes |
Yes |
IPv6 MLD Snooping v1 and v2 |
Yes |
Yes |
IPv6 MTU Path Discovery |
Yes |
Yes |
IPv6 Multicast |
Yes |
Yes |
IPv6 Multicast —Bootstrap Router (BSR) |
Yes |
Yes |
IPv6 Multicast — Explicit Tracking of Receivers |
Yes |
Yes |
IPv6 Multicast — MLD Access Group |
Yes |
Yes |
IPv6 Multicast — Multicast Listener Discovery (MLD) Protocol, Versions 1 and 2 |
Yes |
Yes |
IPv6 Multicast: PIM Accept Register PIM Embedded RP Support PIM Source-Specific Multicast (PIM-SSM) PIM Sparse Mode (PIM-SM) |
Yes |
Yes |
IPv6 Multicast — Routable Address Hello Option |
Yes |
Yes |
IPv6 Multicast — RPF Flooding of Bootstrap Router (BSR) Packets |
Yes |
Yes |
IPv6 Multicast — Scope Boundaries |
Yes |
Yes |
IPv6 Neighbor Discovery Duplicate Address Detection |
Yes |
Yes |
IPv6 OGACLs |
Yes |
Yes |
IPv6 OSPFv3 NSF/SSO |
Yes4 |
Yes |
IPv6 OSPFv3 Fast Convergence |
Yes4 |
Yes |
IPv6 Policy-Based Routing |
No |
Yes |
IPv6 RA Guard (Host Mode) |
Yes |
Yes |
IPv6 Router Advertisement Options for Domain Name System (DNS) Configuration |
Yes |
Yes |
IPv6 Routing — EIGRP Support |
No |
Yes |
IPv6 Routing — OSPF for IPv6 (OSPFv3) |
Yes5 |
Yes |
IPv6 Routing — RIP for IPv6 (RIPng) |
Yes |
Yes |
IPv6 Routing — Route Redistribution |
Yes |
Yes |
IPv6 Routing — Static Routing |
Yes |
Yes |
Pv6 Security — Secure Shell SSH support over IPv6 |
Yes |
Yes |
IPv6 Services — AAAA DNS Lookups over an IPv4 Transport |
Yes |
Yes |
IPv6 Services: Cisco Discovery Protocol (CDP) - IPv6 Address Family Support for Neighbor Information DNS Lookups over an IPv6 Transport Extended Access Control Lists Standard Access Control Lists |
Yes |
Yes |
IPv6 Stateless Auto-configuration |
Yes |
Yes |
IPv6 Static Routing: Support for Tracking Objects |
Yes |
Yes |
IPv6 Support for SGT/SGACL |
Yes |
Yes |
IPv6 Switching: CEF Support CEFv6 Switched Automatic IPv4-compatible Tunnels (in software) CEFv6 Switched ISATAP Tunnels (in software) |
Yes |
Yes |
IPv6 TCL |
Yes |
Yes |
IPv6 Tunneling: Automatic 6 to 4 Tunnels (in software) Automatic IPv4-compatible Tunnels (in software) IPv6 over IPv4 GRE Tunnels (in software) ISATAP Tunnel Support (in software) Manually Configured IPv6 over IPv4 Tunnels (in software) |
Yes |
Yes |
IPv6 Virtual LAN Access Control List (VACL) |
Yes |
Yes |
IPsecv3/IKEv2 (for management traffic only) |
Yes |
Yes |
IS-IS for IPv4 and IPv6 |
No |
Yes |
ISSU (IOS In-Service Software Upgrade |
Yes |
Yes |
Jumbo Frames |
Yes |
Yes |
Link Aggregation Control Protocol |
Yes |
Yes |
LACP Min-Links |
Yes |
Yes |
LACP Rate Fast |
Yes |
Yes |
Layer 2 Control Packet |
Yes |
Yes |
Layer 2 Protocol Tunneling (L2PT) |
Yes |
Yes |
L2TP for LACP and PAgP |
Yes |
Yes |
L2TP for UDLD |
Yes |
Yes |
Layer 2 Traceroute |
Yes |
Yes |
Layer 3 Multicast Routing (PIM SM, SSM, Bidir) |
Yes |
Yes |
Link State Group |
Yes |
Yes |
Link State Tracking |
Yes |
Yes |
Loadsharing IP packets over more than six parallel paths |
Yes |
Yes |
Local Proxy ARP |
Yes |
Yes |
Location MIBs |
Yes |
Yes |
MAB with Configurable User Name/Password |
Yes |
Yes |
MAC Address Notification |
Yes |
Yes |
MAC Authentication Bypass |
Yes |
Yes |
MAC Move and Replace |
Yes |
Yes |
Master Key Agreement (MKA) MACsec with EAP-TLS
|
Yes |
Yes |
Medianet 2.0 — AutoQoS SRND4 Macro |
Yes |
Yes |
Medianet 2.0 — Integrated Video Traffic Simulator (hardware-assisted IP SLA); IPSLA generator and responder |
Yes |
Yes |
Medianet 2.0 — Flow Metadata |
Yes |
Yes |
Medianet 2.0 — Media Service Proxy |
Yes |
Yes |
Medianet 2.0 — Media Monitoring (Performance Monitoring and Mediatrace) |
Yes |
Yes |
Memory Threshold Notifications |
Yes |
Yes |
Microflow policers |
Yes |
Yes |
Modular QoS CLI (MQC) |
Yes |
Yes |
Multi-authentication and VLAN Assignment |
Yes |
Yes |
Multi-VRF Support (VRF lite) |
No |
Yes |
Multicast BGP (MBGP) |
No |
Yes |
Multicast Fast Switching Performance Improvement |
Yes |
Yes |
Multicast HA (NSF/SSO) for IPv4&IPv6 |
Yes |
Yes |
Multicast Routing Monitor (MRM) |
No |
Yes |
Multicast Source Discovery Protocol (MSDP) |
Yes |
Yes |
Multicast Subsecond Convergence |
Yes |
Yes |
Multicast VLAN Registration (MVR) |
Yes |
Yes |
Multigigabit Ethernet Interface — Downshift Speed |
Yes |
Yes |
NAC — L2 IEEE 802.1x |
Yes |
Yes |
NAC — L2 IP |
Yes |
Yes |
Named VLAN |
Yes |
Yes |
NETCONF over SSHv2 |
Yes |
Yes |
Network Edge Access Topology (NEAT) |
Yes |
Yes |
NEAT Enhancement: Re-Enabling BPDU Guard Based on User Configuration |
Yes |
Yes |
Network Time Protocol (NTP) NTP master |
Yes |
Yes |
Next Hop Resolution Protocol (NHRP) |
No |
Yes |
NMSP Enhancements
|
Yes |
Yes |
No Service Password Recovery |
Yes |
Yes |
No. of VLAN Support |
4096 |
4096 |
NSF — BGP |
No |
Yes |
NSF — EIGRP |
Yes |
Yes |
NSF — OSPF (version 2 only) |
Yes |
Yes |
NSF/SSO |
Yes |
Yes |
NTP for IPv6 |
Yes |
Yes |
NTP for VRF aware |
No |
Yes |
Object Tracking: IPv6 Route Tracking |
Yes |
Yes |
Onboard Failure Logging (OBFL) |
Yes |
Yes |
Open Plug-N-Play Agent |
Yes |
Yes |
OSPF OSPF v3 Authentication OSPF Flooding Reduction |
Yes4 |
Yes |
OSPF for Routed Access5 |
Yes |
Yes |
OSPF Incremental Shortest Path First (i-SPF) Support OSPF Link State Database Overload Protection OSPF Not-So-Stubby Areas (NSSA) OSPF Packet Pacing OSPF Shortest Paths First Throttling OSPF Stub Router Advertisement OSPF Support for Fast Hellos OSPF Support for Link State Advertisement (LSA) Throttling OSPF Update Packet-Pacing Configurable Timers |
Yes4 |
Yes |
OSPF Support for Multi-VRF on CE Routers |
Yes4 |
Yes |
Out-of-band Management Port Out-of-band Management Port - IPv6 |
Yes |
Yes |
PBR with Object Tracking |
Yes |
Yes |
Per Intf IGMP State Limit Per Intf MrouteState Limit Per Port Per VLAN Policing Per-User ACL Support for 802.1X/MAB/Webauth users Per-VLAN Learning |
Yes |
Yes |
Permanent Right-to-Use (PRTU) license |
Yes |
Yes |
PIM Dense Mode State Refresh PIM Multicast Scalability PIM Version 1 PIM Version 2 |
Yes |
Yes |
PnP Agent |
Yes |
Yes |
Port Security |
Yes (supports 3072 MACs) |
Yes (supports 3072 MACs)s |
Port Security on Etherchannel Trunk Port Port Security MAC Address Filtering |
Yes |
Yes |
Pragmatic General Multicast (PGM) |
Yes |
Yes |
Priority Queueing (PQ) |
Yes |
Yes |
Private VLAN Promiscuous Trunk Port Private VLAN Trunk Ports Private VLANs |
Yes |
Yes |
Programmability |
Yes |
Yes |
Propagation of Location Info over CDP |
Yes |
Yes |
PVLAN over EtherChannel PVST + (Per VLAN Spanning Tree Plus) |
Yes |
Yes |
Q-in-Q |
Yes |
Yes |
QoS Packet Marking QoS Priority Percentage CLI Support |
Yes |
Yes |
RADIUS RADIUS Attribute 44 (Accounting Session ID) in Access Requests RADIUS Change of Authorization Rapid PVST+ Dispute Mechanism Rapid-Per-VLAN-Spanning Tree Plus (Rapid-PVST+) Rapid-Per-VLAN-Spanning Tree (Rapid-PVST) |
Yes |
Yes |
Reduced MAC Address Usage |
Yes |
Yes |
Redundancy Facility Protocol |
Yes |
Yes |
Remote SPAN (RSPAN) |
Yes |
Yes |
REP (Resilient Ethernet Protocol) REP — No Edge Neighbor Enhancement |
Yes |
Yes |
RIP v1 |
Yes |
Yes |
RMON events and alarms |
Yes |
Yes |
Secure CDP Secure Copy (SCP) |
Yes |
Yes |
Secure Shell SSH Version 2 Client Support Secure Shell SSH Version 2 Server Support |
Yes |
Yes |
Security Group ACL at Interface Level |
Yes |
Yes |
Single Rate 3-Color Marker for Traffic Policing |
Yes |
Yes |
Smart Port |
Yes |
Yes |
SNMP (Simple Network Management Protocol) SNMP Inform Request SNMP Manager SNMPv2C SNMPv3 — 3DES and AES Encryption Support SNMPv3 (SNMP Version 3) |
Yes |
Yes |
Source Specific Multicast (SSM) Source Specific Multicast (SSM) - IGMPv3,IGMP v3lite, and URD Source Specific Multicast (SSM) Mapping |
Yes |
Yes |
SPAN (# of bidirectional sessions) – Port Mirroring |
Yes (16 bidirectional sessions) |
Yes (16 bidirectional sessions) |
SPAN ACL Filtering for IPv6 SPAN — Packet Type and Address Type Filtering |
Yes |
Yes |
Spanning Tree Protocol (STP):
|
Yes |
Yes |
Standard IP Access List Logging |
Yes |
Yes |
Standby Supervisor Port Usage |
Yes |
Yes |
Sticky Port Security Sticky Port Security on Voice VLAN |
Yes |
Yes |
Storm Control Storm Control — Per-Port Multicast Suppression |
Yes |
Yes |
STP Syslog Messages |
Yes |
Yes |
Stub IP Multicast Routing |
Yes |
Yes |
Sub-second UDLD |
Yes |
Yes |
SVI (Switch Virtual Interface) Autostate Exclude |
Yes |
Yes |
Switch and IP Phone Security Interaction |
Yes |
Yes |
Switch Port Analyzer (SPAN) Switch Port Analyzer (SPAN) - CPU Source |
Yes |
Yes |
Syslog over IPV6 |
Yes |
Yes |
System Logging - EAL4 Certification Enhancements |
Yes |
Yes |
TACACS SENDAUTH function TACACS Single Connection TACACS+ TACACS+ and Radius for IPv6- |
Yes |
Yes |
TCAM4 — Dynamic Multi-Protocol TCAM4 — Service-Aware Resource Allocation |
Yes |
Yes |
Time Domain Reflectometry (TDR)7 |
Yes |
Yes |
Time-Based Access Lists Time-Based Access Lists Using Time Ranges (ACL) |
Yes |
Yes |
Trusted boundary (extended trust for CDP devices) |
Yes |
Yes |
Cisco TrustSec: IEEE 802.1ae MACSec Layer 2 encryption |
Yes |
Yes |
Cisco TrustSec: IEEE 802.1ae MACSec encryption on user facing ports |
Yes |
Yes |
Cisco TrustSec: IEEE 802.1ae MACSec encryption between switch-to-switch links using Cisco SAP (Security Association Protocol) |
Yes |
Yes |
UDI - Unique Device Identifier |
Yes |
Yes |
Uni-Directional Link Routing (UDLR) |
Yes |
Yes |
Unicast Mac Filtering |
Yes |
Yes |
Unicast Reverse Path Forwarding (uRPF) |
Yes |
Yes |
Unidirectional Ethernet UniDirectional Link Detection (UDLD) |
Yes |
Yes |
UDP Forwarding Support for IP Redundancy Virtual Router Group |
Yes |
Yes |
Virtual Router Redundancy Protocol (VRRP) for IPv4 |
Yes |
Yes |
Virtual Switching System (VSS) Phase 26
|
Yes |
Yes |
VSS Mapping— VLAN Translation VSS — REP, Flexlinks, UDLD, Fast UDLD |
Yes |
Yes |
Virtual Trunking Protocol (VTP) — Pruning |
Yes |
Yes |
VLAN Access Control List (VACL) VLAN MAC Address Filtering |
Yes |
Yes |
VLAN Mapping (VLAN Translation) VLAN Switching and Selective QinQ on the Same Port |
Yes |
Yes |
VRF-aware Copy Commands VRF-aware SGT (Subnet-to-SGT mapping and VLAN-to-SGT mapping) |
Yes |
Yes |
VRF-aware PBR VRF-aware TACACS+ VRF-aware WCCP for IPv4 traffic VRF-aware WCCP for IPv6 traffic |
No |
Yes |
VRF-lite for IPv6 on OSPF/ BGP/ EIGR |
No |
Yes |
VRRPv3 — Object Tracking Integration VRRPv3 Protocol Support |
Yes |
Yes |
VTP (Virtual Trunking Protocol) Version 2 VTP Version 3 |
Yes |
Yes |
WCCP Version 2 WCCP Version 2 on VSS WCCP Version 2 for IPv6 |
Yes |
Yes |
Web Authentication Proxy Web Authentication Redirection to Original URL Webauth Enhancements |
Yes |
Yes |
Wired Guest Access8 |
Yes |
Yes |
Wireshark-based Ethernet Analyzer |
Yes |
Yes |
XML-PI |
Yes |
Yes |
1.Catalyst 4500-X, Supervisor Engine 7-E—IP Base. Supervisor Engine 7LE—Ent Services. |
2.IEEE 802.1t—An IEEE amendment to IEEE 802.1D that includes extended system ID, long path cost, and PortFast. |
3.When either Source or Prefix Guard for IPv6 is enabled, ICMPv6 packets are unrestricted on all Catalyst 4500 series switch platforms running Cisco IOS Release 15.2(1)E. All other traffic types are restricted. |
4.IP Base supports only one OSPFv2 and one OSPFv3 instance with a maximum number of 1000 dynamically learned routes. |
5.OSPF for Routed Access supports only one OSPFv2 and one OSPFv3 instance with a maximum number of 1000 dynamically learned routes. |
6.As of IOS Release 3.5.0E, VSS supports Smart Install Director—Zero Touch installation without any convergence down-time. |
OpenFlow Version and Cisco IOS Release Support
The OVA package is available for download in the same location as your system image (.bin) file, on cisco.com
Note |
The OVA package is compatible only with its corresponding system image file name - as listed in the table below. Do not use an older version of the OVA package with a newer system image file, or a newer OVA package with an older system image file. |
Platform |
Cisco IOS Release |
Cisco OpenFlow Plug-In Version |
Cisco OpenFlow Plug-In |
Image Name |
---|---|---|---|---|
Cisco Catalyst 4500-X Series Switches |
IOS XE 3.11.0E |
2.0.2 |
ofa-2.0.2-r2-cat4500es8-SPA-k9.ova |
cat4500e-universalk9.SPA.03.11.00.E.152-7.E.bin |
MIB Support
For information on MIB support, please refer to this URL:
ftp://ftp.cisco.com/pub/mibs/supportlists/cat4000/cat4000-supportlist.html
Features Not Supported on the Cisco Catalyst 4500-X Series Switch
The following features are not supported on a Catalyst 4500-X series switch
-
CISCO-IETF-IP-FORWARD-MIB
-
CISCO-IETF-IP-MIB
-
LLDP HA
-
SMI Proxy
-
SSO (in non-VSS mode)
-
WCCP Version 1
-
SSH Version 1
-
AES-256 Encryption algorithm for MACSec
With some exceptions, the VSS maintains “feature parity” with the standalone Catalyst 4500 or 4500-X series switches. Major exceptions include:
-
CFM D8.1
-
Energywise
-
Mediatrace (Medianet active video monitoring feature)
-
Metadata (Medianet feature)
-
Per VLAN Learning
-
UDE
-
UDLR
-
VMPS Client
Orderable Product Numbers
The following table lists the Cisco IOS XE Release 3.11.xE Product Numbers and Images for the Catalyst 4500-X Series Switches
Product Number |
Description |
Image |
---|---|---|
Base Switch PIDs |
||
WS-C4500X-32SFP+ |
Catalyst 4500-X 32 Port 10GE IP Base, Front-to-Back Cooling i.e. Port Side to Power Supply Cooling with no Power Supply |
cat4500e-universalk9.bin cat4500e-universal.SPA.03.04.00.SG.151-2.SG.bin |
WS-C4500X-F-32SFP+ |
Catalyst 4500-X 32 Port 10GE IP Base, Back-to-Front Cooling i.e. Power Supply to Port Side Cooling with no Power Supply |
cat4500e-universalk9.bin cat4500e-universal.SPA.03.04.00.SG.151-2.SG.bin |
WS-C4500X-16SFP+ |
Catalyst 4500-X 16 Port 10GE IP Base, Front-to-Back Cooling i.e. Port Side to Power Supply Cooling with no Power Supply |
cat4500e-universalk9.bin cat4500e-universal.SPA.03.04.00.SG.151-2.SG.bin |
WS-C4500X-F-16SFP+ |
Catalyst 4500-X 16 Port 10GE IP Base, Back-to-Front Cooling i.e. Power Supply to Port Side Cooling with no Power Supply |
cat4500e-universalk9.bin cat4500e-universal.SPA.03.04.00.SG.151-2.SG.bin |
WS-C4500X-24X-IPB |
Catalyst 4500-X 24 Port 10GE IP Base, Front-to-Back Cooling (Power Supplies must be configured) |
cat4500e-universalk9.bin cat4500e-universal.SPA.03.04.00.SG.151-2.SG.bin |
WS-C4500X-40X-ES |
Catalyst 4500-X 40 Port 10G Enterprise Services, Front-to-Back Cooling, No Power Supply |
cat4500e-universalk9.bin cat4500e-universal.SPA.03.04.00.SG.151-2.SG.bin |
WS-C4500X-24X-ES |
Catalyst 4500-X 24 Port 10G Enterprise Services, Front-to-Back Cooling, No Power Supply |
cat4500e-universalk9.bin cat4500e-universal.SPA.03.04.00.SG.151-2.SG.bin |
FRU and OIR FANs |
||
C4KX-FAN-F |
Catalyst 4500-X Back-to-Front Cooling Fan |
- |
C4KX-FAN-R |
Catalyst 4500-X Front-to-Back Cooling Fan |
- |
Power Supply |
||
C4KX-PWR-750AC-F |
Catalyst 4500-X 750W AC Back-to-Front Cooling Power Supply (primary) |
- |
C4KX-PWR-750AC-F/2 |
Catalyst 4500-X 750W AC Back-to-Front Cooling Power Supply (secondary) |
- |
C4KX-PWR-750AC-R |
Catalyst 4500-X 750W AC Front-to-Back Cooling Power Supply (primary) |
- |
C4KX-PWR-750AC-R/2 |
Catalyst 4500-X 750W AC Front-to-Back Cooling Power Supply (secondary) |
- |
C4KX-PWR-750DC-F |
Catalyst 4500-X 750W DC Back-to-Front Cooling Power Supply (primary) |
- |
C4KX-PWR-750DC-F/2 |
Catalyst 4500-X 750W DC Back-to-Front Cooling Power Supply (secondary) |
- |
C4KX-PWR-750DC-R |
Catalyst 4500-X 750W DC Front-to-Back Cooling Power Supply (primary) |
- |
C4KX-PWR-750DC-R/2 |
Catalyst 4500-X 750W DC Front-to-Back Cooling Power Supply (secondary) |
- |
Accessories |
||
CAB-CON-C4K-RJ45 |
Console Cable 6ft with RJ-45-to-RJ-45 |
- |
SD-X45-2GB-E |
Cisco Catalyst 4500 2-GB SD card |
- |
USB-X45-4GB-E |
Cisco Catalyst 4500 4-GB USB device |
- |
C4KX-NM-8SFP+ |
Catalyst 4500-X 8 Port 10GE Network Module |
- |
Software |
||
S45XU-35-1521E |
CAT4500-X Universal Image |
cat4500e-universal.SPA.03.05.00.E.152-1E.bin |
S45XUK9-35-1521E |
CAT4500-X Universal Crypto image |
cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin |
New and Changed Information
These sections describe the new and changed information for Cisco Catalyst 4500-X Series Switches running Cisco IOS XE software:
New Features in Cisco IOS XE Release 3.11.11E
New Software Features
None.
New Features in Cisco IOS XE Release 3.11.10E
New Software Features
None.
New Features in Cisco IOS XE Release 3.11.9E
New Software Features
None.
New Features in Cisco IOS XE Release 3.11.8E
New Software Features
Feature |
Description |
---|---|
Secure Data Wipe |
Introduces support for performing factory reset by using the keyword all secure in the factory-reset command. This option performs data sanitisation and securely resets the device. |
New Features in Cisco IOS XE Release 3.11.7E
None.
New Features in Cisco IOS XE Release 3.11.6E
None.
New Features in Cisco IOS XE Release 3.11.5E
None.
New Features in Cisco IOS XE Release 3.11.4E
None.
New Features in Cisco IOS XE Release 3.11.3aE
New Software Features
Feature |
Description |
||
---|---|---|---|
Support for Type 6 AES Encryption password |
Beginning with this release, you can specify a Type 6 encrypted key for a TACACS Server. The new command is tacacs server key 6 key-name .
|
New Features in Cisco IOS XE Release 3.11.2E
None.
New Features in Cisco IOS XE Release 3.11.1E
New Software Features in IOS XE 3.11.1E
Feature Name |
Description |
---|---|
Support for IPv6 DACL |
This release supports downloadable ACLs for devices with IPv6 address. You can download the authorization policies from the Identity Services Engine (ISE) server. |
New Features in Cisco IOS XE Release 3.11.0E
New Software Features
Feature Name |
Description |
---|---|
SSH File Transfer Protocol Support |
Secure Shell (SSH) includes support for SSH File Transfer Protocol (SFTP), a new standard file transfer protocol introduced in SSHv2. This feature provides a secure and authenticated method for copying device configuration or device image files. |
PVLAN Support with Multicast |
Multicast traffic is now supported with PVLAN. Multicast traffic is routed or bridged across private-VLAN boundaries and within a single community VLAN. |
Cisco IOS XE to Cisco IOS
Each version of Cisco IOS XE has an associated Cisco IOS version:
Cisco IOS XE Version |
Cisco IOS Version |
---|---|
03.1.0SG |
15.0(1)XO |
03.1.1SG |
15.0(1)XO1 |
03.2.0SG |
15.0(2)SG |
03.3.0SG |
15.1(1)SG |
03.3.1SG |
15.1(1)SG1 |
03.4.0SG |
15.1(2)SG |
03.5.0E |
15.2(1)E |
03.6.0E |
15.2(2)E |
03.7.0E |
15.2(3)E |
03.8.0E |
15.2(4)E |
03.8.1E |
15.2(4)E1 |
03.9.0E |
15.2(5)E |
03.10.0E |
15.2(6)E |
03.10.1E |
15.2(6)E1 |
03.10.2E |
15.2(6)E2 |
03.11.0E |
15.2(7)E |
03.11.1E |
15.2(7)E1 |
03.11.1aE |
15.2(7)E1a |
03.11.2E |
15.2(7)E2 |
03.11.3aE |
15.2(7)E3 |
03.11.4E |
15.2(7)E4 |
03.11.5E |
15.2(7)E5 |
03.11.6E |
15.2(7)E6 |
Upgrading the System Software
If you are upgrading to Cisco IOS XE Release 3.9.xE and plan to use VSS, you must upgrade your ROMMON to IOS Version 15.0(1r)SG11.
ISSU is supported on 4500-X in VSS configuration.
Limitations and Restrictions
-
In Cisco IOS XE Release 3.11.3aE and later releases, SSH is enabled by default to connect to networks, and Telnet is disabled by default.
-
TACACS legacy command: Do not configure the legacy tacacs-server host command; this command is deprecated. If the software version running on your device is Cisco IOS XE 3.11.3aE or a later release, using the legacy command can cause authentication failures. Use the tacacs server command in global configuration mode.
-
RADIUS Server legacy command: In Cisco IOS XE Release 3.8.7E, the legacy radius-server host command is deprecated. Use the radius server host command if the software running on your device is Cisco IOS XE Release 3.8.7E or later.
-
During an ISSU downgrade from IOS XE 3.11.1E to IOS XE 03.08.09 version, the standby is loaded with the main image. This is due to failure of configuration synchronization on device tracking and ACL.
Workaround:
-
Before an ISSU downgrade, revert the device-tracking CLI to legacy CLI:
Device# configure terminal Device(config)# device-tracking upgrade-cli revert
-
Before an ISSU downgrade, delete the numbered ACLs from the primary and reapply them after the downgrade process.
-
-
ISSU or Fast Software Upgrade (FSU) limitations:
-
When upgrading to Cisco IOS XE Release 3.11.0E, or Cisco IOS XE Release 3.8.7E, or Cisco IOS XE Release 3.10.2E with ISSU or FSU, if you are using a multi-Gigabit Ethernet linecard, reload the linecard after the upgrade to avoid interface issues.
-
When downgrading from Cisco IOS XE Release 3.11.0E and later, or Cisco IOS XE Release 3.8.7E and later, or Cisco IOS XE Release 3.10.2E and later with ISSU or FSU, if you are using a multi-Gigabit Ethernet linecard, reload the linecard after upgrade to avoid interface issues.
-
-
Starting with Cisco IOS XE Release 3.9.0E, Secure Shell (SSH) Version 1 is deprecated. Use SSH Version 2 instead.
-
The maximum MTE supported on Catalyst 4500 switches is 8000, per direction.
-
Although the show memory command is supported on Catalyst 4500 series switches, the CLI output for the command shows the value 0 for config total, on Catalyst 4500 series switches using a daughter card on Supervisor Engine 7-E. This issue is, however, not seen on switches with Supervisor Engine 7-E baseboard. (CSCup28930)
-
The system allows you to delete policy maps related to these Auto QoS profiles:
-
Auto QoS enterprise
-
Auto QoS guest
-
blank.gif Auto QoS voice
The problem is seen on a Catalyst 4500 series switch running Cisco IOS-XE release 3.7.0E, when you configure QoS using Auto Qos and you try to delete an Auto QoS profile related policy map.
Workaround : To recover the deleted policy-map, remove all the policies related to that profile, remove Auto QoS configuration from the WLAN, and then reconfigure Auto QoS.
-
-
Dot1x PEAP based authentication for wireless clients on Supervisor Engine 8-E is 3 auths/sec.
-
Indirectly connected access points are not supported. Only access points directly connected to a trunk or access port is supported. On connecting more than one AP the following error message will be seen:
3. Dec 5 03:57:24.121: %CAPWAP-3-ONE_AP_PER_PORT: AP (mac:6c20.56a6.4fc4) is not allowed on port:Po2. Only one AP per port is allowed.
-
RPR mode cannot be configured when Supervisor Engine 8-E is booted in wireless mode.
-
Flow Sampling is not supported on Supervisor Engine 8-E.
-
Supported QoS features on wireless targets: The detailed QoS policy is the same as mentioned here, except that the port policy cannot be changed because it is a DC-interconnect port.
-
VSS: Do not use SVLAN for routing in SP network on ingress switch (where the mapping is present). This is not an valid scenario.
-
VSS is not supported in Wireless mode, on Supervisor Engine 8-E.
-
Wired guest access does not work on Supervisor Engine 8-E, in multi-host or multi-authentication mode.
-
The show exception files all command lists only crashinfo files from the active supervisor engine. You must issue the dir slavecrashinfo: and dir slvecrashinfo-dc: commands to obtain lists of crashinfo files from the standby supervisor engine.
-
Performing an ISSU from a prior release to IOS XE 3.6.0E is not supported.
-
The WS-X4712-SFP+E module is not supported in the WS-C4507R-E or WS-C4510R-E chassis and does not boot. This module is supported in the WS-C4503-E, WS-C4506-E, WS-C4507R+E, and WS-C4510R+E chassis.
-
More than 16K QoS policies can be configured in software. Only the first 16K are installed in hardware.
-
Adjacency learning (through ARP response frames) is restricted to roughly 1000 new adjacencies per second, depending on CPU utilization. This should only impact large networks on the first bootup. After adjacencies are learned, they are installed in hardware.
-
Multicast fastdrop entries are not created when RPF failure occurs with IPv6 multicast traffic. In a topology where reverse path check failure occurs with IPv6 multicast, this may cause high CPU utilization on the switch.
-
The SNMP ceImageFeature object returns a similar feature list for all the three license levels (LAN Base, IP Base, and EntServices). Although the activated feature set for a universal image varies based on the installed feature license, the value displayed by this object is fixed and is not based on the feature license level.
-
Standard TFTP implementation limits the maximum size of a file that can be transferred to 32 MB. If ROMMON is used to boot an IOS image that is larger than 32 MB, the TFTP transfer fails at the 65,xxx datagram.
TFTP numbers its datagrams with a 16 bit field, resulting in a maximum of 65,536 datagrams. Because each TFTP datagram is 512 bytes long, the maximum transferable file is 65536 x 512 = 32 MB. If both the TFTP client (ROMMON) and the TFTP server support block number wraparound, no size limitation exists.
Cisco has modified the TFTP client to support block number wraparound. So, if you encounter a transfer failure, use a TFTP server that supports TFTP block number wraparound. Because most implementations of TFTP support block number wraparound, updating the TFTP daemon should fix the issue.
-
An XML-PI specification file entry does not return the desired CLI output.
The outputs of certain commands, such as show ip route and show access-lists, contain non-deterministic text. While the output is easily understood, the output text does not contain strings that are consistently output. A general purpose specification file entry is unable to parse all possible output.
Workaround (1):
While a general purpose specification file entry may not be possible, a specification file entry might be created that returns the desired text by searching for text that is guaranteed to be in the output. If a string is guaranteed to be in the output, it can be used for parsing.
For example, the output of the show ip access-lists SecWiz_Gi3_17_out_ip command is this:
Extended IP access list SecWiz_Gi3_17_out_ip 10 deny ip 76.0.0.0 0.255.255.255 host 65.65.66.67 20 deny ip 76.0.0.0 0.255.255.255 host 44.45.46.47 30 permit ip 76.0.0.0 0.255.255.255 host 55.56.57.57
The first line is easily parsed because access list is guaranteed to be in the output:
<Property name="access list" alias="Name" distance="1.0" length="-1" type="String" />
The remaining lines all contain the term host. As a result, the specification file may report the desired values by specifying that string. For example, this line
<Property name="host" alias="rule" distance="s.1" length="1" type="String" />
produces the following for the first and second rules
<rule> deny </rule>
and the following for the third statement
<rule> permit <rule>
Workaround (2):
Request the output of the show running-config command using NETCONF and parse that output for the desired strings. This is useful when the desired lines contain nothing in common. For example, the rules in this access list do not contain a common string and the order (three permits, then a deny, then another permit), prevent the spec file entry from using permit as a search string, as in the following example:
Extended MAC access list MACCOY permit 0000.0000.ffef ffff.ffff.0000 0000.00af.bcef ffff.ff00.0000 appletalk permit any host 65de.edfe.fefe xns-idp permit any any protocol-family rarp-non-ipv4 deny host 005e.1e5d.9f7d host 3399.e3e1.ff2c dec-spanning permit any any
The XML output of show running-config command includes the following, which can then be parsed programmatically, as desired:
<mac><access-list><extended><ACLName>MACCOY</ACLName></extended></access-list></mac> <X-Interface> permit 0000.0000.ffef ffff.ffff.0000 0000.00af.bcef ffff.ff00.0000 appletalk</X-Interface> <X-Interface> permit any host 65de.edfe.fefe xns-idp</X-Interface> <X-Interface> permit any any protocol-family rarp-non-ipv4</X-Interface> <X-Interface> deny host 005e.1e5d.9f7d host 3399.e3e1.ff2c dec-spanning</X-Interface> <X-Interface> permit any any</X-Interface>
CSCtg93278
-
When attaching a existing policy-map (that is already applied to a control-port) to another front-panel port, the following message displays:
The policymap <policy-map name> is already attached to control-plane and cannot be shared with other targets.
Workaround: Define a policy-map with a different name and then reattach. CSCti26172
-
If the number of unique FNF monitors attached to target exceeds 2048 (one per target), a switch responds slowly:
Workarounds:
– Decrease the number of monitors.
– Attach the same monitor to multiple targets. CSCti43798
-
ciscoFlashPartitionFileCount object returns an incorrect file count for bootflash:, usb0:, slot0:, slaveslot0:, slavebootflash:, and slaveusb0:.
Workaround: Use the dir device command (for example, dir bootflash:) to obtain the correct file count. CSCti74130
-
If multicast is configured and you make changes to the configuration, Traceback and CPUHOG messages are displayed if the following conditions exist:
– At least 10K groups and roughly 20K mroutes exist.
– IGMP joins with source traffic transit to all the multicast groups.
This is caused by the large number of updates generating SPI messages that must be processed by the CPU to ensure that the platform is updated with the changes in all the entries.
Workaround: None. CSCti20312
-
With traffic running, entering clear ip mroute * with larger number of mroutes and over 6 OIFs causes Malloc Fail messages to display.
You cannot clear a large number of mroutes at one time when traffic is still running.
Workaround: Do not clear all mroutes at once.
CSCtn06753
-
Although you can configure subsecond PIM query intervals on Catalyst 4500 platforms, such an action represents a compromise between convergence (reaction time) and a number of other factors (number of mroutes, base line of CPU utilization, CPU speed, processing overhead per 1 m-route, etc.). You must account for those factors when configuring subsecond PIM timers. We recommend that you set the PIM query interval to a minimum of 2 seconds. By adjusting the available parameters, you can achieve flawless operation; that is, a top number of multicast routes per given convergence time on a specific setup.
-
Energywise WOL is not “waking up” a PC in hibernate or standby mode.
Workaround: None. CSCtr51014
-
The ROMMON version number column in the output of show module command is truncated.
Workaround: Use the show version command. CSCtr30294
-
IP SLA session creation fails randomly for various 4-tuples.
Workaround: Select an alternate destination or source port. CSCty05405
-
The system cannot scale to greater than 512 SIP flows with MSP and metadata enabled.
Workaround: None. CSCty79236
-
On the following linecards running IOS XE Release 3.2.3:
– 10/100/1000BaseT Premium POE E Series WS-X4648-RJ45V+E (JAE1348OY52)
– 4 Sup 7-E 10GE (SFP+), 1000BaseX (SFP) WS-X45-SUP7-E (CAT1434L0G4)
the following restrictions apply:
– Sub-interfaces are not supported on 1 Gigabit and Ten-Gigabit interfaces.
– Port-channel members do not support multiple classification criteria for a QoS policy.
– CEF is disabled automatically when uRFP is enabled and TCAM is fully utilized.
-
When either the RADIUS-server test feature is enabled or RADIUS-server dead-criteria is configured, and either RADIUS-server deadtime is set to 0 or not configured, the RADIUS-server status is not properly relayed to AAA.
Workaround: Configure both dead-criteria and deadtime.
radius-server dead-criteria radius-server deadtime
CSCtl06706
-
If you use the quick option in the issu changeversion command, the following might occur:
– Links flap for various Layer 3 protocols.
– A traffic loss of several seconds is observed during the upgrade process.
Workaround: Do not use the quick option with the issu changeversion command. CSCto51562
-
While configuring an IPv6 access-list, if you specify hardware statistics as the first statement in v6 access-list mode (i.e. before issuing any other v6 ACE statement), it will not take effect. Similarly, your hardware statistics configuration will be missing from the output of the show running command.
You will not experience this behavior with IPv4 access lists.
Workaround: During IPv6 access-list configuration, configure at least one IPv6 ACE before the "hardware statistics" statement. CSCuc53234
-
Routed packets that are fragmented are not policed if the egress interface is on the VSS Standby switch. However, if the egress interface is on the VSS Active switch, these packets are policed.
This applies to QoS policing only. QoS marking, shaping and sharing behave as expected.
Workaround: None. CSCub14402
-
When an IPv6 FHS policy is applied on a VLAN and an EtherChannel port is part of that VLAN, packets received by EtherChannel (from neighbors) are not bridged across the local switch.
Workaround: Apply FHS policies on a non EtherChannel port rather than a VLAN. CSCua53148
-
During VSS conversion, the switch intended as the Standby device may require up to 9 minutes to reach an SSO state. The boot up time depends on the configuration and on the number of line cards in the system.
Workaround: None. CSCua87538
-
Dual connectors (like, an SFP+ transceiver inserted into a CVR-X2-SFP10G module) on the WS-X4606-X2-E line card are not supported as a VSL.
Workaround: Use any X2-pluggable module on its own in the WS-X4606-X2-E line card. CSCuc70321
-
Memory allocation failures can occur if more than 16K IPv6 multicast snooping entries are present.
Workaround: None. CSCuc77376
-
The show interface capabilities command output does not show the correct linecard model.
Workaround: Observe the show module command output. CSCua79513
-
Beginning with IOS Release XE 3.5.0E, error messages that occur when a QoS policy is applied will no longer appear directly on the console when no logging console is configured. They will appear only when a logging method is active (e.g., logging buffered, logging console, …).
Workaround: None. CSCuf86375
-
Setting a cos value based on QoS group triggers the following error message in a VSS system
set action fail = 9
Workaround: None. QoS groups are not supported in VSS. CSCuc84739
-
Auto negotiation cannot be disabled on the Fa1 port. It must be set to auto/auto, or fixed speed with duplex auto.
-
The following messages are seen during boot up after POST check.
Rommon reg: 0x00004F80 Reset2Reg: 0x00000F00 Image load status: 0x00000000 ##### Snowtrooper 220 controller 0x0430006E..0x044E161D Size:0x0057B4C5 Program Done! ######################### [ 6642.974087] pci 0000:00:00.0: ignoring class b20 (doesn't match header type 01) Starting System Services Calculating module dependencies... Loading rtc-ds1307 RTNETLINK answers: Invalid argument No Mountpoints DefinedJan 17 09:48:14 %IOSXE-3-PLATFORM: process sshd[5241]: error: Bind to port 22 on :: failed: Address already in use Starting IOS Services Loading virtuclock as vuclock Loading gsbu64atomic as gdb64atomic /dev/fd/12: line 267: /sys/devices/system/edac/mc/edac_mc_log_ce: No such file or directory Aug 8 20:30:29 %IOSXE-3-PLATFORM: process kernel: mmc0: Got command interrupt 0x00030000 even though no command operation was in progress. Aug 8 20:30:29 %IOSXE-3-PLATFORM: process kernel: PME2: fsl_pme2_db_init: not on ctrl-plane
These messages are cosmetic only, and no ssh services are available unless configured within IOS.
Workaround: None CSCue15724
-
When a logging discriminator is configured and applied to a device, memory leak is seen under heavy syslog or debug output. The rate of the leak is dependent on the quantity of logs produced. In extreme cases, the device may crash. As a workaround, disable the logging discriminator on the device (CSCur45606, CSCur28336).
Caveats
Caveats describe unexpected behavior in Cisco IOS-XE releases. Caveats listed as open in a prior release are carried forward to the next release as either open or resolved.
Cisco Bug Search Tool
The Cisco Bug Search Tool (BST) allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The BST is designed to improve the effectiveness in network risk management and device troubleshooting. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.
To view the details of a caveat, click on the identifier.
Open Caveats in Cisco IOS XE Release 3.11.11E
None.
Resolved Caveats in Cisco IOS XE Release 3.11.11E
Caveat ID Number |
Description |
---|---|
CSCwk06051 |
Issue when upgrading with ISSU from any release to 3.11.10 |
Open Caveats in Cisco IOS XE Release 3.11.10E
None.
Resolved Caveats in Cisco IOS XE Release 3.11.10E
Caveat ID Number |
Description |
---|---|
CSCwf54007 |
Cisco IOS and IOS XE Software IS-IS Denial of Service Vulnerability |
CSCwe55871 |
Cisco IOS and Cisco IOS XE Software Command Authorization Bypass Vulnerability |
Open Caveats in Cisco IOS XE Release 3.11.9E
None.
Resolved Caveats in Cisco IOS XE Release 3.11.9E
Caveat ID Number |
Description |
---|---|
CSCwh38827 |
C4500X: Traffic impacted via tunnel when upgrading to 3.11.x version |
Open Caveats in Cisco IOS XE Release 3.11.8E
None.
Resolved Caveats in Cisco IOS XE Release 3.11.8E
Caveat ID Number |
Description |
---|---|
CSCwa34310 |
Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Client Denial of Service Vulnerability |
Open Caveats in Cisco IOS XE Release 3.11.7E
None.
Resolved Caveats in Cisco IOS XE Release 3.11.7E
Caveat ID Number |
Description |
---|---|
CSCvp12187 | Standby switch crash because of memory leak due to Switch Integrated security feature. |
CSCwc66348 | RBACL not downloaded on previously shutdown port. |
DHCPv6: Memory allocation of DHCPv6 relay option results in crash. |
|
Cisco IOS and IOS XE Software SSH Denial of Service Vulnerability. |
|
Cisco IOS and IOS XE Software Common Industrial Protocol Request Denial of Service Vulnerability. |
Open Caveats in Cisco IOS XE Release 3.11.6E
None.
Resolved Caveats in Cisco IOS XE Release 3.11.6E
Caveat ID Number |
Description |
---|---|
CSCwa22165 | Incorrect access list logging during SSH session. |
CSCvz22651 | Memory leak due to csmControllerStatistics on Cisco Catalyst 4000 Series Switches. |
CSCvz09717 | Cisco Catalyst 4500 -PC connected to a standby VSS switch is not getting the IP address post user authentication. |
CSCvz42464 | Cisco QSFP-40G-LR4 incompatible with WS-X45-SUP9-E. |
Open Caveats in Cisco IOS XE Release 3.11.5E
None.
Resolved Caveats in Cisco IOS XE Release 3.11.5E
Caveat ID Number |
Description |
---|---|
link debounce CLI disappears when shut member port in LAG. |
|
C4500X TX-Queue zeroed out on VSL. |
|
Intermittent working of PBR on 4500 with GRE tunnel as next hop. |
|
ZTP fails to configure c4500e with dual-SUP when in-band port are used to reach the DHCP/TFTP server. |
|
Segmentation fault in CMI IOSd task when running multicast. |
|
once posture ACL is un-installed (post CoA), open-dir-acl wont get applied. |
|
EAP-MSCHAPv2 isn't compliant with response size. |
|
Catalyst Switch crashes @ sisf_sw_policy_detach_target. |
|
RxErrorBytes on certain superports following an LC reload. |
|
C4510RE Etherchannel ports on dual Supervisors go to suspended mode after switchover. |
|
Switch crashes due to "HTTP Core". |
|
Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability. |
Open Caveats in Cisco IOS XE Release 3.11.4E
Caveat ID Number |
Description |
---|---|
Intermittent working of PBR on 4500 with GRE tunnel as next hop |
|
Segmentation fault in CMI IOSd task when running multicast |
|
once posture ACL is un-installed (post CoA), open-dir-acl wont get applied |
|
C4500 relay agent drops DHCP offer when certain relay agent settings configured |
Resolved Caveats in Cisco IOS XE Release 3.11.4E
Caveat ID Number |
Description |
---|---|
GLC-T /TE not linking up sometimes on BOOTUP |
|
3.11.2 - Cat4500X may crash unexpected when trying to program IPv6 to SGT mapping |
|
IPDT probe uses physical interface MAC as source instead of SVI MAC in 3.11.x release |
|
4500x in VSS may see VSL links in an up/down state after reboot when using Twin-ax cables |
|
TACACS not working if TACACS group server has "server-private <ip> key <passw>" in 15.2(7)E3/3.11.3E |
|
Stack Member Switch fails wired dot1x; MasterSwitch passes dot1x using the same configs |
|
Cat4K multicast stop after REP node power cycle |
|
K5L2 crash while fetching RET entry due to NULL entry. |
|
Tracebacks seen after ISSU upgrade from 3.8.8 to 3.11.2E on 4500 |
Open Caveats in Cisco IOS XE Release 3.11.3aE
Caveat ID Number |
Description |
---|---|
GLC-T /TE not linking up sometimes on BOOTUP |
|
Interface does not come up when monitor session is removed |
Resolved Caveats in Cisco IOS XE Release 3.11.3aE
Caveat ID Number |
Description |
---|---|
1G CTS enabled links from Cat4K experience instability |
|
%C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: packets are forwarded to clients |
|
Not able to scale beyond about 8K SGACLs on 4500, Traceback thrown for installation failure |
|
C4500 Standby VSS Switch Crashing at XDR receive process |
|
SGT propagation fails after sup failover |
|
HTTP redirect doesn't work on 152-7.E1 |
|
c4500x VSS standby switch rapid memory exhaustion in IOSd due to process "MFIB_Cable" |
|
GLC-TE on Cat4500X VSS sometimes may not link up after reload |
|
Switches downstream of a Cat4k using 1g ports may see giants in the form of 1526B frames |
|
C4500 No STP PVID inconsistent state when there is native vlan mismatch |
|
Cisco IOS and IOS XE Software Information Disclosure Vulnerability |
|
VTY telnet disable, enable ssh based on platform request |
Open Caveats in Cisco IOS XE Release 3.11.2E
Caveat ID Number |
Description |
---|---|
c4500x VSS standby switch rapid memory exhaustion in IOSd due to process "MFIB_Cable" |
|
Cat4500X VSS may crash unexpected when program ACL's to TCAM |
|
GLC-TE on Cat4500X VSS sometimes may not link up after reload |
Resolved Caveats in Cisco IOS XE 3.11.2E
Caveat ID Number |
Description |
---|---|
4500X : GLC-TE sometimes may not link up after reload |
|
"vlan internal allocation policy" not displayed in show running-config all |
|
Sup7L-E crash with "show platform hardware qos interface cpu tx-queue [dbl | scheduling]" command |
|
DACL sent by the server that is not processed correctly by the switches 4500 |
|
DHCPv6 does not work due to LDRA |
Resolved Caveats in Cisco IOS XE 3.11.1aE
Caveat ID Number |
Description |
---|---|
Self-signed certificates expire on 00:00 1 Jan 2020 UTC, can't be created after that time |
Open Caveats in Cisco IOS XE Release 3.11.2E
Caveat ID Number |
Description |
---|---|
c4500x VSS standby switch rapid memory exhaustion in IOSd due to process "MFIB_Cable" |
|
Cat4500X VSS may crash unexpected when program ACL's to TCAM |
|
GLC-TE on Cat4500X VSS sometimes may not link up after reload |
Resolved Caveats in Cisco IOS XE 3.11.1E
Caveat ID Number |
Description |
---|---|
Device stuck on 4500X VSS during Rommon version upgrade |
|
Crash due null pointer after CISCO SFP failed the Gbic Integrity Check |
|
Crash while polling of dot1dStaticEntry |
|
Upgrade to 3.8.6 continuously reloads STANDBY supervisor in VSS |
|
GLC-T Not Functioning in Ports 1, 5, 9, 13 on 4500X-16 in VSS standby |
|
AFTER ADDING NEW VLAN IN REP SEGMENT THERE IS A LAYER 2 LOOP |
|
4500 forwards traffic on BKN interface |
|
Missing PBr config cuases crash on L3 rewrite |
|
VSS switchover results in REP failure warnings |
|
Can't ISSU from 3.8.6E to 3.10.2E due to an inconsistency between the Active and Standby |
|
Cat4510 SUP8E - Active crashing while DFE training on Standby SUP |
|
WS-C4510R+E / Dual WS-X45-SUP8-E / Crash when configuring flow exporter |
|
CAT 4K Crashes Due to Watchdog Timeout When Opening Console TTY Session |
|
Crash due to invalid entry in FIB Adjacency Table. |
|
4500X with ACL config will crash when copying configuration |
|
H/W mac address table learn wrong mac on C4500X VSS with active Flexlink shut/no shut |
|
Cat4500 crashes due to multicast |
|
4500X with GLC-TE sometimes may not link up after reload on 3.11.0E |
|
Unable to generate RSA keys as long as a 46xx module ins installed in the chassis with SUP9 |
|
C4500 03.11.00.E (15.2(7)E) SNMP crash due to mediatrace config |
|
DACL abnormal remove due to SISF. |
|
SNMP Mac Move notification trap displays same interface ID for FromPortId and ToPortId |
|
Multi-gig ports having connectivity issues on 4507/4510 switches on 3.11 code |
|
Commands returning invalid PRC |
|
Crash is observed after OIR or module reset of Mortis-CR PPLT linecards |
|
Incorrect CTS tag sticks to flow, even when that tag is no more seen with flow |
Open Caveats in Cisco IOS XE Release 3.11.0E
Caveat ID Number |
Description |
---|---|
Crash while polling of dot1dStaticEntry |
|
QuadSup VSS : Standby goes to disabled mode after 2nd switchover |
Resolved Caveats in Cisco IOS XE 3.11.0E
Caveat ID Number |
Description |
---|---|
4500 forwards traffic on BKN interface |
|
Cat4500 switch reboots unexpectedly after certain Netflow configuration is pushed via SSH |
|
Missing PBR config causes crash on L3 rewrite |
|
Catalyst 4500 - CTS policy is not deleted in Hardware eventhough it is actually deleted. |
|
VSS switchover results in REP failure warnings |
|
Cat4510 SUP8E - Active crashing while DFE training on Standby SUP |
Related Documentation
Refer to the Cisco Catalyst 4500-X Series Switches Documentation Home for information:
Hardware Documents
Installation guides and notes including specifications and relevant safety information are available at the following URLs:
-
Regulatory Compliance and Safety Information for the Catalyst 4500 Series Switches
-
Installation notes for specific supervisor engines or for accessory hardware are available at:
http://www.cisco.com/en/US/products/hw/switches/ps4324/prod_installation_guides_list.html
-
Catalyst 4500-X hardware installation information is available at:
http://www.cisco.com/en/US/products/ps12332/prod_installation_guides_list.html
Software Documentation
Software release notes, configuration guides, command references, and system message guides are available at the following URLs:
-
Release Notes—Cisco IOS Release Notes for the Catalyst 4500-X Series Switches are available at:
http://www.cisco.com/en/US/products/ps12332/prod_release_notes_list.html
-
Guides—The Catalyst 4500-X Series Switches, and the Catalyst 4500-E Series Switches, leverage the same software configuration guide and command reference guide:
– Software Configuration Guides:
– Command Reference Guides: http://www.cisco.com/en/US/products/hw/switches/ps4324/prod_command_reference_list.html
Cisco IOS Documentation
Platform- independent Cisco IOS documentation is available at the following URLs:
-
Cisco IOS configuration guides, Cisco IOS XE Release 3E: http://www.cisco.com/c/en/us/support/ios-nx-os-software/ios-xe-3e/products-installation-and-configuration-guides-list.html
-
Cisco IOS Master Command List. All Releases: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mcl/allreleasemcl/all-book.html
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business results you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco DevNet.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.